RISKS Forum mailing list archives
Risks Digest 27.75
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 21 Feb 2014 14:28:32 PST
RISKS-LIST: Risks-Forum Digest Friday 21 February 2014 Volume 27 : Issue 75 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.75.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: United Airlines Can't Seem to Keep Its Computers and Systems Running (Jonathan B Spira) Oregon voter registration database hacked, then offline for 10 days (Michael Lloyd and Yuxing Zheng) Legend EMR (Richard I Cook) The Snowden privacy panic has spread to medical research (Tom Gray) Spy Chief Says Snowden Took Advantage of Perfect Storm ... (David E. Sanger and Eric Schmitt) 'TheMoon' worm infects Linksys routers (Lucian Constantin via Gene Wirchenko) Well.ca loses customer credit card data in security breach" (Candice So) New Silk Road hit with $2.6 million heist due to known Bitcoin flaw (Cyrus Farivar) The furniture is watching you (Mark Thorson) Smarter caller-id spoofing (Tony Luck) Cryptography Breakthrough Could Make Software Unhackable (WiReD) Venezuela's Internet Crackdown Escalates into Regional Blackout (EFF) Bing censoring Chinese language search results for users in the US (*The Guardian*) DARPA Thinks the Future of Surveillance Looks Like Siri (Patrick Tucker via ACM TechNews) Because of DRM, The Entire Copyright Monopoly Legislation is a Lie (Rick Falkvinge via Dewayne Hendricks) Why is the US a decade behind Europe on 'chip & pin' cards? (Jeremy Ardley) Re: NSF: 1/4 of Americans think sun goes 'round the earth... (Andy Walker) American science education (Rich Schroeppel) Re: High School educated Air Traffic Controllers (Steve Lamont) David Cole: "Can Privacy Be Saved?" (Bruce Schneier) GPS / GNSS vulnerabilities (Martyn Thomas) Re: GPS pioneer warns on network's security (Bob Frankston) UK is expanding their screwed up mandated porn filters to include more topics they can screw up (Lauren Weinstein) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wednesday, February 19, 2014 From: *Jonathan B Spira* <jspira () basex com> Subject: United Airlines Can't Seem to Keep Its Computers and Systems Running [Via Dave Farber] *United Airlines Reservation System Crashes (Again) <http://www.frequentbusinesstraveler.com/2014/02/united-airlines-reservation-system-crashes-again/> http://accura.cc/59hctv "United Airlines' computer systems failed Wednesday [19 Feb 2014] morning and the problem caused significant disruptions for passengers who had planned travel on the airline. A spokesman for the airline said that its Shares passenger service system failed at 9 a.m. Eastern Time. The disruption lasted approximately 30 minutes but it was followed by sporadic failures that continued throughout the morning., ..." ------------------------------ Date: Mon, 17 Feb 2014 13:07:14 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: Oregon voter registration database hacked, then offline for 10 days (Michael Lloyd and Yuxing Zheng) Michael Lloyd and Yuxing Zheng, *The Oregonian* Oregon Secretary of State Kate Brown warned businesses Thursday about a fraudulent invoice making the rounds. http://www.oregonlive.com/politics/index.ssf/2014/02/frustrations_mount_as_oregon_s.html Frustrations are mounting more than a week after a breach of the Oregon secretary of state's website caused elections and business databases to go offline. State officials say they're still investigating how the intrusion from a foreign entity occurred and don't know when the databases will return. The attack "appears to be an orchestrated intrusion from a foreign entity and not the result of any employee activities," the agency reported on its website this week. The department's Central Business Registry and ORESTAR, the state's online campaign finance reporting system, were temporarily taken offline as a precaution after officials detected "an intrusion" around 4 Feb. Since then, business attorneys haven't been able to look up existing business names, and campaign finance officials have not been able to report transactions. The outage could lead to missed deadlines and increased costs for businesses as attorneys spend extra time filing documents, said Shawn Lindsay, a business attorney and a Republican former state representative. The breach also raises questions about the security of the agency's other databases, including the voters database, which contains personal information that isn't publicly available, Lindsay said. The voters database is on a separate server and was not affected by last week's breach, state officials say. Credit card data is also safe. ------------------------------ Date: Sat, 8 Feb 2014 10:34:51 +0100 From: Richard I Cook MD <ricookmd () gmail com> Subject: Legend EMR In my most recent Velocity talk