RISKS-LIST: Risks-Forum Digest Friday 13 August 2021 Volume 32 : Issue 82
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
(comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc.
*****
This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/32.82>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
The Chinese smart city that knows people's personal habits (bbc.com)
Clearing the heavens of space junk (CBS News)
AI wrote better phishing emails than humans in a recent testc (WiReD)
Robots are coming for the lawyers (The Conversation)
Facebook is reportedly trying to analyze encrypted data without deciphering
it (Engadget)
We Research Misinformation on Facebook. It Just Disabled Our Accounts.
(NYTimes)
Brooklyn Tech students uncovered an NYC schools data breach (Brooklyner) Citigroup Center Stilts - New York, New York (Atlas Obscura)
A Critical Random Number Generator Flaw Affects Billions of IoT Devices
(The Hacker News)
Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic
(The Hacker News)
Tortured phrases' give away fabricated research papers (Nature)
A new flying car illustrates the same old problems (Hackaday)
Cryptocurrency debate slows infrastructure bill (WashPost)
#DEFCON: Exploiting Vulnerabilities in the Global Food Supply Chain
(Infosecurity Magazine)
Mesa County Colorado secure election systems passwords posted on political
blog (Rod Wilcox)
Why you should care about Zoom's $85m privacy lawsuit (Ars Technica)
Re: Chair moved to clean in control room, bumps switch, shutting reactor in
Taiwan (Dan Jacobson)
Re: Apple to Scan iPhones for Child Sex Abuse Images (Ross Anderson via PGN) Re: Cyber-attack against steering of ships? (R A Lichtensteiger)
Re: DRM item with an Unreadable Button (David E. Ross)
Re: Reading Race: A Remarkable AI/ML Achievement (Michal Pavlovic)
Abridged info on RISKS (comp.risks)
___-------------------------------------------------------------------
Date: Sun, 8 Aug 2021 12:14:06 +0800
From: "Richard Stein" <
rmstein@ieee.org>
Subject: The Chinese smart city that knows people's personal habits
(bbc.com)
https://www.bbc.com/reel/video/p09rfsk7/the-chinese-smart-city-that-knows-people-s-personal-habits
"As artificial intelligence changes our world, it has sparked a new arms
race between China and the US. Both countries are pouring billions into cutting-edge technology. Experts warn that without urgent regulation, we
could lose control of AI."
Chongqing (population ~16M in 2019) is wired with ~300K cameras that continuously surveils the population, applying facial recognition to ensure public order, and to suppress the free expression of ideas that might
challenge the supremacy of political governance priorities.
See "Universal Declaration of Human Rights," retrieved from from
https://www.un.org/en/about-us/universal-declaration-of-human-rights on 08AUG2021. Article 2 is most relevant in this case.
A globally enforced treaty that proscribes AI deployment used to suppress
human rights would be required. Treaty negotiations among practitioners of political governance philosophies that explicitly marginalize individual freedoms are unlikely to materialize.
Risk: Basic human right to free expression suppressed with AI.
[The BBC video states ~800M CCTV cameras are deployed globally. The PRC
deploys more than 50% of this total. Who watches the watchers?]
___---------------------------
Date: Sun, 8 Aug 2021 11:48:03 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Clearing the heavens of space junk (CBS News)
If you're going to be a character in a space movie, like "Space Cowboys" or "Gravity," you've got to watch out for space junk; everybody knows that. But what not everyone knows is that that plot twist isn't fiction anymore.
"I got a call from my chief satellite officer, he said, 'We've lost track of our satellite vehicle number 33 somewhere over Siberia; it may have been hit
by something,'" recalled Matt Desch, the CEO of Iridium, whose 66 satellites provide voice and data connections for governments, companies, air traffic
and shipping.
<
https://www.iridium.com/>
In 2009, a defunct Russian satellite crashed into one of Iridium's. <
https://www.cbsnews.com/news/us-and-russian-satellites-collide/>
Correspondent David Pogue asked Desch, "So, how bad was the damage?"
"Well, it completely took out our satellite," he replied.
