RISKS-LIST: Risks-Forum Digest Wednesday 1 August 2012 Volume 26 : Issue 96 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/26.96.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: More on election risks: Brennan Center study (PGN) Internet Voting Systems at Risk (Martha T, Moore via ACM TechNews) Oakland police radios fail during Obama visit (Jaxon Van Derbeken via Paul Saffo) Startup claims 80% of its Facebook clicks are bots, not people (Mark Thorson) Dropbox confirms it got hacked, will offer two-factor authentication (Jon Brodkin via Monty Solomon) Attack against Microsoft scheme puts hundreds of crypto apps at risk (Dan Goodin via Monty Solomon) "Microsoft hits Java where it hurts" (Woody Leonhard via Gene Wirchenko) Attack against Microsoft scheme puts hundreds of crypto apps at risk (ars technica via Lauren Weinstein) Google Failed to Delete All Street View Data, Drawing U.K. Ire (Monty Solomon) Chief developer quits OAuth2.0: I failed, We failed (jidanni) Hacking attacks on printers still not being taken seriously (Mark Piesing via Monty Solomon) General warns of dramatic increase in cyber-attacks on U.S. firms (Lauren Weinstein) Don't believe the Skype: it may not be as private as you might think (Dan Gillmor via Lauren Weinstein) Is This Anonymous Group Behind the New York Times WikiLeaks Hoax? (Lauren Weinstein) "First strain on Olympic networks seen" (Brandon Butler via Gene Wirchenko) Don't tweet if you want TV, London fans told (Reuters) Re: Olympics security poster 'gibberish' (Jeremy Epstein) World Wide Web - Inventor (Chris J Brady) Re: Who Really Invented the Internet? (Larry Press) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 1 Aug 2012 9:20:19 PDT From: "Peter G. Neumann" <neumann_at_private> Subject: More on election risks: Brennan Center study New Brennan Center study outlines how officials can cure election design defects, save votes Several hundred thousand votes lost from design flaws in recent elections: http://www.brennancenter.org/content/resource/study-design-flaws-contribute-to-hundreds-of-thousands-of-lost-votes-in-recent-elections.html BrennanCenter study http://ow.ly/cBYyB #votingrights DESIGN FLAWS CONTRIBUTE TO HUNDREDS OF THOUSANDS OF LOST VOTES IN RECENT ELECTIONS Report Details Major Ballot Design Problems, Proposes Non-Partisan Solutions Contact: Erik Opsal, erik.opsal_at_private 1-646-292-8356 Design defects in ballots, voter instructions, and voting machines contributed to the loss of several hundred thousand votes in the most recent national elections, a new Brennan Center for Justice study found. http://www.brennancenter.org/content/resource/better_design_better_elections In addition, the report notes that in the 2008 and 2010 general elections combined, as many as 400,000 people had their absentee or provisional ballot rejected because they made technical mistakes completing forms or preparing and returning the envelope. Poor design increases the risk of lost or misrecorded votes among all voters, but the risk is even greater for particular groups, including low-income voters, and the elderly. The comprehensive study outlines simple measures election officials can take before November to cure design defects and ensure every voter can cast a ballot that counts. View a slideshow of design flaws and solutions in recent national elections. http://www.brennancenter.org/page/-/Democracy/VRE/Better_Design_Slideshow.pdf "In the age of smartphones and tablets, many have realized the importance of good design and usability, but American elections are still marred by major design problems, " said Lawrence Norden, deputy director of the Center's Democracy Program and co-author of Better Design, Better Elections. "The rise of absentee and provisional voting since 2000 has made ballot design in our elections even more important. If a voter takes the responsibility to vote, election officials must do everything in their power to make sure that vote counts." The Brennan Center's report details four design and usability problems in 2008 and 2010. Here are a few select examples: Problem 1: Ballot Layouts that Invite Overvotes or Undervotes * In East St. Louis, IL in 2008, the ballot design led 1 in 10 voters to skip the U.S. Senate contest by mistake because of an inadequate header identifying the race. More than twice as many votes were lost in East St. Louis than the rest of the state. The Brennan Center's revised ballot (page 17) could have saved many hundred votes. Problem 2: Poor Voter Instructions * In the governor's contest in Ohio in 2010, several counties reported unusually high numbers of voters