info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 28.66
75 views
Skip to first unread message
RISKS List Owner
Jun 1, 2015, 8:01:57 PM6/1/15
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Monday 1 June 2015 Volume 28 : Issue 66
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.66.html>
The current issue can be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Airbus confirms A440M transport plane downed by badly configured SW
(Gabe Goldberg)
Belgian air traffic outage (Werner U)
Software Glitch Pauses LightSail Test Mission (Jason Davis via
(Prashanth Mundkur)
Volvo horrible self-parking car accident (Fusion via Jim Reisert)
Boston water main break disrupts telecommunication services for thousands
throughout Massachusetts (MassLive via Monty Solomon)
How Is Critical 'Life or Death' Software Tested? (Motherboard via
Gene Spafford)
Clueless Clause: Insurer Cites Lax Security in Challenge to Cottage Health
Claim (robert schaefer)
Even Tiny Updates to Tech Can Be Obstacles for the Disabled
(WiReD via Lauren Weinstein)
Woman plans to sue after Fla. license labels her a sex offender
(Baynews9 via Bob Frankston)
When Is A Violent Facebook Post A 'Threat'? SCOTUS Isn't Sure.
(National Journal via NNSquad)
House of Discards: Wikipedia pre-election edits (Henry Baker)
New incredibly cumbersome online voting system (Readwrite via
NNSquad)
A Tech Boom Aimed at the Few, Instead of the World (NYT via Monty Solomon)
Americans Don't Trust Government and Companies to Protect Privacy
(Pew in NYT via Monty Solomon)
The Government's Consumer Data Watchdog (NYT)
IRS says thieves stole tax info from >100,000 taxpayers (Henry Baker)
Up to 1.1 Million Customers Could be Affected in Data Breach at Insurer
CareFirst (NYT via Monty Solomon)
Adult FriendFinder hack EXPOSES MILLIONS of MEMBERS (John Leyden)
Large-scale attack hijacks routers through users' browsers
(Lucian Constantin via Gene Wirchenko)
Ex-FIFA Official Cites Satirical 'Onion' Article in His Self-Defense
(NYT)
Elizabeth Warren's official website is untrusted by Firefox (Henry Baker)
One-Tap Giving? Extra Steps Mire Mobile Donations (Monty Solomon)
Monty Solomon <mo...@roscom.com>
Partners launches $1.2 billion electronic health records system
(The Boston Globe)
Could wearing a smartwatch behind the wheel land you in hot water?
(Hayley Tsukayama)
Hacked billboard gets rude (Gawker via robert schaefer)
Uber Closes In on Its Last Frontier: Airports (NYT)
Driving Uber Mad (NYT)
Behind the Downfall at BlackBerry (NYT)
Verizon's 'Pick Your Own Cable TV Channels' Is Just Another Bait & Switch
-- Read the Fine Print (Bruce Kushnick)
Anti-NSA Pranksters Planted Tape Recorders Across New York and Published
Your Conversations (Andy Greenberg)
The Age Of Disinformation (James Spann via Dewayne Hendricks)
BBC: The generation that tech forgot (Lauren Weinstein)
A badly designed centralized desktop management can cause health risks
(Chiaki Ishikawa)
Lauren Weinstein <lau...@vortex.com>
CONTRARY WARNING! - "How Google Finally Got Design" (FastCodesign)
NYTimes.com is a very expensive "wall wart" (Henry Baker)
This Ad for Banned Food in Russia Can Hide Itself From the Cops
(gismodo via robert schaefer)
Re: Only 3% of people aced Intel's phishing quiz (David Damerell)
Re: All cars must have tracking devices (Alister Wm Macintyre)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 01 Jun 2015 17:30:34 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Airbus confirms A440M transport plane downed by badly configured SW
http://www.theregister.co.uk/2015/05/31/airbus_software_config_brought_down_a400m/
Supposedly correct engine-control software installed improperly [PGN-ed]
------------------------------
Date: Wed, 27 May 2015 12:54:01 +0200
From: Werner U <wer...@gmail.com>
Subject: Belgian air traffic outage
<http://deredactie.be/cm/vrtnieuws.english/News/1.2351961>
[Please visit the article website to see 2 graphics.]
At the moment, Belgian air traffic is completely shut down. Belgocontrol,
the Belgian air traffic control agency, is dealing with a power cut due to
overvoltage. This means that no planes are allowed to land on, or take off
from Belgian airports. Belgian airspace will remain closed until at least
5:30PM. There is increasing chaos at the airports as queues are growing, and
more and more flights are being canceled and delayed.
At 9:45AM, power went down at Belgocontrol. Flights preparing for landing
at that very moment were still allowed to ground on the strip. All other
flights were redirected to airports in neighbouring countries. Emergency
generators appeared to be malfunctioning as well, as they did not
automatically start running. "After that, we proceeded to a 'clear of the
sky' operation", explains Belgocontrol spokesperson Dominique Dehaene.
The power outage temporarily shuts down all air traffic in the country.
However, fly-overs at 24,500 feet or higher are still possible, since they
are not a Belgocontrol responsibility.
Eurocontrol declares that air traffic will be down until at least 5:30PM.
Airports at Brussels and Charleroi, for example, are already dealing with a
significant number of delays. Liege and Antwerp-Deurne are out of service as
well. Osten Airport is the only functioning airfield in the country right
now. Most of the planes still in the air have been redirected to airports in
neighbouring countries. [...]
------------------------------
Date: Fri, 29 May 2015 11:56:59 -0700
From: Prashanth Mundkur <prashant...@gmail.com>
Subject: 'Software Glitch Pauses LightSail Test Mission' (Jason Davis)
Jason Davis, The Planetary Society Blog, 26 May 2015
http://www.planetary.org/blogs/jason-davis/2015/20150526-software-glitch-pauses-ls-test.html
Every 15 seconds, LightSail transmits a telemetry beacon packet. The
software controlling the main system board writes corresponding
information to a file called beacon.csv. If you're not familiar with CSV
files, you can think of them as simplified spreadsheets -- in fact, most
can be opened with Microsoft Excel.
As more beacons are transmitted, the file grows in size. When it reaches
32 megabytes -- roughly the size of ten compressed music files -- it can
crash the flight system.
[Article also noted by robert schaefer: ``It is now believed that a
vulnerability in the software controlling the main avionics board halted
spacecraft operations, leaving a reboot as the only remedy to continue the
mission.'' There's no one in outer space to push the reset button. RS]
------------------------------
Date: Wed, 27 May 2015 07:52:22 -0600
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Volvo horrible self-parking car accident
Fusion.net, 26 May 2015
Last week, a gossip blog based in the Dominican Republic called Remolacha
published a disturbing video of what it said was a self-parking car
accident. A group of people stand in a garage watching and filming a grey
Volvo XC60 that backs up, stops, and then accelerates toward the group. It
smashes into two people, and causes the person filming the video with his
phone to drop it and run. It is terrifying. [...]
The main issue, said [Volvo spokesperson Johan] Larsson, is that it appears
that the people who bought this Volvo did not pay for the Pedestrian
detection functionality, which is a feature that costs more money.
The Volvo XC60 comes with City Safety as a standard feature, however this
does not include the Pedestrian detection functionality, said Larsson. The
City Safety system kicks in when someone is in stop-and-go traffic, helping
the driver avoid rear ending another car while driving slowly, or under 30
mph.
http://fusion.net/story/139703/self-parking-car-accident-no-pedestrian-detection/
------------------------------
Date: Mon, 25 May 2015 15:07:44 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Boston water main break disrupts telecommunication services for
thousands throughout Massachusetts
http://www.masslive.com/news/index.ssf/2015/05/boston_water_main_break_disrup.html
------------------------------
Date: Mon, 1 Jun 2015 09:41:40 -0400
From: Gene Spafford <sp...@cerias.purdue.edu>
Subject: How Is Critical 'Life or Death' Software Tested? | Motherboard
Do read my whole blog post that is referenced here.
http://motherboard.vice.com/read/how-is-critical-life-or-death-software-tested
------------------------------
Date: Wed, 27 May 2015 08:28:02 -0400
From: robert schaefer <r...@haystack.mit.edu>
Subject: Clueless Clause: Insurer Cites Lax Security in Challenge to Cottage
Health Claim
Will software security insurance eventually change lax security behavior?
"In-brief: In what may become a trend, an insurance company is denying a
claim from a California healthcare provider following the leak of data on
more than 32,000 patients. The insurer, Columbia Casualty, charges that
Cottage Health System did an inadequate job of protecting patient data."
securityledger.com/2015/05/clueless-clause-insurer-cites-lax-security-in-challenge-to-cottage-health-claim/
[This article also noted by Henry Baker, :-)
FYI -- Finally, the costs of NOT securing people's data will exceed the
costs of securing those data.
