RISKS-LIST: Risks-Forum Digest Monday 8 April 2024 Volume 34 : Issue 15

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.15>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Weather Service radar, warning systems fail during severe storm
outbreak (WashPost)
No weather report? It helps if NOAA pays its electric (Bloomberg)
In 2018 crash, Tesla's Autopilot just followed the lane lines (WashPost)
APRA Privacy Legislation (WiReD)
Data brokers are gearing up to fight privacy bills (The Verge)
NIST Unveils New Consortium to Operate National Vulnerability (PGN)
Jon Stewart On The False Promises of AI (The Daily Show)
UK plots massive expansion of live facial recognition (Joseph Bambridge) Knocking cloud security off its game (ETH Zurich)
‘Reverse’ searches: The sneaky ways that police tap tech companies
for your private data (TechCrunch)
U.S. Police Warn Those Driving to Canada to Watch for Hidden AirTags
(Emily Price)
Demystifying privacy in Google Chrome and Mozilla Firefox (Apurvak)
Top Israeli spy chief exposes his true identity in online security lapse
(The Guardian)
Roku patent invents a way to show ads over anything you plug into your TV
(ArsTechnica)
Disney+ Password Sharing Crackdown to Start in June (MacRumors)
Teen Girls Confront an Epidemic of Deepfake Nudes in Schools (NYTimes)
How Tech Giants Cut Corners to Harvest Data for AI (NYTimes)
Elon Musk's X pushed a fake headline about Iran attacking Israel. X's AI
chatbot Grok made it up. (Mashable)
An AI app claims it can detect sexually transmitted infections. (LATimes) Google's passkey mess (Lauren Weinstein)
Re: Starlink Terminals (Charles Cazabon)
Re: Your boss could forward a mail message to you that show you text he
won't see, but you will (Jurek Kirakowski)
Re: The FTC is trying to help (Dmitri Mazziuk)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Mon, 8 Apr 2024 12:46:30 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Weather Service radar, warning systems fail during severe storm
outbreak (WashPost)

Weather Service radar, warning systems fail during severe storm outbreak

Tuesday's was not the first instance of such a network failure, but it was perhaps the most consequential in recent memory.

https://www.washingtonpost.com/weather/2024/04/02/weather-radar-warning-outa= ges-storm-outbreak/

------------------------------

Date: Mon, 8 Apr 2024 13:01:07 +0000 ()
From: danny burstein <dannyb@panix.com>
Subject: No weather report? It helps if NOAA pays its electric
bill... (Bloomberg)

Latest Disaster for National Weather Service: Paying Its Bills
Jack Fitzpatrick, Bloomberg

A Georgia airport lost access to weather data for pilots. A radio
transmitter vital to producing weather alerts for a tornado-prone part of Alabama went down. And two dozen National Weather Service employees were
left waiting months to be reimbursed for on the job expenses, including
travel to disaster areas.

It all stemmed from the rollout late last year of a new Commerce Department financial system, starting at the National Oceanic and Atmospheric Administration, that immediately stopped tens of millions of dollars worth
of invoices and reimbursements from being processed for payment. The fiasco, which hasn't been previously reported, has resulted in electric companies shutting off power to the agency's equipment for nonpayment in at least two cases that could have proven dangerous, if not for a lucky streak of good weather. [...] Those affected by the failures say they were lucky there wasn't severe weather when NOAA facilities were shut down and meteorologists were unable to travel.

They also credit good working relationships with local National Weather
Service officials in helping to quickly resolve the critical outages,
despite frustration with Commerce Department officials in Washington.

https://news.bgov.com/bloomberg-government-news/latest-disaster-for-national-weather-service-paying-its-bills

------------------------------

Date: Mon, 8 Apr 2024 12:53:18 -0400
From: Monty Solomon <monty@roscom.com>
Subject: In 2018 crash, Tesla's Autopilot just followed the lane lines
(WashPost)

Depositions in a civil case over a fatal 2018 crash -- set for trial this
week -- provide insights into how Tesla programmed its Autopilot software to follow lines on the road.

https://www.washingtonpost.com/technology/2024/04/07/tesla-autopilot-crash-t= rial/

[Follow your lines precisely, and everyone else will get out of your way?
But that may not work for two Teslas approaching each other, and certainly
not for other drivers who are under the influence. PGN]

------------------------------

Date: Mon, 8 Apr 2024 9:38:50 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: APRA Privacy Legislation

https://www.wired.com/story/apra-congress-online-privacy-proposal/

Congress may be closer than ever to passing a comprehensive data privacy framework after key House and Senate committee leaders released a new
proposal on Sunday.

The bipartisan proposal, titled the American Privacy Rights Act, or
APRA, would limit the types of consumer data that companies can
collect, retain, and use, allowing solely what they’d need to operate
their services. Users would also be allowed to opt out of targeted
advertising, and have the ability to view, correct, delete, and
download their data from online services. The proposal would also
create a national registry of data brokers, and force those companies
to allow users to opt out of having their data sold.

“This landmark legislation gives Americans the right to control where their information goes and who can sell it,” Cathy McMorris Rodgers, House Energy and Commerce Committee chair, said in a statement on Sunday. “It reins in
Big Tech by prohibiting them from tracking, predicting, and manipulating people’s behaviors for profit without their knowledge and consent. Americans overwhelmingly want these rights, and they are looking to us, their elected representatives, to act.”

[See also Lawmakers unveil sprawling plan to expand online privacy
protections: Sen. Maria Cantwell (D-Wash.) and Rep. Cathy McMorris Rodgers
(R-Wash.) announced a major breakthrough in the decades-long fight to
address online privacy. https://www.washingtonpost.com/technology/2024/04/07/congress-privacy-deal-cantwell-rodgers/
PGN]

------------------------------

From: Monty Solomon <monty@roscom.com>
Date: Sun, 7 Apr 2024 22:11:25 -0400
Subject: Data brokers are gearing up to fight privacy bills

https://www.theverge.com/2024/4/5/24122079/data-brokers-fisa-extension-nsa-section-702-surveillance-lexis-nexis

------------------------------

Date: Mon, 8 Apr 2024 10:33:48 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: NIST Unveils New Consortium to Operate National Vulnerability
Database (Kevin Poireault)

[The existing NIST/MITRE CVE repository should now have grown to
more than 200,000 CVE common vulerabilities (Wow!), but has
apparently not been updated with the huge backlog of new CVEs. It
is really depressing that the industry is not able to develop new
systems without continually adding so many new CVEs. PGN]

Kevin Poireault, Infosecurity Magazine
[Remember his namesake, Air-cool Poirot?]

It’s now official: the US National Institute of Standards and
Technology (NIST) will unveil an industry consortium to help it run
the world’s most widely used software vulnerability repository.

NIST, an agency within the US Department of Commerce, launched the US National Vulnerability Database (NVD) in 2005 and has operated it ever since.

This situation was expected to change, with vetted organizations
helping the agency from as soon as the beginning of April 2024.

The NVD program manager, Tanya Brewer, made the official announcement
during VulnCon, a cybersecurity conference hosted by the Forum of
Incident Response and Security Teams (FIRST) and held in Raleigh,
North Carolina, from March 25 to 27, 2024.

The news came after weeks of speculation over a possible shutdown of the NVD.

NIST Halted CVE Enrichment in February 2024 In early March, many
security researchers noticed a significant drop in vulnerability
enrichment data uploads on the NVD website that had started in
mid-February.

According to its own data, NIST has analyzed only 199 Common
Vulnerabilities and Exposures (CVEs) out of the 2957 it has received
so far in March.

In total, over 4000 CVEs have not been analyzed since mid-February.

Since the NVD is the most comprehensive vulnerability database in the
world, many companies rely on it to deploy updates and patches.

If such issues are not resolved quickly, they could significantly impact the security researcher community and organizations worldwide.

Speaking to Infosecurity, Tom Pace, CEO of firmware security provider
NetRise, explained: “It means that you’re asking the entire
cybersecurity community, overnight, to somehow go figure out what
vulnerability is in what operating system, software package,
application, firmware, or device. It’s a totally impossible, untenable task!”

Dan Lorenc, co-founder and CEO of software security provider
Chainguard, called the incident a *massive issue*.

``We are now relying on industry alerts and social media to ensure we
triage CVEs as quickly as possible,'' he told Infosecurity.

“Scanners, analyzers, and most vulnerability tools rely on the NVD to determine what software is affected by which vulnerabilities,” Lorenc
added. “If organizations cannot triage vulnerabilities effectively, it
opens them up to increased risk and leaves a significant gap in their vulnerability management posture.”

To stay operational amidst the NVD backlog, several security
companies, such as VulnCheck, Anchore and RiskHorizon AI, started
working on projects that could provide an alternative to some parts of vulnerability disclosure traditionally provided in the NVD.

This episode coincided with the release of the latest revision of the
Federal Risk and Authorization Management Program (FedRAMP Rev. 5), a
US federal law requiring any company that wants to do business with
the federal government to use the NVD as a source of truth and
remediate all known vulnerabilities inside it.

------------------------------

Date: Mon, 8 Apr 2024 09:54:08 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Jon Stewart On The False Promises of AI (The Daily Show)

https://www.youtube.com/watch?v=20TAkcy3aBY

Jon Stewart tackles the AI revolution and how its creators are promising a better future while building technology to make human workers obsolete.

------------------------------

Date: Mon, 8 Apr 2024 9:26:29 PDT
From: Peter G Neumann <Peter.Neumann@SRI.COM>
Subject: UK plots massive expansion of live facial recognition
(Joseph Bambridge)

Joseph Bambridge, 8 Apr 2024

LONDON -- Low-level criminals in England and Wales could be tracked down
using facial recognition technology, the government has said, as it
confirmed plans for a massive expansion in police use of the technology.

Live facial recognition (LFR), which uses artificial intelligence-powered cameras to identify faces in large crowds from a “watchlist,” has been deployed by police forces in England and Wales at events including football matches, concerts and the King’s Coronation, as well as in busy urban areas.

In a response to a parliamentary inquiry, the Home Office said on Monday
that LFR had already helped identify people wanted for “serious crimes” including rape, grievous bodily harm and robbery.

The government is “committed to empowering the police to use the tools and technology they need, and the public expects them to use … to solve and prevent crimes, bring offenders to justice, and maintain public safety,” the Home Office added.

It simultaneously rejected concerns from the inquiry, managed by the House
of Lords’ justice and home affairs committee, that the technology is being encouraged despite an “absence of a foundation in law” and “without proper
scrutiny and accountability.”

Instead, it said there are already “numerous safeguards” in place over how the technology is used. It also dismissed the committee’s concern that the U.K. is falling behind “other democratic states” in regulating the potentially invasive tech.

“The UK is leading the way in the use of LFR in a clear and transparent way,” the government said. “The government has a duty to keep the country safe by equipping the police with the powers and tools they need.”

Heading off criticism [...]

Full steam ahead [...]

[This article seems to have disappeared from the WWWeb.
Too truthful? PGN]

------------------------------

Date: Sun, 7 Apr 2024 01:55:27 +0000
From: Victor Miller <victorsmiller@gmail.com>
Subject: Knocking cloud security off its game (ETH Zurich)

https://ethz.ch/en/news-and-events/eth-news/news/2024/04/knocking-cloud-security-off-its-game.html

Public cloud services employ special security technologies. Computer
scientists at ETH Zurich have now discovered a gap in the latest security mechanisms used by AMD and Intel chips. This affects major cloud pr

------------------------------

Date: Sun, 7 Apr 2024 10:53:09 -0400
From: Monty Solomon <monty@roscom.com>
Subject: ‘Reverse’ searches: The sneaky ways that police tap tech companies
for your private data

How police cast digital dragnets over tech companies' vast banks of user
data

https://techcrunch.com/2024/04/02/reverse-searches-police-tap-tech-companies-private-data/

------------------------------

Date: Mon, 8 Apr 2024 11:58:51 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: U.S. Police Warn Those Driving to Canada to Watch for Hidden
AirTags (Emily Price)

Emily Price, *PC Magazine*, 30 Mar 2024, via ACM TechNews,

Law enforcement officials in Vermont are warning residents to look for
hidden Apple AirTags in their vehicles after returning from road trips
to Canada. There has been an increase in the use of AirTags by
criminals in Montreal to track cars to steal and sell or to move drugs
over the border. Apple notifies iPhone users if it detects an unknown
AirTag and has released an app for Android users that allows them to
manually search for the trackers.

------------------------------

Date: Sat, 6 Apr 2024 23:27:30 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Demystifying privacy in Google Chrome and Mozilla Firefox
(Apurvak)

We evaluated private browsing modes in Chrome and Mozilla, analyzed and measured the effectiveness of the claims made by Google and Firefox. Our
main motive is to secure the local user from local attacker such that user’s private browsing experience does not leave any trace on the browser. so that when the browser is opened in public mode by anyone, our local user feels
safe. We also propose the notion of ideal private browsing from a browsing experience perspective. We tested the browser from a local user point of
view and found the leaks present during and after the browser was exited.
Our results suggest that the bookmarks, extensions or plugins and DNS cache leaks present a major threat to the security of the local user from a local attacker. We also studied and analyzed the disk usage and DNS cache leak by both browsers and found the conflict between privacy and performance. We also found that Firefox bookmarking policy has a serious leak which reveals the bookmarks of unvisited URLs that were added in private mode and
distinguishes them from those that were added in public mode. We also
propose two solutions to make bookmarking and plugins/extension more secure
so that they do not leave any explicit trail when private browsing is
exited. [...]

https://medium.com/@apurvak/demystifying-privacy-in-google-chrome-and-mozilla-firefox-9a651e977171

------------------------------

Date: Mon, 8 Apr 2024 17:24:42 +0300
From: Amos Shapir <amos083@gmail.com>
Subject: Top Israeli spy chief exposes his true identity in online
security lapse (Guardian)

The identity of the commander of a top-secret Israeli intelligence unit
8200, responsible for cybersecurity and cyberwarfare, has been a guarded
secret for decades. But in 2021 the brigadier general wrote a book under an assumed pen-name.

Guardian's journalists were able to follow a special Gmail account, set up specifically for publishing the book on Amazon, to the brigadier's personal account, where his real name was accessible.

Full story at: https://www.theguardian.com/world/2024/apr/05/top-israeli-spy-chief-exposes-his-true-identity-in-online-security-lapse

Naturally, I tried to google his Hebrew name, and found a link to his
personal profile page on another site. There was not much activity there,
except a message from the site's administrator, sent shortly after the
profile was established in 2006:

"Hello Yossi, I would like to draw your attention to the fact that your
user page is very public. It's possible that your personal details will
be misused, and that's a shame. For example, you will receive a lot of
junk mail"...

This profile's history (also exposed) showed some activity was in 2021
(about the time the book was published), and apparently the profile stayed
exposed until two days after the Guardian's exposure.

Is it possible that Israel's top cyber security officer is a bit security
illiterate about his own pages?

------------------------------

Date: Sun, 7 Apr 2024 23:15:17 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Roku patent invents a way to show ads over anything you plug
into your TV (ArsTechnica)

https://arstechnica.com/?p=2015217

------------------------------

From: Monty Solomon <monty@roscom.com>
Date: Sun, 7 Apr 2024 23:17:59 -0400
Subject: Disney+ Password Sharing Crackdown to Start in June
(MacRumors)

https://www.macrumors.com/2024/04/05/disney-plus-password-sharing-crackdown/

------------------------------

Date: Mon, 8 Apr 2024 13:44:43 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Teen Girls Confront an Epidemic of Deepfake Nudes in Schools
(NYTimes)

Using artificial intelligence, middle and high school students have
fabricated explicit images of female classmates and shared the doctored pictures.

https://www.nytimes.com/2024/04/08/technology/deepfake-ai-nudes-westfield-high-school.html

------------------------------

Date: Sat, 6 Apr 2024 22:35:00 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: How Tech Giants Cut Corners to Harvest Data for AI (NYTimes)

https://www.nytimes.com/2024/04/06/technology/tech-giants-harvest-data-artificial-intelligence.html

In late 2021, OpenAI faced a supply problem. The artificial intelligence
lab had exhausted every reservoir of reputable English-language text on the Internet as it developed its latest AIsystem. It needed more data to train
the next version of its technology -- lots more.

So OpenAI researchers created a speech recognition tool called Whisper. It could transcribe the audio from YouTube videos, yielding new conversational text that would make an A.I. system smarter.

Some OpenAI employees discussed how such a move might go against YouTube's rules, three people with knowledge of the conversations said. YouTube, which
is owned by Google, prohibits use of its videos for applications that are *independent* of the video platform.

Ultimately, an OpenAI team transcribed more than one million hours of
YouTube videos, the people said. The team included Greg Brockman, OpenAI's president, who personally helped collect the videos, two of the people
said. The texts were then fed into a system called GPT-4, which was widely considered one of the world's most powerful AI models and was the basis of
the latest version of the ChatGPT chatbot.

------------------------------

Date: Mon, 8 Apr 2024 06:27:49 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Elon Musk's X pushed a fake headline about Iran attacking
Israel. X's AI chatbot Grok made it up.

Elon Musk's AI chatbot Grok spread fake news on X which was then
promoted by the platform.

https://mashable.com/article/elon-musk-x-twitter-ai-chatbot-grok-fake-news-trending-explore

------------------------------

Date: Sun, 7 Apr 2024 06:42:47 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: An AI app claims it can detect sexually transmitted infections.
Doctors say it's a disaster (Calmara)

Can Calmara AI app really detect infections in sex partners? - Los
Angeles Times

Late last month, the San Francisco-based startup HeHealth announced tq he launch of Calmara.ai <https://www.calmara.ai/>, a cheerful, emoji-laden
website the company describes as “your tech savvy BFF for STI checks.”

The concept is simple. A user concerned about their partner’s sexual health status just snaps a photo (with consent, the service notes) of the partner’s penis (the only part of the human body the software is trained to recognize) and uploads it to Calmara.

In seconds, the site scans the image and returns one of two messages:
“Clear! No visible signs of STIs spotted for now” or “Hold!!! We spotted something sus.”

Calmara describes the free service as “the next best thing to a lab test for a quick check,” powered by artificial intelligence with “up to 94.4% accuracy rate” (though finer print on the site clarifies its actual performance is “65% to 96% across various conditions.”)

Since its debut, privacy and public health experts have pointed with alarm
to a number of significant oversights <https://insights.priva.cat/p/privacy-clusterfucks-a-depressingly> in Calmara’s design, such as its flimsy consent verification <https://epic.org/forbes-an-ai-app-claiming-to-detect-stis-from-photos-of-genitals-is-a-privacy-disaster/>,
its potential to receive child pornography and an over-reliance on images to screen for conditions that are often invisible.

But even as a rudimentary screening tool for visual signs of sexually transmitted infections in one specific human organ, tests of Calmara showed
the service to be inaccurate, unreliable and prone to the same kind of stigmatizing information its parent company says it wants to combat. [...]

https://www.latimes.com/science/story/2024-04-07/calmara-claims-it-can-detect-stis-doctors-say-its-a-disaster

------------------------------

Date: Sun, 7 Apr 2024 14:54:23 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Google's passkey mess

Google's poorly designed passkey implementation continues to cause
problems. I have chosen not to use passkeys, and have not enabled them
on any sites or devices. Notwithstanding this, some sites still
trigger passkey-related device chooser functions in the Chrome
browser. Today this caused me to have to retry logging in to an
important site over 10 times, because Google's passkey push was
interfering with my ability to use my FIDO security key as my chosen
second factor. This was intensely annoying and a terrible user
experience. Thanks a bunch, Google. -L

------------------------------

Date: Sat, 6 Apr 2024 21:16:44 -0600
From: Charles Cazabon <charlesc-risksdigest@pyropus.ca>
Subject: Re: Starlink Terminals (Shapir, RISKS-34.14)

SpaceX's statement that they can "geolocate and turn off individual
terminals when it detects illegal use" -- and yet they haven't turned off many suspicious links, may indicate that Musk may be collaborating with
such moves.

Not to defend Musk, but if this is happening it could also be a matter of compulsion rather than collaboration. Your U.S. security services are big
fans of compelling such "cooperation" from companies while also handing out court orders forbidding them from saying anything about it.

------------------------------

Date: Sun, 7 Apr 2024 14:25:15 +0100
From: Jurek Kirakowski <jzk@uxp.ie>
Subject: Re: Your boss could forward a mail message to you that
show you text he won't see, but you will (Kuenning, RISKS-34.14)

Well said, Geoff Kuenning.

I have lectured till ... about the dangers of reading emails in any other format than plain text (headers included.) CTRL-U in Thunderbird, a bit more complicated in some other email clients.

I have two fairly simple programs that assist:

1. a decoder from base-64 to plaintext
2. a stripper of html tags.

Prototypes of both may be found on the Internet but they require a little coding to create safe versions for your computer which work the way you want them to. (1) works pretty effortlessly and (2) is a bit off and on but it allows me to get the gist of what the email is trying to say in a quick eye scan. I suppose (2) could be improved by just deleting any html tags that
refer the browser to external URIs. Or there may be a decent formatter of
html code one could adapt?

I never render further any base64-encoded segment that reveals itself as an image. That's just plain silly.

I wonder if there are any old email hands with better, more up-to-date solutions to combat these risks.

And of course, plain text for sending always "rules." God bless RISKS.

[Jurek, Thanks]

------------------------------

Date: Sun, 7 Apr 2024 11:06:39 -0500
From: Dmitri Maziuk <dmitri.maziuk@gmail.com>
Subject: Re: The FTC is trying to help (Bacher, RISKS-34.14)

... they're trying to outlaw fraudulent email sender addresses

... and if they succeed, only the outlaws will have fraudulent email sender addresses.

I'm sure that sentence wasn't intended to mean what it actually says, but it does win The Internet for today nonetheless.

------------------------------

Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 34.15
************************

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)