Home page logo
/

risks logo RISKS Forum mailing list archives

Risks Digest 27.49
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 27 Sep 2013 11:51:21 PDT

RISKS-LIST: Risks-Forum Digest  Friday 27 September 2013  Volume 27 : Issue 49

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/27.49.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
NHS IT system one of 'worst fiascos ever', say MPs (Richard Irvin Cook)
Why Whistleblowers Should Be Listened To (M. Heffernan via Sharon Kramer)
L.A. School District's Expensive iPad Program Already in Trouble
  (Howard Blume via Lauren Weinstein)
IBM's Watson computer has parts of its memory cleared after developing
  an acute case of potty mouth (George Dvorsky via Randall)
Supreme Court Weighs When Online Speech Becomes an Illegal Threat
  (David Kravets via Lauren Weinstein)
"Internet threat level rises on expanded IE attacks" (Gregg Keizer via
  Gene Wirchenko)
EU+ trying to use NSA stories as excuse to kill the open Internet
  (Tech Freedom via Lauren Weinstein)
"Nirvanix shutdown has cloud users wondering who's next" (David Linthicum
  via Gene Wirchenko)
"Dropbox takes a peek at files" (Jeremy Kirk via Gene Wirchenko)
FTC vs Marketer of Internet-Connected Home Security Video Cameras
  (Gabe Goldberg)
"Identity theft service planted botnets in LexisNexis, other data providers"
  (Serdar Yegulalp via Gene Wirchenko)
Re: EZ-Pass being read all over (Ed Ravin)
Re: Verizon's diabolical plan to turn the Web into pay-per-view (Arthur T.)
FAA preparing to remove restrictions on in-flight electronic devices
  (Serdar Yegulalp via Gene Wirchenko)
Defeating Apple's Touch ID: It's easier than you may think (Dan Goodin via
  Dewayne Hendricks)
Re: Wired: Apple's Fingerprint ID May Mean You Can't 'Take the Fifth'
  (Ivan Jager)
*TNY* review by Louis Menand of 'Command and Control', Eric Schlosser
  (Prashanth Mundkur)
Opinion: Neglecting our nukes - Eric Schlosser - POLITICO.com
  (Gabe Goldberg)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 18 Sep 2013 05:46:45 +0000
From: Richard Irvin Cook <rcook () kth se>
Subject: NHS IT system one of 'worst fiascos ever', say MPs

  [This is an update to Richard's item in RISKS-25.44, 8 Nov 2008.  PGN]

Caveat emptor!  [RIC]

BBC News UK Politics, 18 September 2013

Taxpayers face a rising, multi-billion pound bill for a failed government IT
project, MPs have said.  A report by the influential Public Accounts
Committee (PAC) concluded an attempt to upgrade NHS computer systems in
England ended up becoming one of the "worst and most expensive contracting
fiascos" in public sector history.

The final bill for abandoning the plan is still uncertain, the committee
said.  Ministers initially put the costs of the NHS scheme's failure at
6.4bn pounds.  Officials later revised the total to 9.8bn, but the PAC said
this latest estimate failed to include a price for terminating a contract
with Fujitsu to provide care records systems and other future costs.

'Ill-fated'

The project was launched in 2002, with the aim of revolutionising the way
technology is used in the health service by paving the way for electronic
records, digital scanning and integrated IT systems across hospitals and
community care.  Hit by technical problems and contractual wrangling, it was
effectively disbanded by the government two years ago.

MPs on the PAC said some outstanding costs remain and committee member
Richard Bacon said: "The taxpayer is continuing to pay the price for the
ill-fated national programme for IT in the NHS.  "Although officially
dismantled (it) continues in the form of separate component programmes which
are still racking up big costs."  He highlighted a government decision to
renegotiate 3.1bn worth of contracts with outsourcing company CSC, charged
with setting up a care records system known as Lorenzo in the North,
Midlands and east of England.  "Despite the contractor's weak performance,
the Department of Health is itself in a weak position in its attempts to
renegotiate the contracts," Mr Bacon said.

