RISKS Forum mailing list archives
Risks Digest 28.95
From: RISKS List Owner <risko () csl sri com>
Date: Thu, 24 Sep 2015 14:05:13 PDT
RISKS-LIST: Risks-Forum Digest Thursday 24 September 2015 Vol 28 : Issue 95 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/28.95.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Crooked software: VW Is Said to Cheat on Diesel Emissions; U.S. to Order Big Recall (NYTimes) Ethics in Engineering: Volkswagen's Diesel Fiasco (Hackaday via LW) OPM says 5.6 million fingerprints stolen in cyberattack, five times as many as previously thought Sensors You Can Swallow Could Be Made of Nutrients and Powered by Stomach Acid (Neil Savage) Trojan targets online poker sites, peeks at players' cards (Ars Technica) India Draft Encryption Policy Doc lays out horrendous requirements (Deity) Oops! Error by Systema Software exposes millions of records with insurance claims data and internal notes (Data Breaches) Researchers say South Korea-backed child monitoring app was wide open to hackers (AP) D-Link Oops (Help Net) AVG privacy -not- policy (Softpedia) "Sloppy dev practices allowed malware into Apple App Store" (Fahmida Y. Rashid) Apple Confirms Discovery of Malicious Code in Some App Store Products (NYTimes) Skype Service Problems for Some Users Worldwide (NYTimes) Syndry risky thoughts caused by weekend's SLASHDOT articles (Werner U) Symantec employees fired for issuing rogue HTTPS certificate for Google (Ars Technica) iPhone 6s's Hands-Free Siri Is an Omen of the Future (NYTimes) As Head-Up Displays Become Common, Distraction Becomes an Issue (NYTimes) France tells Google to remove search results globally, or face big fines (Ars Technica) Yes, the FCC might ban your operating system (PRPL) Re: One Symptom in New Medical Codes: Doctor Anxiety (William Ehrich) Re: Researcher Hacks Self-driving Car Sensors (Martin Ward, LW) Re: "The Web's 10 most dangerous neighborhoods" (John Levine) Re: Why We Positively, Absolutely, Can't Trust the Government with Encryption (William Ehrich) Re: Unwanted data transmissions by Windows 10 (Carl Byington) Re: How to make the Internet worse for everyone except the slimeballs (Dan Jacobson, Lauren Weinstein) Re: Vehicles with keyless ignition systems... (Dan Jacobson) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sun, 20 Sep 2015 12:11:49 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Crooked software: VW Is Said to Cheat on Diesel Emissions; U.S. to Order Big Recall (Coral Davenport) Coral Davenport, *The New York Times*, 18 Sep 2015 http://www.nytimes.com/2015/09/19/business/volkswagen-is-ordered-to-recall-nearly-500000-vehicles-over-emissions-software.html The Obama administration on Friday directed Volkswagen to recall nearly a half-million cars, saying the automaker illegally installed software in its diesel-power cars to evade standards for reducing smog. The Environmental Protection Agency accused the German automaker of using software to detect when the car is undergoing its periodic state emissions testing. Only during such tests are the cars' full emissions control systems turned on. During normal driving situations, the controls are turned off, allowing the cars to spew as much as 40 times as much pollution as allowed under the Clean Air Act, the E.P.A. said. `The Environmental Protection Agency issued the company a notice of violation and accused the company of breaking the law by installing software known as a `defeat device' in 4-cylinder Volkswagen and Audi vehicles from model years 2009-15. The device is programmed to detect when the car is undergoing official emissions testing, and to only turn on full emissions control systems during that testing. Those controls are turned off during normal driving situations, when the vehicles pollute far more heavily than reported by the manufacturer, the E.P.A. said. ``Using a defeat device in cars to evade clean air standards is illegal and a threat to public health,'' said Cynthia Giles, the E.P.A.'s assistant administrator for the Office of Enforcement and Compliance. ``Working closely with the California Air Resources Board, E.P.A. is committed to making sure that all automakers play by the same rules. E.P.A. will continue to investigate these very serious violations.'' The software was designed to conceal the cars' emissions of the pollutant nitrogen oxide, which contributes