RISKS-LIST: Risks-Forum Digest Friday 29 January 2021 Volume 32 : Issue 47
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/32.47> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: The `Dumb Money' Outfoxing Wall Street Titans (NYTimes et al. PGN-ed) Apparent suicide by 20-year-old Robinhood trader who saw a negative $730,000 balance prompts app to make changes (CNN) On Twitter, many follow @robinhood en masse not realizing it's The Robin Hood Society of Sherwood, UK (Boing Boing) North Korea Targets and Dupes a Slew of Cybersecurity Pros (WiReD) Phone battery explodes after man bites into it (Boing Boing) Major Internet outage affecting users from Washington DC to Boston; Verizon fiber cut reported (WBNG) The World Is Dangerously Dependent on Taiwan for Semiconductors (Bloomberg) Cops Disrupt Emotet, the Internet's Most Dangerous Malware (WiReD) The Creeping Normalization of Robotic Police Officers (Digital Trends) With Online Terms of Service, What Happens When You Click 'Agree'? (NYTimes) Who's Making All Those Scam Calls? (NYTimes) An old arrest can follow you forever online. Some newspapers want to fix that. (WashPost) International cybercops derail botnet used to extort/steal data around the globe for years (CBC) Twitter Troll Tricked 4,900 Democrats in Vote-by-Phone Scheme (NYTimes) Parole Violator Who Raided Senate Building Sold Out By The GPS Unit Attached To Him For Previous Parole Violations (TechDirt) Retribution for hacker locking her out (RTE.IE) Internet Outage Impacts Access To Virtual Learning In NoVA (Patch) 63-year-old Thai woman receives 43-year sentence for sharing audio clips "defaming" the monarchy (Global Voices) Bank error not in my favour (Clive D.W. Feather) Sidewalk, security, and PopulistNet (Rob Slade) Airliner Pilot Says Jet Pack Guy Over Los Angeles Looked Just Like This Crazy Drone (The Drive) Flash Is Dead -- but Not Gone (WiReD) 150 Years Ago Brooklyn Renumbered All Its Streets. It Was a Disaster. (Jeremy Lechtzin) Re: Bursts of acceleration in Tesla vehicles caused by drivers, mistaking accelerators for brakes ... (Phil Koopman) Re: Company name could lead to security xss attack (John Levine) Re: Freezer spoils vaccine (Rick Gee) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 29 Jan 2021 10:08:34 PST From: Peter Neumann <neum...@csl.sri.com> Subject: The `Dumb Money' Outfoxing Wall Street Titans (NYTimes) Driven by Social Media, Amateurs Rush In to Squeeze Top Funds Matt Phillips and Taylor Lorenz, *The New York Times*, 28 Jan 2021, front page For example, GameStop share prices went from under $40 to $347,51 in less than a week. GameStop had been shorted by professionals, and boosted by some cleverness by "millions of amateur traders collectively taking on some of Wall Street's most sophisticated investors." [PGN-ed] This is a remarkable David-and-Goliath tale, with a lot of Alices and Bobs participating as well. Or might it be the tale wagging the dog? PGN Other items on this story: Reddit traders cause Wall Street havoc by buying GameStop https://thehill.com/policy/finance/536212-reddit-traders-cause-wall-street-havoc-by-buying-gamestop <https://thehill.com/policy/finance/536212-reddit-traders-cause-wall-street-havoc-by-buying-gamestop> https://www.cnbc.com/2021/01/27/hedge-fund-targeted-by-reddit-board-melvin-capital-closed-out-of-gamestop-short-position-tuesday.html https://www.bloomberg.com/opinion/articles/2021-01-27/reddit-driven-surge-puts-gamestop-and-ryan-cohen-in-a-weird-spot Amateur online traders fueled by discussions on Reddit sent shares of a struggling video game retailer flying Wednesday, a moment that is underscoring the divorce between the skyrocketing values of companies and the pain in the real economy. Kate Kelly and Matt Phillips, *The New York Times*, 29 Jan 2021 GameStop Trading Spree Ends As Online Brokers Hit Brakes A day after GameStop shares rose 135% ... Robinhood, the stock-trading app at the center of it all, clamped down. Insert: The GameStop Reckoning Was a Long Time Coming This week, gleeful online hordes turned the stock market upside down. This shouldn't come as a surprise. https://www.nytimes.com/2021/01/28/technology/gamestop-stock.html [This is a very convoluted case and deserve more discussion here. There are many risks, some of which were exposed quite visibly. Many others may still be lurking. PGN] ------------------------------ Date: Wed, 27 Jan 2021 08:36:51 -0800 From: Lauren Weinstein <lau...