Home page logo

risks logo RISKS Forum mailing list archives

Risks Digest 27.11
From: RISKS List Owner <risko () csl sri com>
Date: Tue, 11 Dec 2012 16:30:48 PST

RISKS-LIST: Risks-Forum Digest  Tuesday 11 December 2012  Volume 27 : Issue 11

Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at

How the US Air Force flushed a $1B software project down the drain
  (Randall Stross via Lauren Weinstein)
Iran shipping signals conceal Syria ship movements (Danny Burstein)
Syria outage sheds light on U.S. Kill Switch concerns (Robert Lemos via
  ACM TechNews)
25-GPU cluster cracks every standard Windows password in <6 hours
  (ars technica via Lauren Weinstein)
Inaccurate Apple Maps directions causes 'life threatening issue' for
  travelers in Australia (Monty Solomon)
In Pursuit of McAfee, Media Are Part of Story (Jeff Wise via Monty Solomon)
Monty Solomon <monty () roscom com>
The Illusion Of Online Security (The Diane Rehm Show via Monty Solomon)
High-Speed Traders Profit at Expense of Ordinary Investors
  (Nathaniel Popper and Christopher Leonard)
UN Internet regulation talks in Dubai threaten Web freedom (Dan Gillmor via
  Dave Farber)
Lord Leveson calls for curbs on Internet 'mob rule' (Chris Drewe)
National Network for First Responders Won't Happen for Years ...
  (Edward Wyatt via Lauren Weinstein)
How Smartphones Are Making Wallets Obsolete (Gabe Goldberg)
"A Step Toward E-Mail Privacy" (NYTimes editorial via PGN)
Lock Firm Onity Starts To Shell Out For Security Fixes To Hotels' Hackable
  Locks (Andy Greenberg via Jim Reisert)
Mobile Browsers Fail Georgia Tech Safety Test (Michael Terrazas via
  ACM TechNews)
A letter to the President about e-voting (Barbara Simons)
10th International Conference on integrated Formal Methods iFM 2013
  (Diego Latella)
Abridged info on RISKS (comp.risks)


Date: Sun, 9 Dec 2012 13:22:26 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: How the US Air Force flushed a $1B software project down the drain
  (Randall Stross)

[Source: Excerpt from Randall Stross, *The New York Times*, 9 Dec 2012]

  "Signs that such comprehensive change could not, in fact, be done "at
  once" were visible last spring. Last April, Jamie M. Morin, assistant
  secretary of the Air Force, testified before a subcommittee of the
  Senate's Armed Services Committee about E.C.S.S.: "The total cost on the
  system is now over $1 billion," he said, adding, "I am personally appalled
  at the limited capabilities that program has produced relative to that
  amount of investment."  With the cancellation of the system last month, a
  spokeswoman said that the Air Force would continue to rely on its legacy
  logistics systems, some of which have been in use since the 1970s."


Date: Thu, 6 Dec 2012 23:46:23 -0500 (EST)
From: Danny Burstein <dannyb () panix com>
Subject: Iran shipping signals conceal Syria ship movements

Iranian oil tankers are sending incorrect satellite signals that confuse
global tracking systems and appear to conceal voyages made by other ships to
Syria, which, like Iran, is subject to international sanctions. ...  "It is
of course possible to manipulate or falsify information in these messages,"
said Richard Hurley, a senior analyst at IHS Fairplay, a maritime
intelligence publisher.  At least three Iranian oil tankers are transmitting
such false signals, effectively taking over the identity of Syrian-owned
vessels traveling between Syria, Libya and Turkey.  All the vessels in
question were registered in Tanzania.

[Source: Reuters Exclusive item, Jessica Donati and Daniel Fineren, with
additional reporting by Jonathan Saul, Amena Bakr and Fumbuka Ng'wanakilala;
Editing by Will Waterman; starkly PGN-ed]


Date: Fri, 7 Dec 2012 11:15:36 -0500
From: ACM TechNews <technews () HQ ACM ORG>
Subject: Syria outage sheds light on U.S. Kill Switch concerns (Robert Lemos)

Syria and as many as 60 other countries are at a severe risk of being
disconnected from the Internet because of lack of redundancy in their
telecommunications connections to the outside world, according to a recent
Renesys report.  However, the report rated the United States, Canada, and
many Western European nations as "resistant to risk," while other countries
were rated at "significant" or "low risk" or being disconnected.  The
analysis found that concerns that an Internet "kill switch" could cut people
off are unwarranted in the United States, says Renesys' Earl Zmijewski.
"Syria is not the U.S., it is not Canada, and it's not Western Europe,"
Zmijewski says.  "There is no way to simply shut down connectivity."  The
analysis of the relative resistance of a country's network to disconnection
is based on the number of providers that connect to the outside world, not
the number of physical connections.  Renesys' James Cowie notes that
comments on the study indicate that most people were concerned about their
country's vulnerability to being disconnected.  "It's interesting that most
people who are suggesting modifications to (our) model believe that their
country is much more vulnerable to disconnection," Cowie says.  [Source:
Robert Lemos, eWeek, 5 Dec 2012]



Date: Mon, 10 Dec 2012 15:59:50 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: 25-GPU cluster cracks every standard Windows password in <6 hours

  "The five-server system uses a relatively new package of virtualization
  software that harnesses the power of 25 AMD Radeon graphics cards. It
  achieves the 350 billion-guess-per-second speed when cracking password
  hashes generated by the NTLM cryptographic algorithm that Microsoft has
  included in every version of Windows since Server 2003. As a result, it
  can try an astounding 95^8 combinations in just 5.5 hours, enough to brute
  force every possible eight-character password containing upper- and
  lower-case letters, digits, and symbols. Such password policies are common
  in many enterprise settings. The same passwords protected by Microsoft's
  LM algorithm-which many organizations enable for compatibility with older
  Windows versions-will fall in just six minutes."
    http://j.mp/12hTcy0  (ars technica via NNSquad)

 - - -

Of course, you need access to the hashes to do this.   If sites didn't
make stupid errors that exposed their hash files, this approach would
not be particularly useful in most cases.


Date: Tue, 11 Dec 2012 09:25:33 -0500
From: Monty Solomon <monty () roscom com>
Subject: Inaccurate Apple Maps directions causes 'life threatening issue'
 for travelers in Australia

Inaccurate Apple Maps directions causes 'life threatening issue' for
travelers, says Australian police

Apple redraws maps after Australian drivers led astray in the bush


Date: Mon, 10 Dec 2012 09:07:53 -0500
From: Monty Solomon <monty () roscom com>
Subject: In Pursuit of McAfee, Media Are Part of Story (Jeff Wise)

  [Monty excerpted this paragraph from a fascinating article by Jeff Wise on
  a very strange case involving WiReD's Rocco Castoro and Robert King
  traveling with John McAfee traveling in Belize, and a mysterious death.

... The gloating was short-lived, however. Within minutes, a reader noticed
that the photograph posted with the story still contained GPS location data
embedded by the iPhone 4S that took it, and sent out a message via Twitter:
"Check the metadata in the photo. Oooops ..."  Vice quickly replaced the
image, but it was too late. "Oops! Did Vice Just Give Away John McAfee's
Location With Photo Metadata?" a Wired.com headline asked. The article
included a Google Earth view of the exact spot the picture had been taken -
poolside at the Hotel & Marina Nana Juana in Izabal, Guatemala. ...


Date: Fri, 7 Dec 2012 09:48:36 -0500
From: Monty Solomon <monty () roscom com>
Subject: The Illusion Of Online Security

The Diane Rehm Show, December 5, 2012

The age of passwords is over. That's the claim made in this month's "Wired"
magazine. Most of us trust that a string of letters, numbers and characters
is enough to protect our bank accounts, e-mail and credit cards. But hackers
are breaking into computer systems and hosts of user names and passwords on
the Web with increasing regularity. And because so much of our personal
information is stored in the cloud, hackers can trick customer service
agents into resetting passwords. Some Internet companies say the trade-offs
-- convenience and privacy -- are necessary to protect our data. Privacy
advocates say that price is too high. Diane and her guests discuss the
illusion of online security and whether you can make your accounts harder to


Simon Davies founder of Privacy International.
Cecilia Kang technology reporter for the Washington Post.
Kevin Mitnick information security expert and former hacker.


Date: Sat, 8 Dec 2012 14:57:32 -0500
From: Monty Solomon <monty () roscom com>
Subject: High-Speed Traders Profit at Expense of Ordinary Investors
  (Popper, Leonard)

Nathaniel Popper and Christopher Leonard, *The New York Times*, 3 Dec 2012
High-Speed Traders Profit at Expense of Ordinary Investors, a Study Says
[PGN-ed; lots more to read]

A top government economist has concluded that the high-speed trading firms
that have come to dominate the nation's financial markets are taking
significant profits from traditional investors.  The chief economist at the
Commodity Futures Trading Commission, Andrei Kirilenko, reports in a coming
study that high-frequency traders make an average profit of as much as $5.05
each time they go up against small traders buying and selling one of the
most widely used financial contracts.


Date: Thu, 6 Dec 2012 10:36:28 -0500
From: Dave Farber <dave () farber net>
Subject: UN Internet regulation talks in Dubai threaten Web freedom
  (Dan Gillmor)


"The very idea that the ITU could obtain and exert major regulatory powers
over the Internet is a happy one only to dictators and others who believe
the Internet needs to be controlled. We've seen again and again what nation
states like Syria, China, Saudi Arabia and others do when they are unhappy
with online content or conversations. Even a hint that such censorship could
spread should be, and is, anathema to people who believe in fundamental free
speech rights. Russia, in particular, has proposed regulations that the
United States ambassador to the meeting called "the most shocking and most
disappointing" of any he'd seen."

  [Dan Gilmore in *The Guardian*.  Web URLs deleted by PGN]


Date: Sat, 08 Dec 2012 19:19:08 +0000
From: Chris Drewe <e767pmk () yahoo co uk>
Subject: Lord Leveson calls for curbs on Internet 'mob rule'

Apologies if this is Leveson overload, but he's made some, um, interesting
comments in Australia, reported by Jonathan Pearlman, in Sydney in the
*Daily Telegraph*, 8 Dec 2012:


Lord Justice Leveson has called for new laws to curb the rise of "mob rule"
on the Internet and says he is keenly watching the aftermath of his report
into media ethics.  He was "concerned" about the debate that had followed
his 2000-page report

  [Long copyrighted article PGN-ed.]


Date: Thu, 6 Dec 2012 16:26:32 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: National Network for First Responders Is Years Away (Edward Wyatt)

Edward Wyatt, *The New York Times*, 7 Dec 2012, http://j.mp/TN9CsQ

  ... Hurricane Sandy also exposed a significant flaw in the initial design
  of the emergency system. It would rely greatly on commercial cellphone
  networks, the same networks that failed during the storm when cell towers
  blew down, power equipment failed and backup batteries or generators were
  flooded. "To think that you can build a network that can withstand
  anything and everything that Mother Nature throws at it is a bit
  unrealistic," said Bill Smith, president of AT&T Network Operations. "It's
  not impossible, but it would be incredibly expensive." ...

Basing the emergency network on the fragile commercial wireless systems,
What could go wrong?


Date: Sun, 09 Dec 2012 23:46:05 -0500
From: Gabe Goldberg <gabe () gabegold com>
Subject: How Smartphones Are Making Wallets Obsolete

Some people might cringe at the thought of putting a picture of an insurance
card on their phone, but if I lose my phone, there is a password to stop
someone from opening it. My wallet never came with a password.

There are a couple of things I still carry in my pocket, held together with
a money clip: the debit card and my driver's license. But I'm confident that
those, too, will someday disappear.

Soon enough, my phone will become my sole credit card, and the only thing
left in my pocket will be my driver's license. And at some point, the
government will enter the 21st century and offer a digital alternative for

Or maybe I won't need a driver's license at all: when cars drive themselves
in the not-too-distant future, I'll be taking a nap while my car takes me to


What could go wrong?


Date: Sun, 9 Dec 2012 08:13:17 PST
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: "A Step Toward E-Mail Privacy" (NYTimes editorial)

[Very nice editorial in *The New York Times*, 9 Dec 2012, PGN-ed and
truncated for RISKS.]

The growth of the Internet, social networking and mobile technologies has
transformed how Americans communicate and exchange information, but Congress
has lagged in updating federal privacy laws to safeguard digital
communications from inappropriate prying. Late last month, the Senate
Judiciary Committee approved a measure, proposed by Patrick Leahy, that
would significantly enhance the privacy protection given to e-mails.  The
bill, an amendment to the outdated 1986 law that now governs e-mail access,
the Electronic Communications Privacy Act, would require law enforcement
agents to get a search warrant from a judge in order to obtain e-mail
content from a communications service provider that holds private electronic
messages, photos and other personal records, like Gmail or Facebook.


Date: Fri, 7 Dec 2012 08:20:40 -0700
From: Jim Reisert AD1C <jjreisert () alum mit edu>
Subject: Lock Firm Onity Starts To Shell Out For Security Fixes To
  Hotels' Hackable Locks (Andy Greenberg)

"After four months, countless hacking embarrassments and a string of hotel
burglaries, the maker of one of the world'2s most common hotel keycard locks
is finally owning up to the cost of an epic -- and expensive -- security

"Onity, the company whose locks protect 4 million or more hotel rooms around
the world, has agreed to reimburse at least some fraction of its hotel
customers for the cost of fixing a security flaw exposed in July that allows
any hacker with a $50 homemade device to open its locks in seconds,
according to written agreements between the company and several of its
largest buyers."

Jim Reisert AD1C, <jjreisert () alum mit edu>, http://www.ad1c.us


Date: Fri, 7 Dec 2012 11:15:36 -0500
From: ACM TechNews <technews () HQ ACM ORG>
Subject: Mobile Browsers Fail Georgia Tech Safety Test

  Michael Terrazas, *Georgia Tech News* (5 Dec 2012)
  [via ACM TechNews, 7 Dec 2012]

Georgia Tech researchers have found that mobile Web browsers are so unsafe
that even cybersecurity experts cannot detect when their smartphone browsers
have landed on dangerous Web sites.  "We found vulnerabilities in all 10 of
the mobile browsers we tested, which together account for more than 90
percent of the mobile browsers in use today in the United States," says
Georgia Tech professor Patrick Traynor.  The main issue is graphic icons
known as secure sockets layer (SSL) or transport layer security (TLS)
indicators, which alert users when their connection to the destination Web
site is secure and that the Web site they see is actually the site they
intended to visit.  Due to the small screen associated with most mobile
browsers, there is not enough room to incorporate SSL indicators as with
desktop browsers.  Displaying a graphical indicator that a site is secure in
a Web browser's URL field is on the security guidelines recommended by the
World Wide Web Consortium for browser safety.  "Research has shown that
mobile browser users are three times more likely to access phishing sites
than users of desktop browsers," says Georgia Tech researcher Chaitrali


Date: Fri, 07 Dec 2012 15:48:53 -0800
From: Barbara Simons <simons () acm org>
Subject: A letter to the President about e-voting

Election, Tech Experts to Obama: Yes, ``We Need to Fix That,'' But
  E-Voting Not the Answer
Source: Verified Voting, Dated: Dec 06, 2012

In a letter delivered to President Obama and congressional leaders this
week, experts including congressional representatives, elections officers
and cyber-security experts, urged the president to reject any calls for
Internet voting.

Barbara Simons, Chair of Board, Verified Voting, Coauthor, Broken
Ballots: Will Your Vote Count? - simons () acm org, 650-328-8730
Jordana Merran - jordana () newheightscommunications com, 301-873-4484

Groups Warn Against Hasty Action on Internet Voting in Response to Long
Lines, Technical Glitches in November 2012

Washington, DC, In a letter delivered to President Obama and congressional
leaders this week, a broad coalition of experts, including congressional
representatives, elections officers and cyber security experts, is urging
the president and Congress to reject any calls for Internet voting. They are
warning officials that Internet voting remains a highly insecure option that
leaves our systems vulnerable to cyber-attacks and technical failures.

After voters across the country waited as long as seven hours to cast their
ballots and Hurricane Sandy wreaked havoc on East Coast election systems
last November, lawmakers in Congress are introducing legislation to
facilitate the voting process in federal elections, and some parties have
expressed Interest in online voting.

``Internet voting seems like a great solution. But relying on the Internet
to transmit a vote means not only opening the election up to hackers and
malicious forces, but also giving up the right to vote anonymously,'' said
Barbara Simons, former president of the Association for Computing Machinery
and chair of the board of the nonpartisan Verified Voting.

Instead, Simons and dozens of other leaders in their fields are urging
Congress to use scanned-in paper ballots in federal elections.

``The lack of accountability in our election processes has put our democracy
at risk. That's why we urge Congress to adopt scanned paper ballots. They
are inexpensive, they can eliminate long lines because many voters can vote
simultaneously, and most importantly, they provide a paper trail that can be
verified, especially in the event that an election result is called into
question,'' [quoting Peter G Neumann]

The letter to the President notes that, had elections been too close to call
in the November contest, many jurisdictions that rely on electronic voting
machines would have had no way to verify whether their results were correct.

The text of the letter can be found at

Signatories include:

Andrew W. Appel, Eugene Higgins Professor of Computer Science, Princeton Univ.
Matt Blaze, Assoc. Professor, Computer & Information Science, Univ. of
Harvie Branscomb, Colorado Voter Group
Duncan A. Buell, Computer Science and Engineering Professor, Univ. of
  South Carolina
David Dill, Computer Science Professor, Stanford Univ.; Board of
  Directors, Verified Voting
Susan Dzieduszycka-Suinat, Overseas Vote Foundation
Jeremy Epstein, Senior Computer Scientist, SRI International
David J. Farber, Distinguished Professor of Computer Science & Public
  Policy, Carnegie Mellon Univ.
Lowell Finley, Member, EAC Standards Board
Irene Etkin Goldman, Voting Rights Advocate, Board Chair, Coalition for
  Peace Action, Princeton, N.J.
Mary Ann Gould, Co-Founder, Executive Director, Coalition for Voting
J. Alex Halderman, Assistant Professor of Computer Science & Technology
Joseph Lorenzo Hall, Senior Staff Technologist, Center for Democracy &
Mark Halvorson, Founder and Former Director, Citizens for Election
  Integrity Minnesota
Candice Hoke, Director, Public Monitor of Cuyahoga Election Reform; Law
  professor, Cleveland State Univ.
Representative Rush Holt, Member of Congress
Harri Hursti, Security Researcher, CTO SafelyLocked
Holly Jacobson, Co-Founder, Voter Action
David Jefferson, Computer Scientist, Lawrence Livermore National
  Laboratory; Board of Directors, California Voter Foundation; Board of
  Directors, Verified Voting
Douglas W. Jones, Associate Professor of Computer Science, Univ. of
  Iowa; Coauthor, Broken Ballots: Will Your Vote Count
Earl Katz, Public Interest Pictures
Douglas A. Kellner, Co-Chair, New York State Board of Elections
Marybeth Kuznik, Executive Director, VotePA; Judge of Elections, Penn
  Township, Westmoreland County, PA
Mark Lindeman, Adjunct Assistant Professor of Political Science,
  Columbia Univ.
Collin Lynch, Intelligent Systems Program, Univ. of Pittsburgh; Past
  President, VoteAllegheny; Member, VotePA; Past Co-Chair, Allegheny
  County Citizen's Advisory Panel on Election Systems
Margaret MacAlpine, Advisory Comm. Member, California Post Election
  Risk-Limiting Audit Pilot Program
Neal McBurnett, ElectionAudits (the open source project)
John McCarthy, Lawrence Berkeley National Laboratory Computer Scientist
  (retired); Verified Voting volunteer
Dan McCrea, President and Co-Founder, Florida Voters Foundation
Walter Mebane, Professor of Political Science and Professor of
  Statistics, Univ. of Michigan
Justin Moore, Board of Advisors, Verified Voting Foundation
Michelle Mulder, Consultant, Verified Voting Foundation
Peter G. Neumann, Principal Scientist, SRI International Computer Science
  Lab; Moderator, ACM Risks Forum
Ronald L. Rivest, Viterbi Professor of Computer Science, MIT
Lida Rodriguez-Taseff, Miami-Dade Election Reform Coalition
Aviel D. Rubin, Professor of Computer Science and Technical Director of
  the Information Security Institute, Johns Hopkins Univ.
Noel Runyan, President of Personal Data Systems, Campbell, CA.
Ion Sancho, Leon County Supervisor of Elections
Bruce Schneier, Chief Security Technology Officer, BT; Security
  technologist and author
Kevin Shelley, Former California Secretary of State
Barbara Simons, IBM Research (retired); member, EAC Board of Advisors;
  Chair, Board of Directors, Verified Voting; Former President, ACM;
  Coauthor, Broken Ballots: Will Your Vote Count?
Stephanie Singer, Philadelphia City Commissioner
Pamela Smith, President, Verified Voting
Howard Stanislevic, Founder, E-Voter Education Project, NY, NY
Philip B. Stark, Professor and Chair, Department of Statistics, Univ. of
  California, Berkeley
Paul Stokes, United Voters of New Mexico
Penny M. Venetis, Clinical Prof. of Law, Judge Dickinson R. Debevoise
  Scholar; Co-Director, Constitutional Litigation Clinic, Rutgers School
  of Law-Newark
David Wagner, Professor of Computer Science, Univ. of California, Berkeley
Luther Weeks, CTVotersCount
Rebecca Wilson, Co-Director, SAVE our Votes: Secure, Accessible,
  Verifiable Elections for Maryland


Date: Thu, 06 Dec 2012 09:38:53 +0100
From: Diego Latella <Diego.Latella () isti cnr it>
Subject: 10th International Conference on integrated Formal Methods (iFM 2013)

June 10 - 14, 2013 - Turku, Finland


Applying formal methods may involve modeling different aspects of a system
which are best expressed using different formalisms.  Correspondingly,
different analysis techniques may be used to examine different system views,
different kinds of properties, or simply in order to cope with the sheer
complexity of the system. The iFM conference series seeks to further
research into hybrid approaches to formal modeling and analysis; i.e., the
combination of (formal and semi-formal) methods for system development,
regarding modeling and analysis, and covering all aspects from language
design through verification and analysis techniques to tools and their
integration into software engineering practice.

Areas of interest include but are not limited to:
- Formal and semiformal modeling notations
- Integration of formal methods into software engineering practice
- Refinement
- Theorem proving
- Tools; - Logics
- Model checking
- Model transformations
- Semantics
- Static Analysis
- Type Systems
- Verification
- Case Studies
- Experience reports

- Jean-Raymond Abrial, Marseille, France
- Cosimo Laneve, University of Bologna, Italy
- Susanne Graf, VERIMAG, France
- Kim Larsen, Aalborg University, Denmark

This call for papers and additional information about the conference
can be found at http://www.it.abo.fi/iFM2013
For information regarding the conference you can contact: ifm2013 () abo fi


Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request () csl sri com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:


End of RISKS-FORUM Digest 27.11

  By Date           By Thread  

Current thread:
  • Risks Digest 27.11 RISKS List Owner (Dec 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]