RISKS Forum mailing list archives

Previous By Date Next
Previous By Thread Next

Risks Digest 22.20

From: RISKS List Owner <risko () csl sri com>
Date: Thu, 22 Aug 2002 14:46:51 PDT
RISKS-LIST: Risks-Forum Digest  Thursday 22 August 2002  Volume 22 : Issue 20

   FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/22.20.html>
and by anonymous ftp at ftp.sri.com, cd risks .

  Contents:
"Homeland Insecurity" (Monty Solomon)
Home overvalued by $200 million affects tax recovery (Fuzzy Gorilla)
103-year-old man told to bring parents for eye test (Arthur Goldstein)
Alleged ID thief arrested in NYC (Monty Solomon)
Your packets know the way to San Jose. (Malcolm Purvis)
Emergency call-center power-supply woes (Dave Stringer-Calvert)
YASST: Yet Another Silly Spam Trick (Rob Slade)
Re: E-mail content filtering ... (Joe Stoy)
E-mail *envelope* filters blocking NDN and DSN (MAtteo HCE Valsasna)
Content based e-mail filtering -- timely example (Betsy Schwartz)
Klez + html login = no security (Leonard Erickson)
Klez: The Virus That  Won't Die (Monty Solomon)
The left hand of the government asketh ... (Rob Slade)
Re: Apple OSX and iDisk and Mail.app (Dave)
REVIEW: "Computers and Ethics in the Cyberage", Hester/Ford (Rob Slade)
SAFECOMP 2002 & ECCE-11 (Massimo Felici)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 14 Aug 2002 10:16:15 -0400
From: Monty Solomon <monty () roscom com>
Subject: "Homeland Insecurity"

Charles C. Mann, a top expert, says America's approach to protecting itself
will only make matters worse.  Forget "foolproof" technology -- we need
systems designed to fail smartly...
 
  To stop the rampant theft of expensive cars, manufacturers in the 1990s
  began to make ignitions very difficult to hot-wire. This reduced the
  likelihood that cars would be stolen from parking lots-but apparently
  contributed to the sudden appearance of a new and more dangerous crime,
  carjacking.

  After a vote against management Vivendi Universal announced earlier this
  year that its electronic shareholder-voting system, which it had adopted
  to tabulate votes efficiently and securely, had been broken into by
  hackers. Because the new system eliminated the old paper ballots,
  recounting the votes-or even independently verifying that the attack had
  occurred-was impossible.

  To help merchants verify and protect the identity of their customers,
  marketing firms and financial institutions have created large computerized
  databases of personal information: Social Security numbers, credit-card
  numbers, telephone numbers, home addresses, and the like. With these
  databases being increasingly interconnected by means of the Internet, they
  have become irresistible targets for criminals. From 1995 to 2000 the
  incidence of identity theft tripled.

http://www.theatlantic.com/issues/2002/09/mann.htm

  [This article is extremely timely, well written, and important for
  RISKS readers.  It also features various insights from Bruce Schneier,
  whom Charles interviewed while researching the article.  PGN]

------------------------------

Date: Mon, 19 Aug 2002 16:20:50 -0700
From: "Fuzzy Gorilla" <fuzzygorilla () euroseek com>
Subject: Home overvalued by $200 million affects tax recovery

In Manhattan, Kansas, a home property valued at $59,500 was inadvertently
changed to $200,059,000, and seriously disrupted the calculation of the
local budgets for the school district, the city, and Riley County --
resulting in a 6.5% overstatement of the value of county property, and a
shortfall in tax revenues of over $2.3 million.  [PGN-ed]
  http://dailynews.yahoo.com/news?u=/ap/20020819/ap_on_fe_st/property_value_2

------------------------------

Date: Fri, 02 Aug 2002 01:14:55 +0000
From: arthur.goldstein () att net
Subject: 103-year-old man told to bring parents for eye test

Another cute medical mix-up (Reuters, 31 Jul 2002):
http://news.excite.com/odd/article/
  id/256255|oddlyenough|07-31-2002::12:22|reuters.html

British pensioner Joseph Dickinson, 103, had a shock when his local hospital
called him in for an eye test and told him to bring his parents.  "I must be
getting younger, in fact much younger," he told his local paper, the
Hartlepool Mail.  He was born in 1899, but because the hospital computer
only read the last two digits it mistook his age as just three years old. ...

------------------------------

Date: Tue, 20 Aug 2002 22:17:56 -0400
From: Monty Solomon <monty () roscom com>
Subject: Alleged ID thief arrested in NYC

A man captured by the US Marshals Service in New York is accused of stealing
the identities of 12 Boston lawyers to buy lavish cars and finance spending
sprees, the agency said yesterday.  Shawn R. Pelley, 26, had evaded
authorities for nearly a year before he was caught after a car chase.  Once
convicted of fraud, he allegedly began an identity-theft scam shortly after
his release from prison last summer.  Using information from a law
directory, he allegedly obtained his victims' birth certificates and credit
reports, opened credit-card accounts, and took bank loans on the stolen IDs.
[Source: Thanassis Cambanis, *The Boston Globe*, 20 Aug 2002; PGN-ed]
  <http://www.boston.com/dailyglobe2/232/metro/Alleged_ID_thief_arrested_in_NYC+.shtml>

------------------------------

Date: Wed, 21 Aug 2002 22:32:00 +1000
From: Malcolm Purvis <malcolmpurvis () optushome com au>
Subject: Your packets know the way to San Jose.

The Southern Cross Cable Network, a significant supplier of bandwidth
between Australia and the US, recently announced a new access point in San
Jose.  The Associated Press release says in part:

  The new San Jose access point is located at Market Post Tower, which
  currently houses the world's most famous Internet peering point, MAE
  West. Virtually all of the network access points and data centers in the
  surrounding San Francisco Bay Area connect to Market Post Tower via
  high-speed local fiber rings. ...  70% of the Internet traffic from the
  Western United States and 40% of the world Internet traffic passes through
  the building that houses the new Southern Cross access point.

I wonder how well the rest of the Internet would cope if something happened
to that building (which has a web site, so you can learn all about it).  I
also see that MAE West is owned by WorldCom.

The press release is at:
  <http://www.southerncrosscables.com/layup_ms19_8_02.htm>

------------------------------

Date: Mon, 19 Aug 2002 21:46:05 -0700
From: Dave Stringer-Calvert <dave_sc () csl sri com>
Subject: Emergency call-center power-supply woes

One of North Yorkshire Police's main telephone switchboards was shut down
for four hours as the result of a serious control-room power-supply problem
in Newby Wiske, Northallerton.  Traffic was redirected to the York control
room, which had considerable congestion due to the reduced total number of
operators.  [Source: Article by Tony Tierney, *Yorkshire Evening Press*, 19
Aug 2002; PGN-ed]

------------------------------

Date: Sun, 4 Aug 2002 14:58:43 -0800
From: Rob Slade <rslade () sprint ca>
Subject: YASST: Yet Another Silly Spam Trick

At the moment I have a hotmail account, rmslade () hotmail com.  It gets a ton
of spam, of course.  Recently, as I was cleaning ou the accumulated sludge
(Hotmail's "junk" settings are pretty useless), I noted a message that
appeared to come from "rmslade."  Now, it isn't unusual for spammers to set
up the mailing so that the messages have a forged "From" line that contains
the same address the message is sent to.  Only in this case, the message was
from rmslade () yahoo com, and that is not an address I own.

Looking at the headers in detail revealed (along with the fact that the
spammer is probably yallddamail.com [65.121.131.5] [Qwest Communications])
that the actual address used is $user () yahoo com.

Now, as I said, spammers spoof addresses all the time.  But does Hotmail
have to enable such a transparent means of allowing it?

rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade

------------------------------

Date: Mon, 29 Jul 2002 10:32:34 -0400
From: Joe Stoy <stoy () sandburst com>
Subject: Re: E-mail content filtering ... (Miller, RISKS-22.16)

My favourite story along these lines is about the two German musicologists
who were having a learned discussion by e-mail about Bach's B Minor Mass,
until both simultaneously came to the conclusion that the other side was
losing interest towards the end of the Gloria.  But it turned out that their
e-mail system was simply refusing to let through any mention by name of the
magnificent fugue at the end of that section.

------------------------------

Date: Mon, 29 Jul 2002 16:24:00 +0200 (CEST)
From: MAtteo HCE Valsasna <valsasna () uninsubria it>
Subject: E-mail *envelope* filters blocking NDN and DSN

Many RISKS readers have already reported about RISKs associated with e-mail
filters based on the contents. But serious service RISKs are also associated
to envelope-based filters, i.e., filters based on the sender (or recipient)
used in SMTP transactions (in contrast with those present in the e-mail
headers).

Many SMTP servers have started fitering e-mail with an empty envelope sender,
their administrators claiming they can block a lot of spam that way. This is
in clear contrast with RFC [rfc1123, see quote below].

A reason for this is that an empty envelope sender must be used with NDN
(Non Delivery Notification) and DSN (Delivery status notification) messages,
which are used to inform the sender that his message couldn't be delivered
to the recipient, or to confirm to the sender the delivery or the reading of
a message [rfc1891, see quote below].

Filtering those messages could mean that, under certain conditions, a
delivery confirmation could fail to reach the sender, or, much worse, a
non-delivery notification could never reach the sender.

When empty reverse path filtering is applied at the SMTP server receiving
messages for the user's address, NDN and DSN messages originated at other
servers will be rejected. This can happen for example if the user uses a
different SMTP server to send her messages, if the SMTP server that receives
a message does not reject it immediately, but rather accepts it and later
generates a negative DSN message to inform the reader of the missed
delivery, and also happens for DSN messages generated at a different domain
than the sender's.

SPMT gives no guarantees about the delivery of a message, but makes any
possible effort to inform the sender that a message could not be delivered
(also these efforts are not generally guaranteed to succeed).  Filtering
messages with an empty envelope sender risks to render these attempts
useless.

Users have got accustomed to receive a negative confirmation (NDN) when they
send a message that will never reach the recipient, so they may trust that a
message for which they received no NDN has actually been delivered (a
classical problem of double-negative logic). Filtering empty reverse path
messages will void this trust, leaving the sender with the impression that
his message has reached someone. The RISKs associated with this false
assumption are obvious.

The assumption is actually false basing on SMTP's absence of guarantees, not
on the improper loss of NDN messages due to empty smtp sender filtering, but
users do not read manuals, they look at how the service actually works and
build their assumptions accordingly.

Another general-purpose RISK (assuming that a system that usually works will
*always* work).

MAtteo HCE Valsasna - Network & Linux Administrator
Centro SIC - Univ. degli Studi dell'Insubria

http://www.faqs.org/rfcs/rfc1123.html (Requirements for Internet Hosts
-- Application and Support)

 5.2.9  Command Syntax: RFC-821 Section 4.1.2

         The syntax shown in RFC-821 for the MAIL FROM: command omits
         the case of an empty path:  "MAIL FROM: <>" (see RFC-821 Page
         15).  An empty reverse path MUST be supported.

http://www.faqs.org/rfcs/rfc1891.html (SMTP Service Extension for
                   Delivery Status Notifications)

7.1 SMTP Envelope to be used with delivery status notifications

   The DSN sender address (in the SMTP MAIL command) MUST be a null
   reverse-path ("<>"), as required by section 5.3.3 of [9].  The DSN
   recipient address (in the RCPT command) is copied from the MAIL
   command which accompanied the message for which the DSN is being
   issued.  [...]

------------------------------

Date: Sun, 11 Aug 2002 12:59:17 -0400
From: Betsy Schwartz <betsys () pobox com>
Subject: Content based e-mail filtering -- timely example

Another problem is that it's impossible for any one sysadmin to know, for a 
given string, whether it's a legitimate word or name in some contexts.

I've had several people say to me recently: "but, what legitimate e-mail 
could possibly contain the word 'klez' "?  Well, I am a big fan of klezmer 
music and there will be some sad wedding parties if "klez" is filtered out! 
See http://www.klezmershack.com 

  [And this will undoubtedly get THIS issue filtered for some readers.  PGN]

------------------------------

Date: Tue, 20 Aug 2002 03:12:14 PST
From: shadow () krypton rain com (Leonard Erickson)
Subject: Klez + html login = no security

I mostly use a DOS based mail reader program, so I often get MIME
encoded mail or other mail that may or may not have viral payloads (or
just typical Microsoft "everyone uses our mailer" dreck).

I move the messages to a directory to be checked out later. 

Today I was going thru the message that'd piled up there over the last
couple of weeks. And I was looking at the other files included in Klez
infected messages.

One was a file that had "login" as part of the name, and no extension.  A
quick check with LIST showed it to be an HTML file. Out of curiosity, I
added an HTML extension, and looked at it on a Windows system.

I found myself on a website for a company I won't name. With the username
and password having just been entered on a login screen!

A password that seems to still be valid.

I found a "technical problems" email address on the web site and mailed the
contact the info about the problem. And I deleted the file.

But whatever program created this login "file" (I think html had embedded
Javascript) is *really* a bad idea to have in this world that has viruses
that email random files from infected systems to the world.

Anybody care to bet that my report to the company gets ignored?

Leonard Erickson (aka shadow{G})  shadow () krypton rain com      

------------------------------

Date: Thu, 22 Aug 2002 09:15:25 -0400
From: Monty Solomon <monty () roscom com>
Subject: Klez: The Virus That  Won't Die

Already the most prolific virus ever, Klez continues to wreak havoc.
By Andrew Brandt, Sep 2002 issue of *PC World* magazine, 1 Aug 2002

The Klez worm is approaching its seventh month of wriggling across the Web,
making it one of the most persistent viruses ever. And experts warn that it
may be a harbinger of new viruses that use a combination of pernicious
approaches to go from PC to PC.

Antivirus software makers Symantec and McAfee both report more than 2000 new
infections daily, with no sign of let-up at press time. The British security
firm MessageLabs estimates that 1 in every 300 e-mail messages holds a
variation of the Klez virus, and says that Klez has already surpassed last
summer's SirCam as the most prolific virus ever.

And some newer Klez variants aren't merely nuisances--they can carry 
other viruses in them that corrupt your data.  ...
  http://www.pcworld.com/news/article/0,aid,103259,00.asp

------------------------------

Date: Thu, 1 Aug 2002 08:34:19 -0800
From: Rob Slade <rslade () sprint ca>
Subject: The left hand of the government asketh ...

Despite the reports being a day apart, the following two stories appeared
next to each other in last evening's Edupage from EDUCAUSE.  EDUCAUSE made
no comment on the juxtaposition.  However, I suspect that pretty much anyone
can see the cause for concern here.  Poorly thought out "quick fix"
legislative solutions, such as the DMCA, can definitely be much more trouble
than they are worth.

------- Forwarded message follows -------

Date sent:             Wed, 31 Jul 2002 17:43:42 -0600
From:                  EDUCAUSE () EDUCAUSE EDU
Subject:               Edupage, July 31, 2002


[...]
TOP STORIES FOR WEDNESDAY, JULY 31, 2002
  Clarke Urges Hackers to Find and Report Bugs
  H-P Uses DMCA Against Bug Finders

[...]
CLARKE URGES HACKERS TO FIND AND REPORT BUGS
Richard Clarke, the cybersecurity advisor to President Bush, told
attendees of the Black Hat conference in Las Vegas that they should
find and report software bugs that compromise computer security. [...]
Associated Press, 31 July 2002
http://www.nandotimes.com/technology/story/484376p-3867743c.html

H-P USES DMCA AGAINST BUG FINDERS
In an apparent first, Hewlett-Packard has invoked the controversial
Digital Millennium Copyright Act (DMCA) to stop researchers from
releasing information about software bugs. [...] But H-P sent
a letter to SnoSoft, a group of researchers, saying that the group
faces fines of $500,000 and jail time for releasing information about a
bug in an H-P Unix application. SnoSoft said that they notified H-P of
the flaw early enough that a patch should have been available before
public disclosure of the bug. [...]
CNET, 30 July 2002
http://news.com.com/2100-1023-947325.html

[...]
EDUPAGE INFORMATION

To subscribe, unsubscribe, or change your settings, visit
http://www.educause.edu/pub/edupage/edupage.html

------------------------------

Date: Sat, 27 Jul 2002 21:08:50 -0400
From: Dave <davew1 () mac com>
Subject: Re: Apple OSX and iDisk and Mail.app

from Volume 22 : Issue 18:

Net effect: your iDisk password is transmitted in the clear without
your awareness, albeit as a mail password.
Problems:

...

- mac.com's mail password is *always* identical to iDisk password


Yes, by definition. mac.com mail and iDisk are part of iTools (now ".Mac")
which uses a single account/password to access all of its services.


- OSX's "do what I mean" friendliness saves passwords without knowledge


Users enter their iTools info in the Internet preferences panel which
states: "Enter your member name and password. This information is used to
access iTools, including your iDisk and your e-mail account."  Hard to
misinterpret that.


then connects to mac.com which *does not* support any method of
encrypted password transmission.


That's the real problem which Apple will correct quickly (right guys?)

------------------------------

Date: Tue, 20 Aug 2002 15:12:27 -0800
From: Rob Slade <rslade () sprint ca>
Subject: REVIEW: "Computers and Ethics in the Cyberage", Hester/Ford

BKCMETCB.RVW   20020606

"Computers and Ethics in the Cyberage", D. Micah Hester/Paul J. Ford,
2001, 0-13-082978-1, U$41.00
%A   D. Micah Hester
%A   Paul J. Ford
%C   Scarborough, Ontario
%D   2001
%G   0-13-082978-1
%I   Prentice Hall
%O   U$41.00 800-576-3800 416-293-3621 fax: 201-236-7131
%P   498 p.
%T   "Computers and Ethics in the Cyberage"

This volume is a collection of essays, arranged in a rather complex fashion.
There are parts, subdivided into chapters, with each chapter containing
about four papers.  It isn't necessarily difficult to find the theme running
through each set of papers, but neither does the conjunction of ideas
support the individual discussions.

The preface, interestingly, states that the book provides no general
introduction to ethics.  There are also lists of alternative orderings and
selections of the papers included in the volume, suggested to address
additional topics.

Part one is an introduction to technology, computers, and values which last
is rather in contradiction to the assertion that the work contains no such
introduction.  In any case, there is no introduction to values.  The essays
in chapter one look at how the machine affects personality (a poetic but
unconvincing piece), a review of various (both positive and negative but
primarily religious) views of technology, opinions on technology and moral
responsibility, and the ethical problems presumed to be unique to computers.
Chapter two views computer technology as value-laden.  The first paper
insists that computers should be improved by the addition of abilities for
responding to simple requests in natural language, apparently implying that
the search for the "user-friendly" chimera has an ethical driver.  (A common
desire, but one that flies in the face of user-interface research that
indicates people are, in fact, unable to frame requests accurately even in
natural language.)  Others assert that computers fail to distinguish between
numbers and data (and between information and reason), that work with
Boolean algebra molds the thinking process, and that computers are fun
because they are magic.

Part two purports to review computers and quality of life.  Chapter three
looks at technology and relations with other people.  One paper points out
that the attitude of the Amish towards the telephone is supportive of
community living, but admits that the example has almost no relation to
other technology.  Others discuss various things you can do online, how much
Howard Rheingold likes the WELL service, and that John Perry Barlow doesn't
know whether community actually exists (online or in real life).  Computer
and individuality is addressed, in chapter four, with an unsupported
assertion that technology has some normative value, wild speculation on
implantable brain chips, a fictional short story about artificial
personality, and vague thoughts about the anthropomorphizing effect of the
changing language with regard to computers.  A look at computers in
developing nations assumes that the purpose of computer use is control,
asserts (but does not support) the idea that western (and therefore somehow
"authoritative") computers are unsuited to Africa (the entire continent is
assumed to have unreliable data), that information technology can help in
Latin America but there are problems, presents random memories of email use
in Jamaica, and asserts, in chapter five, that transferring technology to
the third world can create problems.

Part three concentrates on the uses, abuses (and maybe consequences) of
technology.  Chapter six looks at professionals and ethics, with various
views of whether professions have special obligations (and a final decision
that computing is not a profession), scenarios emphasizing conflicting
loyalties, and some factors that might help reduce computer misuse.
Freedom, privacy and control is the topic of chapter seven, discussing
problems with direct democracy, reprinting a political speech nominally
about privacy, and attempting to determine a definition and some
characteristics of privacy.  A review of intellectual property ownership and
piracy has an interesting examination of the differences in attitudes to
copyright between western (stressing ownership and roles) and Asian
(emphasizing social benefits and outcomes) cultures, as well as a student
survey, a statement that the arguments in favour of copyright are at best
unproven, and an opinion promoting copy protection cracking and the
distribution of "cracked" commercial programs (with the usual lack of logic
and writing skills).  (Despite this last essay, chapter eight is possibly
the best in the book.)  Chapter nine has some sensationalistic material on
hacking (and a very poor introduction to viruses) with no real conclusions,
a hacker "manifesto," a strong (but no perfect) analysis deciding that
computer intrusions cannot be held to be "victimless," an interview with a
self-styled "hacker" (as self- serving as most such), and a weak examination
of the Morris Worm.

Part four seems to assume that it is moving into more advanced or futuristic
technologies, although the discussions don't change much.  Chapter ten has
another fictional short story implying that computers are false gods, a
replay of "What Computers Can't Do," and a vague wondering about the
definition of life.  One essay, very much in contradiction to the thesis of
Rosalind Picard's excellent "Affective Computing" (cf. BKAFFCMP.RVW)
maintains that a computer which is "superior in every way" (to us) must be a
"monster," and assumes that artificial intelligence will be devoid of
compassion.  (Even if one does accept that intelligence must be emotionless,
there is no mention of the fact that such a system would also lack cruelty.)
The overview of virtual reality (VR) has an interesting examination of the
health and safety effects (limited) and benefits of the technology, and two
assertions of the need for a VR ethic, in chapter eleven.  In chapter
twelve, Al Gore sells the GII (Global Information Infrastructure), we are
told that there is pornography on the Internet, Dibbell's classic "Rape in
Cyberspace" is reprinted, and an article on cyberstalking seems to void its
premise by repeatedly demonstrating that most of the activities take place
in the real world, not the net.

Many of the papers in this collection are lifted wholesale from their
origin.  Although ellipses seem to indicate that material has been cut in a
number of places, there are still some very odd references to other papers
or presentations no longer "present," and even comments directed at people
who are no longer in the audience.

Much of this material is quite seriously flawed by a lack, on the part of
the authors, of a technical background.  This is not to say that
non-technical people cannot comment on the social aspects of technology, nor
that discussions of technical ethics could not benefit from the input of
philosophers, ethicists, sociologists, and the like.  However, many of the
speculations bear little relationship to technical reality, and therefore
the arguments and decisions are invalid.

Overall, there is a lack of direction to the work.  In the end, it gives an
impression of a vague complaint that computers aren't moral, and aren't
taking the burden of ethical decisions away from mankind.  Personally, I
find this position not only unhelpful, but extremely odd.

copyright Robert M. Slade, 2002   BKCMETCB.RVW   20020606
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade

------------------------------

Date: Tue, 20 Aug 2002 18:30:11 +0100
From: Massimo Felici <massimo.felici () ed ac uk>
Subject: SAFECOMP 2002 & ECCE-11

  SAFECOMP 2002
  The 21st International Conference on
  Computer Safety, Reliability and Security
  Catania, Italy, 10-13 September 2002, Catania, Italy
  http://www.safecomp.org/
  contact safecomp2002 () safecomp org

Co-located and Coordinated with
  ECCE 11 - Cognition, Culture and Design 
  Eleventh European Conference on Cognitive Ergonomics 
  Catania, Italy, 8-11 September 2002
  http://www.ecce.info/

------------------------------

Date: 29 Mar 2002 (LAST-MODIFIED)
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  Alternatively, via majordomo,
 send e-mail requests to <risks-request () csl sri com> with one-line body
   subscribe [OR unsubscribe]
 which requires your ANSWERing confirmation to majordomo () CSL sri com .
 If Majordomo balks when you send your accept, please forward to risks.
 [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
 this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
 Lower-case only in address may get around a confirmation match glitch.
   INFO     [for unabridged version of RISKS information]
 There seems to be an occasional glitch in the confirmation process, in which
 case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
   .MIL users should contact <risks-request () pica army mil> (Dennis Rears).
   .UK users should contact <Lindsay.Marshall () newcastle ac uk>.
=> The INFO file (submissions, default disclaimers, archive sites,
 copyright policy, PRIVACY digests, etc.) is also obtainable from
 http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
 The full info file will appear now and then in future issues.  *** All
 contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
=> ARCHIVES are available: ftp://ftp.sri.com/risks or
 ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
   [volume-summary issues are in risks-*.00]
   [back volumes have their own subdirectories, e.g., "cd 21" for volume 21]
 http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
   Lindsay Marshall has also added to the Newcastle catless site a
   palmtop version of the most recent RISKS issue and a WAP version that
   works for many but not all telephones: http://catless.ncl.ac.uk/w/r
 http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
 http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    http://www.csl.sri.com/illustrative.html for browsing,
    http://www.csl.sri.com/illustrative.pdf or .ps for printing

------------------------------

End of RISKS-FORUM Digest 22.20
************************
Previous By Date Next
Previous By Thread Next

Current thread: