RISKS Forum mailing list archives
Risks Digest 29.06
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 30 Oct 2015 12:51:17 PDT
RISKS-LIST: Risks-Forum Digest Friday 30 October 2015 Volume 29 : Issue 06 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/29.06.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: China Unable To Recruit Hackers Fast Enough To Keep Up With Vulnerabilities In U.S. Security Systems (The Onion) EFF Wins Petition to Inspect and Modify Car Software (EFF) Brain-dead email from medical practice (Gabe Goldberg) It ain't just squirrels vs. power lines. Now it's drones (LA Times) World Series Drama: A Four-Minute Blackout (NYTimes) Report says "You've been hacked!" (Merrill Lynch RIC) Allegations of San Francisco voter fraud (EFF) Xen patch addresses 7-year old privilege escalation flaw (Ars Technica) Cars' Voice-Activated Systems Distract Drivers (NYTimes) Re: Most Americans would be fine with some Internet surveillance if .. (PGN) E-mail encryption is still an oxymoron (SIGCOMM paper and Joseph Cox via Henry Baker) Re: Encrypted VoIP Leaks: Can You Hear Me Now? (Jeremy Epstein, Henry Baker) Re: Cops are asking Ancestry.com and 23andMe for their customers' DNA (R. G. Newbury) If You REALLY Want to Change the World ... (Kressel and Winarsky via PGN) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 28 Oct 2015 18:57:52 -0700 From: Prashanth Mundkur <prashanth.mundkur () gmail com> Subject: China Unable To Recruit Hackers Fast Enough To Keep Up With Vulnerabilities In U.S. Security Systems http://www.theonion.com/article/china-unable-recruit-hackers-fast-enough-keep-vuln-51719 BEIJING --Despite devoting countless resources toward rectifying the issue, Chinese government officials announced Monday that the country has struggled to recruit hackers fast enough to keep pace with vulnerabilities in U.S. security systems. ``With new weaknesses in U.S. networks popping up every day, we simply don't have the manpower to effectively exploit every single loophole in their security protocols,'' said security minister Liu Xiang, who confirmed that the thousands of Chinese computer experts employed to expose flaws in American data systems are just no match for the United States' increasingly ineffective digital safeguards. ``We can't keep track of all of the glaring deficiencies in their firewall protections, let alone hire and train enough hackers to attack each one. And now, they're failing to address them at a rate that shows no sign of slowing down anytime soon. The gaps in the State Department security systems alone take up almost half my workforce.'' At press time, Liu confirmed that an inadequate labor pool had forced China to outsource some of its hacker work to Russia. [Caveat lector: Your moderator is an Onion Rooter, and appreciates onion routers. PGN] ------------------------------ Date: Tuesday, October 27, 2015 From: *EFF Press* <press () eff org> Subject: EFF Wins Petition to Inspect and Modify Car Software Electronic Frontier Foundation Media Alert <https://supporters.eff.org/civicrm/mailing/view?reset=3D1&id=3D1234>. EFF Wins Petition to Inspect and Modify Car Software Exemption Requests Also Approved for Tweaking Abandoned Videogames, Jailbreaking Phones and Tablets, and Remixing Videos Washington, D.C. - The Librarian of Congress has granted security researchers and others the right to inspect and modify the software in their cars and other vehicles, despite protests from vehicle manufacturers. The Electronic Frontier Foundation (EFF) filed the request for software access as part of the complex, triennial rulemaking process that determines exemptions from Section 1201 of the Digital Millennium Copyright Act (DMCA). Because Section 1201 prohibits unlocking access controls on the software, car companies have been able to threaten legal action against anyone who needs to get around those restrictions, no matter how legitimate the reason. While the copyright office removed this legal cloud from much car software research, it also delayed implementation of the exemption for one year. EFF Staff Attorney Kit Walsh: ``This access control rule is supposed to protect against unlawful copying, But as we've seen in the recent Volkswagen scandal -- where VW was caught manipulating smog tests -- it can be used instead to hide wrongdoing hidden in computer code. We are pleased that analysts will now be able to examine the software in the cars we drive without facing legal threats from car manufacturers, and that the Librarian has acted to promote competition in the vehicle aftermarket and protect the long tradition of vehicle owners tinkering with their cars and tractors. The year-long delay in implementing the exemptions, though, is disappointing and unjustified. The VW smog tests and a long run of security vulnerabilities have shown researchers and drivers need the exemptions now.'' EFF also won an exemption for users who want to play video games after the publisher cuts off support. For example, some players may need to modify an old video game so it doesn't perform a check with an authentication server that has since been shut down. The Librarian also granted EFF's petition to renew a previous exemption to jailbreak smartphones, and extended that to other mobile devices, including tablets and smartwatches. This clarifies the law around jailbreaking, making clear that users are allowed to run operating systems and applications from any source, not just those approved by the manufacturer. EFF also won the renewal and partial expansion of the exemptions for remix videos that use excerpts from DVDs, Blu-Ray discs, or downloading services. EFF Senior Staff Attorney Mitch Stoltz: ``We're pleased that the Librarian of Congress and the Copyright Office have expanded these legal protections to users of newer products like tablets, wearable computers, and Blu-Ray discs.'' Today's ruling is a victory for users, artists, and researchers. However, the laborious process required to remove a legal cloud over clear fair uses highlights the need for fundamental reforms. EFF Legal Director Corynne McSherry: ``It's absurd that we have to spend so much time, every three years, filing and defending these petitions to the copyright office. Technologists, artists, and fans should not have to get permission from the government -- and rely on the contradictory and often nonsensical rulings -- before investigating whether their car is lying to them or using their phone however they want, But despite this ridiculous system, we are glad for our victories here, and that basic rights to modify, research, and tinker have been protected.'' EFF's remix petition was drafted and co-submitted with the Organization for Transformative Works. EFF's remaining petitions received invaluable assistance from the NYU Technology Law & Policy Clinic, attorney Marcia Hofmann, and former EFF intern Kendra Albert. For the full ruling from the Library of Congress: http://copyright.gov/1201/2015/fedreg-publicinspectionFR.pdf For more on the DMCA rulemaking: https://www.eff.org/cases/2015-dmca-rulemaking Contacts: Corynne McSherry, Legal Director, corynne () eff org, +1 415-436-9333 x 122 Mitch Stoltz, Senior Staff Attorney, mitch () eff org, +1 415-436-9333 x 142 Kit Walsh, Staff Attorney, kit () eff org, +1 415-436-9333 x 163 ------------------------------ Date: Mon, 26 Oct 2015 20:11:58 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Brain-dead email from medical practice After seeing a new medical practice today -- one which I'm likely to never visit again -- I received this note tonight; Subject was: Your patient portal has a new message. It said: Please use following URL to complete registration process on patient portal for the X X X Center: https://www.xxx.com/web/Account/Register To login, enter your email address as your username, and create a new password of your choice. Please fill out the demographic information if it is not filled out already. Please do not attempt to fill in the insurance information. We will fill it in for you and confirm it during your visit. So anyone intercepting this non-secured note could register as me, impersonate me, establish "my" account and access MY records. My first attempt to register failed because I omitted the essential special character required by their ultra-secure password rules: Password must be at least 8 characters long and include a capital letter, a lower case letter, a number, and a special character (!@#$%^&*). So they sort-of consider security, just incompletely/badly. But wait, it's even lamer. The message I had to register to read was about my UPCOMING (that is, today's, already past) appointment. ------------------------------ Date: Wed, 28 Oct 2015 00:58:08 -0400 (EDT) From: danny burstein <dannyb () panix com> Subject: It ain't just squirrels vs. power lines. Now it's drones [LA Times] Authorities are looking for the pilot of a drone that flew into power lines Monday in West Hollywood and knocked out service to hundreds of Southern California Edison customers, officials said. Witnesses reported seeing a drone buzz into the wires lining Larrabee Street and Sunset Boulevard about 1:15 p.m. knocking one to the ground, said Lt. Edward Ramirez of the Los Angeles County Sheriff's Department. rest: http://www.latimes.com/local/lanow/la-me-ln-drone-power-west-hollywood-20151027-story.html ------------------------------ Date: Wed, 28 Oct 2015 08:02:06 -0400 From: Monty Solomon <monty () roscom com> Subject: World Series Drama: A Four-Minute Blackout Fox temporarily lost power on Tuesday night in Kansas City, Mo. http://www.nytimes.com/2015/10/28/sports/baseball/world-series-drama-a-four-minute-blackout.html [The Fox Sports Net TV broadcast had at least TWO power outages, apparently in the truck outside the stadium, each of which caused the coverage to shift back to the studio. PGN] ------------------------------ Date: Tue, 27 Oct 2015 16:41:54 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: A Merrill Lynch RIC Report says "You've been hacked!" "Cybersecurity is one of the top global risks today. There have been 80-90 million cybersecurity events per year, or up to 250,000 attacks per day in recent years -- with 70% of attacks