RISKS Forum mailing list archives
Risks Digest 28.25
From: RISKS List Owner <risko () csl sri com>
Date: Tue, 9 Sep 2014 12:10:05 PDT
RISKS-LIST: Risks-Forum Digest Tuesday 9 September 2014 Volume 28 : Issue 25 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/28.25.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Space station launches satellites without permission (Irene Klotz via Paul Saffo) Hacker Breached HealthCare.gov Insurance Site (Monty Solomon) Hackers Breach Security of a Health Exchange Server (Monty Solomon) UCLA, Cisco & more join forces to replace TCP/IP (Lauren Weinstein) Kill switches for weaponry (Jonathan Zittrain) Fake cell towers discovered (PGN) BBC: ISPs should assume that heavy VPN users are pirates (Lauren Weinstein) "Apple iCloud backup quirk could have allowed hackers to access 'deleted' files" (John E. Dunn via Gene Wirchenko) Apple Says It Will Add New iCloud Security Measures After Celebrity Hack (Brian X. Chen via Monty Solomon) Redactions in U.S. Memo Leave Doubts on Data Surveillance Program (Monty Solomon) Online Privacy: Maybe Not So Unreasonable, After All (NYT via Monty Solomon) "Data shows Home Depot breach could be largest ever" (Jaikumar Vijayan via Gene Wirchenko) "Data shows Home Depot breach could be largest ever" (Jaikumar Vijayan) "Microsoft patch KB 2918614 triggers 'key not valid for use,' more errors" (Woody Leonhard via Gene Wirchenko) GM to Introduce Hands-Free Driving in Cadillac Model (Gabe Goldberg, Phil Smith III) Re: Software errors in Galileo Satellites (Erling Kristiansen) Re: Regarding Tesla's cash cow (Richard I Cook, Erling Kristiansen) Huffington continues trying to "disappear" their discredited "email creator" series (Lauren Weinstein) "Why Is Huffington Post Running A Multi-Part Series To Promote The Lies Of A Guy Who Pretended To Invent Email?" (Techdirt via Lauren Weinstein) Re: zero-day bounties (Henry Baker) Live Webinar: Building a Software Security Initiative (Cigital) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, 6 Sep 2014 16:23:32 -0700 From: Paul Saffo <paul () saffo com> Subject: Space station launches satellites without permission (Irene Klotz) Irene Klotz, Space Station's Cubesat Launcher has Mind of its Own, Discovery, 5 Sep 2014 http://news.discovery.com/space/space-stations-cubesat-cannon-has-mind-of-its-own-140905.htm Last night, two more of Planet Lab's shoebox-sized Earth imaging satellites launched themselves from aboard the International Space Station, the latest in a series of technical mysteries involving a commercially owned CubeSat deployer located outside Japan's Kibo laboratory module. Station commander Steve Swanson was storing some blood samples in one of the station's freezers Friday morning when he noticed that the doors on NanoRack's cubesat deployer were open, said NASA mission commentator Pat Ryan. Flight controllers at the Johnson Space Center in Houston determined that two CubeSats had been inadvertently released. ``No crew members or ground controllers saw the deployment. They reviewed all the camera footage and there was no views of it there either,'' Ryan said. The satellites, owned by San Francisco-based Planet Labs, are part of a planned 100-member network designed to collect images of the entire Earth every 24 hours. So far, 12 of 32 CubeSats delivered to the space station aboard a Cygnus cargo ship in July have been deployed, including four launched inadvertently, said NanoRacks spokeswoman Abby Dickes. In addition to the two Planet Labs satellites launched Thursday night, two more of the company's satellites were released accidentally 23 Aug, a NASA status report shows. The latest inadvertent deployment followed unsuccessful attempts Wednesday night to return NanoRack's CubeSat dispenser to service. efforts included jiggling the small robotic arm holding the dispense in an attempt to get its doors to open, Ryan added. Flight control teams are assessing whether to bring the deployer back inside the station or to try to release the remaining CubeSats still awaiting launch. ------------------------------ Date: Thu, 4 Sep 2014 21:23:30 -0400 From: Monty Solomon <monty () roscom com> Subject: Hacker Breached HealthCare.gov Insurance Site The Hacker Uploaded Malicious Software, But Consumers' Personal Data Didn't Appear to Be Taken Danny Yadron, WSJ, 4 Sep 2014 A hacker broke into part of the HealthCare.gov insurance enrollment website in July and uploaded malicious software, according to federal officials. Investigators found no evidence that consumers' personal data were taken or viewed during the breach, federal officials said. The hacker appears only to have gained access to a server used to test code for HealthCare.gov, the officials said. The server was connected to more sensitive parts of the website that had better security protections, the officials said. That means it would have