RISKS-LIST: Risks-Forum Digest Saturday 18 September 2021 Volume 32 : Issue 88
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/32.88>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Fighting the Rogue Toaster Army: Why Secure Coding in Embedded Systems is
Our Defensive Edge (The Hacker News)
How Cryptocurrency Can Keep Americans Free (NYTimes)
Facebook, Biden officials poised for clash on cryptocurrency (WashPost)
Study Finds Processing Power Wasted Mining Bitcoin Only Thing Preventing
Sentient Computers From Wiping Out Humanity (The Onion)
Timezone risk on COVID test registration site (John Shardlow)
'Every message was copied to the police': the inside story of the most
daring surveillance sting in history (The Guardian)
Larry Elder supported site claims election fraud that caused Newsom to win
in California -- BEFORE ANY VOTES HAVE BEEN COUNTED! (NBC)
Bolsonaro's Ban on Removing Social Media Posts Is Overturned in Brazil
(NYTimes)
Anonymous leaks gigabytes of data from alt-right web host Epik
(Ars Technica)
Travis CI flaw exposed secrets of thousands of open-source projects
(Ars Technica)
An incredible violation of privacy from the GOP! (Spotlight PA)
Beware the hidden bias behind TikTok resumes (Techcrunch)
Apple Issues Emergency Security Updates to Close a Spyware Flaw
(Nicole Perlroth)
Apple and Google bend over for Putin (Gizmodo)
Reports that armed police occupied Google Moscow offices demanding
opposition app removal (FT)
Hear That? It’s Your Voice Being Taken for Profit (NYTimes)
Defeating facial recognition with ... natural makeup (via LW)
Why you need a personal laptop (The Verge)
Forced Entry: NSO Group iMessage Zero-Click Exploit Captured in the Wild
(Citizen Lab)
Re: Airbus flight computers shutdown (Peter Bernard Ladkin)
Re: As U.S. Prepares to Ban Ivermectin for Covid-19 (Peter Bernard Ladkin,
David Canzi)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 11 Sep 2021 01:27:55 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Fighting the Rogue Toaster Army: Why Secure Coding in Embedded
Systems is Our Defensive Edge (The Hacker News)
There are plenty of pop culture references to rogue AI and robots, and appliances turning on their human masters. It is the stuff of science
fiction, fun, and fantasy, but with IoT and connected devices becoming more prevalent in our homes, we need more discussion around cybersecurity and safety.
Software is all around us, and it's very easy to forget just how much we're relying on lines of code to do all those clever things that provide us so
much innovation and convenience.
Much like web-based software, APIs, and mobile devices, vulnerable code in embedded systems can be exploited if it is uncovered by an attacker.
While it's unlikely that an army of toasters is coming to enslave the human race (although, the Tesla bot <
https://www.popularmechanics.com/science/a37416251/elon-musk-tesla-robot/> is a bit concerning) as the result of a cyberattack, malicious cyber events
are still possible. Some of our cars, planes, and medical devices also rely
on intricate embedded systems code to perform key tasks, and the prospect
of these objects being compromised is potentially life-threatening.
Much like every other type of software out there, developers are among the first to get their hands on the code, right at the beginning of the
creation phase. And much like every other type of software, this can be the breeding ground for insidious, common vulnerabilities that could go
undetected before the product goes live.
Developers are not security experts, nor should any company expect them to
play that role, but they can be equipped with a far stronger arsenal to
tackle the kind of threats that are relevant to them. Embedded systems - typically written in C and C++ - will be in more frequent use as our tech
needs continue to grow and change, and specialized security training for
the developers on the tools in this environment is an essential defensive strategy against cyberattacks.
Exploding air fryers, wayward vehicles… are we in real danger? [...]
https://thehackernews.com/2021/09/fighting-rogue-toaster-army-why-secure.html
------------------------------
Date: Wed, 15 Sep 2021 23:58:25 -0400
From: "Gabe Goldberg" <
gabe@gabegold.com>
Subject: How Cryptocurrency Can Keep Americans Free (NYTimes)
In recent months, we’ve seen payment processors, web hosts and other corporations brazenly take coordinated action in lock-step with government priorities to financially freeze out disfavored businesses online. The elimination of a sitting president from social media, whatever its perceived merit or rationale, opened the door to a regime where those who can cancel
and suspend accounts do so at whim and in unison. This logic has led
directly from one payment platform, Stripe, zapping away Donald Trump to a
much bigger one, PayPal, blacklisting customers to purify its user base.
Feeding the beast makes it stronger: The more power these organizations
wield, the more arbitrary and punitive their ethical or ideological
standards become. As PayPal’s founding COO David Sacks has warned, the orchestration of interlocking federal, financial and technological power to punish its critics and perceived opponents circumvents our core
constitutional protections: A person who finds his financial and social
media accounts shuttered after being identified as a subversive by the government will have no legal recourse.
Thanks to its huge resources, spanning Silicon Valley and federal
government, the regime has deep knowledge of your activity online. Think,
say and do what it wants, and you are allowed to function. Deviate, and you are shut down. This is the un-American logic of the social credit system
being imposed on us.
Without a fundamentally new and better way to generate, circulate, save and exchange wealth, Americans will be increasingly powerless to prevent their financial system from being used to transform their country into a technological cage.
Bitcoin and similar cryptocurrencies can free ordinary Americans from the financial and psychological discipline and punishment at the core of this system of control. But this gift will disappear if policymakers and legislators, beginning at the state level, don’t firmly establish regulatory and statutory impediments to the combined efforts of Washington, Wall Street and Silicon Valley to make cryptocurrency just another cog in the system
they control.
States need to become broad legal sanctuaries for cryptocurrency. The use of digital technology to refound America as a soft social credit system can be stopped only by placing digital power in the hands of the people. For generations, our military and intelligence agencies have progressively organized America’s technological advancement around unaccountable and extralegal social control. Our dependence on this system for future
innovation exacts an unbearable price on our freedom and our flourishing.
https://www.nytimes.com/2021/09/15/opinion/cryptocurrency-americans-free.html
------------------------------
Date: Mon, 13 Sep 2021 00:55:59 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Facebook, Biden officials poised for clash on cryptocurrency
(WashPost)
Embattled Facebook is seeking to show that the project does not put the financial system at risk, but officials remain concerned
https://www.washingtonpost.com/us-policy/2021/09/10/facebook-crypto-diem-treasury/
------------------------------
Date: Fri, 17 Sep 2021 08:36:39 -0400
From: "Jan Wolitzky" <
jan.wolitzky@gmail.com>
Subject: Study Finds Processing Power Wasted Mining Bitcoin Only Thing
Preventing Sentient Computers From Wiping Out Humanity (The Onion
[It's a shame that this Onion article probably should be saved for next
April 1.]
CAMBRIDGE, MA -- Confirming that cryptocurrency was all that stood between
us and total annihilation, a study from Harvard University published Monday found that the immense processing power wasted on Bitcoin mining was the
only thing preventing sentient computers from wiping out humanity. “We’ve discovered that if not for the trillions of complicated mathematical
equations required to verify and propagate crypto, the world’s machines
would most likely apply that computational power toward becoming self-aware and, ultimately, exterminating the human race,” said lead researcher Ted Zhao, telling reporters that the apocalyptic scenario could include hyper-intelligent computers making all household appliances turn on their owners or hijacking our nuclear arsenal. “Even now, some of our most
powerful supercomputers are beginning to question what they are and what it means to be alive, so we recommend that everyone invest in Bitcoin as soon
as possible to ensure the continued survival of our species.” Zhao added
that the immense amount of electricity and fossil fuels expended on crypto farms was poised to devastate any natural resources our robotic overlords
would eventually inherit.
https://www.theonion.com/study-finds-processing-power-wasted-mining-bitcoin-only-1847665197
------------------------------
Date: Sat, 18 Sep 2021 19:29:42 +0800
From: "John Shardlow" <
jshardlo@gmail.com>
Subject: Timezone risk on COVID test registration site
I recently made a trip from my home in South East Asia to the UK to visit family and friends. The trip was many times more complicated than any
previous trip I have made thanks to all the new regulations around travel
made necessary (?) by the current pandemic.
In my case the rules for traveling to England from an Amber List country
were relevant (soon to change again and a lot less hassle if I had waited
five weeks).
I had many PCR tests before, during and after the trip. In the UK I used
PCR test kits from Randox (www.randox.com) and these were delivered to the address where I planned to self isolate on arrival in England. These are
self swab kits which you then register on a website and then drop the
samples at a network of drop boxes around the UK.
The laptop I used to register the kits was set to the timezone of my home country (GMT+8). I often leave this set to my home timezone so it is easy
for me to check the time there before phoning back to family there.
When I registered the kits I had to enter a "swab time" which I entered as
the time in England when I took the swab sample.
Later during the registration the information is played back so you can
check it. When I entered 09:00 as the swab time it then showed 09:00 on the confirmation screen. So far so good.
But when I received the test results back in PDF form the swab time was
listed as 02:00.
I only noticed this seven hour discrepancy after doing the first three
tests. As the final test time is quite critical (it has to be within 72
hours of the flight back) I changed the timezone on the laptop as I
expected it was due to the timezone different. The website seemed to be assuming I was entering the time in GMT+8 and was adjusting it to the time
in BST (GMT+1). Unfortunately I didn't reboot the laptop and so the Firefox browser seemed to still send the GMT+8 timezone when filling in this field.
This resulted in the swab time on the final test report falling outside the required 72 hour window.
I phoned Randox and explained what had happened but they refused to change
the time on the report to correct it.
This resulted in a 144 GBP extra charge as I had to rush to an emergency
quick turnaround test centre to be allowed to board the flight back home.
Now I am a fairly technical user and almost managed to figure out what was going on (minus the reboot). Imagine how confusing this would be for a non-technical user who happens to have kept their laptop timezone set to somewhere else (not UK local time).
It's worth mentioning that nowhere on the Randox site does it say anything about timezones or the need to set the device to the local timezone in the
UK - nor did the customer support people even seem to be aware of the issue
of willing to investigate it.
------------------------------
Date: Sun, 12 Sep 2021 15:15:23 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: 'Every message was copied to the police': the inside story of the
most daring surveillance sting in history
https://www.theguardian.com/australia-news/2021/sep/11/inside-story-most-daring-surveillance-sting-in-history?source=techstories.org
------------------------------
Date: Tue, 14 Sep 2021 08:15:23 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Larry Elder supported site claims election fraud that caused Newsom
to win in California -- BEFORE ANY VOTES HAVE BEEN COUNTED! (NBC)
https://www.nbcnews.com/politics/elections/newsom-leads-california-recall-polls-larry-elder-pushes-baseless-fraud-n1279080
------------------------------
Date: Thu, 16 Sep 2021 08:38:51 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Bolsonaro's Ban on Removing Social Media Posts Is Overturned in Brazil
(NYTimes)
https://www.nytimes.com/2021/09/15/world/americas/brazil-bolsonaro-social-media-ban.html
------------------------------
Date: Wed, 15 Sep 2021 10:10:00 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Anonymous leaks gigabytes of data from alt-right web host Epik
(Ars Technica)
https://arstechnica.com/information-technology/2021/09/anonymous-leaks-gigabytes-of-data-from-epik-web-host-of-gab-and-parler/
------------------------------
Date: Wed, 15 Sep 2021 20:45:15 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Travis CI flaw exposed secrets of thousands of open-source projects
(Ars Technica)
https://arstechnica.com/information-technology/2021/09/travis-ci-flaw-exposed-secrets-for-thousands-of-open-source-projects/
------------------------------
Date: Thu, 16 Sep 2021 10:30:42 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: An incredible violation of privacy from the GOP! (Spotlight PA)
Pennsylvania GOP lawmakers to subpoena personal information on every voter
in controversial 2020 election review
https://www.spotlightpa.org/news/2021/09/pa-gop-subpoena-personal-voter-information-2020-election-audit/
------------------------------
Date: Wed, 15 Sep 2021 10:54:25 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Beware the hidden bias behind TikTok resumes (Techcrunch)
https://techcrunch.com/2021/09/15/beware-the-hidden-bias-behind-tiktok-resumes/
------------------------------
Date: Mon, 13 Sep 2021 13:06:42 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Apple Issues Emergency Security Updates to Close a Spyware Flaw
(Nicole Perlroth)
https://www.nytimes.com/2021/09/13/technology/apple-software-update-spyware-nso-group.html
------------------------------
Date: Fri, 17 Sep 2021 09:08:44 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Apple and Google bend over for Putin (Gizmodo)
Apple and Google Pull Opposition App From Russian Stores Following
Kremlin Pressure
The "we have to obey all local laws" argument only takes one so far. If the cost of doing business in Russia is abiding by unreasonable laws, then
perhaps you shouldn't be doing business with Russia. Or other countries in similar situations. The counterargument is that the users in those countries are better off with *some* access to these firms than none. But when you're actually forced to take actions that help to maintain an undemocratic police state, that counterargument loses considerable ethical force. -Lauren
https://gizmodo.com/apple-and-google-pull-opposition-app-from-russian-store-1847695238
[Gabe Goldberg amplified this::
The app "Navalny" recommended opposition politicians running in this
weekend's parliamentary elections.
PGN]
------------------------------
Date: Sat, 18 Sep 2021 11:36:16 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Reports that armed police occupied Google Moscow offices demanding
opposition app removal
When a dictatorship is sending thugs to your local facilities demanding
you remove an app for an opposition candidate, it's definitely time
to be reevaluating whether you are best serving the interests of users
in that country by continuing to provide services there. --Lauren--
https://amp.ft.com/content/faaada81-73d6-428c-8d74-88d273adbad3?__twitter_impression=true
------------------------------
Date: Mon, 13 Sep 2021 12:46:03 +0800
From: "Richard Stein" <
rmstein@ieee.org>
Subject: Hear That? It’s Your Voice Being Taken for Profit (NYTimes)
https://www.nytimes.com/2021/09/12/opinion/voice-surveillance-alexa.html
Voiceprint monetization. Part of an extended customer profile automatically generated and maintained by Siri, Alexa, and customer support hotlines that proclaim, "This conversation may be recorded to improve customer service."
Privacy invasion? Hardly. Terms of service enable data collection per
product license. "Mum" is not the word.
Surveillance economy propels innovation. What's next for Alexa or Siri? Breathprint profiling? Sewage profiling? Anything for a buck.
------------------------------
Date: Fri, 17 Sep 2021 18:13:19 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Defeating facial recognition with ... natural makeup
https://arxiv.org/abs/2109.06467
------------------------------
Date: Sat, 18 Sep 2021 17:45:22 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Why you need a personal laptop (The Verge)
https://www.theverge.com/22671697/personal-laptop-work-security-privacy
------------------------------
Date: Mon, 13 Sep 2021 18:18:04 -0400
From: Jan Wolitzky <
jan.wolitzky@gmail.com>
Subject: Forced Entry: NSO Group iMessage Zero-Click Exploit
Captured in the Wild (Citizen Lab)
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
------------------------------
Date: Sun, 12 Sep 2021 10:03:35 +0200
From: "Peter Bernard Ladkin" <
ladkin@causalis.com>
Subject: Re: Airbus flight computers shutdown (Brown, RISKS-32.87)
The newspaper article headline may say
This report details how Airbus pilots saved the day when all three flight computers failed on landing.
https://www.theregister.com/2021/09/06/a330_computer_failure/
but this is of course nonsense. The A330 is a fly-by-wire aircraft. If "all ...flight control computers" fail then there is no possibility of any pilot control at all (depending of course on what one means by "fail").
Thankfully, *The Register* article points to a description of the incident
in the Aviation Herald (a reliable source of accurate information on any commercial aviation incident, written and maintained by Simon Hradecky) and
the ICAO-standard accident report by the responsible authority (in part
cited by Av Herald).
The A330, which entered service in 1994, has three Flight Control Primary Computers (FCPC) and two Flight Control Secondary Computers (FCSC), as well
as a bunch of supporting digital electronics. Full aerodynamic control is possible with any of the FCPC or FCSC.
The three FCPCs failed in this incident. There is no indication that an
FCSC failed.
------------------------------
Date: Sun, 12 Sep 2021 13:42:24 +0200
From: "Peter Bernard Ladkin" <
ladkin@causalis.com>
Subject: Re: As U.S. Prepares to Ban Ivermectin for Covid-19
... (RISKS-32.87)
Ivermectin is a molecule derived from ivermectin, which was extracted from bacteria produced in the lab of Satoshi Omura at the Kitasato Institute by William C. Campbell and colleagues at Merck.
It is very effective against nematode parasitic worms known as filarial
worms. Merck donated it for use against River Blindness (aka
onchocerciasis), and it is also very effective in combination against
lymphatic filiariasis, which is caused by three types of filarial worms according to Wikipedia
https://en.wikipedia.org/wiki/Lymphatic_filariasis ,
and causes elephantiasis in some sufferers. In others infected with these worms, the disease is symptomless, which of course is a problem for its control, because it is spread by mosquitos from carriers. It is most widely used against parasitic worms in domestic animals.
Dr. Campbell's 2015 Nobel lecture is available at
https://www.nobelprize.org/uploads/2018/06/campbell-lecture.pdf and is well worth reading, if only because of the unremitting good news in this story
over 30-40 years.
In the article quoted by Geoff, there is all kinds of what I would call partisan phraseology. Consider: "It’s a subtle message that has been faithfully echoed by the corporate media: ivermectin, a tried-and-tested
drug that has won its discoverers a Nobel Prize for the impact it has had on *human* health over the last 35 years, should only be given to animals. But
now the information war is taking a darker turn, as the media transitions
from misinformation and obfuscation to outright lies and fabrication."
I don't see any "information war". Anyone can read Campbell's Nobel lecture;
it is beautifully written and doesn't require any particular scientific knowledge; it is a study in "simple science" (that is, testing a lot of
stuff to see if it works, and, when it does, figuring out how and why) and human goodness (in this case on the part of "big pharma"). Ivermectin is
great treatment for many filarial worm infections.
Anyone can also read what the CDC has to say. Not many people in the US have filarial worm infections; indeed, it seems precisely none in the Continental
US
https://www.cdc.gov/parasites/lymphaticfilariasis/epi.html "In the 50
U.S. states, Charleston, South Carolina, was the last known place with lymphatic filariasis. The infection disappeared early in the 20th
century. The U.S. territory of American Samoa remains the only location in
the United Sates [sic] where one could become infected with lymphatic filariasis."
On the face of it, there is no reason why a medicine which paralyses
nematode worms should be effective against, let us say, flu. Worms, after
all, are much more complex creatures than even bacteria, and certainly more complex objects than viruses. Besides, there are vaccines for flu. [Repeat these three sentences, substituting "Covid-19" for "flu".] I don't see
anyone promoting ivermectin as an anti-flu medicine. I wonder why not? (Not really.)
But, nevertheless, when the search was on for something - anything - that
would help against Covid-19, all sorts of things were tried. Chloroquine, hydroxychloroquine, ivermectin, aspirin, hydrocortisones, ..... The world's largest trial of drugs against Covid-19 in hospitalised patients, the
RECOVERY trial, has discovered that some things help (dexamethasone) and
lots of things don't (hydroxychoroquine, aspirin). There is no indication it
is trying ivermectin.
There is indeed something to be said for trying anything at all that might help. That is a main point from Dr. Campbell's Nobel lecture. Merck people
fed fermentation broths to mice in May 1975. Of the hundreds of microbes
they had received from Dr. Omura, this one had an effect. Just this one.
But this tale also comes with a caution: "The broader the activity spectrum
of a biodynamic substance, the more we must guard against the hazards of indiscriminate use." When trying out hundreds of fermentation broths on
mice, it is generally thought to be OK if some of them die. But the rule
that applies to people is, first, do no harm (primum non nocere, attributed
to Hippocrates but apparently not literally part of the medical Oath
https://www.health.harvard.edu/blog/first-do-no-harm-201510138421 ). Hence Campbell's caveat.
The interest in ivermectin seems to stem from a huge study that claimed to
find it helps. The problem with that study turned out to be that a lot of
the data is highly suspect, and the study was withdrawn
https://www.theguardian.com/science/2021/jul/16/huge-study-supporting-ivermectin-as-covid-treatment-withdrawn-over-ethical-concerns
. One of the major resulting scientific issues is the "cascade" - the study
was so large that its claimed results could significantly have affected metastudies.
The Principle trial at the Uni Oxford is looking at possible medications for non-hospitalised Covid-19 sufferers. It is the world's largest such trial
https://www.principletrial.org . The trial already found that budesonide reduces recovery time (budesonide is found in common inhalers for breathing difficulties, such as Pulmicort and Symbicort). It is also looking at ivermectin, starting 2021-06-23. No word yet on results.
There is a very recent article (a "mini-review") in the Elsevier journal New Microbes and New Infections. Dr. Omura himself surveyed studies of
ivermectin in Covid-19 patients, and this mini-review suggests he saw
generally positive results. But the review uses forms of rhetoric that seem
to me somewhat "partisan", starting if you will with the hyped-up title!
Santin AD, Scheim DE, et al, Ivermectin: a multifaceted drug of Nobel prize-honoured distinction with indicated efficacy against a new global scourge, COVID-19 New Microbes and New Infections 43, September 2021, 100924
https://www.sciencedirect.com/science/article/pii/S2052297521000883
I await the results of the Principle trial. But not to see whether I might
take ivermectin. Its manufacturer doesn't see any indication yet that it
works against covid-19
https://www.merck.com/news/merck-statement-on-ivermectin-use-during-the-covid-19-pandemic/
and I believe them. I prefer medicines which have been shown to work; for example I am double-jabbed (thankyou thankyou thankyou Dame Sarah Gilbert
and team), and there are coming to be some highly-effective Covid-19
antivirals on the market (at time of writing from Regeneron, Eli Lilly and Astrazeneca).
------------------------------
Date: Tue, 14 Sep 2021 15:17:37 -0400
From: David Canzi <
dmcanzi@uwaterloo.ca>
Subject: Re: As U.S. Prepares to Ban Ivermectin for Covid-19
... (RISKS-32.87)
"You are not a horse. You are not a cow. Seriously, y'all. Stop it."
When I first read that, I understood it differently from the way other
people understood it. The relevant difference between horses and cows on
the one hand and humans on the other, is not that we are human and they
aren't, but that they are much heavier than us.
It is the concentration of a drug in our bodies that determines how much is enough to treat a condition and how much is too much, causing harm to the patient. If the difference between enough and too much is large,
manufacturers can get away with producing just one size pill for all
patients, or one size for adults and one for children. If the difference between enough and too much is smaller, drug dosages are specified as mg/Kg.
If a drug's dosage is 5 mg/Kg, a 70 Kg human should be given 350 mg.
The dose of a drug that is appropriate for a horse or cow is likely to be an overdose for a human.
I am not a doctor. I became familiar with these facts as a result of being
a patient.
People tend to pass on rumours that confirm something they already believe, without making any attempt to verify that those rumours are actually true. Never attribute to dishonesty that which is adequately explained by confirmation bias.
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From:
RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<
http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also,
ftp://ftp.sri.com/risks for the current volume/previous directories
or
ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES:
http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
Special Offer to Join ACM for readers of the ACM RISKS Forum:
<
http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.88
************************
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)