20-Oct-2018  0:23:38-GMT,165138;000000000004
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 30.88

RISKS-LIST: Risks-Forum Digest  Tuesday 23 October 2018  Volume 30 : Issue 88

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/30.88>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Drivers Wildly Overestimate What 'Semiautonomous' Cars Can Do (WiReD)
Internet of Things (Don Wagner)
Toward Human-Understandable, Explainable AI (computer.org)
When AI Misjudgment Is Not an Accident (Scientific American)
Drink too much beer at a Dallas Cowboys game? Now a free robot-driven van
  will scoop you up afterward. (WashPost)
3D Printers Have Fingerprints, a Discovery That Could Help Trace
  3D-Printed Guns, Counterfeit Goods (University of Buffalo)
SSH Authentication Bug Opens Door If You Say You're Logged-In (ITProToday)
Hackers steal data of 75,000 users after Healthcare.gov FFE breach (ZDNet)
Disrupting cyberwar with open-source intelligence (HPE)
U.S. Begins First Cyberoperation Against Russia Aimed at Protecting
  Elections (NYTimes)
Twitter publishes dump of accounts tied to Russian, Iranian influence
  campaigns (Ars Technica)
Saudis' Image Makers: A Troll Army and a Twitter Insider (NYTimes)
Banks Adopt Military-Style Tactics to Fight Cybercrime (NYTimes)
IBM Proves a Quantum Computing Advantage Over Classical (Brian Wang)
Microsoft's problem isn't how often it updates Windows -- it's how it
  develops it (Ars Technica)
Susan Wojcicki on the EU's horrific Article 13 (Lauren Weinstein)
Now Apps Can Track You Even After You Uninstall Them (Bloomberg)
These Researchers Want to Send Smells Over the Internet (ieee.org)
Risks of voting systems (Stewart Fist)
Re: Election Security (John Levine, Paul Burke)
Re: Researcher finds simple way of backdooring Windows PCs and nobody
  notices for ten months (Keith Medcalf)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sat, 20 Oct 2018 23:01:23 -0400
From: Gabe Goldberg <g...@gabegold.com>
Subject: Drivers Wildly Overestimate What 'Semiautonomous' Cars Can Do
  (WiReD)

Cars are getting smarter and more capable. They're even starting to drive
themselves, a little. And they're becoming a cause of concern for European
and American safety agencies and groups. They're all for putting better tech
on the road, but automakers are selling systems like Tesla's Autopilot, or
Nissan's Pro Pilot Assist, with the implied promise that they'll make
driving easier and safer, and a new study is the latest to say that may not
always be the case. More worryingly, drivers think these systems are far
more capable than they really are.

https://www.wired.com/story/semi-autonomous-systems-safety-research-euro-ncap-thatcham/

------------------------------

Date: Sun, 21 Oct 2018 15:08:37 +0200
From: Zap Katakonk <zapkatakonk1943.6...@gmail.com>
Subject: Internet of Things

In the Wild West, a cowboy was a man who, if he had to go a mile north,
would walk two miles south to get a horse, so he could ride there. The IoT
appears to be a product of computer cowboys.

Don Wagner <http://donwagner.dk>

------------------------------

Date: Sat, 20 Oct 2018 20:26:36 +0800
From: Richard Stein <rmst...@ieee.org>
Subject: Toward Human-Understandable, Explainable AI (computer.org)

http://www.computer.org/csdl/mags/co/2018/09/index.html

Explainable AI (XAI), as defined by Hani Hagras, possesses these
characteristics:

"Transparency: We have a right to have decisions affecting us explained to
us in terms, formats, and languages we can understand.

"Causality: If we can learn a model from data, can this model provide us
with not only correct inferences but also some explanation for the
underlying phenomena?

"Bias: How can we ensure that the AI system has not learned a biased view of
the world based on shortcomings of the training data or objective function?

"Fairness: If decisions are made based on an AI system, can we verify that
they were made fairly?

"Safety: Can we gain confidence in the reliability of our AI system without
an explanation of how it reaches conclusions?"

These XAI characteristics, if demonstrably deterministic, can aid triage and
reconstruction of an AI platform's processing activities. A platform's XAI
compliance certification may deter and preclude worst-case, post-deployment
consequences.

AI platform publishers can serve public health and welfare by demonstrating
XAI characteristics prior to deployment. A public service that operates a
compliance simulation can enhance public safety, and reinforce social trust
for AI.  XAI certification might be used as a selling point, similar to a
label from the Underwriters Laboratory or a Consumer Reports ranking.

Autonomous vehicles (AVs) exemplify AI platforms. They promote and aspire to
embody safety capabilities that outperform carbon-based drivers, at least
per NHTSA statistics. Unless operation and failure modes can be simply
explained, AVs will remain a technological eight-ball. XAI characterization
affords one means to educate a skeptical public. But AV manufacturers must
proactively and transparently disclose traffic accident initiators and
processing sequences.

Attorneys will find it difficult to argue that Robocar-5 "LiDAR image
Bayesian decision anomaly suppression logic" is safer than a distracted or
inebriated carbon-based driver.

Given the tarnished reputation acquired from prior incidents, AV
manufacturers have become taciturn. See
https://www.washingtonpost.com/technology/the-switch/shaken-by-hype-self-driving-leaders-adopt-new-strategy-shutting-up/2018/10/18/87bbb99a-91f7-42ec-9b9b-e0cb36ae6be8_story.html

XAI compliance may be their best hope, and last chance, to rehabilitate
their image.

------------------------------

Date: Sat, 20 Oct 2018 20:29:48 +0800
From: Richard Stein <rmst...@ieee.org>
Subject: When AI Misjudgment Is Not an Accident (Scientific American)

https://blogs.scientificamerican.com/observations/when-ai-misjudgment-is-not-an-accident/

"Injecting deliberate bias into algorithmic decision-making could be
devastatingly simple and effective. This might involve replicating or
accelerating pre-existing factors that produce bias. Many algorithms are
already fed biased data. Attackers could continue to use such data sets to
train algorithms, with foreknowledge of the bias they contained. The
plausible deniability this would enable is what makes these attacks so
insidious and potentially effective. Attackers would surf the waves of
attention trained on bias in the tech industry, exacerbating polarization
around issues of diversity and inclusion.

"The idea of 'poisoning' algorithms by tampering with training data is not
wholly novel. Top U.S. intelligence officials have warned that cyber
attackers may stealthily access and then alter data to compromise its
integrity. Proving malicious intent would be a significant challenge to
address and therefore to deter."

Risk: AI-generated, published content that incites widespread civil unrest,
or financial catastrophe.

------------------------------

Date: Sun, 21 Oct 2018 16:06:21 +0800
From: Richard Stein <rmst...@ieee.org>
Subject: Drink too much beer at a Dallas Cowboys game? Now a free
  robot-driven van will scoop you up afterward. (WashPost)

https://www.washingtonpost.com/technology/2018/10/20/drink-too-much-beer-dallas-cowboys-game-now-free-robot-driven-van-will-scoop-you-up-afterward

"Drive.ai has attempted to distinguish itself by prioritizing
'recognizability over beauty,' giving its Nissan vehicles bright orange
paint jobs that are designed to grab the attention of pedestrians and
drivers, according to company officials.

"The vehicles operate along fixed routes, include human backup drivers and
travel up to 35 mph. They also include exterior panels with messages -- such
as 'waiting for you to cross' -- to take the place of a human driver making
eye contact or gesturing with a pedestrian at a crosswalk, for example. At
some point, the CEO said, backup drivers will be removed and the vehicles
will operate autonomously."

------------------------------

Date: Fri, 19 Oct 2018 12:16:57 -0400
From: ACM TechNews <technews-edi...@acm.org>
Subject: 3D Printers Have Fingerprints, a Discovery That Could Help Trace
  3D-Printed Guns, Counterfeit Goods (University of Buffalo)

UB News Center, 16 Oct 2018, via ACM TechNews, 19 Oct 2018

University at Buffalo researchers have outlined the first accurate technique
for tracing a three-dimensionally (3D)-printed object to the machine that
produced it, which they think could help law enforcement and intelligence
agencies track the origin of 3D-printed firearms and counterfeit products.
The PrinTracker method identifies the unique signatures of 3D printers by
reading the tiny imperfections within the in-fill patterns they produce in
printed objects. The team created a set of keys from 14 common printers,
then generated digital images of each key. Each image was filtered to
characterize the in-fill pattern, then an algorithm aligned and calculated
each key's variations to confirm the printer signature's authenticity;
PrinTracker matched each key to its originating printer with 99.8% accuracy.
PrinTracker was presented this week at the ACM Conference on Computer and
Communications Security (ACM CCS 2018) in Toronto, Canada.

https://orange.hosting.lsoft.com/trk/click%3Fref%3Dznwrbbrs9_6-1ccf3x217f1ax069069%26

------------------------------

Date: Sat, 20 Oct 2018 23:17:23 -0400
From: Gabe Goldberg <g...@gabegold.com>
Subject: SSH Authentication Bug Opens Door If You Say You're Logged-In
  (ITProToday)

https://www.itprotoday.com/data-security-encryption/ssh-authentication-bug-opens-door-if-you-say-youre-logged

------------------------------

Date: Mon, 22 Oct 2018 10:09:46 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Hackers steal data of 75,000 users after Healthcare.gov FFE breach
  (ZDNet)

https://www.zdnet.com/article/hackers-steal-data-of-75000-users-after-healthcare-gov-ffe-breach/

------------------------------

Date: Sat, 20 Oct 2018 23:20:56 -0400
From: Gabe Goldberg <g...@gabegold.com>
Subject: Disrupting cyberwar with open-source intelligence (HPE)

When invaders turned the digital information space into a battlefield,
citizen volunteers innovated a new kind of combat. Ukrainian activists are
working on the front lines to fight information aggression.

For better or for worse, warfare drives technology innovation. World War I
turned the airplane from a rickety contraption into an essential force in
battlefield dominance; World War II brought us jet planes, radar, and atom
bombs. Today, attacks come through the Internet, not from the sky -- and so
do the responses.

The cyberattack offensive that Russia launched in Ukraine in 2014 introduced
a new doctrine, hybrid warfare, that blends special-forces military action,
sophisticated propaganda, social media manipulation, and hacking. And the
resistance is coming from volunteers who work together.

https://www.hpe.com/us/en/insights/articles/disrupting-cyberwar-with-open-source-intelligence-1810.html

------------------------------

Date: Tue, 23 Oct 2018 09:43:54 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: U.S. Begins First Cyberoperation Against Russia Aimed at Protecting
  Elections (NYTimes)

https://www.nytimes.com/2018/10/23/us/politics/russian-hacking-usa-cyber-command.html

American operatives are messaging Russians working on disinformation
campaigns to let them know they've been identified. It's a measured step to
keep Moscow from escalating.

------------------------------

Date: Mon, 22 Oct 2018 10:51:34 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Twitter publishes dump of accounts tied to Russian, Iranian
  influence campaigns (Ars Technica)

Archive for researchers provides picture of Internet Research Agency's
influence ops.

https://arstechnica.com/tech-policy/2018/10/twitter-publishes-dump-of-accounts-tied-to-russian-iranian-influence-campaigns/

------------------------------

Date: Mon, 22 Oct 2018 10:39:03 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Saudis' Image Makers: A Troll Army and a Twitter Insider (NYTimes)

The kingdom silences dissent online by sending operatives to swarm critics.
It also recruited a Twitter employee suspected of spying on users,
interviews show.

https://www.nytimes.com/2018/10/20/us/politics/saudi-image-campaign-twitter.html

------------------------------

Date: Mon, 22 Oct 2018 16:50:22 -0400
From: Gabe Goldberg <g...@gabegold.com>
Subject: Banks Adopt Military-Style Tactics to Fight Cybercrime (NYTimes)

Like many cybersecurity bunkers, IBM's foxhole has deliberately theatrical
touches. Whiteboards and giant monitors fill nearly every wall, with
graphics that can be manipulated by touch.

``You can't have a fusion center unless you have really cool TVs,'' quipped
Lawrence Zelvin, a former Homeland Security official who is now Citigroup's
global cybersecurity head, at a recent cybercrime conference. ``It's even
better if they do something when you touch them.  It doesn't matter what
they do. Just something.''

Security pros mockingly refer to such eye candy as `pew pew' maps, an
onomatopoeia for the noise of laser guns in 1980s movies and video
arcades. They are especially useful, executives concede, to put on display
when V.I.P.s or board members stop by for a tour. Two popular `pew pew' maps
are from FireEye and the defunct security vendor Norse, whose video
game-like maps show laser beams zapping across the globe.  Norse went out of
business two years ago, and no one is sure what data the map is based on,
but everyone agrees that it looks cool.

https://www.nytimes.com/2018/05/20/business/banks-cyber-security-military.html

Of course, a comment on the article has the solution:

BLOCKCHAIN Software guarantees a valid trail of corrupted files, preserving
the data. I wonder how long it will be until even that system is
defeated. What BlockChain software the power is its distributive system,
meaning that the data is stored in multiple private computers.  Whether that
system meets legal requirements for privacy is another question. But the
logic is clear: if data is distributed according to a randomizing algorithm,
that makes it a lot more complicated for intruders to be able to follow data
and to corrupt the system to a point where it shuts down. Or worse, becomes
subject to malware that results in ransom or other maneuvers of financial
plundering. it is, no doubt, the bane of our digital world that the
vulnerabilities are incomprehensible to the lay person and difficult if not
impossible for the experts to protect fully. Things may not be at the point
where investors are advised to purchase gold and hide under a mattress. But
we may well be headed in that direction.

------------------------------

Date: Fri, 19 Oct 2018 12:16:57 -0400
From: ACM TechNews <technews-edi...@acm.org>
Subject: IBM Proves a Quantum Computing Advantage Over Classical
  (Brian Wang)

Brian Wang, Next Big Future, 18 Oct 2018, via ACM TechNews, 19 Oct 2018

IBM researchers have mathematically validated certain problems that require
only a fixed circuit depth when performed on a quantum computer regardless
of how the number of quantum bits used for inputs increase; these same
problems require larger circuit depths on classical computers. The proof is
that there will be problems that can only be executed on quantum systems,
and others which can be conducted much faster on quantum computers. The
research proves fault-tolerant quantum computers will do some tasks better
than classical computers, and offers guidance on how to further current
technology to leverage this as rapidly as possible. This marks the first
demonstration of unconditional partitioning between quantum and classical
algorithms. In practical terms, short-depth circuits are part of the
deployments of algorithms, so this result does not specifically state how
and where quantum computers might be better options for particular business
problems.

https://orange.hosting.lsoft.com/trk/click%3Fref%3Dznwrbbrs9_6-1ccf3x217f19x069069%26

------------------------------

Date: Mon, 22 Oct 2018 10:45:04 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Microsoft's problem isn't how often it updates Windows -- it's how it
  develops it (Ars Technica)

Buggy updates point at deeper problems.

https://arstechnica.com/gadgets/2018/10/microsofts-problem-isnt-shipping-windows-updates-its-developing-them/

------------------------------

Date: Mon, 22 Oct 2018 09:25:34 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Susan Wojcicki on the EU's horrific Article 13

[I agree with Susan]

A Final Update on Our Priorities for 2018
https://youtube-creators.googleblog.com/2018/10/a-final-update-on-our-priorities-for.html

  Article 13 as written threatens to shut down the ability of millions of
  people -- from creators like you to everyday users -- to upload content to
  platforms like YouTube.  And it threatens to block users in the EU from
  viewing content that is already live on the channels of creators
  everywhere.  This includes YouTube's incredible video library of
  educational content, such as language classes, physics tutorials and other
  how-tos.  This legislation poses a threat to both your livelihood and
  your ability to share your voice with the world. And, if implemented as
  proposed, Article 13 threatens hundreds of thousands of jobs, European
  creators, businesses, artists and everyone they employ. The proposal could
  force platforms, like YouTube, to allow only content from a small number
  of large companies.  It would be too risky for platforms to host content
  from smaller original content creators, because the platforms would now be
  directly liable for that content.

I agree 100% with Susan regarding the EU's horrific Article 13 and the
immense damage that it would do, particularly to smaller creators.

------------------------------

From: "Dave Farber" <far...@gmail.com>
Date: Tue, 23 Oct 2018 09:04:20 +0900
Subject: Now Apps Can Track You Even After You Uninstall Them (Bloomberg)

https://www.bloomberg.com/news/articles/2018-10-22/now-apps-can-track-you-even-after-you-uninstall-them

------------------------------

Date: Sun, 21 Oct 2018 15:29:24 +0800
From: Richard Stein <rmst...@ieee.org>
Subject: These Researchers Want to Send Smells Over the Internet (ieee.org)

https://spectrum.ieee.org/the-human-os/biomedical/devices/these-researchers-want-to-send-smells-over-the-internet

Risk: Scent molecules trigger an allergic reaction or are
accidentally/intentionally blended into a poisonous vapor.

The IoT evolves into the IoA -- Internet of Aromas; IoO -- Internet of
Odors.

"The Emperor of Scent" by Chandler Burr discusses Luca Turin's theory of how
the human nose scent glands apply inelastic electron tunneling to
distinguish aromas.

  [See RISKS-28.78 for *Scent Received, With a Tap of a Smartphone*,
  Smell-o-Vision, Scent of Mystery, and Smell-O-Phones.  The nose knows, and
  the nos have it?  An aye for an aye!  Say Neigh to the Internet of
  Thinks Stinks?  PGN]

------------------------------

Date: Sat, 20 Oct 2018 16:42:41 +1100
From: Stewart Fist <stewart_f...@optusnet.com.au>
Subject: Risks of voting systems

Australians are endlessly fascinated by correspondence and articles about
the failures and fiddles associated with the US voting system.  We have
always believed a stable and trustworthy system of ballots to be fundamental
to democracy, and we wonder why Americans don't to reform the whole system.

Australia has a preferential ballot system, and what is erroneously called
*compulsory voting*.

No one has to vote, because we also have secret ballots (we claim to have
invented them). So if you write obscenities on the paper or leave it
unmarked, then no one will be the wiser.

However you do need to attend a local booth on the day of the election and
have your name crossed on the electoral roll, and you might get a small fine
if you don't vote and don't have a legitimate excuse why you didn't perform
this basic civil duty.

My American friends see this as a draconian infringement on their human
rights.  Yet (by comparison) as Rob Slade (Jury Duty, 19 Oct) points out,
his civic jury duty for a trial is likely to last 3 months - for those too
*stupid* not to get themselves disqualified.

So the argument about infringement on rights is trivial to the point of
ridiculous.  In my long life-time, jury duties and Vietnam War/National
Service conscription have been greater impositions than fifteen minutes
spent every few years to vote.

Security comes from the universality of enrollment.  Australia rarely has
more than trivial voting scandals because it is almost impossible to
manipulate the system without it becoming glaringly obvious.

So citizens don't need to have identification when they vote; no one ever
gets scrubbed from the rolls.  There are no disputes to hold up the voting
queues, and you can cast a vote in a distant electoral district if you are
away from home.

Voting machines are unnecessary also because many people can vote at the
time (which saves millions of dollars). We just put numbers alongside the
names on the ballot paper and most Australians can count from 1 to 5.  Local
scrutineers (who are aligned with the candidates) watch while the count is
tallied after the close of voting.

The system is designed to keep it simple, keep technology at a distance, and
have every citizen involved in making the final decision.  You register to
vote once when you come of age, and that is it -- unless you change
addresses (or names when women get married).

Preferential voting also produces an outcome more aligned to the will of the
local electorate, and it has the additional benefit of diminishing the
over-riding power of the two major political parties. Preference voting
encourages independent candidates to enter the political conversation and
add their weight to the discussion.

American will always have problems with the current US voting systems, and
its about time that people faced up to that and looked at alternatives.

Stewart Fist, 70 Middle Harbour Rd, LINDFIELD NSW 2070

------------------------------

Date: 21 Oct 2018 23:48:58 +0200
From: "John Levine" <jo...@iecc.com>
Subject: Re: Election Security (Burke on Zetter, RISKS-30.87)

> ...Paper ballots and better security for election machines. Fine, but not
> a solution.  Counting millions of paper ballots in thousands of locations
> is not secure or affordable.

That is clearly false, since we conducted elections with hand counted paper
ballots in thousands of locations for centuries.  Canada still does.

The ballot counting machines we use in New York count the ballots as the
voters put them in the machine.  I assume that after the polls close, they
can lock the machine, read the totals, and call them in to get the tentative
results.  There are procedures for sealing the machines, delivering the
ballots, and so forth which I used to know when I was an election official,
but have since forgotten.

I realize this may come as a surprise for people expecting instant
gratification, but there is no need to report the results of an election
quickly.  I used to live in Cambridge MA where we used paper ballots to do
single transferrable vote elections for city council and school committee.
After the polls closed, they took the ballots to the high school gym where
they counted them with observers and challenges.  It took about a week,
which was no problem at all since that still left plenty of time before the
winners were certified and the new boards seated a month and a half later.

------------------------------

Date: Sun, 21 Oct 2018 19:09:59 -0400
From: Paul Burke <box1...@gmail.com>
Subject: Re: Election Security (Levine, RISKS-30.88)

I think John Levine sees the need for independently checking paper ballots.
The story of Cambridge and other places shows that hand-checking is
expensive.  The US has 100 to 140 million long ballots to count, and a
history of shenanigans. Canadian voters typically vote on one contest during
each election, so counting is far simpler and cheaper than in the US where
we often have pages of choices.

Ballot-counting machines in NY and most states do read each ballot and
produce totals. Those machines are computers, and can be hacked when they
get annual updates or sit unguarded at polling places the night before an
election, so the "totals" they show may not reflect the ballots. A really
good feature is that NY also recounts ballots from 3% of the machines,
manually or with an independent machine. I'd like to see more independent
counts, since a nation-state could hack the independent machine too, but NY
is far ahead of states which don't check a good sample at all.
https://www.verifiedvoting.org/state-audit-laws/

------------------------------

Date: Fri, 19 Oct 2018 20:00:14 -0600
From: "Keith Medcalf" <kmedc...@dessus.com>
Subject: Re: Researcher finds simple way of backdooring Windows PCs and
  nobody notices for ten months (RISKS-30.87)

This is likely because it is irrelevant.

Once you have the requisite NT AUTHORITY\SYSTEM level access that is
required to carry out the "registry hack" to enable this "backdoor" there is
no point in going to all the trouble -- and there are much easier ways to
obtain and maintain "Administrator" rights (or whatever rights you want) on
Windows -- especially after you have once subverted the Operating System and
obtained NT AUTHORITY\SYSTEM privileges.

Besides which, this is not really a security problem/flaw, the system is
merely working as designed.  You can achieve just about the same thing in
any Operating System authorization system by making similar changes to the
information base used to generate the authorization token, and it is just as
trivially easy once you ALREADY HAVE "Act as part of the Operating System"
privilege.

------------------------------

Date: Tue, 5 May 2018 11:11:11 -0800
From: risks-requ...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also,  ftp://ftp.sri.com/risks for the current volume
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-30.00
  Lindsay has also added to the Newcastle catless site a palmtop version
  of the most recent RISKS issue and a WAP version that works for many but
  not all telephones: http://catless.ncl.ac.uk/w/r
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
  <http://the.wiretapped.net/security/info/textfiles/risks-digest/>
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks have done to URLs.  I have
  tried to extract the essence.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 30.88
************************

Reply via email to