RISKS Forum mailing list archives
Risks Digest 29.14
From: RISKS List Owner <risko () csl sri com>
Date: Wed, 2 Dec 2015 14:19:28 PST
RISKS-LIST: Risks-Forum Digest Wednesday 2 December 2015 Volume 29 : Issue 14 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/29.14.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: NTSB: Controllers, Software Complicit In Wrong-Runway Landings (Aviation Week via Steve Golson) Software Cut Off Fuel Supply In Stricken A400M (Steve Golson) Everyone is lying about the downed Russian jet (Motherboard) Tech fails led to 'Spooky' strike on Drs Without Borders hospital (Sean Gallagher) One-person one-vote principle in Texas (Voting News Weekly) Hacking in Argentina (Nicole Perlroth) China accused of hacking Australian Bureau of Meteorology and more (IBTimes) Hello Barbie can spy for crooks (*The Guardian*) VTech hacker exposes the personal information of more than 200,000 kids and millions of parents (Lorenzo Franceschi-Bicchierai) Google Maps hacked to show "Kalusunan" instead of Luzon (Dan Jacobson) Embedded vulnerability (Sec-Consult & Carnegie CERT/CC) MagSpoof disables chip and pin (Help Net) Electrical incompatibility (Android) Cops complain about civilian encryption use, but conduct tactical ops in the clear (NNSquad) After Paris attacks, US politics shift on government phone data collection; Rubio sees opening (AP) L.A. License Plate Readers proposed for john-shaming (Nick Selby) The Serial Swatter (NYTimes) UK ISP boss points out massive technical flaws in Investigatory Powers Bill (Ars Technica) Reply@not.possible? For how long? (Dan Jacobson) Re: The Right to Tinker With Cars' Software (Steve Lamont) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, 28 Nov 2015 09:06:54 -0500 From: Steve Golson <sgolson () trilobyte com> Subject: NTSB: Controllers, Software Complicit In Wrong-Runway Landings http://aviationweek.com/commercial-aviation/ntsb-controllers-software-complicit-wrong-runway-landings In the Atlas incident, the Boeing 747-400LCF set up for a GPS approach to Runway 19L at McConnell Air Force Base near Wichita, Kansas, but ultimately landed on the 6,100-ft.-long Runway 18 at the Col. James Jabara general aviation airport, 8 nautical miles short of McConnell's 12,000-ft.-long runway. While the MSAW [minimum safe altitude warning] system was active, the software was programmed so as to not distinguish between nearby airports and the correct airport, and did not issue an alert even though the 747 was well below the approach path to McConnell. In the Southwest incident, the pilot was on approach to the Branson Airport in Missouri, but was mistakenly redirected to the Downtown Airport, 6 nautical miles short of the intended destination -- using up all but the last 629 feet of a much shorter runway than anticipated. [PGN-ed; the article mentions proposed remediation would have controllers withhold landing clearance until nearby airports have been passed.] ------------------------------ Date: Sat, 28 Nov 2015 07:52:44 -0500 From: Steve Golson <sgolson () trilobyte com> Subject: Database Error Complicit In Turkish Airlines Landing Accident http://aviationweek.com/blog/database-error-complicit-turkish-airlines-landing-accident ... the pilots let the autopilot continue the approach until 14 ft. above the ground, where presumably they finally saw the runway and attempted to flare the aircraft a bit too late â it hit the runway with a vertical acceleration of 2.7G. A hard landing on centerline is one thing, but this A330âs nose wheel was offset 85 ft. to the left of the centerline ... ... what put the A330 far off centerline -- and pretty much in the exact location of the faulty runway end coordinates, thanks to the advanced navigation and automation systems on modern aircraft like the A330 -- were some very important missing digits in the degrees, minutes and seconds marking the latitude and longitude of the runway end. Missing were the three digits to the right of the decimal point of the seconds field. ------------------------------ Date: Sat, 28 Nov 2015 09:09:54 -0500 From: Steve Golson <sgolson () trilobyte com> Subject: Software Cut Off Fuel Supply In Stricken A400M http://aviationweek.com/defense/software-cut-fuel-supply-stricken-a400m The crash of an Airbus A400M airlifter that killed four people on May 9 may have been caused by new software that cut off the engine-fuel supply, industry sources have said. Sources have told *Aviation Week* that aircraft MSN23, destined for Turkey, featured new software that would trim the fuel tanks, allowing the aircraft to fly certain military maneuvers. ------------------------------ Date: Sun, 29 Nov 2015 10:31:57 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: Everyone is lying about the downed Russian jet