Home page logo
/

risks logo RISKS Forum mailing list archives

Risks Digest 27.24
From: RISKS List Owner <risko () csl sri com>
Date: Sun, 7 Apr 2013 14:09:35 PDT

RISKS-LIST: Risks-Forum Digest  Sunday 7 April 2013  Volume 27 : Issue 24

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/27.24.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Chinese Government To Buy Dell (Steven J. Greenwald)
Deeper Meaning in a Live YouTube April Fools' Gag (Lauren Weinstein)
New Test for Computers - Grading Essays at College Level (Gabe Goldberg)
"Fix your DNS servers or risk aiding DDoS attacks" (Ted Samson via
  Gene Wirchenko)
"Cyber criminals tying up emergency phone lines through TDoS attacks"
  (Ted Samson via Gene Wirchenko)
Prenda Law's Attorneys Take The Fifth Rather Than Answer Judge Wright's
  Questions (Lauren Weinstein)
"Firefox 20 ups HTML5 support, adds dev tools and per-tab Private Browsing"
  (Gene Wirchenko on Ted Samson)
MS apologizes for employee's Xbox Durango 'always-online' tweets
  (Lauren Weinstein)
"Ransomware uses victims' browser histories for increased credibility"
  (Lucian Constantin via Gene Wirchenko)
ZIP Codes Are Definitely "Personal Identification Information" (Monty Solomon)
Everything We Know About What Data Brokers Know About You (Monty Solomon)
Mozilla Firefox CPU hog ?? (Henry Baker)
`Massive' Cyberattack Wasn't Really So Massive (David Talbot)
Risks of ASCII-formatting mathematics (Bill Stewart)
Sears Discloses User-Selected PIN (Richard Karash)
Online tax returns, You're Doing It Wrong... (Valdis Kletnieks)
Wow! Are we still in the 1990s? (Gene Spafford)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Mon, 1 Apr 2013 16:41:28 -0400 (GMT-04:00)
From: "Steven J. Greenwald" <sjg6 () gate net>
Subject: Chinese Government To Buy Dell

http://news.yahoo.com/china-to-buy-dell-source-155247372--sector.html

Chinese Government To Buy Dell
By Carl Michaels and Michael Silver | Rueters - Monday, Apr 1, 2013

NEW YORK / BEIJING (Rueters) - Dell Inc announced today that the Chinese
government would purchase them in a leveraged buy out. Michael Dell and
private equity firm Silver Lake Partners have announced that they welcome
the leveraged buy out. "It's the best of all the alternatives that the
company's board had explored," said Dell in a prepared statement to
shareholders.

Carl Icahn has proposed paying $15 per share for 58 percent of Dell, while
Blackstone Group has indicated it can pay $14.25 per share. But both deals
would involve saddling the troubled tech company with massive debt and
keeping it public. Silver Lake Partners would offer all cash at $13.65 per
share and take Dell private in the reverse of an IPO: an LBO or so-called
"leveraged buy out" where a failing public company goes private at a severe
loss to the shareholders and usually with massive firing of competent
employees while retaining the incompetent ones.

But Xia Xiahuang, head of the Technology Investment Government Workers
Group, a Chinese government agency, said that China would pay $17.75 per
share to acquire the ailing tech company. "We need more competition in the
Pan-Asian PC market. As a growing world economy China needs more than just
Lenovo," said Xiahuang at a press conference where she announced the
decision. "If successful in our leveraged buy out then we plan on moving
Dell to Government City Number 23 where we have lots of unemployed tech
workers." She extolled the virtues of corporate competition in her
statement. "We learned a lot from the Americans, especially about how
capitalism works with a centrally managed economy." When asked about the
history of that, she said, "Maybe we have a language issue here, but no, we
don't call that 'fascism' here."

