RISKS-LIST: Risks-Forum Digest Thursday 13 May 2021 Volume 32 : Issue 67
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/32.67>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Colonial Pipeline not likely to pay millions in ransom demanded by hackers
(CNN Politics)
A Closer Look at the DarkSide Ransomware Gang (Krebs on Security)
Look who's hiring at Colonial (Richard Forno)
Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations
(The Hacker News)
Fact Sheet on Biden Cybersecurity EO (The White House)
ICAO Updates Effort To Clean Up NOTAM 'Garbage' (AVweb)
Covid pandemic was preventable, says WHO-commissioned report (Sarah Boseley) Dark Web Getting Loaded With Bogus Covid-19 Vaccines and Forged Cards
(The Hacker News)
Re: Marvin Minsky hacked? (Martin Ward0
Re: A mom panicked when her 4-year-old bought $2,600 in SpongeBob Popsicles
(Bernie Cosell, Martin Ward)
Re: I have been pwned! -- but not really (DJC)
Cybersecurity, Nuclear Weapon Systems and Strategic Stability: Webinar
(Diego Latella)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Thu, 13 May 2021 15:22:34 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Colonial Pipeline not likely to pay millions in ransom demanded by
hackers (CNN Politics)
[Spoiler Alert: The subject line is FALSE.
https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom
PGN]
Meanwhile, new details are emerging about Colonial's decision to proactively shut down its pipeline last week, a move that has led to panic buying and massive lines at the gas pump.
https://www.cnn.com/2021/05/12/politics/colonial-pipeline-ransomware-payment/index.html
The company halted operations because its billing system was compromised,
three people briefed on the matter told CNN, and they were concerned they wouldn't be able to figure out how much to bill customers for fuel they received.
One person familiar with the response said the billing system is central to
the unfettered operation of the pipeline. That is part of the reason getting
it back up and running has taken time, this person said.
Asked about whether the shutdown was prompted by concerns about payment, the company spokesperson said, "In response to the cybersecurity attack on our system, we proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our
IT systems."
At this time, there is no evidence that the company's operational technology systems were compromised by the attackers, the spokesperson added.
https://www.cnn.com/2021/05/12/politics/colonial-pipeline-ransomware-payment/index.html
------------------------------
Date: Thu, 13 May 2021 11:40:28 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: A Closer Look at the DarkSide Ransomware Gang (Krebs on Security)
Here's a closer look at DarkSide, the relatively new ransomware-as-a-service platform that's been holding 5,500 miles of fuel pipeline hostage. Story includes negotiations btwn DarkSide & a $15B victim that recently negotiated
a $30M demand down to $11M.
https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/
------------------------------
Date: Thu, 13 May 2021 10:50:25 -0400
From: Richard Forno <
rforno@infowarrior.org>
Subject: Look who's hiring at Colonial
(via RSK's list)
You can't make this stuff up.
Cyber Security Manager At Colonial Pipeline https://www.daybook.com/jobs/jDuPoWB4gbFMpS8x5
Date Posted: May 12th 2021
Location: Atlanta GA, USA
This appears to have been written quickly, because parts of the corporate boilerplate are repeated. Let's get to the good stuff:
"As the Manager, Cyber Security, you are accountable for managing a team
of cyber security certified subject matter experts and specialists >
including but not limited to network security engineers, SCADA & field >
controls network engineers and a cyber security architect. As the
Manager, > you will lead the development of the enterprise strategy for
> cybersecurity; will oversee the development of standards and processes
for > cyber security; lead the recovery from security incidents; and
guide > forensics of incidents. You are someone who has an understanding
of > emerging security threats in order to design security policies and
> procedures to mitigate threats where possible."
I can't decide who's having a worse month: the person who until recently
held this position, or the person who will next occupy it.
------------------------------
Date: Wed, 12 May 2021 09:06:48 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Ransomware Gang Leaks Metropolitan Police Data After Failed
Negotiations (The Hacker News)
The cybercrime syndicate behind Babuk ransomware has leaked more personal
files belonging to the Metropolitan Police Department (MPD) after
negotiations with the DC Police broke down, warning that they intend to
publish all data if their ransom demands are not met.
"The negotiations reached a dead end, the amount we were offered does not
suit us, we are posting 20 more personal files on officers, you can download this archive, the password will be released tomorrow. if during tomorrow
they do not raise the price, we will release all the data," the gang said in
a statement on their data leak site.
"You still have the ability to stop it," it added.
The Babuk group is said to have stolen 250GB of data <
https://thehackernews.com/2021/04/hackers-threaten-to-leak-dc-police.html>, including investigation reports, arrests, disciplinary actions, and other intelligence briefings.
Like other ransomware platforms, DarkSide adheres to a practice called
double extortion, which involves demanding money in return for unlocking
files and servers encrypted by the ransomware, as well as for not leaking
any data stolen from the victim prior to cutting off access to them.
"We are some kind of a cyberpunks, we randomly test corporate networks
security and in case of penetration, we ask money, and publish the
information about threats and vulnerabilities we found, in our blog if
company doesn't want to pay," the group describes itself on the dark web
site, calling its attacks an "audit."
Screenshots shared by the Babuk group, and seen by The Hacker News, reveal
that the data was published after the amount DC Police was willing to pay
did not match their ransom amount of $4 million. The MPD has allegedly
offered $100,000 to fend off the release of stolen information. [...]
https://thehackernews.com/2021/05/ransomware-gang-leaks-metropolitan.html
------------------------------
Date: May 13, 2021 20:55:48 JST
From: Richard Forno <
rforno@infowarrior.org>
Subject: Fact Sheet on Biden Cybersecurity EO (The White House)
via Dave Farber
https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks/
FACT SHEET: President Signs Executive Order Charting New Course to Improve
the Nation's Cybersecurity and Protect Federal Government Networks
12 May 2021
Today, President Biden signed an Executive Order to improve the nation's cybersecurity and protect federal government networks. Recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident are a sobering reminder that U.S. public and private sector
entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals. These incidents share
commonalities, including insufficient cybersecurity defenses that leave
public and private sector entities more vulnerable to incidents.=20
This Executive Order makes a significant contribution toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on
cyber issues, and strengthening the United States' ability to respond to incidents when they occur. It is the first of many ambitious steps the Administration is taking to modernize national cyber defenses. However, the Colonial Pipeline incident is a reminder that federal action alone is not enough. Much of our domestic critical infrastructure is owned and operated
by the private sector, and those private sector companies make their own determination regarding cybersecurity investments. We encourage private
sector companies to follow the Federal government's lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.
Specifically, the Executive Order the President is signing today will:
Remove Barriers to Threat Information Sharing Between Government and the Private Sector. The Executive Order ensures that IT Service Providers are
able to share information with the government and requires them to share certain breach information. IT providers are often hesitant or unable to voluntarily share information about a compromise. Sometimes this can be due
to contractual obligations; in other cases, providers simply may be hesitant
to share information about their own security breaches. Removing any contractual barriers and requiring providers to share breach information
that could impact Government networks is necessary to enable more effective defenses of Federal departments, and to improve the Nation's cybersecurity
as a whole.
Modernize and Implement Stronger Cybersecurity Standards in the Federal Government. The Executive Order helps move the Federal government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time
period. Outdated security models and unencrypted data have led to
compromises of systems in the public and private sectors. The Federal government must lead the way and increase its adoption of security best practices, including by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption.
Improve Software Supply Chain Security. The Executive Order will improve the security of software by establishing baseline security standards for development of software sold to the government, including requiring
developers to maintain greater visibility into their software and making security data publicly available. It stands up a concurrent public-private process to develop new and innovative approaches to secure software
development and uses the power of Federal procurement to incentivize the market. Finally, it creates a pilot program to create an ``energy star''
type of label so the government =93 and the public at large =93 can quickly determine whether software was developed securely. Too much of our software, including critical software, is shipped with significant vulnerabilities
that our adversaries exploit. This is a long-standing, well-known problem,
but for too long we have kicked the can down the road. We need to use the purchasing power of the Federal Government to drive the market to build security into all software from the ground up.
Establish a Cybersecurity Safety Review Board. The Executive Order
establishes a Cybersecurity Safety Review Board, co-chaired by government
and private sector leads, that may convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity. Too often organizations repeat the mistakes of the past and do not learn lessons from significant cyber incidents. When
something goes wrong, the Administration and private sector need to ask the hard questions and make the necessary improvements. This board is modeled
after the National Transportation Safety Board, which is used after airplane crashes and other incidents.
Create a Standard Playbook for Responding to Cyber Incidents. The Executive Order creates a standardized playbook and set of definitions for cyber
incident response by federal departments and agencies. Organizations cannot wait until they are compromised to figure out how to respond to an
attack. Recent incidents have shown that within the government the maturity level of response plans vary widely. The playbook will ensure all Federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate a threat. The playbook will also provide the private sector with a template for its response efforts.
Improve Detection of Cybersecurity Incidents on Federal Government
Networks. The Executive Order improves the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint
detection and response system and improved information sharing within the Federal government. Slow and inconsistent deployment of foundational cybersecurity tools and practices leaves an organization exposed to adversaries. The Federal government should lead in cybersecurity, and
strong, Government-wide Endpoint Detection and Response (EDR) deployment coupled with robust intra-governmental information sharing are essential.
Improve Investigative and Remediation Capabilities. The Executive Order
creates cybersecurity event log requirements for federal departments and agencies. Poor logging hampers an organization's ability to detect
intrusions, mitigate those in progress, and determine the extent of an
incident after the fact. Robust and consistent logging practices will solve much of this problem.
------------------------------
Date: Wed, 12 May 2021 20:15:27 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: ICAO Updates Effort To Clean Up NOTAM 'Garbage' (AVweb)
“(NOTAMs) are just a bunch of garbage that nobody pays any attention to,” said NTSB Chairman Robert Sumwalt during the 2018 hearing on the infamous
Air Canada incident, in which pilots missed a critical piece of
information. Unnoticed on page eight of a 27-page briefing package was the
fact that one of the destination airport’s two runways was closed. [...]
Finally, the organization suggests updating the format of NOTAMs to make
them more reader-friendly. Australian Federation of Air Pilots Safety and Technical Director Stuart Beveridge said, “So, we’ve actually suggested they
move into the 21st century and look at upper and lower case, punctuation,
plain standardized language, and time formats that are not just strings of numbers.”
https://www.avweb.com/aviation-news/icao-updates-effort-to-clean-up-notam-garbage/
------------------------------
Date: May 13, 2021 7:09:01 JST
From: Dewayne Hendricks <
dewayne@warpspeed.com>
Subject: Covid pandemic was preventable, says WHO-commissioned report
(Sarah Boseley)
[Note: This item comes from reader Randall Head. DLH] <via Dave Farber>
Sarah Boseley, *The Guardian*, May 12 2021 Covid pandemic was preventable,
says WHO-commissioned report Independent panel castigates global leaders and calls for major changes to ensure it cannot happen again
<
https://www.theguardian.com/world/2021/may/12/covid-pandemic-was-preventable-says-who-commissioned-report>
The Covid pandemic was a preventable disaster that need not have cost
millions of lives if the world had reacted more quickly, according to an independent high-level panel, which castigates global leaders and calls for major changes to bring it to an end and ensure it cannot happen again.
The report of the panel, chaired by the former New Zealand prime minister
Helen Clark and Ellen Johnson Sirleaf, a former president of Liberia, found ``weak links at every point in the chain''.
It said preparation was inconsistent and underfunded, the alert system too
slow and too meek, while the World Health Organization was underpowered. It concluded the response had exacerbated inequalities. ``Global political leadership was absent,'' the report said.
Clark described February 2020 as ``a month of lost opportunity to avert a pandemic, as so many countries chose to wait and see''.
``For some, it wasn't until hospital ICU beds began to fill that more action was taken,'' she said. ``And by then it was too late to avert the pandemic impact. What followed then was a winner takes all scramble for PPE and therapeutics. Globally, health workers were tested to their limits and the rates of infection, illness and death soared and continue to soar.''
Sirleaf said: ``The situation we find ourselves in today could have been prevented. An outbreak of a new pathogen, Sars CoV-2 became a catastrophic pandemic that has now killed more than 3.25 million people, and continues to threaten lives and livelihoods all over the world. It is due to a myriad of failures, gaps and delays in preparedness and response. This was partly due
to failure to learn from the past.''
Urgent action must be taken, she said. ``There are many reviews of previous health crises that include sensible recommendations. Yet, they sit gathering dust in UN basements and on government shelves =A6 Our report shows that
most countries of the world were simply not prepared for a pandemic.''
The report was commissioned by the WHO director general at the instigation
of member states, who called at the World Health Assembly in May last year
for an impartial review of what happened and what could be learned from the pandemic.
The panel calls for radical changes to bring heads of state together to
oversee pandemic preparations, ensuring the finance and tools the world
needs are in place. They want a faster-moving, better-resourced WHO. And
they want a commitment now from leaders of affluent countries to supply vaccines for the rest of the world.
The report says the Chinese detected and identified the new virus promptly
when it emerged at the end of 2019 and gave warnings that should have been heeded.
``When we look back to that period in late December, 2019, clinicians in
Wuhan acted quickly when they recognised individuals in a cluster of
pneumonia cases that were not normal,'' said Sirleaf.
An alert was sent out in Wuhan about a potentially new virus, which was ``picked up quickly by neighbouring areas, countries, the media =93 on an online disease reporting site =93 and by the WHO,'' she said.
``This shows the benefit and speed of open-source reporting, but then the systems that were meant to validate and respond to this alert were too
slow. The alert system does not operate with sufficient speed when faced
with a fast-moving respiratory pathogen.''
The WHO ``was hindered and not helped by the international health
regulations and procedures'', said Clark. The regulations that govern when
the WHO can declare a public health emergency of international concern were adopted in 2007. They bind WHO to confidentiality and verification,
preventing rapid action, and prohibit countries from unnecessarily closing their borders against trade.
Every day counts, said the panel, which believes the emergency could have
been declared by 22 January, instead of 30 January, as happened.
During ``the lost month'' of February, countries should have been preparing. Some did and have suffered far less than those that did not. ``Countries
with the ambition to aggressively contain and stop the spread whenever and wherever it occurs have shown that this is possible,'' says the report.
Some countries ``devalued and debunked'' the science, denying the severity
of the disease. ``This has had deadly consequences,'' said Clark. ``This has been compounded by a lack of global leadership and coordination of
geopolitical tensions and nationalism weakening the multilateral system,
which should act to keep the world safe.''
The report recommends the creation of a ``global health threats council'',
to be led by heads of state, to keep attention on the threats of pandemics between emergencies and ensure collective action. It calls for a special session of the UN general assembly later this year to agree a political declaration. The WHO must have more power and more funding, while its
regional directors and the director general should serve just a single term
of seven years.
The panel says it is ``deeply concerned and alarmed'' about the current high rates of transmission of the virus and the emergence of variants. Every
country must take the necessary measures to curb the spread, says the
report. High-income countries with enough vaccines ordered for their own
needs must commit to providing at least 1bn doses by 1 September to Covax,
the UN-backed initiative to get vaccines to 92 low- and middle-income countries, and more than 2bn doses by mid-2022.
------------------------------
Date: Thu, 13 May 2021 01:06:23 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Dark Web Getting Loaded With Bogus Covid-19 Vaccines and Forged
Cards (The Hacker News)
Bogus COVID-19 test results, fraudulent vaccination cards, and questionable vaccines are emerging a hot commodity on the dark web in what's the latest
in a long list of cybercrimes capitalizing <
https://thehackernews.com/2020/12/hackers-targeting-companies-involved-in.html>
on the coronavirus <
https://thehackernews.com/2020/12/north-korean-hackers-trying-to-steal.html> pandemic.
"A new and troubling phenomenon is that consumers are buying COVID-19
vaccines on the black market due to the increased demand around the world," said <
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fools-gold-questionable-vaccines-bogus-results-and-forged-cards/>
Anne An, a senior security researcher at McAfee's Advanced Programs Group (APG). "As a result, illegal COVID-19 vaccines and vaccination records are
in high demand on darknet marketplaces."
The growing demand and the race towards achieving herd immunity means at
least a dozen underground marketplaces are peddling COVID-19 related merchandise, with Pfizer-BioNTech vaccines purchasable for $500 per dose
from top-selling vendors who rely on services like Wickr, Telegram,
WhatsApp, and Gmail for advertising and communications.
Darknet listings for the supposed vaccines are being sold for anywhere
between $600 to $2,500, enabling prospective buyers to receive the product within two to 10 days. A second vendor has been identified as selling 10
doses of what's purportedly Moderna COVID-19 vaccine for $2,000. The
vaccines are said to be either imported from the U.S. or packed in the U.K.
and then shipped to other countries worldwide.
What's more, fake vaccination cards allegedly issued by the U.S. Centers for Disease Control and Prevention (CDC) are available starting for $50 and
going all the way to $1,500. Likewise, another unnamed seller on a different dark web market is offering counterfeit German COVID-19 certificates for a
mere $22.35. [...]
https://thehackernews.com/2021/05/dark-web-getting-loaded-with-bogus.html
------------------------------
Date: Thu, 13 May 2021 14:43:37 +0100
From: Martin Ward <
martin@gkc.org.uk>
Subject: Re: Marvin Minsky hacked? (THVV, RISKS-32.66)
A "Universal Turing Machine" is a machine that simulates an arbitrary Turing machine on arbitrary input: in other words it is designed to execute
arbitrary code.
So a "hack" which allows arbitrary code execution is just the machine
running as designed.
------------------------------
Date: Wed, 12 May 2021 15:49:45 -0400
From: "Bernie Cosell" <
cosell@alum.mit.edu>
Subject: Re: A mom panicked when her 4-year-old bought $2,600 in SpongeBob
Popsicles (RISKS-32.65)
Easy enough to find other stories about it:
https://www.msn.com/en-us/news/world/boy-accidentally-orders-2600-worth-of-spongebob-ice-cream-online
Seems that he used his Mom's Amazon account and it was probably set up with
her credit card.
[Richard Stein suggested
https://www.hawaiinewsnow.com/2021/05/10/boy-secretly-orders-more-than-spongebob-popsicles-amazon/
PGN'
------------------------------
Date: Thu, 13 May 2021 15:02:46 +0100
From: Martin Ward <
martin@gkc.org.uk>
Subject: Re: A mom panicked when her 4-year-old bought $2,600 in SpongeBob,
Popsicles (RISKS-32.65)
Install the NoScript Firefox extension and ensure that
washingtonpost.com is blocked. You can then read all the articles
without the annoying popup asking you to subscribe or login.
------------------------------
Date: Thu, 13 May 2021 12:11:50 +0200
From: DJC <
djc@resiak.org>
Subject: Re: I have been pwned! -- but not really (Slade, RISKS-32.65)
My Gmail account -- which I use rather little -- gets lots of mail intended
for others with my name. People enter their own addresses wrong (should be
my.name.DIGITS@gmail.com, but they enter
my.name@gmail.com) or they're transcribed wrong... the whole mess.
I've gotten personal notes to friends and spouses, diplomatic mail,
invitations to job interviews (and their outcomes), work documents, health records, meeting notices, lots of invoices and bills, invitations to
parties, you name it, including evidence of many scams. Plus signup confirmation requests for Facebook and other channels.
Where they look harmless I often write to the senders let them know.
They're often clueless. Occasionally someone thanks me, but they're
sometimes angry:
How did you get my address, you *%%#@! (ranting on...)
If it wasn't for you, why did you read it, stupid?
Why are you bothering me about this?
Where I see a scam in action I usually try to interrupt it. (I hope those people had a long wait and got proper attention when they arrived at the airport to make a flight paid for with a stolen credit card -- not mine, but email confirmation to me -- and found that their travel had been canceled.
They wouldn't have known about the cancellation, which I handled personally, because the confirmation came to me only the day before the flight.)
At worst, it's a temporary bother, and at best a source of innocent merriment.
------------------------------
Date: Thu, 13 May 2021 14:02:08 +0200
From: "Diego.Latella" <
diego.latella@isti.cnr.it>
Subject: Cybersecurity, Nuclear Weapon Systems and Strategic Stability:
Webinar
Thursday 27 May 2021 at 5:30 pm (CEST)
* Antonello Provenzale, President - Area della Ricerca CNR di Pisa
Diego Latella, CNR-ISTI (IT)
* Cyber-security and Critical Infrastructures, a Global Challenge
Domenico Laforenza, CNR-IIT (IT)
* Strategic Stability and Cyber and Space Dependency in Nuclear Assets
Beyza Unal, Chatham House (UK)
The webinar is organised by
Gruppo Interdisciplinare su Scienza, Tecnologia e Società (GI-STS) dell'Area della Ricerca di Pisa del CNR
In cooperation with
Areaperta - Area della Ricerca CNR di Pisa
Centro Interdisciplinare Scienze per La Pace dell'Università di Pisa
Istituto di Biofisica del CNR
Istituto di Scienza e Tecnologie dell'Informazione ``A. Faedo'' del CNR Laboratorio Informatica e Società del CINI
Pugwash Conferences on Science and World Affairs
Unione degli Scienziati Per Il Disarmo
Under the auspices of La Nuova Limonaia, Rete Università per la Pace
https://us02web.zoom.us/j/85979020637?pwd=ZmNMbWxoVllXUmxBVUw4TllXZFBVdz09
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From:
RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<
http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also,
ftp://ftp.sri.com/risks for the current volume/previous directories
or
ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES:
http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
Special Offer to Join ACM for readers of the ACM RISKS Forum:
<
http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.67
************************
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)