[continued from previous message]
If a WWVB watch misses a Daylight Saving time adjustment it is not the fault
of WWVB, which distributes Coordinated Universal Time (UTC), not local time
and not DST. The rabbit hole starts with
https://www.iana.org/time-zones
Also, leap day technically occurs on February 24, not February 29. Search on `bissextile' for historical context. Perhaps only of interest to historians, but on the other hand little about the fundamental pinnings of calendars or timekeeping is coherently fixed in current international law.
For that matter, ``Old Style'' New Year's Day
was Lady Day, March 25. George Washington was born on February 11, 1731
O.S., which is February 22, 1732 N.S.
In short, any attempt to simplify analysis of dates and times will fail, certainly historically and likely into the future.
Rob Seaman, Lunar and Planetary Laboratory, University of Arizona
------------------------------
Date: Tue, 31 Mar 2020 11:49:18 -0400
From: Sami Saydjari <
ssaydjari@gmail.com>
Subject: Call for Cyberattack Use Cases
Peter and RISKS friends and colleagues:
* Request: Cyberattack use cases that include both technical detail on
how the attack succeeded, damages and impacts, and mitigations
* Constraint: Openly accessible on the Internet, non-proprietary, not
behind any paywall or sign-up wall
* Purpose: Collect and categorize for the purpose of sharing them back
to the community on an openly accessible website
SecuritySystemEngineering.Org, which I am now creating as a
professional community service.
* Examples: Wired's
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
* Contributions: Anyone with a good citation can send them to me
directly at
ssaydjari@gmail.com
* When: Now, and anytime in the future as you come across them
* Form: A link and a sentence about why you think it is a good
analysis to share with the community
* Background: Every expert I have asked has said about such a
repository has said, "Yeah, wow, there is no such repository.Â
Someone should create one."
Of course, I will cross-link to important related websites, cite RISKS,
etc. So, those sorts of pointers are welcome as well. In case anyone is interested, other sections I plan for the website include:
* Cybersecurity teaching modules that professors want to contribute to
"open content" that can be re-used by others
* Security System Engineering Standards, particularly as they related
to other system engineering standards
* Cybersecurity Design Patterns and Architectures for Reuse
* News feed on articles related security system engineering
* Worked Examples and Lessons Learned that can be shared
* Security System Engineering Conferences and Workshops
* Related Resources: books, websites, blogs
[I suggested to Sami the paper by Phil Porras, Hassen Saidi, and Vinod
Yegneswaran, An Analysis of Conficker, USENIX, which was carried out
through several iterations of Conficker, with excellent reverse
engineering. Perhaps you can suggest others to him directly. PGN]
------------------------------
Date: Sat, 21 Mar 2020 22:43:29 +0000
From: "Wendy M. Grossman" <
wendyg@cix.co.uk>
Subject: Re: What happens when Google loses your address? (RISKS-31.62)
For some years, one of London's major route maps, used by mini cab drivers
and lots of others (even black cabs, since where I live is not within the confines of The Knowledge), had my tiny street placed wrong. Cab drivers
could never find it, and despatchers typically did not pass on my
instructions (I guess they thought they knew better).
There is a much larger street nearby with a similar name (Road instead of Avenue), and cab drivers often went there, fruitlessly looking for my
number. I'm not sure what house he went to, but one 6am cabbie showed up at
my door. "I went to Xxxxx Road," he said. Then he handed over a pile of
paper. "They had your mail."
------------------------------
Date: 21 Mar 2020 18:26:20 -0400
From: John Levine <
johnl@iecc.com>
Subject: Re: 911 operators couldn't trace the location of a dying student's
phone. (Stein, RISKS-31.60)
[Roger that, John. Wonder if there should be a standardized 'soft'
GSM/CDMA emulation of h/w location discovery? If there was, it'd probably
be full of holes. Nothing like a keyed and registered GPS locater to
enable surveillance, I guess. RS]
They knew where he was from cell site data, but it is a big apartment block
and they couldn't find which apartment it was.
------------------------------
Date: Mon, 14 Jan 2019 11:11:11 -0800
From:
RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<
http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also,
ftp://ftp.sri.com/risks for the current volume
or
ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones:
http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES:
http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
Special Offer to Join ACM for readers of the ACM RISKS Forum:
<
http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 31.64
************************
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)