RISKS Forum mailing list archives

Previous By Date Next
Previous By Thread Next

Risks Digest 22.28

From: RISKS List Owner <risko () csl sri com>
Date: Mon, 7 Oct 2002 15:51:35 PDT
RISKS-LIST: Risks-Forum Digest  Monday 7 October 2002  Volume 22 : Issue 28

   FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/22.28.html>
and by anonymous ftp at ftp.sri.com, cd risks .

  Contents:
Payroll fail-safes "didn't work" (J. Lasser)
Bear Stearns' bare sterns: erroneous order (David Lesher)
Raders of the Last Quark (Identity withheld by request)
Too fast fingers, or bad shortcut design? (Pertti Huuskonen)
Rep. Boucher --finally-- introduces bill to rescind part of DMCA 
  (Declan McCullagh)
Defense Information System Agency leaves shopping list online (PGN)
Quantum cryptography for secure global communications (NewsScan)
Busboy pleads guilty to ID theft (Monty Solomon)
"Trojan horse" music? (Matthew Anderson)
Court will welcome e-mailed explanations of traffic tickets 
  (Dave Stringer-Calvert)
Dewie the Turtle == Bert the Turtle (Jason T. Miller)
Address change blocked by online entry validation (George N. White III)
Batteries: More electronic voting risks? (anon123)
Re: Electronic voting methods (David Hedley)
Re: Paper ballots, no panacea (David F. Skoll, Jan C. Vorbrüggen)
Re: Butterfly ballots (George Russell)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sat, 28 Sep 2002 14:50:16 -0400
From: "J. Lasser" <jon () lasser org>
Subject: Payroll fail-safes "didn't work"

  http://www.cnn.com/2002/US/Midwest/09/27/offbeat.teacher.paid.ap/index.html

The only overpaid teacher, AP item, 27 Sep 2002

A Detroit public school teacher's pay was enough to make Bill Gates or
Donald Trump envious.  Thanks to a computer glitch, the teacher was paid
$7.9 million before taxes for 18 minutes of work. The teacher, who wasn't
identified, received $4,015,624.80 after taxes.  Someone alerted the school
district earlier this month, and the money was returned after six days,
chief financial officer Ken Forrest said in Thursday's Detroit News.

The error occurred when a clerk entered an employee number in the hourly
wage field for the teacher's wage adjustment check. The district's payroll
software didn't catch the mistake.  "One of the things that came with (the
software) is a fail-safe that prevents that. It doesn't work," Forrest said.
The district has since installed a program to flag any paycheck exceeding
$10,000, he said.

  [Gee, did they test the fix?]

Jon Lasser  jon () cluestickconsulting com
http://www.tux.org/~lasser/  http://www.cluestickconsulting.com

------------------------------

Date: Wed, 2 Oct 2002 23:34:42 -0400 (EDT)
From: David Lesher <wb8foz () nrk com>
Subject: Bear Stearns' bare sterns: erroneous order


Bear Stearns placed an erroneous order to sell $4 billion worth of stock
late Wednesday at the New York Stock Exchange, but most of the order was
canceled before it was executed.  The NYSE said a clerical error caused
the brokerage house to enter the order to sell $4 billion worth of
Standard & Poor's securities at about 3:40 p.m. -- 20 minutes before the
stock market closed. The order should have been for $4 million.  All but
$622 million of the $4 billion transaction was canceled prior to
execution, the NYSE said in a statement.  The NYSE had no further
comment. Officials at Bear Stearns were not immediately available for
comment.  [AP item]


We have talked about sanity checking time after time.  You'd think that a
major move would require MULTIPLE management approvals.....but..

We have met the enemy and he is us...

------------------------------

Date: Fri, 4 Oct 2002
From: [Identity withheld by request]
Subject: Raders of the Last Quark

A friend is being admitted to a respected eating-disorders clinic in
Southern California, which I was interested to learn more about.  They have
a fantastic supportive Web site at http://www.raderprograms.com/, mostly
directed at individuals who have plucked up the courage to investigate
treatment options.

However, a small slip of the keyboard can destroy that courage.  Drop the
"s", and http://www.raderprogram.com/ redirects you to the Web site of
Nutri/System --- ``your online weight loss solution'' asking ``how much
weight you would like to lose? 10-20 pounds? more than 40?''.  Changing
`rader' to the more intuitive spelling `radar' gives the same results...

