RISKS Forum mailing list archives
Risks Digest 27.63
From: RISKS List Owner <risko () csl sri com>
Date: Wed, 4 Dec 2013 21:44:11 PST
RISKS-LIST: Risks-Forum Digest Wednesday 4 November 2013 Volume 27 : Issue 63 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.63.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Jury: Newegg infringes Spangenberg patent, must pay $2.3 million (Lauren Weinstein, PGN) Amazon Air Prime and the Labor Question (Andrew Russell) "Stuxnet's Secret Twin", by Ralph Langner at Foreign Policy (via Prashanth Mundkur) Dial 00000000 for Armageddon (Henry Baker) Monday meltdown (Gary Hinson) "Million-dollar robbery rocks bitcoin exchange" (Jon Gold via Gene Wirchenko) Bitcoin Miners being planted in programs being surreptitiously installed on users' computers (Techienews via Lauren Weinstein) Why Comcast and other cable ISPs aren't selling you gigabit Internet (ArsTechnica via Lauren Weinstein) Dutch intelligence agency AIVD hacks Internet forums (NRC via LW) Snowden claims... NSA used lots of spyware (Danny Burstein) UK ministers will order ISPs to block terrorist and extremist websites (Lauren Weinstein) New FCC Chairman appears to simultaneously endorse NetNeutrality and letting ISPs crush Net services and consumers (Public Knowledge) "Malice or mistake? Cyber sleuths weigh in on Internet hijack attack" (Serdar Yegulalp via Gene Wirchenko) A spurned techie's revenge: Locking down his ex's digital life (Sean Gallagher via Monty Solomon) Facebook Vulnerability Discloses Friends Lists Defined as Private (Quotium) Surveilling the police! (Prashanth Mundkur) Couchsurfing - The Crash - Montreal 2006 (jidanni) Re: A joke that went wrong (Brian Randell) Willis Ware (PGN) The Spyware That Enables Mobile-Phone Snooping (Susan Crawford via Robert Schaefer) Healthcare IT (IEEE S&P) Digital Outcasts: Moving Technology Forward without Leaving People Behind (Ben Rothke) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 25 Nov 2013 21:55:02 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Jury: Newegg infringes Spangenberg patent, must pay $2.3 million "Newegg, an online retailer that has made a name for itself fighting the non-practicing patent holders sometimes called "patent trolls," sits on the losing end of a lawsuit tonight. An eight-person jury came back shortly after 7:00pm and found that the company infringed all four asserted claims of a patent owned by TQP Development, a company owned by patent enforcement expert Erich Spangenberg. The jury also found that the patent was valid, apparently rejecting arguments by famed cryptographer Whitfield Diffie. Diffie took the stand on Friday to argue on behalf of Newegg and against the patent." [http://bit.ly/1iaAV0I via NNSquad] [Insanity. Idiocy. LW] ------------------------------ Date: Tue, 26 Nov 2013 11:30:22 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: Jury: Newegg infringes Spangenberg patent, must pay $2.3 million Newegg trial: Crypto legend takes the stand, goes for knockout patent punch http://j.mp/1em2DSC (Ars Technica) "We've heard a good bit in this courtroom about public key encryption," said Albright. "Are you familiar with that?" "Yes, I am," said Diffie, in what surely qualified as the biggest understatement of the trial. "And how is it that you're familiar with public key encryption?" "I invented it." ------------------------------ Date: December 4, 2013 at 10:30:20 AM EST From: Andrew Russell <arussell () stevens edu> Subject: Amazon Air Prime and the Labor Question (via Dave Farber) Lee Vinsel has posted a provocative piece on "Autonomous Vehicles and the Labor Question." The post sets a couple of recent discussion topics - a New Yorker article on self-driving cars, and the 60 Minutes profile of Jeff Bezos [1 Dec 2013] -- into a richer context, including the connections between the industrial and digital economies, and what these new technologies might mean for human labor (aka "jobs"). [The highlight of the Charlie Rose's interview with Bezos was clearly the film snippet of an Octocopter drone delivering a book from Amazon to someone at his doorstep. The risks of collisions, spoofing, and so on were never mentioned. PGN] http://leevinsel.com/blog/2013/12/2/autonomous-vehicles-and-the-labor-question ------------------------------ Date: Tue, 26 Nov 2013 20:46:39 -0800 From: Prashanth Mundkur <prashanth.mundkur () gmail com> Subject: "Stuxnet's Secret Twin", by Ralph Langner at Foreign Policy http://www.foreignpolicy.com/articles/2013/11/19/stuxnets_secret_twin_iran_nukes_cyber_attack First two paras: Three years after it was discovered, Stuxnet, the first publicly disclosed