[RISKS] Risks Digest 27.13

From: RISKS List Owner <risko_at_private>
Date: Sat, 12 Jan 2013 11:18:06 PST
RISKS-LIST: Risks-Forum Digest  Saturday 12 January 2013  Volume 27 : Issue 13

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/27.13.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Oscar's E-Voting Problems Worse Than Feared (Hollywood Reporter)
Abelson/Creswell: EHRs may add to, not reduce, the cost of health care
  (David Lesher, Lauren Weinstein)
Cox cable e-mail storage failure (James Paul)
Browser's break pedal changes into gas pedal once fully stopped (jidanni)
Tech Problems Plague Exchanges (Nathan Popper via Dave Farber)
IBM's Watson Gets a Swear Filter (Robert Schaefer)
Newspaper on Cape Cod Apologizes for a Veteran Reporter's Fabrications
  (Katharine Q. Seelye via Monty Solomon)
Hoax article detailing fake war stayed up on Wikipedia for five years
  (Lauren Weinstein)
Why I never use a non-gas credit card at gas stations... (Paul Saffo)
"Instagram debacle shows the user agreement process needs fixing"
  (Gene Wirchenko)
A Chinese Web censor snaps, goes on public rant (Lauren Weinstein)
You better brush up on airport security (Peter Houppermans)
Online Banking Attacks Were Work of Iran, U.S. Officials Say (David J. Farber)
"U.S. bank cyber attacks reflect 'frightening' new era" (Antone Gonsalves
  via Gene Wirchenko)
"Microsoft kicks off 2013 with clutch of critical Windows updates"
  (Gregg Keizer via Gene Wirchenko)
"Ruby on Rails patches more critical vulnerabilities" (Jeremy Kirk via
  Gene Wirchenko)
Hackable office phones (PGN)
Disney to roll out RFID-enabled 'MagicBand' to guests (Jim Reisert)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 1 Jan 2013 08:09:30 -0800
From: Lauren Weinstein <lauren_at_private>
Subject: Oscar's E-Voting Problems Worse Than Feared

  Voting to determine the next set of Oscar nominees began Dec. 17 and will
  extend through Jan. 3. On Dec. 26, I reached out to a wide cross-section
  of the Academy to see if they tried to vote online (an Academy
  spokesperson tells me that "a great majority" of members have registered
  to do so) and, if so, to characterize their experience.  Roughly half of
  the members reached said they experienced problems navigating the site;
  more than one described it as a "disaster." They also worried that hackers
  could compromise the Oscar vote.
  http://j.mp/UBoeOz  (*Hollywood Reporter* via NNSquad)

    [This voting system appears to be one from Everyone Counts, which has
    known vulnerabilities relating to Safari improperly displaying pdf,
    among other problems.  The Hollywood Reporter claims the problems arose
    from an attempt that actually oversimplified in order to make the system
    usable for the Academy voters!  Apparently dumbing down security for
    usability strikes again.  PGN]

------------------------------

Date: Fri, 11 Jan 2013 03:48:07 -0500
From: David Lesher <wb8foz_at_private>
Subject: EHRs may add to, not reduce, the cost of health care

In 2nd Look, Few Savings From Digital Health Records
Reed Abelson and Julie Creswell, *The New York Times*, 11 Jan 2013
<http://www.nytimes.com/2013/01/11/business/electronic-records-systems-have-not-reduced-health-costs-report-says.html>

The conversion to electronic health records has failed so far to produce the
hoped-for savings in health care costs and has had mixed results, at best,
in improving efficiency and patient care, according to a new analysis by the
influential RAND Corporation.

Optimistic predictions by RAND in 2005 helped drive explosive growth in the
electronic records industry and encouraged the federal government to give
billions of dollars in financial incentives to hospitals and doctors that
put the systems in place.

``We've not achieved the productivity and quality benefits that are
unquestionably there for the taking,'' said Dr. Arthur L. Kellermann, one of
the authors of a reassessment by RAND that was published in this month's
edition of Health Affairs, an academic journal.

RAND's 2005 report was paid for by a group of companies, including General
Electric and Cerner Corporation, that have profited by developing and
selling electronic records systems to hospitals and physician practices.
Cerner/s revenue has nearly tripled since the report was released, to a
projected $3 billion in 2013, from $1 billion in 2005. ...

Comment:

Gee, Just like HAVA and voting. If you take a hard problem, and throw enough
raw meat into the shark pool.... you have a bigger problem.

[PGN adds: See also *The Boston Globe*]
http://www.boston.com/whitecoatnotes/2013/01/11/safety-cost-electronic-health-records-not-living-some-expectations/jB9NoPWuA0RhIvhl6tsSTK/story.html

------------------------------

Date: Thu, 10 Jan 2013 20:25:58 -0800
From: Lauren Weinstein <lauren_at_private>
Subject: EHRs may add to, not reduce, the cost of health care

  The report predicted that widespread use of electronic records could save
  the United States health care system at least $81 billion a year, a figure
  RAND now says was overstated. The study was widely praised within the
  technology industry and helped persuade Congress and the Obama
  administration to authorize billions of dollars in federal stimulus money
  in 2009 to help hospitals and doctors pay for the installation of
  electronic records systems. "RAND got a lot of attention and a lot of buzz
  with the original analysis," said Dr. Kellermann, who was not involved in
  the 2005 study. "The industry quickly embraced it." But evidence of
  significant savings is scant, and there is increasing concern that
  electronic records have actually added to costs by making it easier to
  bill more for some services.  http://j.mp/U9JeLC (*The New York Times* via
  NNSquad; see the previous item.  PGN)

------------------------------

Date: Tue, 25 Dec 2012 20:40:31 -0500
From: "James Paul" <james.paul_at_private>
Subject: Cox cable e-mail storage failure

Back on 14 Dec 2012, my e-mail disappeared.  It came back on 17 Dec.  What
surprised me is that Cox Communications crashed a good part of its network
(users in Arkansas, Connecticut, Georgia, Florida, Idaho, Iowa, Kansas,
Louisiana, Massachusetts, Nebraska, Ohio, Oklahoma, Rhode Island and
Virginia (that's me) were affected) and it didn't set off a media storm.

Cox Customer Service was not helpful, not that I bothered to call.  The
support forum was carrying the usual flood of messages complaining about the
lack of an explanation and the service restoration estimates that kept
receding into the distance.  In the end, Cox simply gave up and the message
became (paraphrasing) "it will return when it returns."  It didn't help when
some users were told "email is a free service so why are you expecting
support?"  As time when on, Cox added that it was not experiencing a
cyberattack, hadn't suffered a security breach and that incoming messages
were being captured.  On Monday, my backlog started arriving.  I received a
message on December 21st that all of my messages had been delivered.

I also received the following explanation:

  Dear Cox email user,

  We owe you an apology for your recent experience with our residential
  email service.  We pride ourselves on delivering your most important
  connections, and candidly, we recognize that did not happen.  We are
  focused on how we can improve your trust in our service and with our
  company.  Our hope is that we have begun to do that with this apology and
  explanation.

  On Friday, we experienced a storage platform failure in our production
  environment.  Both our primary and back-up storage devices that support
  email service were affected.  Dozens of engineers worked with our storage
  vendor and have isolated what caused the platform in our Midwest and East
  Coast regions to go down.  Every resource was made available to restore
  services to all affected customers as soon as possible.  The multiple
  components and processes that make up our email system required time to
  bring back online, and care to ensure that no messages were lost.  This
  week, we began to replace the storage platform as part of our efforts to
  ensure this issue does not happen again.

  We understand that email is an important component of your Cox High Speed
  Internet service, and we deeply regret the impact this outage had,
  especially at a time when you are busy preparing for holiday celebrations
  with your family and friends.  On behalf of the 20,000 Cox employees who
  proudly serve our customers, I hope you'll accept our most sincere
  apologies.