The Iridium disaster was a wake-up call for the space industry. "There's estimated to be, like, 130 million tiny pieces smaller than the size of your thumb out there," said Desch. "And at 17,000 miles an hour, they can do damage."
The litter in low Earth orbit has become a constant danger to the
International Space Station. In May, astronauts there discovered a hole in
the station's giant robotic arm. Fortunately, the arm still works, but it
was a lucky strike *this* time. [...]
https://www.cbsnews.com/news/space-junk-damage-international-space-station=
/
https://www.cbsnews.com/news/clearing-the-heavens-of-space-junk/
___---------------------------
Date: Sun, 8 Aug 2021 15:42:33 -0400
From: "Gabe Goldberg" <
gabe@gabegold.com>
Subject: AI wrote better phishing emails than humans in a recent testc
(WiReD)
Researchers found that tools like OpenAI's GPT-3 helped craft devilishly effective spearphishing messages.
https://www.wired.com/story/ai-phishing-emails/
___---------------------------
Date: Wed, 11 Aug 2021 13:24:05 +0300
From: Amos Shapir <
amos083@gmail.com>
Subject: Robots are coming for the lawyers (The Conversation)
A report of a research project by lawyers, computer scientists and linguists
at MITRE <
https://www.mitre.org/> trying to relegate to AI some of the work done by lawyers. The authors note: "One of the first things we learned is
that it can be hard to predict which tasks are easily automated", but
suggest that technical tasks like legal research may be automated.
https://theconversation.com/robots-are-coming-for-the-lawyers-which-may-be-bad-for-tomorrows-attorneys-but-great-for-anyone-in-need-of-cheap-legal-assistance-157574
I wonder how long it will be before judges are tempted to use such a system
for suggesting an adequate sentence in some cases; and how long after that,
it might become common practice to use such suggestions as unquestionable sources of wisdom.
___---------------------------
Date: Sun, 8 Aug 2021 11:00:03 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Facebook is reportedly trying to analyze encrypted data without
deciphering it (Engadget)
The approach could bolster Facebook's ad-targeting efforts*
Facebook is reportedly looking into analyzing the content of encrypted data without having to decrypt it. The company is recruiting artificial
intelligence researchers to study the matter, according to *The
Information*. <
https://www.theinformation.com/articles/facebook-researchers-hope-to-bring-together-two-foes-encryption-and-ads>
Their research could pave the way for Facebook to target ads based on
encrypted WhatsApp messages. Facebook could also use the findings to
encrypt user data without affecting its ad targeting approaches.
This area of research is called "homomorphic encryption," which relies
heavily on mathematics. Microsoft, Amazon and Google are also working on the approach. The aim of homomorphic encryption is to allow companies to read
and analyze data while keeping it encrypted to protect information from cybersecurity dangers and to maintain privacy. [...]
https://www.engadget.com/facebook-analyze-encrypted-messages-ad-targeting-175739715.html
___---------------------------
Date: Tue, 10 Aug 2021 17:54:08 -0400
From: "Jan Wolitzky" <
jan.wolitzky@gmail.com>
Subject: We Research Misinformation on Facebook. It Just Disabled Our
Accounts. (NYTimes)
<
https://www.nytimes.com/2021/08/10/opinion/facebook-misinformation.html>
___---------------------------
Date: Thu, 12 Aug 2021 19:49:37 -0400
From: "Gabe Goldberg" <
gabe@gabegold.com>
Subject: Brooklyn Tech students uncovered an NYC schools data breach
(Brooklyner)
Teachers' social security numbers, student academic records, and
families' home addresses are among the dozens of pieces of information a
group of tech-savvy high school students stumbled across on Google Drive
this year, reports Chalkbeat's Pooja Salhotra.
The documents - many of which contained confidential information - were
leaked because of a quirk in the education department's Google Drive
sharing settings, a group of Brooklyn Technical High School students found.
