info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 33.80
42 views
Skip to first unread message
RISKS List Owner
Aug 23, 2023, 10:29:10 PM8/23/23
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Wednesday 23 August 2023 Volume 33 : Issue 80
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.80>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
'Near Collisions' of Commercial Jets Happen All the Time,
Horrifying FAA Records Show (Gizmodo plus NYTimes)
Cruise Agrees to Reduce Driverless Car Fleet in San Francisco
After Crash (NYTimes)
How a hacking crew overtook a satellite from inside a Las Vegas
convention center and won $50,000 (Cyberscoop)
Fifty minutes to hack ChatGPT: Inside the DEF CON competition to
break AI (Cyberscoop)
Hackers exploit WinRAR zero-day bug to steal funds from broker accounts
(TechCrunch)
Grieving widow sues Tesla over deadly Model 3 crash and explosion
(TechCrunch)
The Case of the Internet Archive vs. Book Publishers (NYTimes)
Google announces new algorithm that makes FIDO encryption safe from quantum
computers (Ars Technica)
Google and YouTube are trying to have it both ways with AI and copyright
(The Verge)
ICANN warns UN may sideline tech community from future Internet governance
(The Register)
``We can always turn off bad AI's'': *NOT* (Henry Baker)
Researchers Demo Fake Airplane Mode Exploit That Trickse iPhone Users
(Alex Scroxton)
American Airlines sues a travel site to crack down on consumers who use this
travel hack to save money (APNews)
Research Hack Reveals Call Security Risk in Smartphones (Texas A&M)
Our health care system may soon receive a much-needed cybersecurity boost
(Lily Hay Newman)
Tesla points to insider wrongdoing as cause of massive employee data leak
(The Verge)
Wegmans Double Charging Affects Credit Card Customers In VA, DC
(Old Town Alexandria VA Patch)
Buyers of Bored Ape NFTs sue after digital apes turn out to be bad
investment (Ars Technica)
Wi-Fi sniffers strapped to drones -- Mike Lindell's odd plan
to stop election fraud (Ars Technica)
How X Is Suing Its Way Out of Accountability (WiReD)
Re: Voyager 2: NASA Didn't Lose Contact With Probe After Sending Wrong
Command (John Levine, Lars-Henrik Eriksson)
Re: Cellphone Radiation Is Harmful, but Few Want to Believe It Martin Ward)
Re: Lahaina: single points of failure (John Levine, Henry Baker, Dick Mills_
Re: Google/AI -- sundry items PGN-ed (Lauren Weinsteain)
Unpacking Cyber Capacity-Building Needs (via Diego Latella)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Wed, 23 Aug 2023 09:32:44 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: 'Near Collisions' of Commercial Jets Happen All the Time,
Horrifying FAA Records Show (Gizmodo)
https://gizmodo.com/plane-crashes-almost-happen-a-lot-faa-records-1850760132
[Almost half of today's front page of *The New York Times* is devoted to a
graphic and lead: Air Disasters Are Rare in the U.S. Close Calls Are a
Different Story -- Multiple Incidents Each Month Reveal a Safety Net Under
Stress. PGN]
------------------------------
Date: Sun, 20 Aug 2023 18:15:56 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Cruise Agrees to Reduce Driverless Car Fleet in San Francisco
After Crash (NYTimes)
https://www.nytimes.com/2023/08/18/technology/cruise-crash-driverless-car-san-francisco.html
------------------------------
Date: Wed, 23 Aug 2023 10:17:45 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: How a hacking crew overtook a satellite from inside a Las Vegas
convention center and won $50,000 (Cyberscoop)
https://cyberscoop.com/mhackeroni-hackasat-space-def-con/
------------------------------
Date: Wed, 23 Aug 2023 10:23:40 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Fifty minutes to hack ChatGPT: Inside the DEF CON competition to
break AI (Cyberscoop)
Fifty minutes to hack ChatGPT: Inside the DEF CON competition to break AI
More than 2,000 hackers attacked cutting-edge chatbots to discover
vulnerabilities — and demonstrated the challenges for red-teaming AI.
https://cyberscoop.com/def-con-ai-hacking-red-team/
------------------------------
Date: Wed, 23 Aug 2023 09:15:10 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Hackers exploit WinRAR zero-day bug to steal funds from broker
accounts (TechCrunch)
https://techcrunch.com/2023/08/23/winrar-zero-day-funds-brokers/
------------------------------
Date: Wed, 23 Aug 2023 09:21:58 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Grieving widow sues Tesla over deadly Model 3 crash and
explosion (TechCrunch)
https://techcrunch.com/2023/08/22/grieving-widow-sues-tesla-over-deadly-model-3-crash-and-explosion/
------------------------------
Date: Sun, 20 Aug 2023 02:29:17 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: The Case of the Internet Archive vs. Book Publishers
(The New York Times)
The Dream Was Universal Access to Knowledge. The Result Was a Fiasco.
In the pandemic emergency, Brewster Kahle’s Internet Archive freely lent out
digital scans of its library. Publishers sued. Owning a book means something
different now.
Information wants to be free. That observation, first made in 1984,
anticipated the Internet and the world to come. It cost nothing to digitally
reproduce data and words, and so we have them in numbing abundance.
