RISKS Forum mailing list archives
Risks Digest 28.27
From: RISKS List Owner <risko () csl sri com>
Date: Mon, 15 Sep 2014 15:35:30 PDT
RISKS-LIST: Risks-Forum Digest Monday 15 September 2014 Volume 28 : Issue 27 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/28.27.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Lessons for the Future: Harvard Computer Science intro course (ACM TechNews) Lessons From the Past for a Future in Smart Cars (Monty Solomon) Steve Jobs Was a Low-Tech Parent (Nick Bilton via Monty Solomon) Software glitch sends regular Colorado driver's licenses to immigrants (Kirk Mitchell via Jim Reisert) NFL's finicky WiFi connections frustrate some coaches (David Tarabar) Airlines Take the Bump Out of Turbulence (Monty Solomon) Trying to Hit the Brake on Texting While Driving (Monty Solomon) NSA/GCHQ/CSEC Infecting Innocent Computers Worldwide (Bruce Schneier) The Mystery of Apple Watch's Battery Life (*NYTimes* via Monty Solomon) iPwned: How easy is it to mine Apple services, devices for data? (Ars Technica via Monty Solomon) Banks Did It Apple's Way in Payments by Mobile (Monty Solomon) Senator demands US courts recover 10 years of online public records (David Kravets via Monty Solomon) How the cybercrime industry fueled Target breach (Jeff Marganteen) After e-mail takeover, copycats demand cash to expose Bitcoin's creator (Ars Technica via Monty Solomon) US gov't threatened Yahoo with $250K daily fine if it didn't use PRISM (Ars Technica via Monty Solomon) Supreme Court ruling has wiped out 11 "do it on a computer" patents so far (Ars Technica via NNSquad) Turning the tables on "Windows Support" scammers by compromising their PCs (Ars Technica via Monty Solomon) Google Play and lack of version numbers (Dan Jacobson) Canon printers `Doom'ed (Henry Baker) Analysis Of Volunteer's Metadata Stream Reveals His Life In Detail, Allows Passwords To Be Guessed (TechDirt via Kenneth R. Mayer Jr.) Keep Your Data Yours While Traveling (Monty Solomon) "Privacy Commissioner unearths apps demanding too many permissions" (Candice So via Gene Wirchenko) 60 percent of apps fail basic privacy tests, finds international cross-governmental study (geoff goodfellow) Re: Apple Says It Will Add New iCloud Security Measures After Celebrity Hack (Steven Klein) Re: The Case for Resign Switches for Politicians (Michael Kohne) Re: zero-day bounties (Paul Edwards) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 15 Sep 2014 11:55:17 -0400 (EDT) From: "ACM TechNews" <technews () hq acm org> Subject: Lessons for the Future: Harvard Computer Science intro course [This item is included as perhaps an encouraging harbinger of things to come, something that RISKS has always touted from the very beginning -- pervasively increased awareness of computer literacy, and especially computer-related RISKS. This may be a tip of just one iceberg, but I consider it good news. PGN] Meg P. Bernhard, Harvard Computer Science Introductory Course Logs Record-Breaking Enrollment Numbers, *The Harvard Crimson*m 11 Sep 2014 via ACM TechNews, Monday, September 15, 2014 Nearly 12 percent of Harvard College's students have enrolled in the college's introductory computer science class, Computer Science 50: "Introduction to Computer Science I." With a record-breaking total enrollment of 818 undergraduate students this semester, CS50 is the college's largest course, followed by "Principles of Economics," the previous semester's largest course. Several factors are contributing to the class's popularity. Instructor David J. Malan says the boost in enrollment in part reflects a growing interest among Harvard students and the general public in computer science. Professor Eddie Kohler says CS50's growing popularity also is due to its accessibility, characterizing the course as more of an experience. Harry R. Lewis, Harvard's director of undergraduate studies for computer science, says Harvard students have "figured out that in pretty much every area of study, computational methods and computational thinking are going to be important to the future." Lewis also says he has seen higher enrollment than ever in other computer science courses this semester, including "Introduction to the Theory of Computation," which has 153 students enrolled. The number of computer science concentrators at Harvard also has increased, nearly doubling between 2008 and 2013. http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_5-c8cdx2bacex063367&; ------------------------------ Date: Mon, 15 Sep 2014 09:28:14 -0400 From: Monty Solomon <monty () roscom com> Subject: Lessons From the Past for a Future