RISKS Forum mailing list archives
Risks Digest 25.50
From: RISKS List Owner <risko () csl sri com>
Date: Sun, 4 Jan 2009 16:07:56 PST
RISKS-LIST: Risks-Forum Digest Sunday 4 January 2009 Volume 25 : Issue 50 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/25.50.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Sunrise on the post-leap-second era (Tony Finch) Zounds! Zinger: Zune Zapped Zealously with Zero-tolerance (PGN, David Magda) Backward Hebrew writing on iPhone calendar (Steven M. Bellovin) We can't stop the train because our GPS is broken (Hawkins Dale) Medical devices lag in iPod age; Patients' safety is at risk (Carolyn Y. Johnson via Monty Solomon) JournalSpace wiped out; no backups (Lindsay Marshall) Some *digital* reception will go black in February! (Daniel P. B. Smith) Digital photo frames: risks of infecting PCs (Deborah Gage via PGN) Risks of Australians shouting at your hard drive? (Alec Muffett) Firewall product uses man-in-the-middle attack to defeat SSL crypto (Mike Coleman) Peter G. Neumann" <neumann () csl sri com> Woman fools Japan's airport security fingerprint system (PGN) The danger of DNA: It isn't foolproof forensics (Maura Dolan and Jason Felch via Monty Solomon) Phishing Scam Spreading on Twitter (Chris Pirillo via David Farber) Domain registrar hacked; numerous repointings... (Danny Burstein) Qwest cuts off Internet subs in NM, including government VoIP (Lauren Weinstein) Computer vs. food and warmth (jidanni) Yahoo tracking where you go - invasion of privacy (jidanni) Intelligent Speed Adaptation (Martin Ward) Re: License plate camera readers (Danny Burstein) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 1 Jan 2009 08:10 +0001 From: Tony Finch <dot () dotat at> Subject: Sunrise on the post-leap-second era Just before the start of this year there was a leap second, and I am looking forward to reading the usual collection of stories about the problems it caused. Over the last several years there has been discussion about abolishing leap seconds, to eliminate the glitches they cause and simplify standard time so that it agrees with the naive model built in to much software and many API and protocol standards. For a recent update on the discussion, see the following slides. http://www.navcen.uscg.gov/cgsic/meetings/48thmeeting/Reports/Timing%20Subcommittee/48-LS%2020080916.pdf The disadvantage is that atomic time has a different length of day to the Earth, and this difference is increasing more and more rapidly. Some people object strongly to the idea of decoupling civil time from the rotation of the Earth, and the break with historical ways of measuring time that this implies. The problem is how to reconcile the simple uniformity of atomic time with the erratic deceleration of the Earth. I believe that my proposal for a rational replacement for daylight saving time also provides an answer to the leap second question. http://catless.ncl.ac.uk/Risks/25.10.html#subj1 The essence of sunrise time is that we reset our clocks each day (by slightly adjusting their timezone) to a fixed time when the sun rises at a benchmark location. For the UK, the benchmark location would be where the Greenwich meridian crosses the Tropic of Cancer. This simple mechanism makes even more daylight available when people are awake than conventional DST, and eliminates political argument. If you are setting civil time according to when the sun rises, then it is by definition coupled to the rotation of the Earth, and there can be no accelerating difference between them. This is true even if the underlying time scale does diverge in this way because it uses fixed-length SI seconds. This mechanism even lasts beyond the time when the current leap second rules become unworkable because we need more than 12 each year. Our systems would only have to know about atomic time and local time, translating between them using the existing time zone mechanism. There would no longer be any need for complicated and unpredictable UTC. Instead we'd gain straight-forward compatibility between the most modern way of keeping time - the atomic clock - and the most ancient - getting up when the sun rises! f.anthony.n.finch <dot () dotat at> http://dotat.at/ ------------------------------ Date: Fri, 2 Jan 2009 14:40:27 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: Zounds! Zinger: Zune Zapped Zealously with Zero-tolerance Starting at midnight on 30 December 2008, the 366th day of the year, Zunes (Microsoft's portable media players) displayed only a frozen start-up screen. [Source: Jenna Wortham, A