been possible, if difficult, for the intruder to move through the network and try to view more protected information, an official at the Department of Health and Human Services said. There is no indication that happened, and investigators suspect the hacker didn't intend to target a HealthCare.gov server. ... http://online.wsj.com/articles/hacker-breached-healthcare-gov-insurance-site-1409861043 ------------------------------ Date: Thu, 4 Sep 2014 23:39:39 -0400 From: Monty Solomon <monty () roscom com> Subject: Hackers Breach Security of a Health Exchange Server Hackers downloaded malicious software onto a test server of HealthCare.gov, but did not steal any personal information on consumers, Obama administration officials said. http://www.nytimes.com/2014/09/05/us/hackers-breach-security-of-healthcaregov.html [up? down? which way does the staircase go? PGN] ------------------------------ Date: Thu, 4 Sep 2014 16:38:05 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: UCLA, Cisco & more join forces to replace TCP/IP UCLA, Cisco & more join forces to replace TCP/IP *Network World* via NNSquad http://www.networkworld.com/article/2602109/lan-wan/ucla-cisco-more-join-forces-to-replace-tcpip.html "Their aim is to put forth an Internet architecture that's more secure, able to support more bandwidth and friendlier to app developers. Cryptographic authentication, flow balance and adaptive routing/forwarding are among the key underlying principles." - - - Except in some comparatively specialized scenarios and situations, don't hold your breath for TCP/IP going away anytime soon. ------------------------------ Date: Wednesday, September 3, 2014 From: Jonathan Zittrain <zittrain () law harvard edu> Subject: Kill switches for weaponry (via Dave Farber) I just wrote a piece for Scientific American about kill switches for ... medium and heavy weapons. I know I've long inveighed against vendor (and, by proxy, government) control over consumer technology, and I still think that's a central threat to both open code and free speech. But all of that otherwise-worrisome tech applied to weapons seems to invert the equities. http://www.scientificamerican.com/article/the-case-for-kill-switches-in-military-weaponry/ [...] Jonathan Zittrain, Harvard Law School | Harvard Kennedy School of Government | Harvard School of Engineering and Applied Sciences and Berkman Center for Internet & Society http://cyber.law.harvard.edu> ------------------------------ Date: Sat, 6 Sep 2014 8:59:35 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Fake cell towers discovered http://mobile.betanews.com/betanews/#!/entry/mystery-fake-cellphone-towers-discovered-across-america,54073a34e56d0bb8536684dd ------------------------------ Date: Mon, 8 Sep 2014 21:58:18 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: BBC: ISPs should assume that heavy VPN users are pirates "In a submission to the Australian Government on the issue of online piracy, the BBC indicates that ISPs should be obliged to monitor their customers' activities. Service providers should become suspicious that customers could be pirating if they use VPN-style services and consume a lot of bandwidth, the BBC says." Torrent Freak via NNSquad http://torrentfreak.com/bbc-isps-should-assume-heavy-vpn-users-are-pirates-140908/ - - - = And what should we assume the folks running the BBC are? Pick your synonym for "dangerous fools" ... ------------------------------ Date: Fri, 05 Sep 2014 10:37:02 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Apple iCloud backup quirk could have allowed hackers to access 'deleted' files" (John E. Dunn) John E. Dunn | Techworld, InfoWorld, 04 Sep 2014 iCloud on iOS secretly keeps last three backups, says Check Point Software researcher http://www.infoworld.com/d/mobile-technology/apple-icloud-backup-quirk-could-have-allowed-hackers-access-deleted-files-249749 ------------------------------ Date: Sat, 6 Sep 2014 00:24:59 -0400 From: Monty Solomon <monty () roscom com> Subject: Apple Says It Will Add New iCloud Security Measures After Celebrity Hack (Brian X. Chen) Brian X. Chen, *NYTimes* blog, 4 Sep 2014 Apple said on Thursday that it would strengthen its security measures after a recent episode where hackers broke into the Apple accounts of a number of celebrities, stole their nude photos and leaked them on the Internet. The company said it would add alerts to tell people about activities that could be signs of a break-in. Customers will receive emails and alerts called push notifications, which are messages that show up prominently on iPhones and iPads, when someone tries to change the password for their iCloud account, upload their backed-up account data to a new device or log into their accounts for the first time from an unknown device, the company said. The notifications will be added in two