"The department's latest estimate of 9.8bn leaves out the future costs of
Lorenzo or the potential large future costs arising from the department's
termination of Fujitsu's contract for care records systems in the south of
England."  The report added that delays and problems with changes to benefit
payments - another huge government IT project - showed ministers had not
"learned and applied lessons" from the fallout.  "This saga is one of the
worst and most expensive contracting fiascos in the history of the public
sector," Mr Bacon added.

------------------------------

Date: September 26, 2013 2:20:37 PM EDT
From: Sharon Kramer <SNK1955 () aol com>
Subject: Why Whistleblowers Should Be Listened To (M. Heffernan)

M Heffernan, *The Guardian* UK

  [via Dave Farber]

  [... profound words of wisdom published today in the GuardianUK.   SNK]

http://www.theguardian.com/local-government-network/2013/sep/26/whistleblower-public-sector

What the recent scandals have shown us is that no management or monitoring
system will catch every problem breeding inside an organisation. But its
employees could: they are an institution's best early warning system...

Whistleblowers are rare and misunderstood. Popularly portrayed as marginal
figures, eccentric if not downright mad, they always come across as
irritable malcontents. Nothing could be further from the truth...  By the
time a whistleblower is frustrated enough to go public, managers have lost
the battle. Not only do they now have a public relations crisis to manage
but they've lost the chance to solve a problem while it was still small and
private. The defensiveness that inevitably ensues drives truth-telling
further underground and makes it less likely that anyone will speak up early
enough next time....

The management of whistleblowers, therefore, requires real courage on the
part of managers. They need to be unafraid when someone shines light on a
problem and to recognise that the people who do so are their source of
safety....

The overwhelming majority of whistleblowers are deeply loyal, committed
employees who have high expectations of their organisations. It's when those
institutions fail to meet high standards that the nascent whistleblower
becomes distraught, frustrated and sounds the alarm. Only when they find --
to their mounting disappointment -- that they are ignored or rejected do
they go outside the organisation to draw attention to their grievances...

The challenge for local authorities, therefore, is to create the culture and
the systems that make it easy and attractive for anyone with a concern to
articulate it early, when the issue is still easy to fix...

------------------------------

Date: Wed, 25 Sep 2013 10:49:25 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: L.A. School District's Expensive iPad Program Already in Trouble
  (Howard Blume)

  By Tuesday afternoon, L.A. Unified officials were weighing potential
  solutions. One would limit the tablets, when taken home, to curricular
  materials from the Pearson corporation, which are already installed.  All
  other applications and Internet access would be turned off, according to a
  district "action plan."  A second approach would be to buy and install a
  new security application.  Apple's just-released new operating system
  might help, but not the current iteration, according to the district. A
  fix from Apple is not likely to be available before late December.  The
  devices should work normally at school, although even that has been
  problematic. Teacher Robert Penuela said his use of the tablets has been
  limited because he can't get them to work for all students at once.
  Roosevelt freshman Alan Munoz said that, so far, he was using his iPad
  only during free time.  The excitement of receiving the device quickly
  wore off for senior Kimberly Ramirez when she realized it was for
  schoolwork only.  "You can't do nothing with them," she said. "You just
  carry them around."
    http://j.mp/1fmG8RZ  (Howard Blume, *L.A. Times* via NNSquad)

When this program (which basically was pushed through in secret) was
announced, I was critical of its cost (sweetheart deal with Apple and
Pearson for expensive iPads rather than alternatives) in a time when the
LAUSD really needs more teachers. And I noted that if the district really
thought they were going to restrict what students did with these things
(liability issues, huh?) they were fooling themselves.  Well ...