http://motherboard.vice.com/read/belgian-physicists-calculate-that-everyone-is-lying-about-the-downed-russian-jet ------------------------------ Date: Tue, 01 Dec 2015 09:34:59 -0800 From: Henry Baker <hbaker1 () pipeline com> Subject: Tech fails led to 'Spooky' strike on Drs Without Borders hospital (Sean Gallagher) FYI -- [Note to self: mark home in large letters with *infrared visible* paint, so that "Santa Claus" can find it in the dark.] "Since it was night, and the aircrew was working from infrared video, they were *unable to see the markings* on the building identifying it as a hospital." Sean Gallagher, 30 Nov 2015 How tech fails led to Air Force strike on MSF's Kunduz hospital Sensor and network failures put crosshairs on the wrong target. http://arstechnica.com/information-technology/2015/11/how-tech-fails-led-to-air-force-strike-on-msfs-kunduz-hospital/ On November 25, General John F. Campbell, the commander of US Forces in Afghanistan, announced the findings of an initial investigation into the air strike by an Air Force AC-130 gunship that hit a Médecins Sans Frontières (MSF, or Doctors Without Borders) trauma center in Kunduz, Afghanistan on October 3. The strike -- in which the AC-130 attacked using its onboard cannon, killing 30 patients and members of the MSF hospital staff and injuring another 34 -- lasted nearly a half-hour. Campbell called the strike "a tragic, but avoidable accident caused primarily by human error." But among the secondary factors cited in the report, he noted, there were several contributing technical failures, including a networking failure that could have provided information that would have prevented the mistaken targeting of the hospital. Furthermore, information systems available to the command responsible for the aircraft failed to alert those on duty in the operations center that the target selected by the aircraft was on a no-strike list. http://www.defense.gov/News/News-Transcripts/Transcript-View/Article/631359/department-of-defense-press-briefing-by-general-campbell-via-teleconference-fro ------------------------------ Date: Sun, 29 Nov 2015 12:18:03 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: One-person one-vote principle in Texas (The Voting News Weekly) The Voting News Weekly, 29 Nov 2015 The Supreme Court's docket is crowded with voter redistricting disputes this term, including a Texas case that could redefine the principle of "one person, one vote". State redistricting battles continue in Florida and North Carolina. Georgia Secretary of State Brian Kemp plans to hire top auditing agency Ernst & Young to review his technology department in the wake of a data breach that exposed private information of more than 6 million voters. Supreme Court Justice Anthony M. Kennedy ordered officials in Hawaii not to count ballots or name the winners of an election there in which only people of native Hawaiian ancestry could vote. Weeks before he leaves office, Kentucky Governor Steven Beshear issued an executive order that immediately granted the right to vote to about 140,000 nonviolent felons who have completed their sentences. Violent protest erupted in Haiti after results were announced for a run-off election that international observers say was marred by systemic fraud, voter confusion and intimidation, and in some areas disenfranchisement, while Pakistan has abandoned plans to offer Internet voting to overseas voters. More: http://thevotingnews.us2.list-manage.com/track/click?u=9ac28bcf45e3568f411d495eb&id=fdadf1f78c&e=8ab30158c5 [See Data breach in Georgia could affect 6 million voters, RISKS-29.12. PGN] ------------------------------ Date: Mon, 30 Nov 2015 10:12:05 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: Hacking in Argentina (Nicole Perlroth) Want to learn how to break into the computerized heart of a medical device or an electronic voting machine? Maybe a smartphone or even a car? Thanks to the legacy of military rule and a culture of breaking rules of all sorts, Argentina has become one of the best places on earth to find people who could show you how. http://www.nytimes.com/2015/12/01/technology/in-a-global-market-for-hacking-talent-argentines-stand-out.html?