@vortex.com> Subject: Apparent suicide by 20-year-old Robinhood trader who saw a negative $730,000 balance prompts app to make changes https://www.cnn.com/2020/06/19/business/robinhood-suicide-alex-kearns/index.html ------------------------------ Date: Fri, 29 Jan 2021 12:03:03 -0500 From: Gabe Goldberg <g...@gabegold.com> Subject: On Twitter, many follow @robinhood en masse not realizing it's The Robin Hood Society of Sherwood, UK (Boing Boing) Ah, yes, another case of mistaken social media handle identity. The World Wide Robin Hood Society, based in the heart of Sherwood, Nottingham, England, has a bunch of new followers on Twitter. CNN's Brian Fung observed, "People appear to be following @robinhood en masse without realizing that the handle belongs to the Robin Hood society in the UK, not the stock trading platform." https://boingboing.net/2021/01/28/on-twitter-many-follow-robinhood-en-masse-not-realizing-its-the-robin-hood-society-of-sherwood-uk-not-gamestop-or-stocks-related.html ------------------------------ Date: Thu, 28 Jan 2021 16:19:28 -0500 From: Gabe Goldberg <g...@gabegold.com> Subject: North Korea Targets and Dupes a Slew of Cybersecurity Pros (WiReD) The sweeping campaign took advantage of the collaborative spirit among researchers, with an unknown number of victims. https://www.wired.com/story/north-korea-hackers-target-cybersecurity-researchers/ ------------------------------ Date: Fri, 29 Jan 2021 12:02:16 -0500 From: Gabe Goldberg <g...@gabegold.com> Subject: Phone battery explodes after man bites into it (Boing Boing) Store surveillance video captured this wild scene in China: a phone battery exploding after a man bites into it. The clip has gone viral on Chinese social media. https://boingboing.net/2021/01/28/phone-battery-explodes-after-man-bites-into-it-video.html Exploding battery - if in US, would result in "Do not bite battery" labels ------------------------------ Date: Tue, 26 Jan 2021 11:52:48 -0800 From: Lauren Weinstein <lau...@vortex.com> Subject: Major Internet outage affecting users from Washington DC to Boston; Verizon fiber cut reported (WBNG) https://wbng.com/2021/01/26/major-internet-outage-affecting-users-from-washington-d-c-to-boston-verizon-fiber-cut-reported/ Backhoes on the loose again? ------------------------------ Date: Wed, 27 Jan 2021 11:14:39 +0900 From: Dave Farber <far...@gmail.com> Subject: The World Is Dangerously Dependent on Taiwan for Semiconductors (Bloomberg) https://www.bloomberg.com/news/features/2021-01-25/the-world-is-dangerously-dependent-on-taiwan-for-semiconductors ------------------------------ Date: Thu, 28 Jan 2021 16:15:38 -0500 From: Gabe Goldberg <g...@gabegold.com> Subject: Cops Disrupt Emotet, the Internet's Most Dangerous Malware (WiReD) A global operation has taken down the notorious botnet in a blow to cybercriminals worldwide. https://www.wired.com/story/emotet-botnet-takedown/ ------------------------------ Date: Thu, 28 Jan 2021 19:34:48 -0500 From: Gabe Goldberg <g...@gabegold.com> Subject: The Creeping Normalization of Robotic Police Officers (Digital Trends) Robotic police officers are slowly being normalized, whether we like it or not “I worry about when we move out of the stage where police robots are just photo opportunities. We're going to eventually have to confront the scenario in which robots that police have to make decisions, and when the time comes that a police robot makes the wrong decision — somebody gets hurt or the wrong person gets arrested — police robots are not people,” Guariglia says. “You can't reprimand them.” What if the robot falsely identifies them as a criminal and gets them arrested? Who will be held responsible for that? You can't fire a robot or charge it with a crime. Guariglia also notes that these robots can easily be outfitted with all kinds of surveillance technology, and they could become “roving surveillance towers.” He says a robot might be assigned to a high-crime neighborhood to conduct near-constant surveillance and call the police when it suspects it's identified a criminal, whether it has or not. Imagine you're walking down the street and a police robot orders you to stop. It believes you're wanted for a crime and calls the police on you. The police arrive and take you to jail. You're released once they figure out that they've arrested the wrong person. They blame the robot's algorithm, and there's nothing you can do about it. It's a dystopian future we could be fast approaching. https://www.digitaltrends.com/features/robot-law-enforcement-normalization/ Not a word about whether any of these are autonomous or manually controlled. Just a bit overwrought. ------------------------------ Date: Thu, 28 Jan 2021 19:36:02 -0500 From: Gabe Goldberg <g...@gabegold.com> Subject: With Online Terms of Service, What Happens When You Click 'Agree'? (The New York Times) The same legalese that can ban Donald Trump from Twitter can bar users from joining class-action lawsuits. Its time to fix the fine print. https://www.nytimes.com/2021/01/23/opinion/sunday/online-terms-of-service.html ------------------------------ Date: Thu, 28 Jan 2021 20:58:38 -0500 From: Monty Solomon <mo...@roscom.com> Subject: Who's Making All Those Scam Calls? (NYTimes) Every year, tens of millions of Americans collectively lose billions of dollars to scam callers. Where does the other end of the line lead? https://www.nytimes.com/2021/01/27/magazine/scam-call-centers.html ------------------------------ Date: Thu, 28 Jan 2021 14:51:51 -0500 From: Gabe Goldberg <g...@gabegold.com> Subject: An old arrest can follow you forever online. Some newspapers want to fix that. (WashPost) *The Boston Globe* has joined a handful of newsrooms around the country doing something once unthinkable: changing old articles because they are ruining a person's life. https://www.washingtonpost.com/lifestyle/media/old-arrest-boston-globe-fresh-start/2021/01/22/122cbd0c-5cd1-11eb-b8bd-ee36b1cd18bf_story.html What next? Allowing supplying alternate replacement versions? ------------------------------ Date: Wed, 27 Jan 2021 17:33:59 -0700 From: "Matthew Kruk" <mkr...@gmail.com> Subject: International cybercops derail botnet used to extort/steal data around the globe for years (CBC) https://www.cbc.ca/news/world/cybercrime-botnet-derailed-canadian-arrested-1.5890484 "..."This is a really big deal. Emotet was one of the largest, if not the largest, botnets delivering a wide variety of malware. Their botnet consisted of hundreds of thousands compromised hosts which were used to send more than 10 million spam and phishing emails a week," said Allan Liska, an analyst with Recorded Future." ------------------------------ Date: Thu, 28 Jan 2021 10:08:34 PST From: Peter Neumann <neum...@csl.sri.com> Subject: Twitter Troll Tricked 4,900 Democrats in Vote-by-Phone Scheme https://www.nytimes.com/2021/01/27/nyregion/douglass-mackey-arrested-far-right-twitter.html?referringSource=articleShare&fbclid=IwAR3z-bw0Dk_Bi0IAT7y_8bO7keJBPa4xEuN-2LRBN-AKhf__f8YVaFKKTpw ------------------------------ Date: Wed, 27 Jan 2021 10:08:22 PST From: Peter Neumann <neum...@csl.sri.com> Subject: Parole Violator Who Raided Senate Building Sold Out By The GPS Unit Attached To Him For Previous Parole Violations (TechDirt) https://www.techdirt.com/articles/20210121/16510546099/parole-violator-who-raided-senate-building-sold-out-gps-unit-attached-to-him-previous-parole-violations.shtml ------------------------------ Date: Wed, 27 Jan 2021 10:08:22 PST From: Peter Neumann <neum...@csl.sri.com> Subject: Retribution for hacker locking her out (RTE.IE) "A South Dublin woman has brought High Court proceedings against Facebook after a hacker took over and locked her out of her account." https://www.rte.ie/news/business/2021/0127/1193457-woman-sues-facebook-after-hacker-took-over-her-account/ ------------------------------ Date: Tue, 26 Jan 2021 18:03:14 -0500 From: Gabe Goldberg <g...@gabegold.com> Subject: Internet Outage Impacts Access To Virtual Learning In NoVA (Patch) School districts in Northern Virginia said the Verizon Fios outage on the East Coast is impacting students and staff. https://patch.com/virginia/annandale/s/hef43/internet-outage-impacts-access-to-virtual-learning-in-nova ------------------------------ Date: Mon, 25 Jan 2021 15:35:11 -0800 From: Lauren Weinstein <lau...@vortex.com> Subject: 63-year-old Thai woman receives 43-year sentence for sharing audio clips "defaming" the monarchy (Global Voices) https://globalvoices.org/2021/01/25/thai-woman-receives-43-year-sentence-for-sharing-audio-clips-defaming-the-monarchy/ ------------------------------ Date: Wed, 27 Jan 2021 08:20:19 +0000 From: "Clive D.W. Feather" <cl...@davros.org> Subject: Bank error not in my favour I am volunteering, under the auspices of a well-known organization, at the vaccination centres being set up in England. While I don't get paid for this, I am allowed to claim mileage because it's a 75 mile round trip at present and about to become 130 miles when I change centres. After some minor teething troubles, I have finally got access to the web site used for making claims and start my first claim. In the UK, all bank accounts have an 8 digit number and a 6 digit "sort code", usually written in the form "12-34-56". The form asks me to enter both of these, in different boxes. The latter says "enter sort code as 6 digits, either with or without dashed". The web site is dynamic so that valid answers have a green background and invalid (or not-yet-filled-in) ones have a pink background. The account number was accepted but the sort code was rejected. I try taking out the dashes in case the instructions were wrong but, no, that doesn't help. I wonder if they're using a validation database so try the sort code of a different account at a different bank. No, doesn't help. I dig through my memory and come up with the sort code from an account I had held for 30 years but eventually closed. No, that doesn't work either. I even try logging out, logging in again, and starting over. No dice. Eventually I get annoyed enough that I type "123456" in the box. Green! "111111"? Pink for the first five digits, then green on the sixth. "999999", the same. "000000", stays pink. Hmm. "012345": stays pink. "111110": pink. "111112": green. Yes, it doesn't accept "0" as a digit (it doesn't accept "O" either; I tried). And all three of my accounts had at least one zero in their sort code (the first one has two, including a leading zero). My calculator says this should be rejecting 47% of possible sort codes and a higher proportion of issued ones, including all those used by at least three major banks and also the codes allocated to the Bank of England! ------------------------------ Date: Tue, 26 Jan 2021 11:59:07 -0800 From: Rob Slade <rmsl...@shaw.ca> Subject: Sidewalk, security, and PopulistNet I've been seeing mentions of Amazon Sidewalk, and how it is going to destroy security and privacy as we know it. There was some mention of it on the "community." But it is, of course, the RISKS Forum Digest that finally got me to read up and figure out what it is all about. Lo and behold, Sidewalk is my old friend PeopleNet, or PopulistNet. https://blogs.securiteam.com/index.php/archives/1390 Well, a sort of cut-down version of it, and limited to Amazon devices (and therefore completely owned by Amazon, which sort of defeats the original purpose). But, I suppose it is a start. (By the way, if Amazon has patented any of this, my article was published in 2010, so it could probably invalidate some of the patents by being prior art.) Amazon has attempted to head off some of the undoubted complaints about security and privacy by detailing some provisions of security for the Sidewalk network, and publishing those in a white paper. https://m.media- amazon.com/images/G/01/sidewalk/final_privacy_security_whitepaper.pdf Stripped to it's essentials, it's basically a version of Tor. There are "layers" of encryption, corresponding the the OSI application and network layers (and one more "just for show," as Tevye would put it). There is also a promise to limit bandwidth (which probably has as much to do with preventing usage-based denial of service as anything else). In regard to encryption, key exchange is vital. Sidewalk relies upon Ephemeral Elliptic Curve Diffie-Hellman. A decent protocol, to be sure, but what kind of key size are we talking about? Then there is the blythe promise of "random" key generation. (We know that "random" is not possible, and there is no detail on how any pseudorandom data is generated.) (There is a good deal of digital certification going on, and there is a kind of certificate revocation list, which is comforting. At least they seem to have covered the basics.) Amazon's use of encryption is supposed to protect privacy, but the wording that the Sidewalk Network Server makes it "difficult" to de-anonymize data implicitly admits that it isn't impossible. It will be interesting to see, with the aggregation of undoubtedly huge amounts of data, how difficult or easy this might be. When I first proposed PopulistNet, I knew that securing such communications would be a non-trivial task. I still hope for some kind of open-source exploration of the idea on a much wider scale than Amazon. Sidewalk does provide some ideas for the securing of such a system. ------------------------------ Date: Tue, 26 Jan 2021 10:15:45 -1000 From: geoff goodfellow <ge...@iconia.com> Subject: Airliner Pilot Says Jet Pack Guy Over Los Angeles Looked Just Like This Crazy Drone Months after the first sighting of the jet pack guy over Southern California, we get new insights into the official investigation into the incidents. Months after *an initial report* <https://www.thedrive.com/the-war-zone/36096/airline-pilots-landing-at-lax-report-a-guy-in-jetpack-flying-alongside-them-on> from airline pilots about seeing what appeared to be an individual flying alongside them using a jet pack as they came in to land at Los Angeles International Airport, that incident <https://www.thedrive.com/the-war-zone/36786/heres-the-faa-report-and-full-audio-from-the-mysterious-jetpack-guy-incident-near-lax>, and subsequent encounters in southern California <https://www.thedrive.com/the-war-zone/37071/another-guy-in-a-jetpack-was-spotted-by-airliners-descending-into-lax-we-have-the-audio> <https://www.thedrive.com/the-war-zone/38403/video-taken-by-pilots-of-what-could-be-the-elusive-los-angeles-jet-pack-guy-emerges>, remains as curious and unexplained as ever. Newly obtained documents from the Federal Aviation Administration show officials there were also stumped after the first sighting. At the same time, they were asking similar questions and considering one of the exact same possible explanations that we here at *The War Zone* *have also explored*. <https://www.thedrive.com/the-war-zone/38403/video-taken-by-pilots-of-what-could-be-the-elusive-los-angeles-jet-pack-guy-emerges> John Greenewald, a vigorous filer of Freedom Of Information Act (FOIA) requests and author, who runs the website *The Black Vault* <https://www.theblackvault.com/>, received the documents through the FOIA process and generously shared them with *The War Zone*. You can read the documents in their entirety over at *The Black Vault* by *clicking here* <https://www.theblackvault.com/documentarchive/jetpack-sighting-over-los-angeles-international-airport-lax-august-30-2020>. The records cover discussions between various FAA officials regarding the first of these recent jet pack-related sightings near Los Angeles International Airport, or LAX, on 30 Aug 2020. You can read more about that incident specifically *in these* previous *War Zone stories* [...] <https://www.thedrive.com/the-war-zone/36786/heres-the-faa-report-and-full-audio-from-the-mysterious-jetpack-guy-incident-near-lax> <https://www.thedrive.com/the-war-zone/36096/airline-pilots-landing-at-lax-report-a-guy-in-jetpack-flying-alongside-them-on> ------------------------------ Date: Tue, 26 Jan 2021 12:59:42 -0500 From: Gabe Goldberg <g...@gabegold.com> Subject: Flash Is Dead -- but Not Gone (WiReD) Zombie versions of Adobe's troubled software can still cause problems in systems around the world. https://www.wired.com/story/zombie-flash-security-problems/ ------------------------------ Date: Thu, 28 Jan 2021 10:38:48 -0500 From: Monty Solomon <mo...@roscom.com> Subject: 150 Years Ago Brooklyn Renumbered All Its Streets. It Was a Disaster. (Jeremy Lechtzin) Jeremy Lechtzin, Brooklyn's Big Street Address Mess: A Wild Tale of Total Civic Disfunction; Change of Address; The Solution Sowed Even More Confusion *The New York Times* online, 27 Jan 2021 https://www.nytimes.com/interactive/2021/01/27/nyregion/brooklyn-streets-numbers-renaming.html A decades-long effort to organize addresses in the mid-1800s was plagued by the incompetence and grift of city leaders. [Much to be learned here about what not to do. PGN] ------------------------------ Date: Tue, 26 Jan 2021 20:53:33 -0500 From: Phil Koopman <koopman....@gmail.com> Subject: Re: Bursts of acceleration in Tesla vehicles caused by drivers, mistaking accelerators for brakes ... (RISKS-32.46) > [John Levine noted that in the 1980s a bunch of unexpected acceleration > events in Audi 100's were also due to pedal confusion. Audi recalled them > to move the pedals farther apart and to add an interlock so you had to > step on the brake before putting the car in gear. This is a prevalent but misleading description of the Audi 100/5000 issue. (Not picking on John Levine here. You can find such a summary description almost anywhere. But RISKS readers deserve to know the whole story.) In reality, there was a vehicle defect that initiated the event, and human drivers got blamed for imperfect reactions to a surprise wide-open-throttle situation in a parking lot. The original source is: Study of mechanical and driver-related systems of the Audi 5000 capable of producing uncontrolled sudden acceleration incidents, DOT-TSC-NHTSA-88-4, Dec. 1988, Appendix H. https://archive.org/details/Audi5000UAReport Abstract: "Some versions of Audi idle-stabilization system were prone to defects which resulted in excessive idle speeds and brief unanticipated accelerations of up to 0.3g. These accelerations could not be the sole cause of SAIs, but might have triggered some SAIs by startling the driver." ("SAI" = Sudden Acceleration Incident) Pages 1-6 to 1-7: "The Audi 5000 has mechanical and electronic failure modes that could induce engine surging and produce unexpected increases in engine power." ... "Failures in the idle-stabilizer system, and to a much lesser extent the cruise control system, were identified which are capable of initiating an SAI without leaving evidence detectable under normal test procedures." ... "It can therefore be concluded that once unwanted acceleration has begun, pedal misapplication resulting from panic, confusion, or perhaps unfamiliarity with the Audi 5000 contributes to the severity of the incident." The data I've seen puts 0.3g as on a par with 0-60 maximum acceleration numbers for that vehicle. Contrast the abstract "triggered" with the text "contributes to the severity". As far as I can tell, this report is the genesis of the pedal misapplication narrative commonly at play in cases such as the recent Tesla outcome. (There is a 1989 follow-on report that elaborates that narrative: DOT-HS-807-367.) For those who want to dig deeper, a SAFECOMP 2018 paper covers the history of this RISK-y narrative of blaming the driver by default while, in many cases, failing to rule in a sufficient scope of potential computer-based system defects. (For example, perhaps the accelerator pedal is read incorrectly due to defective software. That same incorrect data commands engine power, and is also sent to the data recorder. But this is just a hypothetical; I've not looked at the Tesla situation.) https://users.ece.cmu.edu/~koopman/pubs/koopman18_safecomp.pdf ------------------------------ Date: 25 Jan 2021 21:08:41 -0500 From: "John Levine" <jo...@iecc.com> Subject: Re: Company name could lead to security xss attack (Colville, RISKS-32.47) Some years ago, someone stole a check sent to the city of "Kearny, N.J.", endorsed it Nathan Kearny, and cashed it. There's a lot of ways to be ambiguous. This sounds like an urban legend but it was reported on August 23, 1973, in *The New York Times*. ------------------------------ Date: Tue, 26 Jan 2021 16:29:57 -0800 From: Rick Gee <rd...@shaw.ca> Subject: Re: Freezer spoils vaccine (RISKS-32.46) Seeing the freezer story in 32.46 I remembered this one. https://www.wltribune.com/news/power-outage-spoils-covid-19-vaccine-at-tletinqox/ ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: risks-requ...@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 32.47 ************************