Home page logo
/

risks logo RISKS Forum mailing list archives

Risks Digest 27.69
From: RISKS List Owner <risko () csl sri com>
Date: Mon, 6 Jan 2014 15:49:34 PST

RISKS-LIST: Risks-Forum Digest  Monday 6 January 2014  Volume 27 : Issue 69

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/27.69.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
IMS Health files for IPO (Deborah Peel)
I Had My DNA Picture Taken, With Varying Results (Kira Peikoff via
  Monty Solomon)
Study documents dangers of texting, dialing while driving
  (Marilynn Marchione via Monty Solomon)
Distracted Driving and Risk of Road Crashes among Novice and Experienced
  Drivers (NEJM via Monty Solomon)
Brainlike Computers, Learning From Experience (John Markoff via jidanni)
Re: Time Travel (Gene Spafford)
Prison Locker Ransomware, an upcoming malware threat in 2014 (PGN)
The dangers of showing your Bitcoins on TV (Danny Burstein)
Through a PRISM, Darkly - Everything we know about NSA spying (Kurt Opsahl
  talk via Dewayne Hendricks)
Snapchat will let users opt out of compromised feature (Zach Miners via
  Gene Wirchenko)
"How did Snapchat get hacked?" (Candice So via Gene Wirchenko)
"Do your PCs leak valuable intel with every Windows error report?"
  (Claudiu Popa via Gene Wirchenko)
Re: Nuclear arming codes (John Gilmore, Doug Humphrey, PGN)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sun, 5 Jan 2014 20:20:46 +0000
From: "Dr. Deborah Peel" <dpeelmd () patientprivacyrights org>
Subject: IMS Health files for IPO

Blog/comment:

On January 2nd , IMS Health Holdings announced it will sell stock on the New
York Stock Exchange. IMS joins other major NYSE-listed corporations that
derive significant revenue from selling sensitive personal health data,
including General Electric, IBM, United Health Group, CVS Caremark, Medco
Health Solutions, Express Scripts, and Quest Diagnostics.

* IMS buys and aggregates sensitive "prescription" records, "electronic
  medical records", "claims data", and more to create "comprehensive",
  "longitudinal" health records on "400 million" patients.

* All purchases and subsequent sales of personal health records are hidden
  from patients.  Patients are not asked for informed consent or given
  meaningful notice.

* IMS Health Holdings sells health data to "5,000 clients", including the US
  Government.

* Despite claims that the data sold is "anonymous", computer science has
  long established that re-identification is easy.

* See brief 3-page paper by Narayanan and Shmatikov at: http://www.
cs.utexas.edu/~shmat/shmat_cacm10.pdf)

* See Prof. Sweeney's paper on re-identifying patient data sold by states
  like WA at: http://thedatamap.org/risks.html

* "Our solutions, which are designed to provide our clients access to our
deep healthcare-specific subject matter expertise, take various forms,
including information, tailored analytics, subscription software and expert
services." (from IMS Health Holding's SEC filing
<http://www.sec.gov/Archives/edgar/data/1595262/000119312514000659/d628679ds1.htm>)

Quotes from IMS Health Holding's SEC
filing<http://www.sec.gov/Archives/edgar/data/1595262/000119312514000659/d628679ds1.htm>:
"We have one of the largest and most comprehensive collections of healthcare
information in the world, spanning sales, prescription and promotional data,
medical claims, electronic medical records and social media. Our scaled and
growing data set, containing over 10 petabytes of unique data, includes over
85% of the world's prescriptions by sales revenue and approximately 400
million comprehensive, longitudinal, anonymous patient records."  IMS buys
"proprietary data sourced from over 100,000 data suppliers covering over
780,000 data feeds globally".

How can this business model be legal?  How can companies that US citizens'
personal health data is "proprietary data", a corporate asset, and sell it?
If personal health data 'belongs' to anyone, surely it belongs to the
individual, not to any corporation that handles, stores, or transmits that
information.

