mailing list archives
Risks Digest 27.92
From: RISKS List Owner <risko () csl sri com>
Date: Tue, 13 May 2014 15:12:01 PDT
RISKS-LIST: Risks-Forum Digest Tuesday 13 May 2014 Volume 27 : Issue 92
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at
Analysis of Estonia's e-voting system reveals -- a mess (Lauren Weinstein)
Greenwald: how the NSA tampers with US-made Internet routers (Henry Baker)
"Microsoft extends Windows 8.1 Update/KB 2919355 deadline" (Woody Leonhard
via Gene Wirchenko)
"Government agencies still vulnerable to Heartbleed, study says"
(Andrew Brooks via Gene Wirchenko)
LAX ATC failure caused by memory shortage (Alwyn Scott and Joseph Menn)
"With the Internet of things, smart buildings pose big risk"
(Jaikumar Vijayan via Gene Wirchenko)
European court says Google must respect 'right to be forgotten'
(Reuters via Lauren Weinstein)
Re: Federal court overturns Google v. Oracle decision (Dennis E. Hamilton)
Re: Reading, Writing, Arithmetic -- and Coding (Wols)
Re: Saudi blogger (Ian Halliday)
Re: Federal Agents Seek to Loosen Rules on Hacking Computers
(Alister Wm Macintyre)
Re: The perils of PayWave (Joe Keane)
Announcing ACM's new Special Interest Group on Logic and Computation: SIGLOG
Abridged info on RISKS (comp.risks)
Date: Mon, 12 May 2014 16:21:13 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Analysis of Estonia's e-voting system reveals -- a mess
https://estoniaevoting.org/ [via NNSquad] (Re: second item in RISKS-27.90)
"Estonia is the only country in the world that relies on Internet voting
in a significant way for legally-binding national elections -- up to 25%
of voters cast their ballots online. This makes the security of the system
of interest to technologists and voters the world over. As international
experts on e-voting security, we decided to perform an independent
evaluation of the system, based on election observation, code review, and
laboratory testing. What we found alarmed us. There were staggering gaps
in procedural and operational security, and the architecture of the system
leaves it open to cyberattacks from foreign powers, such as Russia. These
attacks could alter votes or leave election outcomes in dispute. We have
confirmed these attacks in our lab -- they are real threats. We urgently
recommend that Estonia discontinue use of the system."
Date: Mon, 12 May 2014 19:02:53 -0700
From: Henry Baker <hbaker1 () pipeline com>
Subject: Greenwald: how the NSA tampers with US-made Internet routers
FYI -- Domestic U.S. Internet users shouldn't feel slighted, however; their
ISP's have also pre-installed NSA-accessible backdoors into the routers
supplied to them by their ISP's (Verizon, in my case). Needless to say,
what's good for the goose is good for the gander; these ISP-supplied
backdoors can be easily hacked by criminals.
Glenn Greenwald: how the NSA tampers with US-made Internet routers
The NSA has been covertly implanting interception tools in US servers
heading overseas -- even though the US government has warned against using
Chinese technology for the same reasons, says Glenn Greenwald, in an extract
from his new book about the Snowden affair, No Place to Hide.
Glenn Greenwald, *The Guardian*, Monday 12 May 2014
For years, the US government loudly warned the world that Chinese routers
and other Internet devices pose a "threat" because they are built with
backdoor surveillance functionality that gives the Chinese government the
ability to spy on anyone using them. Yet what the NSA's documents show is
that Americans have been engaged in precisely the activity that the US
accused the Chinese of doing.