I made the point that applications gradually take on safety implications as their use becomes wider and they become more integrated into work. This is surely true for the Electronic Medical Records and will become true for many applications now considered `nice' or `useful' -- i.e., nonessential. Although not directed towards a safety goal (and therefore exempt from the usual requirements for devices intended to make or assure safety) useful artifacts gradually insinuate themselves into operations that are themselves essentially risky. It is then that their safety-ness becomes apparent. Unfortunately, the shift in use is not accompanied by reliability improvements. It is the same COTS stuff at the end as the beginning. The reaction of those responsible to accomplish the tasks that the apps do will be to develop low-cost and easily-deployed means to accomplish the functions when the IT doesn't work. Much of this is in the form of paper: Copies of schedules, copies of availability, printed versions of planning guides are easy to maintain and cost very little. ------------------------------ Date: February 7, 2014 at 7:56:56 PM EST From: Tom Gray <tom_gray_grc () yahoo com> Subject: The Snowden privacy panic has spread to medical research [Via Dave Farber's IP list] The Snowden privacy panic has spread to medical research. This is a problem. *The Daily Telegraph* http://blogs.telegraph.co.uk/technology/marthagilltech/100012335/the-snowden-privacy-panic-has-spread-to-medical-research-this-is-a-problem/ Since the Snowden revelations everyone has been panicking about privacy. Google, Twitter, Facebook and Yahoo are racing to show users how well they can protect their data. Government contractors are double-scrutinising new hires and encrypting everything in sight. But there's about to be one cautious move too many, and it's a serious threat to medical research. The European Parliament is proposing a new law which will effectively illegalise a NHS database of patient records, along with many large research projects. The idea had been kicking around for a while, but progress ground to a halt last year. After Snowden though, the kicking enthusiastically returned. ------------------------------ Date: Wed, 12 Feb 2014 03:39:30 -0500 From: David Farber <farber () gmail com> Subject: Spy Chief Says Snowden Took Advantage of Perfect Storm ... (David E. Sanger and Eric Schmitt) David E. Sanger and Eric Schmitt, *The New York Times, 11 Feb 2014 http://www.nytimes.com/2014/02/12/us/politics/spy-chief-says-snowden-took-advantage-of-perfect-storm-of-security-lapses.html?hp&_r=0 WASHINGTON -- The director of national intelligence acknowledged Tuesday that nearly a year after the contractor Edward J. Snowden `scraped' highly classified documents from the National Security Agency's networks, the technology was not yet fully in place to prevent another insider from stealing top-secret data on a similarly large scale. The director, James R. Clapper Jr., testifying before the Senate Armed Services Committee, said Mr. Snowden had taken advantage of a `perfect storm' of security lapses. He also suggested that as a highly trained systems administrator working for Booz Allen Hamilton, which provides computer services to the agency, Mr. Snowden knew how to evade the protections in place. ``He knew exactly what he was doing,'' Mr. Clapper said. ``And he was pretty skilled at staying below the radar, so what he was doing wasn't visible.'' But Mr. Clapper confirmed the outlines of a New York Times report that the former N.S.A. contractor had used a web crawler, a commonly available piece of software, to sweep up a huge trove of documents. Mr. Clapper also said, for the first time, that some of the information Mr. Snowden is believed to possess could expose the identities of undercover American operatives as well as foreigners who have been recruited by United States spy agencies. The information Mr. Snowden has released so far through several newspapers and a new digital news organization that began publishing on Monday has not revealed the names of agents or operatives, and it is unclear how much of that information he took with him when he fled the United States. [Truncated for RISKS...] ------------------------------ Date: Tue, 18 Feb 2014 09:43:38 -0800 From: Gene Wirchenko <genew () telus net> Subject: "'TheMoon' worm infects Linksys routers" (Lucian Constantin) Lucian Constantin, InfoWorld, 18 Feb 2014 A self-replicating program infects Linksys routers by exploiting an authentication bypass vulnerability http://www.infoworld.com/d/security/themoon-worm-infects-linksys-routers-236404 ------------------------------ Date: Wed, 19 Feb 2014 09:50:23 -0800 From: Gene Wirchenko <genew () telus net> Subject: "Well.ca loses customer credit card data in security breach" (Candice So) Candice So, *IT Business*. 18 Feb 2014 http://www.itbusiness.ca/news/well-ca-loses-customer-credit-card-data-in-security-breach/46993 selected text: In an e-mail to its customers today, Well.ca said one of its service providers was "illegally compromised" between 22 Dec 2013 and 7 Jan 2014. ... The service provider then informed Well.ca about two weeks ago [a delay of about one month], and Well.ca got further confirmation about the breach from its credit card provider less than a week ago. ------------------------------ Date: Sun, 16 Feb 2014 18:51:29 -0800 From: Gene Wirchenko <genew () telus net> Subject: New Silk Road hit with $2.6 million heist due to known Bitcoin flaw (Cyrus Farivar) Cyrus Farivar, Ars Technica, 14 Feb 2014 "Transaction malleability," which worried Mt. Gox and Bitstamp, strikes again. http://arstechnica.com/security/2014/02/new-silk-road-hit-with-2-6-million-heist-due-to-known-bitcoin-flaw/ ------------------------------ Date: Wed, 19 Feb 2014 14:57:50 -0800 From: Mark Thorson <eee () sonic net> Subject: The furniture is watching you Another company, Steelcase, which puts sensors in office furniture and buildings to see how workers interact, thinks the real opportunity for workplace monitoring is far from the call-centre floor -- in opaque creative departments and even boardrooms, where time is especially precious. David Lathrop, its director of research and strategy, says the sensors are now so cheap they can be put "practically everywhere", arguing that employees could benefit by tracking their own performance. Improving the productivity of top executives "has a disproportionate effect on the company", he adds. http://www.ft.com/cms/s/2/d56004b0-9581-11e3-9fd6-00144feab7de.html ------------------------------ Date: Thu, 20 Feb 2014 18:20:35 +0000 From: "Luck, Tony" <tony.luck () intel com> Subject: Smarter caller-id spoofing My cell phone just rang with caller-id announcing that it was my teenage daughter. I answered in a rush because being a typical teenager she would rather use any other method of communication rather than a voice call - so I figured it must be urgent. It wasn't. It wasn't even her. It was the "Card Holder Services" spammers saying they wanted to reduce my interest rates. But the question is - How did they decide spoof her number when calling me? Possibly they managed to scrape her "contacts" from her phone using some rogue application? Perhaps they have scraped the caller-id database and noticed that we have phone numbers close together and the same last name? However they did it - the value of caller-id when deciding whether to take a call just hit zero. ------------------------------ Date: Mon, 3 Feb 2014 15:10:39 -0800 From: Lauren Weinstein <privacy () vortex com> Subject: Cryptography Breakthrough Could Make Software Unhackable "Secure program obfuscation would be useful for many applications, such as protecting software patches, obscuring the workings of the chips that read encrypted DVDs, or encrypting the software controlling military drones. More futuristically, it would allow people to create autonomous virtual agents that they could send out into the computing "cloud" to act on their behalf. If, for example, you were heading to a remote cabin in the woods for a vacation, you could create and then obfuscate a computer program that would inform your boss about e-mails you received from an important client, or alert your sister if your bank balance dropped too low. Your passwords and other secrets inside the program would be safe." http://j.mp/1dZ6bHP (*WiRed*) - - - And so handy to hide viruses, spies, and other evil in, too! ------------------------------ Date: Thu, 20 Feb 2014 20:04:38 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Venezuela's Internet Crackdown Escalates into Regional Blackout http://j.mp/1oYIQ29 (EFF via NNSquad) "For the last month, Venezuela has been caught up in widespread protests against its government. The Maduro administration has responded by cracking down on what it claims as being foreign interference online. As that social unrest has escalated, the state's censorship has widened: from the removal of television stations from cable networks, to the targeted blocking of social networking services, and the announcement of new government powers to censor and monitor online. Last night, EFF received reports from Venezuelans of the shutdown of the state Internet provider in San Cristbal, a regional capital in the west of the country." ------------------------------ Date: Tue, 11 Feb 2014 15:53:04 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Bing censoring Chinese language search results for users in the US http://j.mp/1m4Epns (*The Guardian* via NNSquad) "Microsoft's search engine Bing appears to be censoring information for Chinese language users in the US in the same way it filters results in mainland China. Searches first conducted by anti-censorship campaigners at FreeWeibo, a tool that allows uncensored search of Chinese blogs, found that Bing returns radically different results in the US for English and Chinese language searches on a series of controversial terms. These include Dalai Lama, June 4 incident (how the Chinese refer to the Tiananmen Square protests of 1989), Falun Gong and FreeGate, a popular Internet workaround for government censorship." ------------------------------ Date: Fri, 21 Feb 2014 11:57:22 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: Israel Electric Opens Cyber-War Room to Defend Against Power-Grid Hacks (Gwen Ackerman) Gwen Ackerman, Bloomberg, 19 Feb 2014 http://www.bloomberg.com/news/2014-02-19/israel-electric-opens-cyber-war-room-to-defend-against-power-grid-hacks.html Israel's main power company opened a cyber "war room" this week to defend its systems around the clock from hackers. Technicians at Israel Electric will monitor as many as 400 million cyber-attacks and hacking attempts a day. "There are hundreds of thousands of attempts to infiltrate Israel Electric's networks every day," Israel Electric Chairman Yiftach Ron-Tal said in an e-mailed statement yesterday. "We are talking here about a threat on a national level." Prime Minister Benjamin Netanyahu has said that one goal of his government is to turn Israel into a world leader in cyber-technologies. In 2012, Netanyahu formed the National Cyber Bureau, which said last month that it plans to establish an emergency-response team for cyber-attacks. President Shimon Peres has spent the last month making public appearances to promote Israeli technology, including cyber-security. In the past three years, the country's cyber-security industry has grown from a few dozen companies to about 220 that have raised more than $400 million, according to the Tel Aviv-based IVC Research Center. Twenty multinational companies now operate online-security development centers in Israel. [...] ------------------------------ Date: Mon, 10 Feb 2014 11:47:01 -0500 (EST) From: "ACM TechNews" <technews () hq acm org> Subject: DARPA Thinks the Future of Surveillance Looks Like Siri Patrick Tucker, *Defense One*, 6 Feb 2014 U.S. Defense Advanced Research Projects Agency (DARPA) Information Innovation Office director Dan Kaufman says an innovation gap exists as the private sector advances in areas in which the government was once primarily responsible for research breakthroughs. Kaufman hopes to close that gap, and notes that DARPA has made its most recent big data research effort part of the DARPA Open Catalog, which aims to open more of the agency's software and science research to the public. For example, he says improved encryption can help provide both privacy and security. "What if there was a way to collect the data but encrypt it so that people couldn't use it in a way that wasn't approved?" Kaufman asks. In the future, spying on data will be more difficult even as data proliferates across multiple channels, says Kaufman, pointing to DARPA's PROCEED program, which successfully demonstrated fully homomorphic encryption for cloud environments, previously thought to be impossible. DARPA also will use advanced machine learning to help the Defense Department manage threats, enabling security experts to interact with an algorithm that learns what to look for and improves results through continued interaction. http://www.defenseone.com/technology/2014/02/darpa-thinks-future-surveillance-looks-siri/78419/?oref=d-interstitial-continue ------------------------------ Date: Wednesday, February 12, 2014 From: *Dewayne Hendricks* <dewayne () warpspeed com> Subject: Because of DRM, The Entire Copyright Monopoly Legislation is a Lie (Rick Falkvinge) Rick Falkvinge, *Torrent Freak*, 9 Feb 2014 [via Dave Farber] http://torrentfreak.com/drm-entire-copyright-monopoly-legislation-lie-140209/> Cory Doctorow had a brilliant column in The Guardian, which was very long and went into quite a bit of legislative history, but the key takeaway hit the nail right on the head. The entire copyright legislation is a lie, a facade, a mirage. There are no exceptions, there are no expirations, there is no fair use. The reason the situation has been allowed to degrade to this point is a small but important detail called DRM (Digital Restriction Measures). Since the turn of the century publishers are allowed to embed technical obstacles called Digital Restriction Measures in anything they publish, and these measures set and enforce a vastly expanded set of restrictions over and above ordinary copyright monopoly law. The original law loses its effect in the clause that says that any disabling of such Digital Restriction Measures is illegal in the US and EU. The net effect of this is that the DRM portion of copyright law, as it stands today, is permitting publishers to dictate whatever terms they like and call it `copyright', overriding the rest of that law. Ordinary copyright monopoly law says that the monopoly eventually expires. That's just not true, because mostly everything published today has DRM, which says the monopoly does not expire. Ordinary copyright monopoly law says you have a right to enjoy your purchased works in various formats, places, and ways (in your car, in your home, on your bike, when you like). DRM has made sure that's not in the lawbooks anymore, because publishers didn't want it that way. So let's look closer at what the copyright monopoly law really look like, with DRM in place and protected by law as is today. Publishers don't want you to buy stories in another country and enjoy them at home? At odds with ordinary copyright law, but with DRM, publishers can totally override that. Publishers want the copyright law to say that purchased books can't even be shared between family members? Perfectly doable with DRM-fabricated copyright law, even if the ordinary copyright law would have dropped a ton of bricks on those publishers. Publishers want the ability to remotely remove a book you've bought from your bookshelf, even as you have it in your home? Say, Just fine with DRM. Digital Restriction Measures were never -- never -- supposed to prevent copying. If you wanted to copy a DRM-ridden work, you could do so without problem; the DRM would follow along to the copy just fine. DRM is a usage restriction, not a copy restriction, and most importantly, as Doctorow puts it: DRM is the right for publishers to make up their own copyright law. [...] ------------------------------ Date: Tue, 04 Feb 2014 20:38:17 +0800 From: Jeremy Ardley <jeremy.ardley () gmail com> Subject: Why is the US a decade behind Europe on 'chip and pin' cards? (RISKS-27.73) Chip and PIN doesn't actually increase security. Chip & PIN cards have a fall-back mode when the chip fails and revert to standard magnetic stripe operation or even mechanical imprint. It's trivial to create a card with a broken chip and forged or broken magnetic stripe. It gets slightly more complex with the RFID version of Chip and PIN. The cards have three levels of degradation. Either the RFID fails or the RFID reader fails - both quite common in my experience. Then the Chip can fail - again common, and finally the stripe can fail forcing a reversion to mechanical imprint. There is also the issue of bank terminal acceptance of cards. In one store I am obliged to initially present my RFID card which is declined as not accepted at that terminal. Then I have to insert the card to have the chip read and it is again declined because the terminal won't accept electronic AMEX. Finally I am allowed to swipe the card. I must do it in that order because of the store rules. There is also the issue of Card-not-present purchases such as telephone or Internet purchases in which the chip plays no part whatsoever. What RFID cards do do is decrease security due to various scams involving portable RFID readers. A second risk is banks have different automatic authorisation levels depending on the type of verification used. In my case RFID authentication has a relatively high dollar value for automatic authorisation, so anyone taking my card can make multiple purchases up to $100 each with no signature or PIN. If the card reverts to simple chip mode or swipe mode then a PIN is required for all purchases. All in all Chip cards and in particular RFID Chip cards are convenient but overall less secure than ordinary swipe cards -- at least from a user perspective. ------------------------------ Date: Sun, 16 Feb 2014 12:40:38 +0000 From: Andy Walker <news () cuboid co uk> Subject: Re: NSF: 1/4 of Americans think sun goes 'round the earth... The state of education around the world is often a source of innocent amusement, but this particular item is perhaps not as "bad" as it seems. Firstly, it is certain that the great majority of humans throughout history have believed this, if they have thought about the problem at all. Secondly, it's not a problem that impinges on the daily life of anyone. Thirdly, if the theory of General Relativity is to be accepted, then heliocentrism is no better a belief than geocentrism [or galactocentrism or ...]; we should pick co-ordinates for convenience, not dogma. ------------------------------ Date: Sun, 16 Feb 2014 14:39:54 -0700 From: Rich Schroeppel <rcs () xmission com> Subject: American science education
NSF: 1/4 of Americans think sun goes 'round the earth...
