1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 31.64 (3/3)

    From RISKS List Owner@21:1/5 to All on Wed Apr 1 08:35:53 2020
    [continued from previous message]

    If a WWVB watch misses a Daylight Saving time adjustment it is not the fault
    of WWVB, which distributes Coordinated Universal Time (UTC), not local time
    and not DST. The rabbit hole starts with https://www.iana.org/time-zones

    Also, leap day technically occurs on February 24, not February 29. Search on `bissextile' for historical context. Perhaps only of interest to historians, but on the other hand little about the fundamental pinnings of calendars or timekeeping is coherently fixed in current international law.

    For that matter, ``Old Style'' New Year's Day
    was Lady Day, March 25. George Washington was born on February 11, 1731
    O.S., which is February 22, 1732 N.S.

    In short, any attempt to simplify analysis of dates and times will fail, certainly historically and likely into the future.

    Rob Seaman, Lunar and Planetary Laboratory, University of Arizona

    ------------------------------

    Date: Tue, 31 Mar 2020 11:49:18 -0400
    From: Sami Saydjari <ssaydjari@gmail.com>
    Subject: Call for Cyberattack Use Cases

    Peter and RISKS friends and colleagues:

    * Request: Cyberattack use cases that include both technical detail on
    how the attack succeeded, damages and impacts, and mitigations
    * Constraint: Openly accessible on the Internet, non-proprietary, not
    behind any paywall or sign-up wall
    * Purpose: Collect and categorize for the purpose of sharing them back
    to the community on an openly accessible website
    SecuritySystemEngineering.Org, which I am now creating as a
    professional community service.
    * Examples: Wired's https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
    * Contributions: Anyone with a good citation can send them to me
    directly at ssaydjari@gmail.com
    * When: Now, and anytime in the future as you come across them
    * Form: A link and a sentence about why you think it is a good
    analysis to share with the community
    * Background: Every expert I have asked has said about such a
    repository has said, "Yeah, wow, there is no such repository. 
    Someone should create one."

    Of course, I will cross-link to important related websites, cite RISKS,
    etc.   So, those sorts of pointers are welcome as well. In case anyone is interested, other sections I plan for the website include:

    * Cybersecurity teaching modules that professors want to contribute to
    "open content" that can be re-used by others
    * Security System Engineering Standards, particularly as they related
    to other system engineering standards
    * Cybersecurity Design Patterns and Architectures for Reuse
    * News feed on articles related security system engineering
    * Worked Examples and Lessons Learned that can be shared
    * Security System Engineering Conferences and Workshops
    * Related Resources: books, websites, blogs

    [I suggested to Sami the paper by Phil Porras, Hassen Saidi, and Vinod
    Yegneswaran, An Analysis of Conficker, USENIX, which was carried out
    through several iterations of Conficker, with excellent reverse
    engineering. Perhaps you can suggest others to him directly. PGN]

    ------------------------------

    Date: Sat, 21 Mar 2020 22:43:29 +0000
    From: "Wendy M. Grossman" <wendyg@cix.co.uk>
    Subject: Re: What happens when Google loses your address? (RISKS-31.62)

    For some years, one of London's major route maps, used by mini cab drivers
    and lots of others (even black cabs, since where I live is not within the confines of The Knowledge), had my tiny street placed wrong. Cab drivers
    could never find it, and despatchers typically did not pass on my
    instructions (I guess they thought they knew better).

    There is a much larger street nearby with a similar name (Road instead of Avenue), and cab drivers often went there, fruitlessly looking for my
    number. I'm not sure what house he went to, but one 6am cabbie showed up at
    my door. "I went to Xxxxx Road," he said. Then he handed over a pile of
    paper. "They had your mail."

    ------------------------------

    Date: 21 Mar 2020 18:26:20 -0400
    From: John Levine <johnl@iecc.com>
    Subject: Re: 911 operators couldn't trace the location of a dying student's
    phone. (Stein, RISKS-31.60)

    [Roger that, John. Wonder if there should be a standardized 'soft'
    GSM/CDMA emulation of h/w location discovery? If there was, it'd probably
    be full of holes. Nothing like a keyed and registered GPS locater to
    enable surveillance, I guess. RS]

    They knew where he was from cell site data, but it is a big apartment block
    and they couldn't find which apartment it was.

    ------------------------------

    Date: Mon, 14 Jan 2019 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
    Lindsay has also added to the Newcastle catless site a palmtop version
    of the most recent RISKS issue and a WAP version that works for many but
    not all telephones: http://catless.ncl.ac.uk/w/r
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 31.64
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)