to the creation of ozone and smog. The pollutants are linked to a range of health problems, including asthma attacks and other respiratory diseases. It will be interesting to see if VW can negotiate the fines for this massive fraud down to something less than staggering. [Henry Baker noted that the affected diesel models include: * Jetta (Model Years 2009 2015) * Beetle (Model Years 2009 2015) * Audi A3 (Model Years 2009 2015) * Golf (Model Years 2009 2015) * Passat (Model Years 2014-2015)] [See also https://www.washingtonpost.com/news/the-switch/wp/2015/09/23/opm-now-says-more-than-five-million-fingerprints-compromised-in-breaches/ [We've noted in RISKS previously that this kind of shenanigan could easily be used in voting machines (especially proprietary ones), which when run in test mode do everything correctly, but when run in live elections might surreptitiously do whatever else they might have been programmed to do. PGN] ------------------------------ Date: Wed, 23 Sep 2015 10:41:16 -0700 From: "People For Internet Responsibility <pfir () pfir org> Subject: Ethics in Engineering: Volkswagen's Diesel Fiasco (Hackaday) http://hackaday.com/2015/09/23/ethics-in-engineering-volkswagens-diesel-fiasco/ Like the Space Shuttle Challenger disaster, like the Johnstown flood, and like that one scene at the beginning of Fight Club, this will be one for the engineering ethics text books. If this does turn into a criminal investigation - and chances of that are good - we will eventually learn how this complete abdication of law and social responsibility came to be. Until then, we're left to guess how one of the biggest blunders of automotive history came to be, and where Volkswagen and the diesel car will be in the years to come. I have for many years publicly asserted that ethics are a *fundamental* aspect of engineering -- including software engineering. I have frequently faced arguments from persons claiming that I'm wrong -- that engineers should just write the code as they're told to do, and that their role is not to independently apply any ethical considerations whatsoever. I cannot even really begin to explain how strongly I disagree with that view, or how devastating to consumer and user trust that view can be. [Lauren Weinstein] ------------------------------ Date: Wed, 23 Sep 2015 10:29:35 -0700 From: PRIVACY Forum mailing list <privacy () vortex com> Subject: OPM says 5.6 million fingerprints stolen in cyberattack, five times as many as previously thought (Hackaday via LW) One of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management just got worse: The agency now says 5.6 million people's fingerprints were stolen as part of the hacks. That's more than five times the 1.1 million government officials estimated when the cyberattacks were initially disclosed over the summer. However, OPM said Wednesday the total number of those believed to be caught up in the breaches, which included the theft of the Social Security numbers and addresses of more than 21 million former and current government employees, remains the same. [CNBC: ``We recently learned that as far back as 2007, the Inspector General was warning that OPM was vulnerable to a breach, but nothing was done to prevent it. ... US Gov blames China for breach, ignoring implications of their own front door back door mentality.''] And this is the same government that wants access to our encryption keys. But don't worry! Simply change your passwords and fingerprints and you'll be just fine. Yeah. LW ------------------------------ Date: Wed, 23 Sep 2015 11:59:39 -0400 (EDT) From: "ACM TechNews" <technews () hq acm org> Subject: Sensors You Can Swallow Could Be Made of Nutrients and Powered by Stomach Acid (Neil Savage) Neil Savage, IEEE Spectrum, 21 Sept 2015, via ACM TechNews, 23 Sep 2015 Carnegie Mellon University (CMU) researchers are working on designs for an ingestible sensor that would combine silicon circuitry and nutrients and could be powered by stomach acid. One of the major hurdles when designing ingestible sensors is convincing regulators they would be safe. The approach of Christopher Bettinger's team at CMU is to use organic and biodegradable materials that are already considered safe to ingest. They envision silicon logic circuits encapsulated in a biodegradable hydrogel, which would enable it to squeeze through tight