RISKS Forum mailing list archives
Risks Digest 28.46
From: RISKS List Owner <risko () csl sri com>
Date: Wed, 21 Jan 2015 16:11:23 PST
RISKS-LIST: Risks-Forum Digest Wednesday 21 January 2015 Volume 28 : Issue 46 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/28.46.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Potential nationwide weakness in hospital emergency power (Gerrit Muller) The Patient Will See You Now (Eric Topol via Gabe Goldberg) Today's Apps Are Turning Us Into Sociopaths? (Matthew Kruk) Getting the Most Out of Apple iOS 8 (Monty Solomon) Wireless device in two million cars wide open to hacking (Ars via Lauren Weinstein) Schneider Electric SCADA Gateway contains hardcoded credentials (Bob Gezelter) IoT silliness: Headless devices without a UI (Galen Gruman via Gene Wirchenko) The NY Times reports establishment of an "Exchange" for Hacking Tasks (Bob Gezelter) David Cameron seemingly calls for ban or weakening of Internet crypto (Lauren Weinstein) WhatsApp and iMessage could be banned under new surveillance plans (Lauren Weinstein) Why Western Governments Want to Destroy Computer Security -- and Your Security Along the Way (Lauren Weinstein) ISIS Is Cited in Hacking of Central Command's Twitter and YouTube Accounts (Monty Solomon) Report Finds No Substitute for Mass Data Collection (Monty Solomon) Passengers' Personal Data At Risk (Gabe Goldberg) Algorithms now have PR (Christian Sandvig) FCC wants to RELAX telemarketing rules for cell phones (Lauren Weinstein) Need Some Espionage Done? Hackers Are for Hire Online (Monty Solomon) 4th-Party Collection: NSA's Wink Wink Nod Nod to the 4th Amendment (Henry Baker) Ethics related to malware (George Ledin via PGN) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, 17 Jan 2015 21:20:49 +0100 From: Gerrit Muller <gerrit.muller () gmail com> Subject: Potential nationwide weakness in hospital emergency power An incident in a hospital in Roermond, the Netherlands, uncovered a problem that may be present in more hospitals. a free summary/translation of , http://nos.nl/artikel/2004721-tno-noodstroom-ziekenhuizen-onzeker.html> In the Roermond hospital, the emergency power did not start due to a poorly charged battery of the computer controlling the emergency power. This battery ought to be charged continuously. The poor charging state had not been detected by regular checks and tests. The battery has a normal life time of 10 years and was only 3 years old at the moment of failure. Batteries are normally changed after 5 years. Switching back when power was available again also went wrong. TNO (the Dutch applied research institute who investigated the failure) suspect the low voltage caused by the poor battery. TNO recommend to use redundant batteries. Sampling other hospitals showed similar configurations in at least 10 other hospitals. Gerrit Muller (part-time employed at TNO, however, not related to the department that did this research) Gaudi System Architecting homepage <http://www.gaudisite.nl/> ------------------------------ Date: Tue, 20 Jan 2015 12:31:32 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: The Patient Will See You Now (Eric Topol) Print headline on this: Soon your phone will be as smart as your doctor Topol sees a future in which "your smartphone will become central to labs, physical exams, and even medical imaging; and you can have ICU-like [intensive-care unit] monitoring in the safety, reduced expense, and convenience of your home." This is a book full of technical wizardry and intriguing questions about the nature -- and the future -- of diagnosing, monitoring and healing. ...and insurance companies will limit coverage to buying cheap phones and medical apps up to $0.99; doctors no longer needed. At least it will be easier getting appointments with your phone. http://www.washingtonpost.com/opinions/book-review-the-patient-will-see-you-now-on-future-of-medicine-by-eric-topol/2015/01/16/4b345b00-9761-11e4-aabd-d0b93ff613d5_story.html Gabriel Goldberg, Computers and Publishing, Inc. gabe () gabegold com 3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433 ------------------------------ Date: Mon, 19 Jan 2015 06:22:45 -0700 From: "Matthew Kruk" <mkrukg () gmail com> Subject: Today's Apps Are Turning Us Into Sociopaths? http://www.wired.com/2014/02/outsourcing-humanity-apps/ ------------------------------ Date: Fri, 16 Jan 2015 15:14:51 -0500 From: Monty Solomon <monty () roscom com> Subject: Getting the Most Out of Apple iOS 8 The new operating system can help you monitor battery use better, help take better photos and make Siri easier to use. http://www.nytimes.com/2015/01/15/technology/personaltech/tips-to-get-the-most-out-of-apple-ios-8.html ------------------------------ Date: Tue, 20 Jan 2015 13:44:15 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Wireless device in two million cars wide open to hacking (Ars) Ars via NNSquad http://arstechnica.com/security/2015/01/wireless-device-in-two-million-cars-wide-open-to-hacking/ "An electronic dongle used to connect to the onboard diagnostic systems of more than two million cars and trucks contains few defenses against hacking, an omission that makes them vulnerable to wireless attacks that take control of a vehicle, according to published reports. US-based Progressive Insurance said it has used the SnapShot device in more than two million vehicles since 2008. The dongle tracks users' driving to help determine if they qualify for lower rates. According to security researcher Corey Thuen, it performs no validation or signing of firmware updates, has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols. SnapShot connects to the OBDII port of Thuen's 2013 Toyota Tundra pickup truck, according to Forbes. From there, it runs on the CANbus networks that control braking, park assist and steering, and other sensitive functions." - - - Waiting to hear what FLO has to say about this ... ------------------------------ Date: Wed, 21 Jan 2015 13:26:19 -0700 From: "Bob Gezelter" <gezelter () rlgsc com> Subject: Schneider Electric SCADA Gateway contains hardcoded credentials Much has been made of the benefits and detriments of the Internet of Things (IoT). Security, integrity, and privacy problems are a particular challenge. Implementing ease of use while maintaining security is a challenge. There have been many cases of consumer and SOHO devices coming with pre-installed credentials and backdoors. The problem is even more serious with industrial systems where compromised credentials can permit conversion of a network attack into an attack with serious physical consequences. Reportedly, the Schneider Electric SCADA Gateway comes with pre-installed, known FTP credentials. An update is reported to permit FTP access to be disabled, but the credentials remain. The original article is at: http://threatpost.com/hard-coded-ftp-credentials-found-in-schneider-electric-scada-gateway/110565 Bob Gezelter, http://www.rlgsc.com ------------------------------ Date: Tue, 13 Jan 2015 09:17:34 -0800 From: Gene Wirchenko <genew () telus net> Subject: IoT silliness: Headless devices without a UI (Galen Gruman) Galen Gruman, InfoWorld, 13 Jan 2015 Many Internet of things devices can be controlled via smartphone only. What could possibly go wrong? http://www.infoworld.com/article/2867356/internet-of-things/beware-this-iot-fallacy-the-headless-device.html ------------------------------ Date: Fri, 16 Jan 2015 06:35:04 -0700 From: "Bob Gezelter" <gezelter () rlgsc com> Subject: The NY Times reports establishment of an "Exchange" for Hacking Tasks *The NY Times* Dealbook column has reported the establishment of Hacker's List, a website providing an exchange allowing those in "need" of hacking attacks to interact with providers of the services. Exchanges that facilitate monetized hacking, serve to reduce the costs of hacking to a level compatible with consumer purchases is not a positive development. Exchanges for such activities accentuate the trend of hacking for profit, which has been building for nearly two decades. The original article is at: http://dealbook.nytimes.com/2015/01/15/need-some-espionage-done-hackers-are-for-hire-online/ Bob Gezelter, http://www.rlgsc.com ------------------------------ Date: Mon, 12 Jan 2015 11:10:37 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: David Cameron seemingly calls for ban or weakening of Internet crypto Spies should be able to monitor all online messaging, says David Cameron *The Telegraph* via NNSquad http://www.telegraph.co.uk/technology/internet-security/11340621/Spies-should-be-able-to-monitor-all-online-messaging-says-David-Cameron.html The Security Services will be given the powers to read all messages sent over the Internet, if the Conservatives win the general election. David Cameron, the Prime Minister, made the pledge at a campaign event attended by up to 100 Conservative activists in Nottingham. The police and the intelligence agencies have expressed concerns that they are not able to access the content of some of the new ways to communicate over the Internet. - - - At face value, he appears to be saying that he wants to ban or weaken TLS and PGP, etc. ------------------------------ Date: Mon, 12 Jan 2015 22:28:03 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: WhatsApp and iMessage could be banned under new surveillance plans *The Independent* via NNSquad http://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-and-snapchat-could-be-banned-under-new-surveillance-plans-9973035.html "The Prime Minister said today that he would stop the use of methods of communication that cannot be read by the security services even if they have a warrant. But that could include popular chat and social apps that encrypt their data, such as WhatsApp. Apple's iMessage and FaceTime also encrypt their data, and could fall under the ban along with other encrypted chat apps like Telegram." ------------------------------ Date: Thu, 15 Jan 2015 14:26:10 -0800 From: lauren () vortex com Subject: Why Western Governments Want to Destroy Computer Security -- and Your Security Along the Way Lauren Weinstein's Blog Update, 15 Jan 2015 http://lauren.vortex.com/archive/001084.html It's always illuminating when the longtime enemies of security and free speech come out from the shadows, making their intentions and sensibilities crystal clear for all to see and understand. Nope, I'm not talking about terrorists of whatever stripes -- we've always known how criminal scum like that thinks and how they desire to remake the world in the image of their tiny minds and 13th century mindsets. Nor am I speaking of Putin, Kim Jong-un, Ali Khamenei, Xi Jinping, or the like -- the iron fist with which these leaders desire to control speech and suppress domestic dissent is all too obvious even at a glance. No. I'm painfully forced to note the new threat matrix aimed squarely at shedding our free speech and security rights that is spewing squarely from Western governments -- from the U.S., U.K, and across the length and breadth of Europe. It's tempting to suggest that this renewed push to strip us of these fundamental rights was triggered by the recent devastating terrorist attack in Paris -- but that horrendous event serves only as an excuse for a long simmering, long sought crackdown on Internet speech and security that has been smoldering for ages. Going all the way back to 1993 and the fiasco of the proposed U.S. "Clipper Chip" reveals the U.S. intelligence community's fear of strong cryptography. And today, the EU's enthusiastic embrace of the nightmarish "Right to Be Forgotten" concept, and their push to apply that EU censorship system across the entire world, gives us clues to European motives along these lines. So for anyone really paying close attention to these matters, the dots were already pretty much in place, certainly sufficiently so that the latest proposals from Western leaders shouldn't come as any kind of significant surprise. And those repulsive proposals have been arriving hot and heavy over the last few days. President Obama is reportedly to offer a vast expansion of criminal penalties for "computer hacking" broadly defined, and as part of that legislative package also to vastly expand the definition of hacking in the process. If you thought the late Aaron Swartz really had the book thrown at him by DOJ, the new proposals would likely make that look like a paperback novel compared with a wall of ancient encyclopedias dumped on the heads of future defendants. The details we've heard so far reportedly suggest that at the discretion of prosecutors, merely clicking the wrong link on a public site, or conducting perfectly legitimate cybersecurity research, could net you being shackled in a federal cell for a decade or more. But it gets worse. Western leaders, led by David Cameron of the UK, appear poised to demand that all Internet communications be subject to data retention and monitoring by governments, and that no applications be permitted to deploy encryption that the government could not disable or defeat on demand. Prime Minister Cameron has said this explicitly of late, and is seeking support from other European leaders and President Obama for this disastrous concept. Let's be crystal clear about this. While the initial discussion might revolve around instant messaging apps, it's obvious that the logical and inevitable extension of this concept is to require the undermining of all Internet encryption. Email. PGP. The works. And what you can't backdoor or otherwise undermine you simply outlaw, with criminal penalties draconian enough to scare off all but the most dedicated or masochistic of free speech and security activists. The word "security" is critical here, because while these leaders are claiming that such proposals would enhance security to "protect us from the terrorists" -- in reality the proposed decimation of the foundational structures of cryptographic systems would put all of us -- our personal information, our power systems, our industrial facilities, and so many other aspects of our lives -- at the mercy of cyberattacks newly enabled by such weakened and so inevitability exploitable encryption ecosystems. Without any exaggeration, this may easily be the most serious threat to Internet security -- and so to the entire global community that now depends on the Internet for so many facets of our lives -- since the first ARPANET messages clattered over a teletype at UCLA decades ago. Legitimate and measured means to fight against the scourge of terrorism are essential. But those do not include trying to convert the secure communications of law abiding citizens -- billions of them -- into "tap on demand" portals for government snoops, no matter how ostensibly laudable or graphically terrifying those officials attempt to frame their arguments. We've all come to expect the "government owns your communications" propaganda from Putin and his ilk. To hear the same sort of twisted reasoning -- no matter how candy coated or sprinkled with excuses -- flinging forth from our Western leaders is disheartening in the extreme, and must not be accepted without vigorous challenge, debate, and due consideration for the enormous damage such proposals could easily wreak on us all. ------------------------------ Date: Tue, 13 Jan 2015 08:25:24 -0500 From: Monty Solomon <monty () roscom com> Subject: ISIS Is Cited in Hacking of Central Command's Twitter and YouTube Accounts http://www.nytimes.com/2015/01/13/us/isis-is-cited-in-hacking-of-central-commands-twitter-feed.html ------------------------------ Date: Fri, 16 Jan 2015 15:06:40 -0500 From: Monty Solomon <monty () roscom com> Subject: Report Finds No Substitute for Mass Data Collection A federal study found that there was no reliable way to get at the communications of terrorism suspects without sweeping up records of every call in the United States. http://www.nytimes.com/2015/01/16/us/politics/report-finds-no-alternative-to-bulk-collection-of-phone-data.html ------------------------------ Date: Tue, 20 Jan 2015 12:24:36 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: Passengers' Personal Data At Risk Mining For Dollars Remember a few years after 9/11 when the airlines started requiring you to use your full name as it appears on a government issued ID, date of birth and gender when you buy a plane ticket? That's so the TSA can check you against the Federal No-Fly List. But there is more than meets the eye. In 2012, TSA rolled out "PreCheck" (or "PreâÂÂî"). Exempt from Federal privacy laws, the PreCheck database contains detailed personal information, including name, birthdate, biometric information, physical characteristics, Social Security Number and financial information. TSA now plans to release applicant's data to federal, state, tribal, local, foreign governments and debt collectors. http://strandedpassengers.blogspot.com/ ...a stinky bouquet of "What could go wrong?" Gabriel Goldberg, Computers and Publishing, Inc. gabe () gabegold com 3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433 ------------------------------ Date: Thu, 15 Jan 2015 13:05:54 -0500 From: Christian Sandvig <csandvig () umich edu> Subject: Algorithms now have PR Sorting, personalization, recommendation, and search algorithms now have their own public relations, complicating the need for transparency about how important computer systems operate. Examples covered: quicksort represented as a Hungarian folk dance, a cartoon that explains how Google search works, a social media consultant that explains that Facebook is like a 19th Century grist mill, and an advertising campaign for ask.com proclaiming that "The Algorithm Constantly Finds Jesus." Seeing the Sort http://median.newmediacaucus.org/art-infrastructures-information/seeing-the-sort-the-aesthetic-and-industrial-defense-of-the-algorithm/ ------------------------------ Date: Sat, 17 Jan 2015 09:23:16 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: FCC wants to RELAX telemarketing rules for cell phones *Daily Finance* via NNSquad http://www.dailyfinance.com/on/fcc-relax-robocall-rule/ "But now the Federal Communications Commission is considering relaxing a key rule and allowing businesses to call or text your cellphones without authorization if they say they called a wrong number. The banking industry and collections industry are pushing for the change." - - - Really bad idea -- because it hands the perfect excuse to the really evil players. ------------------------------ Date: Fri, 16 Jan 2015 15:22:10 -0500 From: Monty Solomon <monty () roscom com> Subject: Need Some Espionage Done? Hackers Are for Hire Online No longer just the domain of intelligence agencies, `hacktivists' or criminal gangs, there is a growing cottage industry of ordinary people hiring hackers for much smaller acts of espionage. http://dealbook.nytimes.com/2015/01/15/need-some-espionage-done-hackers-are-for-hire-online/ ------------------------------ Date: Tue, 20 Jan 2015 11:23:59 -0800 From: Henry Baker <hbaker1 () pipeline com> Subject: 4th-Party Collection: NSA's Wink Wink Nod Nod to the 4th Amendment FYI -- You scratch my back and I'll scratch yours, whether or not I even know you. The NSA's "4th Party Collection" provides the mechanism for gathering information that the NSA can't legally collect on its own. By spying on other spies, the NSA avoids a problem the FBI ran into in the 1950's, when there were sometimes so many illegal taps on a labor union's phone lines that the labor unionists could barely hear the person at the other end of the phone conversation. The NSA has already run into computers & routers with surveillance malware from spy organizations from multiple countries simultaneously! ``The practice of letting other intelligence services do the dirty work and then tapping their results is so successful that the NSA even has a name for it: Fourth Party Collection.'' http://www.spiegel.de/international/world/new-snowden-docs-indicate-scope-of-nsa-preparations-for-cyber-battle-a-1013409.html The Digital Arms Race: NSA Preps America for Future Battle By Jacob Appelbaum, Aaron Gibson, Claudio Guarnieri, Andy Müller-Maguhn, Laura Poitras, Marcel Rosenbach, Leif Ryge, Hilmar Schmundt and Michael Sontheimer The NSA's mass surveillance is just the beginning. Documents from Edward Snowden show that the intelligence agency is arming America for future digital wars -- a struggle for control of the Internet that is already well underway. ......... Part 2: How the NSA Reads Over Shoulders of Other Spies In addition to providing a view of the US's own ability to conduct digital attacks, Snowden's archive also reveals the capabilities of other countries. The Transgression team has access to years of preliminary field work and experience at its disposal, including databases in which malware and network attacks from other countries are cataloged. The Snowden documents show that the NSA and its Five Eyes partners have put numerous network attacks waged by other countries to their own use in recent years. One 2009 document states that the department's remit is to "discover, understand (and) evaluate" foreign attacks. Another document reads: "Steal their tools, tradecraft, targets and take." In 2009, an NSA unit took notice of a data breach affecting workers at the US Department of Defense. The department traced an IP address in Asia that functioned as the command center for the attack. By the end of their detective work, the Americans succeeded not only in tracing the attack's point of origin to China, but also in tapping intelligence information from other Chinese attacks -- including data that had been stolen from the United Nations. Afterwards, NSA workers in Fort Meade continued to read over their shoulders as the Chinese secretly collected further internal UN data. "NSA is able to tap into Chinese SIGINT collection," a report on the success in 2011 stated. SIGINT is short for signals intelligence. The practice of letting other intelligence services do the dirty work and then tapping their results is so successful that the NSA even has a name for it: "Fourth Party Collection." And all countries that aren't part of the Five Eye alliance are considered potential targets for use of this "non-traditional" technique -- even Germany. 'Difficult To Track, Difficult To Target' The Snowden documents show that, thanks to fourth party collection, the NSA succeeded in detecting numerous incidents of data spying over the past 10 years, with many attacks originating from China and Russia. It also enabled the Tailored Access Operations (TAO) to track down the IP address of the control server used by China and, from there, to detect the people responsible inside the Peoples' Liberation Army. It wasn't easy, the NSA spies noted. The Chinese had apparently used changing IP addresses, making them "difficult to track; difficult to target." In the end, though, the document states, they succeeded in exploiting a central router. The document suggests that things got more challenging when the NSA sought to turn the tables and go after the attacker. Only after extensive "wading through uninteresting data" did they finally succeed in infiltrating the computer of a high-ranking Chinese military official and accessing information regarding targets in the US government and in other governments around the world. They also were able to access sourcecode for Chinese malware. NSA Docs on Fourth Party Access Description of an NSA employee on fifth party access / When the targeted fourth party has someone under surveillance who puts others under surveillance http://www.spiegel.de/media/media-35679.pdf 4th-party collection / Taking advantage of non-partner computer network exploitation activity http://www.spiegel.de/media/media-35680.pdf Combination of offensive and defensive missions / How fourth-party missions are being performed http://www.spiegel.de/media/media-35681.pdf Overview of the TRANSGRESSION program to analyze and exploit foreign CNA/CNE exploits http://www.spiegel.de/media/media-35682.pdf NSA example SNOWGLOBE, in which a suspected French government trojan is analyzed to find out if it can be helpful for own interests http://www.spiegel.de/media/media-35683.pdf NSA fourth party access / "I drink your milkshake" http://www.spiegel.de/media/media-35684.pdf NSA Program TUTELAGE to instrumentalize third party attack tools http://www.spiegel.de/media/media-35685.pdf Codename BYZANTINE HADES / NSA research on the targets of Chinese network exploitation tools, the targets and actors http://www.spiegel.de/media/media-35686.pdf CSEC document on the handling of existing trojans when trojanizing computers http://www.spiegel.de/media/media-35688.pdf Analysis of Chinese methods and performed actions in the context of computer network exploitation http://www.spiegel.de/media/media-35687.pdf ------------------------------ Date: Wed, 21 Jan 2015 11:05:08 -0800 From: "Peter G.Neumann" <neumann () csl sri com> Subject: Ethics related to malware (George Ledin) George Ledin <ledin () sonoma edu> at Sonoma State has written a fairly comprehensive treatise on the above-cited subject. http://www.cs.sonoma.edu/ledin/malware/pdf/Sullins_Creds2014.pdf It should be of interest to white-hat analysts, administrators, law enforcement and defense lawyers, faculty members and university deans, and many others. (George is a strong advocate of not being able to defend against malware if you don't know malware. If you knew malware like George does, you'd be better off.) ------------------------------ Date: Mon, 17 Nov 2014 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string `notsp' at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 28.46 ************************
Current thread:
- Risks Digest 28.46 RISKS List Owner (Jan 21)