RISKS Forum mailing list archives

Previous By Date Next
Previous By Thread Next

Risks Digest 29.16

From: RISKS List Owner <risko () csl sri com>
Date: Mon, 14 Dec 2015 16:28:12 PST
RISKS-LIST: Risks-Forum Digest  Monday 14 December 2015  Volume 29 : Issue 16

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/29.16.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Tablet computer zoom error lets plane fly 13 hours with 46cm hole
  (*The Register*)
Boston Red Line train leaves station without operator (*The Boston Globe*)
VW Says Emissions Cheating Was Not a One-Time Error (*NYTimes*)
The Moral Failure of Computer Scientists (Phillip Rogaway, *The Atlantic*)
Twitter says it was target of state-sponsored hack (*The Boston Globe*)
"Europe Could Kick Majority of Teens Off Social Media, and That Would Be
  Tragic" (HuffPost)
Maine General Health Breach (Gov Info Sec)
Medical privacy: small scale violations (Propublica via Suzanne Johnson)
Cloud Lock inspects security by industry (Help Net via Al Mac)
Malvertising: these advertisers *really* want your business (*WiReD*)
AT&T Fools Entire Media With Giant Gigabit Fiber Bluff (DSLreports via
  Lauren Weinstein)
New York State Health Insurance site implemented with elementary
  security flaws, blames the whistleblower (Gothamist)
Massive DDoS attack on core Internet servers was 'zombie army'
  botnet from popular smartphone app (*IBTimes* via Bob Frankston)
Microsoft pulls botched patch KB 3114409 that triggered problems
  with Outlook 2010 (Woody Leonhard)
"Microsoft Edge has inherited many of Internet Explorer's
  security holes" (Woody Leonhard)
Discrimination by Airbnb Hosts Is Widespread, Report Says (*NYTimes*)
Your iPhone Is Ruining Your Posture -- and Your Mood (*NYTimes*)
America's secret cyberarsenal (*NYTimes* via Henry Baker)
Re: "I gave my students iPads -- then wished I could take them back
  (Gene Wirchenko)
Re: Voter Privacy in the Age of Big Data (Mark E. Smith)
Re: Working on Cheaper Sensors, Deeper Learnings (Amos Shapir)
Re: Your child is a CYBER-CRIMINAL! (Amos Shapir, Simon Wright, Henry Baker)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sun, 13 Dec 2015 09:47:42 -0500
From: Gabe Goldberg <gabe () gabegold com>
Subject: Tablet computer zoom error saw plane fly 13 hours with 46-cm hole

A Qatar Airways Boeing 777 traveling from Miami to Doha struck airport
lights during takeoff and suffered a 46-cm tear in the fuselage, thanks in
part to a pilot zooming in too far on a tablet computer.

Flight QR778 left Miami on September 15th but as it took off, hit airport
landing lights. On arrival the plane was found to have suffered "a 46 cm
tear in the fuselage behind the rear cargo door which breached the pressure
vessel... numerous dents and scratches in the external airframe with 18
square meters of damaged skin." Inspection also found "90 external
individual areas of damage requiring assessment and rectification [and] some
damage to a metal guard on the left landing gear."

A Qatar Civil Aviation Authority (QCAA) report on the incident suggests the
crew were not familiar with the airport, so when the First Officer decided
to take off from a point 411m down the runway the choice was queried but
"The commander made a hand gesture and said something which he thought was
seeking reassurance from the crew that everything was OK."

http://www.theregister.co.uk/2015/12/11/tablet_computer_zoom_snafu_saw_plane_fly_13_hours_with_46cm_hole/

Gabriel Goldberg, Computers and Publishing, Inc.       gabe () gabegold com
3401 Silver Maple Place, Falls Church, VA 22042           (703) 204-0433

------------------------------

Date: Mon, 14 Dec 2015 11:51:58 -0500
From: Monty Solomon <monty () roscom com>
Subject: Boston Red Line train leaves station without operator
  (Mark Arsenault and Eric Moskowitz via PGN)

An MBTA train from Braintree ran through the next four stops after the
driver got out to attend to a signal problem.  It was stopped just after the
North Quincy station, when power to the third rail was cut off.   [PGN]
https://www.bostonglobe.com/metro/2015/12/10/red-line-train-leaves-station-without-operator/L5NzTcDEX8dMQCQLvC7UBN/story.html