The students then requested a meeting with a senior staff member at
their school, an email obtained by Chalkbeat confirms. At the meeting,
the Brooklyn Tech student recalls, the staff member listened as the
students walked through a PowerPoint presentation explaining the privacy
issues in the education department's Google Drive. The presentation
included a slide with photos of some of the shared documents, including
a template the students themselves created saying "Brooklyn Tech is
better than Stuyvesant." (Brooklyn Tech and Stuyvesant are two of the
city's top high schools.)
https://bklyner.com/brooklyn-tech-students-uncovered-a-nyc-schools-data-breach/
Yay, Tech (my high school)
--
Gabriel Goldberg, Computers and Publishing, Inc.
gabe@gabegold.com
3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433 LinkedIn:
http://www.linkedin.com/in/gabegold Twitter: GabeG0
___---------------------------
Date: Tue, 10 Aug 2021 16:10:33 -0400
From: "Gabe Goldberg" <
gabe@gabegold.com>
Subject: Citigroup Center Stilts - New York, New York (Atlas Obscura)
If it hadn't been caught in time, a flaw in the design of this Manhattan skyscraper could have led to its collapse.
https://www.atlasobscura.com/places/citigroup-center-stilts
The risk? Bad design not anticipating Big Bad Wolf huffing and puffing,
blowing down the fancy building.
___---------------------------
Date: Mon, 9 Aug 2021 10:38:40 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: A Critical Random Number Generator Flaw Affects Billions of IoT
Devices (The Hacker News)
A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things (IoT) devices whereby it fails to properly generate random numbers, thus undermining their security
and putting them at risk of attacks.
"It turns out that these 'randomly' chosen numbers aren't always as random
as you'd like when it comes to IoT devices," Bishop Fox researchers Dan
Petro and Allan Cecil *said* <
https://labs.bishopfox.com/tech-blog/youre-doing-iot-rng> in an analysis published last week. "In fact, in many cases, devices are choosing
encryption keys of 0 or worse. This can lead to a catastrophic collapse of security for any upstream use."
Random-number generation (*RNG*) is a *crucial process* that undergirds
several cryptographic applications, including key generation, nonces, and salting. On traditional operating systems, it's derived from a cryptographically secure pseudorandom number generator (CSPRNG) that uses entropy obtained from a high-quality seed source. <
https://en.wikipedia.org/wiki/Random_number_generation>) <
https://www.veracode.com/blog/research/cryptographically-secure-pseudo-random-number-generator-csprng>
When it comes to IoT devices, this is supplied from a system-on-a-chip (SoC) that houses a dedicated hardware RNG peripheral called a true random number generator (TRNG) that's used to capture randomness from physical processes
or phenomen?.
Stating that the manner in which the peripheral is being current invoked was incorrect, the researchers noted the lack of checks for error code responses across the board, leading to a scenario where the random number generated
isn't simply random, and worse, predictable, resulting in partial entropy, uninitialized memory, and even crypto keys containing plain zeros. [...]
https://thehackernews.com/2021/08/a-critical-random-number-generator-flaw.html
___---------------------------
Date: Wed, 11 Aug 2021 09:42:23 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic
(The Hacker News)
Cybersecurity researchers have disclosed a new class of vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow
attackers to exfiltrate sensitive information from corporate networks.
"We found a simple loophole that allowed us to intercept a portion of
worldwide dynamic DNS traffic going through managed DNS providers like
Amazon and Google," researchers Shir Tamari and Ami Luttwak from
infrastructure security firm Wiz said, <
https://www.wiz.io/blog/black-hat-2021-dns-loophole-makes-nation-state-level-spying-as-easy-as-registering-a-domain>
Calling it a "bottomless well of valuable intel," the treasure trove of information contains internal and external IP addresses, computer names, employee names and locations, and details about organizations' web domains.
The findings were presented at the Black Hat USA 2021 security conference
last week. <
https://www.blackhat.com/us-21/briefings/schedule/#a-new-class-of-dns-vulnerabilities-affecting-many-dns-as-service-platforms-23563>
"The traffic that leaked to us from internal network traffic provides
malicious actors all the intel they would ever need to launch a successful attack," the researchers added. "More than that, it gives anyone a bird's
eye view on what's happening inside companies and governments. We liken this
to having nation-state level spying capability - and getting it was as easy
as registering a domain." [...]
https://thehackernews.com/2021/08/bugs-in-managed-dns-services-cloud-let.html
___---------------------------
Date: Sun, 8 Aug 2021 23:53:20 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Tortured phrases' give away fabricated research papers (Nature)
Analysis reveals that strange turns of phrase may indicate foul play in science.
https://www.nature.com/articles/d41586-021-02134-0
___---------------------------
Date: Mon, 9 Aug 2021 11:44:57 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: A new flying car illustrates the same old problems (Hackaday)
For almost as long as there have been cars and planes, people have
speculated that one day we will all get around in flying cars. They'd allow
us to "avoid the traffic" by flying through the air instead of sitting in snarling traffic jams on the ground.
The Klein Vision AirCar hopes to be just such a panacea to our modern
traffic woes, serving as a transformable flying car that can both soar
through the air and drive on the ground. Let's take a look at the prototype vehicle's achievements, and the inherent problems with the underlying flying car concept.
*IT FLIES AND DRIVES*. [...]
https://hackaday.com/2021/08/09/a-new-flying-car-illustrates-the-same-old-problems/
[And of course there we won't need any air-traffic control, because AI and
ML will prevent accidents. Everyone can do whatever they feel like,
including crashing into commercial airliners on takeoff and landing. PGN
PGN]
___---------------------------
Date: Tue, 10 Aug 2021 18:09:31 -0400
From: "Gabe Goldberg" <
gabe@gabegold.com>
Subject: Cryptocurrency debate slows infrastructure bill (WashPost)
The [U.S.] infrastructure bill is in part stalled as negotiations proceed on how closely to regulate the crypto industry
https://www.washingtonpost.com/business/2021/08/07/cryptocurrency-infrastructure-bill-lobby-bitcoin/
___---------------------------
Date: Thu, 12 Aug 2021 19:55:53 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: #DEFCON: Exploiting Vulnerabilities in the Global Food Supply Chain
(Infosecurity Magazine)
Autonomous farming equipment that can be controlled remotely now helps to
feed humanity. But what if that farming equipment were hacked?
https://www.infosecurity-magazine.com/news/defcon-exploiting-vulnerabilities/
___---------------------------
Date: Wed, 11 Aug 2021 23:36:17 -0700
From: Rob Wilcox <
robwilcoxjr@gmail.com>
Subject: Mesa County Colorado secure election systems passwords posted on
political blog
Mesa County is in Western Colorado with the county seat in the city of Grand Junction. Colorado is one of the states that use vote my mail. They use Dominion Systems ballot design, scanners, and tabulation software. Dominion
is based in Denver and 62 of 64 Colorado use their systems.
Vote-by-mail is one of the most secure vote tabulation systems. The paper ballots are an enduring record that can be recounted.
The Mesa County Attorney General has launched a criminal investigation of
the leak of passwords used for the systems in Mesa County. The Colorado Secretary of State is investigating.
The passwords were spread by a central 8Chan/QAnon figure to the
GatewayPundit blog.
Dominion was and continues to be the target of conspiracy theories of
election rigging in the 2020 race. As a result, Dominion is suing media
outlets FOX, OAN, Newsmax and individuals for defamation.
I led the early Computer Professionals for Social Responsibility (CPSR)
project on the security and reliability of elections systems. (PGN has been
a central motivating force since those early beginnings. Thanks!)
Elections systems employ overlapping test, audit, chains of custody,
employee trust, verification and transparency - human methods, to complement technical methods.
Here, the access logs, physical security, surveillance, and audit trails are being employed to find the source of the purloined passwords, any subsequent systems security breaches, and the involvement of elections professionals.
Such attacks can result in voters distrusting results of elections. We will have to work harder to explain our continuing work in trustworthy vote counting.
One of the great challenges from that early CPSR work, beginning about
1987-88, was to maintain an objective and factual tone when conspiracy
theories motivated some of our volunteers.
We look forward to the complete documentation resulting from the
investigation.
https://www.9news.com/article/news/local/next/mesa-clerk-passwords-voting-equipment-security-breach-colorado/73-5fce900e-8e45-491a-a86e-71b2c5da98a2
https://denver.cbslocal.com/2021/08/11/mesa-county-voting-system-passwords/ https://coloradosun.com/2021/08/11/tina-peters-mesa-county-passwords-breach/
___---------------------------
Date: Thu, 12 Aug 2021 14:32:19 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Why you should care about Zoom's $85m privacy lawsuit (Ars
Technica)
*Zoom has agreed to pay an $85 million settlement <
https://arstechnica.com/tech-policy/2021/08/zoom-to-pay-85m-for-lying-about-encryption-and-sending-data-to-facebook-and-google/>
after falsely claiming calls were protected with end-to-end encryption and
for handing over people's data to Facebook and Google without their consent. This is the latest development in a list of privacy and security issues
faced by the video platform that we first wrote about back in March 2020 <
https://protonmail.com/blog/zoom-privacy-issues/>.*
*Why Zoom has agreed to an $85 million settlement*
In March 2020, The Intercept reported <
https://theintercept.com/2020/03/31/zoom-meeting-encryption/> that Zoom had lied about the encryption used for their video calls. In short, the video communication service claimed that it used end-to-end encryption when it did not. Around the same time, Vice reported <
https://www.vice.com/en/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account>
that Zoom was also sharing user data with companies, including Facebook and Google, without consent. (Zoom has since fixed <
https://blog.zoom.us/zoom-use-of-facebook-sdk-in-ios-client/> these data-sharing practices.)
Zoom also had some major security issues, including default settings that allowed online trolls to take over public calls in an act known as "Zoombombing", and vulnerabilities that allowed hackers to access people's webcams <
https://arstechnica.com/information-technology/2019/07/zoom-makes-it-too-easy-for-hackers-to-access-webcams-heres-what-to-do/>.
For more information on Zoom's privacy and security issues, you can read
our full breakdown <
https://protonmail.com/blog/zoom-privacy-issues/>.
The Federal Trade Commission filed a complaint against Zoom <
https://www.ftc.gov/news-events/press-releases/2020/11/ftc-requires-zoom-enhance-its-security-practices-part-settlement>
in November 2020 after The Intercept exposed these holes in Zoom's
service. As a result, Zoom agreed to security improvements and a
"prohibition on privacy and security misrepresentations". Now, on 7 July
2021, Zoom has also agreed to pay an $85 million settlement, including compensation for those who were affected by these security
shortcomings. People who are entitled to compensation will receive between
just $15 and $25 each if the settlement is approved in court.
The maximum compensation of $25 doesn't reflect the extent to which Zoom
misled the people who used its services, nor the gravity of the potential consequences of doing so. Is this proposed settlement enough to make tech companies start taking user privacy and security seriously? And what can we
do to better protect our data?. [...]
https://protonmail.com/blog/zoom-85-million-settlement/
___---------------------------
Date: Thu, 12 Aug 2021 03:43:18 +0800
From: "??? Dan Jacobson" <
jidanni@jidanni.org>
Subject: Re: Chair moved to clean in control room, bumps switch, shutting
reactor in Taiwan (RISKS-32.81)
Going beyond
https://www.youtube.com/watch?v=8pjhJz3vQZc ,
the authorities say a chair flipped the switch, but legislators say there
is no way that chair could have flew up and reached the switch. And the
power company said no video is kept, due to "worker privacy issues."
Going beyond
https://www.youtube.com/watch?v=8pjhJz3vQZc ,
the authorities say a chair flipped the switch, but legislators say there
is no way that chair could have flew up and reached the switch. And the
power company said no video is kept, due to "worker privacy issues."
So somebody is ???
(???)
(telling tall tales.)
Maybe some international investigation is needed to find out why
the reactor got shut.
All in Chinese. But do look at the photos:
https://www.mirrormedia.mg/story/20210810edi028/ https://www.facebook.com/NuclearMythbusters/posts/1692435327610706 https://udn.com/news/story/7238/5662400 https://www.chinatimes.com/realtimenews/20210810004096-260407 https://www.setn.com/News.aspx?NewsID=980104 https://www.youtube.com/watch?v=_0F3Mm1u4XE (discussion, Chinese.)
___---------------------------
Date: Sun, 8 Aug 2021 14:36:53 -0700
From: Ross Anderson <
Ross.Anderson@cl.cam.ac.uk>
Subject: Re: Apple to Scan iPhones for Child Sex Abuse Images (RISKS-32.81)
[Here is Ross's very well-written technical blog post, in response to this
issue. PGN]
https://www.lightbluetouchpaper.org/2021/08/08/is-apples-neuralmatch-searching-for-abuse-or-for-people/
[Ross suggested looking at
https://www.hackerfactor.com/blog/index.php?/archives/929-One-Bad-Apple.html
PGN]
___---------------------------
Date: Sun, 8 Aug 2021 00:44:53 -0400
From: "R A Lichtensteiger" <
rali@tifosi.com>
Subject: Re: Cyber-attack against steering of ships? (RISKS-32.81)
Smells like a cyber-attack
The six vessels announced around the same time via their Automatic Identification System trackers that they were "not under command,"
according
to MarineTraffic.com. That typically means a vessel has lost power and can
no longer steer.
This is the key paragraph. It was *not* a cyberattack on the vessels, it was
a data spoofing attack on the website that presents AIS data.
There have been a spate of such attacks on MarineTraffic.com and similar
sites over the past years. In *no* way do these attacks impact actual safe navigation of the vessels involved. AIS transmission is short range VHF
radio and displays on other vessels (typically) on their navigation systems (GPS chartplot).
What you see on MarineTraffic et al. is VHF AIS signals picked up by various sources and then pushed into their servers.
Most interestingly, a number of those spoofs have involved warships:
https://www.wired.com/story/fake-warships-ais-signals-russia-crimea/
"At the same time, if they are in the same vicinity and in the same
place,
then very rarely that happens," said Ranjith Raja, an oil and shipping
expert with data firm Refintiv. "Not all the vessels would lose their
engines or their capability to steer at the same time."
Not much of an expert if he wasn't aware of AIS spoofing (and some
piss poor journalism, to boot).
___---------------------------
Date: Sun, 8 Aug 2021 12:46:02 -0700
From: "David E. Ross" <
david@rossde.com>
Subject: Re: DRM item with an Unreadable Button
RISKS-32.81 had the item "DRM on hand power tools", which contained a link
to the full TechDirt article. When I selected the article, there was a
banner across the bottom that said "This site, like most other sites on the web, uses cookies. For more information, see our privacy policy." At the
right of the banner was a rectangle. Only after I disabled the Web page's colors did I see that the rectangle was a button to dismiss the banner.
The button was pale orange. The "GOT IT" text in the button was white,
which made it invisible against the pale orange. Obviously, no one at
TechDirt understands basic principles of Web design.
___---------------------------
Date: Mon, 9 Aug 2021 12:25:07 +0000
From: "Pavlovic, Michal" <
Michal.Pavlovic@newayselectronics.com>
Subject: Re: Reading Race: A Remarkable AI/ML Achievement (RISKS-32.81)
The medical AI system learned to recognize the self-reported racial identity
of medical patients by analyzing their X-rays(!). Even more remarkable, it
has thus far proven infeasible to discover how it does so, in part because humans are unable to perform the same feat.
If it has proven infeasible, it is matter of money or bad documentation, but eit her is risky of course.
___---------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From:
RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
SPAM challenge-responses will not be honored. Instead, use an
alternative
address from which you never send mail where the address becomes public!
The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<
http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for
guidelines!
OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also,
ftp://ftp.sri.com/risks for the current volume/previous directories
or
ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES:
http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
Special Offer to Join ACM for readers of the ACM RISKS Forum:
<
http://www.acm.org/joinacm1>
___---------------------------
End of RISKS-FORUM Digest 32.82
************************
... Breaking Windows isn't just for kids anymore.
___ MultiMail/Win v0.52
--- Maximus/2 3.01
* Origin: Outpost BBS // bbs.outpostbbs.net:10123 (618:618/10)