cyberweapon, continues to baffle military strategists, computer security experts, political decision-makers, and the general public. A comfortable narrative has formed around the weapon: how it attacked the Iranian nuclear facility at Natanz, how it was designed to be undiscoverable, how it escaped from Natanz against its creators' wishes. Major elements of that story are either incorrect or incomplete. That's because Stuxnet is not really one weapon, but two. The vast majority of the attention has been paid to Stuxnet's smaller and simpler attack routine -- the one that changes the speeds of the rotors in a centrifuge, which is used to enrich uranium. But the second and "forgotten" routine is about an order of magnitude more complex and stealthy. It qualifies as a nightmare for those who understand industrial control system security. And strangely, this more sophisticated attack came first. The simpler, more familiar routine followed only years later -- and was discovered in comparatively short order. ------------------------------ Date: Sat, 30 Nov 2013 19:32:25 -0800 From: Henry Baker <hbaker1 () pipeline com> Subject: Dial 00000000 for Armageddon. FYI -- This secret number was probably taped to the bottom of the "red phone"... "The Onion" and "SNL" couldn't make up this story; and the people in charge of the PAL program must have laughed hysterically at the movie Dr. Strangelove, but for a totally different reason from the rest of us... http://www.dailymail.co.uk/news/article-2515598/Launch-code-US-nuclear-weapons-easy-00000000.html Dial 00000000 for Armageddon. U.S.'s top secret launch nuclear launch code was frighteningly simple *Daily Mail*, 29 Nov 2013 UPDATED: 21:59 EST For nearly 20 years, the secret code to authorize launching U.S. nuclear missiles, and starting World War III, was terrifyingly simple and even noted down on a checklist. From 1962, when John F Kennedy instituted PAL encoding on nuclear weapons, until 1977, the combination to fire the devastating missiles at the height of the Cold War was just 00000000. This was chosen by Strategic Air Command in an effort to make the weapons as quick and as easy to launch as possible, as reported by Today I Found Out. The Permissive Action Link (PAL) is a security device for nuclear weapons that it is supposed to prevent unauthorized arming or detonation of the nuclear weapon. JFK signed the National Security Action Memorandum 160 in 1962 that required all nuclear missiles to be fitted with a PAL system. But nuclear experts claim the military was worried about the possibility of command centers or communication lines being destroyed in real nuclear war, stopping soldiers getting the codes or authorization to launch missiles when they were actually needed. So they simply left the security code for the weapons as eight zeros, getting around the security safeguards. Dr. Bruce G. Blair, worked as a Minuteman launch officer between 1970 and 1974. He has written several articles about nuclear command and control systems. In a paper called Keeping Presidents in the Nuclear Dark, he wrote that Strategic Air Command 'remained far less concerned about unauthorized launches than about the potential of these safeguards to interfere with the implementation of wartime launch orders.' Incredibly, he also writes that the vital combination for America's nuclear deterrent was even helpfully noted down for the officers. 'Our launch checklist in fact instructed us, the firing crew, to double-check the locking panel in our underground launch bunker to ensure that no digits other than zero had been inadvertently dialed into the panel,' Dr Blair wrote. According to Today I Found Out, Blair wrote an article in 1977 entitled The Terrorist Threat to World Nuclear Programs. This claimed that it would take just four people working together to launch nuclear missiles from the silos he had worked in. That very same year all the PAL systems were activated, and the nuclear codes were changed. Hopefully to something more complicated than 00000000. [Bob Frankston noted a Gizmodo article by Karl Smallwood, 29 Nov 2013: For 20 Years the Nuclear Launch Code at US Minuteman Silos Was 00000000 http://gizmodo.com/for-20-years-the-nuclear-launch-code-at-us-minuteman-si-1473483587 PGN] ------------------------------ Date: Wed, 4 Dec 2013 08:08:41 +1300 From: "Gary Hinson" <Gary () isect com> Subject: Monday meltdown "RBS today admitted that it had failed to invest properly in IT systems for decades, as customers woke up to find money had been emptied from their accounts by a computer glitch" . http://www.dailymail.co.uk/news/article-2517106/NatWest-RBS-Cyber-Monday-mel tdown-EMPTIES-customers-bank-accounts.html Curiously frank admission by a bank, that. According to the paper, the CEO said "'I will be outlining plans in the New Year for making RBS the bank that our customers and the UK need it to be. This will include an outline of where we intend to invest for the future." Let's hope the 'outline' is sufficient to support a generous budget request, and 'the future' is not too far off. Being the Daily Mail, the journalism is heavy on emotive stuff such as "I couldn't purchase milk for my four-week-old baby" but RISKS readers ought to be able to guess at how this incident, and the associated adverse publicity and Twitter storm, may have affected the RBS (Royal Bank of Scotland) brand. Dr Gary Hinson, IsecT CEO, http://isect.com http://NoticeBored.com http://SecurityMetametrics.com http://www.iso27001security.com/ ISO27001security.com ------------------------------ Date: Fri, 29 Nov 2013 11:08:44 -0800 From: Gene Wirchenko <genew () telus net> Subject: "Million-dollar robbery rocks bitcoin exchange" (Jon Gold) Jon Gold, InfoWorld, 26 Nov 2013 Latest Bitcoin security breach affects major European exchange, which shuts down personal wallet service http://www.infoworld.com/d/security/million-dollar-robbery-rocks-bitcoin-exchange-231617 [Gene Wirchenko noted "Bitcointalk.org warns passwords in danger after DNS attack" Jeremy Kirk, InfoWorld, 02 Dec 2013 Some users are advised to change their passwords after the site's DNS registrar was breached http://www.infoworld.com/d/security/bitcointalkorg-warns-passwords-in-danger-after-dns-attack-231842 Also see http://arstechnica.com/security/2013/11/bitcoins-skyrocketing-value-ushers-in-era-of-1-million-hacker-heists/ ] ------------------------------ Date: Sat, 30 Nov 2013 11:51:21 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Bitcoin Miners being planted in programs being surreptitiously installed on users' computers Report: Bitcoin Miners being planted in programs being surreptitiously installed on users' computers http://j.mp/1eBaID5 (Techienews via NNSquad) "These miners surreptitiously carry out Bitcoin mining operations on the user's system consuming valuable CPU time without explicitly asking for user's consent. Because of the extensive mathematical calculations involved, the mining operation consumes a lot of CPU resource and renders the user's system almost useless for regular operations. Malwarebytes first came across such an instance of a Bitcoin miner when one of the users of its software requested for assistance on November 22 through a forum post." ------------------------------ Date: Sun, 1 Dec 2013 20:31:26 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Why Comcast and other cable ISPs aren't selling you gigabit Internet "Cable tech could hit a gigabit today, but why bother when customers lack choice?" http://j.mp/1gwJ1g8 (Ars Technica via NNSquad) ------------------------------ Date: Sat, 30 Nov 2013 09:08:15 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Dutch intelligence agency AIVD hacks Internet forums Nico van Eijk, a Dutch professor in Information Law, is of the opinion that the Dutch intelligence service has crossed the boundaries of Dutch legislation. "They use sweeps to collect data from all users of web forums. The use of these techniques could easily lead to mass surveillance by the government." IT specialist Matthijs Koot says that the exploitation of this technology can lead to a blurring of the lines between normal citizens and legitimate targets of the intelligence services. http://j.mp/1cSrI6f (NRC via NNSquad) [I suppose this is new form of Dutch Treat, where the Dutch and their government split the costs? PGN] ------------------------------ Date: Sat, 23 Nov 2013 13:50:38 -0500 (EST) From: Danny Burstein <dannyb () panix com> Subject: Snowden claims... NSA used lots of spyware [courtesy of a Netherlands news groups web post. Don't have any info on their veracity] NSA infected 50,000 computer networks with malicious software The American intelligence service - NSA - infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information. Documents provided by former NSA-employee Edward Snowden and seen by this newspaper, prove this. A management presentation dating from 2012 explains how the NSA collects information worldwide. In addition, the presentation shows that the intelligence service uses "Computer Network Exploitation" (CNE) in more than 50,000 locations. CNE is the secret infiltration of computer systems achieved by installing malware, malicious software. rest: http://www.nrc.nl/nieuws/2013/11/23/nsa-infected-50000-computer-networks-with-malicious-software/ ------------------------------ Date: Thu, 28 Nov 2013 09:52:48 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: UK ministers will order ISPs to block terrorist and extremist websites "The government is to order broadband companies to block extremist websites and empower a specialist unit to identify and report content deemed too dangerous for online publication. The crime and security minister, James Brokenshire, said on Wednesday that measures for censoring extremist content would be announced shortly. The initiative is likely to be controversial, with broadband companies already warning that freedom of speech could be compromised." http://j.mp/1fMvofe (Guardian via NNSquad) Maybe also try block sites of political critics? No matter, a thousand proxies will bloom, for good or ill. That's the reality, like it or not. ------------------------------ Date: Tue, 3 Dec 2013 16:24:51 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: New FCC Chairman appears to simultaneously endorse Net Neutrality and letting ISPs crush Net services and consumers http://j.mp/188F4hr (Public Knowledge via NNSquad) Yesterday, new FCC Chairman Tom Wheeler delivered his first formal public address. After a prepared speech that explained his regulatory approach, he moved to a Q&A session. In that session, he appeared to endorse the opposite of net neutrality: allowing ISPs to charge websites and services in order to reach that ISP's subscribers. In other words, giving ISPs the power to pick winners and losers online. This endorsement was all the more unexpected because it followed his explicit endorsement of "net neutrality" and a speech that touted the FCC's role in protecting the public interest. [This might give new meaning to "Wheeler Dealer". PGN] ------------------------------ Date: Tue, 26 Nov 2013 12:11:58 -0800 From: Gene Wirchenko <genew () telus net> Subject: "Malice or mistake? Cyber sleuths weigh in on Internet hijack attack" (Serdar Yegulalp) Serdar Yegulalp | InfoWorld, 22 Nov 2013 Security experts investigate roots and motive behind surprise rerouting of Internet traffic through Belarus and Iceland http://www.infoworld.com/t/network-security/malice-or-mistake-cyber-sleuths-weigh-in-internet-hijack-attack-231445 ------------------------------ Date: Sat, 30 Nov 2013 00:29:36 -0500 From: Monty Solomon <monty () roscom com> Subject: A spurned techie's revenge: Locking down his ex's digital life (Sean Gallagher) Sean Gallagher, Ars Technica, 22 Nov 2013 Revenge porn is just the tip of the iceberg when it comes to cyber-domestic abuse. The e-mail's subject line was "Interested in hiring you." The sender, a woman, said she had seen me on a local Baltimore news show talking about revenge porn, and she was "interested in talking to you about some work." She gave an office phone number, and her e-mail address was from a large local hospital system, so I thought it might be for some sort of speaking engagement. It was anything but. When I contacted her, the woman told me her life had been turned upside down by her ex-boyfriend. He had hacked her phones, her voicemail, and her family's computer, and he was blocking her out of her digital life. She was looking for someone to help her regain control. To some, those claims might sound like paranoia. But there are thousands of incidents of this type of abusive use of technology annually, perpetrated by (mostly male) spouses or partners. The most public forms of tech-centered abuse, especially revenge porn, are getting attention from legislators across the US right now. But these incidents are not entirely new. For more than a decade, domestic violence and "intimate partner" stalking and harassment have relied heavily on technology. The most recent comprehensive study on stalking and domestic violence, conducted by the Department of Justice in 2006, found that more than 887,000 people were aware that they were victims of cyber stalking or electronic monitoring in that year alone. And that was a year before the iPhone was released and well before the smartphone boom really began. ... http://arstechnica.com/tech-policy/2013/11/a-spurned-techies-revenge-locking-down-his-exs-digital-life/ ------------------------------ Date: Mon, 25 Nov 2013 11:02:10 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Facebook Vulnerability Discloses Friends Lists Defined as Private "Irene Abezgauz from the Quotium Seeker Research Center identified a security flaw in Facebook privacy controls. The vulnerability allows attackers to see the friends list of any user on Facebook. This attack is carried out by abusing the 'People You May Know' mechanism on Facebook, which is the mechanism by which Facebook suggests new friends to users." http://j.mp/1birbxG (Quotium via NNSquad) ------------------------------ Date: Wed, 27 Nov 2013 06:37:36 -0800 From: Prashanth Mundkur <prashanth.mundkur () gmail com> Subject: Surveilling the police! Saleh was so troubled by what he saw that he decided to install video cameras in his store. Not to protect himself from criminals, because he says he has never been robbed. He installed the cameras -- 15 of them -- to protect him and his customers from police. http://www.miamiherald.com/2013/11/21/v-fullstory/3769823/in-miami-gardens-store-video-catches.html ------------------------------ Date: Tue, 03 Dec 2013 04:59:15 +0800 From: jidanni () jidanni org Subject: Couchsurfing - The Crash - Montreal 2006 Gone without any backups! Never do this. http://www.youtube.com/watch?v=xUD0LE0lx6g ------------------------------ Date: Wed, 27 Nov 2013 21:15:31 +0000 From: Brian Randell <brian.randell () newcastle ac uk> Subject: Re: A joke that went wrong (Randell, RISKS-2.56) [Brian sets the record straight after a RISKS posting 27.5 years ago! PGN] RISKS-2.56 (30 May 1986, http://catless.ncl.ac.uk/Risks/2.56.html#subj1) carried an article passed on by me from the (London) Guardian, under the heading "A joke that went wrong". The newspaper article described a court case in which Mr Dean Talboys "admitted criminal damage at Acton crown court in the first British prosecution for electronic graffiti". A bug in some software that he was creating as a (harmless) practical joke, on a system that was in "test mode", accidentally caused disruption at his employer's headquarters when the computer was switched to "operational mode". (The article does not indicate the cause of this switch, but there is no suggestion that Mr Talboys was responsible.) There has I learn been a long-lasting effect of this incident, in that ever since Internet searches on his (rather unusual) name have frequently led people to this article, and to their drawing unjustified conclusions about him. This followup message to RISKS should from now on also be found by people doing Internet searches on his name, and thus should help alleviate an unfortunate situation. Brian Randell, School of Computing Science, Newcastle University, Newcastle upon Tyne, NE1 7RU, UK Brian.Randell () ncl ac uk +44 191 222 7923 http://www.cs.ncl.ac.uk/people/brian.randell - - - - - Begin forwarded message: Date: 27 November 2013 21:00:26 GMT From: <dean () louistalboys com<mailto:dean () louistalboys com>> To: Brian Randell <brian.randell () newcastle ac uk> Subject: RE: A joke that went wrong Hi Brian, Very well put and much appreciated. With respect to the "switch", it is worth pointing out that this was a typical mainframe environment where systems, operations, and development existed as autonomous units. The only way I could have been held fully responsible for the failure was if I had requested the systems programmer to move the test program into the live environment. Not only was the program incomplete when I left to join a consultancy, it was perhaps three months later that the problem occurred (I had enough of a job explaining it to my QC, who was concerned the public jury would not get it at all). The only reason they came after me was the fact that my employee number was hard coded into a conditional statement - hardly the action of someone intent on damage or financial gain. Personally, I think Dixon's were a little annoyed at me leaving so soon after they had trained me on ManTIS but then it was the 80s and companies were stealing employees left, right and centre. They were no different in that respect. It struck me that there is a cruel irony considering the circumstances, you the contributor to a magazine intended for a limited readership, which through the actions of a third-party, Google, unintentionally leads to a much wider audience. Thanks again and have a nice Christmas! Dean ------------------------------ Date: Mon, 25 Nov 2013 21:45:53 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: Willis Ware Willis died at 93. He was a colleague, friend, and continual inspiration. He was one of the nicest people I ever met. It is almost impossible to do his passing justice here, but I thought I would excerpt a few comments. Gene Spafford <spaf () purdue edu> https://www.cerias.purdue.edu/site/blog/post/the_passing_of_a_pioneer/ * Willis worked at the Institute for Advanced Studies for John von Neumann, building an early computer system. * He helped build the Johnniac. * He was at RAND for more than 40 years. * He was heavily involved early in the ACM. * He was the founding president of AFIPS. * The Ware Report in 1967 was one of the real landmarks http://www.rand.org/pubs/reports/R609-1/index2.html * In 1972, he chaired the Advisory Committee on Automated Personal Data Systems for HEW (now HHS). "Records, Computers, and the Rights of Citizens http://www.rand.org/content/dam/rand/pubs/papers/2008/P5077.pdf * That influenced the Privacy Act of 1974 http://epic.org/privacy/1974act/ * He was the first chairman of the Information System and Privacy Advisory Board formed under the Computer Security Act of 1987 * He was one of the most honored professionals in computing. [LONG LIST] Dr. Willis H. Ware was truly a pioneer computer scientist, an early innovator in computing education, one of the founders of the field of computer security, and an early proponent of the need to understand appropriate use of computing and the importance of privacy. His dedication to the field and the public interest was both exceptional and seminal. (The New York Times* apparently ran two different obits, http://www.nytimes.com/aponline/2013/11/27/business/ap-us-obit-willis-ware.html?hp&_r=0 and another by John Markoff on 3 Dec 2013, who quoted Willis from 1966: "The computer will touch men everywhere and in every way, almost on a minute-by-minute basis. Every man will communicate through a computer, whatever he does. It will change and reshape his life, modify hs career, and force him to accept a life of continuous change." He was incredibly wise. Overall, he called 'em as he saw 'em. and he was usually right on the mark. PGN ------------------------------ Date: Tue, 3 Dec 2013 08:22:03 -0500 From: Robert Schaefer <rps () haystack mit edu> Subject: The Spyware That Enables Mobile-Phone Snooping (Susan Crawford) Susan Crawford - Nov 27, 2013 "The technology involved is called cellular interception. The active variety of this, the `IMSI catcher', is a portable device that masquerades as a mobile phone tower...Because the security hole that allows for this snooping is associated with 2G mobile networks, any 2G phone can be fooled by an IMSI catcher. To bring in newer phones, corporate spies and other criminals can easily jam nearby 3G, 4G and long-term evolution, or LTE, networks so that phones associated with them =93think=94 they have to fall back on 2G networks. All phones, no matter how modern, continue to work in 2G mode, because carriers are reluctant to make the investments required to move up from 2G networks nationwide...As things stand, U.S. mobile networks can easily be exploited by criminals and by foreign governments." http://www.bloomberg.com/news/print/2013-11-27/the-spyware-that-enables-mobile-phone-snooping.html robert schaefer, Atmospheric Sciences Group, MIT Haystack Observatory Westford, MA 01886 781-981-5767 http://www.haystack.mit.edu ------------------------------ Date: Mon, 2 Dec 2013 11:51:44 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: Healthcare IT (IEEE S&P) With all the current kerfuffle over Healthcare in the US and elsewhere, the November-December 2013 IEEE Security and Privacy magazine has a timely special issue devoted to Healthcare IT. The articles (in addition to the Guest Editors' Introduction by Kelly Caine and Michael Lesk, and the concluding Point/Counterpoint with Deborah Peel and Deven McGraw) are * Nonconfidential Patient Types in Emergency Clinical Decision Support * Electronic Medical Regords: Confidentiality, Care, and Epidemiology * Securing Information Technology in Healthcare * Identity Management -- In Privacy We Trust: Bridging the Trust Gap in eHealth Environments ------------------------------ Date: Tue, 26 Nov 2013 07:23:34 -0500 From: Ben Rothke <brothke () hotmail com> Subject: Digital Outcasts: Moving Technology Forward without Leaving People Behind Many of us have experimented what it means to be disabled -- by sitting in a wheelchair for a few minutes or putting a blindfold over our eyes. In Digital Outcasts: Moving Technology Forward without Leaving People Behind -- author Kel Smith details the innumerable obstacles disabled people have to deal with in their attempts to use computers and the Internet. Smith writes that despite our growing potential to augment human capability and competence through technology -- the innovation curve sometimes leaves behind people who could most benefit. Full book review at http://www.rsaconference.com/blogs/447/rothke/digital-outcasts-moving-technology-forward-without-leaving-people-behind ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 27.63 ************************
Current thread:
- Risks Digest 27.63 RISKS List Owner (Dec 04)