RISKS Forum mailing list archives
Risks Digest 27.21
From: RISKS List Owner <risko () csl sri com>
Date: Thu, 21 Mar 2013 16:44:43 PDT
RISKS-LIST: Risks-Forum Digest Thursday 21 March 2013 Volume 27 : Issue 21 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.21.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Mars Rover is Repaired, NASA Says (Henry Fountain) Weapons Experts Raise Doubts About Israel's Antimissile System (William J. Broad) Computer Networks in South Korea are Paralyzed in Cyberattack (Choe Sang-Hun) Hospital computer outage does not compromise patent safety (Richard Irvin Cook) Outage at Alchemy Communications data center in Irvine, California (Steve Golson) Cyberattack on Florida election raises questions (Lauren Weinstein) Details on the denial of service attack that targeted Ars Technica (Dewayne Hendricks) The ephemeral Internet (Bob Frankston) TSA tested program that tracked Bluetooth devices (Henry Baker) Tom Coburn Amendment Limiting National Science Foundation Research Funding Passes Senate (Lauren Weinstein) Re: Hacking the Papal Election (Sam Steingold, Neil Maller) Re: Boeing 787s to create half a terabyte of data per flight (Dag-Erling Smorgrav) Re: Boeing 787s to create half a terabyte of data per flight (PK, Dag-Erling Smorgrav) Re: "Attorney General's testimony on Aaron Swartz raises more questions than answers" (Jonathan Kamens) Sorry Google; you can Keep it to yourself (Joe Touch) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 21 Mar 2013 12:21:49 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Mars Rover is Repaired, NASA Says (Henry Fountain) The Curiosity Mars Rover developed memory problems with one of its two identical computers. Control was switched to the second system to enable repairs on the first computer. However, the second system suffered a software-based malfunction on 16 Mar and put itself on standby. Finally, as of the evening of 19 Mar, the second system was commanded back into safe mode, and repairs of the first system continue, [Source; Henry Fountain, *The New York Times*, 20 Mar 2013, PGN-ed] ------------------------------ Date: Thu, 21 Mar 2013 12:21:49 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Weapons Experts Raise Doubts About Israel's Antimissile System (William J. Broad) Israeli officials have been claiming success rates up to 90 percent. Analysis by weapons experts suggests it is more likely 40 percent at best, with some incoming rockets merely crippled or deflected and still able to do considerable damage. [Source: William J. Broad, *The New York Times*, 21 Mar 2013, PGN-ed] [This of course should remind readers of Ted Postol's efforts at MIT in demonstrating that the Patriot defenses were perhaps at best 20% effective rather than the officially regarded 95% -- i.e., mostly failing to properly eliminate the scud missiles (R 13 19 and R 13 32). PGN] ------------------------------ Date: Thu, 21 Mar 2013 12:21:49 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Computer Networks in South Korea are Paralyzed in Cyberattack (Choe Sang-Hun) Computer networks running three major South Korean banks and two of the country's largest broadcasters were paralyzed on 20 Mar 2013 in DarkSeoul virus attacks suspected of originating from North Korea. This affected ATMs, newcasters staring at blank screens, and so on. DarkSeoul is malware designed to evade popular anti-viral products. Kim Jong-Un was quoted as threatening to destroy government installations in the South and American bases in the Pacific. [Source; Choe Sang-Hun, *The New York Times*, 21 Mar 2013, PGN-ed] ------------------------------ Date: Wed, 20 Mar 2013 08:22:57 +0000 From: Richard Irvin Cook <rcook () kth se> Subject: Hospital computer outage does not compromise patent safety Boulder, CO newspaper "The Daily Camera" reports that the Boulder Community Hospital was without a functioning clinical healthcare information system for several days (http://www.dailycamera.com/news/boulder/ci_22819319). The outage effected the hospital, eight laboratories, and six imaging centers, according to the article. The hospital is: "using manual paper record-keeping systems and traditional paper charts for its inpatients. Hospital officials say the system allows them to continue treating patients, provide diagnostic services and collect important clinical information that will be entered later into each patient's electronic health record." Although a hospital physician reportedly said he doesn't think the outage is compromising the health or safety of patients, the backup system "seems a little haphazard, and it's not an organized plan." One patient is reported to have commented "If they can't keep their computer system running, how can we trust them to perform surgery?" "We apologize for the delays, but this was an unavoidable situation," a hospital official reportedly said. COI declaration: I was the lone dissenting opinion in the Institute of Medicine's report on clinical healthcare information technology (available at http://www.ctlab.org/documents/CookDissent.pdf). Clinical healthcare information technology (CHIT) is a complex endeavor and there are wide differences between the good CHIT and the bad CHIT. Richard I Cook, MD, Professor of Healthcare System Safety STH (Skolan f?r teknik och h?lsa) KTH (Kungliga Tekniska h?gskolan) Alfred Nobels All? 10, 141 52 Huddinge, SWEDEN mobile: +46 70 190 42 16 email: rcook () kth se<mailto:rcook () kth se> ------------------------------ Date: Wed, 20 Mar 2013 21:23:58 -0400 From: Steve Golson <sgolson () trilobyte com> Subject: Outage at Alchemy Communications data center in Irvine, California As reported by DreamHost: http://www.dreamhoststatus.com/2013/03/19/power-disruption-affecting-us-west-data-center-irvine-ca/ Update from our CEO on the March 19/20, 2013 power outages affecting services in our US-West (Irvine, CA) Data Center I would like to share more details with our customers concerning the power outages and resulting network and systems issues that impacted our services on March 19/20 in our US-West (Irvine, CA) Data Center (the Irvine DC for short). A third party, Alchemy Communications, manages the Irvine DC. We lease a large secure space in their facility. Alchemy is responsible for providing power, cooling, security and related infrastructure services and maintenance. The facility has a good track record on all of these responsibilities -- including providing reliable power. However, yesterday at approximately 3pm Pacific Daylight Time (PDT), there was a failure in their Uninterruptible Power Supply (UPS) system that completely shut down power to all network and systems housed in the Irvine DC. This power outage affected all tenants and was not limited to just DreamHost's equipment. The power systems at the Irvine DC are designed to be redundant. The UPS system is in-line and in the event the power grid feeds go down, the UPS provides power until the diesel-powered generators kick in. We believe, at this time, that Alchemy was performing unannounced maintenance on their UPS systems and the systems failed -- resulting in a complete power outage. In addition to their UPS systems failing, their generators did not kick in. The power failure lasted just a few minutes, however it created a number of major issues with our network and systems in the Irvine DC that took many hours for our operations teams to recover from. Not the least of which was the loss of several critical pieces of networking hardware which did not survive the power event. Complete details of these issues will be shared once we have completed a detailed review over the next couple of days. All customer-facing systems were largely restored from the first power outage by early this morning 20 Mar 2013 PDT. After the first power outage, we were assured by Alchemy that their power systems would not be worked on further until a detailed, tested plan was in place that would guarantee no additional loss of power. However, at sometime around 4:30am PDT today their UPS system failed for a second time. This resulted in another complete power outage and another intense period of reboots, restores and system checks from our team. The time to restore most services in the wake of this second power outage was much quicker, mainly because there were no resulting hardware failures and we had learned from the first failure. Alchemy has opted to run the Irvine DC on generators until the UPS issues are fully identified and resolved, and we are monitoring the situation closely to do our best to ensure that there are no further power outages or issues that will affect our services in the Irvine DC. Corrective Action: Alchemy has a team of UPS specialists and Edison power engineers on site who have identified potential points of failure in the existing UPS infrastructure. They are currently in the planning phases of a repair to the UPS systems. The proposed power system enhancements will be subject to rigorous review and testing before being implemented. If all goes as planned, the facility will be able to switch back from generators to grid/UPS power. At this time, we do not believe that a public grid power failure contributed to either of these incidents. DreamHost will have additional network, systems and data center engineers assigned to monitor all systems in the Irvine DC during the UPS system upgrade. We also have oversight of the proposed UPS system repair plan being structured by Alchemy. We will post an update on dreamhoststatus.com as soon as the timing of any planned power system maintenance is known. We are working diligently to ensure that the planning and implementation of any UPS upgrades, maintenance and/or the cut back to grid/UPS power will not affect continuous power to our systems and will not impact our customers. Last, but not least, I want to apologize for these service disruptions. I know how critical our services are to our customers and their livelihood. I fully recognize that any disruption to services can affect important production environments and projects. Our team will work diligently to ensure that we mitigate the power issues going forward, including a full audit of all facilities that house DreamHost customer data. We will learn from this event and continuously improve our operations and services. All customers impacted by these service issues can apply for credits or refunds in accordance with our guaranteed uptime policy by contacting support through the panel. Simon Anderson, CEO, DreamHost ------------------------------ Date: Mon, 18 Mar 2013 14:22:22 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Cyberattack on Florida election raises questions http://www.cnn.com/2013/03/18/tech/web/florida-election-cyberattack/index.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+rss%2Fcnn_us+%28RSS%3A+U.S.