Year Ticks Over, and Zunes Get Hiccups, *The New York Times*, 1 Jan 2009, National Edition B9; PGN-ed] The most logical cause of this bug would seem to be a programmer forgetting that not all years have 365 days. [This risk was also noted by Martyn Thomas, Martin Ward, and Peter Gregory -- who added this comment: Microsoft is yearning to expand its market space into embedded systems in automobiles, military systems, and other areas. Am I being overly fearful of the consequences of a Microsoft whose products are even more deeply embedded into the machinery of our lives? Today is one of those days when I am distrustful of technology as a path for an easier life. PG See also the following follow-up item from David Magda. PGN] This is of course reminiscent of numerous previous leap-year fiascos previously reported in RISKS. For leap-year historians, do a search on "leap" (year and day help narrow it a little). Even apart from the leap-year digital watch problems noted repeatedly over the years by Mark Brader (see RISKS-25.07), the number of RISKS items is quite large -- particularly in volume 6 (1988), 13 (1992), 17 (1996), 20 (2000), and 25 (2008). ------------------------------ Date: Thu, 1 Jan 2009 15:26:18 -0500 From: David Magda <dmagda () ee ryerson ca> Subject: Zounds! Zinger: Zune Zapped Zealously with Zero-tolerance On Dec 31, 2008, at 20:36, David Magda wrote:
People still can't get leap years right even though they've been around since Pope Gregory XIII's decree in 1582:
Q: Why did this occur at precisely 12:01 a.m. on December 31, 2008?
A: There is a bug in the internal clock driver causing the 30GB device to improperly handle the last day of a leap year.
http://forums.zune.net/412486/ShowPost.aspx
The issue is an infinite loop:
while (days > 365) {
if (IsLeapYear(year)) {
if (days > 366) {
days -= 366;
year += 1;
}
} else {
days -= 365;
year += 1;
}
}
Under normal circumstances, this works just fine. The function keeps subtracting either 365 or 366 until it gets down to less than a year's worth of days, which it then turns into the month and day of month. Thing is, in the case of the last day of a leap year, it keeps going until it hits 366. Thanks to the if (days > 366), it stops subtracting anything if the loop happens to be on a leap year. But 366 is too large to break out of the main loop, meaning that the Zune keeps looping forever and doesn't do anything else.
http://www.zuneboards.com/forums/349447-post1.html ------------------------------ Date: Thu, 1 Jan 2009 12:21:24 -0500 From: "Steven M. Bellovin" <smb () cs columbia edu> Subject: Backward Hebrew writing on iPhone calendar I recently succumbed to the reality distortion field and bought myself an iPhone. To make sure I have Jewish holidays on my calendar, I used a Mac to subscribe to a web-based calendar; this particular one will, on request, include the name of the holiday in Hebrew as well as in English transliteration. The result was amusing: the Hebrew words are written left-to-right, rather than the proper right-to-left. It's a display problem on the iPhone itself; my Mac's iCal program (from which the iPhone got the data) and the open source Sunbird calendar both display the text correctly. The iPhone's web browser is even more amusing. It displays the text of Hebrew language web pages correctly; however, the characters in the title bar are reversed. Again, Safari on MacOS gets it all right (or, rather, gets it right-to-left). Ah, well -- at least it's not a 30GB Zune on December 31 of a leap year.... (http://www.nytimes.com/2009/01/01/technology/personaltech/01zune.html) Steve Bellovin, http://www.cs.columbia.edu/~smb ------------------------------ Date: Fri, 02 Jan 2009 10:18:04 -0500 From: Hawkins Dale <hawkins () hawkinsdale com> Subject: We can't stop the train because our GPS is broken http://new.dailyexpress.co.uk/posts/view/77987/ "Passengers on a Southern [England] service from East Croydon were stunned when they were told that their stopping train would skip six stations and go direct to the end of the line in Caterham, Surrey. When they got there the driver said the reason was that the train had lost its satellite link. Apparently the GPS isn't there to determine where to line up the train with the platform. Instead, it senses which station the train's in, so that it knows not to open doors that may not be lined up with the platform, since some stations have short platforms. Other methods, such as having the driver look out the window at the sign, have apparently been discarded in favor of these more