RISKS Forum mailing list archives
Risks Digest 27.61
From: RISKS List Owner <risko () csl sri com>
Date: Tue, 19 Nov 2013 14:56:33 PST
RISKS-LIST: Risks-Forum Digest Tuesday 19 November 2013 Volume 27 : Issue 61 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.61.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: GIGO cholesterol, but is it a bug or specifications failure? (Jeremy Epstein) Voter ID laws and voter suppression (Richard L. Hasen) Vendors Liable under No Surreptitious Code Warranties? (Henry Baker) Fined For Posting A Negative Review Online (Lauren Weinstein) Riders double-charged after transit card rollout (Kurt Sheffer) Technological Due Process (Danielle Keats Citron via Robert Schaefer) UK conservatives attempting to erase their Internet history (Lauren Weinstein) NSA Admits That Edward Snowden Stole Up to 200,000 Documents (David Farber) Hack of MacRumors forums exposes password data for 860,000 users (Dan Goodin via Monty Solomon) "Facebook forces some users to reset passwords because of Adobe data breach" (Lucian Constantin via Gene Wirchenko) Apple takes strong privacy stance in new report, publishes rare 'warrant canary' (Cyrus Farivar via Dewayne Hendricks) EFF Files 22 Firsthand Accounts of How NSA Surveillance Chilled the Right to Association (David Farber) LexisNexis helping police stake out social media (Lauren Weinstein) FBI deems PhD thesis a national security concern (Richard Forno) LG Smart TV logging everything to a website (Eli the Bearded) Hoping to avert "collision" with disaster, Microsoft retires SHA1 (Monty Solomon) "Adobe patches critical vulnerabilities in Flash Player, ColdFusion" (Lucian Constantin via Gene Wirchenko) "'Blurry fonts' bug KB 2670838 persists with IE11 and Windows 7" (Woody Leonhard via Gene Wirchenko) Re: An App That Saved 10,000 Lives (Geoff Kuenning) Clifford Nass: Obituary (Chris Drewe) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 18 Nov 2013 11:34:20 -0500 From: Jeremy Epstein <jeremy.j.epstein () gmail com> Subject: GIGO cholesterol, but is it a bug or specifications failure? A newly released risk calculator for figuring out heart disease risk based on cholesterol levels is flawed, and is giving inaccurate results. But the article is unclear whether the specifications for the calculation are wrong, or whether the calculation was implemented incorrectly. As always, if you have a bad specification, of course the results will be wrong. But even if the specification is right, the computation could be wrong. In either case, the result could be putting people on medications that are inappropriate given their risks and have side effects (not to mention the costs of the medications). http://www.nytimes.com/2013/11/18/health/risk-calculator-for-cholesterol-appears-flawed.html [Computer-related? Sure. Bug? Spec error? The old LDL number is calculated, not the result of any testing. And the new "standards" appear to be deeply flawed, still unable to discriminate between harmful small LDL and constructive large LDL, and ignoring the fundamental differences, as well as overendowing statins despite their well-known history of liver damage and other "features" that seem to be relegated to "inconsequential". PGN] ------------------------------ Date: Sat, 16 Nov 2013 10:07:22 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: Voter ID laws and voter suppression (Richard L. Hasen) Richard L. Hasen, Voter Suppression's New Pretext, OpEd, *The New York Times* http://www.nytimes.com/2013/11/16/opinion/voter-suppressions-new-pretext.html?ref=3Dopinion&pagewanted=3Dprint ------------------------------ Date: Sat, 16 Nov 2013 14:20:03 -0800 From: Henry Baker <hbaker1 () pipeline com> Subject: Vendors Liable under No Surreptitious Code Warranties? The following language (or very similar language) appears in a large number of contracts for software and systems procured in the U.S. There appears to be _no exception_ for NSA backdoors. I'm no lawyer, but perhaps every software & system vendor is liable under these warranties -- e.g., for deliberately weakened encryption, Microsoft-installed backdoors (WMF), bugged/compromised routers (D-Link) & name-servers, etc. The potential liabilities could be in the trillions of dollars if any NSA-inspired backdoor were to be utilized for accessing financial information. "No Surreptitious Code Warranty "The Contractor represents and warrants that no copy of licensed Software provided to the [customer] contains or will contain in any Self-Help Code or any Unauthorized Code as defined below. This warranty is referred to in this Contract as the "No Surreptitious Code Warranty." "As used in this Contract, "Self-Help Code" means any back door, time bomb, drop dead device, or other software routine designed to disable a computer program automatically with the passage of time or under the positive control of a person other than the licensee of the software. Self-Help Code does not include Software routines in a computer program, if any, designed to permit an owner of the computer program (or other person acting by authority of the owner) to obtain access to a licensee's computer system(s) (e.g. remote access via modem) for purposes of maintenance or technical support. "As used in this Contract, "Unauthorized Code" means any virus, Trojan horse, spyware, worm or other Software routines or components designed to permit unauthorized access to disable, erase, or otherwise harm software, equipment, or data; or to perform any other such actions. The term Unauthorized Code does not include Self-Help Code. "In addition, Contractor will use up-to-date commercial virus detection software to detect and remove any viruses from any software prior to delivering it to the [customer]. "The Vendor shall defend [customer] against any claim, and indemnify the [customer] against any loss or expense arising out of any breach of the No Surreptitious Code Warranty." ------------------------------ Date: Fri, 15 Nov 2013 16:11:15 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Fined For Posting A Negative Review Online Wanting an explanation, Jen says she tried to call the company but could never reach anyone. So frustrated, she turned to the Internet writing a negative review on ripoffreport.com. "There is absolutely no way to get in touch with a physical human being," it says. And it accuses kleargear.com of having "horrible customer service practices." That was the end of it, Jen thought, until three years later when Jen's husband got an email from Kleargear.com demanding the post be removed or they would be fined. Kleargear.com says Jen violated a non-disparagement clause. It turns out that, hidden within the terms of sale on Kleargear.com there is a clause that reads: "In an effort to ensure fair and honest public feedback, and to prevent the publishing of libelous content in any form, your acceptance of this sales contract prohibits you from taking any action that negatively impacts kleargear.com, its reputation, products, services, management or employees." The clause goes on to say if a consumer violates the contract they will have 72 hours to remove your post or face a $3500 fine. If that fine is not paid, the delinquency will be reported to the nation's credit bureaus. "This is fraud," Jen said. "They're blackmailing us for telling the truth." http://j.mp/17Ynay4 (KTVU via NNSquad) ------------------------------ Date: Mon, 18 Nov 2013 21:03:20 -0600 From: Kurt Sheffer <ksheffer () acm org> Subject: Riders double-charged after transit card rollout One problem among many with the rollout of the Chicago Transit Agency's new Ventra system: Riders who kept their Ventra card in their wallet along with another contactless payment card were double-charged: http://www.chicagonow.com/arkielad/2013/09/chicago_ventra_card/ Other problems included riders being charged a second time upon exiting a bus: http://articles.chicagotribune.com/2013-11-06/news/ct-met-ventra-bus-door-exit-20131107_1_ventra-reader-ventra-card-ventra-contractor And, 15,000 free rides due to a system outage: http://articles.chicagotribune.com/2013-11-14/news/chi-ventra-outage-hits-60-cta-stations-results-in-15000-20131113_1_ventra-readers-card-readers-free-rides ------------------------------ Date: Tue, 19 Nov 2013 08:26:49 -0500 From: Robert Schaefer <rps () haystack mit edu> Subject: Technological Due Process (Danielle Keats Citron) Despite the exceedingly dry abstract, the 2007 legal studies research, "Technological Due Process" by Danielle Keats Citron is truly illuminating on the consequences of computer automation on law. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1012360 The risks that come from software automation have entered the judicial and executive policy making domain and in turn affect all of us. Automated legal policy software is as invisible to us as software in auto manufacturer's electronic control modules, but has greater consequence, having the rule of law itself. The software programmer now has to power to make legal policy because the lawmakers are unable to, or choose not to, review the code after the decision is make to automate the policy. Where does one go because a computer program denies you your request for say, food stamps, or denies you the right to get on an airplane because of the spelling of your name? Numerous examples of programmers inadvertently making policy through automated legal systems are provided. A selected quote from the text," The rulemaking power that programmers inadvertently wield thus defies the democratic origins and purposes of delegation." Citron's legal paper reminds me of the "in joke" of corporate department decision-making that for any meetin the secretary who takes the minutes wields the greatest power. Lessig's "Code is Law", indeed. robert schaefer, Atmospheric Sciences Group, MIT Haystack Observatory Westford, MA 01886 781-981-5767 