Home page logo
/

risks logo RISKS Forum mailing list archives

Risks Digest 27.63
From: RISKS List Owner <risko () csl sri com>
Date: Wed, 4 Dec 2013 21:44:11 PST

RISKS-LIST: Risks-Forum Digest  Wednesday 4 November 2013  Volume 27 : Issue 63

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/27.63.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Jury: Newegg infringes Spangenberg patent, must pay $2.3 million
  (Lauren Weinstein, PGN)
Amazon Air Prime and the Labor Question (Andrew Russell)
"Stuxnet's Secret Twin", by Ralph Langner at Foreign Policy
  (via Prashanth Mundkur)
Dial 00000000 for Armageddon (Henry Baker)
Monday meltdown (Gary Hinson)
"Million-dollar robbery rocks bitcoin exchange" (Jon Gold via
  Gene Wirchenko)
Bitcoin Miners being planted in programs being surreptitiously
  installed on users' computers (Techienews via Lauren Weinstein)
Why Comcast and other cable ISPs aren't selling you gigabit Internet
  (ArsTechnica via Lauren Weinstein)
Dutch intelligence agency AIVD hacks Internet forums (NRC via LW)
Snowden claims... NSA used lots of spyware (Danny Burstein)
UK ministers will order ISPs to block terrorist and extremist websites
  (Lauren Weinstein)
New FCC Chairman appears to simultaneously endorse NetNeutrality and
  letting ISPs crush Net services and consumers (Public Knowledge)
"Malice or mistake? Cyber sleuths weigh in on Internet hijack attack"
  (Serdar Yegulalp via Gene Wirchenko)
A spurned techie's revenge: Locking down his ex's digital life
  (Sean Gallagher via Monty Solomon)
Facebook Vulnerability Discloses Friends Lists Defined as Private
  (Quotium)
Surveilling the police! (Prashanth Mundkur)
Couchsurfing - The Crash - Montreal 2006 (jidanni)
Re: A joke that went wrong (Brian Randell)
Willis Ware (PGN)
The Spyware That Enables Mobile-Phone Snooping (Susan Crawford via
  Robert Schaefer)
Healthcare IT (IEEE S&P)
Digital Outcasts: Moving Technology Forward without Leaving People Behind
  (Ben Rothke)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Mon, 25 Nov 2013 21:55:02 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: Jury: Newegg infringes Spangenberg patent, must pay $2.3 million

  "Newegg, an online retailer that has made a name for itself fighting the
  non-practicing patent holders sometimes called "patent trolls," sits on
  the losing end of a lawsuit tonight. An eight-person jury came back
  shortly after 7:00pm and found that the company infringed all four
  asserted claims of a patent owned by TQP Development, a company owned by
  patent enforcement expert Erich Spangenberg.  The jury also found that the
  patent was valid, apparently rejecting arguments by famed cryptographer
  Whitfield Diffie. Diffie took the stand on Friday to argue on behalf of
  Newegg and against the patent."
    [http://bit.ly/1iaAV0I via NNSquad]

       [Insanity. Idiocy. LW]

------------------------------

Date: Tue, 26 Nov 2013 11:30:22 PST
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Jury: Newegg infringes Spangenberg patent, must pay $2.3 million

Newegg trial: Crypto legend takes the stand, goes for knockout patent punch
  http://j.mp/1em2DSC  (Ars Technica)

  "We've heard a good bit in this courtroom about public key
  encryption," said Albright. "Are you familiar with that?"

  "Yes, I am," said Diffie, in what surely qualified as the biggest
  understatement of the trial.

  "And how is it that you're familiar with public key encryption?"

  "I invented it."

------------------------------

Date: December 4, 2013 at 10:30:20 AM EST
From: Andrew Russell <arussell () stevens edu>
Subject: Amazon Air Prime and the Labor Question (via Dave Farber)

Lee Vinsel has posted a provocative piece on "Autonomous Vehicles and the
Labor Question."  The post sets a couple of recent discussion topics - a New
Yorker article on self-driving cars, and the 60 Minutes profile of Jeff
Bezos [1 Dec 2013] -- into a richer context, including the connections
between the industrial and digital economies, and what these new
technologies might mean for human labor (aka "jobs").