Government City Number 23, a super-secret facilty, used to make advanced
nuclear weapons for the Chinese government. It is located, according to
sources, somewhere near the Chinese Mongolian border. "We don't need more
hydrogen bombs. We can get all of those that we want from North Korea. And
cheap!" When asked why, she said, "We need more PCs, tablets, and
smartphones." Xiahuang then said, "Also, we have all of these U.S. Treasury
bonds just sitting around doing squat. If we can use a few of those to buy a
has-been company like Dell, why not? Better than earning almost no interest
like Amercian retirees."

When asked about the business model for the decision, Xiahuang said, "Well,
we don't see much of a domestic market, but we definitely have a guaranteed
market with the U.S. government with Dell's Federal Systems Division." When
pressed for details, she said, "We don't foresee any consumer demand at all
for Dell products. We'll focus on selling hardware and software to the
U.S. Government. We have an excellent relationship with their procurement
agencies."

Michael Dell could not be reached for comment. A written press release by
Dell warned that any levereged recapitalization, even by a major government,
was risky. "While we have no objection to moving to Mongolia, especially
given how we now are headquartered in Round Rock, Texas, we do feel
compelled to mention that the telephone system near Mongolia would not
support our outsourced customer service model." Additional questions were
deferred for later according to the press release, to comply with
Sarbannes-Oxley.

Outside analysts dismissed this, noting that Dell long ago abandoned any
pretense of good customer service for anyone, especially low-level
consumers. "The Chinese will whip them in line," said Ani Prox, a financial
sector tech analyst. "I can't wait until they screw over a relative of the
Central Committee and then the Chinese publically execute a few of their
so-called 'customer support' drones." When asked if he thought this a good
move, Prox said, "I don't want to say that I'm literally jumping with
joy. But I am. Those damned monsters had it coming."

Many American analysts have concerns about the proposed U.S. cyber-espionage
rule that would limit Chinese imports of information technology products in
the wake of alleged Chinese hacking attacks on the U.S.. When asked about
those concerns, Chinese government spokesperson Xiahuang said, "The Chinese
government does not engage in hacking. Hello? If we did would we buy a
company with such strong customer dissatisfaction as Dell?" She went on to
dispute that the U.S. has evidence of hacking attacks by China and claimed
that more than half of the attacks actualy originate from Dell PCs in the
United States. "Let's face it; we do the Americans a huge favor here which
the Obama Administration knows. We don't foresee any problems with this
minor acquisition of a failed and widely-hated company."

According to the U.S. Congressional Research Service, the United States
imports about $129 billion worth of "advanced technology products" form
China, which includes PCs, laptops, tablets, smartphones, music players,
gaming devices, and military drones. U.S. military and intelligence
community purchases of these products has tripled in the past year under
Obama Administration rules.

Chinese state media, including Xinhua, the China Daily, and the People's
Daily, quoted a spokeperson for the Chinese Ministry of Commerce. "The
proposed U.S. bill sends a very wrong signal. Don't they want us to buy that
awful Dell company to use up some of the massive amounts of U.S. T-bills we
bought? We already buy up all of their real-estate that we can to prop them
up."

"This abuse of so-called national security measures is unfair to Chinese
enterprises and people, and extends the discriminatory practice of
presumption of guilt," said the article in the official People's
Daily. "This severely damages mutual trust between the U.S. and China."
China Daily, in an editorial widely believed to be written by the
government, said, "Besides, China does the U.S. taxpayers a favor by taking
this awful company off their hands. Does the U.S. want another bailout of a
failed company on their hands?"

Technology security lawyer Stuart Bleaker wrote in a recent blog post that
China could claim that the United States is violating World Trade
Organization rules. However, because Beijing hasn't signed a WTO agreement
setting international rules for government procurement, it may not be
successful in its challenge, even though no one actually pays attention to
WTO rules when big players like China are involved.

Chinese foreign ministry spokesman Hong Lei also urged the U.S. to abandon
the law at a news conference on Thursday. "This bill uses Internet security
as an excuse to take discriminatory steps against Chinese companies," he
said. "Let us buy Dell already! What's your problem? Frankly, we do you
Americans a huge favor. You can't possibly want this awful company. We'll
take it off your hands, get rid of some of the debt you owe us, and employ a
bunch of people near Mongolia. A win-win for everyone."

A U.S. State Department spokesperson could not be reached for comment.

------------------------------

Date: Mon, 1 Apr 2013 17:10:33 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Deeper Meaning in a Live YouTube April Fools' Gag (NNSquad)

          Deeper Meaning in a Live YouTube April Fools' Gag
             http://lauren.vortex.com/archive/001018.html

As I'm typing this at around 16:45 PDT on April Fools' Day, Google's YouTube
is running one of the funniest stunts I've seen in years.

On this currently live video feed ( http://j.mp/X9E9pj ) we have a pair of
presenters reading the titles and uploader descriptions of seemingly rather
randomly selected YouTube videos.  They're not showing the videos mind you
(except for a few being "spotlighted") -- just reading texts from large
piles of red and white YouTube cards, in a manner reminiscent of some
twisted awards ceremony from an alternative universe.

And in fact, this April Fools' Day event is part of a larger gag (one of
many deployed by Google for today -- others included "Gmail Blue," "Google
Nose," and more).

In this case our presenters are purportedly in the process of announcing
every video ever uploaded to YouTube, in preparation for shutting down
YouTube for a decade, while the corpus of existing videos is reviewed to
select the "best of them all" -- to be announced in 2023, of course.

What's so very fine about this particular joke is the way the pair of
presenters (Donald and Kendra) are playing it all absolutely straight, with
barely a smile cracked as they intone out loud video descriptions ranging
from touching to ludicrous, all of which appear to be 100% absolutely legit.
And of course, the juxtaposition of completely unrelated descriptions only
adds to the amusement.

But as this delightful spectacle continues to stream onto a screen to my
left at this very moment, I'm thinking that there is a deeper meaning in
play.

Those YouTube video descriptions -- from serious to silly, from banal to
urbane -- and by definition the videos associated with them -- are a
cross-section of real life, in all its stupendous variety and wonder.

Soldiers in battle.  Dog eating burger.  Bad guitar players.  A tribute to a
lost friend.  Millions and millions and millions of videos, every single one
meaning something to whomever took the time to upload them.

Lots of people make money posting on YouTube, but vastly more post simply
for the joy of sharing what they care about, and within those piles of cards
being read aloud today is the very essence of that meaning -- remarkably
clear even absent the actual videos themselves.

I think this is a truth worth noting.  And since D and K were just provided
with chairs at last, it looks like the show may be good to go for quite a
while yet!

Even in the midst of this great April Fools' concept, there is a teachable
moment in every video upload, in every video description.  Together they're
a distillation of so many persons' loves (and hates), desires, fantasies and
memories.

That's quite remarkable, really.

And it's no joke.

------------------------------

Date: Thu, 04 Apr 2013 17:13:20 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: New Test for Computers - Grading Essays at College Level (NYTimes.com)

Imagine taking a college exam, and, instead of handing in a blue book and
getting a grade from a professor a few weeks later, clicking the `send'
button when you are done and receiving a grade back instantly, your essay
scored by a software program.

And then, instead of being done with that exam, imagine that the system
would immediately let you rewrite the test to try to improve your grade...

http://www.nytimes.com/2013/04/05/science/new-test-for-computers-grading-essays-at-college-level.html?hp

What could go wrong?

  [For example, students who reverse engineer the software or gain
  experience from the program's behavior can adjust their writing styles to
  just barely get a good grade -- without ever really learning how to write
  effectively.

  By the way, Harvard now ``admits that the e-mail surveillance was wider
  than the school originally admitted.''  Perhaps U.C. Santa Cruz had a
  better idea to do away with grades and grade-point averages -- which might
  cause problems only when an undergrad wants to get admitted to a graduate
  school other than UCSC.

  But we seem to be generally dumbing down education wholesale at many
  levels, leading to lowest-common-denominator curricula, narrowing what is
  or can be taught, and reducing personal contacts with teachers.
  Autograding certainly might be another step in that direction.  PGN]

------------------------------

Date: Mon, 01 Apr 2013 13:59:26 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Fix your DNS servers or risk aiding DDoS attacks" (Ted Samson)

Ted Samson, InfoWorld, 01 Apr 2013
Perpetrators of the DDoS ambush against Spamhaus exploited open DNS
resolvers in third-party servers
http://www.infoworld.com/t/security/fix-your-dns-servers-or-risk-aiding-ddos-attacks-215510

  [Not an April-Fools' piece.  It seems to have been a light year.  PGN]

------------------------------

Date: Tue, 02 Apr 2013 13:00:45 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Cyber criminals tying up emergency phone lines through TDoS attacks"
  (Ted Samson)

Ted Samson, InfoWorld, 01 Apr 2013
Similar to DDoS attacks, TDoS also used to extort cash from targets,
including businesses and public service agencies
http://www.infoworld.com/t/cyber-crime/cyber-criminals-tying-emergency-phone-lines-through-tdos-attacks-215585

------------------------------

Date: Tue, 2 Apr 2013 16:05:23 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Prenda Law's Attorneys Take The Fifth Rather Than Answer Judge
  Wright's Questions

http://j.mp/16uxXLr (Popehat via NNSquad)

  "Today the Prenda Law enterprise encountered an extinction-level event.
  Faced with a federal judge's demand that they explain their litigation
  conduct, Prenda Law's attorney principals - and one paralegal - invoked
  their right to remain silent under the Fifth Amendment to the United
  States Constitution. As a matter of individual prudence, that may have
  been the right decision. But for the nationwide Prenda Law enterprise,
  under whatever name or guise or glamour, it spelled doom."

Such a cheerful word in this particular case: "doom."

------------------------------

Date: Wed, 03 Apr 2013 08:12:15 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Firefox 20 ups HTML5 support, adds dev tools and per-tab Private
  Browsing"

I had not thought of the risk presented in the use case quoted, probably
because I am the only one who uses my computers.  I have read accounts of
people searching for something on the Web and then getting bombarded with
ads for it for some time after.

http://www.infoworld.com/t/applications/firefox-20-ups-html5-support-adds-dev-tools-and-tab-private-browsing-215672
Ted Samson, InfoWorld, 02 Apr 2013
Firefox 20 ups HTML5 support, adds dev tools and per-tab Private Browsing
Mozilla's latest browser release unlocks HTML5 features and supports
ARM processors for low-power smartphones

"Privacy buffs will likely be most interested in per-tab Private Browsing
feature, which lets you open a new window for an Internet session during
which no site- or page-specific data -- such as history, passwords,
downloads, or cookies -- is saved to your machine. You can then freely
switch back and forth between private-session windows and the regular one.

Mozilla provides a fairly innocent example of a use case: a user browsing
online for a surprise gift."

------------------------------

Date: Fri, 5 Apr 2013 19:56:26 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: MS apologizes for employee's Xbox Durango 'always-online' tweets

http://j.mp/10mgja9  (The Next Web via NNSquad)

  "On Thursday, Microsoft Studios creative director Adam Orth sent out a
  slew of tweets implying that he sees nothing wrong with rumors of
  Microsoft's next Xbox, codenamed Durango, requiring an "always-on"
  Internet connection to function. Unsurprisingly, the backlash from users
  was massive, and although Orth ended up setting his Twitter account to
  private to hide them from the general public, by then the damage had
  already been done.  Microsoft on Friday released an official statement
  regarding the tweets: ..."

As the song says, "When will they evvvvvver learn?"
Tweets are public.  Public is public.  Period.

------------------------------

Date: Tue, 02 Apr 2013 12:57:48 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Ransomware uses victims' browser histories for increased credibility"
  (Lucian Constantin)

http://www.infoworld.com/d/security/ransomware-uses-victims-browser-histories-increased-credibility-215560
Lucian Constantin, IDG News Service, InfoWorld, 1 Apr 2013
Visited websites are listed as source of illegal material to make
bogus police messages more believable, researcher says

------------------------------

Date: Mon, 1 Apr 2013 10:50:32 -0400
From: Monty Solomon <monty () roscom com>
Subject: ZIP Codes Are Definitely "Personal Identification Information"

Massachusetts Supreme Court Rules ZIP Codes Are Definitely "Personal
Identification Information"

http://privacylaw.proskauer.com/2013/04/articles/uncategorized/massachusetts-supreme-court-rules-zip-codes-are-definitely-personal-identification-information/

------------------------------

Date: Tue, 2 Apr 2013 01:14:33 -0400
From: Monty Solomon <monty () roscom com>
Subject: Everything We Know About What Data Brokers Know About You

http://www.propublica.org/article/everything-we-know-about-what-data-brokers-know-about-you

------------------------------

Date: Tue, 02 Apr 2013 11:00:32 -0700
From: Henry Baker <hbaker1 () pipeline com>
Subject: Mozilla Firefox CPU hog ??

I usually visit most web sites with Javascript turned *off*, which
traditionally has saved a lot of CPU effort, because Javascript isn't
constantly busy sending my mouse position back to the web page I'm visiting.

However, I've noticed that in the most recent versions of Mozilla Firefox
(19, perhaps even 18) -- even with Javascript turned off -- my Windows CPU
is working so hard for Firefox that it has trouble mouse tracking my other
applications.  I know this because the moment I exit Firefox, my mouse
tracking returns to normal.  Also, Windows Task Manager reports exceptional
usage by Firefox.

Neither the Internet Explorer nor the Opera browser require such heavy CPU
activity, so this issue is specific to Firefox.

I don't know if Firefox has gone over to the 'dark side', and is now spying
on its users full time, but there is no legitimate reason for all of this
heavy duty CPU activity.

------------------------------

Date: Tue, Apr 2, 2013 at 6:48 AM
From: Dewayne Hendricks <dewayne () warpspeed com>
Subject: `Massive' Cyberattack Wasn't Really So Massive (David Talbot)

[Note: This item comes to DLH via Mike Cheponis, and thence via Dave Farber.]

Date: April 1, 2013 1:28:17 AM PDT
From: Michael Cheponis <michael.cheponis () gmail com>
Subject: Denial of Service Attack on Spamhaus Was Enabled by Lax Server

David Talbot, `Massive' Cyberattack Wasn't Really So Massive
*MIT Technology Review*, 29 Mar 2013

A decade-old fix could have easily stopped this weekend's attack on an
anti-spam company, but the truth is many Web companies simply ignore such
fixes.
http://www.technologyreview.com/news/512911/massive-cyberattack-wasnt-really-so-massive/

An attack that disrupted Internet service over the past week would have been
stopped by a simple Web server configuration fix that's been understood for
a decade but is widely ignored by Web companies, experts say.

The prolonged assault targeted Spamhaus, a European nonprofit that reports
where spam is coming from and publishes a list of implicated Web servers.
The apparent flashpoint was the addition of CyberBunker, a Dutch
data-storage company, to its roster.

The unidentified attackers used a botnet -- a network of infected ordinary
computers -- to attack Spamhaus's website and then the servers of
CloudFlare, a content-delivery company that stepped in to help Spamhaus
manage the influx of traffic. The attack also affected regional Internet
servers that are transit points for not only the two targeted companies but
also many others.

While some observers have suggested that the scale of the attack was smaller
than most reports indicated, according to a blog by the Austrian Computer
Emergency Response Team (CERT), the attack caused ``disruption in some parts
of the Internet.''

The kind of attack that occurred is called `distributed denial-of-service'
because many computers are tricked into sending chunks of data at one
target, overwhelming it. This attack took advantage of a weakness in
domain-name servers, or DNS servers, where typed Web addresses are resolved
into the numerical codes that correspond to the machines that hold the
relevant information.

The attack involved sending DNS servers requests forged to look as if they
came from the target. These DNS servers responded by overwhelming the target
with data it didn't actually ask for. The impact can be amplified because
the DNS servers -- depending how they are configured -- can be asked to
send large amounts of data. [...]

------------------------------

Date: Sun, 31 Mar 2013 23:47:51 -0700
From: Bill Stewart <bill.stewart () pobox com>
Subject: Risks of ASCII-formatting mathematics (Bellovin, RISKS-27.23)

  What's new is that someone has managed to turn the weaknesses into a real
  exploit, albeit one that needs at least 224 and preferably 230 encryptions
  of the same plaintext to work.

Except he almost certainly didn't write that; the numbers were presumably
2**24 and 2**30, expressed in some notation that didn't survive some
reformatting process somewhere.

(Either way, it's interesting math and a good practical article.)

------------------------------

Date: Sun, 7 Apr 2013 09:45:35 -0400
From: Richard Karash <richard () karash com>
Subject: Sears Discloses User-Selected PIN

Sears has a "rewards" program called Shop Your Way Rewards. Users are given
a membership number and are invited to select a PIN of 4-8 digits (good).

To help users remember their credentials, the program sends regular e-mails
(sounds OK).  These e-mails contain the membership number and the
user-selected PIN (bad).  Making a bad situation even worse, the program
gives you a membership card with your number -- and your selected PIN
printed right on the card.  Why have a PIN if it is printed right on the
card?

The risk arises because I, like most users, have a favorite memorable PIN
and use it at multiple sites. The risk is, by using Shop Your Way Rewards,
MY PIN has now been exposed.

  [Of course, THAT'S bad!  PGN]

Richard Karash  -- Richard () Karash com -- Karash Associates LLC
+1 617-308-4750  --  http://Karash.com

------------------------------

Date: Sat, 06 Apr 2013 19:58:44 -0400
From: Valdis Kletnieks <Valdis.Kletnieks () vt edu>
Subject: Online tax returns, You're Doing It Wrong...

Just seen on Google+, slightly redacted for privacy.  All three
gentlemen share the same LASTNAME...

Will LASTNAME originally shared this post:

To Robert LASTNAME: congrats, your federal tax return has been accepted.

To Wade LASTNAME: unfortunately your tax return was rejected because you
included the wrong birth date.

To both you: learn your friggin e-mail address  Both of you input my e-mail
address into TurboTax, so now I'm getting all your tax-related e-mails.

And to +TurboTax: what the heck are you thinking, not actually verifying
people's e-mail address before you start sending personal information in
e-mails?!

------------------------------

Date: Wed, 3 Apr 2013 13:38:21 -0400
From: Gene Spafford <spaf () purdue edu>
Subject: Wow! Are we still in the 1990s?

I had a problem with pages at Starbucks.com displaying properly on Mac
(using Safari).  I sent an e-mail to them, pointing out the problem.
Enclosed is the response.

I don't think I need to say a lot, but it is clear that they are stuck in
the 1990s, don't know about standards-compliance, and appear to not value
customer security and choice.  I was amazed to get a reply like this in 2013
-- and not on April Fools!

Begin forwarded message:

From: Starbucks Customer Care <info () starbucks com>
Date: April 3, 2013, 1:26:56 PM EDT

Dear Gene,
Thank you for contacting Starbucks.

Please note, if you are attempting to access Starbucks.com through a
  browser such as Firefox or Safari, some portions of the site may not
  function properly or permit access.  We recommend using Microsoft Internet
  Explorer for optimum performance.  If you continue to experience
  difficulty, please feel free to call 1-800-STARBUC and a representative
  will be happy to assist you.

------------------------------

Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request () csl sri com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 27.24
************************


  By Date           By Thread  

Current thread:
  • Risks Digest 27.24 RISKS List Owner (Apr 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault