RISKS-LIST: Risks-Forum Digest Tuesday 22 January 2013 Volume 27 : Issue 14 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.14.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Jim Horning, 24 Aug 1942 -- 18 Jan 2013 (PGN) Luther Weeks: Voting Requires Vigilance. Popular Isn't Always Prudent (PGN) Internet resources allow identification of personal genomes via (Lauren Weinstein) France wants to tax Google/Facebook based on users/data collected (Lauren Weinstein) Under pressure, Journal News withdraws gun database, but the mirrors are everywhere ... (Lauren Weinstein) These People Are Now Sharing Horrible Things About Themselves Thanks to Facebook Search (Lauren Weinstein) "Distracted driver hits senior while using her iPod" (Gene Wirchenko) "Facebook Graph Search may be a social engineering nightmare" (Ted Samson via Gene Wirchenko) Risks of inaccurate cellphone tracking info (David Tarabar) Ahmed Al-Khabaz expelled from Dawson College after finding security flaw (David J. Farber, Suresh Ramasubramanian, Steve Crocker) "Red October relied on Java exploit to infect PCs" (Gene Wirchenko) Subject: "how Oracle installs deceptive software with Java updates" (Ed Bott via Gene Wirchenko) "Disabling Java in Internet Explorer: No easy task" (Woody Leonhard via Gene Wirchenko) Just How Dumb Is It For CBS To Block CNET From Giving Dish An Award? (Mike Masnick) The 2013 Best of CES Awards: CNET's story (Lindsey Turrentine via Monty Solomon) Re: EHRs may add to, not reduce, the cost of health care (Dave Parnas) Course announcement: SecAppDev 2013, 4-8 March, Leuven, Belgium (Lieven Desmet) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Tuesday, January 22, 2013 3:04 PM From: Peter Neumann <Neumann_at_private> Subject: Jim Horning, 24 Aug 1942 -- 18 Jan 2013 Jim Horning was one of my favorite friends, colleagues, associates, and a long-time inspiration, spanning the past 38 years. He was active in the computer field since 1958. He was a vital member of the ACM Committee on Computers and Public Policy, continuously since 1985; he contributed to the very first issue of the ACM Risks Forum (1 Aug 1985), and he wrote or co-wrote seven CACM Inside Risks articles. He also played significant roles in USACM. We worked together on a joint CPSR/ACLU report for the House Committee on Civil and Constitutional Rights in 1989. He made many thoughtful technical and socially aware contributions, always with wisdom, common sense, and humanity. I valued every contact I ever had with him. He will be very deeply missed by all who knew him, and indirectly by many who did not. ------------------------------ Date: Tue, 22 Jan 2013 13:26:38 PST From: "Peter G. Neumann" <neumann_at_private> Subject: Luther Weeks: Voting Requires Vigilance. Popular Isn't Always Prudent Luther Weeks, 21 Jan 2013 Op-Ed outlining the integrity risks of the National Popular Vote Compact http://www.ctnewsjunkie.com/ctnj.php/archives/entry/op-ed_voting_requires_vigilance._popular_isnt_always_prudent/ One third of Americans vote on machines, without the paper ballots we use in Connecticut. Our president is chosen based on faith in those unverifiable machines, vote accounting, and unequal enfranchisement in 50 independent states and the District of Columbia. In 2000, we witnessed the precarious underpinnings of this state-by-state voting system combined with the flawed mechanism of the 12th Amendment and the Electoral Accounting Act. The Supreme Court ruled votes could not be recounted in Florida, because even that single state did not have uniform recount procedures. What could possibly make this system riskier? The National Popular Vote Compact now being considered in states, including Connecticut, would have such states award their electoral votes to a purported national popular vote winner. The Compact would take effect once enough states signed on, equaling more than one-half the Electoral College. Then the President elected would be the one with the most purported popular votes. Sounds good and fair at first glance. Looking at the touted benefits and none of the risks many legislators, advocates, and media influence the public to make the Compact popular in some polls. Popular is not always prudent. Voting requires vigilance. The Compact, cobbled on an already precarious system, would exacerbate its flaws, adding additional risks. Currently errors, voter suppression, and fraud can only sway the result in the few swing states. With the Compact errors, suppression, and fraud in every state would count toward the popular vote total. Compact supporters overlook and proponents befog the reality that there would be no official national popular vote total available in time for states to choose their electors. The only official popular vote total is the sum of the Certificates of Attainment sent by each state to the national Archivist. They cannot be used for choosing electors, since certificates are not required to be sent until seven days after electors are chosen and are not required to arrive in Washington until fifteen days after the electors must be chosen. Supreme Court decisions in 2000 and 1876 stress that these dates must be strictly followed. Even if the totals could be obtained in time from each state, they would not be audited and could not be recounted. Compact proponents obfuscate this by describing how some states routinely perform audits or recounts. They conveniently ignore that about one-third of the states do not have audits and recounts; many voting machines cannot be audited; state recounts are based on close-vote margins within a state, so even in those states, recounts would not be triggered by a close national vote. Just as critical, there would be insufficient time for recounts or audits given the strict Constitutional deadlines. The Supreme Court would likely reject any recount going beyond state borders, using the same reasoning used to reject the 2000 Florida recount, as insufficiently uniform. Additional legal challenges and maneuvers under the Compact would also be available for partisans bent on sending any reasonably close election to the Supreme Court or Congress. States not signing the Compact could delay certifying and transmitting results until the latest deadline. Partisans could dispute results in their states or sue their Secretary of State for using uncertified results from other states, delaying reporting or negating the state's Electoral College vote. Nothing is available, but legal challenges, even in Compact states, to deter a future partisan Secretary of State from failing to follow the Compact. Supporters and opponents debate other contentions for and against the Compact, most of which are subjective and speculative. e.g. Which is more ideal, the current Federal system or the popular vote? Would small states or large states benefit more from the Compact? Where would candidates campaign and join with PACs in media buys? How equal would every voter actually be, given the state-by-state system of voter enfranchisement, disenfranchisement, suppression, and registration? An accurate, fair, and credible popular vote requires a uniform, workable national voting system we can trust. That is, a system with uniform enfranchisement, paper ballots, effective audits, and national recounts, enforceable and provably enforced as a prerequisite to a considering a national popular vote. Luther Weeks is executive director of CTVotersCount <http://www.ctvoterscount.org/> . [This is an extremely complicated issue. However, as long as we have partisan election management with unauditable voting machines, non-level playing fields regarding registration and voter rights, extreme difficulties in retroactively determining manipulations and unethical, illegal, or deceptive practices, no system can be claimed to be fair. Readers of RISKS should be well aware of the wide range of pitfalls. PGN] ------------------------------ Date: Thu, 17 Jan 2013 21:43:42 -0800 From: Lauren Weinstein <lauren_at_private> Subject: Internet resources allow identification of personal genomes via surname inference http://j.mp/10DqhqW (*Science* via NNSquad) [Free read with registration] "Sharing sequencing data sets without identifiers has become a common practice in genomics. Here, we report that surnames can be recovered from personal genomes by profiling short tandem repeats on the Y chromosome (Y-STRs) and querying recreational genetic genealogy databases. We show that a combination of a surname with other types of metadata, such as age and state, can be used to triangulate the identity of the target. A key feature of this technique is that it entirely relies on free, publicly accessible Internet resources. We quantitatively analyze the probability of identification for U.S. males. We further demonstrate the feasibility of this technique by tracing back with high probability the