[33237] in RISKS Forum
Risks Digest 34.19
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Mon Apr 22 14:14:17 2024
From: RISKS List Owner <risko@csl.sri.com>
Date: Mon, 22 Apr 2024 11:14:04 PDT
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Monday 22 April 2024 Volume 34 : Issue 19
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.19>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Influential women's tech network shuts down unexpectedly (BBC)
Re: Women Who Code shut down today (Rebecca Mercuri)
Re: Women Who Code shut down today (Wendy Grossman)
‘We’re a dead ship’: Hundreds of cargo ships lost propulsion in
U.S. waters in recent years (WashPost)
Tesla Cybertruck turns into world's most expensive brick after
car wash (The Register)
Software upgrade error grounds all Alaska Airlines flights for 1 hour
(Seattle Times)
San Francisco’s Train System Still Uses Floppy Disks -- and Will for Years
(WiReD)
GPT-4 and CVE = exploit (Rik Farrow)
The invisible seafaring industry that keeps the Internet afloat (The Verge)
Microsoft’s VASA-1 can deepfake a person with one photo and one audio track
(Ars Technica)
Hospital prices for the same emergency care vary up to 16-fold,
a study finds (ArsTechnica)
Chirp mandates open-door policy -- in a bad way (Krebs)
Netflix doc accused of using AI to manipulate true crime story (ArsTechnica)
China orders Apple to remove Meta apps after “inflammatory” posts about
president (ArsTechnica)
Roku forcing 2-factor authentication after 2 breaches of 600K accounts
(ArsTechnica)
The GMO tooth microbe that is supposed to prevent cavities (Undark)
Virginia to become first state to allow online-only local nesw sites to
publish legal notices (ARLnow)
Amazon is filled with garbage ebooks. Here’s how they get made. (Esquire)\\
Re: Palo Alto Zero Exploit (Martin Ward)
Re: AI chatbots spread falsehoods about the EU elections (Martin Ward)
Re: U.S. Air Force confirms first successful AI dogfight
(Turgut Kalfaoglu)
Re: Wrong button clicked, wrong divorce cannot be undone (Henry Baker)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Fri, 19 Apr 2024 15:38:32 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Influential women's tech network shuts down unexpectedly (BBC)
https://www.bbc.com/news/articles/cw0769446nyo
Women Who Code (WWC), a charity that supports women who work in the
technology sector, has announced it is shutting down because of a lack of
funding.
The U.S.-based organisation says it had 360,000 people in its community,
across 145 countries.
[The risks to many women who code around the world could be considerable.
Are there any former members who are also RISKS readers who can share the
back stories? To me this seems like a terrible loss -- even if there was
management malpractice. The Atlanta Journal-Constitution in today's
article by Mirtha Donastorg suggests that WWC had millions of dollars.
However, this is the WWC statement quoted in the AJ-C on 19 Apr 202, the
day of the shut down:
``This decision has not been made lightly. It only comes after careful
consideration of all options and is due to factors that have materially
impacted our funding sources -- funds that were critical to continuing
our programming and delivering on our mission,'' the organization said
in a statement. It did not detail what factors impacted its finances.
PGN]
------------------------------
Date: Sun, 21 Apr 2024 18:58:13 -0400
From: "DrM: Rebecca Mercuri" <notable@mindspring.com>
Subject: Re: Women Who Code shut down today (RISKS-34.19)
I am not a member or supporter of either Women Who Code or Girls Who Code
(separate non-profits that both started in 2011), but have been aware of the
existence of these two groups. Certainly, it is important for women and
girls to feel comfortable learning how to code, and to be able to find work
and equal pay in coding-related fields. Unfortunately, I feel that neither
group has/had successfully addressed the problems of bias and harassment
against girls and women who code.
What has long been needed for all in the computing fields, is to learn how
to work side-by-side with people of all genders, where mutual respect and
acknowledgment of everyone's contributions are encouraged and
nurtured. Splitting into same-sex support groups has not and does not create
healthy, safe, and fair workplaces. It is possible that these same-sex
non-profits may have inadvertently reinforced the stereotype of "lesser than
or different" while not appropriately addressing the very real biases and
affronts that women and girls and others continue to battle in schools and
the workplace.
While belated and often posthumous recognitions of female coders
occasionally occurs, such as for the Women of the ENIAC and Grace Murray
Hopper, extreme bias in prizes continues to be blatant and overlooked. A
very visible example of gender bias is exemplified by the Association of
Computing Machinery's Turing Award. Over the 58 years of its issuance, there
have only been 3 women, as compared to 74 men, given this esteemed prize.
The last woman received her Turing in 2012. Since Google endowed it in 2014
with $1,000,000.00 for each award, precisely ZERO women have been selected
for the honor. It is utterly appalling that Turing himself (wrongly
convicted by the British government of sexual indecency, submitted to
chemical castration, and possibly murdered) continues to be exploited with
this highly biased award being presented annually, often to coders, in his
name, without his permission. THIS NEEDS TO STOP.
In conclusion, we must see that new and better support groups are created
that will expose and expunge wrongs and biases in workplaces, schools,
governments, professional organizations, non-profits, and other entities
that make decisions and set policies based on antiquated ideas of genders
and sexualities. Those who code should help to create a level playing field,
where all people can find ways to work together with egalitarianism and
mutual respect.
Rebecca Mercuri, PhD
[Rebecca should be well-known to long-time RISKS readers. It was her
thesis at Penn a quarter-century ago that broke open how to overcome
voting machines with no audit trails and no possible remediation of
questionable results:
<http://www.notablesoftware.com/Papers/mercuri-thesis.pdf>
PGN]
------------------------------
Date: Sun, 21 Apr 2024 16:36:03 +0100
From: "Wendy M. Grossman" <wendyg@pelicancrossing.net>
Subject: Re: Women Who Code shut down today (RISKS-34.19)
I remember in 1998 attending an event in 1998 at which ACM had a session on
the incredible(?) "shrinking pipeline", which had studied the reasons women
were leaving computing.
The choices included image (geeks), the hours (medicine was seen as
eventually getting better, but computing not), etc. Not included, but widely
written in: "sexual harassment".
Soon after I had dinner with a woman who sold large computer systems. I told
her about the survey. She immediately said: "Did they mention sexual
harassment?"
I know I wrote about it somewhere, but can't locate where.
------------------------------
Date: Wed, 17 Apr 2024 02:07:23 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: ‘We’re a dead ship’: Hundreds of cargo ships lost propulsion in
U.S. waters in recent years (WashPost)
A *WashPost* examination found that losses of engine power, part of what the
Dali experienced when it crashed into the Key Bridge in Baltimore, are not
uncommon.
https://www.washingtonpost.com/investigations/2024/04/16/dead-ships-propulsion-loss/
[Preventive maintenance seems to be less frequent here, in aviation, and
perhaps even in driverless cars -- although that has other problems, such
as a lack of trustworthiness in design and implementation. PGN]
------------------------------
Date: Sat, 20 Apr 2024 14:18:56 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Tesla Cybertruck turns into world's most expensive brick after
car wash (The Register)
https://www.theregister.com/2024/04/20/cybertruck_car_wash_mode/
------------------------------
Date: Wed, 17 Apr 2024 12:12:01 -0700
From: Rob Wilcox <robwilcoxjr@gmail.com>
Subject: Software upgrade error grounds all Alaska Airlines flights for 1
hour (Seattle Times)
Alaska Airlines briefly grounded all flights after an error was found in a
software upgrade calculating the plane mass and balance. "Alaska said it had
experienced an issue 'while performing an upgrade to the system that
calculates our weight and balance.'"
The airline had a similar problem in February 2023. In that case:
"To determine the thrust and speed settings for takeoff, Alaska’s pilots
and others use a performance calculation tool supplied by a Swedish
company called DynamicSource.
It delivers a message to the cockpit with crucial weight and balance data,
including how many people are on board, the jet’s empty and gross weight
and the position of its center of gravity.
In a cockpit check before takeoff, this data is entered into the flight
computer to determine how much thrust the engines will provide and at what
speed the jet will be ready to lift off."
https://www.seattletimes.com/business/boeing-aerospace/all-alaska-airline-flights-grounded/
------------------------------
Date: Mon, 15 Apr 2024 11:50:43 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: San Francisco’s Train System Still Uses Floppy Disks --
and Will for Years (WiReD)
Three 5.25-inch floppy disks help keep Muni running every morning. A tech
upgrade could take until 2030.
https://www.wired.com/story/san-francisco-muni-trains-floppy-disks/
------------------------------
Date: Sun, 21 Apr 2024 16:20:54 -0700
From: Rik Farrow <rik@rikfarrow.com>
Subject: GPT-4 and CVE = exploit
Interesting, a bit surprising, but still:
https://www.theregister.com/2024/04/17/gpt4_can_exploit_real_vulnerabilities/
OpenAI's GPT-4 large language model (LLM) can autonomously exploit
vulnerabilities in real-world systems if given a CVE advisory describing
the flaw.
[... if GPT-4 handles the CVE correctly and the CVE is adequately defined,
which is usually totally unassured. Thus, the claim seems highly
overblown. I think this claim is very suspect and over-hyped. PGN]
------------------------------
Date: Sat, 20 Apr 2024 08:10:11 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: The invisible seafaring industry that keeps the Internet afloat
(The Verge)
[Long article PGN-ed]
The global Internet relies on 800,000 miles of undersea cables that are
constantly breaking. This is the story of the 22 aging ships that fix them.
The world’s emails, TikToks, classified memos, bank transfers, satellite
surveillance, and FaceTime calls travel on cables that are about as thin as
a garden hose. There are about 800,000 miles of these skinny tubes
crisscrossing the Earth’s oceans, representing nearly 600 different systems,
according to the industry tracking organization TeleGeography. The cables
are buried near shore, but for the vast majority of their length, they just
sit amid the gray ooze and alien creatures of the ocean floor, the hair-thin
strands of glass at their center glowing with lasers encoding the world’s
data.
If, hypothetically, all these cables were to simultaneously break, modern
civilization would cease to function. The financial system would immediately
freeze. Currency trading would stop; stock exchanges would close. Banks and
governments would be unable to move funds between countries because the
Swift and U.S. interbank systems both rely on submarine cables to settle
over $10 trillion in transactions each day. In large swaths of the world,
people would discover their credit cards no longer worked and ATMs would
dispense no cash. As U.S. Federal Reserve staff director Steve Malphrus said
at a 2009 cable security conference, “When communications networks go down,
the financial services sector does not grind to a halt. It snaps to a halt.”
Corporations would lose the ability to coordinate overseas manufacturing and
logistics. Seemingly local institutions would be paralyzed as outsourced
accounting, personnel, and customer service departments went
dark. Governments, which rely on the same cables as everyone else for the
vast majority of their communications, would be largely cut off from their
overseas outposts and each other. Satellites would not be able to pick up
even half a percent of the traffic. Contemplating the prospect of a mass
cable cut to the UK, then-MP Rishi Sunak concluded, “Short of nuclear or
biological warfare, it is difficult to think of a threat that could be more
justifiably described as existential.”
Fortunately, there is enough redundancy in the world’s cables to make it
nearly impossible for a well-connected country to be cut off, but cable
breaks do happen. On average, they happen every other day, about 200 times a
year. The reason websites continue to load, bank transfers go through, and
civilization persists is because of the thousand or so people living aboard
20-some ships stationed around the world, who race to fix each cable as soon
as it breaks.
https://www.theverge.com/c/24070570/internet-cables-undersea-deep-repair-ships
------------------------------
Date: Sat, 20 Apr 2024 14:38:44 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Microsoft’s VASA-1 can deepfake a person with one photo and one
audio track (Ars Technica)
YouTube videos of 6K celebrities helped train AI model to animate photos in
real time.
On Tuesday, Microsoft Research Asia unveiled VASA-1, an AI model that can
create a synchronized animated video of a person talking or singing from a
single photo and an existing audio track. In the future, it could power
virtual avatars that render locally and don't require video feeds—or allow
anyone with similar tools to take a photo of a person found online and make
them appear to say whatever they want.
https://arstechnica.com/information-technology/2024/04/microsofts-vasa-1-can-deepfake-a-person-with-one-photo-and-one-audio-track/
------------------------------
Date: Sat, 20 Apr 2024 14:41:23 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Hospital prices for the same emergency care vary up to 16-fold,
a study finds (ArsTechnica)
Hospitals' *trauma activation fees* are unregulated and extremely variable.
Since 2021, federal law has required hospitals to publicly post their
prices, allowing Americans to easily anticipate costs and shop around for
affordable care -- as they would for any other marketed service or product.
But hospitals have mostly failed miserably at complying with the law.
A 2023 KFF analysis on compliance found that the pricing information
hospitals provided is ``messy, inconsistent, and confusing, making it
challenging, if not impossible, for patients or researchers to use them for
their intended purpose.'' A February 2024 report from the nonprofit
organization Patient Rights Advocate found that only 35 percent of 2,000 US
hospitals surveyed were in full compliance with the 2021 rule.
But even if hospitals dramatically improved their price transparency, it
likely wouldn't help when patients need emergency trauma care. After an
unexpected, major injury, people are sent to the closest hospital and aren't
likely to be shopping around for the best price from the back of an
ambulance. If they did, though, they might also need to be treated for
shock.
According to a study published Wednesday in JAMA Surgery, hospitals around
the country charge wildly different prices for trauma care. Prices for the
same care can be up to 16-fold different between hospitals, and cash prices
are sometimes significantly cheaper than the negotiated prices that
insurance companies pay.
https://arstechnica.com/science/2024/04/hospital-prices-for-the-same-emergency-care-vary-up-to-16x-study-finds/
------------------------------
Date: Mon, 15 Apr 2024 21:12:20 -0400
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: Chirp mandates open-door policy -- in a bad way (Krebs)
[This has been known since Mar 2021.]
If you have a Chirp lock, someone else could have already been home by now.
https://krebsonsecurity.com/2024/04/crickets-from-chirp-systems-in-smart-lock-key-leak/
------------------------------
Date: Sat, 20 Apr 2024 14:37:24 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Netflix doc accused of using AI to manipulate true crime story
(ArsTechnica)
Producer remained vague about whether AI was used to edit photos.
An executive producer of the Netflix hit *What Jennifer Did* has responded
to accusations that the true crime documentary used AI images when depicting
Jennifer Pan, a woman currently imprisoned in Canada for orchestrating a
murder-for-hire scheme targeting her parents.
*What Jennifer Did* shot to the top spot in Netflix's global top 10 when it
debuted in early April, attracting swarms of true crime fans who wanted to
know more about why Pan paid hitmen $10,000 to murder her parents. But
quickly the documentary became a source of controversy, as fans started
noticing glaring flaws in images used in the movie, from weirdly mismatched
earrings to her nose appearing to lack nostrils, the Daily Mail reported, in
a post showing a plethora of examples of images from the film.
https://arstechnica.com/tech-policy/2024/04/netflix-doc-accused-of-using-ai-to-manipulate-true-crime-story/
------------------------------
Date: Sat, 20 Apr 2024 14:32:42 -0400
From: Monty Solomon <monty@roscom.com>
Subject: China orders Apple to remove Meta apps after “inflammatory” posts
about president (ArsTechnica)
Apple said it complied with orders from the Chinese government to remove the
Meta-owned WhatsApp and Threads from its App Store in China. Apple also
removed Telegram and Signal from China.
https://arstechnica.com/tech-policy/2024/04/china-orders-apple-to-remove-meta-apps-after-inflammatory-posts-about-president/
[The NYTimes has a similar story on the front page of today's National
Edition Business section. PGN]
------------------------------
Date: Sat, 20 Apr 2024 14:31:37 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Roku forcing 2-factor authentication after 2 breaches of 600K
accounts (ArsTechnica)
Accounts with stored payment information went for as little as $0.50 each.
Everyone with a Roku TV or streaming device will eventually be forced to
enable two-factor authentication after the company disclosed two separate
incidents in which roughly 600,000 customers had their accounts accessed
through credential stuffing.
Credential stuffing is an attack in which usernames and passwords exposed in
one leak are tried out against other accounts, typically using automated
scripts. When people reuse usernames and passwords across services or make
small, easily intuited changes between them, actors can gain access to
accounts with even more identifying information and access.
https://arstechnica.com/security/2024/04/roku-forcing-2-factor-authentication-after-breach-of-600k-accounts/
------------------------------
Date: Sat, 20 Apr 2024 14:28:18 -0400
From: Monty Solomon <monty@roscom.com>
Subject: The GMO tooth microbe that is supposed to prevent cavities
(Undark)
Christina Szalinski, Undark Magazine, 29 Apr 2024
Some experts have concerns over the safety of the genetically modified
bacteria.
https://arstechnica.com/health/2024/04/the-gmo-tooth-microbe-that-is-supposed-to-prevent-cavities/
------------------------------
Date: Mon, 22 Apr 2024 09:16:09 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Virginia to become first state to allow online-only local news
sites to publish legal notices (
https://www.arlnow.com/2024/04/05/virginia-to-become-first-state-to-allow-online-only-local-news-sites-to-publish-legal-notices/
------------------------------
Date: Sun, 21 Apr 2024 08:07:59 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Amazon is filled with garbage ebooks. Here’s how they get made.
(Esquire)
How AI Publishing Academy works.
https://www.esquire.com/entertainment/books/a45751827/make-a-living-as-a-writer/
It’s so difficult for most authors to make a living from their writing that
we sometimes lose track of how much money there is to be made from books, if
only we could save costs on the laborious, time-consuming process of writing
them.
The Internet, though, has always been a safe harbor for those with plans to
innovate that pesky writing part out of the actual book publishing. On the
Internet, it’s possible to copy text from one platform
<https://www.poetryfoundation.org/harriet-books/2010/04/retyping-an-entire-book-is-one-thing-cutting-pasting-an-entire-book-is-another>
and paste it into another seamlessly, to share text files
<https://bookriot.com/how-easy-is-it-to-pirate-books/>, to build vast
databases of stolen books
<https://www.theatlantic.com/technology/archive/2023/08/books3-ai-meta-llama-pirated-books/675063/>.
If you wanted to design a place specifically to pirate and sleazily monetize
books, it would be hard to do better than the Internet as it has long
existed.
Now, generative AI has made it possible to create cover images, outlines,
and even text at the click of a button.
https://www.vox.com/culture/24128560/amazon-trash-ebooks-mikkelsen-twins-ai-publishing-academy-scam
------------------------------
Date: Sat, 20 Apr 2024 10:34:32 +0100
From: Martin Ward <mwardgkc@gmail.com>
Subject: Re: Palo Alto Zero Exploit (Ward/Kilby, RISKS-34.18)
The answer has been known for many decades: for any safety-critical software
you develop the software using formal methods to prove that it is correct.
You implement it in a compiled language that is designed from the start to
have no undefined behavior, to check for and prevent array index overflow
and to handle all memory management. The language is compiled using a
provably correct compiler. And you also have extensive unit and system
tests.
[Martin, Thanks for channeling Edsger Dijkstra. When he was working for
Burroughs long ago, I asked him walking back from lunch one day at a WG2.3
meeting in Santa Cruz what he was teaching the Burroughs programmers about
writing operating systems. He said that if he couldn't get them to write
a simple program on the back of an envelope and prove that it was correct
with respect to its specifications, it was utterly pointless to teach them
anything about operating systems. His wisdom must not be forgotten, along
with that of his colleagues Tony Hoare, Niklaus Wirth, David Parnas, Brian
Randell, and others from that wonderfully seminal era. PGN]
------------------------------
Date: Sat, 20 Apr 2024 10:50:43 +0100
From: Martin Ward <mwardgkc@gmail.com>
Subject: Re: AI chatbots spread falsehoods about the EU elections,
report finds (RISKS-34.17)
Another possibility is that the very wealthy companies who produce these
chatbots have an interest in influencing the outcome of the elections, and
that the factually false information they are spreading may be a feature,
not a bug.
The companies certainly do have QA departments, but maybe the department's
job is to ensure that the correct biases are being promulgated by the
chatbots. Just as Microsoft's QA department was tasked to ensure that
Windows would not work properly with DR-DOS.
Brad Silverberg wrote to Jim Allchin ``DR-DOS has problems running windows
today, and I assume will have more problems in the future.'' Allchin
replied: ``You should make sure it has problems in the future. :-)''
https://www.theregister.com/1999/11/05/how_ms_played_the_incompatibility/
------------------------------
Date: Mon, 22 Apr 2024 12:28:48 +0300
From: =?UTF-8?Q?turgut_kalfao=C4=9Flu?= <turgut@kalfaoglu.com>
Subject: Re: U.S. Air Force confirms first successful AI dogfight
(RISKS-34.18)
> The U.S. Air Force is putting AI in the pilot’s seat.
After the use of drones to kill enemies half way around and thus avoid the
guilt and the possibility of getting the killers arrested and prosecuted,
this is the second bad idea that the Pentagon had.
If a weapon can be used remotely, it can also be hacked remotely.
[Once again, dual-Use rears its head, especially with AI. PGN]
------------------------------
Date: Sat, 20 Apr 2024 00:43:56 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Re: Wrong button clicked, wrong divorce cannot be undone
A real-life 'Azdak' judge !!
Berthold Brecht's play *The Caucasian Chalk Circle* includes a character
named *Azdak* who is an idiot, but who inadvertently becomes a judge in the
middle of political chaos.
Apparently, Brecht's feeling was that a completely *random* judge is fairer
than a judge who judiciously applies the law in a universally biased
fashion.
https://www.litcharts.com/lit/the-caucasian-chalk-circle/act-5-the-chalk-circle
``Azdak removes his judge's gown, stating that it has gotten too hot for
him to wear it any longer -- he signs the elderly couple's divorce papers
and leaves the chambers, inviting all present to join him outside for a
dance. When Shauwa checks the divorce document, he sees that ***Azdak has
divorced the wrong couple*** -- he has divorced Grusha from Jussup rather
than divorcing the elderly couple.''
[Grushan Groulette? Wassup, Jussup? There really needs to be an UNDO
here. Controlled revocation and do-overs are an important part of life
when something goes awry. It's common in banking, credit card fraud,
golf mulligans, and many other areas. Why not here, especially when AI
misuses are rampant. PGN]
------------------------------
Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 34.19
************************