  Sincerely, Paul Cronin, Senior Vice President, Customer Experience
  Cox Communications"

Readers on this forum with better technical chops than mine can read volumes
into that message.  There might even be a few readers with first-hand
knowledge of the details.  I wondered for a while if Cox was having the same
problem AT&T went through back in 1990 where its ESS7 switches kept knocking
each other off the network with spurious error/reset messages.  That there
was apparently a flaw common to the primary and backup storage network is
also eye-opening.

In checking Google during the outage, I only saw links to some local
television outlets in the affected area.  I didn't see any reference to the
problems in the Washington Post, my local paper.  I've stopped watching my
local TV news or the national news programs, so I cannot assert that the
word was not getting out.  However, in other major net outages I usually run
across some references pretty quickly and it becomes difficult to avoid
information about such problems fairly quickly.  That Cox avoided that fate
here is what I find the most interesting aspect here.

As far as I can tell, this was in the end a hiccup; things seem to be
working as they were before (well, except that Cox doesn't seem to be able
to determine which of their regional services I'm using when I log in to the
webmail interface but that may be an artifact of my particular
computer/browser setup).  My messages go out and come in.  I thought I'd
bring it to the attention of this particular list, both to memorialize the
event and to spur the deeper post-mortem I can't perform.

------------------------------

Date: Fri, 28 Dec 2012 15:44:45 +0800
From: jidanni_at_private
Subject: Browser's break pedal changes into gas pedal once fully stopped

The Midori browser includes a revolutionary (for me at least) space saving
design feature: the Stop button is changes into the Refresh button after a
web page is full loaded. I.e., if you click on "stop" just as a web page
fully loads, you will in fact end up clicking on the Refresh button... not
only not stopping anything, but forcing even more of the transmission you
intended to stop.

It's like a one-pedal car where the break pedal changes into the gas pedal
once the car is fully stopped... to keep you old folks on your toes.

------------------------------

Date: Fri, 11 Jan 2013 11:01:05 -0500
From: "David J. Farber" <farber_at_private>
Subject: Tech Problems Plague Exchanges (Nathan Popper)

Nathan Popper, *The New York Times*, 11 Jan 2012
Confidence-shaking technology mishaps have been an almost daily occurrence
at the nation's stock exchanges in the new year

The latest example came Wednesday night when the nation's third-largest
stock exchange operator, BATS Global Markets, alerted its customers that a
programming mistake had caused about 435,000 trades to be executed at the
wrong price over the last four years, costing traders $420,000.

A day earlier, the trading software used by the National Stock Exchange
stopped functioning properly for nearly an hour, forcing other exchanges to
divert trades around it. The New York Stock Exchange, the nation's largest
exchange, has had two similar, though shorter-lived, breakdowns since
Christmas and two separate problems with its data reporting system. And
traders were left in the dark on Jan. 3 after the reporting system for
stocks listed on the Nasdaq exchange, the second-biggest exchange, broke
down for nearly 15 minutes.

The stream of errors has occurred despite the spotlight on the exchanges
since a programming mishap nearly derailed Facebook's initial public
offering on Nasdaq last May and BATS's fumbling of its own I.P.O. two
months earlier. At the end of 2012, a number of exchange executives said
they were increasing efforts to reduce the problems. But market data expert
Eric Hunsader said that the technology problems have become, if anything,
more frequent in recent weeks. ...

------------------------------

Date: Fri, 11 Jan 2013 07:56:17 -0500
From: Robert Schaefer <rps_at_private>
Subject: IBM's Watson Gets a Swear Filter

There are implications that the smarter we humans can make our AI the less
we may like the results.

IBM's Watson Gets A 'Swear Filter' After Learning The Urban Dictionary"
"In the end, Brown and his team were forced to remove the Urban Dictionary
from Watson's vocabulary, and additionally developed a smart filter to keep
Watson from swearing in the future."

http://www.ibtimes.com/ibms-watson-gets-swear-filter-after-learning-urban-dictionary-1007734

robert schaefer, Atmospheric Sciences Group, MIT Haystack Observatory
Westford MA 01886 781-981-5767 http://www.haystack.mit.edu rps@private

------------------------------

Date: Sat, 29 Dec 2012 23:20:45 -0500
From: Monty Solomon <monty_at_private>
Subject: Newspaper on Cape Cod Apologizes for a Veteran Reporter's Fabrications
  (Katharine Q. Seelye)

Katharine Q. Seelye, *The New York Times*, 28 Dec 2012

HYANNIS, Mass. - When an editor at The Cape Cod Times was reading the
newspaper last month, she thought an article about the Veterans Day parade
from the day before seemed slightly off.  The article, written by Karen
Jeffrey, a longtime reporter, told of a Ronald Chipman, 46, and his family
from Boston. The Chipmans apparently were oblivious to Veterans Day until
they saw the parade.  Ms. Jeffrey described the family in detail, including
a scene in which the parents used their smartphones to find information
about the holiday, creating a "teachable moment" for themselves and their
children.

Maybe it was the tidiness of the tale. Or the notion that adults were
unfamiliar with Veterans Day. But the article did not ring true to the
editor and she set out to find the Chipmans. She searched several databases
but turned up nothing. She reported her finding to the editor in chief, Paul
Pronovost.  Mr. Pronovost asked the editor - whom he would not name to
protect her privacy - to check other recent articles by Ms. Jeffrey. After
more people in the articles could not be found, he then asked Ms.  Jeffrey
for help in locating the Chipmans. Ms. Jeffrey said she had thrown out her
notes.  "That's when the alarm bells went off," Mr. Pronovost said. He
ordered a full review of her work. For three days, three editors pored over
a public-records database called Accurint. They examined voter rolls and
town assessor records. They checked Facebook profiles and made phone
calls. And they concluded that, over the years, Ms.  Jeffrey had written
dozens of articles that included people who did not exist.

The next day, Dec. 5, Mr. Pronovost and the publisher, Peter Meyer, wrote a
front-page apology to their readers. ...

http://www.nytimes.com/2012/12/29/us/cape-cod-paper-apologizes-for-reporters-misdeeds.html

------------------------------

Date: Tue, 8 Jan 2013 18:55:38 -0800
From: Lauren Weinstein <lauren_at_private>
Subject: Hoax article detailing fake war stayed up on Wikipedia for five years

http://j.mp/VJDVnK  (*The Daily Caller* via NNSquad)

  For the last five years, those who spend their time procrastinating on
  Wikipedia could read up on a 17th century war between colonial Portugal
  and India's Maratham Empire known as the "Bicholim Conflict."  The problem
  is that Bicholim Conflict never happened, and that the entire 4,500-word
  article on the war was nothing more than an elaborate joke ... It was
  voted a "good article" by Wikipedia's readers, and at one point was even
  nominated to be a "featured article" that would be prominently displayed
  on the site's homepage.

Actually, in addition to totally faked stories that likely are scattered
throughout the totality of the Wikipedia corpus, what's of even more concern
is the errors and purposeful misstatements seeded in otherwise factual
articles that don't receive enormous day to day attention.  But hell, who
would ever have expected such problems with a reference source edited by
anonymous persons of unknown credentials or expertise, sporting screen names
like blowboy17?

------------------------------

Date: Sun, 30 Dec 2012 15:28:23 -0800
From: Paul Saffo <paul_at_private>
Subject: Why I never use a non-gas credit card at gas stations...

Why I only use vendor-specific gas cards at gas stations, and pay inside
when things seem amiss.  Paul

http://www.nbcbayarea.com/investigations/One-Gas-Pump-Key-Lets-Thieves-Steal-Your-ID-177999751.html

Vicky Nguyen, Julie Putnam and Jeremy Carroll,
One Gas Pump Key Lets Thieves Steal Your ID, NBC Bay Area, 9 Nov 2012

The NBC Bay Area Investigative Unit has found a single master key grants
access to gas pumps across the state and it s giving easy access to thieves
looking to compromise Bay Area drivers credit card information.  Vicky
Nguyen first aired this story 8 Nov at 11 p.m.

Call it the key to the kingdom. In the world of gas pumps, there is a
universal key unlocking a lucrative business for identity thieves.

The NBC Bay Area Investigative Unit has learned a single key opens the
majority of gas station pumps across the country, making it easy for crooks
to install high-tech skimming devices and resulting in hundreds of victims
of credit card fraud in the South Bay.  The single key was initially created
to make it easier for pump inspections and maintenance, but now, copies are
circulating amongst thieves.

The Rapid Enforcement Allied Computer Team, a high tech task force of
investigators in Silicon Valley, which partners with the Santa Clara County
District Attorney's Office, is looking into hundreds of these cases across
the state.  The REACT Task Force has uncovered nine skimming devices in the
past two months from Bay Area gas stations. Three hundred victims have been
identified so far and that number continues to grow.  ``We are just touching
the tip of the iceberg,'' REACT Task Force Director Mike Sterner told NBC
Bay Area.  [Long item truncated for RISKS.  PGN]

If you have a tip for the Investigative Unit, email us:
TheUnit_at_private

------------------------------

Date: Thu, 10 Jan 2013 14:42:02 -0800
From: Gene Wirchenko <genew_at_private>
Subject: "Instagram debacle shows the user agreement process needs fixing"

opening text:
At the end of 2012 Instagram, the online image-sharing company recently
acquired by Facebook, announced new changes to their Privacy and Terms of
Service policies that caused tremendous backlash from the public and from
their users.
http://blogs.itbusiness.ca/2012/12/examining-instagrams-tos-debacle/

------------------------------

Date: Wed, 9 Jan 2013 16:08:12 -0800
From: Lauren Weinstein <lauren_at_private>
Subject: A Chinese Web censor snaps, goes on public rant

http://j.mp/WPGm50  (*The Washington Post* via NNSquad)

  "Spare a moment for the Chinese censor, stuck between a Communist Party
  that demands strict control and a few million Web users who increasingly
  expect the ability to speak their minds online.  As controversy over a
  censored newspaper grows into one of China's biggest and potentially most
  significant free-speech fights in years, party officials are likely
  seeking greater control at exactly the moment that outraged Web users are
  making that task most difficult. At least one censor on Weibo, the popular
  Twitter-like service that often serves as the closest China has to a
  public national conversation, seems to have snapped."

------------------------------

Date: Sat, 05 Jan 2013 14:51:28 +0100
From: Peter Houppermans <terriblylongemailaddresstoannoypeople_at_private>
Subject: You better brush up on airport security

  ``A portion of Atlanta's airport, including MARTA rail service, was
  interrupted for more than half an hour Friday morning because of a
  toothbrush. Airport officials told Channel 2 Action News that an electric
  toothbrush began vibrating inside a bag checked onto an AirTran flight,
  causing workers to alert airport officials to the strange noise.''

There are many electric devices carried in luggage that can make weird
noises...
http://www.ajc.com/news/news/local/atlanta-airport-closed-by-toothbrush/nTmqK/

------------------------------

Date: Wed, 9 Jan 2013 09:40:12 -0500
From: "David J. Farber" <farber_at_private>
Subject: [IP] Online Banking Attacks Were Work of Iran, U.S. Officials Say

The attackers hit one American bank after the next. As in so many previous
attacks, dozens of online banking sites slowed, hiccupped, or ground to a
halt before recovering several minutes later.

But there was something disturbingly different about the wave of online
attacks on American banks in recent weeks. Security researchers say that
instead of exploiting individual computers, the attackers engineered
networks of computers in data centers, transforming the online equivalent of
a few yapping Chihuahuas into a pack of fire-breathing Godzillas.

The skill required to carry out attacks on this scale has convinced United
States government officials and security researchers that they are the work
of Iran, most likely in retaliation for economic sanctions and online
attacks by the United States.

``There is no doubt within the U.S. government that Iran is behind these
attacks,'' said James A. Lewis, a former official in the State and Commerce
Departments and a computer security expert at the Center for Strategic and
International Studies in Washington. [...]

http://www.nytimes.com/2013/01/09/technology/online-banking-attacks-were-work-of-iran-us-officials-say.html?ref=global-home&_r=0

------------------------------

Date: Thu, 10 Jan 2013 13:14:39 -0800
From: Gene Wirchenko <genew_at_private>
Subject: "U.S. bank cyber attacks reflect 'frightening' new era"
  (Antone Gonsalves)

Antone Gonsalves, *InfoWorld*
Experts and government officials believe the attacks are in retaliation for
sanctions, and for U.S. cyber attacks on Iranian computer systems
http://www.infoworld.com/d/security/us-bank-cyber-attacks-reflect-frightening-new-era-210576

------------------------------

Date: Thu, 10 Jan 2013 13:59:16 -0800
From: Gene Wirchenko <genew_at_private>
Subject: "Microsoft kicks off 2013 with clutch of critical Windows updates"
  (Gregg Keizer)

Gregg Keizer, Computerworld, InfoWorld, 8 Jan 2013
Microsoft kicks off 2013 with clutch of critical Windows updates
Others, including Adobe, Google, and Mozilla, ride Patch Tuesday's coat tails
http://www.infoworld.com/d/security/microsoft-kicks-2013-clutch-of-critical-windows-updates-210405

selected text:

Microsoft today patched 12 vulnerabilities in Windows, Office and several
server and development products, but as it hinted last week, did not come up
with a fix for the IE (Internet Explorer) bug that cyber criminals have been
exploiting for at least a month.

Among the torrent of patches, one not offered today was for the IE6, IE7 and
IE8 zero-day bug that hackers have been exploiting since at least Dec. 7.

IE9 and IE10 do not contain the bug, which according to Symantec, was used
by the Elderwood group for cyber espionage. But because IE9 won't run on
Windows XP, those customers are stuck with a vulnerable browser. Data from
Web analytics company Net Applications puts XP's online usage share at 39
percent in December, meaning nearly four out of every 10 personal computer
users runs the aged OS.

------------------------------

Date: Thu, 10 Jan 2013 13:54:04 -0800
From: Gene Wirchenko <genew_at_private>
Subject: "Ruby on Rails patches more critical vulnerabilities" (Jeremy Kirk)

Jeremy Kirk, *InfoWorld Home*, 9 Jan 2012
It's the second time this month that Ruby on Rails has released updated
versions for serious software flaws
http://www.infoworld.com/d/security/ruby-rails-patches-more-critical-vulnerabilities-210434

------------------------------

Date: Fri, 4 Jan 2013 13:58:19 PST
From: "Peter G. Neumann" <neumann_at_private>
Subject: Hackable office phones

This is some very interesting work being done at Columbia University.
The URL gives you a clue

http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite&ocid=msnhp&pos=11

------------------------------

Date: Thu, 10 Jan 2013 08:19:57 -0700
From: Jim Reisert AD1C <jjreisert_at_private>
Subject: Disney to roll out RFID-enabled 'MagicBand' to guests

"Linking the entire MyMagic+ experience together is an innovative piece of
technology we developed called the MagicBand. Worn on the wrist, it will
serve as a guest's room key, theme park ticket, access to FastPass+
selections, PhotoPass card and optional payment account all rolled into
one."

http://disneyparks.disney.go.com/blog/2013/01/taking-the-disney-guest-experience-to-the-next-level/

As has been said here many times before, what could possibly go wrong
(privacy issues aside)?

Jim Reisert AD1C, <jjreisert@private>, http://www.ad1c.us

------------------------------

Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request_at_private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request_at_private
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe_at_private or risks-unsubscribe_at_private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall_at_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 27.13
************************
Received on Sat Jan 12 2013 - 11:18:06 PST

This archive was generated by hypermail 2.2.0 : Sat Jan 12 2013 - 12:38:51 PST