The drumbeat of American accusations against Chinese Internet device
manufacturers was unrelenting. In 2012, for example, a report from the
House Intelligence Committee, headed by Mike Rogers, claimed that Huawei and
ZTE, the top two Chinese telecommunications equipment companies, "may be
violating United States laws" and have "not followed United States legal
obligations or international standards of business behaviour". The
committee recommended that "the United States should view with suspicion the
continued penetration of the US telecommunications market by Chinese
The Rogers committee voiced fears that the two companies were enabling
Chinese state surveillance, although it acknowledged that it had obtained no
actual evidence that the firms had implanted their routers and other systems
with surveillance devices. Nonetheless, it cited the failure of those
companies to cooperate and urged US firms to avoid purchasing their
products: "Private-sector entities in the United States are strongly
encouraged to consider the long-term security risks associated with doing
business with either ZTE or Huawei for equipment or services. US network
providers and systems developers are strongly encouraged to seek other
vendors for their projects. Based on available classified and unclassified
information, Huawei and ZTE cannot be trusted to be free of foreign state
influence and thus pose a security threat to the United States and to our
The constant accusations became such a burden that Ren Zhengfei, the
69-year-old founder and CEO of Huawei, announced in November 2013 that the
company was abandoning the US market. As Foreign Policy reported, Zhengfei
told a French newspaper: "'If Huawei gets in the middle of US-China
relations,' and causes problems, 'it's not worth it'."
But while American companies were being warned away from supposedly
untrustworthy Chinese routers, foreign organisations would have been well
advised to beware of American-made ones. A June 2010 report from the head
of the NSA's Access and Target Development department is shockingly
explicit. The NSA routinely receives -- or intercepts -- routers, servers
and other computer network devices being exported from the US before they
are delivered to the international customers.
The agency then implants backdoor surveillance tools, repackages the devices
with a factory seal and sends them on. The NSA thus gains access to entire
networks and all their users. The document gleefully observes that some
``SIGINT tradecraft is very hands-on (literally!).''
Eventually, the implanted device connects back to the NSA. The report
continues: "In one recent case, after several months a beacon implanted
through supply-chain interdiction called back to the NSA covert
infrastructure. This call back provided us access to further exploit the
device and survey the network."
It is quite possible that Chinese firms are implanting surveillance
mechanisms in their network devices. But the US is certainly doing the
Warning the world about Chinese surveillance could have been one of the
motives behind the US government's claims that Chinese devices cannot be
trusted. But an equally important motive seems to have been preventing
Chinese devices from supplanting American-made ones, which would have
limited the NSA's own reach. In other words, Chinese routers and servers
represent not only economic competition but also surveillance competition.
Date: Tue, 13 May 2014 09:06:14 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Microsoft extends Windows 8.1 Update/KB 2919355 deadline"
Woody Leonhard | InfoWorld, 12 May 2014
With one day to go before Black Tuesday patches, Microsoft didn't so much
blink as bow to the reality that users have been unable to install Windows
Date: Tue, 13 May 2014 09:20:36 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Government agencies still vulnerable to Heartbleed, study says"
Andrew Brooks, *IT Business*, 12 May 2014
The Heartbleed OpenSSL bug just refuses to die. Now it looks as if the
measures many web sites, including some belonging to Canadian provincial and
federal governments, may still be at risk despite being "fixed."
That's according to a new study published last Friday by Internet services
company Netcraft Ltd. The study claims that while websites patched
vulnerable OpenSSL installations after Heartbleed was exposed early in
April, replacing their SSL certificates and revoking the old ones, some
actually re-used the same potentially compromised private key in the new
Date: Mon, 12 May 2014 18:30:22 -0700
From: Henry Baker <hbaker1 () pipeline com>
Subject: LAX ATC failure caused by memory shortage
FYI -- While "memory shortage" was the presenting problem, apparently *no*
amount of additional memory could have satisfied the search over an
*infinite* number of altitudes, so the "cause" was an actual software _bug_,
not merely "memory shortage", per se.
An interesting question is: "what would have happened had this U-2 flight
simply not been entered into the ERAM system in the first place?" Or did
entering this additional data actually make things worse? The
data-not-entered case would presumably be exercised for a rogue drone
(perhaps a panga/smuggling drone if in the L.A. area) flight.
Alwyn Scott and Joseph Menn, Reuters, 12 May 2014
Exclusive: Air traffic system failure caused by computer memory shortage
A common design problem in the U.S. air traffic control system made it
possible for a U-2 spy plane to spark a computer glitch that recently
grounded or delayed hundreds of Los Angeles area flights, according to an
inside account and security experts.