selecting more than one candidate. The culprit appears to be the instructions, which state "select the set of joint candidates of your choice." In Cuyahoga County alone, more than 2,000 voters did not have their vote for governor counted because they selected more than one gubernatorial candidate. The Brennan Center's suggestion for revising the instruction appears on page 25. Problem 3: Unclear Voting Machine Messages * Tens of thousands of votes were not counted in 13 Florida counties in 2008 and in New York State in 2010 because of ineffective overvote warnings. If a voter selected too many candidates in a race, a confusing error message appeared. If the voter pressed the green "Accept" button, marked with a check, the ballot would be cast with the overvote, and the vote would be lost. The Brennan Center's suggested fixes appear on pages 27 and 28. Problem 4: Difficult Absentee and Provisional Ballot Envelopes * In Minnesota in 2008, nearly 4,000 absentee ballots were not counted because the envelope was not signed. Recognizing the problem, the Minnesota Secretary of State's office worked with design, usability, and plain language experts in 2009 and 2011 to improve the ballot envelope. The changes made to the envelope can be found on pages 31 and 33. "The design flaws that this report documents are not difficult or unknown problems," said Whitney Quesenbery, co-author of the report and a user experience researcher. "I hope that this stark evidence of lost votes inspires every election official to follow good design principles, and test their work to be sure that voters understand how to fill out forms and mark their ballots so their votes will be counted." As election officials finalize ballots and other election forms in the next several weeks, the Brennan Center's report recommends several simple measures that can be taken to ensure votes are counted accurately. Election officials should: 1. Review data on lost votes to determine what problems they may encounter in November. 2. Create a checklist of design best practices to make ballots and other election materials better organized and easily comprehensible. 3. Conduct usability testing to uncover potential problems that may arise. 4. Make voters aware of potential problems if those issues cannot be addressed before the election. The Center's study provides four case studies that demonstrate the powerful impact usability testing, voter education, and other corrective action before an election can have in reducing voter error in elections (beginning on page 36). For all the latest voting rights news, view the Brennan Center's Election 2012 page <http://www.brennancenter.org/content/election2012>. Brennan Center for Justice at NYU School of Law | 161 Avenue of the Americas, 12th Floor | New York, NY 10013 | 646.292.8310 phone | 212.463.7308 fax brennancenter_at_private Erik Opsal at erik.opsal_at_private 646-292-8356. [See also http://www.nytimes.com/2012/08/01/us/voting-systems-plagues-go-far-beyond-identification.html] ------------------------------ Date: Wed, 25 Jul 2012 12:17:14 -0400 From: ACM TechNews <technews_at_private> Subject: Internet Voting Systems at Risk (Martha T. Moore) Martha T. Moore, *USA Today*, 25 Jul 2012, via ACM TechNews Online voting systems set up by many states are vulnerable to hacking when they allow voters to return ballots online, via email, or Internet fax, according to a new report from the Verified Voting Foundation and Common Cause Education Fund. The report says all states should require overseas ballots to be mailed in because even faxed ballots cannot be independently audited. The report also rates states based on their ability to accurately count votes. The report found that Colorado, Delaware, Kansas, Louisiana, Mississippi, and South Carolina are the least prepared in terms of handling voter problems, while Minnesota, New Hampshire, Ohio, Vermont, and Wisconsin are the most prepared. "The security environment is not what it needs to be to cast ballots over the Internet," says the Common Cause's Voting Integrity Campaign's Sussanah Goodman. West Virginia launched a pilot program in 2010 to enable troops overseas to vote via a secure Web site. The program boosted voter participation for absentee ballots from 58 percent to 76 percent. http://www.usatoday.com/NEWS/usaedition/2012-07-25-State-Voting-study_ST_U.htm ------------------------------ Date: Thu, 26 Jul 2012 17:09:20 -0700 From: Paul Saffo <paul_at_private> Subject: Oakland police radios fail during Obama visit (Jaxon Van Derbeken) Oakland's system is a special case because of bad design, but this