modern techniques. There'll always be a Nengland, I guess. [I cannot res-train myself from chuckling. PGN] ------------------------------ Date: Wed, 31 Dec 2008 13:46:47 -0500 From: Monty Solomon <monty () roscom com> Subject: Medical devices lag in iPod age; Patients' safety is at risk [Source: Carolyn Y. Johnson, *The Boston Globe*, 29 Dec 2008] A 32-year-old woman was on the operating table for routine gall bladder surgery, and doctors needed a quick X-ray. To keep her chest still while the image was shot, her ventilator was switched off. But the anesthesiologist, distracted by another problem, forgot to turn the breathing machine back on. The woman died. The case is an extreme example of the kind of error that could be prevented if medical devices were designed to talk to each other, says Dr. Julian Goldman, a Massachusetts General Hospital anesthesiologist who has compiled such instances from across the United States to highlight the need for medical device "connectivity." In this case, he says, synchronizing the X-ray machine with the ventilator, so the image was automatically timed to a natural pause in breathing, would have made it unnecessary to turn it off. As technology moves forward, people expect the electronic devices of everyday life to work together, from cellphones that can call or text-message other phones, to computers that interconnect with a slew of gadgets. But in the medical world, where the stakes are higher, such flexible interconnection is rare. Each device operates in its own silo. "It is really unacceptable, and it's one of the reasons we're unable to make dramatic improvements in patient safety," said Goldman, a leader in calling for a new generation of medical devices that talk to each other. Now the push for greater connectedness in hospital electronics is gaining momentum. The goal is devices that can not only plug into one another, but can also "understand" each other and automatically identify potential life-threatening problems sooner than they would have been caught by busy nurses and doctors. In October, a task force -- including Partners HealthCare, Mass. General, Johns Hopkins Medicine, Kaiser Permanente, and the Boston-based Center for Integration of Medicine and Innovative Technology -- released sample language that hospitals can incorporate into contracts with vendors of medical devices, requiring that manufacturers create products capable of communicating with other devices using agreed-upon standards. ... http://www.boston.com/news/science/articles/2008/12/29/medical_devices_lag_in_ipod_age/ ------------------------------ Date: Sun, 4 Jan 2009 09:37:37 +0000 From: Lindsay Marshall <Lindsay.Marshall () newcastle ac uk> Subject: JournalSpace wiped out; no backups Blogging service JournalSpace has been completely wiped out after the drives that housed their entire database were overwritten. The problem was that their backups weren't actually backups at all. The servers were set up with a mirrored RAID system so that if the primary drive should fail, the secondary drive would be used to recover the primary. As a result, when the data was overwritten on one drive, the other followed suit and cleared itself. A data recovery team was unable to retrieve the database. http://lifehacker.com/5122848/hard-lessons-in-the-importance-of-backups-journalspace-wiped-out ------------------------------ Date: Wed, 31 Dec 2008 23:03:41 -0500 From: "Daniel P. B. Smith" <usenet2006 () dpbsmith com> Subject: Some *digital* reception will go black in February! I'm pretty sure I'm right about this, but I haven't succeeded in getting a clear answer from anyone. It isn't discussed in any FAQ I've seen. On 17Feb 2009, some of the people most surprised by the transition will be those who carefully prepared in advance and are happily watching digital TV over the air with an "HDTV antenna." Because, on February 17th, some of the stations they are watching in _digital_ now will effectively go black. The reason is that the antennas that have been sold for years as "HDTV antennas" or "digital antennas" are UHF-only antennas. This made sense, because VHF antennas are large, bulky, expensive, and difficult to install, and because _currently_ all digital television frequency assignments are in the UHF band. The problem is that on 17 Feb 2009, when the transition occurs, some stations will be moving their signals from the UHF band to the VHF band, to take advantage of VHF spectrum that has been freed up by the cessation of analog broadcasting. For example, according to antennaweb.org, WHDH-DT