Information also wants to be expensive. The right information at the right
time can save a life, make a fortune, topple a government. Good information
takes time and effort and money to produce.
https://www.nytimes.com/2023/08/13/business/media/internet-archive-emergency-len
ding-library.html
------------------------------
Date: Tue, 22 Aug 2023 08:30:49 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Google announces new algorithm that makes FIDO encryption safe
from quantum computers (Ars Technica)
https://arstechnica.com/?p=1961906
------------------------------
From: Monty Solomon <mo...@roscom.com>
Date: Wed, 23 Aug 2023 09:04:40 -0400
Subject: Google and YouTube are trying to have it both ways with AI and
copyright (The Verge)
Google and YouTube are trying to have it both ways with AI and copyright
https://www.theverge.com/2023/8/22/23841822/google-youtube-ai-copyright-umg-scraping-universal
------------------------------
Date: Tue, 22 Aug 2023 10:55:40 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: ICANN warns UN may sideline tech community from future Internet
governance (The Register)
https://www.theregister.com/2023/08/22/icann_un_digital_compact_warning/
------------------------------
Date: Mon, 21 Aug 2023 16:32:20 +0000
From: Henry Baker <hba...@pipeline.com>
Subject: ``We can always turn off bad AI's'': *NOT!*
Let's examine this conceit carefully.
The very *definition* of *war* is the existential struggle to flip the
'power switch' of your enemy into the 'off' position.
If it were so simple to just flip a power switch, the Ukraine war would have
been long since over.
Those whose very *survival* is at stake won't hesitate to use every means at
their disposal -- including AI's -- in order to win their wars.
Since preserving one's own power while attacking your enemy's power switch
is essential, AI's will be deployed to protect our own (and hence the AI's
own) power.
What did you think all of this research into using AI's for
cyber activities is all about ?
What did you think all of this research into using AI's to
'protect the grid' is all about?
The highest priority in AI research today is *already* the
task of keeping any enemies from turning off our AI's own
power.
Let's stop being delusional!
------------------------------
Date: Mon, 21 Aug 2023 11:16:51 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Researchers Demo Fake Airplane Mode Exploit That Tricks
iPhone Users (Alex Scroxton)
Alex Scroxton, *Computer Weekly*, 17 Aug 2023
Jamf Threat Labs researchers demonstrated an exploit chain that allows
attackers to use an artificial 'airplane mode' to remain connected to
exposed devices that users believe are offline. The researchers created a
fake airplane mode by identifying a specific string in the device's console
log, "#N User airplane mode preference changing from kFalse to KTrue,"
accessing the device's code, and replacing the function with an empty or 'do
nothing' function. They also accessed the user interface to add a small
piece of code to dim the mobile connectivity icon and highlight the airplane
mode icon, then exploited the CommCentre to block mobile data access for
certain apps so the user received a "turn off airplane mode"
notification. The researchers believe the technique is most likely to be
used in a targeted attack.
------------------------------
Date: Sun, 20 Aug 2023 08:56:01 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: American Airlines sues a travel site to crack down on consumers
who use this travel hack to save money (APNews)
https://apnews.com/article/american-airlines-lawsuit-skiplagging-tickets-905acda8ac5fe302238cefd63ac864e3
------------------------------
Date: Wed, 23 Aug 2023 11:32:32 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Research Hack Reveals Call Security Risk in Smartphones
(Texas A&M)
Nancy Luedke, Texas A&M Engineering News, 17 Aug 2023
via ACM TechNews, 23 Aug 2023
A multi-institutional team of researchers developed malware to extract
caller information by screening vibration data from ear speakers recorded by
a smartphone's accelerometers. The researchers used two newer Android phones
whose motion-sensor data is retrievable without users' consent. The models'
larger speakers also provided more caller information than older models,
allowing a machine learning algorithm to infer 45% to 90% of the word
regions from their accelerometer data. The researchers learned their EarSpy
malware could identify repeat callers with 91.6% accuracy, determine the
speaker's gender with 98.6% accuracy, and identify spoken numbers from zero
to nine with 56% accuracy. Texas A&M University's Ahmed Tanvir Mahdad said.
------------------------------
Date: Tue, 22 Aug 2023 08:34:12 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Our health care system may soon receive a much-needed
cybersecurity boost (Lily Hay Newman)
Lily Hay Newman, *WiReD*, 18 Aug 2023
https://arstechnica.com/?p=1961745
The Advanced Research Projects Agency for Health (Arpa-H), a research
support agency within the United States Department of Health and Human
Services, said today that it is launching an initiative to find and help
fund the development of cybersecurity technologies that can specifically
improve defenses for digital infrastructure in US health care. Dubbed the
Digital Health Security project, also known as Digiheals, the effort will
allow researchers and technologists to submit proposals beginning today
through September 7 for cybersecurity tools geared specifically to health
care systems, hospitals and clinics, and health-related devices. [...]
------------------------------
Date: Tue, 22 Aug 2023 08:14:47 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Tesla points to insider wrongdoing as cause of massive employee
data leak (The Verge)
https://www.theverge.com/2023/8/21/23839940/tesla-data-leak-inside-job-handelsblatt
------------------------------
Date: Mon, 21 Aug 2023 16:58:20 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Wegmans Double Charging Affects Credit Card Customers In VA, DC
(Old Town Alexandria VA Patch)
A glitch in the Wegmans system one day in August impacted both in-store and
online orders, the company said.
https://patch.com/virginia/annandale/s/ir98x/wegmans-double-charging-affects-credit-card-customers-in-va-dc
Oh, a glitch. OK, then -- that's nobody's fault.
