RISKS Forum mailing list archives
Risks Digest 28.26
From: RISKS List Owner <risko () csl sri com>
Date: Thu, 11 Sep 2014 15:55:33 PDT
RISKS-LIST: Risks-Forum Digest Thursday 11 September 2014 Volume 28 : Issue 26 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/28.26.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Nancy Pelosi urges FCC to reclassify broadband as a utility (Verge) "Microsoft patch KB 2918614 triggers 'key not valid for use,' more errors" (Woody Leonhard via Gene Wirchenko) Apple - Update to Celebrity Photo Investigation (Monty Solomon) Apple Announces Apple Pay (Monty Solomon) iPod classic is dead, and the 30-pin connector along with it (Casey Johnston via Monty Solomon) Re: Apple Says It Will Add New iCloud Security Measures After Celebrity Hack (Kurt Seifried) Amazon's Fire Phone falls to 99 cents on a two-year contract (Roy Amadeo via Monty Solomon) Feds say NSA "bogeyman" did not find Silk Road's servers (David Kravets via Monty Solomon) AT&T/Verizon say 10Mbps is too fast for "broadband," 4Mbps is enough (Jon Brodkin via Monty Solomon) Penalty for driving while texting in Long Island-a disabled cell phone (David Kravets via Monty Solomon) NOBUS BOGUS: "Do You Feel Lucky, Punk?" (Henry Baker) The Case for Resign Switches for Politicians (Henry Baker) "Predictive" Technology Used to ID Troubled Cops (Henry Baker) Re: GM to Introduce Hands-Free Driving in Cadillac Model (Gabe Goldberg) Re: This chart shows the world's Internet usage shifting to smartphones (Rodney Van Meter) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 8 Sep 2014 16:21:13 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Nancy Pelosi urges FCC to reclassify broadband as a utility Verge via NNSquad http://www.theverge.com/2014/9/8/6123801/pelosi-urges-title-ii-classification-of-broadband A good number of politicians have recently made statements in favor of net neutrality, but House Minority Leader Nancy Pelosi is going further than most of them today and asking that the Federal Communications Commission reclassify broadband as a utility using Title II of the Communications Act -- exactly what net neutrality advocates have been pushing for. In a letter to FCC chair Tom Wheeler, Pelosi writes that Title II is "an appropriate tool to refine modern rules," and that it can do so without the FCC overburdening broadband providers. ------------------------------ Date: Mon, 08 Sep 2014 16:04:46 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Microsoft patch KB 2918614 triggers 'key not valid for use,' more errors" (Woody Leonhard) Woody Leonhard | InfoWorld, 08 Sep 2014 August's Windows Installer Service patch causes wide range of inscrutable problems on Windows 7 and Windows 8 machines http://www.infoworld.com/t/microsoft-windows/microsoft-patch-kb-2918614-triggers-key-not-valid-use-more-errors-249973 ------------------------------ Date: Mon, 8 Sep 2014 23:39:55 -0400 From: Monty Solomon <monty () roscom com> Subject: Apple - Update to Celebrity Photo Investigation Apple Media Advisory Update to Celebrity Photo Investigation http://www.apple.com/pr/library/2014/09/02Apple-Media-Advisory.html We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple's engineers to discover the source. Our customers' privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved. To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232 . ------------------------------ Date: Tue, 9 Sep 2014 22:30:34 -0400 From: Monty Solomon <monty () roscom com> Subject: Apple Announces Apple Pay Transforming Mobile Payments with an Easy, Secure & Private Way to Pay CUPERTINO, California--September 9, 2014--Apple today announced Apple Pay, a new category of service that will transform mobile payments with an easy, secure and private way to pay. Apple Pay works with iPhone 6 and iPhone 6 Plus through a groundbreaking NFC antenna design, a dedicated chip called the Secure Element, and the security and convenience of Touch ID. Apple Pay is easy to set up, so hundreds of millions of users can simply add their credit or debit card on file from their iTunes Store account. Apple Pay will also work with the newly announced Apple Watch, extending Apple Pay to over 200 million owners of iPhone 5, iPhone 5c and iPhone 5s worldwide. Apple Pay supports credit and debit cards from the three major payment networks, American Express, MasterCard and Visa, issued by the most popular banks including Bank of America, Capital One Bank, Chase, Citi and Wells Fargo, representing 83 percent of credit card purchase volume in the US.* In addition to the 258 Apple retail stores in the US, some of the nation's leading retailers that will support Apple Pay include Bloomingdale's, Disney Store and Walt Disney World Resort, Duane Reade, Macy's, McDonald's, Sephora, Staples, Subway, Walgreens and Whole Foods Market. Apple Watch will also work at the over 220,000 merchant locations across the US that have contactless payment enabled. Apple Pay is also able to make purchases through apps in the App Store. ... http://www.apple.com/pr/library/2014/09/09Apple-Announces-Apple-Pay.html [Given the troubles around the world with online payments, this might be an invitation to disaster. PGN] ------------------------------ Date: Tue, 9 Sep 2014 22:41:21 -0400 From: Monty Solomon <monty () roscom com> Subject: iPod classic is dead, and the 30-pin connector along with it (Casey Johnston) Casey Johnston, Ars Technica, 9 Sep 2014, This marks a complete transition to Lightning connectors, in just two years. When apple.com returned after the event announcing Apple's new iPhone 6, 6 Plus, and Apple Watch, one of its longest-standing members was gone: the iPod classic. Along with it goes the 30-pin dock connector, marking a complete transition to the Lightning connector for Apple's entire mobile device fleet in exactly two years. ... http://arstechnica.com/gadgets/2014/09/ipod-classic-is-dead-and-the-30-pin-connector-along-with-it/ ------------------------------ Date: Tue, 9 Sep 2014 15:54:23 -0600 From: Kurt Seifried <kurt () seifried org> Subject: Re: Apple Says It Will Add New iCloud Security Measures After Celebrity Hack (Chen, RISKS-28.25) I'm glad they're not actually fixing the root problems like strengthening authentication or making brute force attacks harder, now as long as nobody goes on vacation or doesn't check email for a few days we'll all be safe! BTW if someone is attacking my iCloud account what exactly can I do about it? Randomly change my password and hope for the best? Is there any way to contact apple? Nope! ------------------------------ Date: Tue, 9 Sep 2014 22:56:15 -0400 From: Monty Solomon <monty () roscom com> Subject: Amazon's Fire Phone falls to 99 cents on a two-year contract (Roy Amadeo) After reports of it struggling in the market, the device gets a $200 price cut. Ron Amadeo, Ars Technica, 8 Sep 2014 http://arstechnica.com/gadgets/2014/09/amazons-fire-phone-falls-to-99-cents-on-a-two-year-contract/ ------------------------------ Date: Tue, 9 Sep 2014 00:52:56 -0400 From: Monty Solomon <monty () roscom com> Subject: Feds say NSA "bogeyman" did not find Silk Road's servers (David Kravets) David Kravets, *Ars Technica*, 6 Sep 2014 FBI says it found main server via a "misconfiguration" of the login interface. The FBI easily found the main server of the now-defunct Silk Road online drug-selling site, and didn't need the National Security's help, federal prosecutors said in a Friday court filing. The underground drug website, which was shuttered last year as part of a federal raid, was only accessible through the anonymizing tool Tor. The government alleges that Ross Ulbricht, as Dread Pirate Roberts, "reaped commissions worth tens of millions of dollars" through his role as the site's leader. Trial is set for later this year. The authorities said Friday that the FBI figured out the server's IP address through a misconfiguration in the site's login window. They said that a US warrant wasn't required to search the Icelandic server because "warrants are not required for searches by foreign authorities of property overseas." ... http://arstechnica.com/tech-policy/2014/09/feds-say-nsa-bogeyman-did-not-find-silk-roads-servers/ http://cdn.arstechnica.net/wp-content/uploads/2014/09/silkroaddoc.pdf ------------------------------ Date: Tue, 09 Sep 2014 13:52:20 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Tech industry groups ask U.S. Senate to 'swiftly pass' NSA curbs" (John Ribeiro) John Ribeiro, Infoworld, 09 Sep 2014 A coalition of tech industry groups writes a letter to Senate leaders saying an erosion of trust is affecting their business abroad http://www.infoworld.com/t/federal-regulations/tech-industry-groups-ask-us-senate-swiftly-pass-nsa-curbs-250096 ------------------------------ Date: Wednesday, September 10, 2014 From: *Chris Beck* <cbeck () pacanukeha net> Subject: 5 million leaked gmail usernames and passwords (Daily Dot) News surfaced yesterday in Russia about this leak (via Dave Farber) Apparently you can check if you are on it at isleaked.com, but it's under a lot of load and in Russian. There is a text box and a button and you want to see in the green box. http://www.dailydot.com/crime/google-gmail-5-million-passwords-leaked/ ------------------------------ Date: Tue, 09 Sep 2014 13:55:02 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Comcast's open Wi-Fi hotspots inject ads into your browser" (Ian Paul) Ian Paul, PC World, InfoWorld, 09 Sep 2014 By injecting JavaScript ads into your browser, Comcast could be creating unintended security vulnerabilities http://www.infoworld.com/d/networking/comcasts-open-wi-fi-hotspots-inject-ads-your-browser-250141 ------------------------------ Date: Tue, 09 Sep 2014 13:53:28 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Salesforce.com warns customers of malware attack" Lucian Constantin, InfoWorld, 09 Sep 2014 A new version of the Dyreza online banking Trojan is stealing Salesforce.com log-in credentials http://www.infoworld.com/d/security/salesforcecom-warns-customers-of-malware-attack-250140 ------------------------------ Date: Tue, 9 Sep 2014 00:45:03 -0400 From: Monty Solomon <monty () roscom com> Subject: AT&T/Verizon say 10Mbps is too fast for "broadband," 4Mbps is enough (Jon Brodkin) Cable lobby also implores FCC not to change definition of broadband. Jon Brodkin, *Ars Technica*, 8 Sep 2014 AT&T and Verizon have asked the Federal Communications Commission not to change its definition of broadband from 4Mbps to 10Mbps, saying many Internet users get by just fine at the lower speeds. ... http://arstechnica.com/business/2014/09/att-and-verizon-say-10mbps-is-too-fast-for-broadband-4mbps-is-enough/ ------------------------------ Date: Tue, 9 Sep 2014 22:39:50 -0400 From: Monty Solomon <monty () roscom com> Subject: Penalty for driving while texting in Long Island-a disabled cell phone (David Kravets) David Kravets, Ars Technica, 9 Sep 2014 New York prosecutor says driving while texting is as dangerous as drunk driving. Motorists popped for texting-while-driving violations in Long Island could be mandated to temporarily disable their mobile phones the next time they take to the road. That's according to Nassau County District Attorney Kathleen Rice, who says she is moving to mandate that either hardware be installed or apps be activated that disable the mobile phone while behind the wheel. The district attorney likened the texter's punishment to drunk drivers who sometimes are required to breathe into a device before turning on the ignition. ... http://arstechnica.com/tech-policy/2014/09/penalty-for-driving-while-texting-in-long-island-a-disabled-cell-phone/ ------------------------------ Date: Mon, 08 Sep 2014 14:33:34 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: NOBUS BOGUS: "Do You Feel Lucky, Punk?" One major risk in the cyberwar arena is overplaying one's own hand. Here's a little calculation that I did last week that I hope might sober some people up a bit. NOBUS BOGUS: "Do You Feel Lucky, Punk?" Gen. Michael Hayden, former director of the NSA, has put forward the concept of "NOBUS" ("Nobody But US"). According to *The Washington Post*: "To a certain extent, this NOBUS idea reflects the weighing of the dual defensive and offensive mission of the NSA. ... But we're talking about the same agency that reportedly has a 600-some elite offensive hacker squad, Tailored Access Operations or TAO, working out of its headquarters. And NOBUS also raises a lot of questions about how the intelligence agency determines if something is likely to be exploited by adversaries." http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/04/why-everyone-is-left-less-secure-when-the-nsa-doesnt-help-fix-security-flaws/ Hayden's NOBUS concept depends critically on the U.S. having an overwhelming advantage in terms of *computer power* relative to its competitors -- particularly China. Hayden: "If there's a vulnerability here that weakens encryption but you still need four acres of Cray computers in the basement in order to work it you kind of think 'NOBUS' and that's a vulnerability we are not ethically or legally compelled to try to patch -- it's one that ethically and legally we could try to exploit in order to keep Americans safe from others." China can obviously afford to build any computer it wants; it owns ~$1.3T of US debt, and China already makes many of the components needed for such computers. So "four acres of Cray computers" isn't much of a show-stopper for the Chinese. http://www.treasury.gov/ticdata/Publish/mfh.txt But based upon most reports of computer hacking I've read, the essential element for hacking success isn't *computer* power, but *hacker* power; i.e., human intelligence & hacking skill. Yes, the NSA might well have brute-forced a "collision attack" for STUXNET with four acres of Crays, but such brute force attacks are rare simply because there are so many other -- & far cheaper -- hacks readily available. So, given the current level of IQ and STEM education in the U.S., "NOBUS" might just be a hollow (and therefore very dangerous) conceit. In order to gain some better insight, I've developed a simple model of hacker skill analogous to *chess ratings*. Of course, there's no studies showing any correlation between chess ratings and hacker skills, nor even studies showing that the probability distributions of chess skills and hacker skills are similar. https://en.wikipedia.org/wiki/Elo_rating_system Nevertheless, I speculate that hacker skills are indeed distributed in a manner similar to chess skills, and that hacker competitions might show similar statistics to chess competitions. Using these assumptions, I've done some calculations based on the mathematics of chess ratings (developed by Zermelo, a half-century before Elo). http://www.glicko.net/research/preface-z28.pdf If hacker skills were distributed *logistically* like chess ratings, then one could calculate the probability of hacker A beating hacker B by looking at the arithmetic *difference* of a chess-like hacker rating. https://en.wikipedia.org/wiki/Logistic_distribution Chess ratings seem to have a mean of perhaps 1130, and a standard deviation of perhaps 315. Since the probability of winning at chess is based only on the rating *differences*, we don't care very much about the mean. A chess rating deficit of 382 gives a 10% chance of winning. A chess rating deficit of 798 gives a 1% chance of winning. A chess rating deficit of 1200 gives a .1% chance of winning. We can rescale a chess rating-like system to a distribution that looks a lot more like an IQ distribution by setting the mean=100 and the 2.275% quantile at 130; i.e., only 2.275% of the population has an IQ greater than 130. (With this rescaling, the logistic distribution "s" parameter is about 8.0.) Let's call this rating system "HQ", for "Hacker Quotient", and I will presume that this HQ rating captures hacking skill levels. An HQ deficit of 17.6 gives a 10% chance of winning. An HQ deficit of 36.8 gives a 1% chance of winning. An HQ deficit of 55.3 gives a .1% chance of winning. China's population is ~1.355 billion, while the US population is ~318.679 million (Wikipedia). If N=600 is the size of NSA's TAO group, then TAO presumably represents the best 1.883x10^-4 % of the US population. But N=600 represents the best 4.428x10^-5 % of the Chinese population. If the tails of the distributions are thin, then the upper tail of a larger population will have a larger mean than that of a smaller population. If China's mean HQ is 100, and the US's mean HQ is 98 (following the IQ difference between China and the US), the HQ deficit for the US TAO v. the Chinese TAO is 13.58, hence the US's chance of winning a hacker war is only 15.5%. If both the US and China's mean HQ is 100, the HQ deficit for the US TAO is only 11.58, hence the US's chance of winning a hacker war is then 19%. The core insight is that due to the 4.25x population advantage, the top N (N=600) hackers in China are better than the top N hackers (i.e., NSA's TAO) in the US. If there is also a difference in the population mean HQ, then this effect is additive to the deficit due to population size. Since we are dealing with the sparse *tails* of these distributions, the uncertainty of these calculations is very high. Nevertheless, the overall conclusion is similar: *population size matters* when looking at extreme tails. I should also point out that the US Internet infrastructure is far more extensive than the Chinese infrastructure, so the US is a much juicer target for any hacking. The US would suffer substantially greater damage from any maliciousness -- particularly on a relative basis -- and hence "people who live in glass houses shouldn't throw stones". I'm not so sure that the US wants to continue talking like Dirty Harry with long odds such as these. It would also behoove the US to *harden* all that glass -- not just against nation-states, but against *all* malicious actors. ------------------------------ Date: Tue, 09 Sep 2014 13:12:43 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: The Case for Resign Switches for Politicians (Re: Zittrain, R-28.25) FYI -- I don't know about kill switches for weapons, but I think that quite a number of us voters would like to see "automatic resign switches" for politicians who violate their campaign promises. I think that most of us would agree that lying and out-of-control politicians have done far more damage than any number of captured weapons. In particular, politicians are "captured" all the time by special interests. Wouldn't it be nice for the voters to be able to (Eric) Cantorize a politician who got too big for his/her britches? This wouldn't require any Constitutional or legal changes, but merely a computer-controlled lock box containing an irrevocable letter of resignation, which would be automatically and immediately opened by an online voting system after it tallied a simple majority "no confidence" vote of the electorate of his/her district/state/country. A politician could sign up for this service and tout it in his/her advertising. Otherwise, voters could safely assume that the politician was merely "blowing smoke". A more geeky solution could be developed using the Bitcoin blockchain & scripting language. http://www.nytimes.com/2014/09/09/us/politics/a-president-whose-assurances-have-come-back-to-haunt-him.html ------------------------------ Date: Wed, 10 Sep 2014 06:29:17 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: "Predictive" Technology Used to ID Troubled Cops FYI -- But these systems don't work. But expect them to be used even more after Ferguson, even though (particularly because??) they don't work. These expensive systems are complete scams, but govts buy them to cover their asses (see, we've used "best practices"). Tami Abdollah, Technology Used to ID Troubled Cops, Sep 4 2014 http://www.officer.com/news/12001926/technology-used-to-id-troubled-cops Police departments across the U.S. are using technology to try to identify problem officers before their misbehavior harms innocent people, embarrasses their employer, or invites a costly lawsuit -- from citizens or the federal government. While such "early warning systems" are often treated as a cure-all, experts say, little research exists on their effectiveness or -- more importantly -- if they're even being properly used. Over the last decade, such systems have become the gold standard in accountability policing with a computerized system used by at least 39 percent of law enforcement agencies, according to the most recent data from the U.S. Bureau of Justice Statistics. The issue of police-community relations was thrust into the spotlight after an officer fatally shot Michael Brown in Missouri. Since then, departments have held public forums to build trust with residents. Some are testing cameras mounted to officers to monitor their interactions with the public. Experts say the early warning system can be another powerful tool to help officers do their jobs and improve relations, but it is only as good as the people and departments using it. "It's not a guarantee that you will catch all of those officers that are struggling," said Jim Bueermann of the nonprofit Police Foundation, which is dedicated to better policing. "These systems are designed to give you a forewarning of problems and then you have to do something." [Long item truncated for RISKS. PGN] ------------------------------ Date: Mon, 08 Sep 2014 15:01:06 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Re: GM to Introduce Hands-Free Driving in Cadillac Model (R-28.25) But you're steering and thus presumably watching the road. "Let the car do the work ... BUT remain alert" -- currently people already drift off, lose focus, get hypnotized, and text while supposedly still driving. Increased automation (auto-mation?) and hands/foot-free driving can't help but worsen attention paid to driving. Alert? Not likely. ------------------------------ Date: Thu, 11 Sep 2014 11:37:53 -0400 From: Rodney Van Meter <rdv () sfc wide ad jp> Subject: Re: This chart shows the world's Internet usage shifting to smartphones http://thenextweb.com/shareables/2014/08/19/watch-world-move-towards-smartphones-one-simple-chart/ I saw this plot when it first arrived on the web a few weeks ago (courtesy of Dave Farber's IP, IIRC). It takes only a minute or two to see that the animation is far more glitzy than accurate. For starters, it is clear that most of the national lines are extrapolated from a very small number of data points. Moreover, the few data points are likely derived from surveys with very different methodologies; the discrepancies are substantial. A clear example is India, in the lower left. It appears to be composed of three data points: date PC mobile 3/2011 36.9% 22.9% 3/2013 10.6% 12.8% 3/2014 11.3% 22.1% These numbers are simply not plausible. I have seen other Internet penetration numbers for India recently, that placed it at around 17% (independent of method). My *guess* is that the 2011 numbers actually represent growth rate, rather than %age of the population! Practically every country in the data shows some anomalous behavior. Indonesia shows an outright U-turn; Argentina and Thailand appear to suffer substantial declines in the actual number of Internet users via any platform, which seems unlikely. Korea shows a sudden sharp drop in PC use, over 10% in a year. Japan has an odd kink in its line in 2012, q declining 10% in six months but then recovering. Bottom line, I think this pretty hopeless. ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string `notsp' at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 28.26 ************************
Current thread:
- Risks Digest 28.26 RISKS List Owner (Sep 11)