openings. The antennas and electronics would be made of small amounts of digestible minerals such as manganese, magnesium, and copper. In addition, the silicon Bettinger's team proposes using to power the logic circuits of their ingestible sensors can be converted by the body into silicic acid. The sensor would be powered by a battery with a cathode made of melanin and an anode made of manganese oxide. When the battery reaches the stomach, acidic gastric juices would act as an electrolyte and transport current. During testing, the design has been able to provide 5 milliwatts of power for up to 20 hours. The researchers say ingestible sensors could be used to study the microbiome, look for infections, and monitor medication uptake. http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_5-e1e8x2d43fx063701& [Fascinating possibilities here. Remotely reprogrammable? remotely surveillable? what about integrity risks? privacy risks? and what could happen maliciously, accidentally, or even *in-jestibly*? stupid gas-tric(k)s? PGN] ------------------------------ Date: Fri, 18 Sep 2015 09:08:48 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Trojan targets online poker sites, peeks at players' cards (Ars) Ars Technica via NNSquad http://arstechnica.com/security/2015/09/trojan-targets-online-poker-sites-peeks-at-players-cards/ Anybody who has ever played poker, online or offline, always suspects that they might be the victim of cheating when the cards aren't going their way. Now there's evidence to suspect that the hunch is real when it comes to two of the world's most popular online gambling portals. "Several hundred" gamblers on the Pokerstars and Full Tilt Poker platforms have been hit with a cheating trojan, according to ESET security researcher Robert Lipovsky. But don't worry boys and girls, Internet voting would be perfectly safe! Nothing can go wrong! No th ing ca n g o wr ------------------------------ Date: Sun, 20 Sep 2015 21:00:58 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: India Draft Encryption Policy Doc lays out horrendous requirements http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf Users / Organizations within B group (i.e. B2B Sector) may use Encryption for storage and communication. Encryption algorithms and key sizes shall be prescribed by the Government through Notifications from time to time. On demand, the user shall be able to reproduce the same Plain text and encrypted text pairs using the software / hardware used to produce the encrypted text from the given plain text. Such plain text information shall be stored by the user/organisation/agency for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country. ------------------------------ Date: Sat, 19 Sep 2015 20:45:05 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Oops! Error by Systema Software exposes millions of records with insurance claims data and internal notes Data Breaches via NNSquad http://www.databreaches.net/oops-error-by-systema-software-exposes-millions-of-records-with-insurance-claims-data-and-internal-notes/ According to a source who contacted DataBreaches.net, as part of research on data leaks, the self-described "technology enthusiast" ("TE") downloaded some random data from a publicly available subdomain on Amazon Web Services (AWS). Inspection of the files revealed many GB of SQL database backups with "names, social security numbers, addresses, dates of birth, phone numbers, as well as various financial and medical injury data." TE informs DataBreaches.net that after discovering the treasure trove of personal information on or about August 30, he immediately began to notify the proper agencies and authorities. DataBreaches.net withheld publication until now to give TE time to notify more entities and to give the software firm time to notify its affected clients. ------------------------------ Date: Sun, 20 Sep 2015 19:51:55 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Researchers say South Korea-backed child monitoring app was wide open to hackers (AP) (AP): http://www.usnews.com/news/business/articles/2015/09/20/apnewsbreak-south-korea-backed-app-puts-children-at-risk Security researchers say they found critical weaknesses in a South Korean government-mandated child surveillance app -- vulnerabilities that left the private lives of the country's youngest citizens open to hackers. In separate reports released Sunday, Internet watchdog group Citizen Lab and German software auditing company Cure53 said they found a catalogue of worrying problems with "Smart Sheriff," the most popular of more than a dozen child monitoring programs South Korea requires for new smartphones sold to minors. With "friends" like the S. Korea government, who needs enemies? ------------------------------ Date: Sat, 19 Sep 2015 13:13:10 -0500 From: "Alister Wm Macintyre \(Wow\)" <macwheel99 () wowway com> Subject: D-Link Oops (Help Net) Software aps get updated by downloading patches, to the software on the computer. Hardware aps get updated by downloading firmware into the hardware. Both have their risks of vendor oops, and vendor policies. D-Link inadvertently provided purchasers with tools to aid malware developers. http://www.net-security.org/secworld.php?id=18869 ------------------------------ Date: Sat, 19 Sep 2015 12:45:31 -0500 From: "Alister Wm Macintyre \(Wow\)" <macwheel99 () wowway com> Subject: AVG privacy -not- policy (Softpedia) AVG privacy (not) policy lists data it collects from users, to sell to advertisers, to fund its fee service. This policy will be implemented starting October 15. AVG has published a blog post <http://now.avg.com/understanding-the-new-privacy-policy/> explaining the decision to go this route, along with the full privacy policy's content <http://www.avg.com/gb-en/privacy-new> , so users can read it and decide if they want to use its services, switch to the paid AVG version,, or to an AVG competitor. They claim that the info to be shared will be non-personal, such as web search history, what aps are on our computers, not personal id like name e-mail address, info which is used for id theft. http://news.softpedia.com/news/avg-proudly-announces-it-will-sell-your-browsing-history-to-online-advertisers-492146.shtml ------------------------------ Date: Mon, 21 Sep 2015 14:37:23 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Sloppy dev practices allowed malware into Apple App Store" (Fahmida Y. Rashid) Fahmida Y. Rashid, InfoWorld, 21 Sep 2015 The XcodeGhost malware on iOS and OS X provides an object lesson for developers: Never rely on unofficial versions or alternative repositories for your tools Instead of trying to sneak a malicious iOS app past Apple's verification process onto the App Store, malware writers went after developers looking for shortcuts. [...] http://www.infoworld.com/article/2985129/security/sloppy-dev-practices-allowed-malware-into-apple-app-store.html ------------------------------ From: Monty Solomon <monty () roscom com> Date: Tue, 22 Sep 2015 18:24:41 -0400 Subject: Apple Confirms Discovery of Malicious Code in Some App Store Products http://www.nytimes.com/2015/09/21/business/apple-confirms-discovery-of-malicious-code-in-some-app-store-products.html Security researchers said hackers took advantage of the fact that many Chinese developers use copies of code that are held on Chinese servers, resulting in a malicious version of Xcode. ------------------------------ Date: Tue, 22 Sep 2015 18:23:39 -0400 From: Monty Solomon <monty () roscom com> Subject: Skype Service Problems for Some Users Worldwide http://www.nytimes.com/2015/09/22/technology/skype-service-disrupted-for-some-users-worldwide.html Microsoft's Internet calling unit did not specify how many of its roughly 300 million global users were affected. ------------------------------ Date: Mon, 21 Sep 2015 12:59:13 +0200 From: Werner U <werneru () gmail com> Subject: Sundry risky thoughts caused by weekend's SLASHDOT articles Delete, Dump and Destroy: Canada's Government Data Severely Compromised <http://yro.slashdot.org/story/15/09/20/1658223/delete-dump-and-destroy-canadas-government-data-severely-compromised?sdsrc=prev> Image Doctoring Is Tough To Spot, Even When We're Looking For It <http://science.slashdot.org/story/15/09/20/0436230/image-doctoring-is-tough-to-spot-even-when-were-looking-for-it?sdsrc=next> Private Medical Data of Over 1.5 Million People Exposed Through Amazon <http://yro.slashdot.org/story/15/09/20/0144248/private-medical-data-of-over-15-million-people-exposed-through-amazon?sdsrc=next> Symantec Subsidiary Thawte Issues Rogue Google Certificates <http://tech.slashdot.org/story/15/09/19/2313220/symantec-subsidiary-thawte-issues-rogue-google-certificates?sdsrc=next> ------------------------------ Date: Mon, 21 Sep 2015 12:39:13 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Symantec employees fired for issuing rogue HTTPS certificate for Google http://arstechnica.com/security/2015/09/symantec-employees-fired-for-issuing-rogue-https-certificate-for-google/ Unauthorized credential was trusted by all browsers, but Google never authorized it. ------------------------------ Date: Tue, 22 Sep 2015 17:47:24 -0400 From: Monty Solomon <monty () roscom com> Subject: iPhone 6s's Hands-Free Siri Is an Omen of the Future http://www.nytimes.com/2015/09/24/technology/personaltech/iphone-6s-hands-free-siri-is-an-omen-of-the-future.html Voice recognition and artificial intelligence have improved so fast that we are nearing `ambient computing' or robotic assistants that are always on hand. ------------------------------ Date: Mon, 21 Sep 2015 08:15:04 -0400 From: Monty Solomon <monty () roscom com> Subject: As Head-Up Displays Become Common, Distraction Becomes an Issue http://www.nytimes.com/2015/09/11/automobiles/as-head-up-displays-become-common-distraction-becomes-an-issue.html The technology, which shows data like a vehicle's speed in front of the driver, is moving beyond performance cars and appearing in more models. ------------------------------ Date: Mon, 21 Sep 2015 09:25:26 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: France tells Google to remove search results globally, or face big fines (Ars Technica) http://arstechnica.com/tech-policy/2015/09/france-confirms-that-google-must-remove-search-results-globally-or-face-big-fines/ Google's informal appeal against a French order to apply the so-called "right to be forgotten" to all of its global Internet services and domains, not just those in Europe, has been rejected. The president of the Commission Nationale de l'Informatique et des Libert?s (CNIL), France's data protection authority, gave a number of reasons for the rejection, including the fact that European orders to de-list information from search results could be easily circumvented if links were still available on Google's other domains. If Google complies with this order, they'll have set the stage for every country around the world to demand the right to globally censor literally anything that their governments find *inconvenient* in Google search results. Not just EU and other Western countries, but Putin's USSR^h^h^h^h Russia, China, and other repressive regimes. Politicians will rush to sanitize their search results. Religious entities will want to remove contradictory references. There will be no end to it. It will be a stampede to a lowest common denominator of useless pablum. I've been warning of this for years but now we're at the literal cusp of a global information censorship disaster. *This must stop now.* ------------------------------ Date: Mon, 21 Sep 2015 14:09:13 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Yes, the FCC might ban your operating system http://prpl.works/2015/09/21/yes-the-fcc-might-ban-your-operating-system/ Over the last few weeks a discussion has flourished over the FCC's Notification of Proposed Rule Making (NPRM) on modular transmitters and electronic labels for wireless devices. Some folks have felt that the phrasing has been too Chicken-Little-like and that the FCC's proposal doesn't affect the ability to install free, libre or open source operating system. The FCC in fact says their proposal has no effect on open source operating systems or open source in general. The FCC is undoubtedly wrong. ------------------------------ Date: Tue, 22 Sep 2015 16:02:06 -0500 From: William Ehrich <ehr844 () gmail com> Subject: Re: One Symptom in New Medical Codes: Doctor Anxiety Numerical codes for various things were useful on 80 byte punched cards, but horribly mistake-prone. Memory and processing power have improved a lot since then, so there is space for plain human readable English. I'm reminded of this whenever I can't remember the post office's two character abbreviation for the state in an address. ------------------------------ Date: Wed, 23 Sep 2015 19:34:16 +0100 From: Martin Ward <martin () gkc org uk> Subject: Re: Researcher Hacks Self-driving Car Sensors
Using such a system, attackers could trick a self-driving car into thinking something is directly ahead of it, thus forcing it to slow down.
On the other hand, a human-driven car can be forced to stop using a simple laser pointer costing a few dollars. Caltrops can work equally effectively against both types of vehicle. Lauren Weinstein responded:
All you need to do to stop a robo car is stand in front of it (and have your friend stand behind).
Agreed. So why is it a story that a self-driving car can be "tricked" into stopping using a setup costing $60? ------------------------------ Date: Wed, 23 Sep 2015 11:58:32 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Re: Researcher Hacks Self-driving Car Sensors (Ward) All you need to do to stop a robo car is stand in front of it (and have your friend stand behind). Or just drop an obstruction in front and rear. Wear Nixon masks if you're worried about cameras. The robo car is dead in the water. A human-driven car has a driver who can get out and deal with it. The robo car (without a cooperative passenger to take the initiative) ... doesn't. ------------------------------ Date: 21 Sep 2015 18:24:57 -0000 From: "John Levine" <johnl () iecc com> Subject: Re: "The Web's 10 most dangerous neighborhoods" (Maria Korolov) Something is pretty bogus with this article. They claim the dirtiest TLD is .ZIP, but the domain isn't active yet. Its DNS currently has a temporary wildcard with an A record of 127.0.53.53 to try to help flush out any old private usages of the name. ------------------------------ Date: Tue, 22 Sep 2015 16:02:22 -0500 From: William Ehrich <ehr844 () gmail com> Subject: Re: Why We Positively, Absolutely, Can't Trust the Government with Encryption Why "the government"? They, especially ours, are the least of the problem. Whole armies of hackers will compete in the game of finding and exploiting any backdoor. ------------------------------ Date: Mon, 21 Sep 2015 14:15:05 -0700 From: Carl Byington <carl () five-ten-sg com> Subject: Re: Unwanted data transmissions by Windows 10 (Durusau, RISKS-28.93) One mechanism to prevent some forms of malware involves convincing your local DNS server that certain names don't exist. http://www.circleid.com/posts/20100728_taking_back_the_dns/ Modern versions of Bind use rpz (response policy zones) to specify names that by local policy should be treated specially. The following two lines could be added to your local rpz zone. vortex-win.data.microsoft.com CNAME . settings-win.data.microsoft.com CNAME . That prevents any machines in your environment from finding the ip addresses for those names. Of course Microsoft could escalate (like all good virus writers) and hardcode some starting ip addresses, use fast flux dns servers, use a random domain name generator to produce domain names to contact for the telemetry data, etc. But the use of any of those techniques would then make it even more obvious that Microsoft intends to use your computer, electricity, and bandwidth for their own purposes, even if that usage conflicts with your usage. ------------------------------ Date: Tue, 22 Sep 2015 07:52:11 +0800 From: Dan Jacobson <jidanni () jidanni org> Subject: Re: How to make the Internet worse for everyone except the slimeballs (Weinstein, RISKS-28.95) How about a mode where the adblocker still requests the ads from the network, but just doesn't show them to the user? Bandwidth savings are gone, but who cares as I have plenty. And the ad companies will just have to work harder to detect who is really seeing their ads or not. ------------------------------ Date: Tue, 22 Sep 2015 17:44:36 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Re: How to make the Internet worse for everyone except the slimeballs (Jacobson, RISKS-28.96) Given that the ad blocking proponents keep complaining about "bandwidth" and "tracking", I have a feeling this wouldn't quiet them. ------------------------------ Date: Tue, 22 Sep 2015 08:12:03 +0800 From: Dan Jacobson <jidanni () jidanni org> Subject: Re: Vehicles with keyless ignition systems... (RISKS-28.93)
or, worse, when a passenger unintentionally has one card read at the starting station and a different one read at the final station.
Yup, in which case both cards now are in the "I am now riding in the vehicle" state... ------------------------------ Date: Mon, 17 Nov 2014 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string `notsp' at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 28.95 ************************
Current thread:
- Risks Digest 28.95 RISKS List Owner (Sep 24)