  [The highlight of the Charlie Rose's interview with Bezos was clearly
  the film snippet of an Octocopter drone delivering a book from Amazon
  to someone at his doorstep.  The risks of collisions, spoofing, and
  so on were never mentioned.  PGN]

http://leevinsel.com/blog/2013/12/2/autonomous-vehicles-and-the-labor-question

------------------------------

Date: Tue, 26 Nov 2013 20:46:39 -0800
From: Prashanth Mundkur <prashanth.mundkur () gmail com>
Subject: "Stuxnet's Secret Twin", by Ralph Langner at Foreign Policy

http://www.foreignpolicy.com/articles/2013/11/19/stuxnets_secret_twin_iran_nukes_cyber_attack
First two paras:

  Three years after it was discovered, Stuxnet, the first publicly disclosed
  cyberweapon, continues to baffle military strategists, computer security
  experts, political decision-makers, and the general public. A comfortable
  narrative has formed around the weapon: how it attacked the Iranian
  nuclear facility at Natanz, how it was designed to be undiscoverable, how
  it escaped from Natanz against its creators' wishes. Major elements of
  that story are either incorrect or incomplete.

  That's because Stuxnet is not really one weapon, but two. The vast
  majority of the attention has been paid to Stuxnet's smaller and simpler
  attack routine -- the one that changes the speeds of the rotors in a
  centrifuge, which is used to enrich uranium. But the second and
  "forgotten" routine is about an order of magnitude more complex and
  stealthy. It qualifies as a nightmare for those who understand industrial
  control system security. And strangely, this more sophisticated attack
  came first. The simpler, more familiar routine followed only years later
  -- and was discovered in comparatively short order.

------------------------------

Date: Sat, 30 Nov 2013 19:32:25 -0800
From: Henry Baker <hbaker1 () pipeline com>
Subject: Dial 00000000 for Armageddon.

FYI -- This secret number was probably taped to the bottom of the "red
phone"...  "The Onion" and "SNL" couldn't make up this story; and the people
in charge of the PAL program must have laughed hysterically at the movie
Dr. Strangelove, but for a totally different reason from the rest of us...

http://www.dailymail.co.uk/news/article-2515598/Launch-code-US-nuclear-weapons-easy-00000000.html

Dial 00000000 for Armageddon. U.S.'s top secret launch nuclear launch code
was frighteningly simple
*Daily Mail*, 29 Nov 2013 UPDATED: 21:59 EST

For nearly 20 years, the secret code to authorize launching U.S. nuclear
missiles, and starting World War III, was terrifyingly simple and even noted
down on a checklist.  From 1962, when John F Kennedy instituted PAL encoding
on nuclear weapons, until 1977, the combination to fire the devastating
missiles at the height of the Cold War was just 00000000.  This was chosen
by Strategic Air Command in an effort to make the weapons as quick and as
easy to launch as possible, as reported by Today I Found Out.

The Permissive Action Link (PAL) is a security device for nuclear weapons
that it is supposed to prevent unauthorized arming or detonation of the
nuclear weapon.  JFK signed the National Security Action Memorandum 160 in
1962 that required all nuclear missiles to be fitted with a PAL system.  But
nuclear experts claim the military was worried about the possibility of
command centers or communication lines being destroyed in real nuclear war,
stopping soldiers getting the codes or authorization to launch missiles when
they were actually needed.
So they simply left the security code for the weapons as eight zeros, getting around the security safeguards.

Dr. Bruce G. Blair, worked as a Minuteman launch officer between 1970 and
1974. He has written several articles about nuclear command and control
systems.  In a paper called Keeping Presidents in the Nuclear Dark, he wrote
that Strategic Air Command 'remained far less concerned about unauthorized
launches than about the potential of these safeguards to interfere with the
implementation of wartime launch orders.'  Incredibly, he also writes that
the vital combination for America's nuclear deterrent was even helpfully
noted down for the officers.  'Our launch checklist in fact instructed us,
the firing crew, to double-check the locking panel in our underground launch
bunker to ensure that no digits other than zero had been inadvertently
dialed into the panel,' Dr Blair wrote.

According to Today I Found Out, Blair wrote an article in 1977 entitled The
Terrorist Threat to World Nuclear Programs.  This claimed that it would take
just four people working together to launch nuclear missiles from the silos
he had worked in.

That very same year all the PAL systems were activated, and the nuclear
codes were changed. Hopefully to something more complicated than 00000000.