Henry added, Companies will now pay more attention when the IRS
demonstrates to them how to improve their computer security.
PGN]
------------------------------
Date: Mon, 25 May 2015 08:38:47 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Even Tiny Updates to Tech Can Be Obstacles for the Disabled (WiReD)
http://www.wired.com/2015/05/even-tiny-updates-tech-can-obstacles-disabled/
(WiReD via NNSquad)
"For me, every step forward in making things lighter and smaller is a new
obstacle. Often, the buttons I need to hit are too small, the screen too
sensitive, or the glare off the screen too distracting to allow me to make
use of my device. Updates to operating systems or apps that create slight
changes to the size and position of buttons throw me off for days. While
these changes might go unnoticed by a typical user, I endure a relearning
process that slows me down and makes it more difficult to communicate." --
Paul Kotler
------------------------------
Date: 29 May 2015 22:15:35 -0400
From: "Bob Frankston" <bob19...@bobf.frankston.com>
Subject: Woman plans to sue after Fla. license labels her a sex offender
http://www.baynews9.com/content/news/baynews9/news/article.html/content/news/articles/bn9/2015/5/7/woman_plans_to_sue_a.html
This isn't exactly a new risk. But as we are increasingly dependent upon
these systems we need to take into account human factors. If this were a
consumer-facing system it's likely that such checks would be built in. But
how do these design factors get addressed in systems built to
specifications? Or must we accept bad design just to get conformance to
requirements?
What are the details of this particular system?
------------------------------
Date: Mon, 1 Jun 2015 11:10:45 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: When Is A Violent Facebook Post A 'Threat'? SCOTUS Isn't Sure.
[National Journal via NNSquad]
http://www.nationaljournal.com/tech/supreme-court-intent-matters-in-violent-facebook-posts-20150601
The Supreme Court on Monday inched a little bit closer to answering a
major free-speech question: how to draw the line between real threats of
violence and angry diatribes protected by the First Amendment. In an 8-1
ruling, the court threw out the conviction of a Pennsylvania man who wrote
violent, obscene Facebook posts about killing his wife, his coworkers, FBI
agents and even kindergartners. But the court did not set a clear standard
for future cases involving online threats, and some of the justices
complained that the ruling would only make the legal landscape more
complicated.
------------------------------
Date: Tue, 26 May 2015 07:21:30 -0700
From: Henry Baker <hba...@pipeline.com>
Subject: House of Discards: Wikipedia pre-election edits
This kind of activity is precisely why Europe's purported "right to be
forgotten" is so dangerous to democracy.
Ben Riley-Smith, *The Telegraph*, 26 May 2015
Expenses and sex scandal deleted from MPs' Wikipedia pages by computers
inside Parliament
Exclusive: References to 'chauffeur-driven cars' and a criminal arrest wiped
from online biographies in run-up to election
http://www.telegraph.co.uk/news/general-election-2015/11574217/Expenses-and-sex-scandal-deleted-from-MPs-Wikipedia-pages-by-computers-inside-Parliament.html
Expense claims and a Westminster sex scandal were deleted from MPs'
Wikipedia pages by computers inside Parliament before the election, The
Telegraph has found.
Details of a police arrest, electoral fraud allegation and the use of
"chauffeur-driven cars" were also been wiped by people inside the Commons.
The revelation will raise suspicion MPs or their political parties
deliberately hid information from the public online to make candidates
appear more electable to voters.
More than a dozen online biographies of sitting MPs were doctored from
computers with IP addresses owned by the Houses of Parliament in the run-up
to the election.
Requests for comment were made to all the MPs in question via their party
press offices, but just a handful replied to say the changes had nothing to
do with them.
Anyone can edit Wikipedia, an online encyclopaedia kept up to date by
users. However each change is tracked and linked to an IP address - a unique
string of numbers that identifies each computer using an Internet network.
By looking at the changes made by computers with IP addresses owned by the
Houses of Parliament it is possible to see what edits are being made from
inside the Commons.
*The Telegraph* has discovered persistent changes to MPs' biographies made
from Parliament in what appears to be a deliberate attempt to hide
embarrassing information from the electorate.
[Numerous dishy examples omitted for lack of RISKS-relevance. PGN]
FULL DETAILS OF WHAT WIKIPEDIA CHANGES WERE MADE FROM PARLIAMENT COMPUTERS ...
[omitted for RISKS]
------------------------------
Date: Sat, 23 May 2015 10:33:45 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: New incredibly cumbersome online voting system
"Maybe Online Voting Isn't A Pipe Dream After All" (via NNSquad)
http://readwrite.com/2015/05/22/du-vote-secure-online-voting
Finally, you'd have to have faith that people would be willing to enter
strings of numbers into both a handheld token and the online electoral
website. Not to mention the fact that the system's security also depends
on voters' willingness to flip a coin and take action based on the
result. If in practice most people just entered the "column A" digits out
of habit, that would undermine the system's reliability.
Uselessly cumbersome, unworkable, and does nothing to solve the problems of
integrity of the election process in terms of maintaining recountability
(e.g., validated paper receipts or other mechanisms) and anonymity of votes.
------------------------------
Date: Mon, 25 May 2015 18:49:36 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: A Tech Boom Aimed at the Few, Instead of the World
The industry once thought big, but today's wave of start-ups is
characterized by a rise in services aimed at the wealthy and the young.
http://www.nytimes.com/2015/05/21/technology/personaltech/a-tech-boom-aimed-aat-the-few-instead-of-the-world.html
------------------------------
Date: Mon, 25 May 2015 18:48:46 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Americans Don't Trust Government and Companies to Protect Privacy
Most Americans say it is important to control who has access to their
personal information, but they have little faith that the government or
companies will protect their private data, according to a new report by the
Pew Research Center.
http://bits.blogs.nytimes.com/2015/05/20/survey-finds-americans-dont-trust-government-and-companies-to-protect-privacy/
------------------------------
Date: Mon, 25 May 2015 18:40:19 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: The Government's Consumer Data Watchdog
The Federal Trade Commission's chief technologist fights to ensure that
companies keep consumers' information safe and private.
http://www.nytimes.com/2015/05/24/technology/the-governments-consumer-data-watchdog.html
------------------------------
Date: Tue, 26 May 2015 15:54:51 -0700
From: Henry Baker <hba...@pipeline.com>
Subject: IRS says thieves stole tax info from >100,000 taxpayers
FYI -- It doesn't get much worse than this; these are the same people that
can take money out of your bank accounts any time they want to.
"We don't care, we don't have to...we're the IRS." (apologies to Lily Tomlin).
"During this filing season, taxpayers successfully and safely downloaded a
total of approximately 23 million transcripts."
So the real number is somewhere between 1 and 23 million; let's pick
"100,000" as a nice average.?!.
http://bigstory.ap.org/article/34539a748b3745ffb92451472f814ffa/apnewsbreak-irs-says-thieves-stole-tax-info-100000
APNewsBreak: IRS says thieves stole tax info from 100,000
Stephen Ohlemacher, AP, 26 May 2015
WASHINGTON (AP) --Thieves used an online service provided by the IRS to gain
access to information from more than 100,000 taxpayers, the agency said
Tuesday.
The information included tax returns and other tax information on file with
the IRS.
The IRS said the thieves accessed a system called "Get Transcript." In
order to access the information, the thieves cleared a security screen that
required knowledge about the taxpayer, including Social Security number,
date of birth, tax filing status and street address.
"We're confident that these are not amateurs," said IRS Commissioner John
Koskinen.
Koskinen said the agency was alerted to the thieves when technicians noticed
an increase in the number of taxpayers seeking transcripts.
The IRS said they targeted the system from February to mid-May. The service
has been temporarily shut down.
Taxpayers sometimes need copies of old tax returns to apply for mortgages or
college aid. While the system is shut down, taxpayers can still apply for
transcripts by mail.
The IRS said its main computer system, which handles tax filing submissions,
remains secure.
The IRS has launched a criminal investigation. The agency's inspector
general is also investigating.
"In all, about 200,000 attempts were made from questionable email domains,
with more than 100,000 of those attempts successfully clearing
authentication hurdles," the agency said. "During this filing season,
taxpayers successfully and safely downloaded a total of approximately 23
million transcripts."