_r=0 ------------------------------ Date: Tue, 2 Dec 2015 12:01:05 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: China accused of hacking Australian Bureau of Meteorology and more Australia's largest supercomputer was hacked, linked to other government agencies as well. Multiple sources. A good place to start might be http://www/ibtimes.com/china-accused-massive-hack-australias-bureau-meteorology-attack-could-impact-other-2207298 ------------------------------ Date: Thu, 26 Nov 2015 23:15:24 -0600 From: "Alister Wm Macintyre \(Wow\)" <macwheel99 () wowway com> Subject: Hello Barbie can spy for crooks (*The Guardian*) WiFi Hello Barbie is a toy doll with conversations with children. It connects with Mattel and ToyTalk to get upgrades of various kinds, such as improving speech recognition state-of-art. It has great educational potential to aid child development, provided it is not taken over by crooks. It is hackable. What hackers can do: * Spy on children, their home, and everywhere the child goes, with audio surveillance. * Over-ride privacy features, communicate directly with the child. * Take over the home's wifi network, of other Internet of Things. * Access the doll's system information, account information, stored audio files, and direct access to the microphone. http://www.msn.com/en-us/news/technology/hackers-can-hijack-wi-fi-hello-barbie-to-spy-on-your-children/ar-AAfGyq6 http://www.nbcchicago.com/investigations/WEB-10p-pkg-Surveillance-Toy_Leitner_Chicago-353434911.html http://time.com/3740348/privacy-group-eavesdropping-wifi-barbie-is-seriously-creepy/ http://www.nytimes.com/2015/03/29/technology/a-wi-fi-barbie-doll-with-the-soul-of-siri.html?_r=0 ------------------------------ Date: Fri, 27 Nov 2015 16:25:50 -0700 From: Jim Reisert AD1C <jjreisert () alum mit edu> Subject: VTech hacker exposes the personal information of more than 200,000 kids and millions of parents (Lorenzo Franceschi-Bicchierai) Lorenzo Franceschi-Bicchierai, *Motherboard*, 27 Nov 2015 One of the Largest Hacks Yet Exposes Data on Hundreds of Thousands of Kids The personal information of almost 5 million parents and more than 200,000 kids was exposed earlier this month after a hacker broke into the servers of a Chinese company that sells kids toys and gadgets, Motherboard has learned. The hacked data includes names, email addresses, passwords, and home addresses of 4,833,678 parents who have bought products sold by VTech, which has almost $2 billion in revenue. The dump also includes the first names, genders and birthdays of more than 200,000 kids. http://motherboard.vice.com/read/one-of-the-largest-hacks-yet-exposes-data-on-hundreds-of-thousands-of-kids [Includes a huge list of what was released. PGN] ------------------------------ Date: Sat, 28 Nov 2015 00:41:30 +0800 From: Dan Jacobson <jidanni () jidanni org> Subject: Google Maps hacked to show "Kalusunan" instead of Luzon Holy smokes, Google Maps has been hacked to show "Kalusunan" instead of Luzon! Were talking about the fourth most populous island in the world, right behind Great Britain. It's the main island of the Philippines. https://www.google.com/maps/@16,121,4z http://maps.googleapis.com/maps/api/staticmap?size=340x340&markers=Luzon+Island&zoom=4 Hmmm, their Feedback tool is of course broken. I know, I'll just ummm, email all the newspapers in the Philippines... No this time I don't think I blew it again: https://www.google.com/search?q=Kalusunan About 2,180 results https://www.google.com/search?q=Luzon About 19,600,000 results ------------------------------ Date: Fri, 27 Nov 2015 14:04:42 -0600 From: "Alister Wm Macintyre \(Wow\)" <macwheel99 () wowway com> Subject: Embedded vulnerability (Sec-Consult & Carnegie CERT/CC) At least 4 million embedded devices, exposed on the Internet, from some 50 manufacturers, share the same hard-coded X.509 certificate. This impacts * 3.2 million Secure HTTPS hosts, or 9 % of the web, and * 0.9 million Secure SSH hosts, or 6% of them. * An unknown volume of vulnerable devices are not directly connected to the Internet, but are on local area networks, where if someone is able to penetrate the network, they can also penetrate the vulnerable devices. * Possibly more at risk, not yet uncovered. The firmware is of smart phones, routers, IP cameras, VoIP phones, modems wifi gateways, networking gear, PCs, Internet of Things, etc. Many devices are exposed to the web by vendor choice, without user awareness. http://www.kb.cert.org/vuls/id/566724 Vendors include: ADB, AMX, Actiontec, Adtran, Alcatel-Lucent, Alpha Networks, Aruba Networks, Aztech, Bewan, Busch-Jaeger, CTC Union, Cisco, Clear, Comtrend, D-Link, Deutsche Telekom, DrayTek, Edimax, General Electric (GE), Green Packet, Huawei, Infomark, Innatech, Linksys, Motorola, Moxa, NETGEAR, NetComm Wireless, ONT, Observa Telecom, Opengear, Pace, Philips, Pirelli , Robustel, Sagemcom, Seagate, Seowon Intech, Sierra Wireless, Smart RG, TP-LINK, TRENDnet, Technicolor, Tenda, Totolink, Unify, UPVEL, Ubee Interactive, Ubiquiti Networks, Vodafone, Western Digital, ZTE, Zhone and ZyXEL. There may be more. Stefan Viehb=F6ck @ Sec-Consult was able to access firmware images of more than 4,000 embedded devices of over 70 vendors, and found this much trouble. Perhaps if more firmware was available for study, research might find more with similar problems. Typically a certificate is issued to 1 person, or one company, for 1 