thought to be going undetected. The global cybersecurity solutions market continues to grow and is estimated at US$75-77 billion in 2015, and is expected to reach US$170 billion by 2020." ------------------------------ Date: Thu, 29 Oct 2015 17:06:19 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Allegations of San Francisco voter fraud (EFF item PGN-ed) SF Chronicle: http://www.sfchronicle.com/politics/article/Allegations-of-voter-fraud-in-Chinatown-surface-6594323.php SF Examiner: http://www.sfexaminer.com/democratic-party-may-amend-unworkable-voter-fraud-fix/ Democratic Club Uncovers Voter Fraud in Chinatown Non-Profit Senior Housing FOR IMMEDIATE RELEASE, October 22, 2015 CONTACT: Tom A. Hsieh, twohsieh () gmail com, 415-522-7289 The Asian Pacific Democratic Club (APDC) has been gathering reports about widespread voter fraud in buildings owned or connected to the Chinatown Community Development Corporation (CCDC). In recent days, APDC has encountered multiple statements of stolen ballots from Chinese senior residents. In one instance, a blind woman reported her ballot was taken away and filled out by two female individuals. Those two individuals then told the senior that they had voted for Aaron Peskin on her ballot. "Senior citizens in these CCDC non-profit buildings are having their ballots stolen. These seniors are supposed to be protected by their caregivers but instead ballots are being harvested from them on a building-wide scale," said Tom A. Hsieh, a spokesman of the club, which has been chartered since 1992. "We should all be concerned about statements released from CCDC, accusing unnamed individuals of masquerading as CCDC employees and stealing ballots in their secured buildings,'' said Hsieh. "It sounds absurdly like somebody is trying to cover their tracks." Hsieh is referring to a statement made by CCDC that individuals came into CCDC buildings pretending to be CCDC employees and asked for ballots. CCDC buildings are guarded by locked entrances and security personnel and entry by non-residents is unlikely. One senior voter said that every year someone has come to his door to fill out his ballot, and that his ballot was taken in the last three years by the same person. He also stated that this was practiced throughout the whole building, which is managed by CCDC. In another incident, an elderly woman said two women came to her door, asked her to sign a ballot return envelope, and then took her ballot away. She said two women were returning to her building each day to collect ballots from others. The property, known as Chinatown's Orangeland building, has a long history with CCDC. Three buildings managed by or with ties to CCDC have had reports of voter fraud. APDC has evidence that a CCDC-owned building called Broadway Sansome Apartments allowed the Aaron Peskin for Supervisor campaign into the building in late September in apparent violation to their tax-exempt, non-profit rules against candidate electioneering. [...] Other interviews about ballot tampering are even more detailed and describe a group of people who are systemically committing voter fraud [...] ------------------------------ Date: Fri, 30 Oct 2015 00:43:17 -0700 From: "Bob Gezelter" <gezelter () rlgsc com> Subject: Xen patch addresses 7-year old privilege escalation flaw Ars Technica reports that the Xen project has fixed a serious flaw in Xen guest containment, which could lead to arbitrary damage to the host and other guest instances. The flaw, indexed as CVE-2015-7835, is entitled "x86: Uncontrolled creation of large page mappings by PV guests". The Xen description of the flaw is: The code to validate level 2 page table entries is bypassed when certain conditions are satisfied. This means that a PV guest can create writeable mappings using super page mappings. Such writeable mappings can violate Xen intended invariants for pages which Xen is supposed to keep read-only. This is possible even if the "allowsuperpage" command line option is not used. IMPACT: Malicious PV guest administrators can escalate privilege so as to control the whole system. VULNERABLE SYSTEMS: Xen 3.4 and onward are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only PV guests can exploit the vulnerability. Both 32-bit and 64-bit PV guests can do so. ..." The complete Ars Technica article is at: http://arstechnica.com/security/2015/10/xen-patches-7-year-old-bug-that-shattered-hypervisor-security/ Bob Gezelter, http://www.rlgsc.com ------------------------------ Date: Sun, 25 Oct 2015 10:17:13 -0400 From: Monty Solomon <monty () roscom com> Subject: Cars' Voice-Activated Systems Distract Drivers research shows that the technology can be a powerful distraction, and a lingering one. http://www.nytimes.com/2015/10/22/science/cars-voice-activated-systems-distract-drivers-study-finds.html ------------------------------ Date: Fri, 30 Oct 2015 08:52:12 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Re: Most Americans would be fine with some Internet surveillance if .. I appreciate responses from several readers who reacted strongly to my including Lauren's comments on the Daily Dot item in RISKS-29.05. Although he did not submit that item to RISKS, it is entirely my fault that I did not excise his comments about Fox News. What he wrote exhibited a bias that I almost always try to eliminate -- even if some readers might agree with it. I apologize for my error of non-omission. However, I would note that I do devote considerable effort in "moderating" RISKS that results in what some of you might call "censorship". I think that has to be the privilege of a "moderator". ------------------------------ Date: Wed, 28 Oct 2015 16:35:48 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: E-mail encryption is still an oxymoron Zakir Durumeric et al. [with Alex Halderman as the 10th author], Neither Snow Nor Rain Nor MITM ...: An Empirical Analysis of Email Delivery Security, SIGCOMM 2015 http://conferences2.sigcomm.org/imc/2015/papers/p27.pdf "We find that the top mail providers (e.g., Gmail, Yahoo, and Outlook) all proactively encrypt and authenticate messages. However, these best practices have yet to reach widespread adoption in a long tail of over 700,000 SMTP servers, of which only 35% successfully configure encryption, and 1.1% specify a DMARC authentication policy. This security patchwork -- paired with SMTP policies that favor failing open to allow gradual deployment -- exposes users to attackers who downgrade TLS connections in favor of cleartext and who falsify MX records to reroute messages. We present evidence of such attacks in the wild, highlighting seven countries where more than 20% of inbound Gmail messages arrive in cleartext due to network attackers." "In this [downgrade] attack, a network actor takes advantage of the fail-open design of STARTTLS -- where SMTP servers fall back to cleartext if any errors occur during the STARTTLS handshake -- to launch a downgrade attack. A network actor can manipulate packets containing the STARTTLS command to prevent mail servers from establishing a secure channel, or alter a mail server's EHLO response to remove STARTTLS from the list of server capabilities." "The STARTTLS RFC does not define how clients should validate presented certificates. ... However, it also enables network-level attackers to falsely report MX records that point to an attacker-controlled domain. Without additional security add-ons (e.g., DANE), this attack remains a real threat." Joseph Cox, Email Encryption Is Broken, Motherboard, 28 Oct 2015 http://motherboard.vice.com/read/email-encryption-is-broken Email was never designed to be private. When the Simple Mail Transfer Protocol (SMTP) was first invented, it didn't come with protections or ways to check that a message really came from where it claimed to. Those came later, with the addition of extensions like STARTTLS for encrypting communications and others for authenticating messages. Now a study has found that despite those inventions, large chunks of email traffic are being deliberately stripped of their encryption, or just sent without any in the first place, leaving them totally open to passive eavesdroppers. Some of the findings are truly staggering, with over 95 percent of email sent from Tunisia to Gmail having its protections removed, or more than 20 percent of inbound Gmail messages in seven countries arriving in clear text because of network attacks. The findings come from what researchers at the University of Michigan, Google, University of Illinois, and Urbana Champaign say is the first report on global adoption rates of email security extensions. The researchers had access to some impressive data sets: logs of SMTP traffic sent to and from Gmail from January 2014 to April of this year, as well as a snapshot of the configurations of email servers belonging to the Alexa Top Million domains. Alexa is a site that ranks the world's websites by traffic. They found some pleasant news: "from Gmail's perspective, incoming messages protected by TLS have increased 82% over the last year," the researchers write, who add that a lot of this is due to several big providers, such as Yahoo and Outlook, encrypting its traffic. TLS stands for Transport Layer Security, and is the cryptographic protocol used to encrypt all sorts of data, be that web browsing or email. But that's about it for the good stuff. For the 700,000 SMTP servers associated with the top million domains, only 82 percent support TLS, and 35 percent allow proper server authentication. The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor. But this paper is the first indication of how widespread it is. And it appears that pretty much everyone, from governments to academic institutions, is getting in on the act. "Overall, no single demographic stands out; the distribution is spread over networks owned by governments, Internet service providers, corporations, and financial, academic, and health care institutions. We note that several airports and airlines appear on the list, including an AS belonging to a subsidiary of Boingo (AS 10245), a common provider of in-flight and airport WiFi, ... These attacks are both readily found in the wild and pose a real threat to users, with more than 20% of mail being sent in cleartext within seven countries" ... "And although some of this stripping may be done to facilitate legitimate filtering, perhaps for corporate networks to check for malicious content, "this technique results in messages being sent in cleartext over the public Internet, enabling passive eavesdropping and other attacks." This should act as a reminder that because of the nature of STARTTLS, even if Google or anyone else implements encryption onto their email traffic, someone else can simply reverse all of that work -- possibly leaving your emails open to snooping by whatever server they happen to slip through. There are solutions, though they are unlikely to spring up over night. ... But for the time being, large sections of email traffic are totally vulnerable to being spied on, something that leads the researchers to describe the current state of email as a security patchwork. ------------------------------ Date: Tue, 27 Oct 2015 04:12:24 -0400 From: Jeremy Epstein <jeremy.j.epstein () gmail com> Subject: Re: Encrypted VoIP Leaks: Can You Hear Me Now? (Baker, RISKS-29.05) "Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks" was published at IEEE Security & Privacy 2011. There's also a video of Fabian Monrose's NSF talk about the paper at http://www.nsf.gov/cise/cns/watch/talks/monrose.jsp ------------------------------ Date: Tue, 27 Oct 2015 05:46:40 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: Re: Encrypted VoIP Leaks: Can You Hear Me Now? (RISKS-29.05) Thanks, Jeremy! Some people (like me) are a little slow. Let's see: 2011 was pre-Snowden, and pre Microsoft's (5/10/2011) acquisition of Skype, after which Microsoft gave the U.S. govt full unencrypted access to all that supposedly private&secure Skype traffic. But we didn't know that then. Fast forward to 2015. We can now assume that most/all VoIP is now completely broken, either because govt's have access to unencrypted traffic, or because they can read all the encrypted traffic. SS7 security is a nonsequitur, so SS7+broken VoIP means that most voice traffic around the world is broken. Still "going dark", are we, Mr. Comey? ------------------------------ Date: Tue, 27 Oct 2015 14:11:01 -0400 From: "R. G. Newbury" <newbury () mandamus org> Subject: Re: Cops are asking Ancestry.com and 23andMe for their customers' DNA Both Ancestry.com and 23andMe should seriously consider *selling* the entire database of records, to a corporation in another country, such as Ireland, and keep *none* of the data in the US. Since the genetic data is tied to 'personal information' it is highly unlikely that an Irish court could or would order release of the data for what is obviously 'fishing expedition' level matters. And even in the case of serious crimes, a warrant would *probably* not be available there, in respect of a crime alleged to occurred here. BTW, I thought that probable cause for a warrant required that the place to be searched might produce evidence about the crime, not evidence connecting an unknown person to the crime. Any Fourth Amendment specialists care to comment?? R. Geoffrey Newbury (who is an Ontario lawyer, and who does not do criminal law) ------------------------------ Date: Tue, 27 Oct 2015 11:50:26 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: If You REALLY Want to Change the World ... (Kressel and Winarsky) Henry Kressel and Norman Winarsky have just had their book published, with the subject-line title, and a subtitle -- A Guide to Creating, Building, and Sustaining Breakthrough Ventures, Harvard Business Review Press. xii+215, 2015. These two men really know whereof they write, speak, and practice. For example, Norman was the person at SRI who led the creation of more than sixty ventures, worth over $20 billion -- including Nuance, Intuitive Surgical, Siri, and Fair Issac. If you are involved in a start-up or contemplating one with really hot innovative ideas, this book should be mandatory reading -- despite the fact that a Google search might turn up tens of thousands of other books on the subject. Perhaps most valuable are the chapter on Five Fatal Mistakes of Start-Ups, subtitled The most common venture killers are avoidable, and the chapter on Ensuring the Future. with seven basic principles. Overall, the experience distilled by the two authors is remarkably pithy. There are also many of you in the research community who believe in changing the computer world more altruistically -- perhaps with open-source developments. The prevalence in all development efforts of the five fatal mistakes described in the book -- whether open-source or proprietary -- suggests that there is something in this book for everyone involved in innovation, helping avoid many of the inherent problems. It might also encourage you to do what you are already doing even better. ------------------------------ Date: Mon, 17 Nov 2014 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string `notsp' at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 29.06 ************************
Current thread:
- Risks Digest 29.06 RISKS List Owner (Oct 30)