------------------------------
Date: Mon, 25 May 2015 18:47:41 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Up to 1.1 Million Customers Could be Affected in Data Breach at
Insurer CareFirst
The hacking of CareFirst, a health insurer, may have some common links to
the attacks on Anthem and Premera.
http://www.nytimes.com/2015/05/21/business/carefirst-discloses-data-breach-up-to-1-1-million-customers-affected.html
------------------------------
Date: Sat, 23 May 2015 15:30:40 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Adult FriendFinder hack EXPOSES MILLIONS of MEMBERS (John Leyden)
John Leyden, *The Register*, 22 May 2015
Users with a fetish for risky encounters in public spaces will be thrilled
Hackers have swiped and leaked the personal details and sexual preferences
of 3.9 million users of hookup website Adult FriendFinder.
Lusty lonely hearts, including those who asked for their account to be
deleted, have been left in an awkward position after hackers broke into
systems before uploading the details to the dark web.
Email addresses, usernames, postcodes, dates of birth and IP addresses of
3.9 million members have been exposed.
http://www.theregister.co.uk/2015/05/22/adult_hookup_site_breach_data/
------------------------------
Date: Tue, 26 May 2015 15:58:10 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: "Large-scale attack hijacks routers through users' browsers"
(Lucian Constantin)
Lucian Constantin, InfoWorld, 26 Mak 2015
Security researchers have found a Web attack tool designed specifically to
exploit vulnerabilities in routers and hijack their DNS settings
http://www.infoworld.com/article/2926221/security/large-scale-attack-hijacks-routers-through-users-browsers.html
------------------------------
Date: Sun, 31 May 2015 19:20:41 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Ex-FIFA Official Cites Satirical 'Onion' Article in His Self-Defense
http://www.nytimes.com/2015/06/01/world/americas/ex-fifa-official-jack-warner-cites-onion-article-in-defense.html
Jack Warner, arrested last week in connection with a criminal investigation,
held up the faux news report as evidence, he said, of an American
conspiracy.
------------------------------
Date: Mon, 01 Jun 2015 08:14:01 -0700
From: Henry Baker <hba...@pipeline.com>
Subject: Elizabeth Warren's official website is untrusted by Firefox
This Connection is Untrusted
You have asked Firefox to connect securely to www.warren.senate.gov, but we
can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted
identification to prove that you are going to the right place. However,
this site's identity can't be verified. [...]
www.warren.senate.gov uses an invalid security certificate.
------------------------------
Date: Sat, 30 May 2015 11:30:56 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: One-Tap Giving? Extra Steps Mire Mobile Donations
http://www.nytimes.com/2015/05/30/your-money/one-tap-giving-extra-steps-mire-mobile-donations.html
Mobile apps can be used to summon a car or order food with a simple tap, but
making a charitable donation is not as easy.
------------------------------
Date: Mon, 1 Jun 2015 09:06:05 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Partners launches $1.2 billion electronic health records system
http://www.bostonglobe.com/business/2015/05/31/partners-launches-billion-electronic-health-records-system/oo4nJJW2rQyfWUWQlvydkK/story.html
------------------------------
Date: Mon, 1 Jun 2015 11:10:26 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Could wearing a smartwatch behind the wheel land you in hot water?
(Hayley Tsukayama)
Hayley Tsukayama, 29 May 2015
Smartwatches such as the Apple Watch are designed to keep us from being
glued to our smartphone screens all day. But even with their bite-sized
messages, are these new gadgets still too distracting for use behind the
wheel?
Some other countries' police officers certainly seem to think so. A Canadian
man was fined $120 for using his Apple Watch while driving earlier this
week, Montreal's CTV News reported. ...
http://www.washingtonpost.com/blogs/the-switch/wp/2015/05/29/could-wearingw-a-smartwatch-behind-the-wheel-land-you-in-hot-water/
Pincourt man fined $120 for using Apple Watch while driving
http://montreal.ctvnews.ca/pincourt-man-fined-120-for-using-apple-watch-while-driving-1.2394293
------------------------------
Date: Wed, 27 May 2015 09:54:33 -0400
From: robert schaefer <r...@haystack.mit.edu>
Subject: Hacked billboard gets rude
FBI and Homeland Security Respond to Shocking Goatse Bomb in Atlanta
http://gawker.com/fbi-and-homeland-security-respond-to-shocking-goatse-bo-1704768347
"The setup is exactly as insecure as you'd imagine: many of these electronic
billboards are completely unprotected, dangling on the public Internet
without a password or any kind of firewall. This means it's pretty simple to
change the image displayed from a new AT&T offer to, say, Goatse.'' ...
"security researcher Dan Tentler tweeted yesterday that he'd tried to warn
this very same sign company that their software is easily penetrable by
anyone with a computer and net connection and was told they were `not
interested'.
------------------------------
Date: Mon, 25 May 2015 18:33:52 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Uber Closes In on Its Last Frontier: Airports
http://www.nytimes.com/2015/05/26/business/uber-closes-in-on-its-last-frontier-airports.html
American airport officials know the ride-hailing phenomenon will not recede,
and they are rewriting regulations to welcome all manner of cars.
------------------------------
Date: Sun, 24 May 2015 23:08:42 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Driving Uber Mad
http://www.nytimes.com/2015/05/24/opinion/sunday/maureen-dowd-driving-uber-mad.html
The tragic saga of how Cinderella's Uber coach turned back into a judgmental
pumpkin.
------------------------------
Date: Sun, 24 May 2015 23:14:57 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Behind the Downfall at BlackBerry
http://bits.blogs.nytimes.com/2015/05/24/behind-the-downfall-at-blackberry/
A new book by two reporters from The Globe and Mail offers details about the
emotional and business turmoil surrounding BlackBerry's near collapse.
------------------------------
Date: Sun, 24 May 2015 13:37:55 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Verizon's 'Pick Your Own Cable TV Channels' Is Just Another Bait &
Switch -- Read the Fine Print (Bruce Kushnick)
Bruce Kushnick, *HuffPost*, 22 May 2015
It amazes me how many media stories have decided to just cut and paste
Verizon's supplied information about their new FiOS "customized TV plan"
without examining the 'fine print'. I guess everyone is just desperate to
get anything that smacks of ala-carte pricing for cable TV service, where
the customer can pick and choose which cable programming they want to buy --
and is supposed to save some money.
http://www.huffingtonpost.com/bruce-kushnick/verizons-pick-your-own-ca_b_7419440.html
------------------------------
Date: Sun, 24 May 2015 00:22:53 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Anti-NSA Pranksters Planted Tape Recorders Across New York and
Published Your Conversations (Andy Greenberg)
Andy Greenberg, 20 May 2015
A woman at a gym tells her friend she pays rent higher than $2,000 a
month. An ex-Microsoft employee describes his work as an artist to a woman
he's interviewing to be his assistant -- he makes paintings and body casts,
as well as something to do with infrared light that's hard to discern from
his foreign accent. Another man describes his gay lover's unusual sexual
fetish, which involves engaging in fake fistfights, ``like we were doing a
scene from Batman Returns.''
These conversations -- apparently real ones, whose participants had no
knowledge an eavesdropper might be listening -- were recorded and published
by the NSA. Well, actually no, not the NSA, but an anonymous group of
anti-NSA protesters claiming to be contractors of the intelligence agency
and launching a new `pilot program' in New York City on its behalf. That
spoof of a pilot program, as the prankster provocateurs describe and
document in videos on their website, involves planting micro-cassette
recorders under tables and benches around New York city, retrieving the
tapes and embedding the resulting audio on their website:
Wearealwayslistening.com. ...
http://www.wired.com/2015/05/nsa-pranksters-planted-tape-recorders-nyc/
------------------------------
Date: May 29, 2015 at 8:36:04 AM EDT
From: Dewayne Hendricks <dew...@warpspeed.com>
Subject: The Age Of Disinformation (James Spann)
James Spann, Medium.com, 27 May 2015 (via Dave Farber)
<https://medium.com/@spann/the-age-of-disinformation-98d55837d7d9>
I have been a professional meteorologist for 36 years. Since my debut on
television in 1979, I have been an eyewitness to the many changes in
technology, society, and how we communicate. I am one who embraces change,
and celebrates the higher quality of life we enjoy now thanks to this
progress.
But, at the same time, I realize the instant communication platforms we
enjoy now do have some negatives that are troubling. Just a few examples in
recent days:
I would say hundreds of people have sent this image to me over the past 24
hours via social media. [Rest omitted; somewhat less computer relevant. PGN]
------------------------------
Date: Sun, 24 May 2015 19:46:01 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: BBC: The generation that tech forgot (via NNSquad)
http://www.bbc.com/news/technology-32511489 [an important read. LW]
With a rising elderly population, the technology industry cannot afford to
ignore the issue. It is estimated that, by 2030, 19% of the US population
will be over 65 - roughly the same proportion that currently own iPhones.