purpose. It is written into software sold to other companies, as a template of what works. Those other companies bake the software into their firmware without getting certificates unique to their company, devices, models, nor provide other security standards to block unwanted access. Even more companies incorporate the hardware in other devices, without any thought to the security needs of end customers. This reality can be exploited by a remote, unauthenticated attacker to carry out impersonation, man-in-the-middle, or passive decryption attacks. Find how to access one device, legally purchased, and now in theory able to access many thousands more, deliver fake updates with malware. Some vendors plan to fix this. While waiting, users can manually replace X.509 certificates, or SSH host keys, with unique ones (if they know how, and if the device permits this). It might be wise to seek clarification from manufacturers of all your embedded devices, whether you are still on maintenance support with them, or not. Other solution ideas, and how come millions of devices, on the web, using identical certificates. http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html http://www.net-security.org/secworld.php?id=19159= http://www.itworld.com/article/3009142/millions-of-embedded-devices-use-the-same-hard-coded-ssh-and-tls-private-keys.html http://www.theregister.co.uk/2015/11/26/lazy_iot_skeleton_keys/ http://www.forbes.com/sites/thomasbrewster/2015/11/25/encrypted-routers-cameras-vulnerabilties-cisco-huawei-motorola/ https://www.sec-consult.com/download/certificates.html https://www.sec-consult.com/download/ssh_host_keys.html https://scans.io/ https://scans.io/series/ssh-rsa-full-ipv4 https://scans.io/study/sonar.ssl https://censys.io <https://censys.io/> ------------------------------ Date: Thu, 26 Nov 2015 18:45:17 -0600 From: "Alister Wm Macintyre \(Wow\)" <macwheel99 () wowway com> Subject: MagSpoof disables chip and pin (Help Net) MagSpoof device can wirelessly spoof credit cards/magstripes, disable chip-and-PIN protection, predict credit card number and expiration date of Amex cards after they have reported stolen or lost. http://www.net-security.org/secworld.php?id=19155 ------------------------------ Date: Fri, 27 Nov 2015 01:15:37 -0600 From: "Alister Wm Macintyre \(Wow\)" <macwheel99 () wowway com> Subject: Electrical incompatibility (Android) There are multiple potential problems. * Many people buy what is cheapest, not what is safest, ignoring industry standards like UL or CE. Should such risky devices even be available for consumer sales? * UL = Underwriter Laboratories http://www.ul.com electrical safety standard. * CE = European standard for health, safety and environmental requirements ensuring consumer and workplace safety. * http://www.batteryspace.com/ul-ce-emc-fcc-and-csa.aspx * One Plus website is selling USB Type-C cables and adaptors which are not up to the real USB Type-C standard. * So if someone has a 3A power source, without relevant UL CE CCC logo, in combination with the OnePlus 3A, they could get a damaged power source. OnePlus is offering refunds through its web site for some North American customers. There are strings attached, so check out the details. http://androidcommunity.com/oneplus-type-c-usb-cables-not-compatible-with-some-3rd-party-chargers-20151126/ http://www.techtimes.com/articles/111171/20151127/oneplus-offers-refunds-for-incompatible-usb-type-c-cable-but-won-t-replace-it.htm ------------------------------ Date: Sat, 28 Nov 2015 15:35:42 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Cops complain about civilian encryption use, but conduct tactical ops in the clear (NNSquad) https://plus.google.com/+LaurenWeinstein/posts/aHwCRdZg8mt It appears that most or all of the local authorities' tactical discussions during the Colorado Springs domestic terrorism attack yesterday were completely in the clear where scanners and online scanner monitors could hear them. Those channels are fascinating to be sure, but hey, guys, the crooks and murdering domestic terrorists can listen to them too! Get your damned systems into the encrypted late 20th century, already. Law enforcement bitches about civilian use of crypto, then conducts their critical operations totally unencrypted. These were *exactly* the kinds of discussions that would have been most useful to a shooter or other domestic terrorist in such situations. ------------------------------ Date: Fri, 27 Nov 2015 08:28:26 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: After Paris attacks, US politics shift on government phone data collection; Rubio sees opening (AP item via NNSquad) http://www.newser.com/article/942c0314e6aa400b8125097943b79828/after-paris-attacks-us-politics-shift-on-government-phone-data-collection-rubio-sees-opening.html At the same time, a *Washington Post* poll conducted after the Paris attacks showed a jump in the percentage of voters favoring investigating terrorist threats over protecting personal privacy: 72 percent said the government should investigate threats even at the cost of personal privacy, and 25 percent said the government shouldn't intrude on personal privacy, even if that limits its investigatory abilities. I will quote from my 2013 blog entry: "Why Edward Snowden May Be the Wackos' Dream Come True" ( http://lauren.vortex.com/archive/001047.html ) - "And given one major (or perhaps even minor) new successful terrorist attack, you can bet that we will move backwards in terms of civil liberties at an enormous rate, even though this will not stop terrorism, and will help the terrorists succeed in destroying our country's greatest ideals from within." ------------------------------ Date: Tue, 01 Dec 2015 18:30:03 -0800 From: Henry Baker <hbaker1 () pipeline com> Subject: L.A. License Plate Readers proposed for john-shaming [This "john"-shaming has] ``the potentially chilling effect that [license plate reader] technology has on freedom of association and freedom of transportation.'' [automatically] send to [each vehicle] owner a letter explaining that the vehicle was seen in area known for prostitution. I wonder whether a politician who happens to be "campaigning" [ahem] in such an area would also receive these letters ? Nick Selby, *Medium* Los Angeles Just Proposed the Worst Use of License Plate Reader Data in History. https://medium.com/@nselby/los-angeles-just-proposed-the-worst-use-of-license-plate-reader-data-in-history-702c35733b50#.c9obzyurl ------------------------------ Date: Thu, 26 Nov 2015 13:32:38 -0500 From: Monty Solomon <monty () roscom com> Subject: The Serial Swatter http://www.nytimes.com/2015/11/29/magazine/the-serial-swatter.html Internet trolls have learned to exploit our over-militarized police. It's a crime that's hard to stop â and hard to prosecute. ------------------------------ Date: Thu, 26 Nov 2015 11:55:26 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: UK ISP boss points out massive technical flaws in Investigatory Powers Bill (Ars Technica via NNSquad) http://arstechnica.com/tech-policy/2015/11/uk-isp-boss-points-out-massive-technical-flaws-in-investigatory-powers-bill/ The head of the UK ISP Andrews & Arnold, Adrian Kennard, has pointed out a number of major technical issues with the proposed Investigatory Powers Bill (aka the Snooper's Charter). Kennard and other representatives of the UK Internet Service Provider's Association (ISPA) met with the Home Office on Tuesday, where they presented a number of ethical, technical, and privacy related issues with the incoming new law. These issues, plus some of the Home Office's responses, can be found in written evidence (PDF) penned by Kennard. Kennard's key point is that the Internet Connection Records, which lie at the heart of the UK government's proposals, are largely meaningless for most modern online services. He recounts that, in the Home Office briefing this week, the example of a girl going missing was used once more to illustrate why the authorities want to be able to see which services she accessed just before disappearing, in the same way that they can track her phone calls. But Kennard and the other ISPA members pointed out this example betrayed a lack of understanding of how the Internet works today. ------------------------------ Date: Fri, 27 Nov 2015 04:00:18 +0800 From: Dan Jacobson <jidanni () jidanni org> Subject: reply@not.possible? For how long? You know those messages you get with Reply-To: reply@not.possible @invalid..., etc. Well one day when they open up all TLDs, all the bad guys need to do is register the domains and set up mail systems, and voila, plenty of misdirected mail with personal details... They can even send a calming bounce message, while keeping a carbon copy... ------------------------------ Date: Fri, 27 Nov 2015 17:57:45 -0800 From: spl () tirebiter org (Steve Lamont) Subject: Re: The Right to Tinker With Cars' Software
Car owners in the United States can soon play Volkswagen engineer, courtesy of the federal government. [. . .]
Just to play Devil's Advocate for the moment, what happens when cars become self-driving? The notion of J Random Hacker "tinkering" with the programming ought to (auto?) give one pause. Of course, the notion of J Random Hacker behind the wheel of a non-self-driving car should probably also give one pause. ------------------------------ Date: Mon, 17 Nov 2014 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string `notsp' at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 29.14 ************************
Current thread:
- Risks Digest 29.14 RISKS List Owner (Dec 02)