The RISKS Digest
Volume 27 Issue 81

Saturday, 22nd March 2014

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Turkish Censorship Increases
tkalama
“We'll Eradicate Twitter,'' Turkey's Prime Minister Vows
NPR
Turkey Twitter users flout Erdogan ban on micro-blogging site
Brian Randell
Researchers discover credential-stealing Unix-based server botnet
Antone Gonsalves
Prominent security mailing list Full Disclosure shuts down indefinitely
Lucian Constantin
Snowden: Big revelations to come, reporting them is not a crime
David Rowan
Bloomberg: Adobe Gift of Solar Phone Chargers Prompts U.S. Inquiry
Gabe Goldberg
Pentagon Withholds Internal Report About Flawed $2.7 Billion Intel Program
Paul Saffo
L. Gordon Crovitz: America's Internet Surrender
John F. McMullen
Microsoft Leak and Privacy
Lauren Weinstein
Insider threat dynamics: "Ex-Microsoft employee arrested"
Alex Krutov
Dan Geer's brilliant talk at RSA
Mark Seiden
Integrated Formal Methods, iFM 2014
Diego Latella
Info on RISKS (comp.risks)

Turkish Censorship Increases

tkalama <tkalama1@gmail.com>
Tue, 18 Mar 2014 09:55:47 +0200
  [This is the first of three items on this rapidly unfolding thread.  PGN]

Already having banned close to 40,000 web sites, the religious AKP
government is now taking further steps to increase the internet censorship
in Turkey.

This has been the result of the surfacing of many video and audio recordings
of the top government officials, including the prime minister himself,
taking bribes and laundering money ranging in the millions of dollars and
euros.  In one recording for example, just ahead of the recent police raid
at their prime minister's house, the prime minister's son is heard to talk
to his dad, mentioning that he already got rid of most of the money at home,
having a "mere 30 million euros" left at home to disperse of.

Anxious to prevent voters from learning about the governmental corruption
just ahead of the local elections, the government has hastily passed laws
for easier censoring of the internet.  the new laws will require all service
providers to keep complete records of the activities of all their customers
for at least two years, and will allow the government to block any web site
by just phoning the head of the internet commission that they have set up.

Typically this has so far been done by altering the DNS servers that the
service providers maintain, so that the "objectionable" site was not
reachable.  Many technically-savvy users have soon switched to alternative
DNS servers that provide the real information on such sites.  However, the
new censorship package mentions an IP-based block. In the world where a
single IP can service thousands of web sites, it remains to be seen how they
intend to do this.

So the country slips some more into the dark ages, just so that the
corruption remains hidden.


“We'll Eradicate Twitter,'' Turkey's Prime Minister Vows

Lauren Weinstein <lauren@vortex.com>
Thu, 20 Mar 2014 17:06:54 -0700
  "Reeling from the anonymous release of audio that seems to implicate him
  in a corruption scandal, Turkey's Prime Minister Recep Tayyip Erdogan said
  his country would ban Twitter, no matter what the international community
  says."  http://j.mp/OFTxZA  (NPR / KUNM via NNSquad)

You'll recall he was a guest in Silicon Valley less than a year ago.


Turkey Twitter users flout Erdogan ban on micro-blogging site (The Guardian via David Farber)

"Brian Randell" <Brian.Randell@ncl.ac.uk>
March 21, 2014 at 6:56:38 AM EDT
Turkish users of Twitter—including the country's president—have
flouted a block on the social media platform by using text messaging
services or disguising the location of their computers to continue posting
messages on the site.

Telecom regulators enforced four court orders to restrict access to Twitter
on Thursday night, just hours after the prime minister, Recep Tayyip
Erdogan, vowed to "eradicate" the micro-blogging platform in an election
speech.

The disruption followed previous government threats to clamp down on the
social media in Turkey and caused widespread outrage both inside and outside
of Turkey.  In a first reaction to the ban, Neelie Kroes, vice-president of
the EU commission, tweeted: "The Twitter ban in #Turkey is groundless,
pointless, cowardly. Turkish people and intl community will see this as
censorship. It is."

The hashtag #TwitterisblockedinTurkey quickly rose to the top trending term
globally.

Shortly after the Twitter ban came into effect around midnight, the
micro-blogging company tweeted instructions to users in Turkey on how to
circumvent it using text messaging services in Turkish and English. Turkish
tweeters were quick to share other methods of tiptoeing around the ban,
using "virtual private networks" (VPNs)—which allow Internet users to
connect to the web undetected—or changing the domain name settings on
computers and mobile devices to conceal their geographic whereabouts.

Some large Turkish news websites also published step-by-step instructions on
how to change DNS settings.

On Friday morning, Turkey woke up to lively birdsong: according to the
alternative online news site Zete.com, almost 2.5m tweets—or 17,000
tweets a minute—have been posted from Turkey since the Twitter ban went
into effect, thus setting new records for Twitter use in the country.

"Boss, my bird is still tweeting @RT_Erdogan," posted @Fakir_Bey. "And
yours?"

But it was not just critics of the government who took to Twitter after the
site was closed via a court order.

Ankara mayor Melih Gukcek, famous for his extensive and rather bullish use
of the micro-blogging site, was the first AK party politician to breach the
ban.  "I am able to tweet because my DNS settings allow it. That will
probably be banned tomorrow as well.  I hope that all those who are cursing
and using fake accounts will have learned their lesson," he tweeted, as usual
all in capitals.

The first cabinet member to post a tweet after the ban came into effect was
the deputy prime minister, Bulent Arinc, who informed his 1.34m followers of
an election rally in the city of Manisa. His message was retweeted more than
1,000 times in the first hour, causing much ridicule: "Oh dear, be careful,
Twitter has been banned by the "national will"," replied academic and
journalist Ayse Cavdar. "Don't show up here. Otherwise the "national will"
will close you down, too."

Meanwhile, deputy prime minister Ali Babacan said he expected the ban to be
temporary. "I don't think this will last too long. A mutual solution needs
to be found," Babacan told a local TV channel on Friday.

In a rare act of defiance, the Turkish president, Abdullah Gul, openly
criticised the ban—via his Twitter account. "The shutdown of an entire
social platform is unacceptable," he tweeted. "Besides, as I have said many
times before, it is technically impossible to close down communication
technologies like Twitter entirely. I hope this measure will not last long."

Social media played a major role during last summer's anti-government
protest, prompting Erdogan to call Twitter "a menace to society".

Twitter has also been used to disseminate a series of incriminating audio
recordings revealing massive corruption inside the government.

Many expect more explosive revelations to be made via Twitter in the week
running up to local elections on 30 March. Two weeks ago Erdogan threatened
to ban both Facebook and Twitter, accusing social media users of abusing
these platforms for a "smear campaign" against his government.

http://www.theguardian.com/world/2014/mar/21/turkey-twitter-users-flout-ban-erdogan

Newcastle University, Newcastle upon Tyne, NE1 7RU   +44 191 222 7923
Brian.Randell@ncl.ac.uk  http://www.cs.ncl.ac.uk/people/brian.randell

  [Note: The version Brian sent has since been updated, so this is not the
  current version at the cited URL.  Also, I have trimmed the item just a
  little for RISKS, and eschewed Turkish diacritical marks.  PGN]

    [See also a similar article by Sebnem Arsu and Dan Bilefsky in *The New
    York Times*, 22 Mar 2014, p.6 in the National Edition.  PGN]


Researchers discover credential-stealing Unix-based server botnet (Antone Gonsalves)

Gene Wirchenko <genew@telus.net>
Thu, 20 Mar 2014 13:48:53 -0700
Antone Gonsalves, InfoWorld, 20 Mar 2014
As many as 25,000 servers have been infected simultaneously with backdoor
Trojan used to steal credentials, send out spam, and redirect Web traffic
http://www.infoworld.com/d/security/researchers-discover-credential-stealing-unix-based-server-botnet-238687

opening text:

Cyber criminals are using sophisticated malware in compromising thousands of
Unix-based servers to spew spam and redirect a half million Web users to
malicious content per day, a security firm reported.

Dubbed Operation Windigo, the attack has been ongoing for more than two and
a half years and has compromised as many as 25,000 servers at one time,
anti-virus vendor ESET said Tuesday. Systems infected with the backdoor
Trojan are used in stealing credentials, redirecting Web traffic to
malicious content and sending as many as 35 million spam messages a day.