And by 2050, there will be one retired person for every two that are in
work. Apple is looking to address this - but not with new hardware. In a
joint venture with IBM, it announced last month it would design "iPad
apps" that would be "very easy to use for seniors". Aimed at the Japanese
market, the apps will help connect millions of older people with
healthcare services. "It assumes that its product is inherently usable,"
says Mr Hosking.
And this situation is a terrible shame and waste, because this tech
can bring enormous benefits even to very elderly persons, if the
effort were made by someone with sufficient resources and talent to do
it right. (I'm talking to you, Google.)
------------------------------
Date: Tue, 26 May 2015 18:29:47 +0900
From: chiaki ishikawa <ishi...@yk.rim.or.jp>
Subject: A badly designed centralized desktop management can cause health risks
In today's computing environment, especially in an enterprise setting where
IT department looks after the PCs and other devices distributed across the
premise, the need for centralized control is acute.
Even PC's desktops are no exception with respect to the centralized
control. We now have PCs running as if they were thin client in some
environments.
When a user logs in, these PCs load the user environment from centrally
managed servers. The local files are swapped in/out when a different user
logs in. (A similar complete wiping out of the previous user's desktop and
restarting a computer with a fresh install even can often be seen at a PC
made available at a hotel room or a hotel business center.)
Such a centralized control may cause network load issues reported in web
blogs and vendor white papers.
With that background, let me tell you a story.
I visited a hospital the other day for an appointment at 09:00. This is the
earliest slot in the morning. I was there at about 08:50 and was instructed
to wait in front of the doctor's office. Above the door, there is an LCD
screen that shows whose turn (a number for the day's appointment which is
printed on a supermarket receipt-like paper when I check in at the hospital
using my ID card.). If there are people waiting, the queue is shown at the
bottom. I thought it was really neat in this modern ICT age (although I
thought it is a bit of waste of electricity although I am not sure if the
LCD ran in energy saving mode or something.)
>From the manner the doctor set up the 09:00 appointment a few weeks ago, I
thought I would be consulted at 09:00 sharp.
But 09:00 came and passed and nothing happened. I noticed the dentist's
office in the back began accepting patients. (The hospital was a large
general hospital with many departments.) Still nothing. Another doctor's
office in the same row began accepting patient around 09:05. Still nothing
at my doctor's office. I noticed the smoked glass window on the door of the
doctor's office showed the interior lighting, so the doctor was already in.
I began wondering if my previous medical tests turned out very bad and the
doctor was going over them very carefully (?)
At about 09:10, the LCD screen above my doctor's office door finally
displayed my appoint number as the first patient that morning. I went in
the office uneasily, and the first thing the doctor said is not related to
my health at all: "Logging in is too slow in the morning. I could not get to
read the data"(!)
Wow. A great Risks item :-)
It seems that the PC in the doctor's office is used as a thin-client
workstation [running Java applications] setting to access medical care
system, and from what gathered looking at the screen and hardware in a short
time while I was there, it seems that the user-profile and everything is
first copied to the local PC for efficiency reasons, and that caused a flood
of the network transfer in the morning just before 09:00 when doctors and
clerks began using their computers. No wonder all other doctors, too, could
not invite patients quickly enough.
The doctor mentioned the particular system is not used widely although it is
priced at low cost which the hospital could afford: the doctor said
something about low-quality, but I doubt that in general terms. It seemed
feature-rich from the menu and the doctor's interaction once the files were
fetched from the server(s) was good and UI seemed better than some systems
used at smaller hospitals I have seen.
But the problem is that this particular installation is simply not designed
very well for network peak usage for a big hospital, and presumably other
high-priced systems use different approach regarding the centralized desktop
management to avoid the peak usage issue (or uses even 10GHz for backbone
for network transfer I suppose to take care of high volume of I/O at peak
time and powerful servers that cost a lot.)
Well, a bad system design can cause health risks.
Anyone going to this particular hospital had better not have a heart attack
or other sudden severe symptoms before 9 o'clock in the morning because by
the time they may get to the hospital on an ambulance in time, the doctors
may not be able to read vital data due to "network timeout" on their PCs (!)
I never thought I would experience such a direct computer-related risk in a
hospital I visit.
------------------------------
Date: Mon, 1 Jun 2015 10:57:43 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: CONTRARY WARNING! - "How Google Finally Got Design"
http://www.fastcodesign.com/3046512/how-google-finally-got-design?utm_content-buffer20941
"Google's transformation into a company that creates beautiful software
is the story of how tech itself has evolved in the mobile era."
I'm posting this item here as an example of how different points of view can
create *utterly contrary* reactions -- because to many observers Google's
user interfaces (and this definitely isn't just a Google problem) have
become increasingly, frustratingly *unusable* to significant and growing
segments of the user population -- special needs, older users, and
others. I'm currently conducting a survey on these issues -- please see:
http://lauren.vortex.com/archive/001103.html
and responses have been pouring in -- many of them maddeningly
heartbreaking. More on this as I collect additional ongoing data.
------------------------------
Date: Tue, 26 May 2015 08:57:26 -0700
From: Henry Baker <hba...@pipeline.com>
Subject: NYTimes.com is a very expensive "wall wart"
There's something very weird about the Firefox browser & *The New York
Times* web site, which causes my computers to use 5-8x the electricity of
most other web sites.
I have Javascript completely turned off, thanks to NoScript, but the NYTimes
web site still consumes 11-15% of my CPU's (tested with both Windows/32-bit
and Ubuntu/64-bit).
Other web sites -- e.g., LATimes.com, Boston.com, etc. (also with Javascript
disabled) -- take only perhaps 1-3% of my CPU's.
The high CPU load occurs only when NYTimes is the top tab; if I switch the
top tab to LATimes.com, the CPU load drops down to 1-3%.
The NYTimes CPU load persists even when these computers are disconnected
from the Internet.
These measurements are up-to-date (as of today, 5/26/2015) for Firefox v. 38.
All add-ons & extensions are disabled -- except NoScript -- and
particularly, *all video is disabled*.
The problem is not expensive gif images, because other sites which use gifs
are not so expensive.
I'm mystified.
Apparently, leaving The NYTimes open in your Firefox browser makes for very
expensive wallpaper.
------------------------------
Date: Fri, 29 May 2015 08:32:00 -0400
From: robert schaefer <r...@haystack.mit.edu>
Subject: This Ad for Banned Food in Russia Can Hide Itself From the Cops
This is an advertising stunt, but has interesting implications all the same:
"Websites are already able to serve up ads customized for whoever happens to
be viewing a page. Now an ad agency in Russia is taking that idea one step
further with an outdoor billboard that's able to automatically hide when it
spots the police coming."
http://gizmodo.com/this-ad-for-banned-food-in-russia-can-hide-itself-from-1707145443
------------------------------
Date: Thu, 28 May 2015 13:17:31 +0100
From: David Damerell <dame...@chiark.greenend.org.uk>
Subject: Re: Only 3% of people aced Intel's phishing quiz (Jeff Jedras)
An alarming figure! But when we look at the story, we find the reality is
(slightly) less alarming; that includes people who identified non-phishes
as phishes, whereas "only" 80% of the people tested misidentified phishes.
------------------------------
Date: Tue, 26 May 2015 23:47:37 -0500
From: "Alister Wm Macintyre \(Wow\)" <macwh...@wowway.com>
Subject: Re: All cars must have tracking devices (Drewe)
[Numerous collision incidents have occurred -- some days half a dozen]
between trains and road vehicles, in the USA, described at this site:
http://www.trainwreckdb.com/
I wonder what the rate is like elsewhere in our world.
I suspect some of this, and violations of school bus safety, is thanks to
the USA eliminating driver education from the school system, allegedly
triggered by budget cuts.
We can be thankful that these incidents are not triggering bomb trains.
Bomb trains go off typically at least twice a month -- there were almost 40
of them in the USA in 2014. Basically the infrastructure, to move crude
oil, was developed before we had Canadian Oil Sands, and US fracking. Oil
from those sources contain a lot of pieces of rock and sand, which abrade
the insides of pipelines and oil tankers, causing them to breach, reach
something to trigger ignition, and away they go in a monster fire. Here's a
source for the above statistics:
http://www.wsj.com/articles/train-wrecks-hit-tougher-oil-railcars-1425861371
------------------------------
Date: Mon, 17 Nov 2014 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-...@csl.sri.com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-s...@csl.sri.com or risks-un...@csl.sri.com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact <Lindsay....@newcastle.ac.uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line.
*** NOTE: Including the string `notsp' at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
<http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
is no longer maintained up-to-date except for recent election problems.
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 28.66
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.66.html>
The current issue can be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Airbus confirms A440M transport plane downed by badly configured SW
(Gabe Goldberg)
Belgian air traffic outage (Werner U)
Software Glitch Pauses LightSail Test Mission (Jason Davis via
(Prashanth Mundkur)
Volvo horrible self-parking car accident (Fusion via Jim Reisert)
Boston water main break disrupts telecommunication services for thousands
throughout Massachusetts (MassLive via Monty Solomon)
How Is Critical 'Life or Death' Software Tested? (Motherboard via
Gene Spafford)
Clueless Clause: Insurer Cites Lax Security in Challenge to Cottage Health
Claim (robert schaefer)
Even Tiny Updates to Tech Can Be Obstacles for the Disabled
(WiReD via Lauren Weinstein)
Woman plans to sue after Fla. license labels her a sex offender
(Baynews9 via Bob Frankston)
When Is A Violent Facebook Post A 'Threat'? SCOTUS Isn't Sure.
(National Journal via NNSquad)
House of Discards: Wikipedia pre-election edits (Henry Baker)
New incredibly cumbersome online voting system (Readwrite via
NNSquad)
A Tech Boom Aimed at the Few, Instead of the World (NYT via Monty Solomon)
Americans Don't Trust Government and Companies to Protect Privacy
(Pew in NYT via Monty Solomon)
The Government's Consumer Data Watchdog (NYT)
IRS says thieves stole tax info from >100,000 taxpayers (Henry Baker)
Up to 1.1 Million Customers Could be Affected in Data Breach at Insurer
CareFirst (NYT via Monty Solomon)
Adult FriendFinder hack EXPOSES MILLIONS of MEMBERS (John Leyden)
Large-scale attack hijacks routers through users' browsers
(Lucian Constantin via Gene Wirchenko)
Ex-FIFA Official Cites Satirical 'Onion' Article in His Self-Defense
(NYT)
Elizabeth Warren's official website is untrusted by Firefox (Henry Baker)
One-Tap Giving? Extra Steps Mire Mobile Donations (Monty Solomon)
Monty Solomon <mo...@roscom.com>
Partners launches $1.2 billion electronic health records system
(The Boston Globe)
Could wearing a smartwatch behind the wheel land you in hot water?
(Hayley Tsukayama)
Hacked billboard gets rude (Gawker via robert schaefer)
Uber Closes In on Its Last Frontier: Airports (NYT)
Driving Uber Mad (NYT)
Behind the Downfall at BlackBerry (NYT)
Verizon's 'Pick Your Own Cable TV Channels' Is Just Another Bait & Switch
-- Read the Fine Print (Bruce Kushnick)
Anti-NSA Pranksters Planted Tape Recorders Across New York and Published
Your Conversations (Andy Greenberg)
The Age Of Disinformation (James Spann via Dewayne Hendricks)
BBC: The generation that tech forgot (Lauren Weinstein)
A badly designed centralized desktop management can cause health risks
(Chiaki Ishikawa)
Lauren Weinstein <lau...@vortex.com>
CONTRARY WARNING! - "How Google Finally Got Design" (FastCodesign)
NYTimes.com is a very expensive "wall wart" (Henry Baker)
This Ad for Banned Food in Russia Can Hide Itself From the Cops
(gismodo via robert schaefer)
Re: Only 3% of people aced Intel's phishing quiz (David Damerell)
Re: All cars must have tracking devices (Alister Wm Macintyre)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 01 Jun 2015 17:30:34 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Airbus confirms A440M transport plane downed by badly configured SW
http://www.theregister.co.uk/2015/05/31/airbus_software_config_brought_down_a400m/
Supposedly correct engine-control software installed improperly [PGN-ed]
------------------------------
Date: Wed, 27 May 2015 12:54:01 +0200
From: Werner U <wer...@gmail.com>
Subject: Belgian air traffic outage
<http://deredactie.be/cm/vrtnieuws.english/News/1.2351961>
[Please visit the article website to see 2 graphics.]
At the moment, Belgian air traffic is completely shut down. Belgocontrol,
the Belgian air traffic control agency, is dealing with a power cut due to
overvoltage. This means that no planes are allowed to land on, or take off
from Belgian airports. Belgian airspace will remain closed until at least
5:30PM. There is increasing chaos at the airports as queues are growing, and
more and more flights are being canceled and delayed.
At 9:45AM, power went down at Belgocontrol. Flights preparing for landing
at that very moment were still allowed to ground on the strip. All other
flights were redirected to airports in neighbouring countries. Emergency
generators appeared to be malfunctioning as well, as they did not
automatically start running. "After that, we proceeded to a 'clear of the
sky' operation", explains Belgocontrol spokesperson Dominique Dehaene.
The power outage temporarily shuts down all air traffic in the country.
However, fly-overs at 24,500 feet or higher are still possible, since they
are not a Belgocontrol responsibility.
Eurocontrol declares that air traffic will be down until at least 5:30PM.
Airports at Brussels and Charleroi, for example, are already dealing with a
significant number of delays. Liege and Antwerp-Deurne are out of service as
well. Osten Airport is the only functioning airfield in the country right
now. Most of the planes still in the air have been redirected to airports in
neighbouring countries. [...]
------------------------------
Date: Fri, 29 May 2015 11:56:59 -0700
From: Prashanth Mundkur <prashant...@gmail.com>
Subject: 'Software Glitch Pauses LightSail Test Mission' (Jason Davis)
Jason Davis, The Planetary Society Blog, 26 May 2015
http://www.planetary.org/blogs/jason-davis/2015/20150526-software-glitch-pauses-ls-test.html
Every 15 seconds, LightSail transmits a telemetry beacon packet. The
software controlling the main system board writes corresponding
information to a file called beacon.csv. If you're not familiar with CSV
files, you can think of them as simplified spreadsheets -- in fact, most
can be opened with Microsoft Excel.
As more beacons are transmitted, the file grows in size. When it reaches
32 megabytes -- roughly the size of ten compressed music files -- it can
crash the flight system.
[Article also noted by robert schaefer: ``It is now believed that a
vulnerability in the software controlling the main avionics board halted
spacecraft operations, leaving a reboot as the only remedy to continue the
mission.'' There's no one in outer space to push the reset button. RS]
------------------------------
Date: Wed, 27 May 2015 07:52:22 -0600
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Volvo horrible self-parking car accident
Fusion.net, 26 May 2015
Last week, a gossip blog based in the Dominican Republic called Remolacha
published a disturbing video of what it said was a self-parking car
accident. A group of people stand in a garage watching and filming a grey
Volvo XC60 that backs up, stops, and then accelerates toward the group. It
smashes into two people, and causes the person filming the video with his
phone to drop it and run. It is terrifying. [...]
The main issue, said [Volvo spokesperson Johan] Larsson, is that it appears
that the people who bought this Volvo did not pay for the Pedestrian
detection functionality, which is a feature that costs more money.
The Volvo XC60 comes with City Safety as a standard feature, however this
does not include the Pedestrian detection functionality, said Larsson. The
City Safety system kicks in when someone is in stop-and-go traffic, helping
the driver avoid rear ending another car while driving slowly, or under 30
mph.
http://fusion.net/story/139703/self-parking-car-accident-no-pedestrian-detection/
------------------------------
Date: Mon, 25 May 2015 15:07:44 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Boston water main break disrupts telecommunication services for
thousands throughout Massachusetts
http://www.masslive.com/news/index.ssf/2015/05/boston_water_main_break_disrup.html
------------------------------
Date: Mon, 1 Jun 2015 09:41:40 -0400
From: Gene Spafford <sp...@cerias.purdue.edu>
Subject: How Is Critical 'Life or Death' Software Tested? | Motherboard
Do read my whole blog post that is referenced here.
http://motherboard.vice.com/read/how-is-critical-life-or-death-software-tested
------------------------------
Date: Wed, 27 May 2015 08:28:02 -0400
From: robert schaefer <r...@haystack.mit.edu>
Subject: Clueless Clause: Insurer Cites Lax Security in Challenge to Cottage
Health Claim
Will software security insurance eventually change lax security behavior?
"In-brief: In what may become a trend, an insurance company is denying a
claim from a California healthcare provider following the leak of data on
more than 32,000 patients. The insurer, Columbia Casualty, charges that
Cottage Health System did an inadequate job of protecting patient data."
securityledger.com/2015/05/clueless-clause-insurer-cites-lax-security-in-challenge-to-cottage-health-claim/
[This article also noted by Henry Baker, :-)
FYI -- Finally, the costs of NOT securing people's data will exceed the
costs of securing those data.