identities of multiple participants in public sequencing projects." ------------------------------ Date: Mon, 21 Jan 2013 09:54:45 -0800 From: Lauren Weinstein <lauren_at_private> Subject: France wants to tax Google/Facebook based on users/data collected "Last Friday, a 198-page government report to the French Ministry of the Economy outlined a proposal that, if approved by the French government, would impose a tax on tech companies based on how many users a site like Facebook or Google has, and how much personal information those companies hold." http://j.mp/WmsSiF (ars technica via NNSquad) Passage of such a law would be immediately followed by the creation of the secret French government department to create millions of fake Google users and share as much fake personal information about them as possible! ------------------------------ Date: Fri, 18 Jan 2013 16:20:24 -0800 From: Lauren Weinstein <lauren_at_private> Subject: Under pressure, Journal News withdraws gun database, but the mirrors are everywhere ... http://j.mp/WeMk0C (*Journal News* via NNSquad) "Today The Journal News has removed the permit data from lohud.com. Our decision to do so is not a concession to critics that no value was served by the posting of the map in the first place. On the contrary, we've heard from too many grateful community members to consider our decision to post information contained in the public record to have been a mistake. Nor is our decision made because we were intimidated by those who threatened the safety of our staffers. We know our business is a controversial one, and we do not cower." And of course, proving again that "public is public" and that trying to hide on the Internet is hopeless once it has been widely publicized, there are the various available related mirrors: http://j.mp/WeM2a6 (Google Sites) More info: Gawker releases list of gun owners in New York City (1/8/2013) http://j.mp/WeMUeE (Poynter) ------------------------------ Date: Fri, 18 Jan 2013 16:44:21 -0800 From: Lauren Weinstein <lauren_at_private> Subject: These People Are Now Sharing Horrible Things About Themselves Thanks to Facebook Search "FB's glistening new search engine makes finding interesting things about yourself, your past, and all of your friends excitingly easy. It also makes it a cinch to find strangers who are openly racist, sexist, and generally embarrassing." http://j.mp/WeQe9D (Gizmodo via NNSquad) [Warning: link is not safe for work or family!] The link above is Not Safe for Family. Not Safe for Work. Let's face it, Facebook just plain isn't safe. ------------------------------ Date: Sat, 12 Jan 2013 18:42:41 -0800 From: Gene Wirchenko <genew_at_private> Subject: "Distracted driver hits senior while using her iPod" "The Daily News", Kamloops, British Columbia, Canada, 2013-01-12, p. A6: "Distracted driver hits senior while using her iPod NORTH VANCOUVER A 19-year-old woman is facing charges in North Vancouver after she drove onto a sidewalk and struck a 70-year-old man while using her iPod. The RCMP say the victim was walking home from a gym when he was struck yesterday at Mount Seymour Parkway and Emerson Way. He suffered extensive injuries including a broken leg and broken ribs, but he is expected to survive. Police say the driver has been charged with driving without due care and attention while using an electronic device. ------------------------------ Date: Thu, 17 Jan 2013 12:17:30 -0800 From: Gene Wirchenko <genew_at_private> Subject: "Facebook Graph Search may be a social engineering nightmare" (Ted Samson) Ted Samson, *InfoWorld*, 16 Jan 2013 Facebook's new search engine serves up the kind of data that cyber scammers love http://www.infoworld.com/t/internet-privacy/facebook-graph-search-may-be-social-engineering-nightmare-211002 ------------------------------ Date: Tue, 15 Jan 2013 08:11:24 -0500 From: David Tarabar <dtarabar_at_private> Subject: Risks of inaccurate cellphone tracking info "If you lose your cellphone, don't blame Wayne Dobson" Due to a quirk in cellphone location tracking, a resident of North Las Vegas has repeatedly been visited by people who believe that he has their lost cellphones. More seriously, police responded to the same address in error - due to a cellphone 911 call reporting a domestic violence incident. http://www.lvrj.com/news/if-you-lose-your-cellphone-don-t-blame-wayne-dobson-186670171.html ------------------------------ Date: Mon, 21 Jan 2013 10:57:35 -0500 From: "David J. Farber" <farber_at_private> Subject: Ahmed Al-Khabaz expelled from Dawson College after finding security flaw http://news.nationalpost.com/2013/01/20/youth-expelled-from-montreal-college-after-finding-sloppy-coding-that-compromised-security-of-250000-students-personal-data/ A student has been expelled from Montreal's Dawson College after he discovered a flaw in the computer system used by most Quebec CEGEPs (General and Vocational Colleges), one which compromised the security of over 250,000 students' personal information. Ahmed Al-Khabaz, a 20-year-old computer science student at Dawson and a member of the school's software development club, was working on a mobile app to allow students easier access to their college account when he and a colleague discovered what he describes as `sloppy coding' in the widely used Omnivox software which would allow ``anyone with a basic knowledge of computers to gain access to the personal information of any student in the system, including social insurance number, home address and phone number, class schedule, basically all the information the college has on a student.'' ``I saw a flaw which left the personal information of thousands of students, including myself, vulnerable, I felt I had a moral duty to bring it to the attention of the college and help to fix it, which I did. I could have easily hidden my identity behind a proxy. I chose not to because I didn't think I was doing anything wrong.'' ``I felt I had a moral duty to bring it to the attention of the college.'' After an initial meeting with Director of Information Services and Technology Francois Paradis on 24 Oct 2012, where Mr. Paradis congratulated Mr. Al-Khabaz and colleague Ovidiu Mija for their work and promised that he and Skytech, the makers of Omnivox, would fix the problem immediately, things started to go downhill. Two days later, Mr. Al-Khabaz decided to run a software program called Acunetix, designed to test for vulnerabilities in websites, to ensure that the issues he and Mija had identified had been corrected. A few minutes later, the phone rang in the home he shares with his parents. ``It was Edouard Taza, the president of Skytech. He said that this was the second time they had seen me in their logs, and what I was doing was a cyber attack. I apologized, repeatedly, and explained that I was one of the people who discovered the vulnerability earlier that week and was just testing to make sure it was fixed. He told me that I could go to jail for six to twelve months for what I had just done and if I didn't agree to meet with him and sign a non-disclosure agreement he was going to call the RCMP and have me arrested. So I signed the agreement.'' ... ------------------------------ Date: Jan 21, 2013 11:30 AM From: "Suresh Ramasubramanian" <suresh_at_private> Subject: Re: Ahmed Al-Khabaz expelled from Dawson College after finding security flaw the rest of the article goes on to say - 1. Taza from Skytech denies he threatened Al Khabaz, and said that he'd told him that discovering vulns was fine, but pen-testing their systems uninvited to see whether the vulns were fixed or not wasn't legal. 2. The school seems to have separately decided to expel him, with 14 out of 15 professors voting to expel, though without giving him a hearing first. ------------------------------ Date: Monday, January 21, 2013 From: *Steve Crocker* Subject: Re: Ahmed Al-Khabaz expelled from Dawson College after finding security flaw The following stands out: Two days later, Mr. Al-Khabaz decided to run a software program called Acunetix, designed to test for vulnerabilities in websites, to ensure that the issues he and Mija had identified had been corrected. A few minutes later, the phone rang in the home he shares with his parents. When I was a program manager at (D)ARPA in the early 1970s, I ran tiger teams on the Arpanet and quickly discovered the importance of discipline in the process. It's one thing to find flaws, it's something else entirely to disclose them publicly, and it's further something else to run subsequent "tests" to determine whether the flaw has been fixed. The people who find the flaws often develop a sense of ownership and entitlement, and that's where trouble arises. A "20-year-old computer science student, and a member of the school's software development club" probably had no training or counseling regarding finding and reporting flaws. Having reported his findings to responsible parties, he fulfilled his moral obligations and he should have remained at arms' length from the system unless invited to do further work, but this might not have been evident to him. Conversely, the school's elders should have gone further than congratulating the student for his work. They should have realized the need to counsel the student that his role was now complete, that he needed to stay away from further action, and that the results might or might not be in accordance with his instincts. In this respect, the school's management might have been just as uneducated in these matters as the student. Perhaps there is more to this particular story than has been reported. Perhaps the student was informed he was not to do further testing. The larger point is it would be useful to have some readily available guidelines for appropriate behavior by both the person finding the flaw and the organization receiving the report. ------------------------------ Date: Tue, 15 Jan 2013 08:45:20 -0800 From: Gene Wirchenko <genew_at_private> Subject: "Red October relied on Java exploit to infect PCs" http://arstechnica.com/security/2013/01/massive-espionage-malware-relied-on-java-exploit-to-infect-pcs/ Red October relied on Java exploit to infect PCs Unearthed attack site reveals some inner workings of espionage malware. Dan Goodin, *Arstechnica*, 15 Jan 2013 opening paragraph: Attackers behind a massive espionage malware campaign that went undetected for five years relied in part on a vulnerability in the widely deployed Java software framework to ensnare their victims, a security researcher said. ------------------------------ Date: Tue, 22 Jan 2013 10:40:57 -0800 From: Gene Wirchenko <genew_at_private> Subject: "how Oracle installs deceptive software with Java updates" (Ed Bott) Ed Bott for The Ed Bott Report, 22 Jan 2013 A close look at how Oracle installs deceptive software with Java updates http://www.zdnet.com/a-close-look-at-how-oracle-installs-deceptive-software-with-java-updates-7000010038/ Summary: Oracle's Java plugin for browsers is a notoriously insecure product. Over the past 18 months, the company has released 11 updates, six of them containing critical security fixes. With each update, Java actively tries to install unwanted software. Here's what it does, and why it has to stop. ------------------------------ Date: Tue, 22 Jan 2013 12:56:57 -0800 From: Gene Wirchenko <genew_at_private> Subject: "Disabling Java in Internet Explorer: No easy task" (Woody Leonhard) Woody Leonhard, *InfoWorld*, 22 Jan 2013 Disabling Java in Internet Explorer: No easy task Firefox, Chome, and Safari let you. But short of a complex, CERT-documented process, there's no reliable way to disable Java in IE http://www.infoworld.com/t/web-browsers/disabling-java-in-internet-explorer-no-easy-task-211220 The Microsoft instructions kill about 20 Java CLSIDs. The CERT method kills almost 800 of them. That has to make you wonder -- at least, it makes me wonder -- whether there are other tricky methods for invoking Java in Internet Explorer, even after the CERT fixes have been applied. ------------------------------ Date: Sat, 12 Jan 2013 15:28:21 -0500 From: Monty Solomon <monty_at_private> Subject: Just How Dumb Is It For CBS To Block CNET From Giving Dish An Award? (Mike Masnick) Mike Masnick, *Techdirt*, 11 Jan 2013 As you may or may not recall, last year, pretty much all the TV networks sued Dish Networks over a new feature it had launched, PrimeTime Any Time (PTAT), with its Autohopper technology on its DVRs. PTAT is where it would automatically record all the major networks' prime time programming and hold onto it for a bit. Autohopper would then automatically skip over the commercials. It's important to recognize that these features, on their own, have been considered legal. VCRs had auto commercial skip ages ago and DVR technology (time shifting) has been called fair use plenty of times. Given that, the lawsuits aren't going well so far. But, in a moment of pure stupidity, some very short-sighted suits at CBS made a really silly decision. As you may or may not have heard, CES -- the massive consumer electronics show -- has been going on all this week in Las Vegas. I just got back from there myself. At the show, Dish announced another merging of some of its products, adding its Slingbox (who they bought years back) to the same basic setup. Slingbox, of course, is for "place shifting" what the DVR is for "time shifting." You hook it up to your TV and it lets you access what's playing on your TV via the Internet via your computer, phone or tablet). It's hardly surprising that this is where Dish was heading. ... http://www.techdirt.com/articles/20130111/00145421637/just-how-dumb-is-it-cbs-to-block-cnet-giving-dish-award.shtml ------------------------------ Date: Sat, 19 Jan 2013 13:17:02 -0500 From: Monty Solomon <monty_at_private> Subject: The 2013 Best of CES Awards: CNET's story (Lindsey Turrentine) , *CNET*, 14 Jan 2013 The true story of what happened before last week's Best of CES Awards unveiling http://news.cnet.com/8301-30677_3-57563877-244/the-2013-best-of-ces-awards-cnets-story/ A CNET Reporter Resigns Amid CBS-Dish Tussle January 14, 2013 http://blogs.wsj.com/digits/2013/01/14/a-cnet-reporter-resigns-amid-cbs-dish-tussle/ Dish Gives Itself The Award That CBS Stopped CNET From Giving http://consumerist.com/2013/01/18/dish-gives-itself-the-award-that-cbs-stopped-cnet-from-giving/ ------------------------------ Date: Sat, 12 Jan 2013 14:30:14 -0500 From: Dave Parnas <parnas_at_private> Subject: Re: EHRs may add to, not reduce, the cost of health care (Lesher, RISKS-27.13) Predictions of savings are usually based on two assumptions: 1) The new system is used instead (not in addition to) of the old one. 2) The records are shared so that tests and other exams do not have to be duplicated. In the cases that I have seen (a very limited set) at most one of these conditions have been met and often neither is met. Old systems are often incompatible with the new systems and may perform functions that the new ones do not do. Professor Emeritus, McMaster University, University of Limerick http://www.amadon.ca/Public/information.htm +1 613 2498038 parnas@private ------------------------------ Date: Thu, 10 Jan 2013 10:47:57 +0100 From: Lieven Desmet <Lieven.Desmet_at_private> Subject: Course announcement: SecAppDev 2013, 4-8 March, Leuven, Belgium We are pleased to announce SecAppDev Leuven 2013, an intensive one-week course in secure application development. The course is organized by secappdev.org, a non-profit organization that aims to broaden security awareness in the development community and advance secure software engineering practices. The course is a joint initiative with KU Leuven and Solvay Brussels School of Economics and Management. SecAppDev 2013 is the 9th edition of our widely acclaimed course, attended by an international audience from a broad range of industries including financial services, telecom, consumer electronics and media and taught by leading software security experts including + Prof. dr. ir. Bart Preneel who heads COSIC, the renowned crypto lab. + Ken van Wyk, co-founder of the CERT Coordination Center and widely acclaimed author and lecturer. + Dr. Steven Murdoch of the University of Cambridge Computer Laboratory's security group, well known for his research in anonymity and banking system security. + Jim Manico, an OWASP board member. + John Steven, a sought-after architect for high-performance, scalable JEE systems. When we ran our first annual course in 2005, emphasis was on awareness and security basics, but as the field matured and a thriving security training market developed, we felt it was not appropriate to compete as a non-profit organization. Our focus has hence shifted to providing a platform for leading-edge and experimental material from thought leaders in academia and industry. We look toward academics to provide research results that are ready to break into the mainstream and attract people with an industrial background to try out new content and formats. The course takes place from March 4th to 8th in the Faculty Club, Leuven, Belgium. For more information visit the web site: http://secappdev.org. Places are limited, so do not delay registering to avoid disappointment. Registration is on a first-come, first-served basis. A 25% discount is available for Early Bird registration until January 15th. Alumni, public servants and independents receive a 50% discount. I hope that we will be able to welcome you or your colleagues to our course. Lieven Desmet http://secappdev.org Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 27.14 ************************Received on Tue Jan 22 2013 - 16:00:33 PST
This archive was generated by hypermail 2.2.0 : Tue Jan 22 2013 - 16:58:21 PST