Home page logo
/

risks logo RISKS Forum mailing list archives

Risks Digest 27.56
From: RISKS List Owner <risko () csl sri com>
Date: Mon, 21 Oct 2013 15:56:08 PDT

RISKS-LIST: Risks-Forum Digest  Monday 21 October 2013  Volume 27 : Issue 56

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/27.56.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Harry Lewis's blog on Harvard's Gov 1310 (PGN)
Dick Cheney Said He Disabled Heart Device to Avoid Terrorist Threats
  (Gabe Goldberg)
Judge Posner recants his previous ruling on Voter ID (NYT via PGN)
Virginia Voter Purge List (PGN)
Ship Tracking Hack Makes Tankers Vanish from View (Suzanne Johnson)
Crooks 'stole' Experian data the old-fashioned way: They bought it!
  (Serdar Yegulalp via Gene Wirchenko)
"Is Wikipedia for Sale?" (Lauren Weinstein)
NSA Surveillance: The 21st-Century Panopticon (Bruce Schneier)
France summons US ambassador to answer allegations of widespread NSA
  surveillance (Amar Toor via Dewayne Hendricks)
Americans Are Way Behind in Math, Vocabulary, and Technology
  (Roberto A. Ferdman via Allan Davidson)
Google Unveils Technology Tools for Digital Rebels (*Time* via
  Lauren Weinstein)
More on "online schools" fleecing taxpayers (Ed Ravin)
Re: GPS map leads to border crossing and shooting (Anthony DeRobertis)
Re: "We can't let the Internet become Balkanized" (Amos Shapir)
"Users hit by Blue Screen, 0xC1900101 - 0x40017 error with Windows 8.1
  update" (Woody Leonhard via Gene Wirchenko)
"Resurrected KB 951847 'zombie' patch fixed -- but now has new problem"
  (Woody Leonhard via Gene Wirchenko)
"Problems remain after Microsoft yanks Windows RT 8.1 update"
  (Woody Leonhard via Gene Wirchenko)
Microsoft ``Still Working'' on KB2862330 Windows 7 Update Fix (Henry Baker)
GCHQ spooks update PC and mobile security advice for public sector
  (Nap van Zuuren)
REVIEW: Craig P. Bauer, Secret History: The Story of Cryptology (Ben Rothke)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Fri, 18 Oct 2013 10:56:06 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Harry Lewis's blog on Harvard's Gov 1310

Harvard Professor Harry Lewis recently posted a blog item that reviews the
episodes leading up to and following Harvard having accused a large number
of students of cheating in an open-book open-Web exam in an undergraduate
Government course, suspending them en masse, and also surreptitiously
searching e-mail accounts, and hiding many of the details from public view.
Harry's blog item gives RISKS readers an insider follow-up to the two rather
terse external views on this situation that Lauren Weinstein contributed to
RISKS-27.19 (11 Mar 2013).

  13 Oct 2013: Honor and Dishonor
  http://harry-lewis.blogspot.com/2013/10/honor-and-dishonor.html

For those of you interested in delving further into the history, Harry's
blogspot also includes seven previous postings that give a more extensive
view of his reactions to how this situation evolved (badly).

  3 Feb 2013: Bits and Pieces: Lingering questions about the `cheating scandal'
  9 Mar 2013: Bits and Pieces: E-mail Privacy at Harvard
 12 Mar 2013: Bits and Pieces: E-mail Snooping Update
  6 Apr 2013: Bits and Pieces: Seizing the Opportunity to Restore Trust
 27 Apr 2013: Bits and Pieces: E-mail Privacy Update
 23 Jul 2013: Bits and Pieces: The Keating Report
  2 Sep 2013: Bits and Pieces: E-mail Privacy Redux

------------------------------

Date: Sun, 20 Oct 2013 19:09:21 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: Dick Cheney Said He Disabled Heart Device to Avoid Terrorist Threats

Former U.S. Vice President Dick Cheney said the implanted defibrillator that
helped keep him alive in 2007 had its wireless feature disabled because he
feared terrorists could use it to kill him.  Bloomberg,

To read the entire article, go to http://bloom.bg/H50BeO

The risk: fear that technology will be abused leads to disabling the
technology.  Of course, technology subject to abuse -- e.g., medical devices
vulnerable to hacking/tampering -- has its own risks.  Tough choices.