Henry added, Companies will now pay more attention when the IRS
demonstrates to them how to improve their computer security.
PGN]
------------------------------
Date: Mon, 25 May 2015 08:38:47 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Even Tiny Updates to Tech Can Be Obstacles for the Disabled (WiReD)
http://www.wired.com/2015/05/even-tiny-updates-tech-can-obstacles-disabled/
(WiReD via NNSquad)
"For me, every step forward in making things lighter and smaller is a new
obstacle. Often, the buttons I need to hit are too small, the screen too
sensitive, or the glare off the screen too distracting to allow me to make
use of my device. Updates to operating systems or apps that create slight
changes to the size and position of buttons throw me off for days. While
these changes might go unnoticed by a typical user, I endure a relearning
process that slows me down and makes it more difficult to communicate." --
Paul Kotler
------------------------------
Date: 29 May 2015 22:15:35 -0400
From: "Bob Frankston" <bob19...@bobf.frankston.com>
Subject: Woman plans to sue after Fla. license labels her a sex offender
http://www.baynews9.com/content/news/baynews9/news/article.html/content/news/articles/bn9/2015/5/7/woman_plans_to_sue_a.html
This isn't exactly a new risk. But as we are increasingly dependent upon
these systems we need to take into account human factors. If this were a
consumer-facing system it's likely that such checks would be built in. But
how do these design factors get addressed in systems built to
specifications? Or must we accept bad design just to get conformance to
requirements?
What are the details of this particular system?
------------------------------
Date: Mon, 1 Jun 2015 11:10:45 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: When Is A Violent Facebook Post A 'Threat'? SCOTUS Isn't Sure.
[National Journal via NNSquad]
http://www.nationaljournal.com/tech/supreme-court-intent-matters-in-violent-facebook-posts-20150601
The Supreme Court on Monday inched a little bit closer to answering a
major free-speech question: how to draw the line between real threats of
violence and angry diatribes protected by the First Amendment. In an 8-1
ruling, the court threw out the conviction of a Pennsylvania man who wrote
violent, obscene Facebook posts about killing his wife, his coworkers, FBI
agents and even kindergartners. But the court did not set a clear standard
for future cases involving online threats, and some of the justices
complained that the ruling would only make the legal landscape more
complicated.
------------------------------
Date: Tue, 26 May 2015 07:21:30 -0700
From: Henry Baker <hba...@pipeline.com>
Subject: House of Discards: Wikipedia pre-election edits
This kind of activity is precisely why Europe's purported "right to be
forgotten" is so dangerous to democracy.
Ben Riley-Smith, *The Telegraph*, 26 May 2015
Expenses and sex scandal deleted from MPs' Wikipedia pages by computers
inside Parliament
Exclusive: References to 'chauffeur-driven cars' and a criminal arrest wiped
from online biographies in run-up to election
http://www.telegraph.co.uk/news/general-election-2015/11574217/Expenses-and-sex-scandal-deleted-from-MPs-Wikipedia-pages-by-computers-inside-Parliament.html
Expense claims and a Westminster sex scandal were deleted from MPs'
Wikipedia pages by computers inside Parliament before the election, The
Telegraph has found.
Details of a police arrest, electoral fraud allegation and the use of
"chauffeur-driven cars" were also been wiped by people inside the Commons.
The revelation will raise suspicion MPs or their political parties
deliberately hid information from the public online to make candidates
appear more electable to voters.
More than a dozen online biographies of sitting MPs were doctored from
computers with IP addresses owned by the Houses of Parliament in the run-up
to the election.
Requests for comment were made to all the MPs in question via their party
press offices, but just a handful replied to say the changes had nothing to
do with them.
Anyone can edit Wikipedia, an online encyclopaedia kept up to date by
users. However each change is tracked and linked to an IP address - a unique
string of numbers that identifies each computer using an Internet network.
By looking at the changes made by computers with IP addresses owned by the
Houses of Parliament it is possible to see what edits are being made from
inside the Commons.
*The Telegraph* has discovered persistent changes to MPs' biographies made
from Parliament in what appears to be a deliberate attempt to hide
embarrassing information from the electorate.
[Numerous dishy examples omitted for lack of RISKS-relevance. PGN]
FULL DETAILS OF WHAT WIKIPEDIA CHANGES WERE MADE FROM PARLIAMENT COMPUTERS ...
[omitted for RISKS]
------------------------------
Date: Sat, 23 May 2015 10:33:45 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: New incredibly cumbersome online voting system
"Maybe Online Voting Isn't A Pipe Dream After All" (via NNSquad)
http://readwrite.com/2015/05/22/du-vote-secure-online-voting
Finally, you'd have to have faith that people would be willing to enter
strings of numbers into both a handheld token and the online electoral
website. Not to mention the fact that the system's security also depends
on voters' willingness to flip a coin and take action based on the
result. If in practice most people just entered the "column A" digits out
of habit, that would undermine the system's reliability.
Uselessly cumbersome, unworkable, and does nothing to solve the problems of
integrity of the election process in terms of maintaining recountability
(e.g., validated paper receipts or other mechanisms) and anonymity of votes.
------------------------------
Date: Mon, 25 May 2015 18:49:36 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: A Tech Boom Aimed at the Few, Instead of the World
The industry once thought big, but today's wave of start-ups is
characterized by a rise in services aimed at the wealthy and the young.
http://www.nytimes.com/2015/05/21/technology/personaltech/a-tech-boom-aimed-aat-the-few-instead-of-the-world.html
------------------------------
Date: Mon, 25 May 2015 18:48:46 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Americans Don't Trust Government and Companies to Protect Privacy
Most Americans say it is important to control who has access to their
personal information, but they have little faith that the government or
companies will protect their private data, according to a new report by the
Pew Research Center.
http://bits.blogs.nytimes.com/2015/05/20/survey-finds-americans-dont-trust-government-and-companies-to-protect-privacy/
------------------------------
Date: Mon, 25 May 2015 18:40:19 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: The Government's Consumer Data Watchdog
The Federal Trade Commission's chief technologist fights to ensure that
companies keep consumers' information safe and private.
http://www.nytimes.com/2015/05/24/technology/the-governments-consumer-data-watchdog.html
------------------------------
Date: Tue, 26 May 2015 15:54:51 -0700
From: Henry Baker <hba...@pipeline.com>
Subject: IRS says thieves stole tax info from >100,000 taxpayers
FYI -- It doesn't get much worse than this; these are the same people that
can take money out of your bank accounts any time they want to.
"We don't care, we don't have to...we're the IRS." (apologies to Lily Tomlin).
"During this filing season, taxpayers successfully and safely downloaded a
total of approximately 23 million transcripts."
So the real number is somewhere between 1 and 23 million; let's pick
"100,000" as a nice average.?!.
http://bigstory.ap.org/article/34539a748b3745ffb92451472f814ffa/apnewsbreak-irs-says-thieves-stole-tax-info-100000
APNewsBreak: IRS says thieves stole tax info from 100,000
Stephen Ohlemacher, AP, 26 May 2015
WASHINGTON (AP) --Thieves used an online service provided by the IRS to gain
access to information from more than 100,000 taxpayers, the agency said
Tuesday.
The information included tax returns and other tax information on file with
the IRS.
The IRS said the thieves accessed a system called "Get Transcript." In
order to access the information, the thieves cleared a security screen that
required knowledge about the taxpayer, including Social Security number,
date of birth, tax filing status and street address.
"We're confident that these are not amateurs," said IRS Commissioner John
Koskinen.
Koskinen said the agency was alerted to the thieves when technicians noticed
an increase in the number of taxpayers seeking transcripts.
The IRS said they targeted the system from February to mid-May. The service
has been temporarily shut down.
Taxpayers sometimes need copies of old tax returns to apply for mortgages or
college aid. While the system is shut down, taxpayers can still apply for
transcripts by mail.
The IRS said its main computer system, which handles tax filing submissions,
remains secure.
The IRS has launched a criminal investigation. The agency's inspector
general is also investigating.
"In all, about 200,000 attempts were made from questionable email domains,
with more than 100,000 of those attempts successfully clearing
authentication hurdles," the agency said. "During this filing season,
taxpayers successfully and safely downloaded a total of approximately 23
million transcripts."
------------------------------
Date: Mon, 25 May 2015 18:47:41 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Up to 1.1 Million Customers Could be Affected in Data Breach at
Insurer CareFirst
The hacking of CareFirst, a health insurer, may have some common links to
the attacks on Anthem and Premera.
http://www.nytimes.com/2015/05/21/business/carefirst-discloses-data-breach-up-to-1-1-million-customers-affected.html
------------------------------
Date: Sat, 23 May 2015 15:30:40 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Adult FriendFinder hack EXPOSES MILLIONS of MEMBERS (John Leyden)
John Leyden, *The Register*, 22 May 2015
Users with a fetish for risky encounters in public spaces will be thrilled
Hackers have swiped and leaked the personal details and sexual preferences
of 3.9 million users of hookup website Adult FriendFinder.
Lusty lonely hearts, including those who asked for their account to be
deleted, have been left in an awkward position after hackers broke into
systems before uploading the details to the dark web.
Email addresses, usernames, postcodes, dates of birth and IP addresses of
3.9 million members have been exposed.
http://www.theregister.co.uk/2015/05/22/adult_hookup_site_breach_data/
------------------------------
Date: Tue, 26 May 2015 15:58:10 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: "Large-scale attack hijacks routers through users' browsers"
(Lucian Constantin)
Lucian Constantin, InfoWorld, 26 Mak 2015
Security researchers have found a Web attack tool designed specifically to
exploit vulnerabilities in routers and hijack their DNS settings
http://www.infoworld.com/article/2926221/security/large-scale-attack-hijacks-routers-through-users-browsers.html
------------------------------
Date: Sun, 31 May 2015 19:20:41 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Ex-FIFA Official Cites Satirical 'Onion' Article in His Self-Defense
http://www.nytimes.com/2015/06/01/world/americas/ex-fifa-official-jack-warner-cites-onion-article-in-defense.html
Jack Warner, arrested last week in connection with a criminal investigation,
held up the faux news report as evidence, he said, of an American
conspiracy.
------------------------------
Date: Mon, 01 Jun 2015 08:14:01 -0700
From: Henry Baker <hba...@pipeline.com>
Subject: Elizabeth Warren's official website is untrusted by Firefox
This Connection is Untrusted
You have asked Firefox to connect securely to www.warren.senate.gov, but we
can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted
identification to prove that you are going to the right place. However,
this site's identity can't be verified. [...]
www.warren.senate.gov uses an invalid security certificate.
------------------------------
Date: Sat, 30 May 2015 11:30:56 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: One-Tap Giving? Extra Steps Mire Mobile Donations
http://www.nytimes.com/2015/05/30/your-money/one-tap-giving-extra-steps-mire-mobile-donations.html
Mobile apps can be used to summon a car or order food with a simple tap, but
making a charitable donation is not as easy.
------------------------------
Date: Mon, 1 Jun 2015 09:06:05 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Partners launches $1.2 billion electronic health records system
http://www.bostonglobe.com/business/2015/05/31/partners-launches-billion-electronic-health-records-system/oo4nJJW2rQyfWUWQlvydkK/story.html
------------------------------
Date: Mon, 1 Jun 2015 11:10:26 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Could wearing a smartwatch behind the wheel land you in hot water?
(Hayley Tsukayama)
Hayley Tsukayama, 29 May 2015
Smartwatches such as the Apple Watch are designed to keep us from being
glued to our smartphone screens all day. But even with their bite-sized
messages, are these new gadgets still too distracting for use behind the
wheel?
Some other countries' police officers certainly seem to think so. A Canadian
man was fined $120 for using his Apple Watch while driving earlier this
week, Montreal's CTV News reported. ...
http://www.washingtonpost.com/blogs/the-switch/wp/2015/05/29/could-wearingw-a-smartwatch-behind-the-wheel-land-you-in-hot-water/
Pincourt man fined $120 for using Apple Watch while driving
http://montreal.ctvnews.ca/pincourt-man-fined-120-for-using-apple-watch-while-driving-1.2394293
------------------------------
Date: Wed, 27 May 2015 09:54:33 -0400
From: robert schaefer <r...@haystack.mit.edu>
Subject: Hacked billboard gets rude
FBI and Homeland Security Respond to Shocking Goatse Bomb in Atlanta
http://gawker.com/fbi-and-homeland-security-respond-to-shocking-goatse-bo-1704768347
"The setup is exactly as insecure as you'd imagine: many of these electronic
billboards are completely unprotected, dangling on the public Internet
without a password or any kind of firewall. This means it's pretty simple to
change the image displayed from a new AT&T offer to, say, Goatse.'' ...
"security researcher Dan Tentler tweeted yesterday that he'd tried to warn
this very same sign company that their software is easily penetrable by
anyone with a computer and net connection and was told they were `not
interested'.
------------------------------
Date: Mon, 25 May 2015 18:33:52 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Uber Closes In on Its Last Frontier: Airports
http://www.nytimes.com/2015/05/26/business/uber-closes-in-on-its-last-frontier-airports.html
American airport officials know the ride-hailing phenomenon will not recede,
and they are rewriting regulations to welcome all manner of cars.
------------------------------
Date: Sun, 24 May 2015 23:08:42 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Driving Uber Mad
http://www.nytimes.com/2015/05/24/opinion/sunday/maureen-dowd-driving-uber-mad.html
The tragic saga of how Cinderella's Uber coach turned back into a judgmental
pumpkin.
------------------------------
Date: Sun, 24 May 2015 23:14:57 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Behind the Downfall at BlackBerry
http://bits.blogs.nytimes.com/2015/05/24/behind-the-downfall-at-blackberry/
A new book by two reporters from The Globe and Mail offers details about the
emotional and business turmoil surrounding BlackBerry's near collapse.
------------------------------
Date: Sun, 24 May 2015 13:37:55 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Verizon's 'Pick Your Own Cable TV Channels' Is Just Another Bait &
Switch -- Read the Fine Print (Bruce Kushnick)
Bruce Kushnick, *HuffPost*, 22 May 2015
It amazes me how many media stories have decided to just cut and paste
Verizon's supplied information about their new FiOS "customized TV plan"
without examining the 'fine print'. I guess everyone is just desperate to
get anything that smacks of ala-carte pricing for cable TV service, where
the customer can pick and choose which cable programming they want to buy --
and is supposed to save some money.
http://www.huffingtonpost.com/bruce-kushnick/verizons-pick-your-own-ca_b_7419440.html
------------------------------
Date: Sun, 24 May 2015 00:22:53 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Anti-NSA Pranksters Planted Tape Recorders Across New York and
Published Your Conversations (Andy Greenberg)
Andy Greenberg, 20 May 2015
A woman at a gym tells her friend she pays rent higher than $2,000 a
month. An ex-Microsoft employee describes his work as an artist to a woman
he's interviewing to be his assistant -- he makes paintings and body casts,
as well as something to do with infrared light that's hard to discern from
his foreign accent. Another man describes his gay lover's unusual sexual
fetish, which involves engaging in fake fistfights, ``like we were doing a
scene from Batman Returns.''
These conversations -- apparently real ones, whose participants had no
knowledge an eavesdropper might be listening -- were recorded and published
by the NSA. Well, actually no, not the NSA, but an anonymous group of
anti-NSA protesters claiming to be contractors of the intelligence agency
and launching a new `pilot program' in New York City on its behalf. That
spoof of a pilot program, as the prankster provocateurs describe and
document in videos on their website, involves planting micro-cassette
recorders under tables and benches around New York city, retrieving the
tapes and embedding the resulting audio on their website:
Wearealwayslistening.com. ...
http://www.wired.com/2015/05/nsa-pranksters-planted-tape-recorders-nyc/
------------------------------
Date: May 29, 2015 at 8:36:04 AM EDT
From: Dewayne Hendricks <dew...@warpspeed.com>
Subject: The Age Of Disinformation (James Spann)
James Spann, Medium.com, 27 May 2015 (via Dave Farber)
<https://medium.com/@spann/the-age-of-disinformation-98d55837d7d9>
I have been a professional meteorologist for 36 years. Since my debut on
television in 1979, I have been an eyewitness to the many changes in
technology, society, and how we communicate. I am one who embraces change,
and celebrates the higher quality of life we enjoy now thanks to this
progress.
But, at the same time, I realize the instant communication platforms we
enjoy now do have some negatives that are troubling. Just a few examples in
recent days:
I would say hundreds of people have sent this image to me over the past 24
hours via social media. [Rest omitted; somewhat less computer relevant. PGN]
------------------------------
Date: Sun, 24 May 2015 19:46:01 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: BBC: The generation that tech forgot (via NNSquad)
http://www.bbc.com/news/technology-32511489 [an important read. LW]
With a rising elderly population, the technology industry cannot afford to
ignore the issue. It is estimated that, by 2030, 19% of the US population
will be over 65 - roughly the same proportion that currently own iPhones.
And by 2050, there will be one retired person for every two that are in
work. Apple is looking to address this - but not with new hardware. In a
joint venture with IBM, it announced last month it would design "iPad
apps" that would be "very easy to use for seniors". Aimed at the Japanese
market, the apps will help connect millions of older people with
healthcare services. "It assumes that its product is inherently usable,"
says Mr Hosking.
And this situation is a terrible shame and waste, because this tech
can bring enormous benefits even to very elderly persons, if the
effort were made by someone with sufficient resources and talent to do
it right. (I'm talking to you, Google.)
------------------------------
Date: Tue, 26 May 2015 18:29:47 +0900
From: chiaki ishikawa <ishi...@yk.rim.or.jp>
Subject: A badly designed centralized desktop management can cause health risks
In today's computing environment, especially in an enterprise setting where
IT department looks after the PCs and other devices distributed across the
premise, the need for centralized control is acute.
Even PC's desktops are no exception with respect to the centralized
control. We now have PCs running as if they were thin client in some
environments.
When a user logs in, these PCs load the user environment from centrally
managed servers. The local files are swapped in/out when a different user
logs in. (A similar complete wiping out of the previous user's desktop and
restarting a computer with a fresh install even can often be seen at a PC
made available at a hotel room or a hotel business center.)
Such a centralized control may cause network load issues reported in web
blogs and vendor white papers.
With that background, let me tell you a story.
I visited a hospital the other day for an appointment at 09:00. This is the
earliest slot in the morning. I was there at about 08:50 and was instructed
to wait in front of the doctor's office. Above the door, there is an LCD
screen that shows whose turn (a number for the day's appointment which is
printed on a supermarket receipt-like paper when I check in at the hospital
using my ID card.). If there are people waiting, the queue is shown at the
bottom. I thought it was really neat in this modern ICT age (although I
thought it is a bit of waste of electricity although I am not sure if the
LCD ran in energy saving mode or something.)
>From the manner the doctor set up the 09:00 appointment a few weeks ago, I
thought I would be consulted at 09:00 sharp.
But 09:00 came and passed and nothing happened. I noticed the dentist's
office in the back began accepting patients. (The hospital was a large
general hospital with many departments.) Still nothing. Another doctor's
office in the same row began accepting patient around 09:05. Still nothing
at my doctor's office. I noticed the smoked glass window on the door of the
doctor's office showed the interior lighting, so the doctor was already in.
I began wondering if my previous medical tests turned out very bad and the
doctor was going over them very carefully (?)
At about 09:10, the LCD screen above my doctor's office door finally
displayed my appoint number as the first patient that morning. I went in
the office uneasily, and the first thing the doctor said is not related to
my health at all: "Logging in is too slow in the morning. I could not get to
read the data"(!)
Wow. A great Risks item :-)
It seems that the PC in the doctor's office is used as a thin-client
workstation [running Java applications] setting to access medical care
system, and from what gathered looking at the screen and hardware in a short
time while I was there, it seems that the user-profile and everything is
first copied to the local PC for efficiency reasons, and that caused a flood
of the network transfer in the morning just before 09:00 when doctors and
clerks began using their computers. No wonder all other doctors, too, could
not invite patients quickly enough.
The doctor mentioned the particular system is not used widely although it is
priced at low cost which the hospital could afford: the doctor said
something about low-quality, but I doubt that in general terms. It seemed
feature-rich from the menu and the doctor's interaction once the files were
fetched from the server(s) was good and UI seemed better than some systems
used at smaller hospitals I have seen.
But the problem is that this particular installation is simply not designed
very well for network peak usage for a big hospital, and presumably other
high-priced systems use different approach regarding the centralized desktop
management to avoid the peak usage issue (or uses even 10GHz for backbone
for network transfer I suppose to take care of high volume of I/O at peak
time and powerful servers that cost a lot.)
Well, a bad system design can cause health risks.
Anyone going to this particular hospital had better not have a heart attack
or other sudden severe symptoms before 9 o'clock in the morning because by
the time they may get to the hospital on an ambulance in time, the doctors
may not be able to read vital data due to "network timeout" on their PCs (!)
I never thought I would experience such a direct computer-related risk in a
hospital I visit.
------------------------------
Date: Mon, 1 Jun 2015 10:57:43 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: CONTRARY WARNING! - "How Google Finally Got Design"
http://www.fastcodesign.com/3046512/how-google-finally-got-design?utm_content-buffer20941
"Google's transformation into a company that creates beautiful software
is the story of how tech itself has evolved in the mobile era."
I'm posting this item here as an example of how different points of view can
create *utterly contrary* reactions -- because to many observers Google's
user interfaces (and this definitely isn't just a Google problem) have
become increasingly, frustratingly *unusable* to significant and growing
segments of the user population -- special needs, older users, and
others. I'm currently conducting a survey on these issues -- please see:
http://lauren.vortex.com/archive/001103.html
and responses have been pouring in -- many of them maddeningly
heartbreaking. More on this as I collect additional ongoing data.
------------------------------
Date: Tue, 26 May 2015 08:57:26 -0700
From: Henry Baker <hba...@pipeline.com>
Subject: NYTimes.com is a very expensive "wall wart"
There's something very weird about the Firefox browser & *The New York
Times* web site, which causes my computers to use 5-8x the electricity of
most other web sites.
I have Javascript completely turned off, thanks to NoScript, but the NYTimes
web site still consumes 11-15% of my CPU's (tested with both Windows/32-bit
and Ubuntu/64-bit).
Other web sites -- e.g., LATimes.com, Boston.com, etc. (also with Javascript
disabled) -- take only perhaps 1-3% of my CPU's.
The high CPU load occurs only when NYTimes is the top tab; if I switch the
top tab to LATimes.com, the CPU load drops down to 1-3%.
The NYTimes CPU load persists even when these computers are disconnected
from the Internet.
These measurements are up-to-date (as of today, 5/26/2015) for Firefox v. 38.
All add-ons & extensions are disabled -- except NoScript -- and
particularly, *all video is disabled*.
The problem is not expensive gif images, because other sites which use gifs
are not so expensive.
I'm mystified.
Apparently, leaving The NYTimes open in your Firefox browser makes for very
expensive wallpaper.
------------------------------
Date: Fri, 29 May 2015 08:32:00 -0400
From: robert schaefer <r...@haystack.mit.edu>
Subject: This Ad for Banned Food in Russia Can Hide Itself From the Cops
This is an advertising stunt, but has interesting implications all the same:
"Websites are already able to serve up ads customized for whoever happens to
be viewing a page. Now an ad agency in Russia is taking that idea one step
further with an outdoor billboard that's able to automatically hide when it
spots the police coming."
http://gizmodo.com/this-ad-for-banned-food-in-russia-can-hide-itself-from-1707145443
------------------------------
Date: Thu, 28 May 2015 13:17:31 +0100
From: David Damerell <dame...@chiark.greenend.org.uk>
Subject: Re: Only 3% of people aced Intel's phishing quiz (Jeff Jedras)
An alarming figure! But when we look at the story, we find the reality is
(slightly) less alarming; that includes people who identified non-phishes
as phishes, whereas "only" 80% of the people tested misidentified phishes.
------------------------------
Date: Tue, 26 May 2015 23:47:37 -0500
From: "Alister Wm Macintyre \(Wow\)" <macwh...@wowway.com>
Subject: Re: All cars must have tracking devices (Drewe)
[Numerous collision incidents have occurred -- some days half a dozen]
between trains and road vehicles, in the USA, described at this site:
http://www.trainwreckdb.com/
I wonder what the rate is like elsewhere in our world.
I suspect some of this, and violations of school bus safety, is thanks to
the USA eliminating driver education from the school system, allegedly
triggered by budget cuts.
We can be thankful that these incidents are not triggering bomb trains.
Bomb trains go off typically at least twice a month -- there were almost 40
of them in the USA in 2014. Basically the infrastructure, to move crude
oil, was developed before we had Canadian Oil Sands, and US fracking. Oil
from those sources contain a lot of pieces of rock and sand, which abrade
the insides of pipelines and oil tankers, causing them to breach, reach
something to trigger ignition, and away they go in a monster fire. Here's a
source for the above statistics:
http://www.wsj.com/articles/train-wrecks-hit-tougher-oil-railcars-1425861371
------------------------------
Date: Mon, 17 Nov 2014 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-...@csl.sri.com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-s...@csl.sri.com or risks-un...@csl.sri.com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact <Lindsay....@newcastle.ac.uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line.
*** NOTE: Including the string `notsp' at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
<http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
is no longer maintained up-to-date except for recent election problems.
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 28.66
************************
0 new messages