------------------------------

Date: September 26, 2013 8:13:11 AM PDT
From: Randall Webmail <rvh40 () insightbb com>
Subject: IBM's Watson computer has parts of its memory cleared after
  developing an acute case of potty mouth (George Dvorsky)

George Dvorsky, io9, 11 Jan 2013
    [From Dewayne Hendricks via Dave Farber.  Thanks!  PGN]
http://io9.com/5975173/ibms-watson-computer-has-parts-of-its-memory-cleared-after-developing-an-acute-case-of-potty-mouth
 () AnnaleeNewitz

It all started a couple of years ago when IBM's Watson, the computer voted
most likely to destroy us when the technological Singularity strikes, was
given access to the Urban Dictionary. In an attempt to help Watson learn
slang -- and thus be more amenable to conversational language -- the
machine subsequently picked up such phrases as OMG and "hot mess." But at
the same time it also picked up some words fit only for a sailor.

Watson, you'll no doubt remember, completely trounced its opponents on
Jeopardy! back in 2011. The expert learning-system is no longer wasting its
time on game shows, and is currently being used in the medical sciences to
help researchers scour enormous reams of information and serve as a
diagnostic tool.  ...

------------------------------

Date: Tue, 17 Sep 2013 09:20:28 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Supreme Court Weighs When Online Speech Becomes an Illegal Threat
  (David Kravets)

http://j.mp/1dm1wSK  (David Kravets, *WiReD* via NNSquad)

  "The Supreme Court is being asked to decide when an online threat becomes
  worthy of prosecution, in what could be the first Internet speech case to
  reach the high court's docket for the 2013-2104 term beginning next month.
  The justices are weighing whether to review the prosecution of an Iraq war
  veteran handed 18 months (.pdf) in prison for singing in a 2010 YouTube
  video that he would kill a local Tennessee judge if the judge did not
  grant him visitation rights to his young daughter."

------------------------------

Date: Wed, 25 Sep 2013 10:10:51 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Internet threat level rises on expanded IE attacks" (Gregg Keizer)

Gregg Keizer | Computerworld, 23 Sep 2013
Gang responsible for Bit9 hack in February is responsible for latest
attacks exploiting IE 'zero-day,' says FireEye after threat level
moves to 'Yellow'
http://www.infoworld.com/d/security/internet-threat-level-rises-expanded-ie-attacks-227302

------------------------------

Date: Mon, 16 Sep 2013 18:21:54 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: EU+ trying to use NSA stories as excuse to kill the open Internet,

... as they've wanted to do all along?

http://j.mp/182muVe  (Tech Freedom via NNSquad)

  "It would be a sad outcome of the surveillance disclosures if they led to
  an approach to Internet policy making and governance in which countries
  became a series of walled gardens with governments holding the keys to
  locked gates. But that is where we will end up if all data has to stay on
  servers located in the nation in which a citizen lives or where a device
  is located. The digital world does not need another Great Firewall - in
  Europe or anywhere else."

And given that EU and most other countries are engaging in similar
surveillance activities themselves to the extent of their technical
abilities, what we really have here is dissembling as the enemies of the
open Internet use this situation as an excuse to accomplish what they've
been hoping for all along.

------------------------------

Date: Tue, 24 Sep 2013 11:21:05 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Nirvanix shutdown has cloud users wondering who's next"
  (David Linthicum)

David Linthicum, InfoWorld, 24 Sep 2013
Startups and small providers have the most to lose when one of their
own goes under
http://www.infoworld.com/d/cloud-computing/nirvanix-shutdown-has-cloud-users-wondering-whos-next-227364

------------------------------

Date: Tue, 17 Sep 2013 11:25:25 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Dropbox takes a peek at files" (Jeremy Kirk)

Jeremy Kirk, InfoWorld, 13 Sep 2013
The behavior was noticed after a file-tracking service was used to
watch several files uploaded to Dropbox
http://www.infoworld.com/d/cloud-computing/dropbox-takes-peek-files-226776

------------------------------

Date: Tue, 17 Sep 2013 09:48:58 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: FTC vs Marketer of Internet-Connected Home Security Video Cameras

A company that markets video cameras designed to allow consumers to monitor
their homes remotely has settled Federal Trade Commission charges that its
lax security practices exposed the private lives of hundreds of consumers to
public viewing on the Internet. This is the agency's first action against a
marketer of an everyday product with interconnectivity to the Internet and
other mobile devices -- commonly referred to as the "Internet of Things."