Americans' strongest rights to control personal information are our rights
to control personal health information. We have constitutional rights to
health information privacy which are not trumped by the 2001 elimination of
the right of consent from HIPAA (see:
http://patientprivacyrights.org/truth-hipaa/ ). HIPAA is the "floor" for
privacy rights, not the ceiling. Strong state and federal laws, and medical
ethics require consent before patient data is used or disclosed. 10 state
constitutions grant residents a right to privacy, and other states
constitutions have been interpreted as giving residents a right to privacy
(like TX).

Surely FTC would regard the statement filed with the SEC as evidence of
unfair and deceptive trade practices. US patients' health data is being
unfairly and deceptively bought and sold.  Can the SEC deny IMS Health the
opportunity to offer an IPO, since its business model is predicated on
hidden purchase and sale of Americans' personal health data?

If we can't control the use and sale of our most sensitive personal
information, data about our minds and bodies, isn't our right to privacy
worthless? deb

[http://www.modernhealthcare.com/images/header/MH-website-banner-redesign.p=
ng]<http://www.modernhealthcare.com/>
[http://modernhealthcare.com/graphics/mh_spacer.gif]

Healthcare Business News
http://www.modernhealthcare.com/article/20140103/NEWS/301039958

[http://www.modernhealthcare.com/apps/pbcsi.dll/storyimage/CH/20140103/NEWS=
/301039958/AR/0/AR-301039958.jpg&maxw=3D300&maxh=3D200]<http://www.modernhe=
althcare.com/apps/pbcsi.dll/storyimage/CH/20140103/NEWS/301039958/AR/0/AR-3=
01039958.jpg>

IMS Health files for IPO
Rachel Landen, Modern Health Care, 3 Jan 2014
<mailto:rlanden () modernhealthcare com>

Healthcare information
technology<http://www.modernhealthcare.com/section/articles?tagID=3D66>
company IMS Health
Holdings<http://www.modernhealthcare.com/section/articles?tagID=3D4307> is
going public.

The Danbury, Conn.-based company, which provides analytics and consulting
services to more than 5,000 clients in the healthcare sector, filed Thursday
with the Securities and Exchange
Commission<http://www.sec.gov/Archives/edgar/data/1595262/000119312514000659/d628679ds1.htm>
for an initial public offering of $100 million. The $100 million figure is
used to calculate registration fees with the SEC and could become upwards of
$750 million when the deal occurs, according to IPO investment firm
Renaissance Capital.

IMS Health was acquired nearly four years ago when affiliates of TPG Global,
CPP Investment Board Private Holdings and Leonard Green & Partners purchased
the company in a leveraged buyout for just under $6 billion. In the
succeeding years, IMS Health has invested approximately $587 million in 22
acquisitions, including Seattle-based software-as-a-service company Appature
and Web-based analytics company PharmaDeals.

The company plans to use the net proceeds from the IPO to repay a portion of
its long-term debt, which was approximately $4.9 million when the company
reported its most recent quarterly earnings as of Sept. 30, 2013, according
to a release from IMS Health. For the nine months ended Sept. 30, IMS Health
showed revenue of close to $1.9 billion.

JPMorgan Chase & Co., Goldman Sachs Group and Morgan Stanley are managing
the IPO. IMS Health said the company plans to apply to list its common stock
on the New York Stock Exchange using the symbol IMS.

------------------------------

Date: Sun, 5 Jan 2014 02:18:45 -0500
From: Monty Solomon <monty () roscom com>
Subject: I Had My DNA Picture Taken, With Varying Results (Kira Peikoff)

Kira Peikoff, *The New York Times*, 30 Dec 2013

I like to plan ahead; that much I knew about myself before I plunged into
exploring my genetic code. I'm a healthy 28-year-old woman, but some nasty
diseases run in my family: coronary heart disease, rheumatoid arthritis,
Alzheimer's and breast cancer.

So I decided to read the tea leaves of my DNA. I reasoned that it was worth
learning painful information if it might help me avert future illness.

Like others, I turned to genetic testing, but I wondered if I could trust
the nascent field to give me reliable results. In recent years, a handful of
studies have found substantial variations in the risks for common diseases
predicted by direct-to-consumer companies.

I set out to test the tests: Could three of them agree on me?

The answers were eye-opening - and I received them just as one of the
companies, 23andMe, received a stern warning from the Food and Drug
Administration over concerns about the accuracy of its product. At a time
when the future of such companies hangs in the balance, their ability to
deliver standardized results remains dubious, with far-reaching implications
for consumers. ...

http://www.nytimes.com/2013/12/31/science/i-had-my-dna-picture-taken-with-varying-results.html

------------------------------

Date: Sat, 4 Jan 2014 03:11:47 -0500
From: Monty Solomon <monty () roscom com>
Subject: Study documents dangers of texting, dialing while driving
  (Marilynn Marchione)

Marilynn Marchione |  AP Chief Medical Writer, 2 Jan 2014

A sophisticated, real-world study confirms that dialing, texting or reaching
for a cellphone while driving raises the risk of a crash or near-miss,
especially for younger drivers. But the research also produced a surprise:
Simply talking on the phone did not prove dangerous, as it has in other
studies.

This one did not distinguish between handheld and hands-free devices
-- a major weakness.

And even though talking doesn't require drivers to take their eyes off the
road, it's hard to talk on a phone without first reaching for it or dialing
a number -things that raise the risk of a crash, researchers note.

Earlier work with simulators, test-tracks and cellphone records suggests
that risky driving increases when people are on cellphones, especially
teens. The 15-to-20-year-old age group accounts for 6 percent of all drivers
but 10 percent of traffic deaths and 14 percent of police-reported crashes
with injuries.

For the new study, researchers at the Virginia Tech Transportation Institute
installed video cameras, global positioning systems, lane trackers, gadgets
to measure speed and acceleration, and other sensors in the cars of 42 newly
licensed drivers 16 or 17 years old, and 109 adults with an average of 20
years behind the wheel. ...

http://www.bostonglobe.com/news/nation/2014/01/01/study-documents-dangers-texting-dialing-while-driving/vf6KfSfRwFGRIIXNRIcviM/story.html?s_campaign=8315

------------------------------

Date: Mon, 6 Jan 2014 03:13:03 -0500
From: Monty Solomon <monty () roscom com>
Subject: Distracted Driving and Risk of Road Crashes among Novice and
  Experienced Drivers (NEJM)

Sheila G. Klauer, Ph.D., Feng Guo, Ph.D., Bruce G. Simons-Morton, Ed.D.,
M.P.H., Marie Claude Ouimet, Ph.D., Suzanne E. Lee, Ph.D., and Thomas
A. Dingus, Ph.D.

N Engl J Med 2014; 370:54-59, 2 Jan 2014
DOI: 10.1056/NEJMsa1204142

  From the Virginia Tech Transportation Institute (S.G.K., F.G., S.E.L.,
T.A.D.) and the Department of Statistics, Virginia Polytechnic Institute and
State University (F.G.) - both in Blacksburg; the Eunice Kennedy Shriver
National Institute of Child Health and Human Development, Bethesda, MD
(B.G.S.-M.); and the University of Sherbrooke, Sherbrooke, QC, Canada
(M.C.O.).

Abstract

BACKGROUND

Distracted driving attributable to the performance of secondary tasks is a
major cause of motor vehicle crashes both among teenagers who are novice
drivers and among adults who are experienced drivers.

METHODS

We conducted two studies on the relationship between the performance of
secondary tasks, including cell-phone use, and the risk of crashes and
near-crashes. To facilitate objective assessment, accelerometers, cameras,
global positioning systems, and other sensors were installed in the vehicles
of 42 newly licensed drivers (16.3 to 17.0 years of age) and 109 adults with
more driving experience.

RESULTS

During the study periods, 167 crashes and near-crashes among novice drivers
and 518 crashes and near-crashes among experienced drivers were
identified. The risk of a crash or near-crash among novice drivers increased
significantly if they were dialing a cell phone (odds ratio, 8.32; 95%
confidence interval [CI], 2.83 to 24.42), reaching for a cell phone (odds
ratio, 7.05; 95% CI, 2.64 to 18.83), sending or receiving text messages
(odds ratio, 3.87; 95% CI, 1.62 to 9.25), reaching for an object other than
a cell phone (odds ratio, 8.00; 95% CI, 3.67 to 17.50), looking at a
roadside object (odds ratio, 3.90; 95% CI, 1.72 to 8.81), or eating (odds
ratio, 2.99; 95% CI, 1.30 to 6.91). Among experienced drivers, dialing a
cell phone was associated with a significantly increased risk of a crash or
near-crash (odds ratio, 2.49; 95% CI, 1.38 to 4.54); the risk associated
with texting or accessing the Internet was not assessed in this population.
The prevalence of high-risk attention to secondary tasks increased over time
among novice drivers but not among experienced drivers.

CONCLUSIONS

The risk of a crash or near-crash among novice drivers increased with the
performance of many secondary tasks, including texting and dialing cell
phones. (Funded by the Eunice Kennedy Shriver National Institute of Child
Health and Human Development and the National Highway Traffic Safety
Administration.) ...


Full text
http://www.nejm.org/doi/full/10.1056/NEJMsa1204142

PDF
http://www.nejm.org/doi/pdf/10.1056/NEJMsa1204142

------------------------------

Date: Sat, 04 Jan 2014 05:42:08 +0800
From: jidanni () jidanni org
Subject: Brainlike Computers, Learning From Experience (John Markoff)

  John Markoff, *The New York Times*, online 29 Dec 2013, print 30 Dec 2013

  Palo Alto, Calif.  Computers have entered the age when they are able to
  learn from their own mistakes, a development that is about to turn the
  digital world on its head.
  http://www.nytimes.com/2013/12/29/science/brainlike-computers-learning-from-experience.html

Yeah, well no matter how slick you make them, I bet I can always run around
their backside and put my hands over their eyes and say "guess who?"

------------------------------

Date: Fri, 3 Jan 2014 17:39:12 -0500
From: Gene Spafford <spaf () cerias purdue edu>
Subject: Re: Time Travel (RISKS-27.68)

My time-travel experiments have always worked.  Unfortunately, I am only
able to move forward in time.

  [TNX!  You are very lucky person.  Knowing what you now know, you can
  simply leap ahead to avoid certain foreseen risks.  PGN]

------------------------------

Date: Sat, 4 Jan 2014 9:33:36 PST
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Prison Locker Ransomware, an upcoming malware threat in 2014
  (Sudhir K. Bansal)

Ransomware is one of the most blatant and obvious criminal's money making
schemes out there, and increasing rapidly.  Prison Locker uses Blowfish to
encrypt all available files each with a different key.  It then encrypts all
of those keys with RSA 2048, and sends the results back to the attacker.
Sudhir K. Bansal, The Hacker News, 3 Jan 2014 [PGN-ed]
http://thehackernews.com/2014/01/power-locker-ransomware-upcoming_3.html#

  [I note that in the middle of this item is an ad for United Airlines
  flights to Boston.  Might this be a useful clue to the source?  Or is
  United suggesting ransomware on flights, where they might charge more to
  let you OFF THE PLANE?]

    [People sometimes ask me why there is so much security-related content
    in RISKS, when I have always tried to keep a balance between safety,
    reliability, survivability, and other -ilities.  Once again, the answer
    seems to be that's where things have been focused lately.  The
    low-hanging fruit of security seems to be MUCH LOWER HANGING than that
    of safety and other RISKS concerns.  Some of you may have noticed, as is
    the case in this issue, that I always try to put the non-security items
    first in each issue -- assuming there are any.  What has been rather
    startling lately is that there are sometimes no such items!  PGN]

------------------------------

Date: Fri, 3 Jan 2014 16:36:58 -0500 (EST)
From: Danny Burstein <dannyb () panix com>
Subject: The dangers of showing your Bitcoins on TV

Summary: Bloomberg News anchor hands his fellow anchors some Bitcoin
printout/gift certificates. With all the numbers clearly visible on tv.

As [Russia Today]'s story has it:

The user, who goes by the name "milywaymasta," took to Reddit to explain
what happened.

"The guy that is hosting the series gave bitcoin gift certificates to the
other two hosts. One of them opens up the certificate to reveal QR code of
the private key," he wrote. "They then proceeded to show a closeup of the QR
code in glorious HD for about 10 seconds. Hilarious."

"I took it, it was only $20 worth. It was exhilarating nevertheless..."

-- he offered it back, and he and the anchorman laughed it through.

The risks aren't, of course, just for Bitcoin.

rest: http://rt.com/usa/bloomberg-anchor-robbed-bitcoin-747/

On a related RISK, it seems that the Russia Today website is frequently
offline courtesy of various denials of service and other attacks.
Surprisingly they've been pretty quiet about what exactly has been
happening.

------------------------------

Date: January 5, 2014 at 12:50:06 PM EST
From: Dewayne Hendricks <dewayne () warpspeed com>
Subject: Through a PRISM, Darkly - Everything we know about NSA spying
  (Kurt Opsahl's talk)

30 Dec 2013 via Dave Farber
<http://www.youtube.com/watch?v=9CrkhTM5Fks>

  From Stellar Wind to PRISM, Boundless Informant to EvilOlive, the NSA
spying programs are shrouded in secrecy and rubber-stamped by secret
opinions from a court that meets in a faraday cage. The Electronic Frontier
Foundation's Kurt Opsahl explains the known facts about how the programs
operate and the laws and regulations the U.S. government asserts allows the
NSA to spy on you.

Talk given by Kurt Opsahl, Senior Staff Attorney, Electronic Frontier
Foundation (EFF)   [Video: 1:03:16 in length, very informative talk]

------------------------------

Date: Mon, 06 Jan 2014 10:18:59 -0800
From: Gene Wirchenko <genew () telus net>
Subject: Snapchat will let users opt out of compromised feature (Zach Miners)

Zach Miners, InfoWorld, 3 Jan 2014
Snapchat, feeling the heat, will let users opt out of compromised feature
New controls will let people stop themselves from being searchable
based on their phone numbers
http://www.infoworld.com/d/security/snapchat-feeling-the-heat-will-let-users-opt-out-of-compromised-feature-233366

------------------------------

Date: Mon, 06 Jan 2014 11:02:28 -0800
From: Gene Wirchenko <genew () telus net>
Subject: "How did Snapchat get hacked?" (Candice So)

Candice So, *IT Business*, 3 Jan 2014
http://www.itbusiness.ca/article/how-did-snapchat-get-hacked

------------------------------

Date: Mon, 06 Jan 2014 11:04:03 -0800
From: Gene Wirchenko <genew () telus net>
Subject: "Do your PCs leak valuable intel with every Windows error report?"
  (Claudiu Popa)

Claudiu Popa, *IT Business*, 3 Jan 2014
http://www.itbusiness.ca/blog/do-your-pcs-leak-valuable-intel-with-every-windows-error-report/45873

------------------------------

Date: Friday, January 3, 2014
From: *John Gilmore*
Subject: Re: nuclear arming codes

  [From Dave Farber]

The most detailed and authoritative (public) version is probably

http://tomnichols.net/blog/2013/12/20/update-were-u-s-nuclear-codes-set-to-zero-bruce-blair-responds/

By the way, this topic *is* relevant to cryptography.  Gustavus Simmons,
https://en.wikipedia.org/wiki/Gustavus_Simmons , cryptographer at Sandia
Labs and co-founder of the IACR, was involved in the creation of the
Permissive Action Links (PALs) that prevent the bombs from arming unless
they receive the right launch code.

In fact there's an allegation that public-key crypto was invented for the
PALs, before the Stanford crowd did it:

http://csl.illinois.edu/news/nuclear-weapons-permissive-action-links-and-history-public-key-cryptography

       John

PS: Gus Simmons was also key to making the test-ban treaties work, by
providing cryptographic protocols that allowed sensors to be placed in each
others' countries, that would report back only what the treaty allowed them
to report, with no covert channels for additional information, and
verification that the sensor packages had not been tampered with.

The cryptography mailing list
cryptography () metzdowd com <javascript:;>
http://www.metzdowd.com/mailman/listinfo/cryptography

------------------------------

Date: Saturday, January 4, 2014
From: *doug humphrey*
Subject: Re: nuclear arming codes

  ... the Nuclear Launch Code at US Minuteman Silos Was 00000000

  [via Dave Farber]

tl;dr -> `launch codes' are a class of information that enables (when
authorized by EMERGENCY WAR ORDERS) the USE of a nuclear weapon; the drop of
a bomb, the launch of a missile, the employment of a tactical nuclear
charge, etc.  If you get these orders and codes, you are not being enabled
or ASKED to use the weapon, you are being ORDERED to use the weapon.

PAL codes are not launch codes; they are a code, input to the nuclear weapon
itself, that unlocks the nuclear weapon to move it from being a protected,
inert chunk of materials into being a real weapon that is capable of
detonation; this is all about the transfer of custodial control of a nuclear
device from the storage/maintenance/deployment forces to the operational
forces.

more detail:

On the Titan, which is referenced in the article, a launch required both
EWO (emergency war order) authentication, plus the =93butterfly valve=94
code in order to unlock the fuel system on the Titan to allow for a launch.

The butterfly valve is unique in its cryptologic protection; there is a
single digit number of times that it can be activated before it completely
locks up and needs a major maintenance event to replace the entire unit
(taking the missile offline for a considerable time) Crews were much warned
to be very careful entering codes.  During certain exercises the real
(non-repeating) codes were used; no launch crew ever knew how many cycles
were already on the valve.

good article that mentions the butterfly valve code here, although my belief
is that it is not stored with in the EWO safe but is instead issued from
National Command Authority with the launch authorization codes.

http://www.crypto.com/blog/titans/

and THIS is VERY likely the real source for this reporters misunderstanding
of what is and is not a launch code:

https://www.cs.columbia.edu/~smb/talks/pal.pdf

In this presentation, the author misuses the term `launch code' for `PAL
code', and it seems a perfect dovetail to the journalist error.

Summary:

Terrible journalism - there are about 5 google searches that will turn up
everything that anyone could want to know about all of this, PALs and
launch codes, and valve codes, and everything -- but the truth is nowhere
near as spectacular.

doug

------------------------------

Date: Sat, 4 Jan 2014 17:12:02 PST
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Re: nuclear arming codes

http://www.dailymail.co.uk/news/article-2515598/Launch-code-US-nuclear-weapons-easy-00000000.html

According to Tom Berson, ``Gus tells a story, and if you know Gus, you know he
told it more than once.  Here it is, to the best of my memory.''

  One day, his manager at Sandia Laboratories stepped in to his office and
  said, "Gus, I need a random number, right now." Gus immediately replied,
  "Zero." The manager objected, "That's not a random number." Gus, "Oh, yes
  it is." Manager, "Well, it doesn't look random." Gus, "You asked for a
  random number, not a random-looking number."

------------------------------

Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request () csl sri com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 27.69
************************


  By Date           By Thread  

Current thread:
  • Risks Digest 27.69 RISKS List Owner (Jan 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]