RISKS Forum mailing list archives
Risks Digest 27.35
From: RISKS List Owner <risko () csl sri com>
Date: Tue, 18 Jun 2013 14:11:06 PDT
RISKS-LIST: Risks-Forum Digest Tuesday 18 June 2013 Volume 27 : Issue 35 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.35.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Metacharacters bite again (Jeremy Epstein) Online ballot fraud in Miami (Marc Caputo and Patricia Mazzei) Accidental bank transfer (Gunnar Peterson via Jeremy Epstein) FDA issues draft guidance on cybersecurity for medical devices (Kevin Fu) Static electricity in clothes ignites carpet (Martyn Thomas) Found a home via wifi (jidanni) Attacks coming from Amazon Web services (Geoff Kuenning) An Innovative Inno/Vention (Gabe Goldberg) Hard to get that much out of the ATM (Paul Robinson) NSA et al.: it started well before "1984"... (Peter Houppermans) Richard Clarke: Why you should worry about the NSA (Richard Forno) Ray Ozzie on Spying (David Farber) More Intrusive Than Eavesdropping? NSA Collection of Metadata ... Personal Info ... (Dewayne Hendricks via Dave Farber) Outsourced: How the FBI and CIA Use Private Contractors to Monitor (Stephen Benavides) Government Secrets and the Need for Whistleblowers (Bruce Schneier) T-Mobile, Verizon Wireless not under U.S. data watch: foreign ties (Lauren Weinstein) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 12 Jun 2013 19:35:45 -0400 From: Jeremy Epstein <jeremy.j.epstein () gmail com> Subject: Metacharacters bite again NSF's review system has a method for program officers to redact text from reviews prior to their release to the person who submitted the proposal (*). I discovered today that it can accidentally get triggered - if the characters <<% are in the review, the following text is redacted. Of course the reviewer who submits a review with these characters doesn't get a warning, which isn't documented. The program officer indirectly gets a warning, in the fact that the text in the review is cut off, but can't tell the system "no, this really isn't a redaction". Of course any form of special sequences is potentially problematical, and the number of errors caused by lack of escaping such sequences is probably uncountably infinite. And yes, I discovered this because a reviewer used that string, and I didn't notice the excised text because I had read the review through a different interface that doesn't excise it. (*) If you're not familiar with the NSF process, consider this to be equivalent to a program chair releasing anonymized reviews written by program committee members to the authors of a paper. [Excise tacks on more problems? PGN] ------------------------------ Date: Sun, 16 Jun 2013 14:18:41 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Online ballot fraud in Miami (Marc Caputo and Patricia Mazzei) Marc Caputo and Patricia Mazzei (mcaputo () miamiherald com) http://www.miamiherald.com/2013/06/15/3453770/online-ballot-fraud-marks-the.html The election scandal dogging Congressman Joe Garcia's campaign and two state House races makes it clear: Computer techies are supplementing old-school, block-walking ballot-brokers known as boleteras. Over just a few days last July, at least two groups of schemers used computers traced to Miami, India and the United Kingdom to fraudulently request the ballots of 2,046 Miami-Dade voters. Garcia said he knew nothing of the plot that recently implicated three former campaign workers, two employed in his congressional office. Investigators, meanwhile, have hit a dead end with a larger fraud involving two state House races. A third incident cropped up Thursday in Miami=E2=80=99s mayoral race, but the case appears unrelated to last year=E2=80=99s fraud when two groups appeared to act separately from each other. They employed different tactics to target different types of voters, a University of Florida/Miami Herald analysis of election data indicates. The ultimate goal was the same: get mail-in ballots into the hands of voters, a job that many boleterasonce handled on the streets of Miami-Dade. Now, it's electronic. [...] ------------------------------ Date: Tue, 11 Jun 2013 14:14:11 -0400 From: Jeremy Epstein <jeremy.j.epstein () gmail com> Subject: Accidental bank transfer (noted by Gunnar Peterson) "A German bank employee accidentally transferred 222,222,222.222 euros ($295 million) from a customer's account when he fell asleep at his computer." http://finance.yahoo.com/news/asleep-job-bankers-million-dollar-114949290.html [ZZZZZZZZZZZZ? PGN] ------------------------------ Date: Thu, 13 Jun 2013 23:28:03 -0400 From: Kevin Fu <kevinfu () umich edu> Subject: FDA issues draft guidance on cybersecurity for medical devices FDA has issued a draft guidance document on cybersecurity for medical devices and hospital networks after several years of growing concern, punctuated by a recent discovery of 300 hard coded passwords across more than 50 medical device manufacturers. In other words, manufacturers have been warned to improve the trustworthiness of medical device software. The normally staid agency is unusually blunt in its recommendations and assessment. Public comment is accepted for 90 days. http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm356423.htm http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM356190.pdf Further details appear on: http://blog.secure-medicine.org/2013/06/fda-publishes-draft-guidance-on-medical.html Kevin Fu, Associate Professor, EECS Department, The University of Michigan kevinfu () umich edu, http://spqr.eecs.umich.edu/, 616-594-0385 ------------------------------ Date: Sun, 16 Jun 2013 15:29:13 +0100 From: Martyn Thomas <martyn () thomas-associates co uk> Subject: Static electricity in clothes ignites carpet I have never seen this on a risk register ... It sounds incredible. Could it be true? Martyn An Australian man built up so much static electricity in his clothes as he walked that he burned carpets, melted plastic and sparked a mass evacuation. Frank Clewer, of the western Victorian city of Warrnambool, was wearing a synthetic nylon jacket and a woolen shirt when he went for a job interview. As he walked into the building, the carpet ignited from the 40,000 volts of static electricity that had built up.... ... ... http://news.bbc.co.uk/1/hi/4252692.stm ------------------------------ Date: Sat, 15 Jun 2013 05:55:07 +0800 From: jidanni () jidanni org Subject: Found a home via wifi One Amazing Thing I've Seen or Done http://www.couchsurfing.org/people/emiliemiao/ says I am always terrible with directions. there was this one time when I went to visit my friend in another city. I got lost the moment I got off the taxi. my friend tried her best to guide me via phone yet failed. but I finally found her apartment building all by myself when wandering in that big community, cos my phone got connected to her wifi when approaching that building! ------------------------------ Date: Mon, 17 Jun 2013 00:52:13 -0700 From: Geoff Kuenning <geoff () cs hmc edu> Subject: Attacks coming from Amazon Web services This is interesting: One of my machines got a probe last week, looking for a vulnerable PHP script. Here's the relevant log line:
50.16.166.199 - - [12/Jun/2013:01:11:13 -0700] "HEAD /wp-login.php HTTP/1.1" 404 - "-" "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
It's not very interesting that they're masquerading as the googlebot, as if Google would ever use HEAD requests. What *is* interesting is the IP address: % host 50.16.166.199 199.166.16.50.in-addr.arpa domain name pointer ec2-50-16-166-199.compute-1.amazonaws.com. So the bad guys are either cracking Amazon Web Services virtual machines, or renting them. Probably the former... Geoff Kuenning geoff () cs hmc edu http://www.cs.hmc.edu/~geoff/ ------------------------------ Date: Wed, 12 Jun 2013 23:50:24 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: An Innovative Inno/Vention Josh Soussan is the team leader on a project called Aegis, which would allow handguns to be disabled by radio transmitter when brought into a school or other such environment. "[Aegis] will not alter the weapon's functionality at all, unless the firearm is within range of [a] signal emitter," he explained. "With the recent massacre in Newton, Connecticut, we believe that this is the next crucial step in providing a safe environment for children in schools." http://cable.poly.edu/issue/spring-2013/news/campus-buzz/innovative-innovention Pervasive disabling of firearms via radio signal -- what could possibly go wrong with this? Gabriel Goldberg, Computers and Publishing, Inc., 3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433 http://www.linkedin.com/in/gabegold ------------------------------ Date: Thu, 13 Jun 2013 05:24:28 -0700 (PDT) From: Paul Robinson <paul () paul-robinson us> Subject: Hard to get that much out of the ATM A woman is $300,000,000 in debt to her bank and neither she nor the bank knows why. ABC News reported that Suntrust decided to debit $100,000,000 from a woman's checking account, then while that was being investigated, they deducted another $100,000,000 from her savings account, then apparently feeling they hadn't taken enough out (to cover additional overdrafts, I guess), deducted a second US$100 million out of her checking account. Suntrust announced they are investigating and have no idea why it happened. The woman says that she would have known if she had spent 300 million dollars. Yeah, I do believe that the woman would have known if she had. Then again, electric bills can be high, maybe the electric company had to auto-deduct a large power bill. (Some utilities you would normally just pay anyway like electric companies, have it set up where you can approve them to make a monthly deduction for the charge each month; they mail you a bill and issue a draft for the amount due, so your bill is automatically paid.) This is also common for some mortgage companies. She probably forgot she had a bill for last month's mortgage on, oh, I guess the entire state of Rhode Island... Maybe she's wrong and she just forgot she withdrew it. Let's see, the average cash machine has about $20,000 - 50,000 in it, loaded in canisters, so the woman would have had to visit - and drain - 3,000 ATM machines, but since the average bank limits you to $500 a day she'd have to do it a little at a time. Let's be generous and say the limit is $3000 a day instead, to make it easier. It would have required she take $3,000 out every day for just shy of 274 years (273.93 years). Gee, she has been busy. That is, she, her mother, her grandmother, her great grandmother, her great-great... The Lessons of history teach us - if they teach us anything - that no one learns the lessons that