http://www.ftc.gov/opa/2013/09/trendnet.shtm

------------------------------

Date: Thu, 26 Sep 2013 09:20:25 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Identity theft service planted botnets in LexisNexis, other data
  providers" (Serdar Yegulalp)

Serdar Yegulalp, InfoWorld, 25 Sep 2013
Russian hackers have been stealing personal and financial data
straight from information clearinghouses, reselling it in bulk
http://www.infoworld.com/t/cyber-crime/identity-theft-service-planted-botnets-in-lexisnexis-other-data-providers-227519

------------------------------

Date: Wed, 25 Sep 2013 01:13:47 -0400
From: Ed Ravin <eravin () panix com>
Subject: Re: EZ-Pass being read all over

This news is so old, the first time I heard about it, my computer was
running Windows 3.1.  It was the early 1990's, I was working for an online
service company, and we were looking into providing our customers with
traffic data from Transcom, a regional transportation alliance in the
Northeast.  The data they had was average speeds, picked up by EZ-Pass
readers installed on the roadsides of highways on Long Island.  Back in
those days, EZ-Pass users were few and far between, mostly truckers, but
there were apparently enough around to provide reliable information using
the roadside readers.

The Transcom people told us at the time that they did not keep the data
very long, and used it only to measure average speed on the highways, and
had rejected the idea of using the data for speeding tickets or the like
since doing things like that would discourage use of EZ-Pass.

Transcom's web site is www.xcm.org, and they will let you see some of their
data at http://data.xcm.org/ .

------------------------------

Date: Wed, 25 Sep 2013 01:02:48 -0400
From: "Arthur T." <Risks201309.10.atsjbt () xoxy net>
Subject: Re: Verizon's diabolical plan to turn the Web into pay-per-view

If Verizon gets its way, it will be making choices about what goes across
its line to its users.  Does that mean that it will no longer be able to
rely on the "safe harbor" provision of the DMCA?  Will that ability to
choose allow it to be sued for any copyright-infringing material that goes
across its network?  I'm not a lawyer and I don't know, but I'd very much
like to read opinions on this from IP lawyers.

------------------------------

Date: Thu, 26 Sep 2013 09:28:05 -0700
From: Gene Wirchenko <genew () telus net>
Subject: FAA preparing to remove restrictions on in-flight electronic devices
  (Serdar Yegulalp)

Serdar Yegulalp | InfoWorld, 24 Sep 2013
Ban on device usage during takeoff and landing has long been believed
to be based more on anecdotes than actual data
http://www.infoworld.com/t/mobile-technology/faa-preparing-remove-restrictions-in-flight-electronic-devices-227446

------------------------------

Date: September 23, 2013 2:42:31 PM EDT
From: Dewayne Hendricks <dewayne () warpspeed com>
Subject: Defeating Apple's Touch ID: It's easier than you may think
  (Dan Goodin)

    [via Dave Farber]

[Note: Yet another article on Apple's Touch ID mess.  This one adds a bit of
info to the others that I've posted on this topic.  DLH]

Dan Goodin, *Ars Technica*, Sep 23 2013
The hack using lifted fingerprints is easy; here's how you can make it harder.
<http://arstechnica.com/security/2013/09/defeating-apples-touch-id-its-easier-than-you-may-think/>

This weekend's decisive defeat of Touch ID is the most poignant reminder yet
of the significant limitations of using fingerprints, iris scans, and other
physical characteristics to prove our identities to computing devices. As
previously reported, a team of German hackers who have long criticized
biometrics-based authentication bypassed the new iPhone feature less than 48
hours after its debut.

Many security researchers and writers, yours truly included, predicted that
the ability of the high-definition scanner included in the iPhone 5S
wouldn't be fooled by attacks using scanned fingerprint smudges to
impersonate an already enrolled thumb or finger. It's now clear we were
wrong. Hacker Starbug overcame the purported ability of Touch ID to read
prints at a sub-epidermal level by using a slightly higher resolution camera
to generate a cloned fingerprint. The availability of a 3D printer also
seemed to help.

Some critics have castigated the technique as too difficult for the average
hacker. Others have argued that the hack has little significance in the real
world. They cite Apple talking points that the protection of Touch ID
represents a significant improvement over what many people have now, since a
large percentage of iPhone users currently use no PIN at all to lock their
phones. There's some merit in this second argument, since any protection, no
matter how flawed, is better than none at all. But as Rob Graham, CEO of
penetration testing firm Errata Security makes clear, Starbug's technique is
easy for many people to carry out.

"Just because it's too much trouble for you doesn't mean it's too much
trouble for a private investigator hired by your former husband," he wrote
in an e-mail to Ars. "Or the neighbor's kid. Or an FBI agent. As a kid, I
attended science fiction conventions in costume and had latex around the
house to get those Vulcan ears to look just right. As a kid, I etched
circuit boards. This sort of stuff is easy, easy, easy -- you just need to
try."

Graham later posted his comments on his blog.

As Ars pointed out last week, there's little we can do to keep our
fingerprints and other physical characteristics private. They leak every
time we touch a door knob, wine glass, or ATM. And that calls into question
whether Touch ID is a truly "secure" way to unlock phones, as Apple's own
press release announcing the new feature claimed. That's not to say there
aren't things people can do to limit the leakage, though.

Graham is one of the organizers behind istouchidhackedyet, a bounty program
that pledged cash bounties to the first person who could override the new
feature, which allows people to unlock their iPhones using one or more
fingerprints. He told Ars that he's still waiting to see a detailed video
that documents the hack from start to finish, but at this point he's
satisfied that Starbug has met the requirements for the cash prize. He
estimated the amount at about $10,000, after at least one of the people who
pledged a bounty reneged on the promise. [...]

  [PGN comments: RISKS noted the gummi-bear attack previously.  This newer
  incarnation is getting a lot of coverage.  Here are a few examples.

  Monty Solomon noted:
IOS 7 Lockscreen Bug Allows Anyone to Sidestep Passcode, Access Photos/Email
Tiffany Kaiser, 20 Sep 2013
http://www.dailytech.com/IOS+7+Lockscreen+Bug+Allows+Anyone+to+Sidestep+Passcode+Access+PhotosEmail/article33416.htm

  Gene Wirchenko noted three more:
Video: Watch this Siri hack bypass iOS 7's lock screen
Security vulnerability allows a third party to grab your iPhone and
tell Siri to perform various functions even when locked
Pete Babb, InfoWorld, 23 Sep 2013
http://www.infoworld.com/t/mobile-security/video-watch-siri-hack-bypass-ios-7s-lock-screen-227256

"Show of hands: Who hasn't hacked Apple's Touch ID?",
Robert X. Cringely, InfoWorld, 25 Sep 2013
http://www.infoworld.com/t/cringely/show-of-hands-who-hasnt-hacked-apples-touch-id-227520

"German hackers say old technique can bypass Apple's Touch ID"
Jeremy Kirk, IDG News Service, InfoWorld, 23 Sep 2013
http://www.infoworld.com/d/mobile-technology/german-hackers-say-old-technique-can-bypass-apples-touch-id-227292
  ]

------------------------------

Date: Thu, 26 Sep 2013 15:26:10 -0400
From: Ivan Jager <aij+ () mrph org>
Subject: Re: Wired: Apple's Fingerprint ID May Mean You Can't 'Take the Fifth'
  (Hoffman, RISKS-27.48

Fingerprint authentication has been available on computers for quite a
while. For example, my 6 year old laptop came with a fingerprint
reader. Apple may make them more ubiquitous, but I haven't heard of
them doing anything new with them.

AFAIK, fingerprint readers are only good for local authentication, and
are pretty much useless for encryption. Remote authentication doesn't
work well, because you need a reasonable degree of certainty that the
finger is in fact present, and hopefully even attached to a live body,
so the reader itself needs to be trusted. Encryption is problematic
because you don't get the exact same data each time you read a finger,
so it can't be used an an encryption key. (For those who don't see how
this could still be used for local authentication: The finger is
scanned a few times during setup. Some data derived from those scans
is stored on the device. Then during authentication, said data is used
to do a fuzzy comparison of the new scan to the original scans.)

So if I understand things correctly, yes a judge could order you to
produce your finger, but in the cases where that is useful he could
just as easily order the prosecution to purchase a screwdriver and
stop wasting his time. IANAL, etc, etc.

Ivan

PS: Please let me know if there is some newfangled way of using
fingerprint readers for encryption that I have not heard about.

PPS: I don't actually use my fingerprint reader because I could not
find enough documentation to convince myself that it couldn't be
trivially defeated. (STMicroelectronics Fingerprint Reader)

------------------------------

Date: Tue, 24 Sep 2013 21:12:03 -0700
From: Prashanth Mundkur <prashanth.mundkur () gmail com>
Subject: *TNY* review by Louis Menand of 'Command and Control', Eric Schlosser

Nuclear weapons were touched on in the Fukushima essay by Charles Perrow
noted in RISKS-27.48. There is a more explicit discussion of them in this
review in *The New Yorker*.
http://www.newyorker.com/arts/critics/books/2013/09/30/130930crbo_books_menand?currentPage=all

With numerous examples, the review explains that:

  But most of the danger that human beings faced from nuclear weapons after
  the destruction of Hiroshima and Nagasaki had to do with inadvertence --
  with bombs dropped by mistake, bombers catching on fire or crashing,
  missiles exploding, and computers miscalculating and people jumping to the
  wrong conclusion. On most days, the probability of a nuclear explosion
  happening by accident was far greater than the probability that someone
  would deliberately start a war.

Charles Perrow is acknowledged explicitly.

  Schlosser cites Charles Perrow's Normal Accidents (1984) as an inspiration
  for his book. Perrow argued that in systems characterized by complex
  interactions and by what he called `tight coupling' -- that is, processes
  that cannot readily be modified or turned off -- accidents are
  normal. They can be expected. And they don't lend themselves to very
  satisfying postmortems, since it is often difficult to explain just what
  stage it was in the cascade of bad events that made them irreversible.

    [Schlosser's long item in *TNY* includes quite a few cases long ago
    mentioned in RISKS.  He is also the source of the next item. PGN]

------------------------------

Date: Tue, 17 Sep 2013 09:35:32 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: Opinion: Neglecting our nukes - Eric Schlosser - POLITICO.com

On Oct. 23, 2010, at about 1:30 in the morning, the underground launch
control centers at F.E. Warren Air Force Base in Wyoming lost communication
with 50 Minuteman III intercontinental ballistic missiles.  Instead of
showing the status of the missiles, the computer screens in the control
centers displayed the acronym LFDN (Launch Facility Down).  Briefly
losing contact with a few missiles wasn't unusual. But having an entire
squadron go down, simultaneously, was extraordinary.  Closed-circuit
television images of the missile silos, which sit miles away from their
control centers, revealed that none of the Minuteman IIIs had lifted
off. Almost an hour after the problem suddenly appeared, communication was
re-established between the missiles and their launch crews. Nevertheless,
heavily armed Air Force security officers spent the next few hours visiting
all 50 silos, in the early morning darkness, to ensure that no security
breach had occurred.

The Air Force dismissed the possibility that the computer network
controlling its Minuteman IIIs had been hacked. The idea that a hacker could
somehow disable 50 ballistic missiles -- each of them armed with a nuclear
warhead about seven times more powerful than the bomb that destroyed
Hiroshima -- seemed like the improbable plot of a Hollywood thriller.

http://www.politico.com/story/2013/09/neglecting-our-nukes-96854.html?hp=r17

------------------------------

Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request () csl sri com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 27.49
************************


  By Date           By Thread  

Current thread:
  • Risks Digest 27.49 RISKS List Owner (Sep 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault