RISKS Forum mailing list archives
Risks Digest 27.85
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 25 Apr 2014 11:29:17 PDT
RISKS-LIST: Risks-Forum Digest Friday 25 April 2014 Volume 27 : Issue 85 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.85.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Bug can cause deadly failures when anesthesia device is connected to cell phones (Dan Goodin via Jeremy Epstein) Another good-news story (Chiaki Ishikawa) Automated license plate reader mistake risks (Thomas Dzubin) "Task Force on Cyber Risk Formed to Advance Research" (Alex Krutov) "12 ethical dilemmas gnawing at developers today" (Peter Wayner via Gene Wirchenko) Dogs are genetically modified human babies? (Charles C. Mann) "Intuit's secret campaign to block free tax filing" (Bill Snyder via Gene Wirchenko) Mystery attack drops avalanche of malicious messages on Twitter (Dan Goodin via Monty Solomon) "Mysterious malware steals Apple credentials from jailbroken iOS devices" (Lucian Constantin via Gene Wirchenko) Citing fraud, Maine to put photos on EBT cards (Alanna Durkin via Monty Solomon) Credit card fraud detection Catch-22, and more (Rex Sanders) FBI Informant Is Tied to Cyberattacks Abroad (Mark Mazzetti via Monty Solomon) AP: Putin declares the Internet to be a "CIA Project" (Salon) Russia bans anonymous blogging, orders bloggers to register (TechDirt via NNSquad) "The sky is falling! Hackers target satellites" (Roger A. Grimes via The trouble with Canada's Digital Privacy Act (Tony Drake via Gene Wirchenko) How Urban Anonymity Disappears When All Data Is Tracked (NYT blog via Matthew Kruk) U.S. Promotes Network to Foil Digital Spying (NYTimes.com via Dave Farber) "Coding error protects some Android apps from Heartbleed" (Jeremy Kirk via Gene Wirchenko) Heartbleed hacker arrested, charged in connection to malicious bug exploit (David Kravets via Dewayne Hendricks) Heartbleed Highlights a Contradiction in the Web (Matthew Kruk) Re: Heartbleed (Dimitri Maziuk) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 24 Apr 2014 08:31:27 -0400 From: Jeremy Epstein <jeremy.j.epstein () gmail com> Subject: Bug can cause deadly failures when anesthesia device is connected to cell phones (Dan Goodin) This is a pretty clear risk! http://arstechnica.com/security/2014/04/bug-can-cause-deadly-failures-when-anesthesia-device-is-connected-to-cell-phones/ Dan Goodin, Ars Technica, 22 Apr 2014 Federal safety officials have issued an urgent warning about software defects in an anesthesia delivery system that can cause life-threatening failures at unexpected times, including when a cellphone or other device is plugged into one of its USB ports. The ARKON anesthesia delivery system is used in hospitals to deliver oxygen, anesthetic vapor, and nitrous oxide to patients during surgical procedures. It is manufactured by UK-based Spacelabs Healthcare Ltd., which issued a recall in March. A bug in Version 2.0 of the software running on the device is so serious that it could cause severe injury or death, the US Food and Drug Administration warned last week in what's known as a Class I recall. In part, the FDA advisory read: Reason for Recall: Spacelabs Healthcare is recalling the ARKON Anesthesia System with Version 2.0 Software due to a software defect. This software issue may cause the System to stop working and require manual ventilation of patients. In addition, if a cell phone or other USB device is plugged into one of the four USB ports for charging, this may also cause the System to stop working. This defect may cause serious adverse health consequences, including hypoxemia and death. Spacelabs Healthcare received one report related to the software defect. There has been no injuries or deaths associated with this malfunction. [...] [Also noted by Tony Finch, who gives new meaning to ``Blue screen of death?'' and Monty Solomon: ``It's not clear why anyone would ever connect a phone to a medical device.'' to which PGN comments, and yet that's effectively how heart pacemakers and other medical devices are controlled. Whether it is a dedicated remote controller or a mobile phone makes very little difference in practice, except for accidental events such as butt-dialing. PGN] ------------------------------ Date: Thu, 17 Apr 2014 12:53:43 +0900 From: ishikawa <ishikawa () yk rim or jp> Subject: Another good-news story I saw the following incidence on TV news when the above article from Mark Brader came in. A coincidence? In Japan, a man who was live-streaming his talk to a group of listeners suffered a minor brain stroke, resulting in an unclear speech and strange repetition of words. The listeners got worried and suggested that the speaker consult the doctor immediately. But the speaker, a man who called himself "a stone-headed old fart" or stone-headed man in the live streaming, was adamant that he was just tired, and did not listen. The listeners got really worried because the symptoms were so obvious. So someone managed to contact him via Skype (with video) next day to persuade the man to see the doctor. During the conversation, the man was talked into showing his social insurance card (government medical care a la Obama care on steroid) on the screen, and the keen-eyed caller took note of the address and name, and called the ambulance (in Japan, ambulance service is offered by municipalities and basically free of charge.) The man was hospitalized and diagnosed as having suffered a minor brain stroke, but is now OK with medication. On TV news, he thanked the listeners. A good story, indeed. Of course, I think we need to educate the society, "Don't show your ID cards on video phone" (!?) :-( Cf. I found a mention of the incidence in geek-oriented media: (in Japanese) http://news.livedoor.com/article/detail/8723618/ ------------------------------ Date: Thu, 24 Apr 2014 12:22:00 -0700 (PDT) From: Thomas Dzubin <dzubint () vcn bc ca> Subject: Automated license plate reader mistake risks http://arstechnica.com/tech-policy/2014/04/due-to-license-plate-reader-error-cop-approaches-innocent-man-weapon-in-hand/ Mistaking a "7" for a "2" on wanted Oldsmobile, not a BMW, leads to traffic stop with one of the officers approaching the car with his gun out. "Typically, LPRs can read 60 license plates per second and match observed plates against a "hot list" of wanted vehicles, stolen cars, or criminal suspects. Today, tens of thousands of LPRs are being used by law enforcement agencies all over the country. Practically every week, local media report on some LPR expansion. And often, the data captured by the LPR which plate, when and where it was seen is kept for weeks, months, or sometimes indefinitely. It can create a major pool of data, leaving the very real possibility for an occasional misread" ------------------------------ Date: Sun, 20 Apr 2014 18:15:26 -0800 From: "Alex Krutov" <alex.krutov () gmail com> Subject: "Task Force on Cyber Risk Formed to Advance Research" This effort is quite unusual in that it (1) takes a very broad view of the risk, (2) includes cyber-risk insurance in its scope, and (3) directly invites participation by other parties. The main goals are research and education. "The CAS Task Force on Cyber Risk will engage in research activities and provide educational opportunities in the analysis of cyber risk, with a particular focus on contingent events arising from cyber risk and the financial implications of these events." The analysis of potential financial consequences of cyber-related events is an important part of this. "While there is a growing body of research on some of the specific IT aspects of the risk, it is particularly difficult to tie that research to financial outcomes and insurance coverage. The Task Force on Cyber Risk intends to contribute to this ongoing research, but its primary research goal is to utilize a multidisciplinary approach in order to gain a more comprehensive and accurate view of cyber risk." It's broad, ambitious, which also means it's easier said than done. "We believe that in addressing the challenge of cyber risk analysis, it is essential to follow a multidisciplinary approach that brings together experts in actuarial science, cybersecurity and information technology, big data analytics, legal and other fields," said the task force chair. "We encourage other professionals and organizations to join us in the important effort of advancing research and education in the area of rapidly evolving cyber risk." http://prn.to/1r6iz21 and http://bit.ly/QyfJWj It's a direct invitation. ------------------------------ Date: Mon, 21 Apr 2014 14:01:06 -0700 From: Gene Wirchenko <genew () telus net> Subject: "12 ethical dilemmas gnawing at developers today" (Peter Wayner) Peter Wayner | InfoWorld, 21 Apr 2014 As software takes over more of our lives, the ethical ramifications of decisions made by programmers only become greater http://www.infoworld.com/d/application-development/12-ethical-dilemmas-gnawing-developers-today-240574 ------------------------------ Date: Sun, 20 Apr 2014 15:15:22 +0000 (UTC) From: "Charles C. Mann" Subject: Dogs are genetically modified human babies? This comic strip summarizes about half the discussions you see on the Internet: http://wondermark.com/1k20/ ------------------------------ Date: Thu, 17 Apr 2014 09:08:21 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Intuit's secret campaign to block free tax filing" (Bill Snyder) Bill Snyder, InfoWorld, 17 Apr 2014 Intuit has launched a fake grassroots campaign to beat a proposal that would allow some taxpayers to file at no cost http://www.infoworld.com/d/the-industry-standard/intuits-secret-campaign-block-free-tax-filing-240663 ------------------------------ Date: Thu, 24 Apr 2014 11:00:20 -0400 From: Monty Solomon <monty () roscom com> Subject: Mystery attack drops avalanche of malicious messages on Twitter (Dan Goodin) Scammers abuse thousands of compromised accounts linked to third-party services. Dan Goodin, Ars Technica, 23 Apr 2014 Note the "via weheartit.com" tag in the bottom right of the malicious tweet. Twitter has been hit by an avalanche of malicious tweets that are being sent by thousands of compromised user accounts. The ongoing attack, which was about two hours old and showed no signs of abating as this post was about to go live, appeared to be linked to security breaches affecting third-party sites and apps. ... http://arstechnica.com/security/2014/04/mystery-attack-drops-avalanche-of-malicious-messages-on-twitter/ ------------------------------ Date: Fri, 25 Apr 2014 09:40:58 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Mysterious malware steals Apple credentials from jailbroken iOS devices" (Lucian Constantin) Lucian Constantin, InfoWorld, 22 Apr 2014 Some iOS users found a malicious library of unknown origin on their jailbroken devices http://www.infoworld.com/d/security/mysterious-malware-steals-apple-credentials-jailbroken-ios-devices-240954 opening text: A malware campaign of yet-to-be-determined origin is infecting jailbroken iPhones and iPads to steal Apple account credentials from SSL encrypted traffic. The threat was discovered after some users reported on Reddit that they experienced crashes in some applications as a result of a mysterious MobileSubstrate add-on called Unflod. ------------------------------ Date: Sat, 19 Apr 2014 19:01:49 -0400 From: Monty Solomon <monty () roscom com> Subject: Citing fraud, Maine to put photos on EBT cards (Alanna Durkin) Alanna Durkin | Associated Press, 19 Apri 2014 AUGUSTA, Maine - Maine will begin putting photo identification on welfare benefit cards this month, first in Bangor and then across the state in an effort to target fraud and abuse, the administration of Governor Paul LePage, a Republican, said on Friday. The state will require that the heads of households and secondary card holders have photos placed on EBT cards, which low-income families use to buy food and other necessities. Residents who are younger than 19, older than 60, blind, disabled, or victims of domestic violence will be exempt, according to details about the administration's efforts laid out in a letter to the US Department of Agriculture obtained by the Associated Press through a Freedom of Access Act request. ... http://www.bostonglobe.com/metro/2014/04/18/citing-fraud-maine-put-photos-ebt-cards/vVUKLEiknCky8U2AiADF9I/story.html ------------------------------ Date: Wed, 16 Apr 2014 18:01:04 -0700 From: Rex Sanders <rsanders () usgs gov> Subject: Credit card fraud detection Catch-22, and more For several years, I've had a monthly bill of $4 to $10 automatically charged to the same credit card. A few months ago, the fraud detection system started flagging that small transaction as fraudulent, every month. A robocall to my home land line asks me to confirm; and the card is locked until I confirm. Sometimes I'm not home for days, and often I travel in areas with no cell coverage. So with no effective warning, I can't make purchases far from home, and other automatic charges can bounce. I use automatic charges so I can travel and still pay bills on time. Catch-22. After several rounds of complaints, we are at workaround #3. I'll see what happens next month. Among other nonsense: - The fraud detection system does not maintain any transaction history. - Everyone assumes that card holders have continuous telephone access. I was told several times, by different people, "we'll give you a special number to call when this happens", moments after I explained this happens when I have no telephone access. Yes, there are other workarounds I could use; all would cost more in time, money, reliability, or reputation. Why should I bear that cost? One more stupidity they fixed: The robocall leaves a message with a toll-free number to call back, which is not on my credit card. Until recently, when you called, the first thing you were asked to enter was several digits from your Social Security Number. I immediately hung up the first couple of times this happened. The rest of this story is too depressing to recount. ------------------------------ Date: Thu, 24 Apr 2014 01:22:02 -0400 From: Monty Solomon <monty () roscom com> Subject: FBI Informant Is Tied to Cyberattacks Abroad (Mark Mazzetti) Mark Mazzetti, *The New York Times*, 23 Apr 2014 WASHINGTON - An informant working for the FBI coordinated a 2012 campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Iran, Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks. Exploiting a vulnerability in a popular web hosting software, the informant directed at least one hacker to extract vast amounts of data - from bank records to login information - from the government servers of a number of countries and upload it to a server monitored by the FBI, according to court statements. The details of the 2012 episode have, until now, been kept largely a secret in closed sessions of a federal court in New York and heavily redacted documents. While the documents do not indicate whether the FBI directly ordered the attacks, they suggest that the government may have used hackers to gather intelligence overseas even as investigators were trying to dismantle hacking groups like Anonymous and send computer activists away for lengthy prison terms. ... http://www.nytimes.com/2014/04/24/world/fbi-informant-is-tied-to-cyberattacks-abroad.html ------------------------------ Date: Thu, 24 Apr 2014 13:56:32 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: AP: Putin declares the Internet to be a "CIA Project" (Salon/AP): http://www.salon.com/2014/04/24/russias_putin_calls_the_interne= t_a_cia_project/ "President Vladimir Putin on Thursday called the Internet a CIA project and made comments about Russia's biggest search engine Yandex, sending the company's shares plummeting. The Kremlin has been anxious to exert greater control over the Internet, which opposition activists -- barred from national television -- have used to promote their ideas and organize protests. Russia's parliament this week passed a law requiring social media websites to keep their servers in Russia and save all information about their users for at least half a year. Also, businessmen close to Putin now control Russia's leading social media network, VKontakte." [Some wag must have noticed the similarity between Putin and Rasputin -- who was a very controversial figure in the time of the Romanovs. That seems really Ba-Czar to me. I note here that RazPutin might be an appropriate nickname for Putin, where "raz" is a somewhat colloquial alternative for "odin" in Russian, with multiple meanings such as (the) number one, or first, or once. PGN] ------------------------------ Date: Thu, 24 Apr 2014 15:32:39 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Russia bans anonymous blogging, orders bloggers to register TechDirt via NNSquad http://www.techdirt.com/articles/20140423/09130227004/russian-net-clampdown-continues-now-its-turn-blogs-vkontakte.shtml "Clearly those onerous conditions are designed to make any blogger think twice or three times before publishing anything at all controversial or embarrassing for the authorities. The article notes that the new law may be challenged before Russia's Constitutional Court, and that there's a huge loophole in the form of blogs located overseas, which are not covered by the legislation. The fear has to be that the Russian government will now move on to blocking them too. Moreover, not content with intimidating independent blogs, the Russian authorities also seem to be tightening their grip on VKontakte, the Russian Facebook." ------------------------------ Date: Tue, 22 Apr 2014 09:30:21 -0700 From: Gene Wirchenko <genew () telus net> Subject: "The sky is falling! Hackers target satellites" (Roger A. Grimes) Roger A. Grimes, InfoWorld, 22 Apr 2014 IOActive reports finds serious risks -- and slim prospects for fixes -- in satellite communications http://www.infoworld.com/d/security/the-sky-falling-hackers-target-satellites-240934 ------------------------------ Date: Tue, 22 Apr 2014 09:33:55 -0700 From: Gene Wirchenko <genew () telus net> Subject: The trouble with Canada's Digital Privacy Act (Tony Drake) Tony Drake, *IT Business*, 21 Apr 2014 http://www.itbusiness.ca/blog/the-trouble-with-canadas-digital-privacy-act/48129 opening text: Ontario privacy commissioner Ann Cavoukian has been in the news this week, following her investigation into Canada's practice of sharing personal (health) information stored by the Canadian Police Information Centre with U.S. border officials. Cavoukian discovered -- as reported by the CBC -- that details of some 19,000 encounters between police services in Ontario and individuals struggling with mental illness have been uploaded to the CPIC database, to which the FBI and U.S. Customs and Border Patrol have free access. The issue came to light late last year, when one Canadian woman was denied entry into the U.S., ostensibly because of her history of hospitalisation for depression and a suicide attempt. ------------------------------ Date: Sun, 20 Apr 2014 21:58:56 -0600 From: "Matthew Kruk" <mkrukg () gmail com> Subject: How Urban Anonymity Disappears When All Data Is Tracked http://bits.blogs.nytimes.com/2014/04/19/how-urban-anonymity-disappears-when-all-data-is-tracked/?emc=edit_th_20140420&nl=todaysheadlines&nlid=32604355 ------------------------------ Date: Mon, 21 Apr 2014 07:08:32 -0400 From: Dave Farber <dave () farber net> Subject: U.S. Promotes Network to Foil Digital Spying - NYTimes.com Wireless routers attached to rooftops in Sayada form a local network that the developers say is more secure than the Internet. Credit Samuel Aranda for *The New York Times* [Long article, truncated for RISKS. PGN] http://www.nytimes.com/2014/04/21/us/us-promotes-network-to-foil-digital-spying.html?action=click&contentCollection=Business%20Day®ion=Footer&module=TopNews&pgtype=article SAYADA, Tunisia -- This Mediterranean fishing town, with its low, whitewashed buildings and sleepy port, is an unlikely spot for an experiment in rewiring the global Internet. But residents here have a surprising level of digital savvy and sharp memories of how the Internet can be misused. A group of academics and computer enthusiasts who took part in the 2011 uprising in Tunisia that overthrew a government deeply invested in digital surveillance have helped their town become a test case for an alternative: a physically separate, local network made up of cleverly programmed antennas scattered about on rooftops. The State Department provided $2.8 million to a team of American hackers, community activists and software geeks to develop the system, called a mesh network, as a way for dissidents abroad to communicate more freely and securely than they can on the open Internet. One target that is sure to start debate is Cuba; the United States Agency for International Development has pledged $4.3 million to create mesh networks there. Even before the network in Sayada went live in December, pilot projects financed in part by the State Department proved that the mesh could serve residents in poor neighborhoods in Detroit and function as a digital lifeline in part of Brooklyn during Hurricane Sandy. But just like their overseas counterparts, Americans increasingly cite fears of government snooping in explaining the appeal of mesh networks. ``There's so much invasion of privacy on the Internet,'' said Michael Holbrook, of Detroit, referring to surveillance by the National Security Agency. The N.S.A. is all over it, he added. ``Anything that can help to mitigate that policy, I'm all for it.'' Since this mesh project began three years ago, its original aim -- foiling government spies -- has become an awkward subject for United States government officials who backed the project and some of the technical experts carrying it out. That is because the N.S.A., as described in secret documents leaked by the former contractor Edward J. Snowden, has been shown to be a global Internet spy with few, if any, peers. [...] ------------------------------ Date: Fri, 25 Apr 2014 09:38:13 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Coding error protects some Android apps from Heartbleed" (Jeremy Kirk) Jeremy Kirk, InfoWorld, 23 Apri 2014 Some Android office-productivity apps thought to be vulnerable to Heartbleed are protected thanks to a mistake in invoking SSL functions http://www.infoworld.com/d/mobile-technology/coding-error-protects-some-android-apps-heartbleed-241031 selected text: Some Android apps thought to be vulnerable to the Heartbleed bug were spared because of a common coding error in the way they implemented their own native OpenSSL library. "Therefore, when they try to invoke SSL functions, they directly use the non-vulnerable OpenSSL library contained within the Android OS, instead of using the vulnerable library provided by the app." ------------------------------ Date: Wed, Apr 16, 2014 at 7:41 PM From: Dewayne Hendricks <dewayne () warpspeed com> Subject: Heartbleed hacker arrested, charged in connection to malicious bug exploit (David Kravets, via Dave Farber) David Kravets, (ArsTechnica, 16 Apr 2014) Computer science student is first arrest in relation to vulnerability. http://arstechnica.com/tech-policy/2014/04/heartbleed-hacker-arrested-charged-in-connection-to-malicious-bug-exploit/ A 19-year-old student has been arrested for allegedly exploiting the Heartbleed vulnerability to steal taxpayer data from as many as 900 Canadians, authorities said Wednesday. The arrest of Stephen Arthuro Solis-Reyes by the Royal Canadian Mounted Police marks the first time authorities anywhere have publicly levied charges in connection to the malicious exploitation of a defect in the widely used OpenSSL cryptography library. Canada Revenue Agency officials said they had removed public access to online tax services a day after the defect was discovered earlier this month. <http://arstechnica.com/security/2014/04/heartbleed-bug-exploited-to-steal-taxpayer-data/> But it was too late, and the Heartbleed flaw made it possible to pluck private encryption keys, passwords, and other sensitive data out of the private computer memory of the revenue agency's servers running vulnerable versions of the open source library. "The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible," Assistant Commissioner Gilles Michaud said in a statement. <http://www.rcmp-grc.gc.ca/ottawa/ne-no/pr-cp/2014/0416-heartbleed-eng.htm> Solis-Reyes is a computer science student, according to the *London Free Press*. <http://www.lfpress.com/2014/04/16/london-teen-charged-in-heartbleed-breach-of-taxpayer-data> The Heartbleed vulnerability is the result of a failure to carry out a routine bounds check in OpenSSL code that handles the Transport Layer (TLS) heartbeat extension. Heartbeat allows a connected Web client or application that sends messages to keep a connection active during a transfer of data. According to Netcraft, two-thirds of websites rely on OpenSSL to implement HTTPS encryption, although not all of them have Heartbeat enabled. The Canadian Revenue Agency said it's putting in place measures to protect the people affected by the Heartbleed-enabled breach. It said it would notify victims by registered mail. Solis-Reyes faces charges of Unauthorized Use of a Computer and Mischief in Relation to Data following his Tuesday arrest at his Ontario residence. ------------------------------ Date: Sun, 20 Apr 2014 17:18:56 -0600 From: "Matthew Kruk" <mkrukg () gmail com> Subject: Heartbleed Highlights a Contradiction in the Web http://www.nytimes.com/2014/04/19/technology/heartbleed-highlights-a-contradiction-in-the-web.html?emc=edit_th_20140419&nl=todaysheadlines&nlid=32604355 ------------------------------ Date: Thu, 17 Apr 2014 13:43:51 -0500 From: Dimitri Maziuk <dmaziuk () bmrb wisc edu> Subject: Re: heartbleed (Shapiro, RISKS-27.84)
The main impediment to wide adoption of safe languages at this point is cost of conversion and the unpredictability of garbage collection performance. The first is incrementally getting fixed, and the second seems to have given way in the face of recent work on continuous concurrent collection.
You forgot the "it's not possible to manage resources other than garbage" bit. Including file descriptors -- and in unix everything is a file. So yes, safe languages can make openssl safe from buffer overflows. With a somewhat annoying side-effect of running out of sockets every few minutes. Dimitri Maziuk, Programmer/sysadmin BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string `notsp' at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 27.85 ************************
Current thread:
- Risks Digest 27.85 RISKS List Owner (Apr 25)