[continued from previous message]
------------------------------
Date: Tue, 30 Apr 2019 00:30:34 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Monster screwup on dividends (Korea Herald)
But someone screwed up. Instead of issuing a ₩1,000 per share dividend, the person in charge of hitting that button issued a 1,000 share per share dividend. As the Korea Herald reported, dividends offered to employees due
to the `fat-finger' slip-up came to 112.6 trillion won (about $100 million), over 40,000 times the intended value and 33 times greater than the company's market cap. Suffice it to say that, if the company couldn’t reverse the error, the company would cease to exist once these 200 or so employees sold these phantom shares.
http://www.koreaherald.com/view.php%3Fud%3D20180408000221 http://nowiknow.com/why-you-shouldnt-take-advice-from-a-board-game/
------------------------------
Date: Mon, 15 Apr 2019 06:51:56 +0000
From: Bruce Schneier <
schneier@schneier.com>
Subject: NSA-inspired vulnerability found in Huawei laptops
CRYPTO-GRAM, April 15, 2019
This is an interesting story of a serious vulnerability in a Huawei driver
that Microsoft found. The vulnerability is similar in style to the NSA's DOUBLEPULSAR that was leaked by the Shadow Brokers -- believed to be the Russian government -- and it's obvious that this attack copied that
technique.
What is less clear is whether the vulnerability -- which has been fixed --
was put into the Huwei driver accidentally or on purpose.
https://arstechnica.com/gadgets/2019/03/how-microsoft-found-a-huawei-driver-that-opened-systems-up-to-attack/
https://www.schneier.com/blog/archives/2019/03/nsa-inspired_vu.html
------------------------------
Date: Tue, 30 Apr 2019 15:24:55 -0700
From: "Peter G. Neumann" <
neumann@CSL.SRI.COM>
Subject: Vodafone found hidden backdoors in Huawei equipment
For more than a decade, executives, intelligence agencies and conspiracy theorists have been warning about the dangers of equipment from China's
Huawei Technologies Co.
And for almost as long, Huawei has denied that its telecommunications
products pose any kind of security threat.
The West has finally found its smoking gun. Yet it may not be enough
to sway those on either side of the debate.
As far back as 2009, Vodafone Group Plc -- one of the world's most powerful
and far-reaching telecom companies -- found hidden backdoors that could have given Huawei access to its fixed-line network in Italy, Bloomberg News's Daniele Lepido reported Tuesday, citing security briefing documents from the London-based company.
https://www.bloomberg.com/opinion/articles/2019-04-30/huawei-backdoors-found-by-vodafone-are-a-smoking-gun
------------------------------
Date: Tue, 30 Apr 2019 11:53:53 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Vodafone denies Huawei Italy security risk (BBC)
Vodafone has denied a report saying issues found in equipment supplied to it
by Huawei in Italy in 2011 and 2012 could have allowed unauthorised access
to its fixed-line network there.
A Bloomberg report said that Vodafone spotted security flaws in software
that could have given Huawei unauthorised access to Italian homes and businesses.
The US refuses to use Huawei equipment for security reasons.
However, reports suggest the UK may let the firm help build its 5G network.
This is despite the US wanting the UK and its other allies in the "Five
Eyes" intelligence grouping -- Canada, Australia and New Zealand -- to
exclude the company.
Australia and New Zealand have already blocked telecoms companies from using Huawei equipment in 5G networks, while Canada is reviewing its relationship with the Chinese telecoms firm.
https://www.bloomberg.com/news/articles/2019-04-30/vodafone-found-hidden-backdoors-in-huawei-equipment
------------------------------
Date: Mon, 29 Apr 2019 18:53:09 -0700
From: Keith Thompson <
keithsthompson@gmail.com>
Subject: Re: Huawei's code is a steaming pile... (Shapir, RISKS-31.21)
Amos Shapir <
amos083@gmail.com> writes:
C does not force anyone to use strcpy() etc., it had always provided also similar length-limiting functions strncpy() etc.
strncpy() is not a "safer" version of strcpy(), as I've discussed here:
https://the-flat-trantor-society.blogspot.com/2012/03/no-strncpy-is-not-safer-strcpy.html
Even a length-limiting string copy function would not necessarily be
"safe". Consider a copying operation that silently truncates
"rm -rf /home/username/tmpdir"
to
"rm -rf /home/user/name"
------------------------------
Date: Tue, 30 Apr 2019 13:51:04 -0500
From: Dimitri Maziuk <
dmaziuk@bmrb.wisc.edu>
Subject: Re: Huawei's code is a steaming pile ... (Ward, RISKS-31.21)
First, nobody's *forcing* anyone to juggle chainsaws.