------------------------------

Date: Fri, 18 Oct 2013 11:52:04 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Judge Posner recants his previous ruling on Voter ID

Second Thoughts on Voter ID, Editorial, *The New York Times*, 16 Oct 2013
http://www.nytimes.com/2013/10/17/opinion/second-thoughts-on-voter-id.html?src=rechp&_r=0

On 18 Oct 2013, Richard Posner, a highly respected federal judge, offered an
unusual admission. He had made a mistake, he said, in voting to uphold one
of the country's first voter-ID laws. As courts in Texas, North Carolina
and other states deal with litigation over ever-stricter versions of such
laws -- all enacted in the name of preventing nonexistent fraud -- the
question is what effect Judge Posner's admirable candor could have.

In 2005, Indiana passed a law requiring voters to show photo IDs at the
polls. Opponents sued, saying the law would mainly prevent those most likely
not to have photo IDs -- poor, elderly, and minority voters -- from
voting. Judge Posner, a Reagan appointee to the United States Court of
Appeals for the Seventh Circuit, rejected the challenge because he saw no
evidence that any voters would be disenfranchised, and reducing vote fraud
was a legitimate state goal -- despite the fact that Indiana had never
prosecuted anyone for that crime.

The Supreme Court upheld the ruling in 2008, and proponents of voter-ID laws
have relied on that opinion ever since. In an interview with HuffPost Live
on Friday, Judge Posner acknowledged that he had failed to appreciate how
voter-ID laws would be abused when he wrote the decision upholding the
Indiana statute.

``Maybe we should have been more imaginative.  We weren't really given
strong indications that requiring additional voter identification would
actually disenfranchise people entitled to vote.'' Those indications were
clear, of course, to judges who disagreed with Judge Posner at the time. In
a new book, he writes that he was `guilty' of upholding a law ``now widely
regarded as a means of voter suppression rather than of fraud prevention.'
Had he spoken those words a few years ago, the landscape of voter-ID laws
might look very different.

------------------------------

Date: Fri, 18 Oct 2013 13:20:10 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Virginia Voter Purge List

Democrats say about 1/3 of the names on the purge list were incorrect.  An
article in *The Washington Post* says that 38,000 of 56,000 names proposed
for purge by the State Board of Election were ultimately purged.  That's
pretty close to 1/3 being incorrect.

http://www.washingtonpost.com/local/virginia-politics/federal-judge-rejects-democratic-challenge-to-virginia-voter-roll-purge/2013/10/18/26235068-3809-11e3-8a0e-4e2cf80831fc_story.html?wpisrc=nl_buzz

------------------------------

Date: Friday, October 18, 2013
From: *Suzanne Johnson*
Subject: Ship Tracking Hack Makes Tankers Vanish from View

  [Via Dave Farber's IP distribution]

A system used by ships worldwide to broadcast their location for safety
purposes lacks security controls and is vulnerable to spectacular spoofing
attacks, researchers show. ...

``We were really able to compromise this system from the root level,'' says
Kyle Wilhoit, a researcher with Trend Micro's Future Threat Research team.
By purchasing a 700-euro piece of AIS equipment and connecting it to a
computer in the vicinity of a port, the researchers could intercept signals
from nearby craft and send out modified versions to make it appear to other
AIS users that a vessel was somewhere it was not.

Using the same equipment and software, it is possible to force ships to stop
broadcasting their movements using AIS by abusing a feature that lets
authorities manage how nearby AIS transmitters operate. AIS transmissions
could also be sent out that make fake vessels or structures such as
lighthouses or navigational buoys appear, and to stage spoof emergencies
such as a `man in the water' alert or collision warning. No direct attacks
were staged on any real vessels.

The researchers showed that their spoof signals were faithfully reproduced
on the maps provided by online services that monitor AIS data, such as this
one.
<http://www.marinetraffic.com/ais/default.aspx?centerx=3D-118.2055&centery=3D33.7485&zoom=3D9>

One online service was fooled into showing a real tugboat disappearing from
the Mississippi and reappearing on a Dallas lake, and depicting a fake
vessel traveling off Italy on a course that spelled out the hacker term for
a compromised system: `pwned'.

http://www.technologyreview.com/news/520421/ship-tracking-hack-makes-tanker=
s-vanish-from-view/

------------------------------

Date: Mon, 21 Oct 2013 11:26:46 -0700
From: Gene Wirchenko <genew () telus net>
Subject: Crooks 'stole' Experian data the old-fashioned way: They bought it!
  (Serdar Yegulalp)

Serdar Yegulalp | InfoWorld, 21 Oct 2013
Credit bureau sold personal data from half a million users to fraudster
posing as a Private Investigator, who then resold data on the black market
http://www.infoworld.com/t/cyber-crime/crooks-stole-experian-data-the-old-fashioned-way-they-bought-it-229168

------------------------------

Date: Sat, 19 Oct 2013 14:58:17 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: "Is Wikipedia for Sale?"

  "In recent months though, insiders have encountered something altogether
  more worrying: a concerted attack on the very fabric of Wikipedia by PR
  companies that have subverted the online encyclopedia's editing hierarchy
  to alter articles on a massive scale-perhaps tens of thousands of
  them. Wikipedia is the world's most popular source of cultural,
  historical, and scientific knowledge-if their fears are correct, its
  all-important credibility could be on the line."
    http://j.mp/16nf2Rk  (Vice via NNSquad)

------------------------------

Date: Mon, 21 Oct 2013 11:03:12 -0400
From: David Farber <dave () farber net>
Subject: NSA Surveillance: The 21st-Century Panopticon (Bruce Schneier)

Bruce Schneier, NSA Surveillance: The 21st-Century Panopticon, *The Atlantic*,
http://www.theatlantic.com/politics/archive/2013/10/nsa-surveillance-the-21st-century-panopticon/280715/

Director of National Intelligence James Clapper told Congress the NSA
doesn't collect information on millions of Americans. (Reuters)

The basic government defense of the NSA's bulk-collection programs --
whether it be the list of all the telephone calls you made, your email
address book and IM buddy list, or the messages you send your friends -- is
that what the agency is doing is perfectly legal, and doesn't really count
as surveillance, until a human being looks at the data.

It's what Director of National Intelligence James R. Clapper meant when he
lied to Congress. When asked, "Does the NSA collect any type of data at all
on millions or hundreds of millions of Americans?" he replied, "No sir, not
wittingly." To him, the definition of "collect" requires that a human look
at it. So when the NSA collects -- using the dictionary definition of the
word -- data on hundreds of millions of Americans, it's not really
collecting it, because only computers process it.

The NSA maintains that we shouldn't worry about human processing, either,
because it has rules about accessing all that data. General Keith Alexander,
director of the NSA, said that in a recent New York Times interview: "The
agency is under rules preventing it from investigating that so-called
haystack of data unless it has a 'reasonable, articulable' justification,
involving communications with terrorists abroad, he added."

There are lots of things wrong with this defense.

First, it doesn't match up with U.S. law. Wiretapping is legally defined as
acquisition by device, with no requirement that a human look at it. This has
been the case since 1968, amended in 1986.

Second, it's unconstitutional. The Fourth Amendment prohibits general
warrants: warrants that don't describe "the place to be searched, and the
persons or things to be seized." The sort of indiscriminate search and
seizure the NSA is conducting is exactly the sort of general warrant that
the Constitution forbids, in addition to it being a search by any reasonable
definition of the term. The NSA has tried to secretly redefine the word
"search," but it's forgotten about the seizure part. When it collects data
on all of us, it's seizing it.

Third, this assertion leads to absurd conclusions. Mandatory cameras in
bedrooms could become okay, as long as there were rules governing when the
government could look at the recordings. Being required to wear a
police-issued listening device 24/7 could become okay, as long as those same
rules were in place. If you're uncomfortable with these notions, it's
because you realize that data collection matters, regardless of whether
someone looks at it.

Fourth, creating such an attractive target is reckless. The NSA claims to be
one of the biggest victims of foreign hacking attempts, and it's holding
all of this information on us? Yes, the NSA is good at security, but it's
ridiculous to assume it can survive all attacks by foreign governments,
criminals, and hackers -- especially when a single insider was able to walk
out of the door with pretty much all their secrets.

Finally, and most importantly: Even if you are not bothered by the
speciousness of the legal justifications, or you are already desensitized to
government invasion of your privacy, there is a danger grounded in
everything we have learned about how humans respond when put in positions of
unchecked power. Assuming the NSA follows its own rules -- which even it
admits it doesn't always -- rules can change quickly. The NSA says it only
looks at such data when investigating terrorism, but the definition of that
term has broadened considerably. The NSA is constantly pushing the law to
allow more and more surveillance. Even Representative Jim Sensenbrenner, the
author of the Patriot Act, says that it doesn't allow what the NSA claims
it allows.

It doesn't make sense to build systems that could facilitate a future police
state.  A massive trove of surveillance data on everyone is incredibly
tempting for all parts of government to use. Once we have everyone's data,
it'll be hard to prevent it from being used to solve conventional crimes
and for all sorts of things. It's a totalitarian government's wet dream.

The NSA's claim that it only looks when it's investigating terrorism is
already false. We already know the NSA passes data to the DEA and IRS with
instructions to lie about its origins in court -- "parallel construction" is
the term being used. What else is done with that data? What else could be?

It doesn't make sense to build systems that could facilitate a future police
state.

This sort of surveillance isn't new. We even have a word for it: It's the
Panopticon. The Panopticon was a prison design created by 18th-century
philosopher Jeremy Bentham, and has been a metaphor for a surveillance state
ever since. The basic idea is that prisoners live under the constant threat
of surveillance. It's not that they are watched all the time -- it's that
they never know when they're being watched. It's the basis of Orwell's 1984
dystopia: Winston Smith never knew if he was being watched, but always knew
it was a possibility. It's why online surveillance works so well in China to
deter behavior; no one knows if and when it will detect their actions
online.

Panopticon-like surveillance -- intermittent, but always possible -- changes
human behavior. It makes us more compliant, less individual. It reduces
liberty and freedom. Philosopher Michael P. Lynch recently wrote about how
it dehumanizes us: ``when we lose the very capacity to have privileged
access to our psychological information --  the capacity for self-knowledge,
so to speak, we literally lose our selves .... To the extent we risk the
loss of privacy we risk, in a very real sense, the loss of our very status
as subjective, autonomous persons.''

George Dyson recently wrote that a system that ``is granted (or assumes)
the absolute power to protect itself against dangerous ideas will of
necessity also be defensive against original and creative thoughts.''
That's what living in a Panopticon gets you.

Already, many of us avoid using `dangerous' words and phrases online, even
innocuously. Or making nervous jokes about it when we do.

By ceding the NSA the ability to conduct ubiquitous surveillance on
everybody, we cede to it an enormous amount of control over our own
lives. Once the NSA takes a copy of your data, you no longer control it. You
can't delete it. You can't change it. You might not even know when the rules
under which it uses your data change. And until Edward Snowden leaked
documents that show what the NSA is doing, you didn't even know that the
government had taken it.

What else don't we know that the NSA has or does?

------------------------------

Date: Monday, October 21, 2013
From: *Dewayne Hendricks*
Subject: France summons US ambassador to answer allegations of widespread
  NSA surveillance (Amar Toor)

Amar Toor, The Verge, 21 Oct 2013
Agency reportedly recorded millions of French phone calls over 30-day
period last year
http://www.theverge.com/2013/10/21/4861202/nsa-reportedly-recorded-millions-of-french-phone-calls-us-ambassador-summoned

------------------------------

Date: October 11, 2013 7:07:01 PM EDT
From: Allan Davidson <AllanD () SoundBytesRadio com>
Subject: Americans Are Way Behind in Math, Vocabulary, and Technology
  (Roberto A. Ferdman, *The Atlantic*)

  "A new global report (pdf) by the Organization for Economic Cooperation
  and Development finds that Americans rank well below the worldwide average
  in just about every measure of skill. In math, reading, and
  technology-driven problem-solving, the United States performed worse than
  nearly every other country in the group of developed nations."

It seems to me that the results should be grounds for serious concern, even
though (or perhaps particularly because) China isn't included in the charts.
Particularly concerning seems to be the poor performance of the 16-24
compared to the 55-65 year-olds.

  [Let's hear it for us old people.  PGN]

------------------------------

Date: Mon, 21 Oct 2013 10:18:43 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Google Unveils Technology Tools for Digital Rebels (*Time*)

http://j.mp/1a2Irq6  (*Time* via NNSquad)

  The most ambitious product launch is uProxy, a new Web browser extension
  that uses peer-to-peer technology to let people around the world provide
  each other with a trusted Internet connection. This product is designed to
  protect the Internet connection of users in, say, Iran, from state
  surveillance or filtering. Google Ideas is providing funding and technical
  assistance for uProxy, which was developed by researchers at the
  University of Washington and Brave New Software.  ``If you look at
  existing proxy tools today, as soon as they're effective for dissidents,
  the government finds out about them and either blocks them or infiltrates
  them.  Every dissident we know in every repressive society has friends
  outside the country whom they know and trust. What if those trusted
  friends could unblock the access in those repressive societies by sharing
  their own access? That was the problem we tried to solve.''  UProxy allows
  users in the U.S. to give their trusted friends in Iran-people they might
  already be emailing or chatting with-access to the open U.S. Internet.
  ``The user in Iran can get unfiltered access to the Internet that's
  completely uncensored and will look just like it does in the U.S.  It's
  completely encrypted and there's no way for the government to detect
  what's happening because it just looks like voice traffic or chat
  traffic. We wanted to build a proxy service that builds on top of trusted
  relationships that already exist.''

    [Knowing what we know about the lack of security and anonymity,
    how likely is this to be useful in critical environments?  PGN]

------------------------------

Date: Sun, 20 Oct 2013 15:02:14 -0400
From: Ed Ravin <eravin () panix com>
Subject: More on "online schools" fleecing taxpayers

The Forward reported back in 2012 on a similar scam at the college
level, where an online school sucks up US Federal grant money meant for
low-income students, without actually graduating anyone, and where most
of their students weren't even in the US:

  http://forward.com/articles/163766/how-jewish-college-uses-federal-funds-to-grow/

And a recent followup:

  http://forward.com/articles/184212/chabads-michigan-jewish-institute-may-close-after/

I doubt this school is the only one playing this game.

------------------------------

Date: Fri, 18 Oct 2013 00:56:53 -0400
From: Anthony DeRobertis <anthony () derobert net>
Subject: Re: GPS map leads to border crossing and shooting (Scott Nicol)

This is the most misleading Subject: line I can remember having appeared in
RISKS.  Even "contributes to" seems a stretch, especially since the articles
clearly state GPS navigation being involved is *a guess*.

"Stealing multiple cars, getting in multiple police chases, and crashing
through border patrol vehicles" is more like it...

There is an legitimate risk to be discussed here, indeed it appears its easy
to miss the "you're crossing an international border" warning; but the
results of that should be delay (including maybe having to turn around and
take a much longer route), not being shot at!

------------------------------

Date: Sun, 20 Oct 2013 16:38:04 +0200
From: Amos Shapir <amos083 () gmail com>
Subject: Re: "We can't let the Internet become Balkanized" (Steingold, R-27.55)

In RISKS-27.55, Sam Steingold writes:
I actually welcome this scandal because it should bring home to people the
fact that we have lost "the expectation of privacy" battle.

What battle?  The way the Internet is built and operated, it has been a
broadcasting network from day one.  No intelligent person should have
expected any privacy, any more than when walking on a public street.

------------------------------

Date: Fri, 18 Oct 2013 11:10:14 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Users hit by Blue Screen, 0xC1900101 - 0x40017 error with Windows
  8.1 update" (Woody Leonhard)

Woody Leonhard | InfoWorld, 18 Oct 2013
Microsoft is struggling to figure out how to handle a widely reported
problem when Windows 8 users update to Windows 8.1
http://www.infoworld.com/t/microsoft-windows/users-hit-blue-screen-0xc1900101-0x40017-error-windows-81-update-229058

------------------------------

Date: Fri, 18 Oct 2013 11:14:08 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Resurrected KB 951847 'zombie' patch fixed -- but now has new
  problem" (Woody Leonhard)

Woody Leonhard | InfoWorld, 18 Oct 2013
Botched patch installs .Net Framework 3.5 without warning or consent
-- even on systems that have studiously avoided .Net
http://www.infoworld.com/t/microsoft-windows/resurrected-kb-951847-zombie-patch-fixed-now-has-new-problem-229062

------------------------------

Date: Mon, 21 Oct 2013 11:31:07 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Problems remain after Microsoft yanks Windows RT 8.1 update"

Woody Leonhard | InfoWorld, 21 Oct 2013
Windows RT/8 updates have inspired a stream of complaints. Here's an
overview of what's happened, how you might recover
http://www.infoworld.com/t/microsoft-windows/problems-remain-after-microsoft-yanks-windows-rt-81-update-229131

------------------------------

Date: Sun, 20 Oct 2013 05:13:00 -0700
From: Henry Baker <hbaker1 () pipeline com>
Subject: Microsoft ``Still Working'' on KB2862330 Windows 7 Update Fix

FYI -- Obviously, the US Government shutdown kept the NSA from doing final
QA on this particular Windows backdoor^H^H^H^H^H^H^H^Hupdate. :-)

http://news.softpedia.com/news/Microsoft-Still-Working-on-KB2862330-Windows-7-Update-Fix-391107.shtml

October 15th, 2013, 05:31 GMT ยท By Bogdan Popa

  - The patch is still being delivered via Windows Update

More and more users confirm issues with the KB2862330 Windows 7 update, as
the bulletin apparently fails to install on lots of computers, but Microsoft
remains pretty much tight-lipped on this subject.

Ben Herila, Microsoft product manager, has confirmed through a small post
that Redmond is still working to find the cause of the issues, explaining
that a free-of-charge support incident is available to anyone willing to
help the team deal with the problem.

``We can offer anyone who has this issue and is willing to go through
troubleshooting a free-of-charge support incident and Support will work with
you 1-1 to get your computer(s) back into a working state. The teams who
released this update do know that there may be a problem and are doing
additional testing to identify the root cause of the issue that folks are
experiencing.''

At this point, the patch is still being delivered via Windows Update, which
means that in most cases, the bulletin is expected to install just fine.

FILED UNDER:
KB2862330
Windows 7
Windows Update
Microsoft

------------------------------

Date: Sun, 20 Oct 2013 13:01:28 +0200
From: "Nap van Zuuren" <nap.van.zuuren () pandora be>
Subject: GCHQ spooks update PC and mobile security advice for public sector

This might be of interest to RISKS readership.

Subject: GCHQ spooks update PC and mobile security advice for public sector;
CESG offers strengths and weaknesses guide

http://news.techworld.com/security/3474201/gchq-spooks-update-pc-and-mobile-
security-advice-for-public-sector/?cmpid=TD1N20
https://www.gov.uk/government/collections/end-user-devices-security-guidance--2#group_1531

------------------------------

Date: Sun, 20 Oct 2013 17:43:28 -0400
From: Ben Rothke <brothke () hotmail com>
Subject: REVIEW: Craig P. Bauer, Secret History: The Story of Cryptology

Narrating a compelling and interesting story about cryptography is not an
easy endeavor

Many authors have tried and failed miserably -- attempting to create better
anecdotes about the adventures of Alice and Bob.  David Kahn did the best
job of it when wrote The Codebreakers: The story of secret writing in 1967
and set the gold standard on the information security narrative.  Kahn's
book was so provocative and groundbreaking that the US Government originally
censored many parts of it.

A lot has change[d] since 1967, and while Secret History: The Story of
Cryptology is not as groundbreaking, it also has no government censorship.
With that, the book is fascinating read that provides a combination of
cryptographic history and the underlying mathematics behind it. ...

Kahn himself wrote that he felt this book is by far the clearest and most
comprehensive of the books dealing with the modern era of cryptography
including classic ciphers and some of the important historical ones such as
Enigma and Purple -- but also newer systems such as AES and public-key
cryptography.

See more at:
http://www.rsaconference.com/blogs/435/rothke/secret-history-the-story-of-cryptology1#sthash.9wdRSan7.dpuf

See the full review here at: http://www.rsaconference.com/blogs/435/rothke/secret-history-the-story-of-cryptology1

------------------------------

Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request () csl sri com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 27.56
************************


  By Date           By Thread  

Current thread:
  • Risks Digest 27.56 RISKS List Owner (Oct 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault