RISKS-LIST: Risks-Forum Digest Thursday 23 July 2020 Volume 32 : Issue 13
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/32.13>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Russia report reveals UK government failed to investigate Kremlin (WashPost) Iranian state hackers caught with their pants down in intercepted videos
(Ars Technica)
Crooks have acquired proprietary Diebold software to jackpot ATMs
(Ars Technica)
Major new climate study rules out less-severe global warming scenarios (MSN)
Is it time to reassess our relationship with nature? (BBC)
European Public Sphere Towards Digital Sovereignty for Europe (ACATech)
How Berkshire Hathaway May Have Been Snookered in Germany (NYTimes)
Ongoing Meow attack has nuked >1,000 databases without telling anyone why
(Ars Technica)
Corporate giants shut down Trump texting program (Politico)
Thieves Are Emptying ATMs Using a New Form of Jackpotting (WIRED)
AT&T tells customers to change their phones or they won't work anymore
(Android Police)
CBP does end run around warrants, simply buys license plate-reader data
(Ars Technica)
Wattpad warns of data breach that stole user info (CBC-CA)
There's a reason your inbox has more malicious spam -- Emotet is back
(Ars Technica)
Hackers use recycled backdoor to keep a hold on hacked e-commerce server
(Ars Technica)
Uber helping public health officials contact-trace riders and drivers for
Covid-19 (Forbes)
Banks' unique pandemic problem: Now everyone is wearing a mask (WashPost)
The Spanish government prepares to implement facial recognition tech
(Voz Populi)
Phone carriers that profit from robocalls could have all calls blocked (FCC) CBP does end run around warrants, simply buys license-plate reader data
(Ars Technica)
Hackers Tell the Story of the Twitter Attack From the Inside (NYTimes)
Re: When tax prep is free, you may be paying with your privacy
(David E. Ross, Pete Resiak)
Re: Boeing's future is cloudy as it tries to restore credibility
(Martin Ward, Gabe Goldberg, Martin Ward)
Re: Darwin's tautology? (John Harper)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Tue, 21 Jul 2020 8:09:49 PDT
From: "Peter G. Neumann" <
neumann@csl.sri.com>
Subject: Russia report reveals UK government failed to investigate Kremlin
interference (Dan Sabbagh]
[I had more or less assumed this, but this is certainly damning. PGN]
Dan Sabbagh, The Guardian, 21 Jul 2020
Russia report reveals UK government failed to investigate Kremlin
interference. <
https://www.theguardian.com/world/2020/jul/21/russia-report-reveals-uk-government-failed-to-address-kremlin-interference-scottish-referendum-brexit>
British government and British intelligence failed to prepare or conduct any proper assessment of Kremlin attempts to interfere with the 2016 Brexit referendum, according to the long-delayed Russia report. <
https://www.theguardian.com/politics/eu-referendum>
The damning conclusion is contained within the 50-page document from parliament's intelligence and security committee, which said ministers ``had not seen or sought evidence of successful interference in UK democratic processes''.
The committee, which scrutinises the work of Britain's spy agencies, said:
``We have not been provided with any post-referendum assessment of Russian attempts at interference'' -- and contrasted the response with that of the
US. [...] This situation is in stark contrast to the US handling of allegations of Russian interference in the 2016 presidential election, where
an intelligence community assessment was produced within two months of the vote, with an unclassified summary being made public.''
Committee members said they could not definitively conclude whether the
Kremlin had or had not successfully interfered in the Brexit vote because no effort had been made to find out. ``Even if the conclusion of any such assessment were that there was minimal interference, this would nonetheless represent a helpful reassurance to the public that the UK's democratic processes had remained relatively safe,'' the report added.
The cross-party committee noted that publicly available studies have pointed
to ``the preponderance of pro-Brexit or anti-EU stories'' on the Russia
Today and Sputnik TV channels at the time of the vote and ``the use of
`bots' and `trolls' on Twitter, as evidence of Russian attempt to influence
the process.
Committee members complained that when they asked for written evidence from
MI5 at the start of their inquiry, the domestic spy agency ``initially
provided just six lines of text'' prompting criticism from the committee.
It accused MI5 of operating with ``extreme caution'' and said its ``attitude
is illogical'' because the issue at hand was ``the protection of the process and mechanism from hostile state interference, which should fall to our intelligence and security agencies''.
The keenly anticipated document was completed last October, but was sat on
by Boris Johnson before the general election and only declassified and
cleared for release by the prime minister in December.
It could not be released until No 10 had nominated Conservative members to
the committee, although its nominee for chair Chris Grayling was ambushed by opposition members who voted instead for Julian Lewis.
Downing Street is expected to publish its own response shortly.
------------------------------
Date: Wed, 22 Jul 2020 08:35:48 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Iranian state hackers caught with their pants down in intercepted
videos (Ars Technica)
IBM researchers steal 40GB of data from group targeting presidential campaigns.
https://arstechnica.com/information-technology/2020/07/iran-state-hackers-caught-with-their-pants-down-in-intercepted-videos/
------------------------------
Date: Wed, 22 Jul 2020 08:27:56 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Crooks have acquired proprietary Diebold software to jackpot ATMs
(Ars Technica)
ATM maker is investigating the use of its software in black boxes used by thieves.
https://arstechnica.com/information-technology/2020/07/crooks-are-using-a-new-way-to-jackpot-atms-made-by-diebold/
------------------------------
Date: Wed, 22 Jul 2020 14:39:06 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Major new climate study rules out less-severe global warming
scenarios (MSN)
The current pace of human-caused carbon emissions is increasingly likely to trigger irreversible damage to the planet, according to a comprehensive international *study* <
https://agupubs.onlinelibrary.wiley.com/doi/abs/10.1029/2019RG000678>
released Wednesday. Researchers studying one of the most important and
vexing topics in climate science -- how sensitive the Earth's climate is to
a doubling of the amount of carbon dioxide in the atmosphere -- found that warming is extremely unlikely to be on the low end of estimates.
These scientists now say it is likely that if human activities -- such as burning oil, gas and coal along with deforestation -- push carbon dioxide
to such levels, the Earth's global average temperature will most likely increase between 4.1 to 8.1 degrees Fahrenheit (2.3 and 4.5 degrees
Celsius). The previous and long-standing estimated range of climate sensitivity, as first laid out in a 1979 report, was 2.7 to 8.1 degrees Fahrenheit (1.5 to 4.5 Celsius).
If the warming reaches the midpoint of this new range, it would be extremely damaging, said Kate Marvel, a physicist at NASA's Goddard Institute of Space Studies and Columbia University, who called it the equivalent of a
*five-alarm fire* for the planet. [...]
https://www.washingtonpost.com/weather/2020/07/22/climate-sensitivity-co2/
https://www.msn.com/en-us/news/weather/major-new-climate-study-rules-out-less-severe-global-warming-scenarios/ar-BB173tL8
------------------------------
Date: Wed, 22 Jul 2020 14:40:05 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Is it time to reassess our relationship with nature? (BBC)
*Western societies tend to see nature and humanity as separate. But are
there other ways of relating to the natural world?* [...]
https://www.bbc.co.uk/ideas/videos/is-it-time-to-reassess-our-relationship-with-natur/p08l2xcb
------------------------------
Date: Thu, 23 Jul 2020 08:02:59 +0900
From: Dave Farber <
farber@gmail.com>
Subject: European Public Sphere Towards Digital Sovereignty for Europe
(ACATech)
https://www.acatech.de/wp-content/uploads/2020/07/aca_IMP_EPS_en_WEB_FINAL.pdf
Executive Summary
Europe can strengthen its digital sovereignty by creating a sovereign
European digital ecosystem that is democratically accountable to its
citizens. A digital ecosystem that observes European values such as transparency, openness and privacy protection, even in its technical design, can create a digital public sphere that offers fair terms of access and use, strengthens the public debate and safeguards the plurality that forms a key part of Europe's identity. This sphere would be open to everyone, both
within Europe and beyond -- the key to Europe's digital sovereignty lies not
in isolationism but in the creation of ambitious alternatives.
The current coronavirus crisis has shone a light not only on how digital technology is increasingly penetrating every area of our lives, but also on just how dependent Europe has become on non-European platform operators. Europe is losing its influence
over the digital public sphere at a time when it has taken on a central role in the continent's economic and social life. As well as diminishing Europe's economic competitiveness and thus the prosperity of European society, this poses a particularly
serious threat to people's individual freedom and privacy and to Europe's democratic values. The time has come for both the member state and European Union levels to demonstrate the common political will to actively shape a digital public sphere that
provides a basis for democratic debate, public opinion-forming and respect for European values, and to develop and establish an open European digital ecosystem that offers a genuine alternative. If incorporated into the special funding!
measures to overcome the coronavirus crisis, this European Public Sphere (EPS) can also provide a huge opportunity for European companies and start-ups, thereby helping to boost value creation in Europe.
This paper describes how a European Public Sphere can be established as an alternative European ecosystem, and sets out
the concrete measures that will be necessary in order to do so. These include:
* Design of a technology infrastructure for delivering the digital public
sphere as a public service.
* Formulation of a technology strategy characterised by modularity,
interoperability, openness and transparency that enables continuous
development and a diverse range of business models.
* Establishment of a governance entity such as a European Digital Agency or
agency network, together with an alliance of European actors including
content, service and infrastructure component providers, civil society
initiatives and research institutions.
* Government funding coupled with European regulation to kick-start the
establishment of an open, European digital ecosystem for the development
and operation of the key technological components and products for a
digital public sphere.
* Requirement for all the digital ecosystem's actors to adopt a *values
by design* approach.
These measures will enable the establishment of a trusted digital public
sphere for the citizens of Europe that puts European values first and that facilitates cross-border services and a dialogue between people who live in different countries and speak different languages.
Together with key partner France, and in conjunction with the European Commission and European Parliament, the Trio Presidency of Germany, Portugal and Slovenia can initiate the European Public Sphere as an ambitious, pan-European development project. Provided that they receive the necessary backing and financial support from government, stakeholders from the private sector, culture, civil society and academia are ready to create an
alternative European digital ecosystem.
------------------------------
Date: Tue, 21 Jul 2020 12:08:48 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: How Berkshire Hathaway May Have Been Snookered in Germany (NYTimes)
A unit of Warren Buffett's empire paid an inflated price for a pipe maker
that used fake sales to look profitable, an arbitration panel concluded. The firm was close to bankruptcy.
https://www.nytimes.com/2020/07/01/business/berkshire-hathaway-fraud-germany.html
------------------------------
Date: Thu, 23 Jul 2020 08:36:47 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Ongoing Meow attack has nuked >1,000 databases without telling
anyone why (Ars Technica)
Ongoing attack hitting unsecured data leaves the word "meow" as its calling card.
https://arstechnica.com/information-technology/2020/07/more-than-1000-databases-have-been-nuked-by-mystery-meow-attack/
------------------------------
Date: Tue, 21 Jul 2020 12:20:47 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Corporate giants shut down Trump texting program (Politico)
It took days to resolve anti-spam concerns that halted a 4 July 2020 test
run, costing Trump donations and raising GOP fears about November.
https://www.politico.com/news/2020/07/20/trump-massive-texting-program-suspended-372302
------------------------------
Date: Wed, 22 Jul 2020 23:23:28 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Thieves Are Emptying ATMs Using a New Form of Jackpotting (WIRED)
The new hardware-based attack, which has targeted machines across Europe,
can yield a stream of cash for the attacker.
https://www.wired.com/story/thieves-are-emptying-atms-using-a-new-form-of-jackpotting/
------------------------------
Date: Thu, 23 Jul 2020 08:19:21 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: AT&T tells customers to change their phones or they won't work anymore
(Android Police)
Even recent unlocked phones like the Galaxy S10e or the Nokia 6.1 are
affected
Amid an economy-crushing pandemic, AT&T has decided that now is the best
time to send a scaremongering email to some customers, telling them that
their device "is not compatible with the new network and you need to replace
it to continue receiving service." The email conveniently doesn't explicitly mention that this will only affect customers as late as February 2022, only linking to that information. [...]
https://www.androidpolice.com/2020/07/22/att-tells-customers-to-change-their-phones-or-they-wont-work-anymore/
[Lauren Weinstein commented that AT&T email about phone shutoffs was so
confusing some users thought it was a scam.
https://arstechnica.com/information-technology/2020/07/att-misleads-users-about-network-change-in-bid-to-sell-more-phones/
Also noted by Gabe Goldberg. PGN]
------------------------------
Date: Tue, 21 Jul 2020 23:49:30 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: CBP does end run around warrants, simply buys license plate-reader
data (Ars Technica)
How does "unreasonable search" work when any agency can buy data from
anywhere?
https://arstechnica.com/tech-policy/2020/07/cbp-does-end-run-around-warrants-simply-buys-license-plate-reader-data/
------------------------------
Date: Tue, 21 Jul 2020 22:37:10 -0600
From: "Matthew Kruk" <
mkrukg@gmail.com>
Subject: Wattpad warns of data breach that stole user info (CBC-CA)
Wattpad Corp. has provided more details about a breach of user data provided
to its online storytelling platform. The Toronto-based company has sent out
a note to users that says hackers may have had access to email addresses,
birth dates, the gender of members and encrypted passwords.
It says user stories, private messages, and phone numbers were not part of
this incident.
https://www.cbc.ca/news/business/wattpad-data-breach-1.5657724
------------------------------
Date: Wed, 22 Jul 2020 08:30:37 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: There's a reason your inbox has more malicious spam -- Emotet is
back (Ars Technica)
After taking a five-month break, the botnet returns with a short burst of activity.
https://arstechnica.com/information-technology/2020/07/destructive-emotet-botnet-returns-with-250k-strong-blast-of-toxic-email/
------------------------------
Date: Wed, 22 Jul 2020 08:22:26 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Hackers use recycled backdoor to keep a hold on hacked e-commerce
server (Ars Technica)
Easy-to-miss script can give attackers a new access should they ever be
booted out.
https://arstechnica.com/information-technology/2020/07/hackers-use-recycled-backdoor-to-keep-a-hold-on-hacked-ecommerce-server/
------------------------------
Date: Wed, 22 Jul 2020 01:55:32 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Uber helping public health officials contact-trace riders and
drivers for Covid-19 (Forbes)
Uber said Monday that it had established a service to give public health officials access to data within hours on riders and drivers who are presumed
to have come in contact with someone infected with Covid-19, helping to fill
in a gap in the coronavirus response of the U.S., which does not have a
federal contact tracing program.
https://www.forbes.com/sites/elanagross/2020/07/20/uber-helping-public-health-officials-contact-trace-riders-and-drivers-for-covid-19/#a067c957b07e
------------------------------
Date: Thu, 23 Jul 2020 09:47:00 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: Banks' unique pandemic problem: Now everyone is wearing a mask
(WashPost)
https://www.washingtonpost.com/business/2020/07/22/face-mask-banks/
"There have already been 'recent reports of face-covering-related robberies
at bank branches...make clear that broadly applicable face mask requirements are not safe or sustainable on a permanent basis.'"
A new bank visitation protocol to deter the criminally inept:
a) Remove face mask for a photograph to gain unobstructed bank entry.
Assumes one does not wear a 2nd disguise.
b) If undeterred, pass the "Abt natural, I have a gub" note (per Woody
Allen's "Take the Money and Run") to the teller.
------------------------------
Date: Wed, 22 Jul 2020 14:43:12 -0400
From: =?iso-8859-1?Q?Jos=E9_Mar=EDa?= Mateos <
chema@rinzewind.org>
Subject: The Spanish government prepares to implement facial recognition tech
(Voz Populi)
Original article:
https://www.vozpopuli.com/economia-y-finanzas/reconocimiento-facial-causas-pendientes_0_1375363234.html.
Automatic translation:
https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Fwww.vozpopuli.com%2Feconomia-y-finanzas%2Freconocimiento-facial-causas-pendientes_0_1375363234.html
The Ministry of the Interior wants a solution based on facial recognition
to be installed in large sporting or cultural shows football matches, concerts ... that allows detecting people with pending cases with the Justice.
------------------------------
Date: Wed, 22 Jul 2020 08:33:31 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Phone carriers that profit from robocalls could have all calls
blocked (FCC)
Safe harbor lets phone companies block all calls from bad-actor telecoms.
https://arstechnica.com/tech-policy/2020/07/fcc-phone-carriers-that-profit-from-robocalls-could-have-all-calls-blocked/
------------------------------
Date: Wed, 22 Jul 2020 08:32:29 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: CBP does end run around warrants, simply buys license-plate
reader data (Ars Technica)
How does "unreasonable search" work when any agency can buy data from
anywhere?
US Customs and Border Protection can track everyone's cars all over the
country thanks to massive troves of automated license plate scanner data, a
new report reveals -- and CBP didn't need to get a single warrant to do it. Instead, the agency did just what hundreds of other businesses and investigators do: straight-up purchase access to commercial databases.
CBP has been buying access to commercial automated license plate-reader
(ALPR) databases since 2017, TechCrunch reports, and the agency says bluntly that there's no real way for any American to avoid having their movements tracked. [...]
https://arstechnica.com/tech-policy/2020/07/cbp-does-end-run-around-warrants-simply-buys-license-plate-reader-data/
------------------------------
Date: Thu, 23 Jul 2020 16:03:37 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Hackers Tell the Story of the Twitter Attack From the Inside
(NYTimes)
[Re: High-profile Twitter accounts hacked (RISKS-32.11)]
Several people involved in the events that took down Twitter this week spoke with *The Times*, giving the first account of what happened as a pursuit of Bitcoin spun out of control.
OAKLAND, Calif. A Twitter hacking scheme that targeted political, corporate
and cultural elites this week began with a teasing message between two
hackers late Tuesday on the online messaging platform Discord.
``yoo bro,'' wrote a user named Kirk, according to a screenshot of the conversation shared with The New York Times. ``i work at twitter / don't
show this to anyone / seriously.''
He then demonstrated that he could take control of valuable Twitter accounts
-- the sort of thing that would require insider access to the company's computer network.
https://www.nytimes.com/2020/07/17/technology/twitter-hackers-interview.html
------------------------------
Date: Mon, 20 Jul 2020 17:11:46 -0700
From: "David E. Ross" <
david@rossde.com>
Subject: Re: When tax prep is free, you may be paying with your privacy,
(RISKS-32.11)
For several years now, I have been an unpaid AARP (American Association of Retired Persons) volunteer doing U.S. and California income tax returns.
Our clients do not pay for the service. Their returns are filed
electronically over encrypted Internet connections. Even before the returns are filed, we print paper copies of their returns at the time of service for them to take home.
We retain NO client data when we do taxes, not one piece of paper brought by
a client or generated by our volunteers. If a client forgets to take all paper, we contact that client to return to the facility to collect it. Otherwise, the paper is shredded.
We ask our clients whether they want to be contacted by AARP regarding other services, but we do not urge them to say "yes". We ask our clients whether they want their tax returns made available electronically to other AARP locations the following year to simplify data entry, but we do not urge them
to say "yes". We ask our clients whether they want their tax returns made available electronically to other authorized free services authorized by the Internal Revenue Service the following year, but we do not urge them to say "yes".
Overall, the AARP Tax-Aide service operates with strict rules protecting the client's data. Using those data for any purpose other than completing a tax return is prohibited.
On top of all that, the state of California's Franchise Tax Board has a Web site where taxpayers can enter their own data and file their returns electronically for free. California has very stringent laws protecting the privacy of its residents. The state is not in the business of selling
personal data.
------------------------------
Date: Tue, 21 Jul 2020 10:22:25 +0300
From: Amos Shapir <
amos083@gmail.com>
Subhect: Re: The Dark Secret at the Heart of AI (RISKS-32.12)
"it relied entirely on an algorithm that had taught itself to drive by watching a human do it."
Does this mean that it learned about traffic lights, "Red = stop, Green =
go, Yellow == charge forward at top speed to catch it before it turns red"?
------------------------------
Date: Tue, 21 Jul 2020 17:13:00 +0200
From: Pete <
djc@resiak.org>
Subject: Re: When tax prep is free, you may be paying with your privacy
(RISKS-32.11)
It seems that the old principle is still valid: ``If you're not paying, you're not the customer, you're the merchandise.''
The canton of Zurich provides free tax preparation software for private persons: you can do it online, with access to your previous tax records, or
you can download the software and do it offline on your own computer -- Windows, Mac, or Linux. There the software can pick up and use last year's data if you've kept it; and you generate PDF to print and mail the completed tax forms.
The name of the software is "Private Tax". It works, and it saves time and money for the tax office as well as for individual taxpayers. I have a hard time thinking of any down side to this.
------------------------------
Date: Tue, 21 Jul 2020 17:43:05 +0100
From: Martin Ward <
martin@gkc.org.uk>
Subject: Re: Boeing's future is cloudy as it tries to restore credibility
(WashPost)
It's also reviewed all 1 million lines of code in the spacecraft
``resulting in increased robustness of flight software''
That sounds reassuring, but is actually rather worrying. Boeing found
problems with their software, then uncovered another problem when fixing the first. So they reviewed all 1 million lines of code which resulted in "increased robustness".
If the review had not found any further problems then the result would have been "increased confidence". "Increased robustness" on the other hand meant that *even more* problems were found!
As any software engineer knows, anyone who says "I have just fixed the last bug" is wrong.
------------------------------
Date: Tue, 21 Jul 2020 13:47:35 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Re: Boeing's future is cloudy as it tries to restore credibility
(Ward, RISKS-32.12)
Right. Also, what does "reviewed" mean? And by whom?
Original developer(s)? People see what they want/expect to see. (That's
surely true trying to edit my own writing).
And if they don't like what they see -- they "fix" it? How many times are
new problems introduced when fixing (maybe) old ones?
Combine that with being rushed through the million lines. As you say, it's
not reassuring.
------------------------------
Date: Tue, 21 Jul 2020 22:02:29 +0100
From: Martin Ward <
martin@gkc.org.uk>
Subject: Re: Boeing's future is cloudy as it tries to restore credibility
(Goldberg, RISKS-32.13)
Probably junior programmers get this boring grunt work: senior programmers
get to do more interesting jobs, like writing new code!
I think it was IBM's OS/360 operating system that, after release,
consistently had several thousand bug fixes per month. There are two
possible explanations for this phenomena:
(1) The software contained an infinite number of bugs
(2) Each month the programmers fixed 2,000 bugs and in the process
introduced another 2,000 bugs.
------------------------------
Date: Tue, 21 Jul 2020 10:00:42 +1200 (NZST)
From: John Harper <
harper@msor.vuw.ac.nz>
Subject: Re: Darwin's tautology? (RISKS-32.12)
Tautologies often need to be pointed out. Mathematics textbooks from
Euclid's Elements onward are full of them, but millions still buy them
because they are useful.
------------------------------
Date: Mon, 1 Jun 2020 11:11:11 -0800
From:
RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<
http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also,
ftp://ftp.sri.com/risks for the current volume
or
ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES:
http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
Special Offer to Join ACM for readers of the ACM RISKS Forum:
<
http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.13
************************
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)