weeks. ... http://bits.blogs.nytimes.com/2014/09/04/apple-says-it-will-add-new-security-measures-after-celebrity-hack/ ------------------------------ Date: Sun, 7 Sep 2014 11:19:35 -0400 From: Monty Solomon <monty () roscom com> Subject: Redactions in U.S. Memo Leave Doubts on Data Surveillance Program Questions persist after the release of a newly declassified version of a legal memo approving the National Security Agency's Stellarwind program, a set of warrantless surveillance and data collection activities secretly authorized after the terrorist attacks of Sept. 11, 2001. http://www.nytimes.com/2014/09/07/us/redactions-in-us-memo-leave-doubts-on-data-surveillance-program.html ------------------------------ Date: Sun, 7 Sep 2014 11:24:49 -0400 From: Monty Solomon <monty () roscom com> Subject: Online Privacy: Maybe Not So Unreasonable, After All As our online personal information has become less and less personal, the privacy pendulum may now ready to switch directions. http://bits.blogs.nytimes.com/2014/09/07/rethinking-privacy-on-the-internet/ ------------------------------ Date: Fri, 05 Sep 2014 10:34:59 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Data shows Home Depot breach could be largest ever" (Jaikumar Vijayan) Jaikumar Vijayan | Computerworld, 03 Sep 2014 The breach occurred at nearly all of Home Depot's 2200 U.S. stores http://www.infoworld.com/d/security/data-shows-home-depot-breach-could-be-largest-ever-249732 opening text: It looks like Home Depot may have earned the dubious distinction of being responsible for the biggest compromise ever involving credit and debit card data. ------------------------------ Date: Mon, 08 Sep 2014 16:04:46 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Microsoft patch KB 2918614 triggers 'key not valid for use,' more errors" (Woody Leonhard) Woody Leonhard | InfoWorld, 8 Sep 2014 August's Windows Installer Service patch causes wide range of inscrutable problems on Windows 7 and Windows 8 machines http://www.infoworld.com/t/microsoft-windows/microsoft-patch-kb-2918614-triggers-key-not-valid-use-more-errors-249973 ------------------------------ Date: Mon, 08 Sep 2014 13:04:56 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Re: GM to Introduce Hands-Free Driving in Cadillac Model "With Super Cruise, when there's a congestion alert on roads like California's Santa Monica Freeway, you can let the car take over and drive hands free and feet free through the worst stop-and-go traffic around," Barra said in the speech at Cobo Center in Detroit. "If the mood strikes you on the high-speed road from Barstow, California, to Las Vegas, you can take a break from the wheel and pedals and let the car do the work. Having it done for you -- that's true luxury." But... GM's Super Cruise technology is not a self-driving car and the feature will require drivers to remain alert and ready to take the wheel if traffic conditions become too complex, Lauckner told reporters at a briefing before Barra's speech. http://www.bloomberg.com/news/2014-09-07/gm-to-introduce-hands-free-driving-in-cadillac-model.html Let the car do the work ... BUT remain alert. "What could possibly go wrong?" seems a profoundly inadequate degree of skepticism. Comments on the article question the ability of a company that for many years shipped faulty ignition switches to get this bit of technology right. Gabriel Goldberg, Computers and Publishing, Inc. gabe () gabegold com 3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433 ------------------------------ Date: Mon, 8 Sep 2014 14:07:45 -0400 From: "Phil Smith III" <phs3 () akphs com> Subject: Re: GM to Introduce Hands-Free Driving in Cadillac Model (Jclcabal) We have dynamic cruise on our Sienna, and it's great on the highway. Doesn't function below 28mph, alas. But on the Interstate, I get behind someone I like going fast enough and not weaving/etc., lock it in a click or two above their speed, and now it's just steering, not playing with the gas. Really makes long trips less stressful. ------------------------------ Date: Fri, 05 Sep 2014 15:53:13 +0200 From: Erling Kristiansen <erling.kristiansen () xs4all nl> Subject: Re: Software errors in Galileo Satellites (RISKS-28.24) The title of this item is misleading: As you can read in the linked article, the fault causing the satellites to be injected into the wrong orbit was in the launcher, not the satellites. You may consider this a technicality. But since the launcher and the satellites come from different manufacturers, I think it is important to point to the right entity when discussing the failure. ------------------------------ Date: Fri, 5 Sep 2014 09:11:05 +0200 From: Richard I Cook MD <ricookmd () gmail com> Subject: Re: Regarding Tesla's cash cow (Burstein, RISKS-28.23) Comments on solar power:
Aside from the general economic issue, the big concern is that solar power is intermittent and can cut out at any second.
Actually, solar power is about a reliable and predictable a source of energy delivery in a usable form that I can imagine. The yearly flux of solar illumination is almost constant. More to the point, a lot of energy is used in areas where the usable intensity is low for half a year and high for the other half. Weather effects that exacerbate this are, on average, quite regular on a yearly basis. It is true that energy storage is challenging and is likely to remain so for the foreseeable future. There is great potential in the equatorial regions, most notably the great deserts. Building large collection systems there would make solar generation nearly independent of the time of year, although occasional violent weather would continue to be a problem. At least as important as producing huge amounts of power on a regular schedule, adopting such a scheme could become an economic engine that might offset the disproportionate effect of climate change on equatorial peoples. ------------------------------ Date: Fri, 05 Sep 2014 16:12:03 +0200 From: Erling Kristiansen <erling.kristiansen () xs4all nl> Subject: Re: Regarding Tesla's cash cow (Anthony, RISKS 28.24)
Solar panels do actually work tolerably well in cloudy conditions, and it's pretty rare for a cloud to cover an entire country.
Solar panels do, indeed, produce power also in cloudy conditions, but "tolerably well"? My experience is: Lightly overcast: ~30% of peak power Thick clouds: ~10% of peak power Rainy, cloudy winter day: Below threshold at which converter switches on. In winter, even at the best, sunny days, power is well below summer peak level (~50%) due to the low sun. I live in The Netherlands, where it is not so rare that a cloud covers the entire country, and more. But it is, of course, a small country. ------------------------------ Date: Sun, 7 Sep 2014 17:04:18 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Huffington continues trying to "disappear" their discredited "email creator" series (via NNSquad) "Huffington" is continuing trying to "disappear" their discredited five part series on the "creator" of e-mail. You'll recall that yesterday the links to the five stories at: http://www.huffingtonpost.com/news/the-history-of-email/ led to a sort of editorial apology. Today, four of the five stories have vanished from the page entirely -- leaving a big white gap -- and search results that previously pointed at them now appear to be 404. And in case you don't remember what this page looked like originally, I made a screenshot of it yesterday, because I anticipated something like this. Screenshot at: (G+): https://plus.google.com/+LaurenWeinstein/posts/f5i8tB4bveC ------------------------------ Date: Wed, 3 Sep 2014 08:11:03 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: "Why Is Huffington Post Running A Multi-Part Series To Promote The Lies Of A Guy Who Pretended To Invent Email?" Techdirt via NNSquad https://www.techdirt.com/articles/20140901/07280928386/huffpo-publishes-bizarre-misleading-factually-incorrect-multi-part-series-pretending-guy-invented-email-even-though-he-didnt.shtml "Again, that might make for a nice story line if there were some factual basis behind it, but there isn't. The history of e-mail is well-documented from multiple sources and it began way, way before 1978. And while early versions were somewhat crude, by 1978 they had basically everything that Ayyadurai claims to have invented (it is entirely believable that Ayyadurai, as a bright kid, independently came up with the same ideas, but he was hardly the first). There was a messaging system called MAILBOX at MIT in 1965. You can read all the details of it here, including source code. Ray Tomlinson is frequently credited with inventing the modern concept of email for the Internet by establishing the @ symbol (in 1972) as a way of determining both the user and which computer to send the email to. By 1975, there were things like email folders (invented by Larry Roberts) and some other basic email apps. As is noted, by 1976 -- two years before Ayyadurai wrote his app -- email was 75% of all ARPANET traffic." - - - Why? Because Huffington is only interested in the clicks, that's why, and if they thought they could get more clicks by claiming Caligula invented e-mail, they'd be running those stories too. ------------------------------ Date: Fri, 05 Sep 2014 11:54:51 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: Re: zero-day bounties (Mills, RISKS-28.24)
"Since the vendors pay for the bounty, introducing bugs into their own code is counterproductive" (Mills, RISKS-28.24)
Hmmm... Let's see. Suppose employee A works for company M which boasts of a bug bounty. Freelancer J colludes with employee A to either induce A to purposely create a bug, or at least provide information about where such bugs can be found. Freelancer J gets bug bounty from M, and shares it with employee A. Rinse & repeat. Everybody wins, except for the poor customers and their credit ratings after being hacked. Such collusion is legal when A is a law-maker and J is a lobbyist, and such collusion is rampant and extremely profitable. Sometimes, A and J are even the same people, which is called the "revolving door" of agencies such as the FCC and now, apparently, the NSA (Alexander).
"the Moral Hazard theory doesn't seem to apply here" *jericho, RISKS-28.24)
The biggest moral hazard is caused by computer hardware & software vendors who sell software that they're not willing to stand behind; i.e., they use their own customers as alpha and beta testers (aka "human shields" aka "collateral damage", in the case of computer hacking & ID theft). Dan Geer has already discussed this issue. Bug bounties don't "drain the swamp", but perversely create an industry dependent upon the existence of the swamp. The FBI loves the swamp, because it enables them to manufacture crimes and once in a while produce a pelt. The NSA loves the swamp, because it enables them to monitor "terrorists", and the bigger the swamp, the larger the NSA's budget. There's also the problem of price. A hundred dollars for a Twitter bug is an LOL joke; the cost of such a bug to a large corporate user might be millions of dollars. Even $100k for a significant bug pales in comparison to the millions of dollars that such a bug is worth to a criminal or nation-state. Do you ever wonder why the Apple goto-fail bug lasted so long? Let's assume that some bounty-hunter actually *did* notice Apple's goto-fail behavior. Any bounty-hunter worth his salt would quickly check for the existence of this bug on other Apple devices & versions and notice how extensive this bug was. A quick calculation would reveal that the bug was worth multiple millions of dollars to the right customer. It's entirely possible that some bounty-hunter was keeping such a bug in his inventory for this big pay day. Consider the recent JP Morgan attacks. These "Willie Sutton" hackers were apparently going after serious money, and were obviously willing to expend considerable resources in the process. What kind of a bounty would it take to buy them off? My best guess: $1 billion. Talk like a Pirate Day is in 2 weeks (Sept. 19th). We all know about pirates (the real kind, who sink ships and murder people, not the MPAA faux rhinestone kind). These pirates started off as legal "privateers", but often ended up being hanged for piracy after the govt stopped its privateer program. https://en.wikipedia.org/wiki/Privateer https://en.wikipedia.org/wiki/William_Kidd This current bug-bounty-hunting privateer movie isn't going to end any better than the seafaring privateer movie. Besides, Errol Flynn and Johnny Depp will never look as good wielding a mouse and a keyboard. However, I do *not* recommend paying larger bounties, even though there are bugs worth far more money. I *do* recommend spending *just as much money* -- i.e., *billions* of dollars -- on *formal methods* which are the only known way to *guarantee* the lack of certain types of bugs. I agree with Dan Geer that we need to loose the real privateers -- the plaintiffs bar -- on the computer hardware and software industry, so that we can finally start draining the swamp and make the Internet "safe at any speed". https://en.wikipedia.org/wiki/Unsafe_at_Any_Speed Given the "fat tail" distribution of harm from computer bugs, it's only a matter of time before the first $1 BILLION loss is incurred (assuming that it hasn't *already* occurred -- in secret -- e.g., in Sept 2008), and a large company loses 50% or more of its market value as a result of being hacked. Wouldn't it be preferable to spend $1 billion *proving programs correct* than a far larger amount to criminals and/or bounty-hunters ? ------------------------------ Date: Fri, 05 Sep 2014 14:10:52 -0400 From: Cigital <communications () cigital com> Subject: Live Webinar: Building a Software Security Initiative Webinar: Building a Software Security Initiative Thursday, September 25, 2014 1:00 - 2:00 PM EDT Register: http://discover.cigital.com/e/28332/tration-html-sco-id-1218490076/3kzhjz/848842747 The increasing frequency and costs of security breaches are driving customers, senior executives, and board of directors to demand evidence of a formal program to address software security. Do you know how to start building a scalable software security initiative? Join Cigital and Tyler Shields, Senior Analyst at Forrester Research, Inc., for a live webinar exploring what it takes to create, restart, or mature a software security initiative, including: * Strategies for securing budget and support to build a software security initiative * Identifying foundational components required for an effective software security initiative * Distinguishing key attributes of a scalable software security initiative * Tactics to enable management, security, and engineering groups to make immediate software security improvements Cigital, 21351 Ridgetop Circle, Suite 400, Dulles, VA 20166 ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string `notsp' at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 28.25 ************************
Current thread:
- Risks Digest 28.25 RISKS List Owner (Sep 09)