http://www.haystack.mit.edu ------------------------------ Date: Wed, 13 Nov 2013 12:51:57 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: UK conservatives attempting to erase their Internet history "The Conservative Party has attempted to erase a 10-year backlog of speeches from the Internet, including pledges for a new kind of transparent politics the prime minister and chancellor made when they were campaigning for election. Prime minister David Cameron and chancellor George Osborne campaigned on a promise to democratise information held by those in power, so people could hold them to account. They wanted to use the Internet transform politics. But the Conservative Party has removed the archive from its public facing website, erasing records of speeches and press releases going back to the year 2000 and up until it was elected in May 2010. It also struck the record of their past speeches off Internet engines including Google, which had been a role model for Cameron and Osborne's "open source politics". And it erased the official record of their speeches from the Internet Archive, the public record of the net -- with an effect as alarming as sending Men in Black to strip history books from a public library and burn them in the car park." http://j.mp/1bpaKum (*Computer Weekly* via NNSquad) PGN asked out of band:
... and how widely is all this stuff mirrored elsewhere?
LW replied: It's going to be around, certainly, but perhaps not as widely as one might suppose, and perhaps from less authoritative sources -- and if they succeed in pulling the major search engine links, then it becomes harder to find in any case, of course. ------------------------------ Date: Thu, 14 Nov 2013 18:18:29 -0500 From: David Farber <farber () gmail com> Subject: NSA Admits That Edward Snowden Stole Up to 200,000 Documents [via Dave's IP distribution] http://gizmodo.com/nsa-admits-that-edward-snowden-stole-up-to-200-000-docu-1464703198 It's been nearly half a year since the first revelations from Edward Snowden's leak made it into the press, but until now, we've been in the dark about exactly how big that leak was. Well, ladies and gentlemen, NSA Director General Keith Alexander is finally shining a light in that direction. On Halloween of all days, Alexander told a private gathering of foreign affairs experts that Snowden didn't leak hundreds of documents and he didn't leak thousands of documents. He potentially leaked hundreds of thousands of documents. "I wish there was a way to prevent it," said the soon-to-retire NSA chief. "Snowden has shared somewhere between 50 (thousand) and 200,000 documents with reporters. These will continue to come out." By these, Alexander means reports, revelations, scoops -- whatever you want to call the earthshaking stories that Snowden's documents so far have spawned. It's tough to tell how many have already been put into play, but the idea that there are almost 200,000 of them still out there suggests that a number of bombshells are still to land. Evidently, U.S. officials have known the scale of the leak for months now -- which might explain why they've been so eager to bring Snowden in. [Reuters] ------------------------------ Date: Wed, 13 Nov 2013 09:04:22 -0500 From: Monty Solomon <monty () roscom com> Subject: Hack of MacRumors forums exposes password data for 860,000 users (Dan Goodin) Dan Goodin, Ars Technica, 12 Nov 2013 Assume your password is known, site's top brass tells account holders. MacRumors user forums have been breached by hackers who may have acquired cryptographically protected passwords belonging to all 860,000 users, one of the top editors of the news website ... http://arstechnica.com/security/2013/11/hack-of-macrumors-forums-exposes-password-data-for-860000-users/ http://www.macrumors.com/2013/11/12/macrumors-forums-security-leak/ ------------------------------ Date: Fri, 15 Nov 2013 13:40:13 -0800 From: Gene Wirchenko <genew () telus net> Subject: "Facebook forces some users to reset passwords because of Adobe data breach" (Lucian Constantin) Lucian Constantin | InfoWorld, 12 Nov 2013 Users whose Adobe online log-in credentials were exposed and used the same passwords on Facebook will need to change them http://www.infoworld.com/d/security/facebook-forces-some-users-reset-passwords-because-of-adobe-data-breach-230677 ------------------------------ Date: November 6, 2013 at 6:33:54 AM EST From: Dewayne Hendricks <dewayne () warpspeed com> Subject: Apple takes strong privacy stance in new report, publishes rare 'warrant canary' (Cyrus Farivar) [Via Dave Farber's IP. Dave comments: ``An interesting approach.''] Cyrus Farivar, Ars Technica, 5 Nov 2013 Apple has never received an order under Section 215 of the USA Patriot Act." http://arstechnica.com/tech-policy/2013/11/apple-takes-strong-privacy-stance-in-new-report-publishes-rare-warrant-canary/> Apple has become one of the first big-name tech companies to use a novel legal tactic to indicate whether the government has requested user information in conjunction with a gag order. Known as a =93warrant canary,=94 this language is encapsulated on Apple=92s fifth page of its new transparency report (PDF), which was published on Tuesday. =93Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge an order if served on us,=94 the company wrote, referring to the provision of federal law that compels businesses to hand over business records to American authorities, often under gag order. Interestingly, Apple did not mention Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments Act, which compels companies to share data on foreigners and provides the legal basis for the National Security Agency's PRISM program. Warrant canaries work like this: a company publishes a notice saying that a warrant has not been served as of a particular date. Should that notice be taken down, users are to surmise that the company has indeed been served with one. The theory is that while a court can compel someone to not speak (a gag order), it cannot compel someone to lie. The only problem is that warrant canaries have yet to be fully tested in court. "If it's really committed to challenging the gag order, it has a ton of resources to apply, and they're a good bet," Neil Richards, a law professor at Washington University in St. Louis, wrote to Ars on Twitter. "Challenging the 215 gag is as much [a function] of resources and commitment as it is a tidy legal [question]. If they succeed, I'll buy a Mac!" The rest of the report argues that Apple is very privacy minded in terms of product design and in terms of its legal response to law enforcement. =93When we receive such a demand, our legal team carefully reviews the order. If there is any question about the legitimacy or scope of the court order, we challenge it. Only when we are satisfied that the court order is valid and appropriate do we deliver the narrowest possible set of information responsive to the request," the company added. Apple also takes a not-so-subtle dig at other tech companies like Google, Facebook, and Twitter, which have issued similar transparency reports. Perhaps most important, our business does not depend on collecting personal data. We have no interest in amassing personal information about our customers. We protect personal conversations by providing end-to-end encryption over iMessage and FaceTime. We do not store location data, Maps searches, or Siri requests in any identifiable form. In addition, Apple released the figures of law enforcement requests by American and other national authorities worldwide. As earlier data from other companies has shown, American requests dwarf all others. Apple is also forbidden, as are other companies, from breaking out local law enforcement cases when compared to national security or federal law enforcement situations, which is why it must be released as a range of numbers rather than as a single number. In comparison to the =931,000 to 2,000=94 requests that Apple received from American law enforcement, the next highest came from the United Kingdom, with 127 requests across 141 accounts. Apple complied with handing over data in 51 of those accounts, objecting to data sharing for 79 accounts, and outright denying compliance for 46 accounts. [...] [snip] Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/> ------------------------------ Date: Thu, 7 Nov 2013 09:48:34 -0500 From: David Farber <farber () gmail com> Subject: EFF Files 22 Firsthand Accounts of How NSA Surveillance Chilled the Right to Association Advocacy Organizations Seek Immediate Ruling on the Legality of the NSA's Mass Collection of Telephone Records Electronic Frontier Foundation Media Release, 7 Nov 2013, davidg () eff org David Greene, Senior Staff Attorney, Electronic Frontier Foundation San Francisco - The Electronic Frontier Foundation (EFF) has provided a federal judge with testimony from 22 separate advocacy organizations detailing how the National Security Agency's (NSA) mass telephone records collection program has impeded the groups' work, discouraged their members and reduced the numbers of people seeking their help via hotlines. The declarations accompanied a motion for partial summary judgment filed late Wednesday, in which EFF asks the court to declare the surveillance illegal on two levels--the law does not authorize the program, and the Constitution forbids it. In First Unitarian Church of Los Angeles v. NSA, EFF represents a diverse array of environmentalists, gun-rights activists, religious groups, human-rights workers, drug-policy advocates and others that share one major commonality: they each depend on the First Amendment's guarantee of free association. EFF argues that if the government vacuums up the records of every phone call--who made the call, who received the call, when and how long the parties spoke--then people will be afraid to join or engage with organizations that may have dissenting views on political issues of the day. The US government acknowledged the existence of the telephone records collection program this summer, after whistleblower Edward Snowden leaked a copy of a Foreign Intelligence Surveillance Court order authorizing the mass collection of Verizon telephone records. "The plaintiffs, like countless other associations across the country, have suffered real and concrete harm because they have lost the ability to assure their constituents that the fact of their telephone communications between them will be kept confidential from the federal government," EFF Senior Staff Attorney David Greene said. "This has caused constituents to reduce their calling. This is exactly the type of chilling effect on the freedom of association that the First Amendment forbids." In today's motion, EFF asks the US District Court for the Northern District of California to review the undisputed evidence at hand and rule that the NSA's "Associational Tracking Program" is not only unconstitutional, but not authorized under Section 215 of the USA PATRIOT ACT, the law the government has so far used to justify its surveillance. The statute authorizes the government to collect information only if the information "is relevant to an authorized investigation." Because the government collects the records of every telephone call made to, from and within the United States, the vast majority of the records it collects are plainly irrelevant. "Section 215 is a simple statute designed to give the FBI something like the subpoena power available in criminal investigations," attorney Thomas Moore, an EFF special counsel, said. "It was not intended to authorize the dragnet surveillance the NSA has undertaken. A government of the people, by the people, and for the people should not be spying on the people." The motion could be argued as early as February 2014. For the motion for partial summary judgment: https://www.eff.org/document/plaintiffs-motion-partial-summary-judgment-0 For the declarations: https://www.eff.org/document/all-plaintiffs-declarations For this release: https://www.eff.org/press/releases/eff-files-22-firsthand-accounts-how-nsa-surveillance-chilled-right-association [Truncated for RISKS, but worth reading in its entirety.. PGN] ------------------------------ Date: Wed, 13 Nov 2013 17:22:27 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: LexisNexis helping police stake out social media http://j.mp/17vaVIR (Ars Technica via NNSquad) "Local law enforcement is getting the kind of technological boost that used to be limited to three-letter agencies thanks to Web-based software services that mine social media for intelligence. At last month's International Association of Chiefs of Police (IACP) conference in Philadelphia, LexisNexis showed off a new tool it will bundle with its research service for law enforcement agencies-one that will help them "stake out" social media as part of their criminal investigations. Called Social Media Monitor, the cloud-based service will watch social networks for comments and activities that might offer clues to crimes in the physical world. With direct connections into a variety of social media services' feeds, it will help police plow through Twitter and Facebook in search of evidence that could lead to arrests." I wonder how much law enforcement resources might end up being diverted by people purposely planting false leads and rickrolls? LW ------------------------------ Date: November 14, 2013 at 5:13:27 PM EST From: Richard Forno <rforno () infowarrior org> Subject: FBI deems PhD thesis a national security concern Meet the Punk Rocker Who Can Liberate Your FBI File Ryan Shapiro's technique is so effective at unburying sensitive documents, the feds are asking the courts to stop him. http://www.motherjones.com/politics/2013/11/foia-ryan-shapiro-fbi-files-lawsuit ------------------------------ Date: Tue, 19 Nov 2013 17:02:32 -0500 (EST) From: Eli the Bearded <*@eli.users.panix.com> Subject: notsp LG Smart TV logging everything to a website http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html In fact, there is an option in the system settings called "Collection of watching info:" which is set ON by default. This setting requires the user to scroll down to see it and, unlike most other settings, contains no "balloon help" to describe what it does. At this point, I decided to do some traffic analysis to see what was being sent. It turns out that viewing information appears to be being sent regardless of whether this option is set to On or Off. [...] This information appears to be sent back unencrypted and in the clear to LG every time you change channel, even if you have gone to the trouble of changing the setting above to switch collection of viewing information off. The television also logs filenames on attached USB drives. A letter to LG's UK offices produced a particularly unsympathetic