------------------------------
Date: Tue, 22 Aug 2023 08:34:48 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Buyers of Bored Ape NFTs sue after digital apes turn out to be
bad investment (Ars Technica)
https://arstechnica.com/?p=1961571
------------------------------
Date: Tue, 22 Aug 2023 08:32:34 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Wi-Fi sniffers strapped to drones -- Mike Lindell's odd plan
to stop election fraud (Ars Technica)
https://arstechnica.com/?p=1961867
[What could possibly go wrong here? My moderator-self decided this was
simply the wrong solution to the wrong problem. PGN]
------------------------------
Date: Sun, 20 Aug 2023 18:16:54 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: How X Is Suing Its Way Out of Accountability (WiReD)
The social media giant filed a lawsuit against a nonprofit that researches
hate speech online. It’s the latest effort to cut off the data needed to
expose online platforms’ failings.
“The Center for Countering Digital Hate’s research shows that hate and
disinformation is spreading like wildfire on the platform under Musk’s
ownership, and this lawsuit is a direct attempt to silence those efforts,”
says Imran Ahmed, CEO of the CCDH.
Experts who spoke to WIRED see the legal action as the latest move by social
media platforms to shrink access to their data by researchers and civil
society organizations that seek to hold them accountable. “We're talking
about access not just for researchers or academics, but it could also
potentially be extended to advocates and journalists and even policymakers,”
says Liz Woolery, digital policy lead at PEN America, a nonprofit that
advocates for free expression. “Without that kind of access, it is really
difficult for us to engage in the research necessary to better understand
the scope and scale of the problem that we face, of how social media is
affecting our daily life, and make it better.”
In 2021, Meta blocked researchers at New York University’s Ad Observatory
from collecting data about political ads and Covid-19 misinformation. Last
year, the company said it would wind down its monitoring tool CrowdTangle,
which has been instrumental in allowing researchers and journalists to
monitor Facebook. Both Meta and Twitter are suing Bright Data, an Israeli
data collection firm, for scraping their sites. (Meta had previously
contracted Bright Data to scrape other sites on its behalf.) Musk announced
in March that the company would begin charging $42,000 per month for its
API, pricing out the vast majority of researchers and academics who have
used it to study issues like disinformation and hate speech in more than
17,000 academic studies.
https://www.wired.com/story/twitter-x-ccdh-lawsuit-data-crackdown/
------------------------------
Date: 19 Aug 2023 21:03:11 -0400
From: "John Levine" <jo...@iecc.com>
Subject: Re: Voyager 2: NASA Didn't Lose Contact With Probe After
Sending Wrong Command (Business Insider via Goldberg)
> It could mean the end of its 46-year-old mission.
Not really. The command pointed the antenna slightly in the wrong
direction, which, since it is so far away, made it lose contact.
Fortunately, the people who designed the Voyager probes anticipated
that people might make mistakes, and it automatically reorients itself
twice a year, which would have put it back in contact in October.
A few days later they got a weak carrier signal, which told them that
nothing else was wrong. Since the antenna was only slightly off
center, they tried yelling at it, sending a command using very high
power from one of the earth stations. After waiting 37 hours for the
speed of light round trip, Voyager responded -- it had worked and it's
back in contact.
The Voyager probes were launched 45 years ago, are still operating,
and will most likely keep working for a few more years until their
radioactive power supplies run down. If you are very careful and have
a large budget, you can make extremely reliable equipment.
[The non-demise was apparently old news, as noted by Gabe Goldberg
Old news: August 4, 2023
https://arstechnica.com/space/2023/08/voyager-2-phones-home-and-says-everything-
is-cool/
PGN]
------------------------------
Date: Sun, 20 Aug 2023 10:40:03 +0200
From: Lars-Henrik Eriksson <l...@it.uu.se>
Subject: Re: Voyager 2: NASA Loses Contact With Probe After ...
> [The requirements specifiers, designers, and programmers forgot about
> "undo"? or required confirmation of questionable inputs? Foresight,
> forsooth farsight, when it is that FAR AWAY? PGN]
It is difficult to have an undo for something that breaks your
communications. Anyway they DID have such foresight, as the probe has a
failsafe function that will automatically attempt to restore communications
if the probe has been out of touch long enough. (Which was mentioned in the
article.) Fortunately, NASA managed to restore communication without waiting
for the failsafe function.
------------------------------
Date: Sun, 20 Aug 2023 14:47:31 +0100
From: Martin Ward <mwar...@gmail.com>
Subject: Re: Cellphone Radiation Is Harmful, but Few Want to Believe It
> PGN wrote:> Or are they both right, in some quantum-theoretical sense?
> PGN They could both be "right" in the sense that both results are
> supported by the data, depending on the interpretation.
There is no known mechanism by which cellphone radiation can cause cancer,
so researchers can look only for correlations between cellphone usage and
increased occurrence of cancer. Some research projects find correlations
and others do not.
But correlation does not imply causation: there are a number of other
factors that might correlate with cellphone usage: e.g., wealth, lifestyle,
diet, age and so on. Some of these factors might also correlate with cancer
risk. So, depending on which factors are accounted for in the analysis, a
correlation between cellphone use and cancer risk could appear or disappear.
------------------------------
Date: 19 Aug 2023 21:19:08 -0400
From: "John Levine" <jo...@iecc.com>
Subject: Re: Lahaina: single points of failure (RISKS-33.79)
Maui has a population about the same as Salinas CA. Most of its power
comes from diesel generators, but it also has two substantial wind
farms, three small solar farms, two old hydro plants, and two battery
storage plants. It's a small island, there is no "larger grid."
As is usually the case, better management of existing facilities would
have made a great deal of difference. In particular, the power company
had no plan to turn the power off when high winds caused arcing that
started multiple fires. You'd hope that they'd have taken the hint
when exactly the same thing started fires in California last year,
but nope.
If they're going to spend money, burying the lines would be a lot
better use of it than fooling around with microgrids.
------------------------------
Date: Sun, 20 Aug 2023 03:09:30 +0000
From: Henry Baker <hba...@pipeline.com>
Subject: Re: Lahaina: single points of failure (Levine, RISKS-33.80)
John Levine raises the issue of so-called 'undergrounding' of electrical
power lines.
I'm no apologist for the electrical monopolies, but as an electrical
engineer, I can understand some of the problems that they point out with
underground electrical power transmission installations.
[Levine: Good point. Some of the news reports say that they were planning
to make the power poles stronger, which had they actually done it, would
have provided many of the same benefits at much lower cost.]
Briefly, the issues are:
* Installation costs > 10X overhead cables
* Voltage perhaps 1/10 of overhead cable voltage
* Underground cables require expensive cooling and
insulation
* Trees still cause headaches, only this time it's their
*roots* rather than their *branches & leaves* !
* Underground cables take perhaps 25X as long to fix
* Lifespan of underground cables still only about the
same as that of overhead cables.
Bottom line: distributed *generation*, distributed *storage*,
and microgridding are far superior to long (or short) distance
power *transmission*. Whenever possible, use the shortest
physical distance between generator (solar/wind/nuclear),
storage (battery/pneumatic/water head), and the energy
consumer ('load'). Position datacenters and bitcoin miners
adjacent to the power source & transmit data over fiber
rather than transmit power over expensive cables.
[Levine: Maui is an island 48 miles long and 26 wide at the widest point.
All of the distances are short, all of the fuel is tanked in. While I can
believe there are places that microgrids would make a difference, small
islands aren't them since they're microgrids whether they want to be or
not.]
Computer engineers have long known this: regulators and capacitors on every
bay, every board, every chip. *Distributed* power systems win the day.
Here's a link to a good report:
https://electrical-engineering-portal.com/res3/Undergrounding-high-voltage-electricity-transmission-lines.pdf
"Undergrounding high voltage electricity transmission lines -- The
technical issues"
"Overhead lines are insulated by air, while underground cable conductors
are wrapped in layers of insulating material. Air is the simplest and
cheapest insulation and the heat produced by the electricity flowing
through the bare overhead conductors is removed by the flow of air over
the conductors. When conductors are buried underground, robust insulation
is needed to withstand the very high voltage."
"To compensate for this, underground cables are generally bigger to reduce
their electrical resistance and heat produced."
"For direct buried cables each cable needs to be well-spaced from others
for good heat dissipation. To match overhead line thermal performance for
a 400kV double circuit, as many as 12 separate cables in four separate
trenches may be needed, resulting in a work area up to 65m wide. In
addition, water cooling may be used (see section on Components of
underground cable systems). For cables installed in deep bore tunnels,
cable cooling is provided by forced air ventilation or water cooling."
"If a fault occurs on a 400kV underground cable, it is on average out of
service for a period ***25 times longer*** than 400kV overhead lines.
This is due principally to the long time taken to locate, excavate and
undertake technically involved repairs. These maintenance and repairs also
cost significantly more."
------------------------------
Date: Sun, 20 Aug 2023 13:50:29 -0400
From: Dick Mills <dickandl...@gmail.com>
Subject: Re: Lahaina: single points of failure
[Similar comments omitted, but two of Dick's paras are particularly
relevant: PGN]
Underground transmission avoids much of the fire risks, but the per-mile
cost is roughly 600% higher, and they bring other risks. In 1998, Auckland
NZ was dark for 15 weeks because of underground power cables.
https://en.wikipedia.org/wiki/1998_Auckland_power_crisis
If you want to study the reliability of independent microgrids, refer to
archipelagos where each island makes its own power without connections to
other islands. The experience in most cases is that they wish that they
could be interconnected for reliability reasons.
------------------------------
Date: Mon, 21 Aug 2023 13:27:29 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Re: Google/AI -- sundry items PGN-ed
1. Simply by flipping a generative AI switch, #Google has gone from being
THE PLACE to find correct information and useful answers, to being the
place to find potentially dangerous misinformation as well.
Impressive. Most impressive. -L
2.'Benefits of Slavery:' Google's AI Search Gives Ridiculous and Wrong
Answers
3. Also advantages of genocide and how to cook poisonous mushrooms. -L
https://gizmodo.com/google-search-ai-answers-slavery-benefits-1850758631
4. Artificial intelligence is ineffective and potentially harmful for fact
checking https://arxiv.org/abs/2308.10800
------------------------------
Date: Tue, 22 Aug 2023 11:16:12 +0200
From: "Diego.Latella" <diego....@isti.cnr.it>
Subject: Unpacking Cyber Capacity-Building Needs
(S. Dominioni, G. Persi Paoli - UNIDIR)
Published recently:
S. Dominioni - G. Persi Paoli
Unpacking Cyber Capacity-Building Needs - Part I. Mapping the
Foundational Cyber Capabilities
UNIDIR
https://unidir.org/publication/unpacking-cyber-capacity-building-needs-part-i-mapping-foundational-cyber-capabilities
S. Dominioni - G. Persi Paoli
Unpacking Cyber Capacity-Building Needs - Part II. Introducing a
Threat-Based Approach
UNIDIR
https://unidir.org/publication/unpacking-cyber-capacity-building-needs-part-ii-introducing-threat-based-approach
------------------------------
Date: Sat, 1 Jul 2023 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 33.80
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.80>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
'Near Collisions' of Commercial Jets Happen All the Time,
Horrifying FAA Records Show (Gizmodo plus NYTimes)
Cruise Agrees to Reduce Driverless Car Fleet in San Francisco
After Crash (NYTimes)
How a hacking crew overtook a satellite from inside a Las Vegas
convention center and won $50,000 (Cyberscoop)
Fifty minutes to hack ChatGPT: Inside the DEF CON competition to
break AI (Cyberscoop)
Hackers exploit WinRAR zero-day bug to steal funds from broker accounts
(TechCrunch)
Grieving widow sues Tesla over deadly Model 3 crash and explosion
(TechCrunch)
The Case of the Internet Archive vs. Book Publishers (NYTimes)
Google announces new algorithm that makes FIDO encryption safe from quantum
computers (Ars Technica)
Google and YouTube are trying to have it both ways with AI and copyright
(The Verge)
ICANN warns UN may sideline tech community from future Internet governance
(The Register)
``We can always turn off bad AI's'': *NOT* (Henry Baker)
Researchers Demo Fake Airplane Mode Exploit That Trickse iPhone Users
(Alex Scroxton)
American Airlines sues a travel site to crack down on consumers who use this
travel hack to save money (APNews)
Research Hack Reveals Call Security Risk in Smartphones (Texas A&M)
Our health care system may soon receive a much-needed cybersecurity boost
(Lily Hay Newman)
Tesla points to insider wrongdoing as cause of massive employee data leak
(The Verge)
Wegmans Double Charging Affects Credit Card Customers In VA, DC
(Old Town Alexandria VA Patch)
Buyers of Bored Ape NFTs sue after digital apes turn out to be bad
investment (Ars Technica)
Wi-Fi sniffers strapped to drones -- Mike Lindell's odd plan
to stop election fraud (Ars Technica)
How X Is Suing Its Way Out of Accountability (WiReD)
Re: Voyager 2: NASA Didn't Lose Contact With Probe After Sending Wrong
Command (John Levine, Lars-Henrik Eriksson)
Re: Cellphone Radiation Is Harmful, but Few Want to Believe It Martin Ward)
Re: Lahaina: single points of failure (John Levine, Henry Baker, Dick Mills_
Re: Google/AI -- sundry items PGN-ed (Lauren Weinsteain)
Unpacking Cyber Capacity-Building Needs (via Diego Latella)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Wed, 23 Aug 2023 09:32:44 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: 'Near Collisions' of Commercial Jets Happen All the Time,
Horrifying FAA Records Show (Gizmodo)
https://gizmodo.com/plane-crashes-almost-happen-a-lot-faa-records-1850760132
[Almost half of today's front page of *The New York Times* is devoted to a
graphic and lead: Air Disasters Are Rare in the U.S. Close Calls Are a
Different Story -- Multiple Incidents Each Month Reveal a Safety Net Under
Stress. PGN]
------------------------------
Date: Sun, 20 Aug 2023 18:15:56 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Cruise Agrees to Reduce Driverless Car Fleet in San Francisco
After Crash (NYTimes)
https://www.nytimes.com/2023/08/18/technology/cruise-crash-driverless-car-san-francisco.html
------------------------------
Date: Wed, 23 Aug 2023 10:17:45 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: How a hacking crew overtook a satellite from inside a Las Vegas
convention center and won $50,000 (Cyberscoop)
https://cyberscoop.com/mhackeroni-hackasat-space-def-con/
------------------------------
Date: Wed, 23 Aug 2023 10:23:40 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Fifty minutes to hack ChatGPT: Inside the DEF CON competition to
break AI (Cyberscoop)
Fifty minutes to hack ChatGPT: Inside the DEF CON competition to break AI
More than 2,000 hackers attacked cutting-edge chatbots to discover
vulnerabilities — and demonstrated the challenges for red-teaming AI.
https://cyberscoop.com/def-con-ai-hacking-red-team/
------------------------------
Date: Wed, 23 Aug 2023 09:15:10 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Hackers exploit WinRAR zero-day bug to steal funds from broker
accounts (TechCrunch)
https://techcrunch.com/2023/08/23/winrar-zero-day-funds-brokers/
------------------------------
Date: Wed, 23 Aug 2023 09:21:58 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Grieving widow sues Tesla over deadly Model 3 crash and
explosion (TechCrunch)
https://techcrunch.com/2023/08/22/grieving-widow-sues-tesla-over-deadly-model-3-crash-and-explosion/
------------------------------
Date: Sun, 20 Aug 2023 02:29:17 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: The Case of the Internet Archive vs. Book Publishers
(The New York Times)
The Dream Was Universal Access to Knowledge. The Result Was a Fiasco.
In the pandemic emergency, Brewster Kahle’s Internet Archive freely lent out
digital scans of its library. Publishers sued. Owning a book means something
different now.
Information wants to be free. That observation, first made in 1984,
anticipated the Internet and the world to come. It cost nothing to digitally
reproduce data and words, and so we have them in numbing abundance.