The Nutri/System site seems quite legitimate, and of utility to a large
percentage of the population (pun intended).  But to litter the `typo
space' in this way is of potentially life-threatening consequence to the
individuals seeking the Rader Programs site, and thoroughly immoral.

  [Weight!  Wait!  Don't Spell Me!  PGN]

------------------------------

Date: Mon, 30 Sep 2002 10:27:22 +0300
From: <pertti.huuskonen () nokia com>
Subject: Too fast fingers, or bad shortcut design?

A colleague recently sent me an e-mail containing material that was clearly
not supposed to reach me. Apparently the sender had copied some text from
another e-mail, with the intention to sanitize out the unsuitable bits, but
had accidentally hit "send" before having completed the edits.

While this certainly happens all the the time and should be no news to any
RISKS readers, it did stop me to think about e-mail client UI design.

In our e-mail software, the keyboard shortcut for sending the message out is
CTRL-Enter. In our word processing software (from the same manufacturer) the
command to delete the last word is CTRL-backspace. The same word deletion
method also works in our e-mail client, and seems to get frequent use by
many people.

The two keys are rather close together on most keyboards.  Composing e-mail,
I sometimes accidentally hit CTRL-Enter instead of CTRL-backspace. The
e-mail client then happily sends out the uncompleted e-mail.

Acknowledging my bad keyboard technique, I have chosen to leave my e-mail
client in an offline mode, so I will have time to go back to my Outbox to
rescue any stray e-mail before synchronizing with our IMAP server. I have
therefore had to change my working mode due to the design of keyboard
shortcuts.

The RISKS? Bad shortcut design coupled with too fast fingers can cause
embarrassing situations, possibly exposure of improper material, and
increased global demand for an UNDO feature in sendmail.

------------------------------

Date: Fri, 04 Oct 2002 09:02:54 -0700
From: Declan McCullagh <declan () well com>
Subject: Rep. Boucher --finally-- introduces bill to rescind part of DMCA

Here's Boucher talking about this bill as far back as July 2001:
  http://www.politechbot.com/p-02308.html

I've put the text of the Boucher bill here:
  http://www.politechbot.com/docs/boucher.dmca.amend.100302.pdf

A similar bill, though not as widely supported, introduced by Rep. Lofgren 
is here:
  http://www.house.gov/lofgren/press/107press/021002_act.htm

News article on Lofgren bill:
  http://news.com.com/2100-1023-960531.html

-Declan

  By Declan McCullagh, Staff Writer, CNET News.com, 3 Oct 2002

  A proposal to defang a controversial copyright law became public on
  Thursday, after more than a year of anticipation and months of closed-door
  negotiations with potential supporters.

  Formally titled the Digital Media Consumers' Rights Act, the new bill
  represents the boldest counterattack yet on recent expansions of copyright
  law that have been driven by entertainment industry firms worried about
  Internet piracy.

  The bill, introduced by Reps. Rick Boucher, D-Va., and John Doolittle,
  R-Calif., would repeal key sections of the 1998 Digital Millennium
  Copyright Act (DMCA). It would also require anyone selling copy-protected
  CDs to include a "prominent and plainly legible" notice that the discs
  include anti-piracy technology that could render them unreadable on some
  players.  [...]

    http://news.com.com/2100-1023-960731.html

POLITECH -- Declan McCullagh's politics and technology mailing list.
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/

------------------------------

Date: Wed, 2 Oct 2002 11:12:29 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Defense Information System Agency leaves shopping list online

Faulty access controls open DISA's technology requisition system to
snoops. An improperly secured database operated by the U.S. Defense
Information System Agency (DISA) allowed Internet surfers to view and
place orders for computers, networks, cell phones, software, and other
technology used by the military.  Before it was locked down over the
weekend, visitors to the Web site of DISA's Requirements Identification
and Tracking System (RITS) were able to peruse hundreds of requisition
documents, such as a $310,000 order for "new generation STE crypto
devices" in support of the Global Command and Control System.

http://online.securityfocus.com/news/911

------------------------------

Date: Fri, 04 Oct 2002 08:36:14 -0700
From: "NewsScan" <newsscan () newsscan com>
Subject: Quantum cryptography for secure global communications