In theory, the same vulnerability could have been used by an attacker in a
deliberate shut-down, the experts said, though two people familiar with the
incident said it would be difficult to replicate the exact conditions.
The error blanked out a broad swath of the southwestern United States, from
the West Coast to western Arizona and from southern Nevada to the Mexico
As aircraft flew through the region, the $2.4 billion system made by
Lockheed Martin Corp, cycled off and on trying to fix the error, triggered
by a lack of altitude information in the U-2's flight plan, according to the
sources, who were not authorized to speak publicly about the incident.
No accidents or injuries were reported from the April 30 failure, though
numerous flights were delayed or canceled.
Lockheed Martin said it conducts "robust testing" on all its systems and
referred further questions about the En Route Automation Modernization
(ERAM) system to the Federal Aviation Administration.
FAA spokeswoman Laura Brown said the computer had to examine a large number
of air routes to "de-conflict the aircraft with lower-altitude flights".
She said that process "used a large amount of available memory and
interrupted the computer's other flight-processing functions".
The FAA later set the system to require altitudes for every flight plan and
added memory to the system, which should prevent such problems in the
future, Brown said.
COMPLEX FLIGHT PLAN
When the system went out, air traffic controllers working in the regional
center switched to a back-up system so they could see the planes on their
screens, according to one of the sources.
Paper slips and telephones were used to relay information about planes to
other control centers.
The ERAM system failed because it limits how much data each plane can send
it, according to the sources. Most planes have simple flight plans, so they
do not exceed that limit.
But a U-2 operating at high altitude that day had a complex flight plan that
put it close to the system's limit, the sources said.
The plan showed the plane going in and out of the Los Angeles control area
multiple times, not a simple point-to-point route like most flights, they
The flight plan did not contain an altitude for the flight, one of the
sources said. While a controller entered the usual altitude for a U-2 plane
- about 60,000 feet - the system began to consider all altitudes between
ground level and infinity.
The conflict generated error messages and caused the system to begin cycling
"The system is only designed to take so much data per airplane," one of the
sources said. "It keeps failing itself because it's exceeded the limit of
what it can do."
CYBER ATTACK CONCERN
The sources said the circumstances would be difficult for an attacker to
mimic, since they involved a complex flight plan, an altitude discrepancy
and an input from the controller that added to the flight plan data.
Former military and commercial pilots said flight plans are generally
carefully checked and manually entered into the air traffic control
computers, which are owned by the FAA.
"It would be hard to replicate by a hostile government, but it shows a very
basic limitation of the system," said a former military and commercial
Cyber-attacks on aviation have been an area of increased concern for
intelligence officials, who said earlier this year they will set up a new
center in Maryland for sharing information on detected and possible threats.
Security experts said that from the description by insiders, the failure
appeared to have been made possible by the sort of routine programming
mistake that should have been identified in testing before it was deployed.
"That's when you put in values anywhere that a human could put in a number,
like minus one feet, or a million feet, to see what that would do," said
Jeff Moss, founder of the Black Hat and Def Con security conferences and an
advisor to the Department of Homeland Security.
While it might be logical to limit the amount of data associated with one
flight plan, anything exceeding that amount should not be able to render the
system useless, they said.
Though they welcomed the FAA's assurance that a fix was being rolled out,
they said the incident suggested that similar failures could be found.
"If it's now understood that there are flight plans that cause the automated
system to fail, then the flight plan is an 'attack surface,'" said Dan
Kaminsky, co-founder of the White Ops security firm and an expert in attacks
based on over-filling areas of computer memory.
"It's certainly possible that there are other forms of flight plans that
could cause similar or even worse effects," Kaminsky said. "This is part of
the downside of automation."
Moss said many hackers have been studying aspects of a new $40 billion air
traffic control system, known as NextGen, which encompasses ERAM, including
its reliance on Global Positioning System data that could be faked.
At least two talks at this summer's Def Con will look at potential
weaknesses in the system.
"It's very over-budget and behind schedule, so it doesn't surprise me that
it's got some bugs - it's the way it presented itself" that's alarming, Moss
But air traffic controllers and pilots said ERAM is a vast improvement over
past systems and that it is needed to fit growing plane traffic into the
Nate Pair, president of the Los Angeles Center for the National Air Traffic
Controllers Association, said it was remarkable that ERAM was restored less
than an hour after the outage, limiting the effect on travelers.
"We were completely shut down and 46 minutes later we were back up and
running," Pair said.
"That could have easily been several hours and then we would have been into
flight delays for days because of the ripple effects."
(Reporting by Alwyn Scott and Joseph Menn; Editing by John Pickering and
Date: Tue, 13 May 2014 11:07:06 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "With the Internet of things, smart buildings pose big risk"
Jaikumar Vijayan | Computerworld, 13 May 2014
As buildings get more automated, they raise new security risks
"The massive data theft at Target for instance, started with someone
finding a way into the company's network using the access credentials of a
company that remotely maintained the retailer's heating, ventilation and
air conditioning (HVAC) system. In Target's case, the breach appears to
have happened because the company did not properly segmelol! nt its data
1) Building control systems can be used to make attacks on other systems.
2) Where did that "lol! " come from? (Is this a risk of keyboard macros?)
Date: Tue, 13 May 2014 08:38:57 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: European court says Google must respect 'right to be forgotten'
"Internet companies can be made to remove irrelevant or excessive personal
information from search engine results, Europe's top court ruled on
Tuesday in a case pitting privacy campaigners against Google. The Court
of Justice of the European Union (ECJ) upheld the complaint of a Spanish
man who objected to the fact that Google searches on his name threw up
links to a 1998 newspaper article about the repossession of his home."
(Reuters via NNSquad)
I can't begin to express what a bogus, inane, and utterly impractical
decision this is. Beyond ludicrous. Luckily, it means very little
without domestic government ratifications, and hopefully that won't
happen. More info? - See: "The 'Right to Be Forgotten': A Threat We
Dare Not Forget" - http://lauren.vortex.com/archive/000938.html.
(I'm a consultant to Google. My postings are speaking only for myself,
not for them.)
Date: Mon, 12 May 2014 18:58:08 -0700
From: "Dennis E. Hamilton" <dennis.hamilton () acm org>
Subject: Re: Federal court overturns Google v. Oracle decision (RISKS-27.90)
Q&A from someone who has followed these cases carefully.
Short appellate judgment followed by careful background analysis.
By the numbers:
1. There is no new precedent here. The particular copyright condition at
issue applies to all literary works, with no exception for software.
2. It is not about using (that is, exercising operations through) an API.
It is about the definition of APIs and it is specific to the nature of
what are called APIs for Java. The ruling navigates this very clearly.
3. It is not about implementations behind APIs, but the definitional
material. Google had already been found to have infringed a particular
little bit of an implementation, but that was not reversed. Google had
also claimed, in the original trial, that having independent
implementations provided a fair-use defense. The appellate court is
none of that.
3. The court didn't overturn the decision so much as remand it for retrial
based on an error of law made by the original judge. Only one part has
been overturned. It is a material part, because it increase
infringements that Google has been found to have made.
4. In the original trial, Google was found to have infringed the copyright
on the Java API descriptions that they appropriated for Dalvek. This was
not about individual method names or signatures. It was not about
implementations behind the APIs. It was about the sequence, structure,
and organization (SSO) of the full sets of definitions that were taken
5. After the jury deliberations, the original judge ruled that copyright did
not extend to the Java API SSO, so those infringements were irrelevant.
In addition, the original jury, on finding, then deliberated on whether
or not the Google infringement constituted fair use. The jury was hung
on that matter. But, because of the elimination of any SSO copyright by
judicial decree, there was no point in doing anything about it.
6. The appellate court ruled that the original ruling about SSO was in
error. SSO is subject to copyright, even when the individual elements
are not themselves copyrightable or the original creation of the creator
the SSO. This is long-standing in copyright law and precedent. The
decree from the appellate court explains all this in meticulous detail in
the lengthy Background material.
7. Since infringement has already been determined at a jury trial, the
reversal has that infringement stand and be material. Now the question
is whether the infringement constitutes fair use. This will be
determined at retrial unless the parties manage to settle in the
8. Important thing to always remember.
8.1 Fixations of original works of creation of their authors are
automatically copyrighted. It subsists in the copyrightable subject matter
whether claimed or not, whether the exclusive rights of copyright holders
are exercised or not. (Copyright does not extend to portions that are not
the creation of the author, and might be subject to copyright of others.
Also, not everything in an original work is eligible for copyright. The
details of all that are in the copyright code and the precedents around it.)
8.2 The fair use doctrine is more than a doctrine. It is a matter of law
enshrined in the US Copyright Code. However, fair use is irrelevant except
in the case of infringement. And fair use is determined only by a court
after infringement is determined. The background material in the appellate
ruling suggest that Google is on shaky ground with regard to passing
unscathed through the litmus tests for fair use. But they did not rule on
that. They left that to be settled at retrial.
8.3 It is important to appreciate that the copyright of software is subject
to exactly the same conditions as literary works of any kind. The special
treatment of software in copyright law has to do with backups, ephemeral
copies, and perhaps DRM to the extent that it might be applicable. Also,
the derived binaries, not just the source, are considered to be protected by
the same copyright. Those are the only special cases that come to mind.
Date: Tue, 13 May 2014 02:04:31 +0100
From: Wols Lists <wolwise1 () gmail com>
Subject: Re: Reading, Writing, Arithmetic -- and Coding (RISKS-27.91)
Computer literacy is essential, but once again we need to dust off the old
Einstein dictum: Everything should be made as simple as possible, but no
This drives me mad where databases are concerned. I'm well known in certain
theatres as being very anti RDBMSs. The problem is that relational theory
is very helpful in data analysis. But it simplifies everything too much!
When you look at things AS A MATHEMATICIAN, first normal form is chock full
of duplication (isn't that forbidden by relational theory :-), and seriously
muddles data and metadata. Given that most data comes as lists and, being
set based, relational cannot store lists it's pretty easy to come up with an
engineering proof that relational databases MUST, BY DESIGN, be horribly
It's unfortunately that typical human failing, that when people are
confronted with evidence that maths and reality don't agree, they prefer to
believe that it's reality that's wrong, not their theory.
(Would YOU try to explain biology in terms of quarks and leptons? And yet,
with first normal form, that's exactly equivalent to how relational
proponents try and explain extremely complex computer systems!)
Date: Tue, 13 May 2014 21:24:08 +0100
From: Ian Halliday <ian.halliday () gmail com>
Subject: Re: Saudi blogger RISKS 27.90
It's a fairly draconian punishment, but I was unconvinced that a million
riyals was really worth $266,133,000. ... [Maybe $266,133?]
Risk: journalists or risk people offering exchange rates without standing
back and saying: does this sound right?
Ian W Halliday, BA Hons, SA Fin, MBCS +44 772 546 2965 (GMT+1)
[The original message was a week old. At the moment, 1 U.S. Dollar =
3.75 Saudi Riyals, so 1M riyals are worth $266,666.666 (unrounded) today,
roughly $533 more than a week ago. Perhaps announcement of the penalty
is driving the Rial UP??? PGN]
Date: Mon, 12 May 2014 16:23:47 -0500
From: "Alister Wm Macintyre" <macwheel99 () wowway com>
Subject: Re: Federal Agents Seek to Loosen Rules on Hacking Computers
Police violent raid-style break-ins, at wrong address of innocent people,
are more frequent than many people realize. USA incidents are mapped at
CATO's Police Misconduct site. <http://www.policemisconduct.net/>
Select Maps > Botched Paramilitary Police Raids <http://www.cato.org/raidmap>.
When they happen, authorities typically say it was a once in a million fluke
accident. We have had thousands of these incidents.
When crooks see the cops coming, they know how to react: surrender or die.
When innocent homes are invaded, sometimes they think it is a home invasion
by crooks, and they react in such a way that they can get seriously maimed
by the police.
These "accidents" indicate something is wrong with whatever systems are used
to determine home or business of suspects.
Opponents, of the latest schemes, could maybe use this evidence as part of
the argument that the latest scheme is flawed, and thus shed more light on
<<FYI -- These break-ins are the electronic equivalent of FBI raids lobbing
tear gas and kicking down doors with automatic weapons drawn. Inevitably,
there are some percentage of break-ins at the wrong address of innocent
Alister William Macintyre (Al Mac)
Date: Tue, 13 May 2014 00:45:17 +0000 (UTC)
From: jgk () panix com (Joe Keane)
Subject: Re: The perils of PayWave (O'Keefe, RISKS-27.90)
This always baffles me, because it seems that the people are not considering
that a person may have more than one card.
* bank card, that debits your checking account
* 'stupid' credit card, for buying lunch, et cetera
* 'better' credit card, that you only use for big things
* a card for Internet shopping, that you load up right before you use it
* a card for things that you want to charge to your employer
* a card for things you'd rather most people not know about
(that must be buying drugs or hiring prostitutes)
In the old days, you would put a card into a machine or even type in the
numbers. If you used the wrong one, it is clearly your fault for being
dumb. Now you don't know. What could go wrong?
Date: Tue, 13 May 2014 15:42:55 -0400
From: Prakash Panangaden <prakash () cs mcgill ca>
Subject: Announcing ACM's new Special Interest Group on Logic and
I am delighted to announce the formation of a new special interest group
focused on logic and computation. The new SIG will be called SIGLOG. The
officers are: Luke Ong (vice-Chair), Natarajan Shankar (Treasurer),
Alexandra Silva (Secretary) and I will serve as its first Chair. The
officers will be assisted by an executive committee and an advisory
committee. The formation of this SIG has taken a long time with a lot of
effort put in by many people. The idea of such a SIG was first mooted in
2007 by Moshe Vardi and Dana Scott and the first draft proposals were
written by Vardi with input from Martin Abadi, Rajeev Alur and Phokion
For a long time the logic and computation community has functioned without a
unifying organization. It has, nevertheless, grown in numbers and diversity
and there are now many conferences that testify to the vitality of the
community. Indeed the FLoC cluster of conferences this Summer in Vienna is
expected to attract 1500 participants. There are, however, many ways in
which a community-wide organization can serve the community that a
single-conference-based organization cannot.
SIGLOG aims to serve a broad range of interests. The flagship conference
will be the ACM-IEEE Symposium on Logic in Computer Science. SIGLOG will
actively seek association agreements with other conferences in the field. A
SIGLOG newsletter is planned to be published quarterly in an electronic
format with community news, technical columns, members' feedback, conference
reports, book reviews and other items of interest to the community. An
important activity of SIGLOG will be advocating for the importance of logic
in the undergraduate computer science curriculum. Another important
activity will be the establishment of prizes to recognize the outstanding
contributions made by leading members of the community. Several members of
the community have won Turing prizes, but there is room for much more
recognition, especially for younger researchers. SIGLOG will collaborate
closely with EATCS and EACSL as well as other organizations, for example the
Gödel Society. SIGLOG will maintain close ties with the ACM Transactions
on Computational Logic. The upcoming Federated Logic Conferences in Vienna
(part of the Vienna Summer of Logic) will feature a SIGLOG launch event.
SIGLOG seeks to be an inclusive and diverse organization. We are committed
to encouraging the participation of women in computing and are pleased to
note that there are many outstanding women leaders in the research areas
covered by SIGLOG. We actively seek members from all geographical regions
and from a broad variety of research interests.
It is possible to join SIGLOG as soon as today by filling the form at
http://www.acm.org/membership/sig-pdfs/SIGLOG.pdf . One can join SIGLOG
without joining ACM (the SIGLOG membership fee is $25 and $15 for students).
[This new ACM Special Interest Group could be of considerable value to
RISKS readers with backgrounds or interest in formal methods. PGN]
Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-request () csl sri com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
*** NOTE: Including the string `notsp' at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
is no longer maintained up-to-date except for recent election problems.
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
End of RISKS-FORUM Digest 27.92
- Risks Digest 27.92 RISKS List Owner (May 13)