  [Bob Frankston noted a Gizmodo article by Karl Smallwood, 29 Nov 2013:
  For 20 Years the Nuclear Launch Code at US Minuteman Silos Was 00000000
http://gizmodo.com/for-20-years-the-nuclear-launch-code-at-us-minuteman-si-1473483587  PGN]

------------------------------

Date: Wed, 4 Dec 2013 08:08:41 +1300
From: "Gary Hinson" <Gary () isect com>
Subject: Monday meltdown

"RBS today admitted that it had failed to invest properly in IT systems for
decades, as customers woke up to find money had been emptied from their
accounts by a computer glitch" .

http://www.dailymail.co.uk/news/article-2517106/NatWest-RBS-Cyber-Monday-mel
tdown-EMPTIES-customers-bank-accounts.html

Curiously frank admission by a bank, that.  According to the paper, the CEO
said "'I will be outlining plans in the New Year for making RBS the bank
that our customers and the UK need it to be. This will include an outline of
where we intend to invest for the future."  Let's hope the 'outline' is
sufficient to support a generous budget request, and 'the future' is not too
far off.

Being the Daily Mail, the journalism is heavy on emotive stuff such as "I
couldn't purchase milk for my four-week-old baby" but RISKS readers ought to
be able to guess at how this incident, and the associated adverse publicity
and Twitter storm, may have affected the RBS (Royal Bank of Scotland) brand.

Dr Gary Hinson, IsecT CEO, http://isect.com http://NoticeBored.com
http://SecurityMetametrics.com http://www.iso27001security.com/
ISO27001security.com

------------------------------

Date: Fri, 29 Nov 2013 11:08:44 -0800
From: Gene Wirchenko <genew () telus net>
Subject: "Million-dollar robbery rocks bitcoin exchange" (Jon Gold)

Jon Gold, InfoWorld, 26 Nov 2013
Latest Bitcoin security breach affects major European exchange, which
shuts down personal wallet service
http://www.infoworld.com/d/security/million-dollar-robbery-rocks-bitcoin-exchange-231617

[Gene Wirchenko noted
"Bitcointalk.org warns passwords in danger after DNS attack"
Jeremy Kirk, InfoWorld, 02 Dec 2013
Some users are advised to change their passwords after the site's DNS
registrar was breached
http://www.infoworld.com/d/security/bitcointalkorg-warns-passwords-in-danger-after-dns-attack-231842

Also see
http://arstechnica.com/security/2013/11/bitcoins-skyrocketing-value-ushers-in-era-of-1-million-hacker-heists/
]

------------------------------

Date: Sat, 30 Nov 2013 11:51:21 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: Bitcoin Miners being planted in programs being surreptitiously
   installed on users' computers

Report: Bitcoin Miners being planted in programs being surreptitiously
installed on users' computers

http://j.mp/1eBaID5  (Techienews via NNSquad)

  "These miners surreptitiously carry out Bitcoin mining operations on the
  user's system consuming valuable CPU time without explicitly asking for
  user's consent. Because of the extensive mathematical calculations
  involved, the mining operation consumes a lot of CPU resource and renders
  the user's system almost useless for regular operations.  Malwarebytes
  first came across such an instance of a Bitcoin miner when one of the
  users of its software requested for assistance on November 22 through a
  forum post."

------------------------------

Date: Sun, 1 Dec 2013 20:31:26 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: Why Comcast and other cable ISPs aren't selling you gigabit Internet

  "Cable tech could hit a gigabit today, but why bother when customers lack
  choice?"  http://j.mp/1gwJ1g8  (Ars Technica via  NNSquad)

------------------------------

Date: Sat, 30 Nov 2013 09:08:15 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: Dutch intelligence agency AIVD hacks Internet forums

  Nico van Eijk, a Dutch professor in Information Law, is of the opinion
  that the Dutch intelligence service has crossed the boundaries of Dutch
  legislation. "They use sweeps to collect data from all users of web
  forums.  The use of these techniques could easily lead to mass
  surveillance by the government."  IT specialist Matthijs Koot says that
  the exploitation of this technology can lead to a blurring of the lines
  between normal citizens and legitimate targets of the intelligence
  services.  http://j.mp/1cSrI6f (NRC via NNSquad)

    [I suppose this is new form of Dutch Treat, where the Dutch and their
    government split the costs?  PGN]

------------------------------

Date: Sat, 23 Nov 2013 13:50:38 -0500 (EST)
From: Danny Burstein <dannyb () panix com>
Subject: Snowden claims... NSA used lots of spyware

[courtesy of a Netherlands news groups web post. Don't have any info on
their veracity]

NSA infected 50,000 computer networks with malicious software

The American intelligence service - NSA - infected more than 50,000 computer
networks worldwide with malicious software designed to steal sensitive
information. Documents provided by former NSA-employee Edward Snowden and
seen by this newspaper, prove this.

A management presentation dating from 2012 explains how the NSA collects
information worldwide. In addition, the presentation shows that the
intelligence service uses "Computer Network Exploitation" (CNE) in more than
50,000 locations. CNE is the secret infiltration of computer systems
achieved by installing malware, malicious software.

rest:
http://www.nrc.nl/nieuws/2013/11/23/nsa-infected-50000-computer-networks-with-malicious-software/

------------------------------

Date: Thu, 28 Nov 2013 09:52:48 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: UK ministers will order ISPs to block terrorist and extremist websites

  "The government is to order broadband companies to block extremist
  websites and empower a specialist unit to identify and report content
  deemed too dangerous for online publication.  The crime and security
  minister, James Brokenshire, said on Wednesday that measures for censoring
  extremist content would be announced shortly. The initiative is likely to
  be controversial, with broadband companies already warning that freedom of
  speech could be compromised."  http://j.mp/1fMvofe (Guardian via NNSquad)

Maybe also try block sites of political critics? No matter, a thousand
proxies will bloom, for good or ill. That's the reality, like it or not.

------------------------------

Date: Tue, 3 Dec 2013 16:24:51 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: New FCC Chairman appears to simultaneously endorse Net
        Neutrality and letting ISPs crush Net services and consumers

http://j.mp/188F4hr  (Public Knowledge via NNSquad)

  Yesterday, new FCC Chairman Tom Wheeler delivered his first formal public
  address.  After a prepared speech that explained his regulatory approach,
  he moved to a Q&A session.  In that session, he appeared to endorse the
  opposite of net neutrality: allowing ISPs to charge websites and services
  in order to reach that ISP's subscribers.  In other words, giving ISPs the
  power to pick winners and losers online.  This endorsement was all the
  more unexpected because it followed his explicit endorsement of "net
  neutrality" and a speech that touted the FCC's role in protecting the
  public interest.

    [This might give new meaning to "Wheeler Dealer".  PGN]

------------------------------

Date: Tue, 26 Nov 2013 12:11:58 -0800
From: Gene Wirchenko <genew () telus net>
Subject: "Malice or mistake? Cyber sleuths weigh in on Internet hijack
  attack" (Serdar Yegulalp)

Serdar Yegulalp | InfoWorld, 22 Nov 2013
Security experts investigate roots and motive behind surprise
rerouting of Internet traffic through Belarus and Iceland
http://www.infoworld.com/t/network-security/malice-or-mistake-cyber-sleuths-weigh-in-internet-hijack-attack-231445

------------------------------

Date: Sat, 30 Nov 2013 00:29:36 -0500
From: Monty Solomon <monty () roscom com>
Subject: A spurned techie's revenge: Locking down his ex's digital life
  (Sean Gallagher)

Sean Gallagher, Ars Technica, 22 Nov 2013
Revenge porn is just the tip of the iceberg when it comes to
cyber-domestic abuse.

The e-mail's subject line was "Interested in hiring you." The sender, a
woman, said she had seen me on a local Baltimore news show talking about
revenge porn, and she was "interested in talking to you about some work."
She gave an office phone number, and her e-mail address was from a large
local hospital system, so I thought it might be for some sort of speaking
engagement.

It was anything but. When I contacted her, the woman told me her life had
been turned upside down by her ex-boyfriend. He had hacked her phones, her
voicemail, and her family's computer, and he was blocking her out of her
digital life. She was looking for someone to help her regain control.

To some, those claims might sound like paranoia. But there are thousands of
incidents of this type of abusive use of technology annually, perpetrated by
(mostly male) spouses or partners. The most public forms of tech-centered
abuse, especially revenge porn, are getting attention from legislators
across the US right now. But these incidents are not entirely new. For more
than a decade, domestic violence and "intimate partner" stalking and
harassment have relied heavily on technology.

The most recent comprehensive study on stalking and domestic violence,
conducted by the Department of Justice in 2006, found that more than 887,000
people were aware that they were victims of cyber stalking or electronic
monitoring in that year alone. And that was a year before the iPhone was
released and well before the smartphone boom really began. ...

http://arstechnica.com/tech-policy/2013/11/a-spurned-techies-revenge-locking-down-his-exs-digital-life/

------------------------------

Date: Mon, 25 Nov 2013 11:02:10 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: Facebook Vulnerability Discloses Friends Lists Defined as Private

  "Irene Abezgauz from the Quotium Seeker Research Center identified a
  security flaw in Facebook privacy controls. The vulnerability allows
  attackers to see the friends list of any user on Facebook. This attack is
  carried out by abusing the 'People You May Know' mechanism on Facebook,
  which is the mechanism by which Facebook suggests new friends to users."
    http://j.mp/1birbxG  (Quotium via NNSquad)

------------------------------

Date: Wed, 27 Nov 2013 06:37:36 -0800
From: Prashanth Mundkur <prashanth.mundkur () gmail com>
Subject: Surveilling the police!

  Saleh was so troubled by what he saw that he decided to install video
  cameras in his store. Not to protect himself from criminals, because he
  says he has never been robbed. He installed the cameras -- 15 of them --
  to protect him and his customers from police.
http://www.miamiherald.com/2013/11/21/v-fullstory/3769823/in-miami-gardens-store-video-catches.html

------------------------------

Date: Tue, 03 Dec 2013 04:59:15 +0800
From: jidanni () jidanni org
Subject: Couchsurfing - The Crash - Montreal 2006

Gone without any backups!
Never do this.
http://www.youtube.com/watch?v=xUD0LE0lx6g

------------------------------

Date: Wed, 27 Nov 2013 21:15:31 +0000
From: Brian Randell <brian.randell () newcastle ac uk>
Subject: Re: A joke that went wrong (Randell, RISKS-2.56)

  [Brian sets the record straight after a RISKS posting 27.5 years ago!
  PGN]

RISKS-2.56 (30 May 1986, http://catless.ncl.ac.uk/Risks/2.56.html#subj1)
carried an article passed on by me from the (London) Guardian, under the
heading "A joke that went wrong". The newspaper article described a court
case in which Mr Dean Talboys "admitted criminal damage at Acton crown court
in the first British prosecution for electronic graffiti". A bug in some
software that he was creating as a (harmless) practical joke, on a system
that was in "test mode", accidentally caused disruption at his employer's
headquarters when the computer was switched to "operational mode". (The
article does not indicate the cause of this switch, but there is no
suggestion that Mr Talboys was responsible.) There has I learn been a
long-lasting effect of this incident, in that ever since Internet searches
on his (rather unusual) name have frequently led people to this article, and
to their drawing unjustified conclusions about him. This followup message to
RISKS should from now on also be found by people doing Internet searches on
his name, and thus should help alleviate an unfortunate situation.

Brian Randell, School of Computing Science, Newcastle University, Newcastle
upon Tyne, NE1 7RU, UK Brian.Randell () ncl ac uk +44 191 222 7923
http://www.cs.ncl.ac.uk/people/brian.randell

- - - - -

Begin forwarded message:

Date: 27 November 2013 21:00:26 GMT
From: <dean () louistalboys com<mailto:dean () louistalboys com>>
To: Brian Randell <brian.randell () newcastle ac uk>
Subject: RE: A joke that went wrong

Hi Brian,

Very well put and much appreciated. With respect to the "switch", it is
worth pointing out that this was a typical mainframe environment where
systems, operations, and development existed as autonomous units. The only
way I could have been held fully responsible for the failure was if I had
requested the systems programmer to move the test program into the live
environment. Not only was the program incomplete when I left to join a
consultancy, it was perhaps three months later that the problem occurred (I
had enough of a job explaining it to my QC, who was concerned the public
jury would not get it at all). The only reason they came after me was the
fact that my employee number was hard coded into a conditional statement -
hardly the action of someone intent on damage or financial gain. Personally,
I think Dixon's were a little annoyed at me leaving so soon after they had
trained me on ManTIS but then it was the 80s and companies were stealing
employees left, right and centre. They were no different in that respect.

It struck me that there is a cruel irony considering the circumstances, you
the contributor to a magazine intended for a limited readership, which
through the actions of a third-party, Google, unintentionally leads to a
much wider audience.

Thanks again and have a nice Christmas!

Dean

------------------------------

Date: Mon, 25 Nov 2013 21:45:53 PST
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Willis Ware

Willis died at 93.  He was a colleague, friend, and continual inspiration.
He was one of the nicest people I ever met.  It is almost impossible to do
his passing justice here, but I thought I would excerpt a few comments.

Gene Spafford <spaf () purdue edu>
  https://www.cerias.purdue.edu/site/blog/post/the_passing_of_a_pioneer/

* Willis worked at the Institute for Advanced Studies for John von Neumann,
  building an early computer system.
* He helped build the Johnniac.
* He was at RAND for more than 40 years.
* He was heavily involved early in the ACM.
* He was the founding president of AFIPS.
* The Ware Report in 1967 was one of the real landmarks
  http://www.rand.org/pubs/reports/R609-1/index2.html
* In 1972, he chaired the Advisory Committee on Automated Personal Data
  Systems for HEW (now HHS). "Records, Computers, and the Rights of Citizens
  http://www.rand.org/content/dam/rand/pubs/papers/2008/P5077.pdf
* That influenced the Privacy Act of 1974
  http://epic.org/privacy/1974act/
* He was the first chairman of the Information System and Privacy
  Advisory Board formed under the Computer Security Act of 1987
* He was one of the most honored professionals in computing.  [LONG LIST]

Dr. Willis H. Ware was truly a pioneer computer scientist, an early
innovator in computing education, one of the founders of the field of
computer security, and an early proponent of the need to understand
appropriate use of computing and the importance of privacy. His dedication
to the field and the public interest was both exceptional and seminal.

(The New York Times* apparently ran two different obits,
http://www.nytimes.com/aponline/2013/11/27/business/ap-us-obit-willis-ware.html?hp&_r=0
and another by John Markoff on 3 Dec 2013, who quoted Willis from 1966:

  "The computer will touch men everywhere and in every way, almost on a
  minute-by-minute basis.  Every man will communicate through a computer,
  whatever he does.  It will change and reshape his life, modify hs career,
  and force him to accept a life of continuous change."

He was incredibly wise.  Overall, he called 'em as he saw 'em. and he was
usually right on the mark.   PGN

------------------------------

Date: Tue, 3 Dec 2013 08:22:03 -0500
From: Robert Schaefer <rps () haystack mit edu>
Subject: The Spyware That Enables Mobile-Phone Snooping (Susan Crawford)

Susan Crawford - Nov 27, 2013

"The technology involved is called cellular interception. The active variety
of this, the `IMSI catcher', is a portable device that masquerades as a
mobile phone tower...Because the security hole that allows for this snooping
is associated with 2G mobile networks, any 2G phone can be fooled by an IMSI
catcher. To bring in newer phones, corporate spies and other criminals can
easily jam nearby 3G, 4G and long-term evolution, or LTE, networks so that
phones associated with them =93think=94 they have to fall back on 2G
networks. All phones, no matter how modern, continue to work in 2G mode,
because carriers are reluctant to make the investments required to move up
from 2G networks nationwide...As things stand, U.S. mobile networks can
easily be exploited by criminals and by foreign governments."

http://www.bloomberg.com/news/print/2013-11-27/the-spyware-that-enables-mobile-phone-snooping.html

robert schaefer, Atmospheric Sciences Group, MIT Haystack Observatory
Westford, MA 01886  781-981-5767  http://www.haystack.mit.edu

------------------------------

Date: Mon, 2 Dec 2013 11:51:44 PST
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Healthcare IT (IEEE S&P)

With all the current kerfuffle over Healthcare in the US and elsewhere, the
November-December 2013 IEEE Security and Privacy magazine has a timely
special issue devoted to Healthcare IT.  The articles (in addition to the
Guest Editors' Introduction by Kelly Caine and Michael Lesk, and the
concluding Point/Counterpoint with Deborah Peel and Deven McGraw) are

 * Nonconfidential Patient Types in Emergency Clinical Decision Support
 * Electronic Medical Regords: Confidentiality, Care, and Epidemiology
 * Securing Information Technology in Healthcare
 * Identity Management -- In Privacy We Trust: Bridging the Trust Gap
   in eHealth Environments

------------------------------

Date: Tue, 26 Nov 2013 07:23:34 -0500
From: Ben Rothke <brothke () hotmail com>
Subject: Digital Outcasts: Moving Technology Forward without
  Leaving People Behind

Many of us have experimented what it means to be disabled -- by sitting in a
wheelchair for a few minutes or putting a blindfold over our eyes.  In
Digital Outcasts: Moving Technology Forward without Leaving People Behind --
author Kel Smith details the innumerable obstacles disabled people have to
deal with in their attempts to use computers and the Internet.  Smith writes
that despite our growing potential to augment human capability and
competence through technology -- the innovation curve sometimes leaves
behind people who could most benefit.

Full book review at
http://www.rsaconference.com/blogs/447/rothke/digital-outcasts-moving-technology-forward-without-leaving-people-behind

------------------------------

Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request () csl sri com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 27.63
************************


  By Date           By Thread  

Current thread:
  • Risks Digest 27.63 RISKS List Owner (Dec 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]