Home page logo
/

risks logo RISKS Forum mailing list archives

Risks Digest 26.96
From: RISKS List Owner <risko () csl sri com>
Date: Wed, 1 Aug 2012 13:52:00 PDT

RISKS-LIST: Risks-Forum Digest  Wednesday 1 August 2012  Volume 26 : Issue 96

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/26.96.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
More on election risks: Brennan Center study (PGN)
Internet Voting Systems at Risk (Martha T, Moore via ACM TechNews)
Oakland police radios fail during Obama visit (Jaxon Van Derbeken via
  Paul Saffo)
Startup claims 80% of its Facebook clicks are bots, not people (Mark Thorson)
Dropbox confirms it got hacked, will offer two-factor authentication
  (Jon Brodkin via Monty Solomon)
Attack against Microsoft scheme puts hundreds of crypto apps at risk
 (Dan Goodin via Monty Solomon)
"Microsoft hits Java where it hurts" (Woody Leonhard via Gene Wirchenko)
Attack against Microsoft scheme puts hundreds of crypto apps at risk
  (ars technica via Lauren Weinstein)
Google Failed to Delete All Street View Data, Drawing U.K. Ire
  (Monty Solomon)
Chief developer quits OAuth2.0: I failed, We failed (jidanni)
Hacking attacks on printers still not being taken seriously (Mark Piesing
  via Monty Solomon)
General warns of dramatic increase in cyber-attacks on U.S. firms
  (Lauren Weinstein)
Don't believe the Skype: it may not be as private as you might think
  (Dan Gillmor via Lauren Weinstein)
Is This Anonymous Group Behind the New York Times WikiLeaks Hoax?
  (Lauren Weinstein)
"First strain on Olympic networks seen" (Brandon Butler via Gene Wirchenko)
Don't tweet if you want TV, London fans told (Reuters)
Re: Olympics security poster 'gibberish' (Jeremy Epstein)
World Wide Web - Inventor (Chris J Brady)
Re: Who Really Invented the Internet? (Larry Press)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 1 Aug 2012 9:20:19 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: More on election risks: Brennan Center study

New Brennan Center study outlines how officials can cure election design
defects, save votes
Several hundred thousand votes lost from design flaws in recent elections:
http://www.brennancenter.org/content/resource/study-design-flaws-contribute-to-hundreds-of-thousands-of-lost-votes-in-recent-elections.html
BrennanCenter study http://ow.ly/cBYyB #votingrights

DESIGN FLAWS CONTRIBUTE TO HUNDREDS OF THOUSANDS OF LOST VOTES IN RECENT
ELECTIONS

Report Details Major Ballot Design Problems, Proposes Non-Partisan Solutions
Contact: Erik Opsal, erik.opsal () nyu edu  1-646-292-8356

Design defects in ballots, voter instructions, and voting machines
contributed to the loss of several hundred thousand votes in the most recent
national elections, a new Brennan Center for Justice study found.
http://www.brennancenter.org/content/resource/better_design_better_elections

In addition, the report notes that in the 2008 and 2010 general elections
combined, as many as 400,000 people had their absentee or provisional ballot
rejected because they made technical mistakes completing forms or preparing
and returning the envelope. Poor design increases the risk of lost or
misrecorded votes among all voters, but the risk is even greater for
particular groups, including low-income voters, and the elderly.

The comprehensive study outlines simple measures election officials can take
before November to cure design defects and ensure every voter can cast a
ballot that counts. View a
slideshow of design flaws and solutions in recent national elections.
http://www.brennancenter.org/page/-/Democracy/VRE/Better_Design_Slideshow.pdf

"In the age of smartphones and tablets, many have realized the importance of
good design and usability, but American elections are still marred by major
design problems, " said Lawrence Norden, deputy director of the Center's
Democracy Program and co-author of Better Design, Better Elections. "The
rise of absentee and provisional voting since 2000 has made ballot design in
our elections even more important. If a voter takes the responsibility to
vote, election officials must do everything in their power to make sure that
vote counts."

The Brennan Center's report details four design and usability problems in
2008 and 2010. Here are a few select examples:

Problem 1: Ballot Layouts that Invite Overvotes or Undervotes

* In East St. Louis, IL in 2008, the ballot design led 1 in 10 voters to
  skip the U.S. Senate contest by mistake because of an inadequate header
  identifying the race. More than twice as many votes were lost in East
  St. Louis than the rest of the state. The Brennan Center's revised ballot
  (page 17) could have saved many hundred votes.

Problem 2: Poor Voter Instructions

* In the governor's contest in Ohio in 2010, several counties reported
  unusually high numbers of voters selecting more than one candidate. The
  culprit appears to be the instructions, which state "select the set of
  joint candidates of your choice." In Cuyahoga County alone, more than
  2,000 voters did not have their vote for governor counted because they
  selected more than one gubernatorial candidate. The Brennan Center's
  suggestion for revising the instruction appears on page 25.

Problem 3: Unclear Voting Machine Messages

* Tens of thousands of votes were not counted in 13 Florida counties in 2008
  and in New York State in 2010 because of ineffective overvote warnings. If
  a voter selected too many candidates in a race, a confusing error message
  appeared. If the voter pressed the green "Accept" button, marked with a
  check, the ballot would be cast with the overvote, and the vote would be
  lost. The Brennan Center's suggested fixes appear on pages 27 and 28.

Problem 4: Difficult Absentee and Provisional Ballot Envelopes

* In Minnesota in 2008, nearly 4,000 absentee ballots were not counted
  because the envelope was not signed. Recognizing the problem, the
  Minnesota Secretary of State's office worked with design, usability, and
  plain language experts in 2009 and 2011 to improve the ballot envelope.
  The changes made to the envelope can be found on pages 31 and 33.

"The design flaws that this report documents are not difficult or unknown
problems," said Whitney Quesenbery, co-author of the report and a user
experience researcher. "I hope that this stark evidence of lost votes
inspires every election official to follow good design principles, and test
their work to be sure that voters understand how to fill out forms and mark
their ballots so their votes will be counted."

As election officials finalize ballots and other election forms in the next
several weeks, the Brennan Center's report recommends several simple
measures that can be taken to ensure votes are counted accurately. Election
officials should:

1.  Review data on lost votes to determine what problems they may encounter
    in November.

2.  Create a checklist of design best practices to make ballots and other
    election materials better organized and easily comprehensible.

3.  Conduct usability testing to uncover potential problems that may arise.

4.  Make voters aware of potential problems if those issues cannot be
    addressed before the election.

The Center's study provides four case studies that demonstrate the powerful
impact usability testing, voter education, and other corrective action
before an election can have in reducing voter error in elections (beginning
on page 36).

For all the latest voting rights news, view the Brennan Center's Election
2012 page <http://www.brennancenter.org/content/election2012>.

Brennan Center for Justice at NYU School of Law | 161 Avenue of the
Americas, 12th Floor | New York, NY 10013 | 646.292.8310 phone |
212.463.7308 fax  brennancenter () nyu edu
Erik Opsal at erik.opsal () nyu edu  646-292-8356.

  [See also
http://www.nytimes.com/2012/08/01/us/voting-systems-plagues-go-far-beyond-identification.html]

------------------------------

Date: Wed, 25 Jul 2012 12:17:14 -0400
From: ACM TechNews <technews () HQ ACM ORG>
Subject: Internet Voting Systems at Risk (Martha T. Moore)

Martha T. Moore, *USA Today*, 25 Jul 2012, via ACM TechNews

Online voting systems set up by many states are vulnerable to hacking when
they allow voters to return ballots online, via email, or Internet fax,
according to a new report from the Verified Voting Foundation and Common
Cause Education Fund.  The report says all states should require overseas
ballots to be mailed in because even faxed ballots cannot be independently
audited.  The report also rates states based on their ability to accurately
count votes.  The report found that Colorado, Delaware, Kansas, Louisiana,
Mississippi, and South Carolina are the least prepared in terms of handling
voter problems, while Minnesota, New Hampshire, Ohio, Vermont, and Wisconsin
are the most prepared.  "The security environment is not what it needs to be
to cast ballots over the Internet," says the Common Cause's Voting Integrity
Campaign's Sussanah Goodman.  West Virginia launched a pilot program in 2010
to enable troops overseas to vote via a secure Web site.  The program
boosted voter participation for absentee ballots from 58 percent to 76
percent.
http://www.usatoday.com/NEWS/usaedition/2012-07-25-State-Voting-study_ST_U.htm

------------------------------

Date: Thu, 26 Jul 2012 17:09:20 -0700
From: Paul Saffo <paul () saffo com>
Subject: Oakland police radios fail during Obama visit (Jaxon Van Derbeken)

Oakland's system is a special case because of bad design, but this points up
the risks of all of the new digital trunked systems.

Jaxon Van Derbeken <jvanderbeken () sfchronicle com>,
*San Francisco Chronicle*, 25 Jul 2012

A major portion of Oakland's troubled police radio system failed shortly
after President Obama's visit on 23 Jul 2012, leaving many of the 100
officers assigned to handle presidential security unable to communicate as
protesters roamed the streets.  "The guys downtown couldn't talk to one
another," said Barry Donelan, head of the Oakland Police Officers
Association.  "It was a train wreck," said Lt. Fred Mestas, who was on duty
downtown during and after Obama's speech at a fundraiser at the Fox Theater.

Police said officers were suffering sporadic communications problems
throughout the time Obama was inside the Fox on Telegraph Avenue, as well as
before and afterward.  At one point, Mestas said, officers couldn't talk to
the Police Department's dispatch center.  "That lasted about 30 minutes,"
Mestas said. "When you have the president there, 30 seconds is too long."

Problems worsen

The communications issues became severe around 10 p.m., about an hour after
Obama left Oakland, city officials said. At that point, police were keeping
an eye on demonstrators who had protested during Obama's visit and lingered
after he left, occasionally blocking streets. The protests proved to be
largely peaceful.  "Any radio failure puts officers at risk, but this was a
critical situation to provide safety and security for the president and the
public," said Donelan, whose union has been outspoken about the radio
system's problems.

The year-old system has been plagued by breakdowns and dead zones that have
left officers' digital radios prone to blackouts across the city and in most
commercial buildings, including the basement of police headquarters. A
city-hired consultant said last week that the system was not up to urban
standards.

Regional option

The city has so far rejected joining forces with an Alameda-Contra Costa
counties regional authority composed of 40 other police and firefighting
agencies that is building its own radio system. City Administrator Deanna
Santana said she needs to know more about the costs and benefits of the
regional network before recommending to the City Council whether to drop
Oakland's system.

Oakland paid $18 million for the radio system when it became operational
last year, largely using grant money. The city built it in consultation with
the Richmond office of Dailey and Wells, the local representative for the
radio system manufacturer, Harris Corp. of Florida.

According to city officials, the problems Monday night were caused by the
failure of a cooling unit used on a transmission tower at Gwin Reservoir in
the Oakland hills. The tower overheated, causing "severe" communications
problems after 10 p.m., said Sgt. Chris Bolton, chief of staff for Police
Chief Howard Jordan. The problem was diagnosed by about 12:30 a.m. Tuesday.

Fixed next day Karen Boyd, spokeswoman for the city, said the unit was less
than 6 months old and that the vendor, Emerson Network Systems, "took full
responsibility" for the breakdown.

The cooling unit was replaced by midday, but service was not fully restored
until about 6 p.m. Tuesday, Bolton said. In the meantime, officers in and
around downtown continued to have communications problems.

Bolton said he was on duty Monday night and was among those who had trouble
contacting fellow officers. "Obviously, we want a reliable radio system," he
said.

Donelan called the police radio network "inadequate."

"It's touch and go every day with this system," Donelan said. "It just
happened that one of the antennas went down when the president of the United
States was here."

Regional system

Bill McCammon, executive director of the regional authority building its own
network, said city officials reached out to him the day after Obama's visit
and want to meet next week about the interagency system, which will be fully
functional in September.

"We're eager to work with them," McCammon said.

Pleasant Hill Police Chief Pete Dunbar, a former Oakland police officer who
is on the regional system's board, said he hopes the episode will help
persuade the city to join its neighbors' transmission network.

"When you have the president of the United States in town and your system
goes down," he said, "you wonder what could happen next."

Dunbar added, "These stories (about failures) go on and on. But for the
grace of God, nobody has gotten hurt. But if you keep this up, it's just a
matter of time."

http://www.sfgate.com/default/article/Oakland-police-radios-fail-during-Obama-visit-3736022.php

------------------------------

Date: Tue, 31 Jul 2012 18:46:34 -0700
From: Mark Thorson <eee () sonic net>
Subject: Startup claims 80% of its Facebook clicks are bots, not people

A startup instrumented their website to determine why only about 20% of
visitors from Facebook clicks had javascript turned on.  They claim to have
determined that the other 80% appear to be bots.  They were being charged
for these clicks, so they've decided to leave Facebook.

http://techcrunch.com/2012/07/30/startup-claims-80-of-its-facebook-ad-clicks-are-coming-from-bots

------------------------------

Date: Wed, 1 Aug 2012 09:28:08 -0400
From: Monty Solomon <monty () roscom com>
Subject: Dropbox confirms it got hacked, will offer two-factor authentication
  (Jon Brodkin)

Spammers used stolen password to access list of Dropbox user e-mails.

Jon Brodkin, Ars Technica, 31 Jul 2012

A couple of weeks ago Dropbox hired some "outside experts" to investigate
why a bunch of users were getting spam at e-mail addresses used only for
Dropbox storage accounts. The results of the investigation are in, and it
turns out a Dropbox employee's account was hacked, allowing access to user
e-mail addresses.

In an explanatory blog post, Dropbox today said a stolen password was "used
to access an employee Dropbox account containing a project document with
user email addresses." Hackers apparently started spamming those addresses,
although there's no indication that user passwords were revealed as
well. Some Dropbox customer accounts were hacked too, but this was
apparently an unrelated matter. "Our investigation found that usernames and
passwords recently stolen from other websites were used to sign in to a
small number of Dropbox accounts," the company said.

Dropbox noted that users should set up different passwords for different
sites. The site is also upping its own security measures.  In a few weeks,
Dropbox said it will start offering an optional two-factor authentication
service. This could involve users logging in with a password as well as a
temporary code sent to their phones. ...

http://arstechnica.com/security/2012/07/dropbox-confirms-it-got-hacked-will-offer-two-factor-authentication/

------------------------------

Date: Wed, 1 Aug 2012 09:28:08 -0400
From: Monty Solomon <monty () roscom com>
Subject: Attack against Microsoft scheme puts hundreds of crypto apps at risk
  (Dan Goodin)

Dan Goodin, Ars Technica, 31 Jul 2012
Cloud-based service requires an average of 12 hours to decrypt VPN traffic.

Researchers have devised an attack against a Microsoft-developed
authentication scheme that makes it trivial to break the encryption used by
hundreds of anonymity and security services, including the iPredator virtual
private network offered to users of The Pirate Bay.

The attack, unveiled by Moxie Marlinspike and David Hulton, takes on average
just 12 hours to recover the secret key that iPredator and more than 100
other VPN and wireless products use to encrypt sensitive data. The
technique, which has been folded into Marlinspike's CloudCracker service,
exploits weaknesses in version 2 of a Microsoft technology known as MS-CHAP,
short for Microsoft challenge-handshake authentication protocol. It's widely
used to log users into VPN and WPA2 networks and is built into a variety of
operating systems, including Windows and Ubuntu. ...

http://arstechnica.com/security/2012/07/broken-microsoft-sheme-exposes-traffic/

------------------------------

Date: Mon, 30 Jul 2012 10:57:51 -0700
From: Gene Wirchenko <genew () ocis net>
Subject: "Microsoft hits Java where it hurts" (Woody Leonhard)

Woody Leonhard, *InfoWorld*, 30 Jul 2012
Microsoft hits Java where it hurts
Microsoft security researcher warns of deteriorating situation with
Java -- and not just on Windows. Continuing to use Java puts your
company and clients at risk
http://www.infoworld.com/t/java-programming/microsoft-hits-java-where-it-hurts-198936

------------------------------

Date: Tue, 31 Jul 2012 16:21:14 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Attack against Microsoft scheme puts hundreds of crypto apps at risk

  "Researchers have devised an attack against a Microsoft-developed
  authentication scheme that makes it trivial to break the encryption used
  by hundreds of anonymity and security services, including the iPredator
  virtual private network offered to users of The Pirate Bay.  The attack,
  unveiled by Moxie Marlinspike and David Hulton, takes on average just 12
  hours to recover the secret key that iPredator and more than 100 other VPN
  and wireless products use to encrypt sensitive data. The technique, which
  has been folded into Marlinspike's CloudCracker service, exploits
  weaknesses in version 2 of a Microsoft technology known as MS-CHAP, short
  for Microsoft challenge-handshake authentication protocol. It's widely
  used to log users into VPN and WPA2 networks and is built into a variety
  of operating systems, including Windows and Ubuntu."
  http://j.mp/NHKPb0  (ars technica via NNSquad)

------------------------------

Date: Sat, 28 Jul 2012 13:49:54 -0400
From: Monty Solomon <monty () roscom com>
Subject: Google Failed to Delete All Street View Data, Drawing U.K. Ire

http://www.eweek.com/c/a/Data-Storage/Google-Failed-to-Delete-All-Street-View-Data-Drawing-UK-Ire-347724/

------------------------------

Date: Sun, 29 Jul 2012 14:49:03 +0800
From: jidanni () jidanni org
Subject: Chief developer quits OAuth2.0: I failed, We failed

http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/

"Last month I reached the painful conclusion that I can no longer be
associated with the OAuth 2.0 standard. I resigned my role as lead author
and editor, withdraw my name from the specification, and left the working
group. Removing my name from a document I have painstakingly labored over
for three years and over two dozen drafts was not easy.  Deciding to move on
from an effort I have led for over five years was agonizing...

The web does not need yet another security framework. It needs simple,
well-defined, and narrowly suited protocols that will lead to improved
security and increased interoperability. OAuth 2.0 fails to accomplish
anything meaningful over the protocol it seeks to replace...

I failed.

We failed."

------------------------------

Date: Thu, 26 Jul 2012 10:11:31 -0400
From: Monty Solomon <monty () roscom com>
Subject: Hacking attacks on printers still not being taken seriously
  (Mark Piesing)

Despite staged malware attack seven months ago, one in four HP laser
jet printers still have default password settings

Mark Piesing, guardian.co.uk, 23 July 2012
http://www.guardian.co.uk/technology/2012/jul/23/hacking-attack-printers

------------------------------

Date: Fri, 27 Jul 2012 18:05:53 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: General warns of dramatic increase in cyber-attacks on U.S. firms

General warns of dramatic increase in cyber-attacks on U.S. firms
http://j.mp/MKPKbt  (L.A. Times via NNSquad)

  "Alexander said the military had yet to work out rules of engagement for
  responding to cyber-attacks, and he pointed out that neither of his
  agencies have the authority to defend against a cyber-attack on a private
  company, even if that company owns crucial infrastructure.  The pending
  bill would fix that, he said.  Some business groups oppose the bill as
  intrusive, and some civil liberties groups say it compromises privacy.
  Alexander pointedly refused to comment on Stuxnet, a cyber-attack on
  Iran's nuclear enrichment facilities that has been reported to have been
  the work of the U.S. and Israeli intelligence.  He also pushed back
  against the notion that the uptick in attacks on the U.S. is related to
  Stuxnet, which was first discovered in June 2010."

There are indeed genuine cybersecurity concerns.
But this legislative campaign by Alexander et al. is mostly F.U.D.

------------------------------

Date: Sat, 28 Jul 2012 14:46:08 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Don't believe the Skype: it may not be as private as you might think
  (Dan Gillmor)

  "When Skype became popular just under a decade ago, I repeatedly asked the
  company a question that I considered crucial. The online calling and
  messaging service encrypted users' communications, and it was based
  outside the United States. But the encryption methods were kept secret, so
  outside researchers couldn't verify their quality - a technique that
  experts in the field sometimes deride as "security through obscurity" -
  and I wanted to know whether Skype had a software backdoor that it or
  anyone else could use to listen into users' calls."
  http://j.mp/OnbREn  (Dan Gillmor, Guardian via NNSquad)

    [Skype Hype abounds hyperbolically, especially where host systems
    are compromisable.  PGN]

------------------------------

Date: Sun, 29 Jul 2012 10:23:18 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Is This Anonymous Group Behind the New York Times WikiLeaks Hoax?

http://j.mp/PWZC09  (BetaBeat via NNSquad)

  "Early this morning, a pro-WikiLeaks op-ed purporting to be penned by
  former *New York Times* executive editor Bill Keller cropped up online.
  It was a stunningly convincing piece of web fraud, its design practically
  identical to the New York Times's own homepage, with every link leading to
  an actual Times article or section. The only hint that it wasn't real was
  the URL: instead of showing as nytimes.com/pages/opinion, it read
  "opinion-nytimes.com." It's a tiny difference, but a monumentally
  important one."

------------------------------

Date: Tue, 31 Jul 2012 10:04:07 -0700
From: Gene Wirchenko <genew () ocis net>
Subject: "First strain on Olympic networks seen" (Brandon Butler)

Brandon Butler, London Olympics could strain enterprise networks, 30 Jul 2012
http://www.itbusiness.ca/IT/client/en/CDN/News.asp?id=68406

first and last paragraphs:

It didn't take long to see the first signs of strain on communication
networks at the Olympics when overloaded infrastructure on the first day of
competition caused organizers to request that spectators scale back their
use of Twitter for "non-urgent" messages, according to Reuters.

And finally, he says, a lesson from the Olympics issue is that you can't
blindly rely on your partners. The issue over the weekend, he notes, was
likely caused not only by the Olympics network infrastructure having issues,
but also from third-party telecommunications systems that may have been
overloaded. If an enterprise is relying on a partner or vendor to supply a
networking service, make sure the provider is putting controls into place to
handle unexpected issues that may arise as well.

  [Watch out when you out-source?]

------------------------------

Date: Sun, 29 Jul 2012 17:42:12 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Don't tweet if you want TV, London fans told

http://j.mp/MNF2kh  (Reuters via NNSquad)

  "Sports fans attending the London Olympics were told on Sunday to avoid
  non-urgent text messages and tweets during events because overloading of
  data networks was affecting television coverage."

------------------------------

Date: Wed, 25 Jul 2012 20:50:20 -0400
From: Jeremy Epstein <jeremy.j.epstein () gmail com>
Subject: Re: Olympics security poster 'gibberish' (RISKS-26.95)

Such problems are not unique to Arabic signs on buses, of course.  A recent
TV show had a gravestone with the Hebrew letters arranged in reverse order
(the letters themselves were not mirror images).  The result of the
automated translation was a tombstone reading "pickled at great expense"
rather than "dearly missed".  If the producers of the show had checked with
a native speaker of the language, one would assume s/he would point out the
error.

As PGN might no doubt comment, this left viewers in a pickle as to the
message being sent.

http://www.guardian.co.uk/world/shortcuts/2012/jun/17/bbc-comedy-episodes-viral-in-israel

------------------------------

Date: Sat, 28 Jul 2012 01:27:46 -0700 (PDT)
From: Chris J Brady <chrisjbrady () yahoo com>
Subject: World Wide Web - Inventor

As was clearly depicted last night in the Opening Ceremony of the [...]
Olympics in London ...  "All partygoers were invited back to the house where
Tim Berners-Lee, the Briton who invented the World Wide Web, was at his
keyboard.  When the house was lifted there was the man himself. And a huge
illuminated black and white sign announced "This is for everyone."
http://www.dailymail.co.uk/news/article-2179920/Olympics-Opening-Ceremony-London-gets-2012-Games-way-Greatest-Show-On-Earth-rounded-Macca-course.html
End of argument.

  [NOTE: I DELETED the 3-X roman numerals of the Olympics to avoid
  this issue being filtered/blocked/censored.]

------------------------------

From: "Larry Press" <lpress () csudh edu>
Date: Jul 25, 2012 7:05 PM
Subject: Re: Who Really Invented the Internet?

  [via Dave Farber's IP distribution]

Government funded research and procurement played a major role before,
during and subsequent to the "invention" of the Internet.  Furthermore, we
got an incalculable return on a very small investment.

I summarized some of the background in a 1996 CACM article "Seeding
Networks: the Federal Role," (http://som.csudh.edu/fac/**
lpress/articles/govt.htm <http://som.csudh.edu/fac/lpress/articles/govt.htm>
).

Here are some costs from that article ($millions):

Morse Telegraph                    .03         Smithsonian
ARPANET                          25            [24]
CSNET                             5            [6]
NSFNET Backbone                  57.9          [8]
NSF Higher-ed connections        30            Dave Staudt, NSF
NSF International connections     6.6          Steve Goldstein, NSF

In a companion article, published in CACM in 1993, I talked about things
done at PARC and other places.  The article is called "Before the Altair --
the History of Personal Computing," and its at: http://som.csudh.edu/fac/**
lpress/articles/hist.htm <http://som.csudh.edu/fac/lpress/articles/hist.htm>

------------------------------

Date: Mon, 6 Jun 2011 20:01:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request () csl sri com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 26.96
************************


  By Date           By Thread  

Current thread:
  • Risks Digest 26.96 RISKS List Owner (Aug 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]