This is cherry picking from the NSF report. (Read it.) Although the state of American science knowledge is spotty, this particular example overstates the problem. Note also that Americans stack up reasonably well compared with people in other developed countries. As an aside, I'll level a couple of other quibbles. a) "Which goes around which" is science trivia, unimportant to everyday life. Ask people about the freezing temperature for water. b) I'm allowed to choose my frame of reference. For practical purposes, the earth is stationary and the sun goes around the earth once a day. ------------------------------ Date: Sat, 15 Feb 2014 16:51:39 -0800 From: spl () tirebiter org (Steve Lamont) Subject: High School educated Air Traffic Controllers Rather than depend upon a biased source (reason.org is an arm of the Koch Brothers Reason Foundation, which would probably like to abolish the FAA and allow the invisible hand of the free market to rule the air spaces), why don't we look at the job posting itself: http://www.doleta.gov/usworkforce/whatsnew/eta_default.cfm?id=6050 Air Traffic Control Specialist Recruitment: Alert on Upcoming Recruitment and Outreach Campaign by FAA 29 Jan 2014 The Federal Aviation Administration (FAA) has announced a nation-wide air traffic control specialist recruitment, outreach, and education program, extending the invitation for the workforce system to share this information with its program participants in advance of a public vacancy announcement expected on or about 10 Feb 2014. There are air traffic control positions available at FAA locations across the country, and the FAA encourages all interested individuals who are eligible to apply for these positions. Some background: The Federal Aviation Administration (FAA) has re-opened its Academy for training Air Traffic Controllers since it closed in the spring of 2013. The FAA intends to hire around 3,000 people over the next year for these positions across the country. The FAA anticipates that they will be hiring in significant numbers over the next several years, given the fact that that Air Traffic Controllers must retire by age 56. Below are some key points of this new FAA hiring initiative: * FAA will post these positions on the USA Jobs website during the 10--21 Feb period. * FAA will recruit nationwide. * The pay scale for Air Traffic Controllers ranges from GS-9 to GS-15 (depending on the local area). * Individuals must start the FAA Academy or be conditionally hired by their 31st birthday. * Individuals must have 3 years of progressively responsible work experience, or a Bachelor's degree, or combination of education and work experience. * Individuals must meet medical and security requirements of being a government employee. * Veterans will receive Preference through the normal Federal Hiring process. * FAA is hosting a Virtual Career Fair on 12 Feb. Please visit www.FAA.gov/jobs jobs for Employment FAQs, Air Traffic Controller Fact Sheets, and promotional videos. FAA has also created 'Digital Kits' created for outreach and promotion, addressing eligibility for the position, application instructions, and other FAA positions in addition to the air traffic control jobs. Please visit www.faa.gov/jobs/recruiting_kit/ The FAA is not hiring J Random Dropout off the street and plopping them into a controller's chair at LAX. They're simply restarting an already existing program that has been in hiatus. ------------------------------ Date: Wed, 19 Feb 2014 11:26:16 -0600 From: Bruce Schneier <schneier () schneier com> Subject: David Cole: "Can Privacy Be Saved?" http://www.nybooks.com/articles/archives/2014/mar/06/can-privacy-be-saved/ ------------------------------ Date: Mon, 17 Feb 2014 10:08:47 +0000 From: Martyn Thomas <martyn () thomas-associates co uk> Subject: GPS / GNSS vulnerabilities The Royal Academy report that was mentioned in the latest RISKS digest is here: http://raeng.org.uk/news/publications/list/reports/Global_Navigation_Systems.pdf ------------------------------ Date: 15 Feb 2014 21:50:25 -0500 From: "Bob Frankston" <bob2 () bob ma> Subject: Re: GPS pioneer warns on network's security (Jones/Hoyos, R-27.74) One approach is to harden the system but shouldn't we also be thinking about a more generalized approach to getting location information that doesn't depend on line-of-sight to satellites? We already do this using information from cell towers and other sources but such approaches need to be resilient and not naively trusting in the information they receive. ------------------------------ Date: Sun, 16 Feb 2014 20:18:54 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: UK is expanding their screwed up mandated porn filters to include more topics they can screw up http://j.mp/M5rqkU (Techdirt via NNSquad) "The UK government's futile and ham-fisted attempts to purge the Internet of all of its rough edges and naughty bits are about to see international escalation. The country is only really just kicking off their campaign to impose porn filters that not only often don't work, but also have so far managed to accidentally block numerous entirely legal and useful websites including technology news sites like Slashdot, digital rights groups like the EFF, rape counseling websites, and more. David Cameron's government has long-stated they want this filtering to eventually extend to websites deemed "extremist" by the government, and it appears that new proposals being drafted hope to make that a reality sooner rather than later." Here's a plan. Cameron can just use "*" as his filter block directive and avoid all the intermediate steps. No Web! No Problem! ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 27.75 ************************
Current thread:
- Risks Digest 27.75 RISKS List Owner (Feb 21)