British researchers have been able to use quantum cryptography keys encoded 
in photons of light to communicate through air for 23 kilometers, and the 
expectation is that by March of next year this capability will be extended 
to 1000 kilometers -- far enough to reach all LEO satellites. Because any 
measure of a photon will alter its quantum properties, quantum cryptography 
guarantees that any attempt to intercept a message will be evident. (*New
Scientist*, 2 Oct 2002; NewsScan Daily, 4 Oct 2002)
  http://www.newscientist.com/news/news.jsp?id=ns99992875

------------------------------

Date: Fri, 4 Oct 2002 01:37:45 -0400
From: Monty Solomon <monty () roscom com>
Subject: Busboy pleads guilty to ID theft

A 32-year-old restaurant busboy pleaded guilty on Thursday to pilfering
personal and financial data belonging to America's rich and famous,
including billionaire Warren Buffett.  Abraham Abdallah, a high-school
dropout, entered his guilty plea in response to a 12-count indictment
charging him with wire, mail, and credit-card fraud, identity theft, and
conspiracy -- in what authorities believe is the largest identity theft in
Internet history.  The federal case accuses Abdallah of using the
information as part of a scheme to steal more than $80 million from
individuals, corporations and financial institutions.  Although he pleaded
guilty, Abdallah told U.S. District Judge Loretta Preska he was not driven
by greed. ... Reuters, 3 Oct 2002 http://news.com.com/2100-1023-960754.html

  [This case was reported originally in RISKS-21.29.  PGN]

------------------------------

Date: Thu, 3 Oct 2002 08:35:07 -0400
From: "Matthew Anderson" <MAnderson () gaic com>
Subject: "Trojan horse" music?

Per an announcement in from Steath MediaLabs, Inc.,
http://biz.yahoo.com/bw/021003/32166_1.html, quote:

"How many unpaid copies of music would you circulate if each contained your
own credit-card number?...  Built upon a new MS Windows Media-compatible
technology...  The StealthChannel is capable of stealthily embedding up to
20 kb/s of data into almost any digital audio signal.  Embedded data can be
anything from images to text to credit-card numbers...  In most cases, data
hidden in the StealthChannel can be embedded without increasing filesize..."

They go on to mention that this is intended to be used as a "carrot" for
those that do authorized copying of music by providing "goodies" such as
discounted tickets or a couple of chapters of books yet to be published...
It doesn't take much imagination to see the risks of this technology...
Music companies "releasing" singles that when executed, check for other
"unauthorized" music files and then delete them or at least send a list back
to the music company for legal prosecution, Songs released to Kazmaa or
Gnutella that have viruses embedded in them, etc.

The only limitation (currently, wait till future releases of MS Media
players) is that you need the Stealth MediaLab plug-in to execute these
"goodies".  Ah, to go back to the good old days of having to worry only
about subliminal messages and what the music said when play backwards...

M@ Anderson, Enterprise Architect, American Financial Group
580 Walnut Street, Cincinnati, OH  manderson () gaic com  (513) 412-4457

------------------------------

Date: Wed, 02 Oct 2002 11:01:06 -0700
From: Dave Stringer-Calvert <dave_sc () csl sri com>
Subject: Court will welcome e-mailed explanations of traffic tickets

Tell it to the judge - or better yet, e-mail it to the judge. County
officials are setting up a program under which people who get traffic
tickets can e-mail their excuses and explanations to a judge.  Until now,
they'd have to sit for hours in court, waiting for a hearing. So far this
year in the county, there have been more than 1,200 people who want to
explain to a judge the circumstances surrounding their traffic tickets.
After reading the e-mails, the judges will send their reply - either by
e-mail, or an old-fashioned postcard.
  http://www.nandotimes.com/technology/story/555311p-4377123c.html

  [Mike Hogsett asked, 
    "How long until someone writes the automated excuse generator?  And
    starts collecting stats for them so that only the successful ones are
    used?"]

------------------------------

Date: Mon, 30 Sep 2002 08:56:42 -0500 (EST)
From: jasomill () theoneview com
Subject: Dewie the Turtle == Bert the Turtle

Looking at Dewie the Turtle (RISKS-22.27), I can't help but be reminded of
Bert the Turtle from "Duck and Cover" (available at
http://www.archive.org/movies/details-db.php?collection=prelinger&collectionid=19069
). As a matter of fact, looking at the "totality of security measures" 
taken since September 11th, I can't help but be reminded of "Duck and 
Cover"; "what has changed" since that fateful day is of no more importance 
to the "security" of this nation or its people than the bombproof 
school desks of yesteryear.

In re Dewie, I notice the essential difference between cyber security and
civil defense in light of the atomic bomb -- since there was nothing a young
child could reasonably do to mitigate the risk of atomic attack, it is
reasonable to "at least calm their nerves", at the very least it does no
harm. In the case of cyber security, from the perspective of someone who
sees so much of IT as _fundamentally_ insecure, providing such a "false
sense" of the same seems ill-advised, as it encourages us to deny the causes
of our problems rather than to fix them (standard practice in the computer
industry, but practice that will have to change if we're going to
_materially_ improve IT security) -- in other words, to "cure the symptoms"
while leaving the disease untouched.

The same could of course be said about US "antiterrorism" policy in general,
but RISKS is of course not the place for such a discussion.

Jason T. Miller, One View Engineering  317-915-9039 ext. 302

  [URL also noted by Richard Akerman.  PGN]

------------------------------

Date: Thu, 3 Oct 2002 22:16:48 -0300 (ADT)
From: "George N. White III" <aa056 () chebucto ca>
Subject: Address change blocked by online entry validation

Canada Post recently changed my home mailing address.  Previously my address
involved a rural route number and mail was addressed to the town in which
the post office was situated.  The new address has the same street and
number, but omits the rural route designation and has a different town and
postal code.  This change was first announced over a year ago, but the new
postal codes were only announced a few weeks ago, and are "official" on
Oct. 21, 2002.

BC (before computers) I would simply have mailed change-of-address cards
that take only minutes to fill out. Now I have a choice. I can spend minutes
online trying to find an actual mailing address, or minutes filling out an
online form, only to find that the new address fails the online entry
validation when I submit the form.

Many of the companies I deal with, including well-known online retailers,
allow customers to update their personal information online.  In one case,
when I clicked "submit", the result was an error page stating that my postal
code was not valid for my street address.  After contacting customer
support, I was told that I could bypass the checks by submitting the form a
second time.

The risks here are from data validation systems which assume that there is a
unique mapping (e.g., between street address and postal code) and can only
be updated at a single point in time, so users will be making updated
entries before the database has been updated, or will fail to make the
update so their records become "invalid" when the mapping is updated.
During a transaction, a mailing address is required when the order is
placed.  Credit card companies may check the shipping address when the
charge is applied, hopefully not long before when the item is ready to ship.

My new postal code is interesting, as it consists entirely of pairs of
easily confused letters and numbers: "2Z", "3B", and "6G". Was this
error-prone code rejected when postal codes were first issued, and then
pressed into service when a new code was required? It will be interesting to
observe how often errors are made by people manually transcribing the values
I entered in WWW address forms into their mailing databases.

George N. White III  <aa056 () chebucto ns ca>
Head of St. Margarets Bay, Nova Scotia, Canada

------------------------------

Date: Tue, 01 Oct 2002 13:44:34 -0700
From: anon123 () japan com
Subject: Batteries: more electronic voting risks

Office evacuated when box of batteries explodes

A box of recycled nickel-cadmium batteries used in voting machines exploded
at a county building Monday afternoon. No one was injured, but about 30
employees were evacuated from the Elections Office at 40 Tower Road.

Around 3:30 p.m., the box of about 1,100 button-shaped batteries blew up,
scattering small metal pieces 10 to 15 feet in all directions of the
warehouse where they were stored, according to Capt. Gary So of the
California Department of Forestry.

So theorized that some of the used batteries had charges left and when
their negative terminals touched, heat built up and they exploded.

http://www.bayarea.com/mld/mercurynews/news/local/4187348.htm

------------------------------

Date: Sun, 29 Sep 2002 11:06:05 +0100
From: David Hedley <dhedley () hebdenbridge u-net com>
Subject: Re: Electronic voting methods (RISKS-22.25 and 27)

Re: Paper ballots, no panacea (Neff, RISKS-22.27)

Andy Neff states in RISKS-22.27 "Paper ballots ... still have to be counted
by machines in an election of any reasonable size."

Not so. British elections still [mostly] consist of voters manually entering
'X' in a box adjoining the candidate's name on a sheet of paper.  For each
constituency [ranging from 1,000,000 eligible voters in a European election
to 1,000 in town elections] these sheets of paper are then brought together
and counted manually. Candidates (or their agents) are allowed to observe
the process.

  [Also noted in the UK by T Panton. in provincial and federal elections
  in Canada by Charles Cazabon, and David Skoll (next).  PGN]

Being a human process, mistakes will of course be made. If the finall totals
are close, the losing candidate may request a recount. Manual recounts will
continue until everyone is satisfied. In extreme cases where candidates are
separated by 1 or 2 votes, there will be several recounts.

It's old technology and not very flashy, but it's demonstrably accurate and
foolproof.

However the government is now going down the road of making voting sexier
by trying out new-fangled (even online) voting methods. I fear the worst ...

RE: Elections In America - Assume Crooks Are In Control (Landis, RISKS-22.25)

Lynn Landis stated in RISKS-22.25 "As far as we know, some guy from Russia
could be controlling the outcome of computerized elections in the United
States."

She is partially correct.  I say "As far as I know, some guy from the United
States could be controlling the outcome of computerized elections in the
United States."

For many of us in Europe, the US voting system lost all credibility in the
last presidential election.

------------------------------

Date: Sun, 29 Sep 2002 00:46:35 -0400 (EDT)
From: "David F. Skoll" <dfs () roaringpenguin com>
Subject: Re: Paper ballots, no panacea (Neff, RISKS-22.27)

  "Paper ballots, be they optical scan or punch card, still have to be
  counted by machines in an election of any reasonable size."

This is manifestly not so.  Paper ballots can easily be counted by hand,
providing enough people do the counting.  The proper way to count ballots is
to have officers and witnesses count the ballots for each polling station,
and then send their totals to regional tallying centers.  These regional
centers add up the votes and send their totals to national centers.  By
having a tree of counters, and officials from all interested parties at each
stage, truly huge numbers of votes can easily be counted by humans.

If the election is close or results are contested, then the paper
ballots are available for recounting.  A human recount of all ballots
may be slow, but it wouldn't be needed most of the time.

Paper-based solutions can be badly designed, as Neff points out, but a
well-designed paper solution is about the best we have, in spite of modern
technology.

------------------------------

Date: Mon, 30 Sep 2002 18:11:07 +0200
From: "Jan C. Vorbrüggen" <jvorbrueggen () mediasec de>
Subject: Re: Paper ballots, no panacea (Neff, RISKS-22.27)


1) As most who witnessed the 2000 US Presidential Election agree, paper
ballots created problems. Paper ballots, be they optical scan or punch card,
still have to be counted by machines in an election of any reasonable
size. 


There was a general election in Germany a little more than a week ago. From
61 million eligible voters out of a population of a little over 80 million,
79% or about 48 million actually voted, each having two votes. I think this
qualifies as "reasonable size".

The ballot is one piece of paper, on which one has to make a mark in each 
of two columns. Thus, about 48 million sheets of paper were counted entirely
by hand, although I'm sure the tallying above the level of the voting locale
is done electronically (this is logarithmic in the number of votes counted 
in any case). Usually, it takes about six to seven hours to arrive at the
"vorläufige amtliche Endergebnis" - roughly, the "provisional official final
result". This time, due to some of the election officials leaving their job
when it was half done, it took almost ten hours to get to that point. Cost:
about one Euro (approx. one US dollar) per eligible voter.

I see no reason to believe that this isn't applicable to almost all types of
election. Even the most complicated of elections in Bavaria, where the voter
has a large number of votes he can distribute, or not, according to certain
rules to those wanting to be elected, take at most two days to get to the
final result - the main effect is that the number of invalid ballots is much
larger than the usual ~1%, and here a computerized system would surely be
able to help in filling out the form according to the rules.

Jan Vorbrüggen - MediaSec Technologies, Berliner Platz 6-8, D-45127 Essen
+49 201 437 52 52  http://www.mediasec.com  jvorbrueggen () mediasec de  

------------------------------

Date: Mon, 30 Sep 2002 13:43:21 +0200
From: George Russell <ger () tzi de>
Subject: Re: Butterfly ballots (Neff, RISKS-22.27)


Re: Paper ballots, no panacea
Remember the butterfly ballot in Palm Beach County, Florida ...