history teaches us. [Indeed, a motto for RISKS. PGN] ------------------------------ Date: Wed, 12 Jun 2013 23:38:02 +0200 From: Peter Houppermans <ph () privacyclub ch> Subject: NSA et al.: it started well before "1984"... Ubiquitous surveillance and its nefarious impact on those so observed was not originally Orwell's idea. The inspiration for the "1984" novel came from a prison concept developed by the English philosopher and social theorist Jeremy Bentham in the late 18th century called Panoptikon - allow me to refer you to Wikipedia (https://en.wikipedia.org/wiki/Panopticon) for more detail. The reason I'm pointing this out is that it establishes an IMHO fundamentally clearer purpose: said surveillance model was developed to establish mental control over inmates, in other words, people already in prison. Keep this in mind when you are encouraged to agree with any government intercept program. Peter Houppermans, The Privacy Club, privacy advisers, Switzerland ------------------------------ Date: June 12, 2013 2:01:44 PM EDT From: Richard Forno <rforno () infowarrior org> Subject: Richard Clarke: Why you should worry about the NSA The just-revealed surveillance stretches the law to its breaking point and opens the door to future potential abuses Richard A. Clarke, *New York Daily News*, 12 Jun 2013 (Clarke is a former counterterrorism adviser to Presidents George H.W. Bush, Bill Clinton and George W. Bush.) http://www.nydailynews.com/opinion/worry-nsa-article-1.1369705 None of us want another terrorist attack in the United States. Equally, most of us have nothing to hide from the federal government, which already has so many ways of knowing about us. And we know that the just-revealed National Security Agency program does not actually listen to our calls; it uses the phone numbers, frequency, length and times of the calls for data-mining. So, why is it that many Americans, including me, are so upset with the Obama administration gathering up telephone records? My concerns are twofold. First, the law under which President George W. Bush and now President Obama have acted was not intended to give the government records of all telephone calls. If that had been the intent, the law would have said that. It didn't. Rather, the law envisioned the administration coming to a special court on a case-by-case basis to explain why it needed to have specific records. I am troubled by the precedent of stretching a law on domestic surveillance almost to the breaking point. On issues so fundamental to our civil liberties, elected leaders should not be so needlessly secretive. The argument that this sweeping search must be kept secret from the terrorists is laughable. Terrorists already assume this sort of thing is being done. Only law-abiding American citizens were blissfully ignorant of what their government was doing. Secondly, we should worry about this program because government agencies, particularly the Federal Bureau of Investigation, have a well-established track record of overreaching, exceeding their authority and abusing the law. The FBI has used provisions of the Patriot Act, intended to combat terrorism, for purposes that greatly exceed congressional intent. Even if you trust Obama, should we have programs and interpretations of law that others could abuse now without his knowing it or later in another administration? Obama thought we needed to set up rules about drones because of what the next President might do. Why does he not see the threat from this telephone program? The answer is that he inherited this vacuum cleaner approach to telephone records from Bush. When Obama was briefed on it, there was no forceful and persuasive advocate for changing it. His chief adviser on these things at the time was John Brennan, a life-long CIA officer. Obama must have been told that the government needed everyone's phone logs in the NSA's computers for several reasons. The bureaucrats surely argued that it was easier to run the big data search and correlation program on one database. They said there was no law that could compel the telephone companies to store the records on their own servers. If the telephone companies did so, government and company lawyers then certainly said, they would become legally `an agent' of the government and could be sued by customers for violating the terms of their service agreements. Finally, Obama was certainly told, if the NSA and the FBI had to query telephone company servers, then the phone companies would know whom the government was watching, a violation of need-to-know secrecy traditions. If there had been a vocal and well-informed civil liberties advocate at the table, Obama might have been told that all those objections were either specious or easily addressed. Law already requires Internet service providers to store emails for years so that the government can look at them. An amendment to existing law could have extended that provision to telephone logs and given the companies a `safe harbor' provision so they would not be open to suits. The telephone companies could have been paid to maintain the records. If the government wanted a particular set of records, it could tell the Foreign Intelligence Surveillance Court why -- and then be granted permission to access those records directly from specially maintained company servers. The telephone companies would not have to know what data were being accessed. There are no technical disadvantages to doing it that way, although it might be more expensive. Would we, as a nation, be willing to pay a little more for a program designed this way, to avoid a situation in which the government keeps on its own computers a record of every time anyone picks up a telephone? That is a question that should have been openly asked and answered in Congress. The vocal advocate of civil liberties was absent because neither Bush nor Obama had appointed one, despite the recommendation of the 9/11 Commission and a law passed by Congress. Only five years into his administration is our supposedly civil liberties-loving President getting around to activating a long-dormant Privacy and Civil Liberties Oversight Board. It will have a lot of work to do. Richard Clarke is a former counterterrorism adviser to Presidents George H.W. Bush, Bill Clinton and George W. Bush. ------------------------------ Date: Wed, 12 Jun 2013 16:34:53 -0400 From: David Farber <farber () gmail com> Subject: Ray Ozzie on Spying Ray Ozzie on NSA spying: We got what we asked for. Now it's time to wake up. The Boston Globe, 7 Jun 213 http://www.boston.com/business/innovation/blogs/inside-the-hive/2013/06/07/ray-ozzie-nsa-spying-got-what-asked-for-now-time-wake/42AqxBSvgu0X3xXGIx7WFK/blog.html Ray Ozzie, the creator of Lotus Notes and Microsoft's former software head, joined the chorus of technical leaders pushing back on the government's far-reaching surveillance program. ``I hope that people wake up, truly wake up, to what's happening to society, from both a big brother perspective and little brother perspective,'' he said during the Nantucket Conference. He said that, after Sept. 11, the pendulum had swung too far towards government surveillance and data gathering =93We got what we asked for, and now it's time to pull it back,=94 Ozzie said, referencing the near-unanimous passage of the PATRIOT Act, noting the danger that broad data gathering operations present. =93Imagine if you had an administration targeting journalists or groups of people based on political leanings.=94 The current administration, of course, is facing allegations that it did just that, with the Department of Justice secretly obtaining Associated Press phone records and investigating a Fox News reporter's personal emails while the IRS is facing allegations it focused audits on politically conservative groups. Ozzie has been an advocate of strengthened online privacy and serves on the board of the Electronic Privacy Information Center, a group that has been instrumental in bringing to light much of the government's surveillance. He also said that current protections are simply inadequate and outdated. =93The privacy act that we're operating under right now was written in 1974,=94 he noted. =93What's happened since 1974?=94 For example, he was critical of third-party doctrine, which holds that information given to a third-party =97 such as a phone company, an email host, or social network like Facebook or Twitter =97 essentially waives Fourth Amendment protections =93against unreasonable searches and seizures.=94 Given how much information is stored digitally, that means a much wider array of information is now available without probable cause. =93It's really dangerous,=94 Ozzie said. =93I hope that what's happened in the past few days gets people riled up. This is a non-partisan issue. I hope people wake up a little bit more and don't just build apps and say, I'm going to sell private information for ads.=94 ------------------------------ Date: Jun 12, 2013 5:31 PM From: "Dewayne Hendricks" <dewayne () warpspeed com> Subject: More Intrusive Than Eavesdropping? NSA Collection of Metadata Hands Gov't Sweeping Personal Info (via Dave Farber) http://www.democracynow.org/2013/6/12/more_intrusive_than_eavesdropping_nsa_collection As the American Civil Liberties Union sues the Obama administration over its secret NSA phone spying program, we look at how the government could use phone records to determine your friends, medical problems, business transactions and the places you've visited. While President Obama insists that nobody is listening to your telephone calls, cybersecurity expert Susan Landau says the metadata being collected by the government may be far more revealing than the content of the actual phone calls. A mathematician and former Sun Microsystems engineer, Landau is the author of the book "Surveillance or Security?: The Risks Posed by New Wiretapping Technologies." Dewayne-Net RSS Feed: <http://www.warpspeed.com/wordpress> ------------------------------ Date: Thu, 13 Jun 2013 17:36:19 -0400 (EDT) From: Stephen Benavides <messenger () truthout org> Subject: Outsourced: How the FBI and CIA Use Private Contractors to Monitor Social Media Stephen Benavides, Truthout Right now, companies like Palantir Technologies Inc, Booze Allen Hamilton and i2 are mining your Facebook and Twitter data to discern whether you're a terrorist, have ties to terrorists or maybe just have the potential to someday become one. http://truth-out.org/news/item/16943-outsourced-intelligence-how-the-fbi-and-cia-use-private-contractors-to-monitor-social-media ------------------------------ Date: Sat, 15 Jun 2013 01:14:45 -0500 From: Bruce Schneier <schneier () SCHNEIER COM> Subject: Government Secrets and the Need for Whistleblowers [Bruce's latest issue is full of commentary on this and related subjects. I've excerpted just the beginning for RISKS. Copyrighted but Intentionally Distributable. PGN] Bruce Schneier, Chief Security Technology Officer, BT [From CRYPTO-GRAM, 15 Jun 2013 [free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. You can subscribe, unsubscribe, or change your address on the Web at <http://www.schneier.com/crypto-gram.html>. Back issues are also available at that URL.] Recently, we learned that the NSA received all calling records from Verizon customers for a three-month period starting in April. That's everything except the voice content: who called who, where they were, how long the call lasted -- for millions of people, both Americans and foreigners. This "metadata" allows the government to track the movements of everyone during that period, and a build a detailed picture of who talks to whom. It's exactly the same data the Justice Department collected about AP journalists. The "Guardian" delivered this revelation after receiving a copy of a secret memo about this -- presumably from a whistleblower. We don't know if the other phone companies handed data to the NSA too. We don't know if this was a one-off demand or a continuously renewed demand; the order started a few days after the Boston bombers were captured by police. We don't know a lot about how the government spies on us, but we know some things. We know the FBI has issued tens of thousands of ultra-secret National Security Letters to collect all sorts of data on people -- we believe on millions of people -- and has been abusing them to spy on cloud-computer users. We know it can collect a wide array of personal data from the Internet without a warrant. We also know that the FBI has been intercepting cell-phone data, all but voice content, for the past 20 years without a warrant, and can use the microphone on some powered-off cell phones as a room bug -- presumably only with a warrant. We know that the NSA has many domestic-surveillance and data-mining programs with codenames like Trailblazer, Stellar Wind, and Ragtime -- deliberately using different codenames for similar programs to stymie oversight and conceal what's really going on. We know that the NSA is building an enormous computer facility in Utah to store all this data, as well as faster computer networks to process it all. We know the U.S. Cyber Command employs 4,000 people. We know that the DHS is also collecting a massive amount of data on people, and that local police departments are running "fusion centers" to collect and analyze this data, and covering up its failures. This is all part of the militarization of the police. Remember in 2003, when Congress defunded the decidedly creepy Total Information Awareness program? It didn't die; it just changed names and split into many smaller programs. We know that corporations are doing an enormous amount of spying on behalf of the government: all parts. We know all of this not because the government is honest and forthcoming, but mostly through three backchannels -- inadvertent hints or outright admissions by government officials in hearings and court cases, information gleaned from government documents received under FOIA, and government whistleblowers. There's much more we don't know, and often what we know is obsolete. We know quite a bit about the NSA's ECHELON program from a 2000 European investigation, and about the DHS's plans for Total Information Awareness from 2002, but much less about how these programs have evolved. We can make inferences about the NSA's Utah facility based on the theoretical amount of data from various sources, the cost of computation, and the power requirements from the facility, but those are rough guesses at best. For a lot of this, we're completely in the dark. And that's wrong. The U.S. government is on a secrecy binge. It overclassifies more information than ever. And we learn, again and again, that our government regularly classifies things not because they need to be secret, but because their release would be embarrassing. Knowing how the government spies on us is important. Not only because so much of it is illegal -- or, to be as charitable as possible, based on novel interpretations of the law -- but because we have a right to know. Democracy requires an informed citizenry in order to function properly, and transparency and accountability are essential parts of that. That means knowing what our government is doing to us, in our name. That means knowing that the government is operating within the constraints of the law. Otherwise, we're living in a police state. We need whistleblowers. [For lots more, go back to the source. PGN] ------------------------------ Date: Thu, 13 Jun 2013 20:41:37 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: T-Mobile, Verizon Wireless not under U.S. data watch: foreign ties "Telecom providers T-Mobile US Inc and Verizon Wireless do not directly contribute to the controversial U.S. surveillance program, partly due to their overseas ownership ties, the Wall Street Journal reported Thursday, citing people familiar with the matter." http://j.mp/197iNgi (Reuters) ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 27.35 ************************
Current thread:
- Risks Digest 27.35 RISKS List Owner (Jun 18)