The story is actually much more complicated.  Controllers had to manually
get trains that were ahead of the runaway to express out of the
Braintree section onto the Red Line section, so that power could be shut off
on the entire Braintree section.  This is a fascinating hands-on dynamic
systemic solution to an apparently unplanned event.  My guess is that it
might even suggest some systemic changes!  [PGN]

Eric Moskowitz, LATER: A call, then a scramble to stop runaway train
https://www.bostonglobe.com/metro/2015/12/11/call-then-scramble-stop-runaway-train/3HvcszljJaLlANPPX5b6wN/story.html

------------------------------

Date: Sat, 12 Dec 2015 21:24:12 -0500
From: Monty Solomon <monty () roscom com>
Subject: VW Says Emissions Cheating Was Not a One-Time Error (Jack Ewing)

Jack Ewing, *The New York Times*, 11 Dec 2015
http://www.nytimes.com/2015/12/11/business/international/vw-emissions-scandal.html

In its most detailed explanation of what led to the scandal, the German
automaker cited a chain of errors that were allowed to happen.

  ["There was a tolerance for breaking the rules." -- Hans-Dieter Potsch,
  chair of VW's Supervisory Board.]

------------------------------

Date: Thu, 10 Dec 2015 10:48:24 -0500
From: Robert Schaefer <rps () haystack mit edu>
Subject: The Moral Failure of Computer Scientists (Phillip Rogaway)

Phillip Rogaway, The Moral Character of Cryptographic
http://web.cs.ucdavis.edu/~rogaway/papers/moral.html

This essay attempts to ground cryptography within larger political and
ethical contexts to which I am no doubt sure will be of interest to the
general population of RISKS readers.

A side note, Google appears to be (in some instances) not providing users
direct links to articles - Google instead provides links to Google with
search terms.  Have others noticed this? And if so, can anyone speculate as
to why?

------------------------------

Date: Sat, 12 Dec 2015 11:16:14 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: The Moral Failure of Computer Scientists (*The Atlantic*)

  "He likened the danger posed by modern governments' growing surveillance
  capabilities to the threat of nuclear warfare in the 1950s, and called
  upon scientists to step up and speak out today, as they did then.  I spoke
  to Rogaway about why cryptographers fail to see their work in moral terms,
  and the emerging link between encryption and terrorism in the national
  conversation.  A transcript of our conversation appears below, lightly
  edited for concision and clarity."
http://www.theatlantic.com/technology/archive/2015/12/the-moral-failure-of-computer-science/420012/

------------------------------

Date: Mon, 14 Dec 2015 11:45:59 -0500
From: Monty Solomon <monty () roscom com>
Subject: Twitter says it was target of state-sponsored hack

http://www.bostonglobe.com/business/2015/12/14/twitter-says-was-target-state-sponsored-hack/aqmmGtUBsOwYDbSePVyChJ/story.html

------------------------------

Date: Thu, 10 Dec 2015 12:29:28 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: "Europe Could Kick Majority of Teens Off Social Media, and That
  Would Be Tragic" (HuffPost)

http://www.huffingtonpost.com/larry-magid/europe-could-kick-majorit_b_8774742.html

  European policymakers are considering a draft of the European Data
  Protection Regulation that would prohibit teens under 16 from
  participating in social media without parental consent. Up until this
  point, the draft Regulation set the age at 13, which is consistent with
  laws and practices around the world.

------------------------------

Date: Thu, 10 Dec 2015 19:19:14 -0600
From: "Alister Wm Macintyre \(Wow\)" <macwheel99 () wowway com>
Subject: Maine General Health Breach (Gov Info Sec)

8 Dec 2015: Maine General https://www.mainegeneral.org/Pages/Home.aspx  went
  public about this breach.
13 Nov 2015: the health care provider was notified by the FBI of evidence of
  a breach.
They investigated & confirmed it, but do not have full details yet.

For some patients, info taken includes real identity, address, phone, date
of birth, emergency contact phone.  They do not yet know how many, out of
their approx 180,000 patients, but the info dates back to at least June
2009.

Also some employees were breached, with similar info.

So far, no evidence that credit financial info, social security #, or
driver's license #s taken, Maine General is offering impacted persons access
to one year of free credit monitoring and identity restoration services.
https://www.mainegeneral.org/news/statement-regarding-mainegenerals-recent-cyber-attack
http://www.govinfosecurity.com/fbi-detects-another-healthcare-cyberattack-a-8736

------------------------------

Date: December 10, 2015 at 2:01:00 PM EST
From: Suzanne Johnson <fuhn () pobox com>
Subject: Medical privacy: small scale violations (via Dave Farber)

... Under the federal law known as HIPAA, it's illegal for health care
providers to share patients' treatment information without their permission.
The Office for Civil Rights, the arm of the Department of Health and Human
Services responsible for enforcing the law, receives more than 30,000
reports about privacy violations each year.

The bulk of the government's enforcement -- and the public's attention --
has focused on a small number of splashy cases in which hackers or thieves
have accessed the health data of large groups of people. But the damage done
in these mass breaches has been mostly hypothetical, with much information
exposed, but little exploited.

https://www.propublica.org/article/small-scale-violations-of-medical-privacy-often-cause-the-most-harm

------------------------------

Date: Fri, 11 Dec 2015 02:18:17 -0600
From: "Alister Wm Macintyre \(Wow\)" <macwheel99 () wowway com>
Subject: Cloud Lock inspects security by industry (Help Net)

Cloud Lock https://www.cloudlock.com/ analyzed 10 million users, 1 billion
files, 91,000 applications to survey risk across multiple industries.

You have to register with them, to download their report.
http://go.cloudlock.com/ebook-q3-2015-cybersecurity-report.html

They found on average, 5% of companies bother with password, and other
credentials, protection.

K-12 is worst, at 1%.

Retail "best" at 8%.

For break down on others, see help net link.

http://www.net-security.org/secworld.php?id=19214

99% of files in the financial services industry, which can be found by
anyone who can find a link, or locate them via search engines, can be
attributed to exposure by 1% of their users.  The overall average of
industries, in the article, is 74%.  Health Care is most secure in that
dept.

Manufacturing shows the least concern for protecting PII, like social
security #s. IDs, dates of birth, etc.

Al Mac comments: Someone had to be in last place.

I would have liked Critical Infrastructure to be a category, since I am now
reading "Lights Out" by Ted Koppel.

We have known for decades that security for our electric grid -- cyber
security and physical security, are both pretty dismal.

Mainstream news media is now giving more attention to this topic thanks to
Ted Koppel's reputation as a first class messenger.

The electric grid can be taken down for all of USA, and take years for
repair.  An enormous volume of our civilization is dependent upon it --
water, transportation, communication, restocking groceries, hospitals.
Millions will die.  It is not *if* ISIS can do it, but when they will do it.

------------------------------

Date: Fri, 11 Dec 2015 07:15:20 -0800
From: Henry Baker <hbaker1 () pipeline com>
Subject: Malvertising: these advertisers *really* want your business
  (*WiReD*)

FYI -- This is why you should *turn Javascript off* by default & remove all
*add-ons* & *plug-ins*, including Java, Flash, video players, etc.  With
Javascript turned off, you don't even need an ad-blocker.

Leaving Javascript turned on in your browser is the equivalent of leaving
all of your power tools outside your house, so that a burglar doesn't even
need to bring his/her own when attacking your house.  It's actually even
worse than that; you've left a remote-controlled *robot* outside your home
that the burglar can take over and use to attack your home while he/she is
sitting in the comfort of his/her home.

http://www.wired.com/2015/12/hacker-lexicon-malvertising-the-hack-that-infects-computers-without-a-click/

Joseph Cox, *WiReD*, 9 Dec2015
Hacker Lexicon: Malvertising, the Hack That Infects Computers Without a Click

Malvertising is when hackers buy ad space on a legitimate website, and, as
the name suggests, upload malicious advertisements designed to hack site
visitor's computers.

The news page looked perfectly innocent.  Apart from the reams of celebrity
gossip stories and throw-away magazine layout, nothing about the the website
for UK news site *The Daily Mail* seemed particularly malicious.  But, if
you visited the site in October, you might have fallen victim to a
sophisticated hacking campaign without even realizing it.

In the background of *The Daily Mail*, third-party advertisements were
surreptitiously and automatically redirecting readers to powerful exploit
kits, designed to install malware on their computers.

This is the booming trade of malvertising: where cybercriminals rent out ads on sketchy corners of the Internet and 
popular sites alike, in order to infect the computers of as many people as possible.

  Plenty of Popular Sites Have Been Targeted [...]
  How Malvertising Works [...]
  How Can Malvertising Be Stopped? [...]

------------------------------

Date: Thu, 10 Dec 2015 12:18:20 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: AT&T Fools Entire Media With Giant Gigabit Fiber Bluff

NNSquad
http://www.dslreports.com/shownews/ATT-Fools-Entire-Media-With-Giant-Gigabit-Fiber-Bluff-135848

  In reality, AT&T has consistently been cutting back its fixed-line
  investment budget and CAPEX to focus on more profitable wireless (read:
  usage capped) broadband. There's no budget for the kind of "real" fiber
  build AT&T's press release implies. In fact, while AT&T pats itself on the
  back for this latest build, it has been consistently trying to figure out
  how it can gut regulations in order to hang up on millions of DSL users it
  doesn't want to upgrade.  And while AT&T this week promised its over-hyped
  fiber build will someday reach 14 million residential and commercial
  locations, they didn't give a timeline for this accomplishment. That means
  AT&T technically could be winding up this not-particularly ambitious
  attempt to cherry pick the nation's high-end development communities and
  university student condos -- by 2030 or so.  We're potentially talking
  about only a few hundred thousand lines per year, many at universities.

Exactly. U-verse is fiber to the terminal, with the final leg almost
always provided over copper and using DSL-technologies. What AT&T is
doing is claiming a massive "fiber build-out" when in practice all
they're mostly doing is providing a relatively few direct fiber
connections to those terminals in special cases. But are they really
planning to spend a pile of money deploying fiber (on poles and buried)
to replace all that copper that serves most homes and businesses in
their service areas? If you think so, there's a bridge across the East
River in New York you might be interested in buying.

------------------------------

Date: Thu, 10 Dec 2015 18:14:52 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: New York State Health Insurance site implemented with elementary
  security flaws, blames the whistleblower (Gothamist)

Oopsy: NY State Health Insurance Website Let You Download Other Users'
Private Info (Gothamist via NNSquad)
http://gothamist.com/2015/12/10/thanks_obama.php

  For an unknown period of time, anyone who logged onto the New York State
  health plan website had the ability to download a range of sensitive,
  private information belonging to other users. The incredible glitch was
  discovered by Robert Parks, a cofounder of Oyster, after he received an
  email last Saturday notifying him that he had a message from the New York
  State of Health website.

... I'll add a "don't be a jerk" message to the author of that article,
because a security flaw in a NY State site is not the responsibility of
Obamacare/ACA, but of idiots in New York.

------------------------------

Date: Sat, 12 Dec 2015 11:21:01 -0500
From: "Bob Frankston" <bob19-0501 () bobf frankston com>
Subject: Massive DDoS attack on core Internet servers was 'zombie army'
  botnet from popular smartphone app

I haven't seen any mention of this before so would like to learn more.

There is a risk of the supposedly decentralized Internet relying on
hierarchical naming, addressing and certificates. But that's a deeper topic.
http://www.ibtimes.co.uk/john-mcafee-massive-ddos-attack-internet-was-smartphone-botnet-popular-app-1532993

------------------------------

Date: Wed, 09 Dec 2015 15:00:32 -0800
From: Gene Wirchenko <genew () telus net>
Subject: Microsoft pulls botched patch KB 3114409 that triggered problems
  with Outlook 2010 (Woody Leonhard)

For the second month in a row, a Patch Tuesday Outlook update raises havoc
Woody Leonhard, InfoWorld, 9 Dec 2015
http://www.infoworld.com/article/3013219/microsoft-windows/microsoft-pulls-botched-patch-kb-3114409-that-triggered-problems-with-outlook-2010.html

selected text:

Microsoft's Patch Tuesday update KB 3114409, intended to help admins keep
Outlook 2010 from starting in safe mode, has in fact done the opposite.
Many Outlook 2010 customers report that installing KB 3114409 forces Outlook
to start in safe mode.

And you should reflect on how a patch this destructive ever made it through
internal testing.

------------------------------

Date: Wed, 09 Dec 2015 15:03:58 -0800
From: Gene Wirchenko <genew () telus net>
Subject: "Microsoft Edge has inherited many of Internet Explorer's
  security holes" (Woody Leonhard)

Woody Leonhard, InfoWorld, 9 Dec 2015
A look at recent patch lists for IE and Edge hints that many of IE's
warts will continue to haunt us
http://www.infoworld.com/article/3012987/microsoft-windows/microsoft-edge-has-inherited-many-of-internet-explorers-security-holes.html

selected text:

We're all anxiously awaiting the day that Windows 10's new Edge browser
becomes usable. That hasn't happened yet, but it will some day next year.

But looking at yesterday's Patch Tuesday announcement and the one for
November has me wondering how much of this improved security is new bananas
-- and how much is built on a rotten old foundation.

The reason for my skepticism: Common Vulnerabilities and Exposures
(CVEs). Each CVE entry is supposed to identify a unique security hole. The
overlap between Internet Explorer CVEs and Edge CVEs shows that many
security problems in IE have been inherited by Edge.

------------------------------

Date: Sun, 13 Dec 2015 11:59:07 -0500
From: Monty Solomon <monty () roscom com>
Subject: Discrimination by Airbnb Hosts Is Widespread, Report Says

A hotel cannot examine names of potential guests and reject them based on
race, the authors say, but that is common with short-term home rentals.
http://www.nytimes.com/2015/12/12/business/discrimination-by-airbnb-hosts-is-widespread-report-says.html

------------------------------

Date: Sun, 13 Dec 2015 11:48:41 -0500
From: Monty Solomon <monty () roscom com>
Subject: Your iPhone Is Ruining Your Posture -- and Your Mood (NYTimes)

Stop slouching over that tiny screen. It's bad for your self-esteem.
http://www.nytimes.com/2015/12/13/opinion/sunday/your-iphone-is-ruining-your-posture-and-your-mood.html

------------------------------

Date: Mon, 14 Dec 2015 10:06:52 -0800
From: Henry Baker <hbaker1 () pipeline com>
Subject: America's secret cyberarsenal

FYI -- We've got the kids playing with matches in the barn again -- H. Baker
"Mommy, please tell me again, how did World War I begin?"
http://www.nytimes.com/2015/11/27/opinion/world-war-iii.html

"Anything that has a computer anywhere on earth can be stopped or taken
over"  "Stuxnet was a game changer.  The Internet became a much more
dangerous place after that, because almost literally everybody started to
say the gloves are off now."

"If we are under attack, you can't just try to catch every arrow.  You have
to take care of the person shooting the arrows at you."  [Assuming that you
know or can find out who's shooting at you.]

"Part of the problem is that there are so many senior people in the
government, especially coming out of the political world, that just don't
understand enough about the technology.  They really are remarkably
uninformed."

------------------------------

Date: Wed, 09 Dec 2015 20:50:18 -0800
From: Gene Wirchenko <genew () telus net>
Subject: Re: "I gave my students iPads -- then wished I could take them
  back" (RISKS-29.15)

With regard to "Students who use computers very frequently at school do a
lot worse in most learning outcomes, even after accounting for social
background and student demographics":

See also my post in 28.57's "Re: As We Age, Smartphones Don't Make Us Stupid
... (LW, RISKS 28.56)" where I detailed my similar experience in a
university course.

------------------------------

Date: Wed, 9 Dec 2015 22:57:28 -0800
From: "Mark E. Smith" <mymark () gmail com>
Subject: Re: Voter Privacy in the Age of Big Data

I stopped voting in 2006 and assumed, because of repeated warnings printed
on sample ballots, that my name would be purged from the voting rolls if I
failed to vote in three consecutive elections.

Three consecutive elections went by and I was still getting election junk
mail, so I phoned the office of the Registrar of Voters, explained that I
hadn't voted in the past three elections, did not intend to vote in future
elections, and requested that my name be removed from the voting rolls. They
assured me they'd take care of it.

Two more elections pass, and despite a few more phone calls, I was still
getting election junk mail. So I took the long bus trip out to the
Registrar's office and they had me fill out a form requesting that my name
be removed from the rolls. Problem solved? Not at all. It took me three more
years of repeated requests before they finally removed my name from the
rolls and the junk mail stopped coming.

I had several reasons for wanting my name off the rolls, including the
reduction of junk mail, a vague suspicion that when elections officials were
caught manufacturing "phantom votes," it would have been relatively easy for
them to have used the names of people who were registered but hadn't voted,
and that I thought it inappropriate for me, as a non-voter and an election
boycott advocate, to remain a registered voter.

Learning about the political dossiers kept on every US voter feels like a
sort of vindication to me -- that for privacy issues alone my struggle to
get unregistered was well worth the time and effort it cost.

------------------------------

Date: Mon, 14 Dec 2015 18:18:56 +0200
From: Amos Shapir <amos083 () gmail com>
Subject: Re: Working on Cheaper Sensors, Deeper Learnings

It seems that the designers of autonomous vehicles are finally encountering
what every new driver should realize early on: Operating a vehicle, even in
an urban environment, is the easy part; but driving is really about
teamwork.

------------------------------

Date: Mon, 14 Dec 2015 18:37:08 +0200
From: Amos Shapir <amos083 () gmail com>
Subject: Re: Your child is a CYBER-CRIMINAL! (RISKS-29.15)

When my daughter was about 8, she used to play a lot in a MRPG which enabled
players to earn "game money" by meeting challenges, and using it to buy
stuff for their avatar.  Game money could also be received at the game's
bank by redeeming coupons which were handed out in some stores when buying
certain children's products - clothes, toys etc. -- for real money.

My daughter usually spent all her earnings on shopping sprees, so she never
had more than 1000 game coins.  One day I noticed she suddenly had 32,000
coins; when asked how she got them, she said "from the Bank!".  It seems
that she just got into Google and typed "where can I get coupon codes for
<Game name>"; it brought her into a site of young hackers -- actually, they
did not do much hacking, some kids just filmed themselves playing the game
(they did not even know about screen capture) and posted the clips on
YouTube; my daughter simply stopped the video and copied the codes!
Amazingly, the games accepted these.

I'm still waiting for a knock on my door by FBI agents who'd come to
inquire who at this address had broken into the Pentagon...

------------------------------

Date: Thu, 10 Dec 2015 19:21:08 +0000
From: Simon Wright <simon () pushface org>
Subject: Re: Your child is a CYBER-CRIMINAL! (RISKS-29.15)

  "Many children will have an active interest in coding, spend a lot of time
  online and have independent learning materials. These are all signs of a
  healthy and positive interest in computing.

  "The UK needs as many people interested in coding as possible. Coding and
  programming are extremely valuable skills and if your child has an
  interest you should actively encourage them to do so - but in a lawful
  way."

I suggest people visit the actual web site; it doesn't say any such thing
[as suggested by Lauren].

------------------------------

Date: Thu, 10 Dec 2015 07:12:06 -0800
From: Henry Baker <hbaker1 () pipeline com>
Subject: Re: Your child is a CYBER-CRIMINAL! (RISKS-29.15)

FYI -- And what % of parents can realistically follow this advice:

  "If a young person is showing some of these signs try and have a
  conversation with them about their online activities.  This will allow you
  to assess their computer knowledge proficiency so you can understand what
  they are doing, explain the consequences of cyber crime and help them make
  the right choices."

Perhaps Eric Schmidt's plan to destroy the First Amendment using AI can also
detect/prevent your child's (or your own) cyber "pre-crime":

http://www.nytimes.com/2015/12/07/opinion/eric-schmidt-on-how-to-build-a-better-web.html
http://oomlout.co.uk/blogs/news/79367233-national-crime-agency-lists-daft-cyber-crime-warning-signs

------------------------------

Date: Mon, 17 Nov 2014 11:11:11 -0800
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request () csl sri com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
 *** NOTE: Including the string `notsp' at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 29.16
************************
Previous By Date Next
Previous By Thread Next

Current thread: