20-Oct-2018 0:23:38-GMT,165138;000000000004 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 30.88
RISKS-LIST: Risks-Forum Digest Tuesday 23 October 2018 Volume 30 : Issue 88 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/30.88> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Drivers Wildly Overestimate What 'Semiautonomous' Cars Can Do (WiReD) Internet of Things (Don Wagner) Toward Human-Understandable, Explainable AI (computer.org) When AI Misjudgment Is Not an Accident (Scientific American) Drink too much beer at a Dallas Cowboys game? Now a free robot-driven van will scoop you up afterward. (WashPost) 3D Printers Have Fingerprints, a Discovery That Could Help Trace 3D-Printed Guns, Counterfeit Goods (University of Buffalo) SSH Authentication Bug Opens Door If You Say You're Logged-In (ITProToday) Hackers steal data of 75,000 users after Healthcare.gov FFE breach (ZDNet) Disrupting cyberwar with open-source intelligence (HPE) U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections (NYTimes) Twitter publishes dump of accounts tied to Russian, Iranian influence campaigns (Ars Technica) Saudis' Image Makers: A Troll Army and a Twitter Insider (NYTimes) Banks Adopt Military-Style Tactics to Fight Cybercrime (NYTimes) IBM Proves a Quantum Computing Advantage Over Classical (Brian Wang) Microsoft's problem isn't how often it updates Windows -- it's how it develops it (Ars Technica) Susan Wojcicki on the EU's horrific Article 13 (Lauren Weinstein) Now Apps Can Track You Even After You Uninstall Them (Bloomberg) These Researchers Want to Send Smells Over the Internet (ieee.org) Risks of voting systems (Stewart Fist) Re: Election Security (John Levine, Paul Burke) Re: Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months (Keith Medcalf) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, 20 Oct 2018 23:01:23 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: Drivers Wildly Overestimate What 'Semiautonomous' Cars Can Do (WiReD) Cars are getting smarter and more capable. They're even starting to drive themselves, a little. And they're becoming a cause of concern for European and American safety agencies and groups. They're all for putting better tech on the road, but automakers are selling systems like Tesla's Autopilot, or Nissan's Pro Pilot Assist, with the implied promise that they'll make driving easier and safer, and a new study is the latest to say that may not always be the case. More worryingly, drivers think these systems are far more capable than they really are. https://www.wired.com/story/semi-autonomous-systems-safety-research-euro-ncap-thatcham/ ------------------------------ Date: Sun, 21 Oct 2018 15:08:37 +0200 From: Zap Katakonk <zapkatakonk1943.6...@gmail.com> Subject: Internet of Things In the Wild West, a cowboy was a man who, if he had to go a mile north, would walk two miles south to get a horse, so he could ride there. The IoT appears to be a product of computer cowboys. Don Wagner <http://donwagner.dk> ------------------------------ Date: Sat, 20 Oct 2018 20:26:36 +0800 From: Richard Stein <rmst...@ieee.org> Subject: Toward Human-Understandable, Explainable AI (computer.org) http://www.computer.org/csdl/mags/co/2018/09/index.html Explainable AI (XAI), as defined by Hani Hagras, possesses these characteristics: "Transparency: We have a right to have decisions affecting us explained to us in terms, formats, and languages we can understand. "Causality: If we can learn a model from data, can this model provide us with not only correct inferences but also some explanation for the underlying phenomena? "Bias: How can we ensure that the AI system has not learned a biased view of the world based on shortcomings of the training data or objective function? "Fairness: If decisions are made based on an AI system, can we verify that they were made fairly? "Safety: Can we gain confidence in the reliability of our AI system without an explanation of how it reaches conclusions?" These XAI characteristics, if demonstrably deterministic, can aid triage and reconstruction of an AI platform's processing activities. A platform's XAI compliance certification may deter and preclude worst-case, post-deployment consequences. AI platform publishers can serve public health and welfare by demonstrating XAI characteristics prior to deployment. A public service that operates a compliance simulation can enhance public safety, and reinforce social trust for AI. XAI certification might be used as a selling point, similar to a label from the Underwriters Laboratory or a Consumer Reports ranking. Autonomous vehicles (AVs) exemplify AI platforms. They promote and aspire to embody safety capabilities that outperform carbon-based drivers, at least per NHTSA statistics. Unless operation and failure modes can be simply explained, AVs will remain a technological eight-ball. XAI characterization affords one means to educate a skeptical public. But AV manufacturers must proactively and transparently disclose traffic accident initiators and processing sequences. Attorneys will find it difficult to argue that Robocar-5 "LiDAR image Bayesian decision anomaly suppression logic" is safer than a distracted or inebriated carbon-based driver. Given the tarnished reputation acquired from prior incidents, AV manufacturers have become taciturn. See https://www.washingtonpost.com/technology/the-switch/shaken-by-hype-self-driving-leaders-adopt-new-strategy-shutting-up/2018/10/18/87bbb99a-91f7-42ec-9b9b-e0cb36ae6be8_story.html XAI compliance may be their best hope, and last chance, to rehabilitate their image. ------------------------------ Date: Sat, 20 Oct 2018 20:29:48 +0800 From: Richard Stein <rmst...@ieee.org> Subject: When AI Misjudgment Is Not an Accident (Scientific American) https://blogs.scientificamerican.com/observations/when-ai-misjudgment-is-not-an-accident/ "Injecting deliberate bias into algorithmic decision-making could be devastatingly simple and effective. This might involve replicating or accelerating pre-existing factors that produce bias. Many algorithms are already fed biased data. Attackers could continue to use such data sets to train algorithms, with foreknowledge of the bias they contained. The plausible deniability this would enable is what makes these attacks so insidious and potentially effective. Attackers would surf the waves of attention trained on bias in the tech industry, exacerbating polarization around issues of diversity and inclusion. "The idea of 'poisoning' algorithms by tampering with training data is not wholly novel. Top U.S. intelligence officials have warned that cyber attackers may stealthily access and then alter data to compromise its integrity. Proving malicious intent would be a significant challenge to address and therefore to deter." Risk: AI-generated, published content that incites widespread civil unrest, or financial catastrophe. ------------------------------ Date: Sun, 21 Oct 2018 16:06:21 +0800 From: Richard Stein <rmst...@ieee.org> Subject: Drink too much beer at a Dallas Cowboys game? Now a free robot-driven van will scoop you up afterward. (WashPost) https://www.washingtonpost.com/technology/2018/10/20/drink-too-much-beer-dallas-cowboys-game-now-free-robot-driven-van-will-scoop-you-up-afterward "Drive.ai has attempted to distinguish itself by prioritizing 'recognizability over beauty,' giving its Nissan vehicles bright orange paint jobs that are designed to grab the attention of pedestrians and drivers, according to company officials. "The vehicles operate along fixed routes, include human backup drivers and travel up to 35 mph. They also include exterior panels with messages -- such as 'waiting for you to cross' -- to take the place of a human driver making eye contact or gesturing with a pedestrian at a crosswalk, for example. At some point, the CEO said, backup drivers will be removed and the vehicles will operate autonomously." ------------------------------ Date: Fri, 19 Oct 2018 12:16:57 -0400 From: ACM TechNews <technews-edi...@acm.org> Subject: 3D Printers Have Fingerprints, a Discovery That Could Help Trace 3D-Printed Guns, Counterfeit Goods (University of Buffalo) UB News Center, 16 Oct 2018, via ACM TechNews, 19 Oct 2018 University at Buffalo researchers have outlined the first accurate technique for tracing a three-dimensionally (3D)-printed object to the machine that produced it, which they think could help law enforcement and intelligence agencies track the origin of 3D-printed firearms and counterfeit products. The PrinTracker method identifies the unique signatures of 3D printers by reading the tiny imperfections within the in-fill patterns they produce in printed objects. The team created a set of keys from 14 common printers, then generated digital images of each key. Each image was filtered to characterize the in-fill pattern, then an algorithm aligned and calculated each key's variations to confirm the printer signature's authenticity; PrinTracker matched each key to its originating printer with 99.8% accuracy. PrinTracker was presented this week at the ACM Conference on Computer and Communications Security (ACM CCS 2018) in Toronto, Canada. https://orange.hosting.lsoft.com/trk/click%3Fref%3Dznwrbbrs9_6-1ccf3x217f1ax069069%26 ------------------------------ Date: Sat, 20 Oct 2018 23:17:23 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: SSH Authentication Bug Opens Door If You Say You're Logged-In (ITProToday) https://www.itprotoday.com/data-security-encryption/ssh-authentication-bug-opens-door-if-you-say-youre-logged ------------------------------ Date: Mon, 22 Oct 2018 10:09:46 -0400 From: Monty Solomon <mo...@roscom.com> Subject: Hackers steal data of 75,000 users after Healthcare.gov FFE breach (ZDNet) https://www.zdnet.com/article/hackers-steal-data-of-75000-users-after-healthcare-gov-ffe-breach/ ------------------------------ Date: Sat, 20 Oct 2018 23:20:56 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: Disrupting cyberwar with open-source intelligence (HPE) When invaders turned the digital information space into a battlefield, citizen volunteers innovated a new kind of combat. Ukrainian activists are working on the front lines to fight information aggression. For better or for worse, warfare drives technology innovation. World War I turned the airplane from a rickety contraption into an essential force in battlefield dominance; World War II brought us jet planes, radar, and atom bombs. Today, attacks come through the Internet, not from the sky -- and so do the responses. The cyberattack offensive that Russia launched in Ukraine in 2014 introduced a new doctrine, hybrid warfare, that blends special-forces military action, sophisticated propaganda, social media manipulation, and hacking. And the resistance is coming from volunteers who work together. https://www.hpe.com/us/en/insights/articles/disrupting-cyberwar-with-open-source-intelligence-1810.html ------------------------------ Date: Tue, 23 Oct 2018 09:43:54 -0400 From: Monty Solomon <mo...@roscom.com> Subject: U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections (NYTimes) https://www.nytimes.com/2018/10/23/us/politics/russian-hacking-usa-cyber-command.html American operatives are messaging Russians working on disinformation campaigns to let them know they've been identified. It's a measured step to keep Moscow from escalating. ------------------------------ Date: Mon, 22 Oct 2018 10:51:34 -0400 From: Monty Solomon <mo...@roscom.com> Subject: Twitter publishes dump of accounts tied to Russian, Iranian influence campaigns (Ars Technica) Archive for researchers provides picture of Internet Research Agency's influence ops. https://arstechnica.com/tech-policy/2018/10/twitter-publishes-dump-of-accounts-tied-to-russian-iranian-influence-campaigns/ ------------------------------ Date: Mon, 22 Oct 2018 10:39:03 -0400 From: Monty Solomon <mo...@roscom.com> Subject: Saudis' Image Makers: A Troll Army and a Twitter Insider (NYTimes) The kingdom silences dissent online by sending operatives to swarm critics. It also recruited a Twitter employee suspected of spying on users, interviews show. https://www.nytimes.com/2018/10/20/us/politics/saudi-image-campaign-twitter.html ------------------------------ Date: Mon, 22 Oct 2018 16:50:22 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: Banks Adopt Military-Style Tactics to Fight Cybercrime (NYTimes) Like many cybersecurity bunkers, IBM's foxhole has deliberately theatrical touches. Whiteboards and giant monitors fill nearly every wall, with graphics that can be manipulated by touch. ``You can't have a fusion center unless you have really cool TVs,'' quipped Lawrence Zelvin, a former Homeland Security official who is now Citigroup's global cybersecurity head, at a recent cybercrime conference. ``It's even better if they do something when you touch them. It doesn't matter what they do. Just something.'' Security pros mockingly refer to such eye candy as `pew pew' maps, an onomatopoeia for the noise of laser guns in 1980s movies and video arcades. They are especially useful, executives concede, to put on display when V.I.P.s or board members stop by for a tour. Two popular `pew pew' maps are from FireEye and the defunct security vendor Norse, whose video game-like maps show laser beams zapping across the globe. Norse went out of business two years ago, and no one is sure what data the map is based on, but everyone agrees that it looks cool. https://www.nytimes.com/2018/05/20/business/banks-cyber-security-military.html Of course, a comment on the article has the solution: BLOCKCHAIN Software guarantees a valid trail of corrupted files, preserving the data. I wonder how long it will be until even that system is defeated. What BlockChain software the power is its distributive system, meaning that the data is stored in multiple private computers. Whether that system meets legal requirements for privacy is another question. But the logic is clear: if data is distributed according to a randomizing algorithm, that makes it a lot more complicated for intruders to be able to follow data and to corrupt the system to a point where it shuts down. Or worse, becomes subject to malware that results in ransom or other maneuvers of financial plundering. it is, no doubt, the bane of our digital world that the vulnerabilities are incomprehensible to the lay person and difficult if not impossible for the experts to protect fully. Things may not be at the point where investors are advised to purchase gold and hide under a mattress. But we may well be headed in that direction. ------------------------------ Date: Fri, 19 Oct 2018 12:16:57 -0400 From: ACM TechNews <technews-edi...@acm.org> Subject: IBM Proves a Quantum Computing Advantage Over Classical (Brian Wang) Brian Wang, Next Big Future, 18 Oct 2018, via ACM TechNews, 19 Oct 2018 IBM researchers have mathematically validated certain problems that require only a fixed circuit depth when performed on a quantum computer regardless of how the number of quantum bits used for inputs increase; these same problems require larger circuit depths on classical computers. The proof is that there will be problems that can only be executed on quantum systems, and others which can be conducted much faster on quantum computers. The research proves fault-tolerant quantum computers will do some tasks better than classical computers, and offers guidance on how to further current technology to leverage this as rapidly as possible. This marks the first demonstration of unconditional partitioning between quantum and classical algorithms. In practical terms, short-depth circuits are part of the deployments of algorithms, so this result does not specifically state how and where quantum computers might be better options for particular business problems. https://orange.hosting.lsoft.com/trk/click%3Fref%3Dznwrbbrs9_6-1ccf3x217f19x069069%26 ------------------------------ Date: Mon, 22 Oct 2018 10:45:04 -0400 From: Monty Solomon <mo...@roscom.com> Subject: Microsoft's problem isn't how often it updates Windows -- it's how it develops it (Ars Technica) Buggy updates point at deeper problems. https://arstechnica.com/gadgets/2018/10/microsofts-problem-isnt-shipping-windows-updates-its-developing-them/ ------------------------------ Date: Mon, 22 Oct 2018 09:25:34 -0700 From: Lauren Weinstein <lau...@vortex.com> Subject: Susan Wojcicki on the EU's horrific Article 13 [I agree with Susan] A Final Update on Our Priorities for 2018 https://youtube-creators.googleblog.com/2018/10/a-final-update-on-our-priorities-for.html Article 13 as written threatens to shut down the ability of millions of people -- from creators like you to everyday users -- to upload content to platforms like YouTube. And it threatens to block users in the EU from viewing content that is already live on the channels of creators everywhere. This includes YouTube's incredible video library of educational content, such as language classes, physics tutorials and other how-tos. This legislation poses a threat to both your livelihood and your ability to share your voice with the world. And, if implemented as proposed, Article 13 threatens hundreds of thousands of jobs, European creators, businesses, artists and everyone they employ. The proposal could force platforms, like YouTube, to allow only content from a small number of large companies. It would be too risky for platforms to host content from smaller original content creators, because the platforms would now be directly liable for that content. I agree 100% with Susan regarding the EU's horrific Article 13 and the immense damage that it would do, particularly to smaller creators. ------------------------------ From: "Dave Farber" <far...@gmail.com> Date: Tue, 23 Oct 2018 09:04:20 +0900 Subject: Now Apps Can Track You Even After You Uninstall Them (Bloomberg) https://www.bloomberg.com/news/articles/2018-10-22/now-apps-can-track-you-even-after-you-uninstall-them ------------------------------ Date: Sun, 21 Oct 2018 15:29:24 +0800 From: Richard Stein <rmst...@ieee.org> Subject: These Researchers Want to Send Smells Over the Internet (ieee.org) https://spectrum.ieee.org/the-human-os/biomedical/devices/these-researchers-want-to-send-smells-over-the-internet Risk: Scent molecules trigger an allergic reaction or are accidentally/intentionally blended into a poisonous vapor. The IoT evolves into the IoA -- Internet of Aromas; IoO -- Internet of Odors. "The Emperor of Scent" by Chandler Burr discusses Luca Turin's theory of how the human nose scent glands apply inelastic electron tunneling to distinguish aromas. [See RISKS-28.78 for *Scent Received, With a Tap of a Smartphone*, Smell-o-Vision, Scent of Mystery, and Smell-O-Phones. The nose knows, and the nos have it? An aye for an aye! Say Neigh to the Internet of Thinks Stinks? PGN] ------------------------------ Date: Sat, 20 Oct 2018 16:42:41 +1100 From: Stewart Fist <stewart_f...@optusnet.com.au> Subject: Risks of voting systems Australians are endlessly fascinated by correspondence and articles about the failures and fiddles associated with the US voting system. We have always believed a stable and trustworthy system of ballots to be fundamental to democracy, and we wonder why Americans don't to reform the whole system. Australia has a preferential ballot system, and what is erroneously called *compulsory voting*. No one has to vote, because we also have secret ballots (we claim to have invented them). So if you write obscenities on the paper or leave it unmarked, then no one will be the wiser. However you do need to attend a local booth on the day of the election and have your name crossed on the electoral roll, and you might get a small fine if you don't vote and don't have a legitimate excuse why you didn't perform this basic civil duty. My American friends see this as a draconian infringement on their human rights. Yet (by comparison) as Rob Slade (Jury Duty, 19 Oct) points out, his civic jury duty for a trial is likely to last 3 months - for those too *stupid* not to get themselves disqualified. So the argument about infringement on rights is trivial to the point of ridiculous. In my long life-time, jury duties and Vietnam War/National Service conscription have been greater impositions than fifteen minutes spent every few years to vote. Security comes from the universality of enrollment. Australia rarely has more than trivial voting scandals because it is almost impossible to manipulate the system without it becoming glaringly obvious. So citizens don't need to have identification when they vote; no one ever gets scrubbed from the rolls. There are no disputes to hold up the voting queues, and you can cast a vote in a distant electoral district if you are away from home. Voting machines are unnecessary also because many people can vote at the time (which saves millions of dollars). We just put numbers alongside the names on the ballot paper and most Australians can count from 1 to 5. Local scrutineers (who are aligned with the candidates) watch while the count is tallied after the close of voting. The system is designed to keep it simple, keep technology at a distance, and have every citizen involved in making the final decision. You register to vote once when you come of age, and that is it -- unless you change addresses (or names when women get married). Preferential voting also produces an outcome more aligned to the will of the local electorate, and it has the additional benefit of diminishing the over-riding power of the two major political parties. Preference voting encourages independent candidates to enter the political conversation and add their weight to the discussion. American will always have problems with the current US voting systems, and its about time that people faced up to that and looked at alternatives. Stewart Fist, 70 Middle Harbour Rd, LINDFIELD NSW 2070 ------------------------------ Date: 21 Oct 2018 23:48:58 +0200 From: "John Levine" <jo...@iecc.com> Subject: Re: Election Security (Burke on Zetter, RISKS-30.87) > ...Paper ballots and better security for election machines. Fine, but not > a solution. Counting millions of paper ballots in thousands of locations > is not secure or affordable. That is clearly false, since we conducted elections with hand counted paper ballots in thousands of locations for centuries. Canada still does. The ballot counting machines we use in New York count the ballots as the voters put them in the machine. I assume that after the polls close, they can lock the machine, read the totals, and call them in to get the tentative results. There are procedures for sealing the machines, delivering the ballots, and so forth which I used to know when I was an election official, but have since forgotten. I realize this may come as a surprise for people expecting instant gratification, but there is no need to report the results of an election quickly. I used to live in Cambridge MA where we used paper ballots to do single transferrable vote elections for city council and school committee. After the polls closed, they took the ballots to the high school gym where they counted them with observers and challenges. It took about a week, which was no problem at all since that still left plenty of time before the winners were certified and the new boards seated a month and a half later. ------------------------------ Date: Sun, 21 Oct 2018 19:09:59 -0400 From: Paul Burke <box1...@gmail.com> Subject: Re: Election Security (Levine, RISKS-30.88) I think John Levine sees the need for independently checking paper ballots. The story of Cambridge and other places shows that hand-checking is expensive. The US has 100 to 140 million long ballots to count, and a history of shenanigans. Canadian voters typically vote on one contest during each election, so counting is far simpler and cheaper than in the US where we often have pages of choices. Ballot-counting machines in NY and most states do read each ballot and produce totals. Those machines are computers, and can be hacked when they get annual updates or sit unguarded at polling places the night before an election, so the "totals" they show may not reflect the ballots. A really good feature is that NY also recounts ballots from 3% of the machines, manually or with an independent machine. I'd like to see more independent counts, since a nation-state could hack the independent machine too, but NY is far ahead of states which don't check a good sample at all. https://www.verifiedvoting.org/state-audit-laws/ ------------------------------ Date: Fri, 19 Oct 2018 20:00:14 -0600 From: "Keith Medcalf" <kmedc...@dessus.com> Subject: Re: Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months (RISKS-30.87) This is likely because it is irrelevant. Once you have the requisite NT AUTHORITY\SYSTEM level access that is required to carry out the "registry hack" to enable this "backdoor" there is no point in going to all the trouble -- and there are much easier ways to obtain and maintain "Administrator" rights (or whatever rights you want) on Windows -- especially after you have once subverted the Operating System and obtained NT AUTHORITY\SYSTEM privileges. Besides which, this is not really a security problem/flaw, the system is merely working as designed. You can achieve just about the same thing in any Operating System authorization system by making similar changes to the information base used to generate the authorization token, and it is just as trivially easy once you ALREADY HAVE "Act as part of the Operating System" privilege. ------------------------------ Date: Tue, 5 May 2018 11:11:11 -0800 From: risks-requ...@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-30.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) <http://the.wiretapped.net/security/info/textfiles/risks-digest/> *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks have done to URLs. I have tried to extract the essence. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 30.88 ************************