points up the risks of all of the new digital trunked systems. Jaxon Van Derbeken <jvanderbeken_at_private>, *San Francisco Chronicle*, 25 Jul 2012 A major portion of Oakland's troubled police radio system failed shortly after President Obama's visit on 23 Jul 2012, leaving many of the 100 officers assigned to handle presidential security unable to communicate as protesters roamed the streets. "The guys downtown couldn't talk to one another," said Barry Donelan, head of the Oakland Police Officers Association. "It was a train wreck," said Lt. Fred Mestas, who was on duty downtown during and after Obama's speech at a fundraiser at the Fox Theater. Police said officers were suffering sporadic communications problems throughout the time Obama was inside the Fox on Telegraph Avenue, as well as before and afterward. At one point, Mestas said, officers couldn't talk to the Police Department's dispatch center. "That lasted about 30 minutes," Mestas said. "When you have the president there, 30 seconds is too long." Problems worsen The communications issues became severe around 10 p.m., about an hour after Obama left Oakland, city officials said. At that point, police were keeping an eye on demonstrators who had protested during Obama's visit and lingered after he left, occasionally blocking streets. The protests proved to be largely peaceful. "Any radio failure puts officers at risk, but this was a critical situation to provide safety and security for the president and the public," said Donelan, whose union has been outspoken about the radio system's problems. The year-old system has been plagued by breakdowns and dead zones that have left officers' digital radios prone to blackouts across the city and in most commercial buildings, including the basement of police headquarters. A city-hired consultant said last week that the system was not up to urban standards. Regional option The city has so far rejected joining forces with an Alameda-Contra Costa counties regional authority composed of 40 other police and firefighting agencies that is building its own radio system. City Administrator Deanna Santana said she needs to know more about the costs and benefits of the regional network before recommending to the City Council whether to drop Oakland's system. Oakland paid $18 million for the radio system when it became operational last year, largely using grant money. The city built it in consultation with the Richmond office of Dailey and Wells, the local representative for the radio system manufacturer, Harris Corp. of Florida. According to city officials, the problems Monday night were caused by the failure of a cooling unit used on a transmission tower at Gwin Reservoir in the Oakland hills. The tower overheated, causing "severe" communications problems after 10 p.m., said Sgt. Chris Bolton, chief of staff for Police Chief Howard Jordan. The problem was diagnosed by about 12:30 a.m. Tuesday. Fixed next day Karen Boyd, spokeswoman for the city, said the unit was less than 6 months old and that the vendor, Emerson Network Systems, "took full responsibility" for the breakdown. The cooling unit was replaced by midday, but service was not fully restored until about 6 p.m. Tuesday, Bolton said. In the meantime, officers in and around downtown continued to have communications problems. Bolton said he was on duty Monday night and was among those who had trouble contacting fellow officers. "Obviously, we want a reliable radio system," he said. Donelan called the police radio network "inadequate." "It's touch and go every day with this system," Donelan said. "It just happened that one of the antennas went down when the president of the United States was here." Regional system Bill McCammon, executive director of the regional authority building its own network, said city officials reached out to him the day after Obama's visit and want to meet next week about the interagency system, which will be fully functional in September. "We're eager to work with them," McCammon said. Pleasant Hill Police Chief Pete Dunbar, a former Oakland police officer who is on the regional system's board, said he hopes the episode will help persuade the city to join its neighbors' transmission network. "When you have the president of the United States in town and your system goes down," he said, "you wonder what could happen next." Dunbar added, "These stories (about failures) go on and on. But for the grace of God, nobody has gotten hurt. But if you keep this up, it's just a matter of time." http://www.sfgate.com/default/article/Oakland-police-radios-fail-during-Obama-visit-3736022.php ------------------------------ Date: Tue, 31 Jul 2012 18:46:34 -0700 From: Mark Thorson <eee_at_private> Subject: Startup claims 80% of its Facebook clicks are bots, not people A startup instrumented their website to determine why only about 20% of visitors from Facebook clicks had javascript turned on. They claim to have determined that the other 80% appear to be bots. They were being charged for these clicks, so they've decided to leave Facebook. http://techcrunch.com/2012/07/30/startup-claims-80-of-its-facebook-ad-clicks-are-coming-from-bots ------------------------------ Date: Wed, 1 Aug 2012 09:28:08 -0400 From: Monty Solomon <monty_at_private> Subject: Dropbox confirms it got hacked, will offer two-factor authentication (Jon Brodkin) Spammers used stolen password to access list of Dropbox user e-mails. Jon Brodkin, Ars Technica, 31 Jul 2012 A couple of weeks ago Dropbox hired some "outside experts" to investigate why a bunch of users were getting spam at e-mail addresses used only for Dropbox storage accounts. The results of the investigation are in, and it turns out a Dropbox employee's account was hacked, allowing access to user e-mail addresses. In an explanatory blog post, Dropbox today said a stolen password was "used to access an employee Dropbox account containing a project document with user email addresses." Hackers apparently started spamming those addresses, although there's no indication that user passwords were revealed as well. Some Dropbox customer accounts were hacked too, but this was apparently an unrelated matter. "Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts," the company said. Dropbox noted that users should set up different passwords for different sites. The site is also upping its own security measures. In a few weeks, Dropbox said it will start offering an optional two-factor authentication service. This could involve users logging in with a password as well as a temporary code sent to their phones. ... http://arstechnica.com/security/2012/07/dropbox-confirms-it-got-hacked-will-offer-two-factor-authentication/ ------------------------------ Date: Wed, 1 Aug 2012 09:28:08 -0400 From: Monty Solomon <monty_at_private> Subject: Attack against Microsoft scheme puts hundreds of crypto apps at risk (Dan Goodin) Dan Goodin, Ars Technica, 31 Jul 2012 Cloud-based service requires an average of 12 hours to decrypt VPN traffic. Researchers have devised an attack against a Microsoft-developed authentication scheme that makes it trivial to break the encryption used by hundreds of anonymity and security services, including the iPredator virtual private network offered to users of The Pirate Bay. The attack, unveiled by Moxie Marlinspike and David Hulton, takes on average just 12 hours to recover the secret key that iPredator and more than 100 other VPN and wireless products use to encrypt sensitive data. The technique, which has been folded into Marlinspike's CloudCracker service, exploits weaknesses in version 2 of a Microsoft technology known as MS-CHAP, short for Microsoft challenge-handshake authentication protocol. It's widely used to log users into VPN and WPA2 networks and is built into a variety of operating systems, including Windows and Ubuntu. ... http://arstechnica.com/security/2012/07/broken-microsoft-sheme-exposes-traffic/ ------------------------------ Date: Mon, 30 Jul 2012 10:57:51 -0700 From: Gene Wirchenko <genew_at_private> Subject: "Microsoft hits Java where it hurts" (Woody Leonhard) Woody Leonhard, *InfoWorld*, 30 Jul 2012 Microsoft hits Java where it hurts Microsoft security researcher warns of deteriorating situation with Java -- and not just on Windows. Continuing to use Java puts your company and clients at risk http://www.infoworld.com/t/java-programming/microsoft-hits-java-where-it-hurts-198936 ------------------------------ Date: Tue, 31 Jul 2012 16:21:14 -0700 From: Lauren Weinstein <lauren_at_private> Subject: Attack against Microsoft scheme puts hundreds of crypto apps at risk "Researchers have devised an attack against a Microsoft-developed authentication scheme that makes it trivial to break the encryption used by hundreds of anonymity and security services, including the iPredator virtual private network offered to users of The Pirate Bay. The attack, unveiled by Moxie Marlinspike and David Hulton, takes on average just 12 hours to recover the secret key that iPredator and more than 100 other VPN and wireless products use to encrypt sensitive data. The technique, which has been folded into Marlinspike's CloudCracker service, exploits weaknesses in version 2 of a Microsoft technology known as