Second, short answer is no, longer one is "define 'better'". Programming language is a tool just like a hammer: you can make one that won't hurt your thumb when you hit it. There will be a trade-off, though. Those trying to
drive in nails might even call that trade-off "undesirable".
(There is in fact a whole "c-minus" argument along the lines that modern
C has already gone too far in the "thumb safety" direction.)
Third, and on another tangent, the idea that computer programs are not aware
of the larger context seems to a recurring motif in RISKS lately.
The problem with "unsafe foo()-like functions" is whether the tool that classified it "unsafe" based on the context in which the function is
invoked; if not, it may well be a false positive. Without knowing the specificity and sensitivity of the "safety" test, assertion that "22% of
foo() invocations are unsafe" isn't really worth much, and if lack of
context awareness is a systemic problem, it likely isn't.
------------------------------
Date: Fri, 3 May 2019 14:01:17 +1000
From: phil colbourn <
philcolbourn@gmail.com>
Subject: Re: Huawei's code is a steaming pile... (RISKS 31.16)
If Cisco is correct (see
https://blogs.cisco.com/news/huawei-and-ciscos-source-code-correcting-the-record
then Huawei's code may still be Cisco's code (or based on it).
Comparing Cisco STRCMP and Huawei's [CODE]: ``It must be concluded that
Huawei misappropriated this code.''
``Because of the many functional choices available to the Huawei developers (including three of their own routines), the fact that they made the same functional choice as Cisco would suggest access to the Cisco code even if
the routines had implementation differences. The exactness of the comments
and spacing not only indicate that Huawei has access to the Cisco code but
that the Cisco code was electronically copied and inserted into [Huawei's] [CODE].''
``The nearly identical STRCMP routines are beyond coincidence. The Huawei [CODE] routine was copied from the strcmp routine in Cisco strcmp.c file.''
Therefore, HCSEC [Huawei Cyber Security Evaluation Centre] should consider reviewing code of other manufacturer's equipment used in UK critical
national infrastructure.
If Cisco is correct, then Huawei's code may still be Cisco.
https://blogs.cisco.com/news/huawei-and-ciscos-source-code-correcting-the-record
------------------------------
Date: Tue, 30 Apr 2019 18:54:34 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: Re: Should AI be used to catch shoplifters? (cnn.com, R 31 20))
Busted! That is, I have been busted for expressing highly cynical and condescending, even snarky, remarks about AI deployment as a crime deterrent mechanism.
A software stack that can accurately and consistently detect larceny or discriminate larcenous intent from a random customer pool, and then alert authorities, would be astonishing.
https://edition.cnn.com/2019/04/18/business/ai-vaak-shoplifting/index.html
The article mentions:
1) The "VaakEye" algorithm was trained against 100K hours of
store-captured surveillance video;
2) A 77% reduction in shoplifting across 50 stores in Japan;
3) Global retail shoplifting losses accrued to $34 billion in 2017.
I will be convinced of VaakEye's product efficacy when/if statistics are published that confirm accuracy and consistency of larcenous detection, and show a sufficient reliability guarantee of false positive/negative findings. Sufficient means 3+ nines, preferably 4+ nines, of accurate and consistent theft detection.
Until then, a big warning sign should be posted at the shop entrance that states something like:
"These premises deploy automated shoplifting surveillance technology to
deter stock theft. The surveillance captures and analyzes your shopping
habits, including hand/arm motion between the stock items and your clothes and/or shopping cart/toke bag. Your facial profile is automatically
constructed and mapped to improve future theft detection capabilities. We
hope your shopping experience is pleasant. Come back again soon!"
------------------------------
Date: Tue, 30 Apr 2019 09:14:17 +0100
From: Roger Bell-West <
roger@nospam.firedrake.org>
Subject: Re: A video showed a parked Tesla Model S exploding in Shanghai
(Stein, RISKS-31.21)
But the energy density of petrol (gasoline) is over ten times as much (46.7MJ/kg), which is what makes it such a good fuel in the first place;
and yet, somehow, parked conventional cars rarely catch fire.
------------------------------
Date: Tue, 30 Apr 2019 19:27:25 +0800
From: Dan Jacobson <
jidanni@jidanni.org>
Subject: Re: A 'Blockchain Bandit' Is Guessing Private Keys and Scoring
Millions (WiReD via Meacham)
"BM" -- Bill Meacham <bmeacham98@yahoo.com> writes:
... the odds of guessing a randomly generated Ethereum private key is 1 in 115 quattuorvigintillion. (Or, as a fraction: 1/2256.) That denominator is very roughly around the number of atoms in the universe. ... But as he
I just see "1/2256" above. One in two thousand.
------------------------------
Date: Tue, 30 Apr 2019 18:57:24 -0700
From: Gene Wirchenko <
gene@shaw.ca>
Subject: Re: An Interesting Juxtaposition (Wol, RISKS-31.21)
"I think Gene should be blaming the expensive GPS's, not the cheap ones!
Many of my colleagues use Google Maps or Waze because they're so much
better."
How about I blame them all?
Google Maps has some, ah, interesting quirks.
------------------------------
Date: Sat, 4 May 2019 00:23:39 -0400
From: Gregory Travis <
greg@littlebear.com>
Subject: Re: Gregory Travis' article on the 737 MAX
First, I am delighted to once again be a part of the RISKS community. Some
may remember postings I made in the (very) early 1990s here, including a (humorous) sendup of the A320.
Second, the point of my article was to convey to the lay public:
1. Unlike previous 737 models, Boeing's 737 MAX 8 airframe could (and does)
not meet the pitch stability and control force requirements of FAR part 25. 2. Boeing realized this fairly early in the development process with wind
tunnel and computer simulations.
3. Boeing determined that a fairly simple bit of software would make the
problem “go away.” Namely programming that took AOA input from a single
(AOA) sensor and used that input to determine whether or not to drive the
horizontal stabilizer trim.
4. Later, during actual flight tests, it was determined that the pitch
instability and control force problems of the airframe were far more
serious than the early wind tunnel and simulations indicated (this is
somewhat common in the industry).
5. Conversely, the software was changed to MUCH more aggressively trim the
horizontal stabilizer. In fact, it could drive the stabilizer to its
mechanical stops in roughly 20-30 seconds.
And:
1. There is an inherent and deep engineering problem in any system that
relies on a single sensor as input without any data validation,
particular a system that can use that data to drive very large flight
surfaces to their mechanical stops in seconds (I am sure some pedant will
complain that the electric motor running the jackscrew has a different
set of stops than the mechanical trim wheel. I am tired of responding to
such irrelevant nonsense).
2. What is often not mentioned is that Boeing explicitly changed the trim
disconnect function for this system. It will not stop if the pilot exerts
countering control force. This is a nonintuitive behavior for any pilot who
are used to autopilots and electric trim automatic disconnects if the pilots
exert a control force contrary to the direction of trim.
3. Aerodynamic loads on the horizontal stabilizer can exceed a human’s
ability to move the stabilizer trim manually. Boeing has known this for
nearly thirty years, yet they suggested a fix to the problem was to
disconnect the electric trim (use the cutoff switches) and manually trim.
As the Ethiopian Air pilots found out, that is impossible. Boeing knew
this.
And:
1. Boeing intentionally hid the existence of this system (so that pilot
training would not be required) not only from the line pilots flying
revenue, but from its own test pilots.
2. For example, the Master Minimum Equipment List (MMEL) for the 737 MAX
makes no mention of the system. Although there are cockpit failure
indications for the yaw damper, the speed trim system, the mach trim
system, etc. there is no failure indication for MCAS.
3. Angle of attack sensor failure is common, contrary to assertions
otherwise. The service difficulty database has about 200 entries and that
typically represents 5% of the real-world situation., Frozen water
(heater failure) in the system is a very common failure cause.
4. The 737 MAX MMEL allows the 737 MAX to take off with all angle of attack
sensor heaters inoperative.even though Boeing knew that a single angle of
attack sensor failure could render the aircraft uncontrollable with this
system.
5. In contrast, the MMEL for the A320 requires that at least two of the
three angle of attack sensor heaters be operational before flight.
And:
1. All of this can be traced back to a change in Boeing's corporate culture
that began with the McDonnell Douglas takeover of Boeing in 1997 (where they
used Boeing's own money).
2. Because the cultural change was most manifested in the tying of executive
compensation to stock price, not revenue or other metrics. Stock prices
are irrational, as John Maynard Keynes so famously noted and easily
manipulated by statements from management that sound good to Wall Street
but are devastating to the company’s ability to create new products, build
quality products, or even stay in business (as McDonnell Douglas
discovered).
3. 1&2, above, were enabled by regulatory changes, particularly the 2005
change, that delegated virtually *all* certification from the FAA to Boeing
itself.
Finally, I am delighted that some of the most substantive criticism of my article has been the inaccuracy of equating Lycoming pistons to dinner
plates. Some people just don’t get it, and never will.
------------------------------
Date: Tue, 30 Apr 2019 15:56:10 -0700
From: Rob Slade <
rmslade@shaw.ca>
Subject: Digital health ...
So Gloria found, and read to me, an article on "digital nutrition." The
term seems to be promoted by one Jocelyn Brewer, and is probably trademarked and copyrighted all to heck, even though is it just a variation on digital detox/digital vacation, with some "vary your online activity diet" thrown in for good measure.
Martin Ward wrote:
For those who still think that competition improves heathcare, consider the drug naloxone hydrochloride. This is sold by five big pharmaceutical companies and demand is soaring, but far from driving the price down, the cost has soared:
Martin Ward wrote:
For those who still think that competition improves heathcare, consider the drug naloxone hydrochloride. This is sold by five big pharmaceutical companies and demand is soaring, but far from driving the price down, the cost has soared:
https://community.isc2.org/t5/Industry-News/Digital-Detox/m-p/19740
I tend to think more in terms of a healthy attitude to the net. The phrase "benign neglect" somehow seems appropriate.
Every time I come across one of these pieces, it seems everyone is using the Internet differently than I am. Everyone else is madly glued to their smartphones and the apps on them. Mostly I use the computer, usually with a Web browser. At my desk. Everyone else gets alerted by their apps. I
allow most of my apps to notify me, but the volume is turned way down, and often, when I'm out, I miss the notifications. Sorry for those who are desperately trying to reach me on Whatsapp, but I just haven't yet found
that any of those missed notifications could have changed my life.
I really wonder why I use the Internet so differently than most other
people. I use the same social media applications. I just use them differently. I really like Twitter. To a certain extent I use it to follow some of my friends. But mostly I follow news sources. CBC, BBC, NPR, The Economist, Sydney Morning Herald, and others. And, of course, a number of sources of information security news. I use other news sources, of course,
but Twitter gives me a bit more breadth. (Knowing that Twitter, like most social media, supports a kind of "bubble effect" of reinforcing views you already agree with, I deliberately follow some people I don't like, just to mess with the algorithm.)
It's possible that it's because I've been on the Internet a lot longer than most people. I was using the Internet in 1983. At that time it wasn't even called the Internet, yet, and the population, as near as I can estimate, was about a thousand people. Social media was mostly mailing lists (mail was
used for almost everything, including file transfers), with some people
having various levels of access to Usenet. I had, perforce, to learn an
awful lot about the underlying technologies, since it was extremely unlikely that I was going to find anyone to give me any help if I ran into any
problems. This kind of background is not good if you want to continue to
view each new social media app as a magical new toy. You tend to see each
one as yet another database, with yet another new interface.
Which tends to give you a different perspective. Instead of a new bandwagon
to jump on, or group to join, you tend to think of new systems in terms of "what new information can I get here that I can't get elsewhere?" If I can
get this info elsewhere, is it sufficiently worthwhile, in terms of
accuracy, volume, or query granularity, to learn this new interface? (The answer, very often, is "no.")
I love the Internet. I really do. I have, ever since I first discovered
it. I hate it, almost to the point of feeling physical pain, whenever there
is some new attack on it or through it. But I've got more than three and a half decades of experience on it. I know how important it is, and isn't. I know which parts are important, and which are temporary fads. (I get it
wrong, sometimes. I admit it. One of my biggest mistakes was in thinking
the World Wide Web was only another interface, like gopher. Why did we need it, when we had archie?) (Anybody remember gopher? Or archie? No, I
didn't think so.)
The Internet is great. It's informative, and entertaining. But it's not everything.
And now I'm going to stop wasting time posting this, and go for a walk. In
the sunshine.
------------------------------
Date: Tue, 30 Apr 2019 22:40:14 +0100
From: Toby Douglass <
risks@winterflaw.net>
Subject: Re: Is curing patients, a sustainable business model? (Ward, R-31.21)
An increase in demand, all other things being equal, in a free market, leads
to an increase in price. I may be wrong, and I certainly am not looking to
put words in your mouth so you must correct me if I am mistaken, but I think perhaps what you may have in mind is that you expect, when demand increases, for supply to increase, and so for prices not to soar.
from $0.92 a dose ten years ago up to $15.00 a dose. Why is
this? Google "Opioid Crisis" for the answer.
Given an increase in demand, in a free market, supply should increase.
Although I may be wrong, when this does not happen, I always or almost
always find it is due to a lack of competition, and that lack usually comes from State regulation. For example, why are there only a few big pharmaceutical companies? I may be wrong, but I think the answer is that regulation has led to enormous barriers to enter that market. New entry is basically impossible.
Drug companies in the US spend tens of billions a year advertising drugs:
how does this help anyone's health? The USA has some of the highest levels of anxiety and depression in the world:
I suspect those living in repressive or violent countries, such as Venezuela
or Ethiopia, or those countries where mass poverty leads hundreds of
millions to live on one or two dollars a day, have a great deal more on
their plates.
It may be you have in mind *of comparable countries*, so first world Western countries. In this case, perhaps we are comparing on a scale of 1 to 100 a range which goes from say 10 to 15, with the USA at 15 and Venezuela at say
80. I don't know, though, since I've never seen a study investigating this matter and so I've no idea how the research would be done, and so if it is credible.
Finally, I would point out that happiness and unhappiness are not absolutes. People can be happy for the wrong reasons, and it would be better if they
were unhappy, but living with their eyes open. I see some cultures where
the people are when growing up and when educated inculcated with a certain social uniformity, with certain sets of beliefs, and so they fit better into the societies in which they live (Japan comes to mind -- the recent case
where a girl with brown hair was instructed to dye her hair black so she
would fit in with the rest of the class). This is really properly
tantamount to mild brainwashing, since the infants and children on the receiving end have no choice in the matter, and so that it makes them
happier as adults does not mean it is actually a good thing.
I am of the view the USA, of all countries I know, has the most
individualism.
not surprising when you consider that the purpose of advertising is to
make people more anxious and unhappy.
I may be wrong, but I find it hard to imagine advertising is so effective
that it is a primary factor in shaping the minds and characters of hundreds
of millions of people. I suspect there are larger factors at work in
people's lives, such as their health, income, job security and personal relationships with their family and partners.
Naturally, the drug companies are ready with a handful of pills to relieve the anxiety: followed by another handful to alleviate the side-effects
from the first lot! A happy, contented population would be terrible for
the drug companies bottom line: so must be averted at all costs.
I think you could say the same about any advertising. Car companies wish
for a population of people wholly unsatisfied with their current vehicle; a population happy with their current models would be a disaster! Cue demonic advertising to induce mass auto dissatisfaction.
MacDonald's, similarly, dreads a world where people are satisfied with
burgers from Burger King! cue massive advertising budgets to convince
people they desperately need a Big Mac.
I rather think most people have become very good at ignoring most
advertising.
A friend of mine once opined that advertising was a zero-sum game. If no
one advertised, it would be the same as if everyone was doing it -- so if we could all trust each other never to advertise, we could use all that money
for something else! the problem of course is that if even one company
begins to advertise, then all must, or their sales go through the floor.
Not sure if I agree or not, but it's interesting.
Attempts to introduce competition into the NHS have been a disaster and, rightly, resisted by the public.
Attempts to introduce competition into the Soviet economy were a disaster. However, attempts to run an economy (the Soviet economy again) without competition were also a disaster. It's entirely possible to fall between
two stools. If you have for example a centralized, command economy, and you attempt to introduce competition, it's a disaster. The two are not
compatible -- it's one or the other. However, if you try to run a large
system or economy as a centralized, command economy, you find out it's staggeringly inefficient and just doesn't work, so actually it's not one or
the other, it's competition only, because centralized control of any large system doesn't work as there are fundamental problems of incentives and information, to which no one has ever found a solution -- the Soviets
certainty didn't, and the UK hasn't in the NHS either. You pump more and
more money into these systems, for less and less output. (There are other problems too, such as a profound discouragement to technical innovation; you need to meet your targets, and the disruption from introducing new
technology only hinders this.)
How do you choose the people who are passionate about caring for others? Fortunately, they are largely self-selecting: you set up an organisation whose explicit purpose and top priority is caring for others. Pay enough
for a comfortable living, but not so much that you attract those who are "just in it for the money".
Whomever pays the money controls the organization, and it will, in the end,
be shaped to meet their needs. If the State is paying the money, it will be held responsible for the performance of the organization, and it will consequently want to control that organization; there is no way, ever, under any circumstances whatsoever, that the State will take a hands-off approach
and simply hand the money over. No State has ever done this, and no State
ever will.
When the State intervenes, it is unavoidable that control as it is from
on-high fails utterly, purely to the law of unintended consequences, where a simple system attempts to control a complex system, even without considering the incredible blunders and appalling choices political control always inflicts, in pursuit of populism, votes, pork-barrel politics or simply hair-brained schemes.
Finally, I must mention supply and demand and the pricing of wages for
medical staff. The economy is large and complex. There are a multitude of different professions. All of these will then be priced by the market,
except for medical care. What happens to the quantity and quality of the supply of medical staff if the "comfortable-living" wages chosen by the
State are lower, or much lower, or if they are higher, or much higher, than comparable wages in other professions for the same investment of training
and skill? you end up either with too many, perhaps far too many, or too
few, perhaps far too few, people wanting to be doctors.
Talking about people only coming into the profession because they care, I
mean, how does this respond to and meet the actual level of demand for
medical care? what if we actually *do* need to give people money to be doctors, so there are *enough* doctors? right now we live in a world with a massive shortage of doctors, because the supply of doctors is so tightly constrained by State regulation -- we find it hard to imagine a world where there could be a shortage of people actually *wanting* to become a doctor. However, if the pay for the profession is, compared to other choices, far
too low, it would be so. You cannot say "people would come because they
care" and then assume there would be enough people. There is no mechanism which links these two statements.
This then leads to the problem of getting the price right -- of manually emulating the mechanism which the free market provides. The State is
incapable of this, absolutely and totally, because there is too much information involved, and because of political meddling. This can be seen already in the UK, with the NHS. Nurses are paid the same, everywhere,
except for an increment if they live in London. Those nurses living in the North do well, where living costs are lower. Those living in the South, and
in London even with the increment, do badly and in the South, and in London, there is a chronic shortage of nursing staff and as such, heavy use of temporary staff. Teams which work together and know each other are more efficient, and morality rates in hospitals in the South and in London which heavily use temporary staff are consequently significantly higher -- people
are *dying* because of this -- and this has never been fixed, and will never
be fixed, because span-of-control problems dictate simple solutions.
The State cannot handle large number of different options, because it is impossible to process the data involved (let alone whether anyone actually *cares* enough to solve this problem, or get past bureaucratic inertia).
This is why the Soviets had collective farms; the system couldn't handle a
few million farms of the correct size, but it could handle 50,000 or so enormous farms (which were fabulously inefficient -- far too big and this in fact, along with general economic stagnation, ultimately led to the collapse
of the Soviet Union).
------------------------------
Date: Tue, 30 Apr 2019 21:44:01 -0700
From: Gene Wirchenko <
gene@shaw.ca>
Subject: "Bernie Sanders wants you to expose your friends, Facebook-style"
Chris Matyszczyk for Technically Incorrect | 30 Apr 2019
https://www.zdnet.com/article/bernie-sanders-wants-you-to-expose-your-friends-facebook-style/
The Democratic candidate launches an app that asks users to snitch on the political beliefs of family, friends, and even strangers.
[``even strangers'' is `even stranger'! ``odd strangers'' would
certainly be uneven. PGN]
------------------------------
Date: Mon, 14 Jan 2019 11:11:11 -0800
From:
RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<
http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also,
ftp://ftp.sri.com/risks for the current volume
or
ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones:
http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES:
http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
Special Offer to Join ACM for readers of the ACM RISKS Forum:
<
http://www.acm.org/joinacm1>
------------------------------
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)