Information also wants to be expensive. The right information at the right
time can save a life, make a fortune, topple a government. Good information
takes time and effort and money to produce.
https://www.nytimes.com/2023/08/13/business/media/internet-archive-emergency-len
ding-library.html
------------------------------
Date: Tue, 22 Aug 2023 08:30:49 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Google announces new algorithm that makes FIDO encryption safe
from quantum computers (Ars Technica)
https://arstechnica.com/?p=1961906
------------------------------
From: Monty Solomon <mo...@roscom.com>
Date: Wed, 23 Aug 2023 09:04:40 -0400
Subject: Google and YouTube are trying to have it both ways with AI and
copyright (The Verge)
Google and YouTube are trying to have it both ways with AI and copyright
https://www.theverge.com/2023/8/22/23841822/google-youtube-ai-copyright-umg-scraping-universal
------------------------------
Date: Tue, 22 Aug 2023 10:55:40 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: ICANN warns UN may sideline tech community from future Internet
governance (The Register)
https://www.theregister.com/2023/08/22/icann_un_digital_compact_warning/
------------------------------
Date: Mon, 21 Aug 2023 16:32:20 +0000
From: Henry Baker <hba...@pipeline.com>
Subject: ``We can always turn off bad AI's'': *NOT!*
Let's examine this conceit carefully.
The very *definition* of *war* is the existential struggle to flip the
'power switch' of your enemy into the 'off' position.
If it were so simple to just flip a power switch, the Ukraine war would have
been long since over.
Those whose very *survival* is at stake won't hesitate to use every means at
their disposal -- including AI's -- in order to win their wars.
Since preserving one's own power while attacking your enemy's power switch
is essential, AI's will be deployed to protect our own (and hence the AI's
own) power.
What did you think all of this research into using AI's for
cyber activities is all about ?
What did you think all of this research into using AI's to
'protect the grid' is all about?
The highest priority in AI research today is *already* the
task of keeping any enemies from turning off our AI's own
power.
Let's stop being delusional!
------------------------------
Date: Mon, 21 Aug 2023 11:16:51 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Researchers Demo Fake Airplane Mode Exploit That Tricks
iPhone Users (Alex Scroxton)
Alex Scroxton, *Computer Weekly*, 17 Aug 2023
Jamf Threat Labs researchers demonstrated an exploit chain that allows
attackers to use an artificial 'airplane mode' to remain connected to
exposed devices that users believe are offline. The researchers created a
fake airplane mode by identifying a specific string in the device's console
log, "#N User airplane mode preference changing from kFalse to KTrue,"
accessing the device's code, and replacing the function with an empty or 'do
nothing' function. They also accessed the user interface to add a small
piece of code to dim the mobile connectivity icon and highlight the airplane
mode icon, then exploited the CommCentre to block mobile data access for
certain apps so the user received a "turn off airplane mode"
notification. The researchers believe the technique is most likely to be
used in a targeted attack.
------------------------------
Date: Sun, 20 Aug 2023 08:56:01 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: American Airlines sues a travel site to crack down on consumers
who use this travel hack to save money (APNews)
https://apnews.com/article/american-airlines-lawsuit-skiplagging-tickets-905acda8ac5fe302238cefd63ac864e3
------------------------------
Date: Wed, 23 Aug 2023 11:32:32 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Research Hack Reveals Call Security Risk in Smartphones
(Texas A&M)
Nancy Luedke, Texas A&M Engineering News, 17 Aug 2023
via ACM TechNews, 23 Aug 2023
A multi-institutional team of researchers developed malware to extract
caller information by screening vibration data from ear speakers recorded by
a smartphone's accelerometers. The researchers used two newer Android phones
whose motion-sensor data is retrievable without users' consent. The models'
larger speakers also provided more caller information than older models,
allowing a machine learning algorithm to infer 45% to 90% of the word
regions from their accelerometer data. The researchers learned their EarSpy
malware could identify repeat callers with 91.6% accuracy, determine the
speaker's gender with 98.6% accuracy, and identify spoken numbers from zero
to nine with 56% accuracy. Texas A&M University's Ahmed Tanvir Mahdad said.
------------------------------
Date: Tue, 22 Aug 2023 08:34:12 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Our health care system may soon receive a much-needed
cybersecurity boost (Lily Hay Newman)
Lily Hay Newman, *WiReD*, 18 Aug 2023
https://arstechnica.com/?p=1961745
The Advanced Research Projects Agency for Health (Arpa-H), a research
support agency within the United States Department of Health and Human
Services, said today that it is launching an initiative to find and help
fund the development of cybersecurity technologies that can specifically
improve defenses for digital infrastructure in US health care. Dubbed the
Digital Health Security project, also known as Digiheals, the effort will
allow researchers and technologists to submit proposals beginning today
through September 7 for cybersecurity tools geared specifically to health
care systems, hospitals and clinics, and health-related devices. [...]
------------------------------
Date: Tue, 22 Aug 2023 08:14:47 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Tesla points to insider wrongdoing as cause of massive employee
data leak (The Verge)
https://www.theverge.com/2023/8/21/23839940/tesla-data-leak-inside-job-handelsblatt
------------------------------
Date: Mon, 21 Aug 2023 16:58:20 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Wegmans Double Charging Affects Credit Card Customers In VA, DC
(Old Town Alexandria VA Patch)
A glitch in the Wegmans system one day in August impacted both in-store and
online orders, the company said.
https://patch.com/virginia/annandale/s/ir98x/wegmans-double-charging-affects-credit-card-customers-in-va-dc
Oh, a glitch. OK, then -- that's nobody's fault.
------------------------------
Date: Tue, 22 Aug 2023 08:34:48 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Buyers of Bored Ape NFTs sue after digital apes turn out to be
bad investment (Ars Technica)
https://arstechnica.com/?p=1961571
------------------------------
Date: Tue, 22 Aug 2023 08:32:34 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Wi-Fi sniffers strapped to drones -- Mike Lindell's odd plan
to stop election fraud (Ars Technica)
https://arstechnica.com/?p=1961867
[What could possibly go wrong here? My moderator-self decided this was
simply the wrong solution to the wrong problem. PGN]
------------------------------
Date: Sun, 20 Aug 2023 18:16:54 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: How X Is Suing Its Way Out of Accountability (WiReD)
The social media giant filed a lawsuit against a nonprofit that researches
hate speech online. It’s the latest effort to cut off the data needed to
expose online platforms’ failings.
“The Center for Countering Digital Hate’s research shows that hate and
disinformation is spreading like wildfire on the platform under Musk’s
ownership, and this lawsuit is a direct attempt to silence those efforts,”
says Imran Ahmed, CEO of the CCDH.
Experts who spoke to WIRED see the legal action as the latest move by social
media platforms to shrink access to their data by researchers and civil
society organizations that seek to hold them accountable. “We're talking
about access not just for researchers or academics, but it could also
potentially be extended to advocates and journalists and even policymakers,”
says Liz Woolery, digital policy lead at PEN America, a nonprofit that
advocates for free expression. “Without that kind of access, it is really
difficult for us to engage in the research necessary to better understand
the scope and scale of the problem that we face, of how social media is
affecting our daily life, and make it better.”
In 2021, Meta blocked researchers at New York University’s Ad Observatory
from collecting data about political ads and Covid-19 misinformation. Last
year, the company said it would wind down its monitoring tool CrowdTangle,
which has been instrumental in allowing researchers and journalists to
monitor Facebook. Both Meta and Twitter are suing Bright Data, an Israeli
data collection firm, for scraping their sites. (Meta had previously
contracted Bright Data to scrape other sites on its behalf.) Musk announced
in March that the company would begin charging $42,000 per month for its
API, pricing out the vast majority of researchers and academics who have
used it to study issues like disinformation and hate speech in more than
17,000 academic studies.
https://www.wired.com/story/twitter-x-ccdh-lawsuit-data-crackdown/
------------------------------
Date: 19 Aug 2023 21:03:11 -0400
From: "John Levine" <jo...@iecc.com>
Subject: Re: Voyager 2: NASA Didn't Lose Contact With Probe After
Sending Wrong Command (Business Insider via Goldberg)
> It could mean the end of its 46-year-old mission.
Not really. The command pointed the antenna slightly in the wrong
direction, which, since it is so far away, made it lose contact.
Fortunately, the people who designed the Voyager probes anticipated
that people might make mistakes, and it automatically reorients itself
twice a year, which would have put it back in contact in October.
A few days later they got a weak carrier signal, which told them that
nothing else was wrong. Since the antenna was only slightly off
center, they tried yelling at it, sending a command using very high
power from one of the earth stations. After waiting 37 hours for the
speed of light round trip, Voyager responded -- it had worked and it's
back in contact.
The Voyager probes were launched 45 years ago, are still operating,
and will most likely keep working for a few more years until their
radioactive power supplies run down. If you are very careful and have
a large budget, you can make extremely reliable equipment.
[The non-demise was apparently old news, as noted by Gabe Goldberg
Old news: August 4, 2023
https://arstechnica.com/space/2023/08/voyager-2-phones-home-and-says-everything-
is-cool/
PGN]
------------------------------
Date: Sun, 20 Aug 2023 10:40:03 +0200
From: Lars-Henrik Eriksson <l...@it.uu.se>
Subject: Re: Voyager 2: NASA Loses Contact With Probe After ...
> [The requirements specifiers, designers, and programmers forgot about
> "undo"? or required confirmation of questionable inputs? Foresight,
> forsooth farsight, when it is that FAR AWAY? PGN]
It is difficult to have an undo for something that breaks your
communications. Anyway they DID have such foresight, as the probe has a
failsafe function that will automatically attempt to restore communications
if the probe has been out of touch long enough. (Which was mentioned in the
article.) Fortunately, NASA managed to restore communication without waiting
for the failsafe function.
------------------------------
Date: Sun, 20 Aug 2023 14:47:31 +0100
From: Martin Ward <mwar...@gmail.com>
Subject: Re: Cellphone Radiation Is Harmful, but Few Want to Believe It
> PGN wrote:> Or are they both right, in some quantum-theoretical sense?
> PGN They could both be "right" in the sense that both results are
> supported by the data, depending on the interpretation.
There is no known mechanism by which cellphone radiation can cause cancer,
so researchers can look only for correlations between cellphone usage and
increased occurrence of cancer. Some research projects find correlations
and others do not.
But correlation does not imply causation: there are a number of other
factors that might correlate with cellphone usage: e.g., wealth, lifestyle,
diet, age and so on. Some of these factors might also correlate with cancer
risk. So, depending on which factors are accounted for in the analysis, a
correlation between cellphone use and cancer risk could appear or disappear.
------------------------------
Date: 19 Aug 2023 21:19:08 -0400
From: "John Levine" <jo...@iecc.com>
Subject: Re: Lahaina: single points of failure (RISKS-33.79)
Maui has a population about the same as Salinas CA. Most of its power
comes from diesel generators, but it also has two substantial wind
farms, three small solar farms, two old hydro plants, and two battery
storage plants. It's a small island, there is no "larger grid."
As is usually the case, better management of existing facilities would
have made a great deal of difference. In particular, the power company
had no plan to turn the power off when high winds caused arcing that
started multiple fires. You'd hope that they'd have taken the hint
when exactly the same thing started fires in California last year,
but nope.