in Boston, which is currently broadcasting on UHF channel 42, will move to VHF channel 7. However, you will not find any discussion of this on WHDH's website, which contains the stock DTV advice and says nothing about any special considerations in receiving WHDH-DT. Like other FAQs, it refers vaguely to antennas and does not emphasize any need to be sure that your antenna includes VHF capability if you want to receive all stations after February 17th. Not very many people will be affected by this problem. Only those who actually prepared! Another issue is that digital television receivers and converter boxes generally set themselves up automatically when first powered on, scanning through the channels and identifying and marking those where digital signals were found. It is a one-time process and people can forget that it ever took place. I wonder how many DTV receivers will handle the channel reassignments automatically and gracefully? I suspect many people, even if their antennas receive VHF, will simply lose the reassigned channels, perhaps for weeks... until they figure out that they need to initiate a manual rescan and can remember how to do it. ------------------------------ Date: Fri, 2 Jan 2009 15:02:47 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: Digital photo frames: risks of infecting PCs More than 7 million digital frames were sold in 2008, with expectations that perhaps 10 million more might be sold in 2009. However, the 2008 holiday sales included a Samsung 8-inch frame sold by Amazon.com, a 9-inch Element frame sold by Circuit City and a 1.5-inch Mercury frame sold by Wal-Mart -- all of which were infected with malware. [Source: Deborah Gage, *San Francisco Chronicle*, 2 Jan 2009, C1-C2, in a long article, PGN-ed here] Those of you with good memories may recall this as another example of an old problem that keeps recurring: similar infections were experienced during the 2007 holiday sales in frames sold by Sam's Club, Best Buy, Target, and Costco, as reported by Deborah Gage, 15 Feb 2008 and noted in RISKS-25.13. [Thanks to Deborah and the *Chronicle* for the intellectual history as well as the new report.] ------------------------------ Date: Fri, 02 Jan 2009 01:52:51 +0000 From: Alec Muffett <Alec.Muffett () Sun COM> Subject: Risks of Australians shouting at your hard drive? ObDisclaimer: I work for Sun, but this is really *neat*: it's a demonstration of what happens when you shout at hard disks / other loud noises, visualised as performance impact -- watch the latency spikes: http://uk.youtube.com/watch?v=tDacjrSCeq4 It makes you think.... maybe "audio tempest" next? A sort of inverse of http://www.vimeo.com/1109226?pg=embed ? :-) ------------------------------ Date: Fri, 2 Jan 2009 21:32:41 -0600 From: "Mike Coleman" <tutufan () gmail com> Subject: Firewall product uses man-in-the-middle attack to defeat SSL crypto Here's a new wrinkle on man-in-the-middle attacks I'd not seen before. Palo Alto Networks' PA-4000 transparent firewall claims to decrypt SSL traffic passing through it, so that organizations call apply tracking and blocking to HTTPS traffic. As explained in the review (link), users' browsers are configured to trust a new root CA that the PA-4000 itself has the private key for. It then interposes itself into HTTPS requests (and other SSL requests?) by automatically generating a masquerading certificate for the site the user is trying to connect to, decrypting the traffic so that it can be scanned in plaintext on the PA-4000, and finally re-encrypting the traffic with a second HTTPS connection to the true site. I invite my fellow RISKS readers to contemplate the technical, legal, business, and ethical implications of this approach. http://www.informationweek.com/news/hardware/reviews/showArticle.jhtml?articleID=206904763 ------------------------------ Date: Fri, 2 Jan 2009 20:27:02 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: Woman fools Japan's airport security fingerprint system [Source: 2 Jan 2009, PGN-ed; thanks to Keith Schwalm] http://www.smh.com.au/travel/woman-fools-japans-airport-security-fingerprint-system-20090102-78rv.html A South Korean woman barred from entering Japan last year has reportedly passed through its immigration screening system by using tape on her fingers to fool a fingerprint reading machine. She told investigators that she placed special tapes on her fingers to pass through a fingerprint reader. (She had been deported in July 2007 for illegally staying in Japan after she worked as a bar hostess in Nagano. She was not allowed to re-enter Japan for five years after deportation but the Tokyo immigration bureau found her in August 2008 again in Nagano.) The biometric system was installed in 30 airports in 2007 to improve security and prevent terrorists from entering into Japan. Japan spent more than Y4 billion ($A64 million) to install the system, which reads the index fingerprints of visitors and instantly cross-checks them with a database of international fugitives and foreigners with deportation records. ------------------------------ Date: Thu, 1 Jan 2009 19:16:40 -0500 From: Monty Solomon <monty () roscom com> Subject: The danger of DNA: It isn't foolproof forensics (Dolan/Felch) [Source: Maura Dolan and Jason Felch, *Los Angeles Times*, 1 Jan 2009] In 2004, a New Jersey prosecutor announced that DNA had solved the mystery of who killed Jane Durrua, an eighth-grader who was raped, beaten, and strangled 36 years earlier. "Through DNA, we put a face to the killer of Jane Durrua, and that face belongs to Jerry Bellamy," prosecutor John Kaye said. The killer, however, turned out to be someone else. Two years after Bellamy's arrest, investigators discovered that evidence from the murder scene had been contaminated by DNA from Bellamy, whose genetic sample was being tested at the same lab in an unrelated case. He was freed. Another man ultimately was arrested. DNA has proved itself by far the most effective and reliable forensic science. Over the past two decades, it has solved crimes once thought unsolvable, brought elusive murderers and rapists to justice years after their misdeeds, and exonerated innocent people. In courtrooms and in the popular imagination, it often is seen as unassailable. But as the United States rushes to take advantage of DNA's powers, it is becoming clear that genetic sleuthing has significant limitations: Although best known for clearing the wrongfully convicted, DNA evidence has linked innocent people to crimes. In the lab, it can be contaminated or mislabeled; samples can be switched. In the courtroom, its significance has been overstated by lawyers or misunderstood by jurors. The rush to collect DNA and build databases has in some cases overwhelmed the ability of investigators to process the evidence and follow up on promising leads. Some crime labs have huge backlogs of untested evidence, including thousands of rape evidence kits. In some cases, criminals who might have been caught have offended again. ... http://www.boston.com/news/nation/articles/2009/01/01/the_danger_of_dna_it_isnt_foolproof_forensics/ ------------------------------ Date: Sun, 4 Jan 2009 09:35:25 -0500 From: David Farber <dave () farber net> Subject: Phishing Scam Spreading on Twitter [From Dave Farber's IP distribution] [Chris Pirillo suggests that you really shouldn't click on the Twitter phishing URL he exhibits. You certainly don't want to sass pirillo [!], because he does show you what would happen. PGN] http://chris.pirillo.com/2009/01/03/phishing-scam-spreading-on-twitter/ ------------------------------ Date: Sat, 3 Jan 2009 00:41:54 -0500 (EST) From: danny burstein <dannyb () panix com> Subject: Domain registrar hacked; numerous repointings... [This incident is related to the ongoing hostilities in the Mideast. I'm posting it here for the technical and security info value. Please keep this neighborhood in mind if following up.] Niv Lillian, Israeli domain registration server hacked, *Israel News*, 2 Jan 2009, from: ynetnews.com (an Israeli based web source) An Islamic group based on Morocco hacked into DomainTheNet's registration system server on Friday, effectively "highjacking" various prominent domain names, the likes of ynetnews.com and Bank Discount, and rerouting users to a page featuring anti-Israel messages. ... Appearing as a defacement attempt at first, the attack soon turned out to be more sophisticated: The hackers were able to obtain a password which granted them access to the server which updates and "translates" the websites' IP addresses into a Domain Name Service; and change the IP's numeral values, effectively rerouting users away from the original websites. ... The site formed by the group featured graphic images of dead bodies and abused Iraqi prisoners. ... http://www.ynetnews.com/articles/0,7340,L-3649281,00.html ------------------------------ Date: Sat, 3 Jan 2009 18:11:17 -0800 (PST) From: Lauren Weinstein <lauren () vortex com> Subject: Qwest cuts off Internet subs in NM, including government VoIP Apparently as a result of a billing dispute and related lawsuit, Qwest reportedly cut off Internet connectivity to ISP SkyWi in New Mexico, suddenly leaving some 13000 Internet subscribers and 5400 SkyWi VoIP phone subscribers without service. Some reports indicate that those VoIP subscribers suddenly without working phones included NM public safety entities. The NM Public Regulation Commission has now stepped in and ordered Qwest to restore service, but the process has been taking some time. Regardless of who is actually at fault in the billing matter, the behavior of both companies in this situation appears to have been anything but stellar, and again points to the need for a more proactive regulatory approach to Internet access service provisioning. http://tinyurl.com/qwest-cutoff Lauren Weinstein +1 (818) 225-2800 http://www.pfir.org/lauren Blog: http://lauren.vortex.com Network Neutrality Squad http://www.nnsquad.org ------------------------------ Date: Sat, 03 Jan 2009 04:11:48 +0800 From: jidanni () jidanni org Subject: Computer vs. food and warmth In order to use the computer, I cannot use the frying pan nor electric blanket. Their cheap circuits cause the computer's uninterruptible power supply to emit an awful whine: http://groups.google.com/groups/search?as_umsgid=87d4f8ow30.fsf%40jidanni.org [A fine example of the EXCLUSIVE OR operation. I hope you don't keep the awful w(h)ine in the refrigerator. PGN] ------------------------------ Date: Sat, 03 Jan 2009 05:20:22 +0800 From: jidanni () jidanni org Subject: Yahoo tracking where you go - invasion of privacy http://permalink.gmane.org/gmane.recreation.radio.hardware.icomr5/150 ------------------------------ Date: Wed, 31 Dec 2008 14:41:06 +0000 From: Martin Ward <martin () gkc org uk> Subject: Intelligent Speed Adaptation (Re: Douglass, RISKS-25.49) Re: Risks of excessive State data collection (Douglass, RISKS-25.49) Answers to many of the questions posed by Toby can be found in the original research paper: http://eprints.whiterose.ac.uk/archive/00002008/ The UK has reduced road deaths from 8,000 per year in 1964 to just over 3,000 per year in 2005: http://www.statistics.gov.uk/CCI/nugget.asp?ID=1208&Pos=&ColRank=1&Rank=374 Most of the reduction is due to "low tech" methods: repainting roads to create space between traffic lanes, speed bumps and other traffic calming methods in built up areas, more junctions controlled by lights, and so on. But the paper above makes a strong case for the "high tech" option. The savings may be overestimated: but every 1% reduction in fatal accidents would mean 30 lives saved each year. When 35 people were killed in the Clapham Junction rail crash, it was in the news for weeks and there was a public Inquiry which led to major changes in the operation of the railways. The inquiry recommended the introduction of an Automatic Train Protection System, at a cost of over £1 billion. Nobody pointed out that in the week of the crash, about 100 people died on the roads. And another 100 in the next week, and another 100 the week after... In the time between the crash and the publication of the report, nine months later, over 100 times as many people had died on the roads, as had died in the crash. martin () gkc org uk http://www.cse.dmu.ac.uk/~mward/ ------------------------------ Date: Tue, 30 Dec 2008 17:31:42 -0500 (EST) From: danny burstein <dannyb () panix com> Subject: Re: License plate camera readers (Re: Arthur T., RISKS-25.49)
Fun with speed-trap cameras for revenge
There's actually a very good reason why this won't work, at least in regards to making people pay up for the bad tickets. In fact, I've received one myself, which I got dismissed. The key point is that the digital image is NOT a perfectly cropped photograph of "just" the license plate. Rather, the picture (and often it's a sequence of them) includes a hefty portion of the rear of the car, and generally the sides and top as well. In my own case the interpreter of the original photograph, whether human or computer recognition, misread a "0" (the number zero) as an "8", and I received a ticket in the mail. I simply wrote back pointing out that the photo showed the license plate attached to the rear end of a BMW, and that my car was most certainly not from that line. The ticket was promptly dismissed. Annoying? Mildly. But far from critical. Now finding the "real speeder" is left as an exercise to the student... ------------------------------ Date: Thu, 29 May 2008 07:53:46 -0900 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 25.50 ************************
Current thread:
- Risks Digest 25.50 RISKS List Owner (Jan 04)