MS-CHAP, short for Microsoft challenge-handshake authentication protocol. It's widely used to log users into VPN and WPA2 networks and is built into a variety of operating systems, including Windows and Ubuntu." http://j.mp/NHKPb0 (ars technica via NNSquad) ------------------------------ Date: Sat, 28 Jul 2012 13:49:54 -0400 From: Monty Solomon <monty_at_private> Subject: Google Failed to Delete All Street View Data, Drawing U.K. Ire http://www.eweek.com/c/a/Data-Storage/Google-Failed-to-Delete-All-Street-View-Data-Drawing-UK-Ire-347724/ ------------------------------ Date: Sun, 29 Jul 2012 14:49:03 +0800 From: jidanni_at_private Subject: Chief developer quits OAuth2.0: I failed, We failed http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ "Last month I reached the painful conclusion that I can no longer be associated with the OAuth 2.0 standard. I resigned my role as lead author and editor, withdraw my name from the specification, and left the working group. Removing my name from a document I have painstakingly labored over for three years and over two dozen drafts was not easy. Deciding to move on from an effort I have led for over five years was agonizing... The web does not need yet another security framework. It needs simple, well-defined, and narrowly suited protocols that will lead to improved security and increased interoperability. OAuth 2.0 fails to accomplish anything meaningful over the protocol it seeks to replace... I failed. We failed." ------------------------------ Date: Thu, 26 Jul 2012 10:11:31 -0400 From: Monty Solomon <monty_at_private> Subject: Hacking attacks on printers still not being taken seriously (Mark Piesing) Despite staged malware attack seven months ago, one in four HP laser jet printers still have default password settings Mark Piesing, guardian.co.uk, 23 July 2012 http://www.guardian.co.uk/technology/2012/jul/23/hacking-attack-printers ------------------------------ Date: Fri, 27 Jul 2012 18:05:53 -0700 From: Lauren Weinstein <lauren_at_private> Subject: General warns of dramatic increase in cyber-attacks on U.S. firms General warns of dramatic increase in cyber-attacks on U.S. firms http://j.mp/MKPKbt (L.A. Times via NNSquad) "Alexander said the military had yet to work out rules of engagement for responding to cyber-attacks, and he pointed out that neither of his agencies have the authority to defend against a cyber-attack on a private company, even if that company owns crucial infrastructure. The pending bill would fix that, he said. Some business groups oppose the bill as intrusive, and some civil liberties groups say it compromises privacy. Alexander pointedly refused to comment on Stuxnet, a cyber-attack on Iran's nuclear enrichment facilities that has been reported to have been the work of the U.S. and Israeli intelligence. He also pushed back against the notion that the uptick in attacks on the U.S. is related to Stuxnet, which was first discovered in June 2010." There are indeed genuine cybersecurity concerns. But this legislative campaign by Alexander et al. is mostly F.U.D. ------------------------------ Date: Sat, 28 Jul 2012 14:46:08 -0700 From: Lauren Weinstein <lauren_at_private> Subject: Don't believe the Skype: it may not be as private as you might think (Dan Gillmor) "When Skype became popular just under a decade ago, I repeatedly asked the company a question that I considered crucial. The online calling and messaging service encrypted users' communications, and it was based outside the United States. But the encryption methods were kept secret, so outside researchers couldn't verify their quality - a technique that experts in the field sometimes deride as "security through obscurity" - and I wanted to know whether Skype had a software backdoor that it or anyone else could use to listen into users' calls." http://j.mp/OnbREn (Dan Gillmor, Guardian via NNSquad) [Skype Hype abounds hyperbolically, especially where host systems are compromisable. PGN] ------------------------------ Date: Sun, 29 Jul 2012 10:23:18 -0700 From: Lauren Weinstein <lauren_at_private> Subject: Is This Anonymous Group Behind the New York Times WikiLeaks Hoax? http://j.mp/PWZC09 (BetaBeat via NNSquad) "Early this morning, a pro-WikiLeaks op-ed purporting to be penned by former *New York Times* executive editor Bill Keller cropped up online. It was a stunningly convincing piece of web fraud, its design practically identical to the New York Times's own homepage, with every link leading to an actual Times article or section. The only hint that it wasn't real was the URL: instead of showing as nytimes.com/pages/opinion, it read "opinion-nytimes.com." It's a tiny difference, but a monumentally important one." ------------------------------ Date: Tue, 31 Jul 2012 10:04:07 -0700 From: Gene Wirchenko <genew_at_private> Subject: "First strain on Olympic networks seen" (Brandon Butler) Brandon Butler, London Olympics could strain enterprise networks, 30 Jul 2012 http://www.itbusiness.ca/IT/client/en/CDN/News.asp?id=68406 first and last paragraphs: It didn't take long to see the first signs of strain on communication networks at the Olympics when overloaded infrastructure on the first day of competition caused organizers to request that spectators scale back their use of Twitter for "non-urgent" messages, according to Reuters. And finally, he says, a lesson from the Olympics issue is that you can't blindly rely on your partners. The issue over the weekend, he notes, was likely caused not only by the Olympics network infrastructure having issues, but also from third-party telecommunications systems that may have been overloaded. If an enterprise is relying on a partner or vendor to supply a networking service, make sure the provider is putting controls into place to handle unexpected issues that may arise as well. [Watch out when you out-source?] ------------------------------ Date: Sun, 29 Jul 2012 17:42:12 -0700 From: Lauren Weinstein <lauren_at_private> Subject: Don't tweet if you want TV, London fans told http://j.mp/MNF2kh (Reuters via NNSquad) "Sports fans attending the London Olympics were told on Sunday to avoid non-urgent text messages and tweets during events because overloading of data networks was affecting television coverage." ------------------------------ Date: Wed, 25 Jul 2012 20:50:20 -0400 From: Jeremy Epstein <jeremy.j.epstein_at_private> Subject: Re: Olympics security poster 'gibberish' (RISKS-26.95) Such problems are not unique to Arabic signs on buses, of course. A recent TV show had a gravestone with the Hebrew letters arranged in reverse order (the letters themselves were not mirror images). The result of the automated translation was a tombstone reading "pickled at great expense" rather than "dearly missed". If the producers of the show had checked with a native speaker of the language, one would assume s/he would point out the error. As PGN might no doubt comment, this left viewers in a pickle as to the message being sent. http://www.guardian.co.uk/world/shortcuts/2012/jun/17/bbc-comedy-episodes-viral-in-israel ------------------------------ Date: Sat, 28 Jul 2012 01:27:46 -0700 (PDT) From: Chris J Brady <chrisjbrady_at_private> Subject: World Wide Web - Inventor As was clearly depicted last night in the Opening Ceremony of the [...] Olympics in London ... "All partygoers were invited back to the house where Tim Berners-Lee, the Briton who invented the World Wide Web, was at his keyboard. When the house was lifted there was the man himself. And a huge illuminated black and white sign announced "This is for everyone." http://www.dailymail.co.uk/news/article-2179920/Olympics-Opening-Ceremony-London-gets-2012-Games-way-Greatest-Show-On-Earth-rounded-Macca-course.html End of argument. [NOTE: I DELETED the 3-X roman numerals of the Olympics to avoid this issue being filtered/blocked/censored.] ------------------------------ From: "Larry Press" <lpress_at_private> Date: Jul 25, 2012 7:05 PM Subject: Re: Who Really Invented the Internet? [via Dave Farber's IP distribution] Government funded research and procurement played a major role before, during and subsequent to the "invention" of the Internet. Furthermore, we got an incalculable return on a very small investment. I summarized some of the background in a 1996 CACM article "Seeding Networks: the Federal Role," (http://som.csudh.edu/fac/** lpress/articles/govt.htm <http://som.csudh.edu/fac/lpress/articles/govt.htm> ). Here are some costs from that article ($millions): Morse Telegraph .03 Smithsonian ARPANET 25 [24] CSNET 5 [6] NSFNET Backbone 57.9 [8] NSF Higher-ed connections 30 Dave Staudt, NSF NSF International connections 6.6 Steve Goldstein, NSF In a companion article, published in CACM in 1993, I talked about things done at PARC and other places. The article is called "Before the Altair -- the History of Personal Computing," and its at: http://som.csudh.edu/fac/** lpress/articles/hist.htm <http://som.csudh.edu/fac/lpress/articles/hist.htm> ------------------------------ Date: Mon, 6 Jun 2011 20:01:16 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 26.96 ************************Received on Wed Aug 01 2012 - 13:52:00 PDT
This archive was generated by hypermail 2.2.0 : Wed Aug 01 2012 - 14:33:45 PDT