%29 ------------------------------ Date: Wednesday, March 20, 2013 From: Dewayne Hendricks Subject: Details on the denial of service attack that targeted Ars Technica [From Dave Farber's IP and elsewhere] Sean Gallagher on Brian Krebs, 18 Mar 2013 Take a "booter" site survey, earn attacks like ones that targeted Ars, http://arstechnica.com/security/2013/03/details-on-the-denial-of-service-attack-that-targeted-ars-technica/ Last week, Security Editor Dan Goodin posted a story about the "swatting" of security reporter Brian Krebs and the denial of service attack on Krebs' site. Soon after, Ars was targeted by at least one of the individuals behind the Krebs attack. On Friday, at about noon Eastern Daylight Time, a denial of service attack struck our site, making connectivity to Ars problematic for a little less than two hours. The attack continued to run throughout Friday. At 9pm EDT, when our hosting provider brought down one of the filters that had been put in place to thwart it, it quickly became apparent that the attack was still underway, and the filter was restored. The most aggressive filters were finally removed on Saturday. At least in part, the offensive used the same attack tool and user credentials that were involved in the denial-of-service (DoS) attack on Krebs On Security, as Krebs himself revealed in a blog post. The attackers used multiple accounts on TwBooter, a "booter" site that provides denial of service attacks as a paid service (ostensibly for security testing purposes), to launch an automated, denial of service attack on Ars. And at least one of those logins was also used to attack Krebs' site. TwBooter masks all of the complexity of launching attacks against sites. Users of the site can, depending on how much they pay, launch up to three simultaneous automated attacks against sites through a simple Web interface. TwBooter users can even set up multiple accounts and fill up the queue of the service's "attack server." It doesn't cost much to get in on the ground floor with TwBooter -- an account with rights to a single automated attack of up to 60 seconds in length is $10 for a month. This means you can launch as many 60 second attacks as you want, one at a time, all month long. The "license" to launch up to three attacks at a time of up to two hours duration is $169 a month -- but there's a 20 percent discount if you pay through Liberty Reserve instead of PayPal. There's also a free plan that allows for attacks up to 300 seconds long. That service requires users to pick an attack type from a pull-down menu in a Web form. PayPal payments for the site are routed to Sebastien Lariviere, a former IT technician for the county government (MRC) of Pierre-De Saurel in Quebec (now operating as Lariviere Security). Lariviere did not respond to e-mails from Ars for comment. Obviously, sites like TwBooter generate a lot of ill will and are ironically the target of DoS attacks themselves. Like many legitimate and "black hat" sites -- such as the site exposed.su, a website that recently posted the personal information of many public figures -- TwBooter runs behind the CloudFlare content delivery network as a way of shielding itself from attacks. TwBooter may not have been the only service used to launch the attacks on Ars and Krebs. "There are dozens of these booter services out there, most of them based on the same source code," Krebs told Ars. But Krebs received a tip pointing to a dump of TwBooter's customer database -- openly accessible on the services' website. It's clear the TwBooter site was part of the attack. A snippet from the SQL dumps Krebs provided to Ars show that multiple attacks (including Slowloris, TCP amplification, and SYN flood attacks) were queued up by multiple accounts on the site. [...] ------------------------------ Date: Mon, 18 Mar 2013 16:00:44 -0400 From: "Bob Frankston" <Bob19-0501 () bobf frankston com> Subject: The ephemeral Internet http://forum.icann.org/lists/comments-closed-generic-05feb13/pdfVMmmFgwpbw.pdf Disappointing - no sense that the DNS is problematic because it guarantees the Internet will unravel. How can we have any long term persistence when the very bonds that hold the Internet together a designed to melt away like surgical thread. I understand that ICANN profits form leasing our identities and thus has every incentive to continue this practice but where is the pushback for a problem so real and obvious? There are other issues in the document like the assumption that words can have persistent meaning out of context like "For example, when you go to a .map domain name you will be confident that you will see some sort of map." The Google search team knows how difficult it is to pin down meaning. But for the moment the high order bit is the lack of stable identifiers. Bob Frankston http://frankston.com ------------------------------ Date: Thu, 21 Mar 2013 10:51:53 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: TSA tested program that tracked Bluetooth devices [FYI -- Didn't Google just get into a heap of hot water over doing exactly the same thing with WiFi?] Scott MacFarlane, WPXI, 20 Mar 2013 TSA tested, scrapped program that tracked Bluetooth devices http://www.wpxi.com/news/news/local/tsa-tested-scrapped-program-tracked-bluetooth-devi/nWyfh/ Lines can be long at airport security. The Transportation Security Administration knows too. Documents obtained by Eyewitness News showed TSA tested a project to measure how long. Sensors in the terminal found Bluetooth devices, honed in on the signals and tracked how long it took people to get through security. An internal TSA document stated it worked by ``detecting signals broadcast to the public by individual devices and calculating a wait time as the signal passes sensors positioned to cover the area in which passengers may wait in line.'' It said the information would be encrypted and destroyed within two hours to protect people's privacy. TSA tested the technology in 2012 in Las Vegas and Indianapolis, but bailed on it. ``This is an expensive and needlessly complicated way of estimating wait times, compared with say a ticket agent writing the time at the front of the line," said Julian Sanchez, author of "Wiretapping the Internet.'' TSA has taken criticism in the recent months for its handling of passenger privacy, including enhanced pat downs and whole body scanners. A spokesman for the Association of Airline Passengers Rights said his group isn't comfortable with Bluetooth tracking and TSA has a history of saying it's keeping passenger information private and then changing its story. TSA documents show the agency considered posting warning signs alerting passengers that Bluetooth sensors were active, but officials didn't return comment when Eyewitness News asked if the signs were posted at the cities where the technology was tested. A spokesman confirmed they've scrapped the program before it became public. ------------------------------ Date: Thu, 21 Mar 2013 12:03:27 -0700 From: Lauren Weinstein PRIVACY Forum <privacy () vortex com> Subject: Tom Coburn Amendment Limiting National Science Foundation Research Funding Passes Senate "Adoption of this amendment is a gross intrusion into the widely-respected, independent scholarly agenda setting process at NSF that has supported our world-class national science enterprise for over sixty years," the association said in a statement. "The amendment creates an exceptionally dangerous slippery slope. While political science research is most immediately affected, at risk is any and all research in any and all disciplines funded by the NSF. The amendment makes all scientific research vulnerable to the whims of political pressure." http://j.mp/Z3sWWY (Huffington) - - - An information and research control abomination by the Senate, in the finest tradition of Stalinist thinking, Comrade Coburn. ------------------------------ Date: Wed, 20 Mar 2013 15:56:36 -0400 From: Sam Steingold <sds () gnu org> Subject: Re: Hacking the Papal Election (Schneier, RISKS-27.20) This article reminded me of a wonderful historical episode described by Bazhanov - directly relevant to the voting security. In 1920-ies the Soviet citizens were divided into 2 classes: Party members, who enjoyed full democratic freedoms, and non-members, who were completely at the mercy of the political police. Policy decisions were made by party members by voting on a platform (the Central Committee platform vs the Opposition platform). So, each local organization voted on the issue and sent the results to the Central Committee, and these results were published in the official newspaper Pravda. Stalin, who, allegedly, later said that "it matters who counts the votes, not who votes", came up with a brilliant scheme: Pravda published all results as if they came in favor of the Central Committee platform. E.g., if the local organization A voted 11 votes for CC, 17 votes for Opposition and organization B voted 20 votes for CC and 12 votes for the Opposition, then B was reported as is and the votes in A were switched and reported as if 17 voted for CC and 11 for the Opposition. This way the appearance was that the Central Committee's platform was clearly more popular, and if the chief of A noticed the "typo" and complained, the next issue would carry a small apology (obviously not as prominent as the election results). This way the Party was constantly bombarded by "evidence" that the Central Committee's platform was more popular, which would swing the opportunist vote (also there was always a risk that the supporters of the Opposition might be expelled from the Party). Sam Steingold (http://sds.podval.org/) http://www.childpsy.net/ http://iris.org.il http://dhimmi.com http://www.PetitionOnline.com/tap12009/ http://pmw.org.il http://truepeace.org ------------------------------ Date: Mon, 18 Mar 2013 15:26:36 -0400 From: Neil Maller <neil () nmaller net> Subject: Re: Hacking the Papal Election (Schneier, RISKS-27.20) As a postscript to Bruce Schneier's fascinating "Hacking the Papal Election" analysis (RISKS-27.20), I would add that it has been widely reported that Vatican authorities laid a false floor in the Sistine Chapel to cover electronic jamming equipment. This was intended to protect against electronic eavesdropping...or unauthorized Cardinal tweets. See: <http://www.theverge.com/2013/3/10/4086176/radio-jammers-in-the-sistine-chapel-will-protect-secrecy-of-papal>. ------------------------------ Date: Mon, 18 Mar 2013 22:01:37 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des () des no> Subject: Re: Boeing 787s to create half a terabyte of data per flight "Bob Frankston" <bob2-39 () bobf frankston com>
I'm not sure what the worry is since we are collecting much of this already.
Steve Loughran <steve.loughran () gmail com> writes:
In Risks 27.19, Dag-Erling Smorgrav considers the fact that the Boeing 787s will generate 0.5TB of data per flight, and asks "what could possibly go wrong"?
You both missed the most important part of the quote I provided: "every piece of that plane has an Internet connection" I sincerely hope Bulman misspoke, and that these devices are in fact connected to a closed network, although that is no guarantee in itself. Dag-Erling Sm=C3=B8rgrav - des () des no ------------------------------ Date: Mon, 18 Mar 2013 22:53:29 +0100 From: PK <djc () resiak org> Subject: Re: Boeing 787s to create half a terabyte of data per flight If the half-terabyte of data per Boeing 787 flight is going to be used for anything important, I'd want it to be kept forensically secure, certain that the data kept are the data gathered, unmodified. And that, I think, is a solvable problem. I'd say the same should go for any important black box data, including cars and trains. ------------------------------ Date: Mon, 18 Mar 2013 21:47:17 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des () des no> Subject: Re: Fake silicone fingers strike again (Mann, RISKS-27.20) The only surprise here is that anyone should consider this news. And you don't need an expensive 3D printer and the complex software and know-how to operate it to create a prosthesis. In this case, I suspect they just took casts (since they were impersonating accomplices rather than victims). However, given a good copy of the victim's fingerprint, a hundred dollars' worth of hobby electronics supplies and a teaspoon of ,liquid latex, you can trivially create a piece of prosthetic skin which, when glued onto your own finger, will fool fingerprint scanners with liveness detection. Allegedly, some scanners can even be defeated by pressing a balloon filled with warm water onto the sensor plate, causing it to scan the latent fingerprint left behind by the previous user... Dag-Erling Sm=C3=B8rgrav - des () des no ------------------------------ Date: Mon, 18 Mar 2013 15:10:22 -0400 From: Jonathan Kamens <jik () kamens us> Subject: Re: "Attorney General's testimony on Aaron Swartz raises more questions than answers" (Samson, RISKS-27.20) Both Senator Cornyn and the Ted Samson at InfoWorld display a marked lack of understanding in how sentencing for federal criminal convictions works. The news media is very bad about this in general, and has been very bad about it specifically with regards to the Aaron Swartz case. Ken White at the Popehat blog wrote a clear, detailed explanation of how sentencing works and why it's almost always completely bogus to look at the maximum possible sentences for all of the crimes someone has been indicted for, add them all together, and pretend the total bears any relation whatsoever to how long the defendant's sentence will actually be if s/he is convicted. This is required reading for anyone who wants to be an educated news consumer who deals in facts rather than baseless hyperbole: http://www.popehat.com/2013/02/05/crime-whale-sushi-sentence-eleventy-million-years/ ------------------------------ Date: Mar 21, 2013 2:59 PM From: "Joe Touch" <touch () isi edu> Subject: Sorry Google; you can Keep it to yourself [Relatively self-contained response to a message in Dave Farber's IP distribution.] Not sure what the surprise here is. If you don't control your information, you don't *control* your information. That's why I waited for Palm when many others were using dedicated phonebook/note devices - it was open enough that I could backup and view the info. When Palm went to a cloud-only solution, I switched to the iPhone. I bought ToDo for it to manage reminders because Apple won't back them up locally; when an update to ToDo required cloud-backup, I ceased tracking updates. ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 27.21 ************************
Current thread:
- Risks Digest 27.21 RISKS List Owner (Mar 21)