response with the brush-off of: The advice we have been given is that unfortunately as you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer. Doesn't sound very "Life's Good" (LG ad slogan) to me. ------------------------------ Date: Wed, 13 Nov 2013 09:06:47 -0500 From: Monty Solomon <monty () roscom com> Subject: Hoping to avert "collision" with disaster, Microsoft retires SHA1 After 2016, Microsoft will stop accepting the collision-prone crypto algorithm. Dan Goodin, Ars Technica, 12 Nov 2013 Microsoft is retiring two widely used cryptographic technologies that are growing increasingly vulnerable to attacks that seemed unlikely just a decade ago. The company's software will stop recognizing the validity of digital certificates that use the SHA1 cryptographic algorithm after 2016, officials said on Tuesday. SHA1 is widely used to underpin secure socket layer (SSL) and transport layer security (TLS) certificates that authenticate websites and encrypt traffic passing between their servers and end users. SHA1-based certificates are also used to digitally verify that specific software applications are legitimate and not imposter programs or programs that have been tampered with to include hidden backdoors. ... http://arstechnica.com/security/2013/11/hoping-to-avert-collision-with-disaster-microsoft-retires-sha1/ ------------------------------ Date: Fri, 15 Nov 2013 13:37:35 -0800 From: Gene Wirchenko <genew () telus net> Subject: "Adobe patches critical vulnerabilities in Flash Player, ColdFusion" (Lucian Constantin) Lucian Constantin, InfoWorld, 13 Nov 2013 The vulnerabilities could allow unauthorized remote code execution or remote read access http://www.infoworld.com/d/security/adobe-patches-critical-vulnerabilities-in-flash-player-coldfusion-230772 ------------------------------ Date: Mon, 18 Nov 2013 12:44:46 -0800 From: Gene Wirchenko <genew () telus net> Subject: "'Blurry fonts' bug KB 2670838 persists with IE11 and Windows 7" (Woody Leonhard) Woody Leonhard | InfoWorld, 18 Nov 2013 A six-month-old 'fuzzy fonts' bug that affected Firefox and Chrome is still around -- and may now affect Windows users who upgrade to IE11 http://www.infoworld.com/t/microsoft-windows/blurry-fonts-bug-kb-2670838-persists-ie11-and-windows-7-231035 ------------------------------ Date: Sun, 17 Nov 2013 16:20:58 -0800 From: Geoff Kuenning <geoff () cs hmc edu> Subject: Re: An App That Saved 10,000 Lives (O'Leary, RISKS-27.54) Bruce Horrocks takes a rather literalist approach to analyzing the story of a Web site that answers medical questions. And although I agree that this kind of promotional press release should be viewed with skepticism, I also think there might be some truth in between the hype and the literalism. (In particular, I think it's going rather far to take the word "her" to imply that all the saved lives were female.) It seems likely to me that the press release intended to imply that 10K people have said that the site saved their lives. And is that implausible? Note that there's a difference between the users *saying* that site was life-saving and lives actually being saved. I suspect that if you survey a random million people, you'll easily find 10K (that's only one percent) who think their lives were saved by prayer, or a fortune cookie, or getting a dog. As to the number of queries and answers, without visiting the site in question one can safely guess that (a) not every answer comes from a doctor, (b) it doesn't have to take five minutes--even on average--to answer a question, and (c) not every question necessarily produces an answer. And as to the number of users, I frequent a photography site where some individuals have over 40K postings. We know that hypochondria is a real phenomenon, and we know that there are some lay people who are very eager to show off their knowledge even if its' not justified. So I think it's rather RISKy to try to make a seat-of-the-pants guess at any site statistics without knowing a few more details. Geoff Kuenning geoff () cs hmc edu http://www.cs.hmc.edu/~geoff/ ------------------------------ Date: Fri, 08 Nov 2013 20:48:07 +0000 From: "Chris Drewe" <e767pmk () yahoo co uk> Subject: Clifford Nass: Obituary Today's *Telegraph* has an obituary of Clifford Nass: http://www.telegraph.co.uk/news/obituaries/10433894/Clifford-Nass-Obituary.html Clifford Nass was a sociologist who argued that digital multitasking makes us less sociable, less efficient and less clever. ... Far from making people sharper, jumping around from emailing to texting to posting on social media can scramble the brain, Nass concluded. ``People who multitask all the time show worse thinking abilities in every dimension that we know of,'' [...] http://www.telegraph.co.uk/news/obituaries/10433894/Clifford-Nass-Obituary.html ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 27.61 ************************
Current thread:
- Risks Digest 27.61 RISKS List Owner (Nov 19)