Prominent security mailing list Full Disclosure shuts down indefinitely (Lucian Constantin)

Gene Wirchenko <genew@telus.net>
Thu, 20 Mar 2014 13:46:42 -0700
Lucian Constantin, InfoWorld, 19 Mar 2014
The administrator says he had enough after a member of the hacker
community tried to pressure him to remove unspecified content
http://www.infoworld.com/d/security/prominent-security-mailing-list-full-disclosure-shuts-down-indefinitely-238710


Snowden: Big revelations to come, reporting them is not a crime (David Rowan)

*Dewayne Hendricks* <dewayne@warpspeed.com>
Tuesday, March 18, 2014
Former leaker encourages companies to enable Web encryption.
David Rowan, Wired.co.uk, 18 Mar 2014
http://arstechnica.com/tech-policy/2014/03/snowden-big-revelations-to-come-reporting-them-is-not-a-crime/

This story originally appeared on Wired UK.

Edward Snowden made a surprise appearance on the TED stage in Vancouver
today—using a Beam telepresence robot from "somewhere in Russia."

Snowden, in his second remote talk in eight days after an appearance at SXSW
Interactive in Texas, urged online businesses to encrypt their websites
immediately. "The biggest thing that an Internet company in America can do
today, right now, without consulting lawyers, to protect users of the
Internet around the world, is to enable Web encryption on every page you
visit," he said. "If you look at a copy of 1984 on Amazon, the NSA can see a
record of that, the Russians, the French can—the world's library is
unencrypted. This is something we need to change, not just for Amazon—all
companies need to move to an encrypted browsing habit by default."

Snowden said the leaks from his document cache would continue. "There are
absolutely more revelations to come," he said. "Some of the most important
[publishing] to be done is yet to come."

He argued against personalizing his own role in leaking the documents to
prompt debate. "Who I am really doesn't matter at all. If I'm the worst
person in the world, you can hate me and move on. What really matters is the
kind of Internet we want, the kind of relationship with society... I
wouldn't use words like hero or traitor. I'm an American and a citizen."

He said he struggled to find a way to leak the intelligence documents in as
responsible a way as he could. "We did a lot of good things in the
intelligence community. But there are also things that go too far...
decisions made in secret without the public's awareness, the public's
consent... When I really came to struggle with these issues, I thought to
myself, how can I do these things in the most responsible way?" That was
through responsible media. "The first amendment of the US constitution
guarantees us a free press—to challenge the government but also to work
together with the government, without putting our national security at
risk. By working with journalists, by putting all of my information to the
American people, we've had a robust debate with a deep investment by the US
government, which is resulting in benefits for everyone." There has been no
evidence "of even a single incident" whereby the leaks have caused harm.

He said the NSA's PRISM program allowed the US government to "deputize
corporate America to do its dirty work for the NSA." "Much of the debate in
the US [about PRISM] is it's just [about collecting] metadata. PRISM is
about content. Even though some of these companies, Yahoo's one, challenged
them in court, they all lost—they weren't tried by an open court but a
secret court. Fifteen federal judges have reviewed these programs and found
them to be lawful, but what they don't tell you is these are secret judges
in secret courts of law." These courts had received 34,000 requests to
access information and turned down just 11, he said. "These aren't the
people we want deciding what the role of corporate America should be." [...]


Bloomberg: Adobe Gift of Solar Phone Chargers Prompts U.S. Inquiry

Gabe Goldberg <gabe@gabegold.com>
Tue, 11 Mar 2014 11:18:48 -0400
Bloomberg, 11 Mar 2014

Someone in Adobe Systems Inc.'s marketing department thought it would be a
good idea to send Pentagon personnel solar chargers for their mobile
phones. The result was a criminal investigation by the U.S. Navy.

To read the entire article, go to http://bloom.bg/1fmHfuR


Pentagon Withholds Internal Report About Flawed $2.7 Billion Intel Program

Paul Saffo <paul@saffo.com>
Wed, 19 Mar 2014 06:53:12 -0700
  [Long item, PGN-pruned for RISKS.]

http://www.foreignpolicy.com/articles/2014/03/18/exclusive_pentagon_withholds_report_2.7_billion_intel_program

Why won't senior officials show Congress evidence of a cheaper,
off-the-shelf alternative to the military's Afghan battlefield needs?

The Army has spent years defending a multibillion-dollar intelligence system
that critics say costs too much and does too little. A new internal report
has found that there's a simple, relatively inexpensive program that could
handle many of the same jobs at a fraction of the cost. For the past eight
months, though, the Pentagon has kept the report hidden away.

Members of Congress have been asking Defense Department officials to send
them the assessment, a copy of which was obtained by Foreign Policy, but the
Pentagon has yet to do so. At issue is the Army's Distributed Common Ground
System, expected to cost nearly $11 billion over 30 years and built by a
consortium of major Beltway contractors, including Raytheon, Northrop
Grumman, Lockheed Martin, and General Dynamics. The system is meant to give
troops on the ground an easy way to collect intelligence about terrorists
and enemy fighters, and then create detailed reports and maps that they can
share with each other to plan and conduct operations. But critics—and
even some troops—have long complained that the system doesn't actually
work. They say it's too slow and hard to use, and that it has left them
searching for alternatives in the war zone.

The system's high cost and technical failings prompted a search for other
options. Palantir Technologies, a fast-growing Silicon Valley firm, told the
Pentagon that its off-the-shelf systems could accomplish most of the same
tasks but cost far less—millions, rather than billions. The Marine Corps,
Special Operations forces, the CIA, and a host of other government agencies
already use it. Army officials, though, said Palantir wasn't up to the
job. Now, a 57-page report by the Pentagon's acquisitions arm basically says
the Army was wrong to dismiss the Palantir system. The study instead gives
Palantir high marks on most of the Army's 20 key requirements for the
intelligence system, including the ability to analyze large amounts of
information, including critical data about terrorist networks and the
locations of explosive devices, and synchronize it in a way that helps
troops on the ground combat their enemies more effectively.

Palantir "can be utilized to partially meet DCGS-A requirements," the report
concludes, using the acronym for the Distributed Common Ground System.

The report is likely to sharpen concerns about the Distributed Common Ground
System, which has been facing mounting criticism on Capitol Hill.  Rep. Jim
Moran (D-Va.), one of many long-time detractors, had asked the Pentagon for
its findings as recently as last month.

"It's a scandal that commercially available, battlefield-proven technology
is ready to go at a fraction of the billions of dollars the Pentagon is
spending to build a similar analysis tool in-house," Moran said in a
statement to FP. "I appreciate [Under Secretary of Defense for Acquisition,
Technology and Logistics] Frank Kendall taking this issue seriously, and
look forward to hopefully resolving it once and for all when the long
overdue report's findings are finally released."

The report, commissioned roughly one year ago, won't deal a fatal blow to
the controversial Army program. But it raises new questions about why the
service is wedded to its own system and why officials have been so quick to
dismiss Palantir's capabilities, especially at a time when the Pentagon's
budget is shrinking and Congress is pressing Defense Department officials to
find ways of saving money.  [...]


L. Gordon Crovitz: America's Internet Surrender

"John F. McMullen" <johnmac13@gmail.com <javascript:;>>
March 19, 2014 at 13:56:12 EDT
  [John McMullen via Dewayne Hendricks via Dave Farber.  I'm on John's list
  for other items, but apparently not for stuff he sends to Dewayne.  PGN]

I agree with the content of the article and, is most often the case,
everything my friend the erudite Esther Dyson says (she's quoted in the
piece).  It seems to me that we must arouse public opinion, most importantly
in the technology and media sectors, and bring pressure to this surrender.
The ITU sanctioning of the cutting off of Internet access by repressive
governments is outrageous—it's one thing to recognize that it exists
(Putin just showed us that it does); it's another thing to legitimize it --
the US cannot be a party to this. —john

OPINION
L. Gordon Crovitz, America's Internet Surrender;
By unilaterally retreating from online oversight, the White House pleased
regimes that want to control the Web.
18 Mar 2014

http://online.wsj.com/news/articles/SB10001424052702303563304579447362610955656

The Internet is often described as a miracle of self-regulation, which is
almost true. The exception is that the United States government has had
ultimate control from the beginning. Washington has used this oversight only
to ensure that the Internet runs efficiently and openly, without political
pressure from any country.

This was the happy state of affairs until last Friday, when the Obama
administration made the surprise announcement it will relinquish its
oversight of the Internet Corporation for Assigned Names and Numbers, or
Icann, which assigns and maintains domain names and Web addresses for the
Internet. Russia, China and other authoritarian governments have already
been working to redesign the Internet more to their liking, and now they
will no doubt leap to fill the power vacuum caused by America's unilateral
retreat.

Why would the U.S. put the open Internet at risk by ceding control over
Icann? Administration officials deny that the move is a sop to critics of
the National Security Agency's global surveillance. But many foreign leaders
have invoked the Edward Snowden leaks as reason to remove U.S.
control—even though surveillance is an entirely separate topic from
Internet governance.

According to the administration's announcement, the Commerce Department
will not renew its agreement with Icann, which dates to 1998. This means,
effective next year, the U.S. will no longer oversee the "root zone file,"
which contains all names and addresses for websites world-wide. If
authoritarian regimes in Russia, China and elsewhere get their way, domains
could be banned and new ones not approved for meddlesome groups such as
Ukrainian-independence organizations or Tibetan human-rights activists.

Until late last week, other countries knew that Washington would use its
control over Icann to block any such censorship. The U.S. has protected
engineers and other nongovernment stakeholders so that they can operate an
open Internet. Authoritarian regimes from Moscow to Damascus have cut off
their own citizens' Internet access, but the regimes have been unable to
undermine general access to the Internet, where no one needs any
government's permission to launch a website. The Obama administration has
now endangered that hallmark of Internet freedom.

The U.S. role in protecting the open Internet is similar to its role
enforcing freedom of the seas. The U.S. has used its power over the Internet
exclusively to protect the interconnected networks from being closed off,
just as the U.S. Navy protects sea lanes. Imagine the alarm if America
suddenly announced that it would no longer patrol the world's oceans.

The Obama administration's move could become a political issue in the U.S.
as people realize the risks to the Internet. And Congress may have the
ability to force the White House to drop its plan: The general counsel of
the Commerce Department opined in 2000 that because there were no imminent
plans to transfer the Icann contract, "we have not devoted the possibly
substantial staff resources that would be necessary to develop a legal
opinion as to whether legislation would be necessary to do so."

Until recently, Icann's biggest controversy was its business practice of
creating many new domains beyond the familiar .com and .org to boost its
revenues. Internet guru Esther Dyson, the founding chairwoman of Icann
(1998-2000), has objected to the imposition of these unnecessary costs on
businesses and individuals. That concern pales beside the new worries raised
by the prospect of Icann leaving Washington's capable hands. "In the end,"
Ms. Dyson told me in an interview this week, "I'd rather pay a spurious tax
to people who want my money than see [Icann] controlled by entities who want
my silence."

Icann has politicized itself in the past year by lobbying to end U.S.
oversight, using the Snowden leaks as a lever. The Icann chief executive,
Fadi Chehade', last fall called for a global Internet conference in April
to be hosted by Brazilian President Dilma Rousseff. Around that time, Ms.
Rousseff, who garnered headlines by canceling a White House state dinner
with President Obama, reportedly to protest NSA surveillance of her and her
countrymen, also denounced U.S. spying in a speech at the United Nations.
Mr. Chehade' said of the speech: "She spoke for all of us that day."

The Obama administration has played into the hands of authoritarian
regimes. In 2011, Vladimir Putin—who, as Russia took over Crimea in recent
days, shut down many online critics and independent media—set a goal of
"international control over the Internet."

In the past few years, Russia and China have used a U.N. agency called the
International Telecommunication Union to challenge the open Internet. They
have lobbied for the ITU to replace Washington as the Icann overseer. They
want the ITU to outlaw anonymity on the Web (to make identifying dissidents
easier) and to add a fee charged to providers when people gain access to
the Web "internationally"—in effect, a tax on U.S.-based sites such as
Google  and Facebook. The unspoken aim is to discourage global Internet
companies from giving everyone equal access.

The Obama administration was caught flat-footed at an ITU conference in 2012
stage-managed by authoritarian governments. Google organized an online
campaign against the ITU, getting three million people to sign a petition
saying that "a free and open world depends on a free and open web." Former
Obama aide Andrew McLaughlin proposed abolishing the ITU, calling it "the
chosen vehicle for regimes for whom the free and open Internet is seen as an
existential threat." Congress unanimously opposed any U.N. control over the
Internet.

But it was too late: By a vote of 89-55, countries in the ITU approved a
new treaty granting authority to governments to close off their citizens'
access to the global Internet. This treaty, which goes into effect next
year, legitimizes censorship of the Web and the blocking of social media.
In effect, a digital Iron Curtain will be imposed, dividing the 425,000
global routes of the Internet into less technically resilient pieces.

The ITU is now a lead candidate to replace the U.S. in overseeing Icann.
The Commerce Department says it doesn't want to transfer responsibility to
the ITU or other governments, but has suggested no alternative. Icann's CEO,
Mr. Chehad=E9, told reporters after the Obama administration's announcement
that U.S. officials are "not saying that they'd exclude governments --
governments are welcome, all governments are welcome."

Ms. Dyson calls U.N. oversight a "fate worse than death" for the Internet.

The alternative to control over the Internet by the U.S. is not the
elimination of any government involvement. It is, rather, the involvement
of many other governments, some authoritarian, at the expense of the U.S.
Unless the White House plan is reversed, Washington will hand the future of
the Web to the majority of countries in the world already on record hoping
to close the open Internet.

Mr. Crovitz, a former publisher of The Wall Street Journal, writes the
weekly Information Age column.

Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>


Microsoft Leak and Privacy

Lauren Weinstein <lauren@vortex.com>
Thu, 20 Mar 2014 21:25:51 -0700
Microsoft Software Leak Inquiry Raises Privacy Issues

  Microsoft accused the former employee of stealing company trade secrets in
  the form of software code for the Windows operating system, and leaking
  the software to a blogger. In an investigation, the company figured out
  who revealed the information by reading the emails and instant messages of
  the blogger on his Microsoft-operated Hotmail and message accounts.
http://j.mp/1ikJROA  (*The New York Times* via NNSquad)

Microsoft Says It Will Tighten Policies for Searching Hotmail, Outlook.com

  Microsoft said late Thursday that it will "evolve" its policies for
  searching through non-employee Hotmail and Outlook.com mail accounts in
  the wake of concern over its practices.  The company has come after fire
  after revelations it searched the account of a blogger to whom company
  information was leaked. http://j.mp/NyXaPU  (Recode via NNSquad)


Insider threat dynamics: "Ex-Microsoft employee arrested"

"Alex Krutov" <alex.krutov@gmail.com>
Fri, 21 Mar 2014 16:56:20 -0400
Microsoft security software for product key validation was part of the
intellectual property allegedly leaked by a Lebanon-based Microsoft employee
to a blogger in France.  The ex-employee was arrested in Seattle this week.

"[He is] also alleged to have stolen Microsoft's 'Activation Server Software
Development Kit,' a propriety system used to prevent the unauthorized
copying of Microsoft programs.  Speaking with the FBI, a Microsoft manager
said the software development kit 'could help a hacker trying to reverse
engineer the code' used to protect against software piracy, according to
charging papers.  Microsoft came to believe Kibkalo encouraged the blogger
to share it online so others could crack protections on Microsoft products,
the FBI agent said in charging papers unsealed Wednesday."
(http://www.seattlepi.com/local/article/Ex-Microsoft-employee-charged-with-passing-5331715.php)

That's in addition to the alleged leak of the Win 8 code.  Here is an
excerpt from a chat between the MSFT employee A. Kibkalo, PhD and the French
blogger (from the FBI report in the federal complaint
http://seattletimes.wpengine.netdna-cdn.com/microsoftpri0/files/2014/03/Kibkalo-complaint.pdf):

Kibkalo: I would leak enterprise today probably

Blogger: Hmm—are you sure you want to do that? lol

Kibkalo: why not?

Blogger: 1st time I speak with a "real" leaker since Zuko era

Kibkalo: Mm—To be honest, in nwin7_rtm and nwin7_sp1 I leaked 250GB :)

MSFT relied on the terms of use to access the content of the blogger's
hotmail account and didn't get a subpoena.


Dan Geer's brilliant talk at RSA

*Mark Seiden* <mis@seiden.com>
Thursday, March 6, 2014
  [via Dave Farber]

http://geer.tinho.net/geer.rsa.28ii14.txt

my favorite quote, so far:

"We know, and have known for some time, that traffic analysis is more
powerful than content analysis.  If I know everything about to whom you
communicate including when, where, with what inter-message latency, in what
order, at what length, and by what protocol, then I know you.  If all I have
is the undated, unaddressed text of your messages, then I am an
archaeologist, not a case officer.  The soothing mendacity of proxies for
the President saying "It's only metadata" relies on the ignorance of the
listener.  Surely no one here is convinced by "It's only metadata" but let
me be clear: you are providing that metadata and, in the evolving definition
of the word "public," there is no fault in its being observed and retained
indefinitely.  Harvard Law professor Jonathan Zittrain famously noted that
if you preferentially use online services that are free, "You are not the
customer, you're the product."  Why?  Because what is observable is
observed, what is observed is sold, and users are always observable, even
when they are anonymous."


Integrated Formal Methods, iFM 2014

Diego Latella <Diego.Latella@isti.cnr.it>
Tue, 18 Mar 2014 11:09:39 +0100
CALL FOR PAPERS [Trimmed for RISKS. PGN]

11th International Conference on integrated Formal Methods, iFM 2014

Co-located with the 11th International Symposium on  Formal Aspects of
Component Software, FACS 2014
September 9—12, 2014, Bertinoro, Italy
http://ifm2014.cs.unibo.it

IMPORTANT DATES
- Abstract Submission: April 17, 2014
- Paper submission: April 25, 2014
- Paper notification: June 6, 2014
- Final version paper: June 27, 2014

OBJECTIVES AND SCOPE Applying formal methods may involve modeling different
aspects of a system which are best expressed using different formalisms.
Correspondingly, different analysis techniques may be used to examine
different system views, different kinds of properties, or simply in order to
cope with the sheer complexity of the system. The iFM conference series
seeks to further research into hybrid approaches to formal modeling and
analysis; i.e., the combination of (formal and semi-formal) methods for
system development, regarding modeling and analysis, and covering all
aspects from language design through verification and analysis techniques to
tools and their integration into software engineering practice.

Areas of interest include but are not limited to:

- Formal and semiformal modeling notations;
- Integration of formal methods into software engineering practice;
- Refinement;
- Theorem proving;
- Tools;
- Logics;
- Model checking;
- Model transformations;
- Semantics;
- Static Analysis;
- Type Systems;
- Verification;
- Case Studies;
- Experience reports

CONFERENCE LOCATION
iFM 2014 is organized by the University of Bologna and will take place at
the Centro Residenziale Universitario in Bertinoro, a small medieval hilltop
town 50km east of Bologna.

INVITED SPEAKERS
iFM 2014 will have the following keynote speakers jointly with FACS 2014:
- Rocco De Nicola (IMT Lucca)
- Sophia Drossopoulou (Imperial College)
- Jean-Bernard Stefani (INRIA)
- Helmut Veith (TU Wien)

WORKSHOPS
There are four workshops on two days, on September 9 and September 12, 2014;
iFM takes place September 9—11, FMCO takes place September 10—12:
- Harnessing Theories for Tool Support in Software (TTSS)
- Logics and Model-checking for Self-* Systems (MOD*)
- Tools and Methods for Cyber-Physical Systems of Systems
- ENVISAGE Contracts for SLAs
Further information is on the web site.

SUBMISSION GUIDELINES [see the website]
https://www.easychair.org/account/signin.cgi?conf=ifm2014

GENERAL CHAIR
- Gianluigi Zavattaro, University of Bologna, Italy

iFM PROGRAMME COMMITTEE CHAIRS:
- Elvira Albert, Complutense University of Madrid, Spain
- Emil Sekerinski, McMaster University, Canada

FMCO and iFM WORKSHOP CHAIR
- Elena Giachino, University of Bologna, Italy

Please report problems with the web pages to the maintainer

x
Top