in Smart Cars The slow move toward air bags and seatbelts as standard safety features, into an era of the computer on wheels. http://www.nytimes.com/2014/09/15/us/lessons-from-the-past-for-a-future-in-smart-cars.html ------------------------------ Date: Thu, 11 Sep 2014 20:09:55 -0400 From: Monty Solomon <monty () roscom com> Subject: Steve Jobs Was a Low-Tech Parent (Nick Bilton) Nick Bilton, *The New York Times*, 10 Sep 2014 When Steve Jobs was running Apple, he was known to call journalists to either pat them on the back for a recent article or, more often than not, explain how they got it wrong. I was on the receiving end of a few of those calls. But nothing shocked me more than something Mr. Jobs said to me in late 2010 after he had finished chewing me out for something I had written about an iPad shortcoming. "So, your kids must love the iPad?" I asked Mr. Jobs, trying to change the subject. The company's first tablet was just hitting the shelves. "They haven't used it," he told me. "We limit how much technology our kids use at home." I'm sure I responded with a gasp and dumbfounded silence. I had imagined the Jobs's household was like a nerd's paradise: that the walls were giant touch screens, the dining table was made from tiles of iPads and that iPods were handed out to guests like chocolates on a pillow. Nope, Mr. Jobs told me, not even close. ... http://www.nytimes.com/2014/09/11/fashion/steve-jobs-apple-was-a-low-tech-parent.html ------------------------------ Date: Fri, 12 Sep 2014 15:25:42 -0600 From: Jim Reisert AD1C <jjreisert () alum mit edu> Subject: Software glitch sends regular Colorado driver's licenses to immigrants (Kirk Mitchell) Kirk Mitchell, *The Denver Post*, 12 Sep 2014 A software glitch mistakenly sent regular Colorado driver's licenses to hundreds of immigrants living in the United States illegally, rather than the special licenses they were supposed to get, officials said Friday. The special driver's licenses created for the first time this year for immigrants do not have an intended disclaimer that makes it clear the holder cannot vote, according to authorities. Specifically, the cards do not have a black band near the top indicating that the license does not offer voting privileges and is not for `public benefit purposes'. "They didn't have all the security measures they were supposed to have to make sure they were used correctly," said Daria Serna, spokeswoman for the Colorado Department of Revenue. The driver's license cards for people in the country legally with visas and those living here illegally look *identical* to driver's licenses for U.S. citizens living in Colorado, according to a news release Friday by John Raffetto, spokesman for private contractor MorphoTrust. The glitch resulted in errors that invalidated 524 Colorado driver's licenses for those living in this country illegally, Raffetto said. http://www.denverpost.com/news/ci_26521997/ ------------------------------ Date: Sun, 14 Sep 2014 18:36:37 -0400 From: David Tarabar <dtarabar () acm org> Subject: NFL's finicky WiFi connections frustrate some coaches A $400 million sponsorship by Microsoft has equipped NFL coaches with Surface tablets during games. This allows them to review plays and formations -- replacing printed pictures that have been used for decades. However the connectivity has not been completely reliable. It seems that a crowded football stadium is not the best environment for reliable Wi-Fi. ... and one more thing "The partnership with the NFL hasn't worked out ideally for Microsoft, either. Coaches, players, and TV announcers have repeatedly referred to the Surface tablets as iPads" http://www.bostonglobe.com/business/2014/09/12/nfl-finicky-connections-frustrate-some-coaches/c8viq8RB9oMLeHSA9kdWyN/story.html ------------------------------ Date: Sun, 14 Sep 2014 01:29:16 -0400 From: Monty Solomon <monty () roscom com> Subject: Airlines Take the Bump Out of Turbulence Stronger computing power, improved satellite and radar technology and more sophisticated scientific models give airlines a greater understanding of flying conditions. http://www.nytimes.com/2014/09/08/technology/airlines-take-the-bump-out-of-turbulence.html ------------------------------ Date: Sun, 14 Sep 2014 01:21:41 -0400 From: Monty Solomon <monty () roscom com> Subject: Trying to Hit the Brake on Texting While Driving People keep texting when they're behind the wheel, so an engineer has found a technological solution. The problem: He can't do it on his own. http://www.nytimes.com/2014/09/14/business/trying-to-hit-the-brake-on-texting-while-driving.html ------------------------------ Date: Mon, 15 Sep 2014 00:08:11 -0500 From: Bruce Schneier <schneier () schneier com> Subject: NSA/GCHQ/CSEC Infecting Innocent Computers Worldwide Bruce Schneier, CRYPTO-GRAM, 15 Sep 2014, Co3 Systems, Inc. http://www.schneier.com There's a new story on the C't Magazin website about a 5-Eyes program to infect computers around the world for use as launching pads for attacks. These are not target computers; these are innocent third parties. The article actually talks about several government programs. HACIENDA is a GCHQ program to port-scan entire countries, looking for vulnerable computers to attack. According to the GCHQ slide from 2009, they've completed port scans of 27 different countries and are prepared to do more. The point of this is to create ORBs, or Operational Relay Boxes. Basically, these are computers that sit between the attacker and the target, and are designed to obscure the true origins of an attack. Slides from the Canadian CSEC talk about how this process is being automated: "2-3 times/year, 1 day focused effort to acquire as many new ORBs as possible in as many non 5-Eyes countries as possible." They've automated this process into something codenamed LANDMARK, and together with a knowledge engine codenamed OLYMPIA, 24 people were able to identify "a list of 3000+ potential ORBs" in 5-8 hours. The presentation does not go on to say whether all of those computers were actually infected. Slides from the UK's GCHQ also talk about ORB detection, as part of a program called MUGSHOT. It, too, is happy with the automatic process: "Initial ten fold increase in Orb identification rate over manual process." There are also NSA slides that talk about the hacking process, but there's not much new in them. The slides never say how many of the "potential ORBs" CSEC discovers or the computers that register positive in GCHQ's "Orb identification" are actually infected, but they're all stored in a database for future use. The Canadian slides talk about how some of that information was shared with the NSA. Increasingly, innocent computers and networks are becoming collateral damage, as countries use the Internet to conduct espionage and attacks against each other. This is an example of that. Not only do these intelligence services want an insecure Internet so they can attack each other, they want an insecure Internet so they can use innocent third parties to help facilitate their attacks. The story contains formerly TOP SECRET documents from the US, UK, and Canada. Note that Snowden is not mentioned at all in this story. Usually, if the documents the story is based on come from Snowden, the reporters say that. In this case, the reporters have said nothing about where the documents come from. I don't know if this is an omission -- these documents sure look like the sorts of things that come from the Snowden archive -- or if there is yet another leaker. http://www.heise.de/ct/artikel/NSA-GCHQ-The-HACIENDA-Program-for-Internet-Colonization-2292681.html or http://tinyurl.com/mevxbq2 ------------------------------ Date: Sun, 14 Sep 2014 02:44:08 -0400 From: Monty Solomon <monty () roscom com> Subject: The Mystery of Apple Watch's Battery Life Apple had plenty to brag about at its event earlier this week. So it was particularly noticeable when Apple left out an important detail about the brand-new Apple Watch: the battery life. http://bits.blogs.nytimes.com/2014/09/12/the-mystery-of-apple-watchs-battery-life/ ------------------------------ Date: Sun, 14 Sep 2014 10:41:31 -0400 From: Monty Solomon <monty () roscom com> Subject: iPwned: How easy is it to mine Apple services, devices for data? http://arstechnica.com/features/2014/09/ipwned-mining-iphones-icloud-for-personal-data-is-terrifying-simple/ ------------------------------ Date: Sun, 14 Sep 2014 02:45:02 -0400 From: Monty Solomon <monty () roscom com> Subject: Banks Did It Apple's Way in Payments by Mobile The eagerness of banks and card companies to work with Apple on its mobile payment system suggests Apple's clout and the concern financial players have for their future. http://dealbook.nytimes.com/2014/09/11/banks-did-it-apples-way-in-payments-by-mobile/ ------------------------------ Date: Sun, 14 Sep 2014 10:22:41 -0400 From: Monty Solomon <monty () roscom com> Subject: Senator demands US courts recover 10 years of online public records "Restore access," lawmaker says of docs purged because of computer upgrade issue. David Kravets, Ars Technica, 13 Sep 2014 The head of the powerful Senate Judiciary Committee is urging the federal bureaucracy to restore a decade's worth of electronic court documents that were deleted last month from online viewing because of an upgrade to a computer database known as PACER. Senate Judiciary Committee Chairman Patrick Leahy (D-Vermont) said the removal of the thousands of cases from online review is essentially erasing history. ... http://arstechnica.com/tech-policy/2014/09/senator-demands-us-courts-recover-10-years-of-online-public-records/ ------------------------------ Date: Mon, 15 Sep 2014 11:17:49 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: How the cybercrime industry fueled Target breach (McAfee) (Jeff Marganteen) Jeff Morganteen, CNBC, 10 Mar 2014 <http://twitter.com/jmorganteen> How the cybercrime industry fueled Target credit card breach: McAfee Labs http://www.cnbc.com/id/101480102#. McAfee CTO: Target attack was defendable. Mike Fey, McAfee worldwide chief technology officer, discusses Target's data breach, how to best protect customer information and competition in the cybersecurity space. The cyberattacks that led to the massive data breach at Target last year marked the "coming-of-age" for a black-market service industry that caters to malicious hackers and identity thieves, computer security company McAfee Labs said in a quarterly report Monday. That industry allowed the thieves to not only buy custom-made malware for the theft, but also to quickly sell credit card numbers from 40 million shoppers affected by the breach. The thieves sold the numbers through online back-channels that security experts call the "dark web," the company said. "Retailers in general took this as a wake-up call," said Mike Fey, chief technology officer at McAfee, on *Squawk on the Street*. They saw an essentially off-the-shelf ... piece of malware modified for a unique environment, which was Target. A lot of retailers assumed that if they don't have a standard point-of-sale system, they were somehow safe. And I think Target showed them that's not the case." McAfee Labs released its quarterly report on cybersecurity threats on Monday. The company focused its attention on the dark web malware industry that fueled the point-of-sale attacks on Target and other retailers late last year. The high-profile cyberattacks were unsophisticated technologies that identity thieves bought off the shelf from the cybercrime "service" community, which customized the software specifically for the attack, McAfee said. McAfee researchers discovered that the Target thieves offered credit card information for sale in batches between 1 million and 4 million numbers, the cybersecurity company said. What's more, Fey said Target could have defended against the point-of-sale attacks if it had a cost-effective method of deploying existing security technology. "You take a look at the Target attack," Fey said. "That was defendable by technology that has been around. It didn't require a new silver bullet" Last week, Target's chief information officer resigned as the retailer seeks to overhaul its security protections. [...] ------------------------------ Date: Sun, 14 Sep 2014 10:38:56 -0400 From: Monty Solomon <monty () roscom com> Subject: After e-mail takeover, copycats demand cash to expose Bitcoin's creator http://arstechnica.com/security/2014/09/after-e-mail-takeover-copycats-demand-cash-to-expose-bitcoins-creator/ ------------------------------ Date: Sun, 14 Sep 2014 10:35:03 -0400 From: Monty Solomon <monty () roscom com> Subject: US gov't threatened Yahoo with $250K daily fine if it didn't use PRISM http://arstechnica.com/tech-policy/2014/09/us-govt-threatened-yahoo-with-250k-daily-fine-if-it-didnt-use-prism/ [In 2008, reportedly at least doubling the fine for each day of noncompliance. Gambler's Ruin without having to gamble!?? PGN] ------------------------------ Date: Sun, 14 Sep 2014 19:07:23 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Supreme Court ruling has wiped out 11 "do it on a computer" patents so far (Ars Technica) Ars Technica via NNSquad http://arstechnica.com/tech-policy/2014/09/supreme-court-ruling-has-wiped-out-11-do-it-on-a-computer-patents-so-far/ "The courts are sending a pretty clear message: you can't take a commonplace human activity, do it with a computer, and call that a patentable invention," writes Lee. ------------------------------ Date: Sun, 14 Sep 2014 10:38:25 -0400 From: Monty Solomon <monty () roscom com> Subject: Turning the tables on "Windows Support" scammers by compromising their PCs (Ars Technica) http://arstechnica.com/security/2014/09/turning-the-tables-on-windows-support-scammers-by-compromising-their-pcs/ ------------------------------ Date: Sun, 14 Sep 2014 20:24:31 +0800 From: Dan Jacobson <jidanni () jidanni org> Subject: Google Play and lack of version numbers In contrast to Apple's App Store, Google Play, the official app store for the Android operating system, does not show version numbers for its apps, only a date. The assumption apparently is no app would have a second version issued on the same date, so users wouldn't need to bother distinguishing Trojans... (Of course I don't actually own a smartphone, so I was only comparing their websites. Which apparently the problem is only limited to.) ------------------------------ Date: Mon, 15 Sep 2014 09:30:56 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: Canon printers `Doom'ed No authentication or signing for firmware updates; "Who suspects printers?" http://www.theguardian.com/technology/2014/sep/15/hackers-doom-printer-canon-security http://www.contextis.co.uk/resources/blog/hacking-canon-pixma-printers-doomed-encryption/ Hacker puts Doom on a printer to highlight security vulnerabilities Canon PIXMA printer compromised with vintage first-person shooter game during 44Con conference Tom Fox-Brewster, *The Guardian*, theguardian.com, 15 Sep 2014 Running Doom on a printer is more than a gimmick: it's a security concern. In 1993, first-person shooter Doom was a groundbreaking game. In 2014, it's being used by ethical hackers to demonstrate security vulnerabilities in connected devices. Specifically: printers. During his talk at the 44Con conference in London, Michael Jordon from Context Information Security proved he could easily compromise the Canon PIXMA printer -- popular for homes and small businesses alike -- by making it run Doom.
From the exploitation standpoint, hacking the machine was trivial, as Jordon
discovered that the device has a web interface with no username or password protecting it. On initial inspection, this interface was of little interest, only showing ink levels and printing status. But it soon became apparent a hacker could use this interface to trigger an update to the machine's firmware - the underlying code that is essentially the heart and soul of the printer. An outsider could thus have changed settings on the printer to convince it to ask for updates from a malicious server rather than Canon's official channel. Jordon took advantage of what he described as `terrible; encryption protecting the firmware to add some tweaks to its code, enabling him to control the machine from afar. A malicious hacker could have discovered what documents the printer was handling, or started issuing commands to take up resources. If it belonged to a business, they would also have had access to the network, on which to carry out further exploitation. Doom? Jordon used the first-person shooter as the basis for his presentation to the white-hat hacker audience at 44Con, to make it more interesting. The graphics may have been slightly dodgy, but the game running on the Canon PIXMA was still, definably, Doom. The point of the project was to prove that machines most would not normally expect to be hacked can be valuable to those looking to breach networks. ``If you can run Doom on a printer, you can do a lot more nasty things,'' Jordon told the Guardian. ``In a corporate environment, it would be a good place to be. Who suspects printers?'' Canon has promised a fix, after working closely with Context. ``We intend to provide a fix as quickly as is feasible,'' the company said. [Truncated for RISKS. PGN] ------------------------------ Date: Saturday, September 13, 2014 From: *Kenneth R. Mayer Jr.* <mayerjr () yahoo com> Subject: Analysis Of Volunteer's Metadata Stream Reveals His Life In Detail, Allows Passwords To Be Guessed (via Dave Farber) Excellent article. *Analysis Of Volunteer's Metadata Stream Reveals His Life In Detail, Allows Passwords To Be Guessed* https://www.techdirt.com/articles/20140910/06590828478/analysis-volunteers-metadata-stream-reveals-his-life-detail-allows-passwords-to-be-guessed.shtml Shared from techdirt <http://flip.it/RKD3u> on Flipboard. Download Flipboard for free here <http://flpbd.it/now>. ------------------------------ Date: Fri, 12 Sep 2014 09:15:16 -0400 From: Monty Solomon <monty () roscom com> Subject: Keep Your Data Yours While Traveling Experts share methods for maintaining security on electronic devices at hotels, airports and other places. http://www.nytimes.com/2014/09/09/business/keep-your-data-yours-while-traveling.html ------------------------------ Date: Fri, 12 Sep 2014 13:01:50 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Privacy Commissioner unearths apps demanding too many permissions" (Candice So) Candice So, *IT Business*, 11 Sep 2014 Privacy Commissioner unearths apps demanding too many permissions http://www.itbusiness.ca/news/privacy-commissioner-unearths-apps-demanding-too-many-permissions/51030 ------------------------------ Date: Sep 12, 2014 1:59 PM From: geoff goodfellow <geoff () iconia com> Subject: 60 percent of apps fail basic privacy tests, finds international cross-governmental study http://9to5mac.com/2014/09/12/60-percent-of-apps-fail-basic-privacy-tests-finds-international-cross-governmental-study/ ------------------------------ Date: Sun, 14 Sep 2014 11:47:23 -0400 From: Steven Klein <steven () yourmacexpert com> Subject: Re: Apple Says It Will Add New iCloud Security Measures After Celebrity Hack (Chen, RISKS-28.26) Kurt Seifried complains (sarcastically) about Apple not "making brute force attacks harder. They impose delays after three incorrect password attempts. Until recently, they only did this on user-facing systems, but have since fixed this so that the delay kicks in on all known interfaces. He also strangely claims that there isn't ``any way to contact Apple.'' In fact there are many ways to contact them. Via the iCloud support contact page: https://www.apple.com/support/icloud/contact/ Via phone (with local numbers in dozens of countries): http://support.apple.com/kb/HE57 And via a worldwide network of retail stores that offer in-person tech support. Here's a link to their support reservation page for their US stores: http://concierge.apple.com/reservation/us/en/techsupport/ I agree that Apple could do a better job, but I don't think the situation is improved by spreading misinformation. ------------------------------ Date: Fri, 12 Sep 2014 07:33:50 -0400 From: Michael Kohne <mhkohne () kohne org> Subject: Re: The Case for Resign Switches for Politicians (Baker, R-28.25) Amusing as the idea is, I think that you've missed a problem here. While this would let the voters get rid of an out of control politician, it would *also* encourage the politicians to hold ever more firmly to whatever viewpoint they espoused in their campaign, regardless of facts, new information, or common sense. We've already got a problem with politicians who never compromise on anything, no matter how stupid their stance. I don't think we need to give them any *more* reasons to be intransigent. They've got that covered already. ------------------------------ Date: Sat, 13 Sep 2014 06:52:10 +1000 From: Paul Edwards <paule () cathicolla com> Subject: Re: zero-day bounties (Baker, RISKS-28.25) How do you change the widely-used anti-pattern of pushing buggy software out prematurely? As an example (one of many, but this time I actually got the figures): A few years ago I was consulting in at a large company, specifically with their incident management team. The team manager said that a new version of an application had been released a few weeks prior. His team had spent four weeks working to respond to maintain reliability. There were no reports of customer dissatisfaction with the new version of the product supported by the application; his team had done a good job. His outcome: a handful of bugs identified, a tired and disgruntled team, and an overtime bill of ~$10K. I did some further research and spoke to a few key people. I found that the additional 5 weeks of testing estimated to eliminate the bugs would have cost ~$40K, and delaying the new features would have forgone about $500K in revenue (they were expecting a 10% uplift in $1 million per week revenue -- that estimate was later found to be spot on)
From the perspective of the organization as a whole: it will not forgo
$500K in revenue and add $40K to a project cost in order to save $10K in overtime -- especially when there has been no downturn in customer sat or brand. Using Henry's terms, in this case the bounty is small ($10K), compared to the cost of formal methods ($540K[1]). * Will contextualizing the bug as a zero-day vulnerability change the behaviour seen above? * Will changing the relative difference between the bounty and the cost of applying formal methods change the behaviour? * Can you somehow quantify brand, customer sat, and the like as contributing to the bounty, to tip the scales? I don't know. It's an interesting discussion to be had though. [1] The organization would see the forgone revenue as a cost of formal methods. ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string `notsp' at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 28.27 ************************
Current thread:
- Risks Digest 28.27 RISKS List Owner (Sep 15)