RISKS Forum mailing list archives
Risks Digest 30.36
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 7 Jul 2017 10:22:46 PDT
RISKS-LIST: Risks-Forum Digest Friday 7 July 2017 Volume 30 : Issue 36 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/30.36> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: U.S. lottery rigged, then payout used for offshore tax scam (Jose Maria Mateos) "In touching tribute to Samsung Note 7, fidget spinners burst in flames" (Shaun Nichols) Security of US nukes now an official secret (Robert Burns) IoT goes nuclear: creating a ZigBee chain reaction (Ronen) Volvo admits its self-driving cars are confused by kangaroos (The Guardian) Data glitch sets tech company stock prices at $123.47 (The Verge) Cyberattackers Find Fertile Proving Grounds (Sheera Frenkel) Researchers Found They Could Hack Entire Wind Farms (WiReD) Skylake, Kaby Lake chips have a crash bug with hyperthreading enabled (Ars Technica) CopyCat malware infected 14 million outdated Android devices (CNET) Ukraine Cyberattack Was Meant to Paralyze, not Profit, Evidence Shows (The New York Times) NHS doctors use Snapchat to send patients' scans (The Telegraph via Chris Drewe) Happy 4th of July! Show Us Your Papers: Comm. on Election Integrity (The New York Times) Staying humble is key to staying safe, says Israel's cyber chief; electoral system is secure! (Times of Israel) CCC Russia-Proofing Germany's Elections (Bloomberg via PGN) Re: Government meddling, election hacks and sundry items (EyeOnCanada) Trump's attempt to obtain and make public California voter records (Lauren Weinstein) Science division of White House office no longer staffed: report (Brandon Carter) Republicans want to open U.S. roads for testing self-driving cars (Recode) "This Burger King Ad Forces Your Google Home Device To Tell You About Whoppers" (Mary Beth Quirk) AT&T is reinstating their plan to spy on you unless you pay extra (PrivateInternetAccess) Vindicated: I am not the memory hog (Dan Jacobson) Re: Western tech firms bow to Russian demands to share cyber secrets (Martin Ward) Re: Y2K problem causes earthquake aftershock 92 years later (Lothar Kimmeringer) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 5 Jul 2017 22:24:05 -0400 From: Jose Maria Mateos <chema () rinzewind org> Subject: U.S. lottery rigged, then payout used for offshore tax scam Software used to rig outcome in Wisconsin, Colorado, Kansas and Oklahoma Investigators say Tipton installed software that let the computers work as they should on all but three days of the year -- May 27, Nov. 22 and Dec. 29 -- when they would produce predictable numbers if the drawings occurred on Wednesdays or Saturdays after 8 p.m. http://www.cbc.ca/beta/news/world/u-s-lottery-rigged-then-payout-used-for-o= ffshore-tax-scam-1.4192281 ------------------------------ Date: Wed, 05 Jul 2017 20:09:15 -0700 From: Gene Wirchenko <genew () telus net> Subject: "In touching tribute to Samsung Note 7, fidget spinners burst in flames" (Shaun Nichols) Shaun Nichols, *The Register*, 29 Jun 2017 Hang on, there's a tech angle in here somewhere... IoT, right? https://www.theregister.co.uk/2017/06/29/fidget_spinners_catch_fire/ opening text: Fad-crazed parents have something new to worry about, as reports suggest that fidget spinners can pose a fire risk. A family in the US says one of the smash-hit toys caught fire as it was charging its Bluetooth speaker in their home, and it only narrowly avoided becoming a much larger blaze. ------------------------------ Date: Mon, 3 Jul 2017 14:50:30 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Security of US nukes now an official secret (Robert Burns) Robert Burns, AP Exclusive via WRAL, 3 Jul 2017 WASHINGTON -- The Pentagon has thrown a cloak of secrecy over assessments of the safety and security of its nuclear weapons operations, a part of the military with a history of periodic inspection failures and lapses in morale. Overall results of routine inspections at nuclear weapons bases, such as a "pass-fail" grade, had previously been publicly available. They are now off-limits. The change goes beyond the standard practice of withholding detailed information on the inspections. The stated reason for the change is to prevent adversaries from learning too much about U.S. nuclear weapons vulnerabilities. Navy Capt. Greg Hicks, spokesman for the Joint Chiefs of Staff, said the added layer of secrecy was deemed necessary. "We are comfortable with the secrecy," Hicks said Monday, adding that it helps ensure that "as long as nuclear weapons exist, the U.S. will maintain a safe, secure, and effective nuclear stockpile." Critics question the lockdown of information. "The whole thing smells bad," said Steven Aftergood, a government secrecy expert with the Federation of American Scientists. "They're acting like they have something to hide, and it's not national security secrets." "I think the new policy fails to distinguish between protecting valid secrets and shielding incompetence," he added. "Clearly, nuclear weapons technology secrets should be protected. But negligence or misconduct in handling nuclear weapons should not be insulated from public accountability." http://www.wral.com/ap-exclusive-security-of-us-nukes-now-an-official-secret/16799565/ ------------------------------ Date: Sun, 2 Jul 2017 01:16:06 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: IoT goes nuclear: creating a ZigBee chain reaction (Ronen) Ronen et al., /IEEE Security and Privacy 2017/ <https://eprint.iacr.org/2016/1047.pdf> You probably don't need another reminder about the woeful state of security in IoT, but today's paper choice may well give you further pause for thought about the implications. The opening paragraph sounds like something out of science fiction -- except that it's a demonstrated reality today: Within the next few years, billions of IoT devices will densely populate our cities. In this paper, we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will rapidly spread over large areas, provided that the density of compatible IoT devices exceeds a certain critical mass. https://blog.acolyer.org/2017/06/22/iot-goes-nuclear-creating-a-zigbee-chain-reaction/ ------------------------------ Date: Sat, 1 Jul 2017 07:01:55 -0400 From: Susan Landau <susan.landau () privacyink org> Subject: Volvo admits its self-driving cars are confused by kangaroos (The Guardian) Volvo's self-driving car's animal detection system can identify and avoid deer, elk and caribou, but is yet to work against the marsupial movements of kangaroos -- because hopping confounds its systems. https://www.theguardian.com/technology/self-driving-cars https://www.theguardian.com/technology/2017/jul/01/volvo-admits-its-self-driving-cars-are-confused-by-kangaroos [You would certainly roo the night when your self-driving car plows into a whopper of a hopper. PGN] ------------------------------ Date: Tue, 4 Jul 2017 01:17:05 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Data glitch sets tech company stock prices at $123.47 (The Verge) Amazon went down 87 percent, and Zynga was up 3,292 percent A stock market data error this evening set an undetermined number of companies listed on the Nasdaq exchange to a share price of $123.47, sending some tech companies' stock prices crashing and others' soaring. In a statement obtained by the Financial Times, Nasdaq said the culprit was ``improper use of test data'' that was picked up by third party financial data providers. The exchange said it was ``working with third party vendors to resolve this matter.'' https://www.theverge.com/2017/7/3/15917950/nasdaq-nyse-stock-market-data-error The risk? Computers. ------------------------------ Date: Mon, 3 Jul 2017 9:29:34 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Cyberattackers Find Fertile Proving Grounds (Sheera Frenkel) Sheera Frenkel, *The New York Times*, Business Day, 3 Jul 2017 Subcaption: Hackers target developing countries to hone their skills with malware that learns as it intrudes. Allan Liska [senior threat intelligence analyst] said, "We see a pattern among the attackers. They test something, make improvements, and then six weeks later test again before launching it at their true targets." Chris Rock [Australian security researcher] said, "Doing tests in a country that presumably has fewer defenses is a double-edged sword. On one hand, attackers can hone their skills. On the other hand, they risk being discovered. Once a cybersecurity firm has the signature of an attack, it can build defenses against it, and spread those defenses among its clients." [The person responsible for titling this article apparently needed to save a line space on on page B1. My Subject: above is actually the caption on the *continuation* page, which is more explicit and less ambiguous than the front-page caption in a VERY LARGE font across the entire page: Cyberattack Proving Grounds Cyberattack Proving [coffee] grounds [are undrinkable?] [proving = gerundive] Cyberattack proving Grounds [itself in risks?] [proving = noun, grounds = verb] ------------------------------ Date: Sat, 1 Jul 2017 14:31:06 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Researchers Found They Could Hack Entire Wind Farms On a sunny day last summer, in the middle of a vast cornfield somewhere in the large, windy middle of America, two researchers from the University of Tulsa stepped into an oven-hot, elevator-sized chamber within the base of a 300-foot-tall wind turbine. They'd picked the simple pin-and-tumbler lock on the turbine's metal door in less than a minute and opened the unsecured server closet inside. Jason Staggs, a tall 28-year-old Oklahoman, quickly unplugged a network cable and inserted it into a Raspberry Pi minicomputer, the size of a deck of cards, that had been fitted with a Wi-Fi antenna. He switched on the Pi and attached another Ethernet cable from the minicomputer into an open port on a programmable automation controller, a microwave-sized computer that controlled the turbine. The two men then closed the door behind them and walked back to the white van they'd driven down a gravel path that ran through the field. Staggs sat in the front seat and opened a MacBook Pro while the researchers looked up at the towering machine. Like the dozens of other turbines in the field, its white blades -- each longer than a wing of a Boeing 747 -- turned hypnotically. Staggs typed into his laptop's command line and soon saw a list of IP addresses representing every networked turbine in the field. A few minutes later he typed another command, and the hackers watched as the single turbine above them emitted a muted screech like the brakes of an aging 18-wheel truck, slowed, and came to a stop. https://www.wired.com/story/wind-turbine-hack/ ------------------------------ Date: Wed, 28 Jun 2017 09:34:14 -0400 From: Monty Solomon <monty () roscom com> Subject: Skylake, Kaby Lake chips have a crash bug with hyperthreading enabled (Ars Technica) https://arstechnica.com/information-technology/2017/06/skylake-kaby-lake-chips-have-a-crash-bug-with-hyperthreading-enabled/ ------------------------------ Date: Thu, 6 Jul 2017 10:30:34 -0400 From: Monty Solomon <monty () roscom com> Subject: CopyCat malware infected 14 million outdated Android devices (CNET) https://www.cnet.com/news/android-hack-copycat-malware-device-outdated-14-million/ ------------------------------ Date: Wed, 28 Jun 2017 23:36:33 -0400 From: Monty Solomon <monty () roscom com> Subject: Ukraine Cyberattack Was Meant to Paralyze, not Profit, Evidence Shows (The New York Times) https://www.nytimes.com/2017/06/28/world/europe/ukraine-ransomware-cyberbomb-accountants-russia.html ------------------------------ Date: Wed, 05 Jul 2017 17:50:26 +0100 From: Chris Drewe <e767pmk () yahoo co uk> Subject: NHS doctors use Snapchat to send patients' scans (The Telegraph) Interesting article in today's newspaper: context is a report on the UK National Health Service's links with DeepMind Health (owned by Alphabet, parent company of Google), but the report also has more-general comments on the NHS's IT, or lack it (but no mention of Windows XP). http://www.telegraph.co.uk/news/2017/07/04/nhs-doctors-use-snapchatto-send-patients-scans-report-says/ Summary:
The panel commissioned a series of independent experts to examine elements of DeepMind's work - including employing data security analysts. They identified 11 "relatively minor" technical vulnerabilities but overall the panel commended DeepMind Health for its "high level of data security". They were not so favourable about the NHS, writing: "The digital revolution has largely bypassed the NHS, which, in 2017, still retains the dubious title of being the world's largest purchaser of fax machines. "Many records are insecure paper-based systems which are unwieldy and difficult to use. "Seeing the difference that technology makes in their own lives, clinicians are already manufacturing their own technical fixes. They may use SnapChat to send scans from one clinician to another or camera apps to record particular details of patient information in a convenient format. "It is difficult to criticise these individuals, given that this makes their job possible. However, this is clearly an insecure, risky, and non-auditable way of operating, and cannot continue." The authors also add that the average NHS trust has 160 different computer systems in operation.
------------------------------ Date: Mon, 3 Jul 2017 20:54:22 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Happy 4th of July! Show Us Your Papers: Comm. on Election Integrity (The New York Times) *The New York Times*, Editorial, 4 July 2017 [The Commission on "Election Integrity" is demanding everything that would undermine election integrity? PGN-ed] The reviews of President Trump's new commission on election integrity are rolling in, and they're not good! https://mobile.nytimes.com/2017/07/03/opinion/voter-fraud-data-kris-kobach.html Disingenuous. <http://news.delaware.gov/2017/07/03/delaware-will-not-provide-voter-information-white-house-commission/> Repugnant. <http://www.baltimoresun.com/news/maryland/politics/bs-md-frosh-trump-voter-fraud-20170703-story.html> At best a waste of taxpayer money. <https://www.facebook.com/kysecretaryofstate/photos/a.10150156414242247.338791.44487052246/10155195098437247/?type=3&theater> A tool to commit large-scale voter suppression. <https://governor.virginia.gov/newsroom/newsarticle?articleId=20595> State officials across the country responded to the commission's slapdash request last week for detailed voter data in the manner previously reserved for emailed pleas from a Nigerian prince. Delete, said secretaries of state in Kentucky, Minnesota, Tennessee, California -- more than 20 states refused to comply, red and blue and every hue in between. ``They can go jump in the Gulf of Mexico,'' Mississippi's secretary of state, Delbert Hosemann, a Republican, responded. What triggered the bipartisan backlash? A letter from the commission -- whose ostensible goal is to restore Americans' confidence in their elections -- asked states to turn over by July 14 all publicly available information about their voters, including names, addresses, dates of birth, political party and voting history, criminal record, military status and the last four digits of their Social Security number. <https://www.brennancenter.org/sites/default/files/analysis/06.28.17_Kobach_Letter_to_States.pdf> <https://www.nytimes.com/interactive/2015/09/08/opinion/100000003889944.embedded.html> ------------------------------ Date: Mon, 3 Jul 2017 14:56:26 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Staying humble is key to staying safe, says Israel's cyber chief: electoral system is secure! (Times of Israel) Last week's hospital cyber-attack was no big deal and the electoral system is secure, according to Cyber Bureau head Eviatar Matania, who's both worried and confident. http://www.timesofisrael.com/staying-humble-is-key-to-staying-safe-says-israels-cyber-chief/ ------------------------------ Date: Sun, 2 Jul 2017 14:12:11 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: CCC Russia-Proofing Germany's Elections Germany's Chaos Computer Club, a multigenerational army of activists, has made the country's democracy a lot tougher to undermine. https://www.bloomberg.com/news/features/2017-06-27/the-chaos-computer-club-is-fighting-to-save-democracy ------------------------------ Date: Thu, 29 Jun 2017 19:17:14 -0400 (EDT) From: Kelly Bert Manning <Kelly.Manning () ncf ca> Subject: Re: Government meddling, election hacks and sundry items (EyeOnCanada) The Canadian TV Documentary Series Cyberwar has an international perspective and often airs video recorded in Russia (beyond those places in Alaska) and in other countries beyond the borders of Canada and the USA. http://www.eyeoncanada.ca/television/details/cyberwar One recent episode dealing with 2016 USA election meddling, pointed out that the USA and probably other governments have been heavily involved in Russian Election meddling since at least as far back as the 1996 election of "western" favourite Boris Yeltsin. Pot, Kettle, Black as they say. Points made by one of the USA folks interviewed was to identify the risk as primarily a Russian Problem, not as a Digital Device or Network problem and to distinguish between Retaliation and Response, since Response to a Russian Problem can take a number of forms other than a cyber warfare or election hack attempt against Russia or other meddlers. It is a bad situation, but it is hard to claim the moral high ground when your adversaries use computers and networks with effect, to do the same thing you have both been doing for decades. If talking to someone seems like looking in a mirror, and you don't like what you see, then perhaps it is time to make some changes. Russian Disinformation tactics go back a long time, as do similar campaigns by other governments. ------------------------------ Date: Fri, 30 Jun 2017 19:29:45 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Trump's attempt to obtain and make public California voter records would be illegal https://plus.google.com/+LaurenWeinstein/posts/Li1MA8ytR5b Trump's "Voter Fraud" Commission's attempt (wisely refused by the state) to obtain California voter records and then to make the data public would be in direct violation of Title 2, Division 7, Article 1 section 19005 of the California Administrative Code: No person who obtains registration information from a source agency shall make any such information available under any terms, in any format, or for any purpose, to any person without receiving prior written authorization from the source agency. The source agency shall issue such authorization only after the person to receive such information has executed the written agreement set forth in Section 19008. ------------------------------ Date: June 30, 2017 at 7:47:54 PM EDT From: Richard Forno <rforno () infowarrior org> Subject: Science division of White House office no longer staffed: report (Brandon Carter) Brandon Carter, *The Hill*, 30 Jun 2017 The science division of the White House Office of Science and Technology Policy reportedly had no staff members as of Friday. Sources told CBS News that the last employees in the division, three holdovers from former President Obama's administration, all left the White House this week. Under Obama, the science division was staffed with nine employees who crafted policy on STEM education, crisis response and other key issues, according to the report. Eleanor Celeste, the former assistant director for biomedical and forensics sciences in the division, appeared to tweet about leaving the office this week. http://thehill.com/homenews/administration/340328-science-division-of-white-house-office-no-longer-staffed-report ------------------------------ Date: Sat, 1 Jul 2017 14:31:52 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Republicans want to open U.S. roads for testing self-driving cars (Recode) One concern for Republicans: Lacking federal standards, 22 states have imposed some sort of regulations, according to a tally by the National Conference of State Legislatures, often in an attempt to address safety concerns with a technology they believe is in its infancy. To Walden and his GOP colleagues, the flurry of state-level activity marks a break with a longstanding division of labor, one that sees the federal government determining national safety and driver standards while leaving only the logistics, like approving licenses, to the locals. <OK, perhaps, but this too?> Another Republican proposal would allow the government to designate as many as 100,000 self-driving cars to be exempt from existing federal motor safety rules, even though those guidelines â which govern everything from steering wheels to airbags â were written many years before that technology existed. https://www.recode.net/2017/6/27/15880088/republicans-gop-congress-autonomous-self-driving-cars-legislation ------------------------------ Date: Thu, 29 Jun 2017 20:27:01 -0700 From: Gene Wirchenko <genew () telus net> Subject: "This Burger King Ad Forces Your Google Home Device To Tell You About Whoppers" Mary Beth Quirk, *Consumerist*, 12 Apr 2017 https://consumerist.com/2017/04/12/this-burger-king-ad-forces-your-google-home-device-to-tell-you-about-whoppers/ opening text: You might think you're the master of your own home, controlling all the Internet-connected devices within it and bending them to your will with the touch of a button or an uttered command. But Burger King is trying to sneak into your home through the TV with a new ad that tries to trigger the voice-activated Google Home. ------------------------------ Date: Thu, 29 Jun 2017 07:22:09 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: AT&T is reinstating their plan to spy on you unless you pay extra via NNSquad https://www.privateinternetaccess.com/blog/2017/06/att-gigapower-plans-charge-extra-per-month-want-privacy-no-ads/ AT&T plans to reinstate their GigaPower pay-for-privacy scheme, as revealed by AT&T VP Robert Quinn in a recent interview with C-SPAN. In 2014, AT&T started offering GigaPower 300 Mbps fiber internet in cities around the United States. Users signing up had the option of paying $29 more per month to guarantee that AT&T doesn't snoop on your internet traffic and serve you advertisements and offers from their MITM position on your Internet. Yes, they actually put a price on privacy and it's coming back. GigaOM discovered that $29 a month ($348 per year) isn't even the real price of buying your privacy back from AT&T - the total bill could run up to $800 per year. "Nice Internet connection you have there. Be a shame if something happened to it!" ------------------------------ Date: Fri, 30 Jun 2017 22:31:42 +0800 From: Dan Jacobson <jidanni () jidanni org> Subject: Vindicated: I am not the memory hog Got this mail again: Hi Dan! Your DreamHost VPS has just exceeded the memory allocation that you've established. If left unchecked that behavior could begin to negatively impact the VPS services of every other customer on your server. Ha, but this time I was prepared with an answer: Dear Dreamhost, thank you for these occasional reminders these months. This time I finally devised a system to find out the culprit. I "set a trap", waiting to catch it the next time it happened. And I succeeded! $ crontab -l # This gives me a whole week (expr 60 \* 60 \* 24 \* 7 : 604800) # after reboot to figure out which process was the memory hog: * * * * * if test $(sed 's/\..*//' /proc/uptime) -gt 604800; then set -e -- $(date +\%M); COLUMNS=500 top -b -n 1 -c > TOP.${1#[0-9]}; fi # Yes, need to run once a minute, as Dreamhost takes no snapshots of # the system before rebooting it. Well you will never guess what the culprit is!: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 12295 root 39 19 319m 276m 4016 R 80 73.7 0:22.92 /usr/bin/python /usr/sbin/update-apt-xapian-index --quiet Face the facts. It is Dreamhost's own process. It has nothing to do with me! Kindly do not send users such messages when the fault lies 100% with Dreamhost. Thank you. Vindicated!: Thanks for contacting us an providing your detailed findings. I spoke to a System Admin and he mentioned that what you saw does appear be a valid issue. This issue also appears to be related to https://bugs.launchpad.net/ubuntu/+source/apt-xapian-index/+bug/363695 ------------------------------ Date: Thu, 29 Jun 2017 11:03:07 +0100 From: Martin Ward <martin () gkc org uk> Subject: Re: Western tech firms bow to Russian demands to share cyber secrets On 25/06/17 00:13, RISKS List Owner wrote:
* Under pressure, Western tech firms bow to Russian demands to share cybersecrets http://www.reuters.com/article/us-usa-russia-tech-insight-idUSKBN19E0XB
Quote: "But those inspections also provide the Russians an opportunity to find vulnerabilities in the products' source code" Here's a crazy idea: why don't the tech firms do their *own* code reviews and find the vulnerabilities themselves, before the Russians get to see the source code? An even better approach would be to use formal methods to develop provably-correct code in the first place: this would be guaranteed to have no vulnerabilities for the Russians to find. ------------------------------ Date: Fri, 30 Jun 2017 22:04:54 +0200 From: Lothar Kimmeringer <lothar () kimmeringer de> Subject: Re: Y2K problem causes earthquake aftershock 92 years later (RISKS-30.35) Amos Shapir wrote:
More likely it's just a data entry error, e.g. 6/29/25 interpreted as 2025.
I assume that to be the real reason. For instance if you're using Java and its standard way of parsing a date using a template like mm/dd/yy, there are specific rules how that's actually interpreted: https://docs.oracle.com/javase/6/docs/api/java/text/SimpleDateFormat.html#year | For parsing with the abbreviated year pattern ("y" or "yy"), SimpleDateFormat | must interpret the abbreviated year relative to some century. It does this | by adjusting dates to be within 80 years before and 20 years after the time | the SimpleDateFormat instance is created. For example, using a pattern of | "MM/dd/yy" and a SimpleDateFormat instance created on Jan 1, 1997, the | string "01/11/12" would be interpreted as Jan 11, 2012 while the string | "05/04/64" would be interpreted as May 4, 1964. 06/29/25 falls into the 20-years-after-current-date rule. I'm not sure if there was a Java-program being involved but I assume that other languages provide similar ways of date-parsing mechanisms and should use similar rules when parsing two-digit years. The whole thing happened because of multiple failures: - The program parsing the date didn't check if the resulting date after the parsing is in the past and if not fail with an error and demand a full year specification or assume it to be a year of the last century and subtract 100 years from it. - The alert-processing side obviously didn't do any checks, either since it reacted to an earthquake that is still due for 8 years. ------------------------------ Date: Tue, 10 Jan 2017 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-30.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) <http://the.wiretapped.net/security/info/textfiles/risks-digest/> *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 30.36 ************************
Current thread:
- Risks Digest 30.36 RISKS List Owner (Jul 07)