If they're going to spend money, burying the lines would be a lot
better use of it than fooling around with microgrids.
------------------------------
Date: Sun, 20 Aug 2023 03:09:30 +0000
From: Henry Baker <hba...@pipeline.com>
Subject: Re: Lahaina: single points of failure (Levine, RISKS-33.80)
John Levine raises the issue of so-called 'undergrounding' of electrical
power lines.
I'm no apologist for the electrical monopolies, but as an electrical
engineer, I can understand some of the problems that they point out with
underground electrical power transmission installations.
[Levine: Good point. Some of the news reports say that they were planning
to make the power poles stronger, which had they actually done it, would
have provided many of the same benefits at much lower cost.]
Briefly, the issues are:
* Installation costs > 10X overhead cables
* Voltage perhaps 1/10 of overhead cable voltage
* Underground cables require expensive cooling and
insulation
* Trees still cause headaches, only this time it's their
*roots* rather than their *branches & leaves* !
* Underground cables take perhaps 25X as long to fix
* Lifespan of underground cables still only about the
same as that of overhead cables.
Bottom line: distributed *generation*, distributed *storage*,
and microgridding are far superior to long (or short) distance
power *transmission*. Whenever possible, use the shortest
physical distance between generator (solar/wind/nuclear),
storage (battery/pneumatic/water head), and the energy
consumer ('load'). Position datacenters and bitcoin miners
adjacent to the power source & transmit data over fiber
rather than transmit power over expensive cables.
[Levine: Maui is an island 48 miles long and 26 wide at the widest point.
All of the distances are short, all of the fuel is tanked in. While I can
believe there are places that microgrids would make a difference, small
islands aren't them since they're microgrids whether they want to be or
not.]
Computer engineers have long known this: regulators and capacitors on every
bay, every board, every chip. *Distributed* power systems win the day.
Here's a link to a good report:
https://electrical-engineering-portal.com/res3/Undergrounding-high-voltage-electricity-transmission-lines.pdf
"Undergrounding high voltage electricity transmission lines -- The
technical issues"
"Overhead lines are insulated by air, while underground cable conductors
are wrapped in layers of insulating material. Air is the simplest and
cheapest insulation and the heat produced by the electricity flowing
through the bare overhead conductors is removed by the flow of air over
the conductors. When conductors are buried underground, robust insulation
is needed to withstand the very high voltage."
"To compensate for this, underground cables are generally bigger to reduce
their electrical resistance and heat produced."
"For direct buried cables each cable needs to be well-spaced from others
for good heat dissipation. To match overhead line thermal performance for
a 400kV double circuit, as many as 12 separate cables in four separate
trenches may be needed, resulting in a work area up to 65m wide. In
addition, water cooling may be used (see section on Components of
underground cable systems). For cables installed in deep bore tunnels,
cable cooling is provided by forced air ventilation or water cooling."
"If a fault occurs on a 400kV underground cable, it is on average out of
service for a period ***25 times longer*** than 400kV overhead lines.
This is due principally to the long time taken to locate, excavate and
undertake technically involved repairs. These maintenance and repairs also
cost significantly more."
------------------------------
Date: Sun, 20 Aug 2023 13:50:29 -0400
From: Dick Mills <dickandl...@gmail.com>
Subject: Re: Lahaina: single points of failure
[Similar comments omitted, but two of Dick's paras are particularly
relevant: PGN]
Underground transmission avoids much of the fire risks, but the per-mile
cost is roughly 600% higher, and they bring other risks. In 1998, Auckland
NZ was dark for 15 weeks because of underground power cables.
https://en.wikipedia.org/wiki/1998_Auckland_power_crisis
If you want to study the reliability of independent microgrids, refer to
archipelagos where each island makes its own power without connections to
other islands. The experience in most cases is that they wish that they
could be interconnected for reliability reasons.
------------------------------
Date: Mon, 21 Aug 2023 13:27:29 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Re: Google/AI -- sundry items PGN-ed
1. Simply by flipping a generative AI switch, #Google has gone from being
THE PLACE to find correct information and useful answers, to being the
place to find potentially dangerous misinformation as well.
Impressive. Most impressive. -L
2.'Benefits of Slavery:' Google's AI Search Gives Ridiculous and Wrong
Answers
3. Also advantages of genocide and how to cook poisonous mushrooms. -L
https://gizmodo.com/google-search-ai-answers-slavery-benefits-1850758631
4. Artificial intelligence is ineffective and potentially harmful for fact
checking https://arxiv.org/abs/2308.10800
------------------------------
Date: Tue, 22 Aug 2023 11:16:12 +0200
From: "Diego.Latella" <diego....@isti.cnr.it>
Subject: Unpacking Cyber Capacity-Building Needs
(S. Dominioni, G. Persi Paoli - UNIDIR)
Published recently:
S. Dominioni - G. Persi Paoli
Unpacking Cyber Capacity-Building Needs - Part I. Mapping the
Foundational Cyber Capabilities
UNIDIR
https://unidir.org/publication/unpacking-cyber-capacity-building-needs-part-i-mapping-foundational-cyber-capabilities
S. Dominioni - G. Persi Paoli
Unpacking Cyber Capacity-Building Needs - Part II. Introducing a
Threat-Based Approach
UNIDIR
https://unidir.org/publication/unpacking-cyber-capacity-building-needs-part-ii-introducing-threat-based-approach
------------------------------
Date: Sat, 1 Jul 2023 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 33.80
************************
0 new messages