I think what the butterfly ballot problem indicates is that ballot papers
should be designed for humans, not machines.  I have voted in both the UK
and Germany, and I think I am not alone among Europeans in finding the
current American debate surreal.  We all have systems where ballot papers
have two columns, with the candidates' names and/or parties listed in the
first column, and boxes next to these names in which you put a cross or (for
STV systems) a number.  All votes are counted at least once, by humans, and
(at least the UK) the candidates are entitled to send along representatives
to watch every stage of the process.  Where there is a problem which might
affect the result of an election it ends up in the courts; for example a few
years ago a local election turned on whether someone who had put a gigantic
cross over the entire ballot paper intended to vote for the candidate whose
box contained the centre of the cross, or just intended to spoil the paper.
But this is so rare it hardly ever happens.  The system is so obvious and so
simple it is embarrassing to have to spell it in comp.risks, but I can't
understand why American states instead seem addicted to mechanical solutions
which will invariably go wrong somehow.

Furthermore I just don't see the point of letting machines do the counting,
but keeping backup paper ballots for humans to count just in case the
machines go wrong or one of the candidates smells a rat.  Why keep paper
ballots unless you have trained and experienced humans in place to count
them?  And if you have that, why not just get the humans to count the papers
in the first place?  In the UK if the candidates dispute the result of a
close-run election they can call for a recount.  This is I think much
quicker than the original count, since the ballot papers are already sorted,
and it is only a question of checking that they are all correctly
distributed.  I'd have to check the Guinness Book of Records for this, but I
think the record number of counts in a British General Election is something
like 7, and it took about 20 hours from when the polls closed.  A far cry
from Florida in 2000, where it wasn't possible to count every vote even once
in several months.

I suppose American states choose to do counting by machines because it's
cheaper.  But you'd think that given that we only vote once every few years,
it might be worth spending a dollar or two per voter (I doubt if it costs
anything nearly as much as that in the UK) to see that you get every vote
counted properly.

I don't want to pretend the British system is perfect; you have other issues
like the security problems allocating postal votes in the 2001 General
Election, and the risk that, because there is no British identity card, it
is very easy to vote pretending to be somebody else.  But these are
orthogonal to the question of how you actually vote and count the votes.

I'm not an expert at all.  I feel incredibly naive.  But at least would
someone be good enough to explain in baby-talk why it is necessary to have
complex mechanical systems at all, when the simple paper one seems to work
so well.

  [Incidentally, the butterfly ballot is apparently technically illegal 
  in Florida, but was approved anyway.  PGN]

------------------------------

Date: 29 Mar 2002 (LAST-MODIFIED)
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  Alternatively, via majordomo,
 send e-mail requests to <risks-request () csl sri com> with one-line body
   subscribe [OR unsubscribe]
 which requires your ANSWERing confirmation to majordomo () CSL sri com .
 If Majordomo balks when you send your accept, please forward to risks.
 [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
 this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
 Lower-case only in address may get around a confirmation match glitch.
   INFO     [for unabridged version of RISKS information]
 There seems to be an occasional glitch in the confirmation process, in which
 case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
   .MIL users should contact <risks-request () pica army mil> (Dennis Rears).
   .UK users should contact <Lindsay.Marshall () newcastle ac uk>.
=> The INFO file (submissions, default disclaimers, archive sites,
 copyright policy, PRIVACY digests, etc.) is also obtainable from
 http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
 The full info file will appear now and then in future issues.  *** All
 contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
=> ARCHIVES are available: ftp://ftp.sri.com/risks or
 ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
   [volume-summary issues are in risks-*.00]
   [back volumes have their own subdirectories, e.g., "cd 21" for volume 21]
 http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
   Lindsay Marshall has also added to the Newcastle catless site a
   palmtop version of the most recent RISKS issue and a WAP version that
   works for many but not all telephones: http://catless.ncl.ac.uk/w/r
 http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
 http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    http://www.csl.sri.com/illustrative.html for browsing,
    http://www.csl.sri.com/illustrative.pdf or .ps for printing

------------------------------

End of RISKS-FORUM Digest 22.28
************************
Previous By Date Next
Previous By Thread Next

Current thread: