RISKS Forum mailing list archives

Previous By Date Next
Previous By Thread Next

Risks Digest 22.81

From: RISKS List Owner <risko () csl sri com>
Date: Sun, 20 Jul 2003 15:25:00 PDT
RISKS-LIST: Risks-Forum Digest  Sunday 20 July 2003  Volume 22 : Issue 81

   FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at http://www.risks.org as
  http://catless.ncl.ac.uk/Risks/22.81.html
The current issue can be found at
  http://www.csl.sri.com/users/risko/risks.txt

  Contents:
Reassembly of shredded documents (Richard M. Smith)
SEVIS foreign students database (Thomas Dzubin)
IPv6 addresses too big to fit? (Joe Loughry)
Italian naming problem (Darryl Luff)
GPS-piloted tractors? (Conrad Heiney)
Health Commissioner's anonymised case reports not so anonymous (Don Mackie)
Privacy rights under threat by lawmakers (Dan Gillmor via Monty Solomon)
Carjacker tracked and bugged by Tele-Aid operator (Jonathan Epstein)
Samsung Electronics bans camera phones from key factories
  (Ferdinand John Reinke)
Software helps police draw crime links (Gareth Cook via Monty Solomon)
AOL blocking e-mail from other ISPs (David E. Ross)
Lack of Abbey National telephone banking security (Adam Laurie)
HighGroup Listing of SSN's (Alice K. Whitfield)
Why are spammers backing spam-control laws? (NewsScan)
California court rules against Intel in spam case (Elinor Mills Abreu
  via Monty Solomon)
Re: Virginia Identity Theft Passport (John Sinteur)
Re: David Nelson and CAPPS II? (Arthur Flatau)
Re: Error In e-mini Dow Futures creates havoc (Stewart C. Russell)
Re: Washing machine does the right thing after power outage (Kurt Thams)
Re: The nuking of RFID chips (Kevin G. Rhoads)
Formal Methods 2003 - Call for Participation and Programme Details
  (Diego Latella)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 17 Jul 2003 12:51:45 -0400
From: "Richard M. Smith" <rms () computerbytesman com>
Subject: Reassembly of shredded documents

  Throughout the 1980s, Sascha Anderson, a poet, musician, and literary
  impresario, was one of the leading voices to speak out against the East
  German government and its dreaded secret police, the Stasi.  But his
  credibility gradually evaporated after the Communist government's collapse
  as rumors about him acquired the weight of proof: he had been informing on
  his dissident compatriots all along.

It turns out that his supposedly unretrievable Stasi file was *manually*
reconstructed from bags of papers that had been shredded during the final
days of the regime in 1989.  However, the German government is now planning
on reconstituting 16,000 bagsful from that era, using advanced scanning
technology.  [Source: Picking Up the Pieces, By Douglas Heingartner, *The
New York Times*, PGN-ed]
  http://www.nytimes.com/2003/07/17/technology/circuits/17shre.html
  ?pagewanted=all&position=

  [The programming effort is certainly an interesting application!]

------------------------------

Date: Wed, 9 Jul 2003 05:49:23 -0700 (PDT)
From: Thomas Dzubin <dzubint () vcn bc ca>
Subject: SEVIS foreign students database

Under new United States homeland security laws, all U.S. schools have to
register their foreign students in the database, known as the Student and
Exchange Visitor Information System (SEVIS).  This system has all the
attributes of a big system rushed into production before sufficient testing
could take place.  In my mind, the RISK-iest thing about this story is that
the effects of the problems can cause life-changing situations for people
including being jailed and/or deported.

Many problems with this system are detailed in the story including files
being mysteriously deleted or "misplaced".  Some advisers are telling
students not to go back to their home countries on school breaks, in case
SEVIS accidentally deletes their records.  Students who are not in the
system cannot re-enter the country.  One quote from the story: "Daily
interactions with SEVIS have become a test of wit and will"

Other bugs/glitches/problems reported:

- Unable to modify existing records which is a problem if a foreigner
  (or spouse) has a baby.
- extreme system slowness and random crashing
- insufficient or inadequate help desk technician support

One final quote from the story:

"The technical failings of SEVIS and the difficulty the government has had
in implementing it undermine its security potential, Cotten says. If the
American people feel safer because of SEVIS, then they are severely misled,
she says."

Source:
  http://www.govexec.com/dailyfed/0703/070303h1.htm
(Hopefully this link is still active.  If not, Government Executive Magazine
does keep old stories archived under a slightly different URL naming
convention...the title "Foreign student tracking system called inefficient,
intrusive" should stay the same.)

------------------------------

Date: Thu, 17 Jul 2003 17:36:27 -0600
From: "Loughry, Joe" <joe.loughry () lmco com>
Subject: IPv6 addresses too big to fit?

In light of the recent announcements by the U.S. Department of Defense in
support of IPv6, we have been going through our software making the
necessary changes.  I found several examples of text input fields that were
too short to hold a valid IPv6 address like
3ffe:1800:0:3:290:27ff:fe14:cdee.

Also necessary was replacing calls to the standard library functions
inet_ntoa() and inet_addr(), among others, which do not support IPv6.

On an encouraging note, however, I found that throughout the source code,
extremely conservative coding practices and good error checking everywhere
means that our software does not crash when handling IPv6 addresses.

It's Y2K all over again.

Joe Loughry, Lockheed Martin Space and Strategic Missiles, RADIANT MERCURY

------------------------------

Date: Fri, 18 Jul 2003 12:41:33 +1000
From: Darryl Luff <dluff () iitscdm com au>
Subject: Italian naming problem

Hmm, the simple risk of your perfectly sensible domain name being
interpreted very differently in other languages.  [NOTE: text not mine.  DL]

  At least they should then have created a brilliant logo.....

    If you were a company called Powergen and you had a subsidiary that
    operated in Italy, what would you call that company's Web site?.

  Probably not http://www.powergenitalia.com

  But they really did.  ...

    [A high-strung multilingually interpretable literal string!  PGN]

------------------------------

Date: Fri, 18 Jul 2003 16:28:41 -0700
From: "Conrad Heiney" <conrad () fringehead org>
Subject: GPS-piloted tractors?

According to a Reuters report on CNN today, a University of Queensland
researcher is promoting an Australian technology for satellite-guided
tractors. These are said to be accurate to 2 cm.  Apparently advantages to
these are that the tractors are more accurate and do not crush the soil as
much as conventional people-driven equipment, allowing higher yield. As a
bonus, they could be run at night.
  http://www.cnn.com/2003/TECH/science/07/18/satellite.tractor.reut/index.html

The RISK of unmanned vehicles relying on GPS signals, with or without
rotating blades attached, is interesting to contemplate, especially at night!

Conrad Heiney  http://contentgoeshere.com/  http://fringehead.org

------------------------------

Date: Wed, 9 Jul 03 19:32:37 +1200
From: Don Mackie <donald () iconz co nz>
Subject: Health Commissioner's anonymised case reports not so anonymous

The New Zealand Health & Disability Commissioner has been dealing with
complaints about health care for almost ten years. As it says at the website
(www.hdc.org.nz) the purpose... is to promote and protect the rights of
health and disability consumers, and to facilitate the fair, simple, speedy,
and efficient resolution of complaints.

The Commissioner investigates complaints.  Often there are useful lessons to
be learned from the complaint and the findings, after removal of all
identifying features, are published so that others can benefit.  Some are
posted on the website in a range of formats: html, pdf and Word document.
Some of you will see where this is leading.

A colleague of mine was startled to be told by a patient that a Google
search on the doctor's name yielded the text of a HDC finding as the top
hit.  While my colleague acknowledges that there was a complaint about them
they have learned from it and believed that the publication was anonymous.
On opening the link from Google, I got a Word document.  Sure, the names of
the individuals had been removed from the text of the document, but when I
went Properties -> Summary, there they were.  Waiting to be found by a
search engine.  I looked at a few other .doc files and the same problem
existed.  I informed the HDC and they have now pulled the .doc opinions.

Ignorance of the hidden information in word processing files is, of course,
not new.  This one has had the potential to damage reputations when the HDC's
office has been careful, but not careful enough, to protect them in the
past.

------------------------------

Date: Sun, 13 Jul 2003 20:23:54 -0400
From: Monty Solomon <monty () roscom com>
Subject: Privacy rights under threat by lawmakers

Dan Gillmor, *San Jose Mercury News*, 13 Jul 2003

In the constant battle to preserve what's left of our privacy and roll back
some of the invasions we've already suffered, one reality is all too clear:
Elected officials are not on our side.  Last week brought the latest
perversion of the public will, the cowardly refusal of the California
Legislature to enact even modest improvements in financial privacy. The
voters will do it instead, in a ballot measure next year.

Meanwhile, state and federal lawmakers are almost totally oblivious to
future threats, including some that should be dealt with before they cause
trouble.  For example, retailers will soon be installing little identifying
radios, a technology known as RFID, into items they sell, enabling a host of
new privacy invasions that could make the status quo seem benign.

We all understand why lawmakers hold the public good, and will, in such
contempt.  They tend to vote on behalf of their financial benefactors.
Commercial interests see our privacy as a barrier to their business.

Game over? No. We have to care enough to take matters into our own hands.
Pressuring politicians is vital, but it's plainly not enough.  We'll need to
do a little multitasking to retrieve our right to be left alone.  ...

http://www.siliconvalley.com/mld/siliconvalley/6293890.htm

------------------------------

Date: Thu, 17 Jul 2003 13:23:16 -0400
From: Jonathan Epstein <Jonathan_Epstein () nih gov>
Subject: Carjacker tracked and bugged by Tele-Aid operator

A quick-thinking bystander realized that police could track the movements of
a carjacker who sped off with two small children in the back seat.  The
police were able to indirectly both track and listen-in on the car, and
learn that the kids in the back seat were OK.
  http://www.washingtonpost.com/wp-dyn/articles/A2862-2003Jul16.html

Marc Fisher of the Washington Post writes:

That carjacking the other night raises some fascinating questions. I'm sure
the mom was tremendously relieved that the operators in Dallas were able to
listen in on her children as their kidnapper hurtled along Rt. 50 -- and
goodness knows what might have happened if the Mercedes version of OnStar,
called Tele-Aid, hadn't been tracking the thug's movements. But do any of
you have concerns about the ability of Tele-Aid and similar companies to
turn on the microphone remotely and listen in on the goings-on in your car?
Or does this case prove that such privacy fears are outweighed by the good
those devices can do?

------------------------------

Date: Mon, 7 Jul 2003 15:45:55 -0400
From: "Ferdinand John Reinke" <ferdinand.john.reinke () att net>
Subject: Samsung Electronics bans camera phones from key factories

Samsung Electronics is restricting use of camera phones at key factories and
research centers to preclude industrial espionage.  (Camera phones have
become popular in South Korea.)  [Source: Yahoo News, 7 Jul 2003]
http://news.yahoo.com/news?tmpl=story2&cid=1509
  &u=/afp/20030707/tc_afp/skorea_samsung_it_company_030707080259&printer=1

  [I wonder if they remember that PDA's have camera capability? Wonder if
  financial institutions have thought about this "risk"? Not likely. JohnR]

------------------------------

Date: Fri, 18 Jul 2003 02:13:53 -0400
From: Monty Solomon <monty () roscom com>
Subject: Software helps police draw crime links

The Boston Police Department is rolling out a powerful new computer program
built to find hidden connections among people and events almost instantly,
allowing detectives to investigate murders, rapes, and other crimes far
faster than they can today.  Called ''Coplink,'' the program sifts through
tens of millions of police records, from 911 calls to homicide
investigations, to deliver a short list of potential leads in just seconds.
The same kind of searching currently takes hours or even days of a
detective's time -- when it is possible at all.  Designed in an Arizona AI
lab, Coplink searches through arrest records, incident reports, and
emergency phone calls to identify potential suspects and compile all
possible leads on them, including past addresses, weapons they have owned,
and even the arrest records of people with whom they have been stopped in a
car.  In Boston, it will search only through city police records, though it
could later be expanded to stretch far more broadly.  ...
[Source: Gareth Cook, *The Boston Globe*, 17 Jul 2003; PGN-ed]
  http://www.boston.com/dailyglobe2/198/nation/
  Software_helps_police_draw_crime_links+.shtml

------------------------------

Date: Sat, 19 Jul 2003 12:30:11 -0700
From: "David E. Ross" <david () rossde com>
Subject: AOL blocking e-mail from other ISPs

AOL has been bouncing E-mail messages from other ISPs.  In their attempt to
block spam, they are blocking mail servers that they presume are on end-user
IP addresses. For some reason, some ISP mail servers -- including at large,
well-run ISPs -- were considered to be among those addresses.

The problem started on Tuesday, 15 July, or earlier.  AOL apparently did not
know of the problem until a customer of an affected ISP complained on the
morning of Friday, 18 July.  AOL's response is that they will not be able
fix the problem until Monday, 21 July, or later.

This seems to be another case of implementing technology without sufficient
testing.  However, the fact that a problem reported on Friday cannot be
fixed until Monday indicates this risk arises from placing business
considerations ahead of either technology or customer service.

David E. Ross <http://www.rossde.com/> 

------------------------------

Date: Fri, 18 Jul 2003 10:41:16 +0100
From: Adam Laurie <adam () algroup co uk>
Subject: Lack of Abbey National telephone banking security

I hold an Abbey National account in the joint names of myself and my wife,
but my wife's entry is still in her maiden name (so from the bank's
perspective it could be any individual with no special legal
relationship). This account was created many moons ago, before we were
married, to facilitate the purchase of a flat. After the transaction, there
were a couple of hundred pounds left in the account, which have languished
ever since. We recently moved house and so this account came to our
attention when the tenants at the previous address forwarded our bank
statements to us.

And now the scary bit...

Armed only with the statement passed to me by said 3rd party, I was able to
call up the online bankers, cancel all the cheques and have all the funds in
the account transferred to an arbitrary account (in this case my personal
account - i.e. not a joint account with my wife).

The "extra security" questions I was asked were:

1. who is the other named account holder? (this was printed on the 
   back of statement).

2. what is your overdraft limit? (this was printed on the front of 
   the statement).

As the nice kid in Terminator 2 says... "easy money"... :)

Adam Laurie, A.L. Digital Ltd., The Stores, 2 Bath Road, London W4 1LT UK
http://www.aldigital.co.uk  http://www.thebunker.net  Tel: +44 (20) 8742 0755

------------------------------

Date: Fri, 18 Jul 2003 10:36:05 -0400
From: "Alice K. Whitfield" <qcscorp () sprintmail com>
Subject: HighGroup Listing of SSN's

The risks of using social security numbers as personal identifiers in
the U.S. is better known to members of this community than perhaps any
other.  You may appreciate then, better than the Social Security
Administration apparently does, the increased risk that arises when the
SSA's own published list of valid (partial) numbers contains errors of
omission (http://www.ssa.gov/foia/highgroup.htm, as of 18 July 2003 at
1400 UT).

The errors in the July list are not numerous, and may affect mostly
elderly, former railroad workers.  In past instances, the errors were
more widespread but eventually fixed.  They show no sign of responding
to any communications about the current problems, however. Obviously,
the current list was not verified before the page went live.

Luckily, flunking a flawed social security number verification test 
under the current regime of Total Awareness, "is not a basis ... for ...
adverse action ... such as laying off, suspending, firing, or
discriminating against an individual..." So, according to the Social
Security Administration, no one should have to worry about those risks,
at least.

------------------------------

Date: Fri, 18 Jul 2003 09:26:46 -0700
From: "NewsScan" <newsscan () newsscan com>
Subject: Why are spammers backing spam-control laws?  

Bigtime spam-mongers and junk-mail proponents like the Direct Marketing
Association are backing proposed antispam legislation, while consumer and
public-interest groups, almost without exception, oppose the bills. What's
going on? "It's a sign of who benefits from these bills and who doesn't,"
says a spokesman for the Coalition Against Unsolicited Commercial Email.
"When you see some of the biggest spammers in the country backing
legislation that is allegedly antispam, you really need to wonder about what
these bills actually do." The answer is that rather than banning all
unsolicited e-mail outright, as many consumer groups wish, they legitimize
spam, as long as the perpetrators adhere to certain rules, such as using
accurate subject lines and valid return addresses, and allowing recipients
to opt out of future mailings. Two bills are currently making their way
through Congress and a variant of thereof is expected to pass overwhelmingly
and be signed into law later this year.  [*Wall Street Journal*, 18 Jul
2003; NewsScan Daily, 18 Jul 2003] 
  http://online.wsj.com/article/0,,SB105848273351539900,00.html (sub req'd)

------------------------------

Date: Mon, 30 Jun 2003 23:07:18 -0400
From: Monty Solomon <monty () roscom com>
Subject: California court rules against Intel in spam case

The California Supreme Court on 30 Jun 2003 ruled spammers cannot be sued
under state law for property trespass for just sending e-mail -- a setback
for Intel Corp., which had sued a former engineer for sending e-mails to up
to 35,000 company workers.  The 4-3 ruling reversed a lower court order
prohibiting former Intel engineer Ken Hamidi from sending e-mails critical
of Intel to thousands of its employees.  Intel claimed the e-mails had
trespassed on its private network and had harmed the company by reducing
worker productivity.  But the California Supreme Court found that Intel's
computer system had not been damaged as a result of the e-mails and,
therefore, there was no trespass.  The court declined to expand state common
law covering property trespass to apply to e-mail whose contents may be
objectionable, but which is otherwise harmless.  ...  [Source: Elinor Mills
Abreu, Reuters, 30 Jun 2003]
  http://finance.lycos.com/home/news/story.asp?story=34677087

------------------------------

Date: Mon, 30 Jun 2003 23:07:18 -0400
From: Monty Solomon <monty () roscom com>
Subject: California court rules against Intel in spam case

The California Supreme Court on 30 Jun 2003 ruled spammers cannot be sued
under state law for property trespass for just sending e-mail -- a setback
for Intel Corp., which had sued a former engineer for sending e-mails to up
to 35,000 company workers.  The 4-3 ruling reversed a lower court order
prohibiting former Intel engineer Ken Hamidi from sending e-mails critical
of Intel to thousands of its employees.  Intel claimed the e-mails had
trespassed on its private network and had harmed the company by reducing
worker productivity.  But the California Supreme Court found that Intel's
computer system had not been damaged as a result of the e-mails and,
therefore, there was no trespass.  The court declined to expand state common
law covering property trespass to apply to e-mail whose contents may be
objectionable, but which is otherwise harmless.  ...  [Source: Elinor Mills
Abreu, Reuters, 30 Jun 2003]
  http://finance.lycos.com/home/news/story.asp?story=34677087

------------------------------

Date: Thu, 17 Jul 2003 07:45:56 +0200
From: John Sinteur <john () sinteur com>
Subject: Re: Virginia Identity Theft Passport (RISKS-22.80)

I can't help but wonder, how long until identity thieves won't just acquire
a driver's license, credit cards, etc, with their freshly stolen identity,
but one of these passports as well? Which will be relative unknown to the
cop on the street, so the first few yours you could hack something together
yourself in Photoshop as well...

If there's a bug in the way people use paperwork to assert and use
identities, how is more paperwork going to solve that?

  [Similar comment from Michael Hartley.  PGN]

------------------------------

Date: Thu, 17 Jul 2003 09:44:12 -0500
From: "Arthur Flatau" <arthur.flatau () amd com>
Subject: Re: David Nelson and CAPPS II? (Slade, RISKS-22.80)

There was a story on this in the *Austin American Statesman* (originally
from the *Chicago Tribune*).
  http://www.statesman.com/insight/content/auto/epaper/editions/
  sunday/insight_f3e0169a836a10f00085.html

There are at least two David Nelsons in the Austin area.  The articles
states:

    The family [Dr. David and Cindy Nelson of Austin and their two young
    children] plans to fly to Canada in August, and this time they're
    planning countermeasures. They'll try buying David Nelson's airline
    ticket under D. Austin Nelson.

That is surely a tactic that the bad guys would never figure out!

Arthur Flatau, Texas Microprocessor Division, Advanced Micro Devices, 
5900 East Ben White Boulevard, Austin TX 78741 Arthur.Flatau () amd com

------------------------------

Date: Fri, 18 Jul 2003 10:17:40 -0400
From: "Stewart C. Russell" <scruss () sympatico ca>
Subject: Re: Error In e-mini Dow Futures creates havoc (RISKS-22.80)

It seems that typos are quite common on trading systems. Talking to a friend
who is a foreign exchange trader, I found out that such misquotes are
commonly called "wrong big figure" quotes.

A casual web search on this phrase will return an alarmingly large number of
documents from forex houses. These documents pertain to their liability --
or lack of it -- for such quotes.

Surely we need to work on the ergonomics of such trading systems?

------------------------------

Date: Thu, 17 Jul 2003 10:54:38 -0700
From: "Kurt Thams" <thams () thams com>
Subject: Re: Washing machine does the right thing after power outage

On the other hand, an enterprising user could pull the power plug at nearly
the end of the job, load a new batch of clothing, and get his second (and
third and fourth...) wash free!

------------------------------

Date: Thu, 17 Jul 2003 09:20:25 -0400
From: "Kevin G. Rhoads" <Kevin.Rhoads () Dartmouth EDU>
Subject: Re: The nuking of RFID chips (Cowan, RISKS-22.80)

Most stun guns and cattle prods use current limited high voltage DC.  It is
easy to provide overload protection for this kind of electrical insult --
although I doubt that RFID manufacturers will include such protection in the
early designs.  However, if such deactivation becomes common and
problematic, it can be designed around.

Better to use a low output Tesla coil, which generates high voltage
splattered all over the RF spectrum.  Of course, a linear RF power amp
driven by an RF sweep generator should also work -- but that level of
equipment is not readily available.  Cheap Tesla coils can be easily
homebrewed and Edmund Scientific carries a model for about $120 that is
ideal.

------------------------------

Date: Fri, 18 Jul 2003 09:58:48 +0500
From: Diego Latella <Diego.Latella () isti cnr it>
Subject: Formal Methods 2003 - Call for Participation and Programme Details

The 12th International FME Symposium
Pisa, Italy - September 8-14, 2003
http://fme03.isti.cnr.it -  fme03 () isti cnr it

FM 2003 is the twelfth in a series of symposia organized by Formal Methods
Europe, an independent association whose aim is to stimulate the use of, and
research on, formal methods for software development.  These symposia have
been notably successful in bringing together a community of users,
researchers, and developers of precise mathematical methods for software
development as well as industrial users.

Formal methods have been controversial throughout their history, and the
realization of their full potential remains, in the eyes of many
practitioners, merely a promise. Have they been successful in industry? If
so, under which conditions? Has any progress been made in dispelling the
skepticism that surrounds them? Are they worth the effort? Which aspects of
formal methods have become so well established in the industrial practices
to loose the "formal method" label in the meanwhile?

FM 2003 aims to answer these questions, by contributions not only from the
Formal Methods community but also from outsiders and even from skeptical
people who are most welcome to explain, document, and motivate the source of
their reluctance.

FM 2003 will host 7 Workshops, 8 Tutorials and 1 Day dedicated to the
Industry besides the 3 days of the FME Symposium. Tool demonstrations will
also take place during the symposium, with the opportunity of holding
presentations for each tool.

For full details on the Symposium organization and to register please 
go to the web site http://fme03.isti.cnr.it, or send  your query to 
fme03 () isti cnr it.

Dott. Diego Latella, Consiglio Nazionale delle Ricerche, ISTI 
Via G. Moruzzi, 1 - I56124 Pisa, ITALY
phone +39 0503152982 or +39 348 8283101  fax +39 0503138091 or +39 0503138092 
Diego.Latella () isti cnr it http://www.isti.cnr.it/People/D.Latella

------------------------------

Date: 30 May 2003 (LAST-MODIFIED)
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  Alternatively, via majordomo,
 send e-mail requests to <risks-request () csl sri com> with one-line body
   subscribe [OR unsubscribe]
 which requires your ANSWERing confirmation to majordomo () CSL sri com .
 If Majordomo balks when you send your accept, please forward to risks.
 [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
 this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
 Lower-case only in address may get around a confirmation match glitch.
   INFO     [for unabridged version of RISKS information]
 There seems to be an occasional glitch in the confirmation process, in which
 case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
   .UK users should contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative 
 address from which you NEVER send mail!
=> The INFO file (submissions, default disclaimers, archive sites,
 copyright policy, PRIVACY digests, etc.) is also obtainable from
 http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
 The full info file will appear now and then in future issues.  *** All
 contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
=> ARCHIVES: http://www.sri.com/risks
 http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive
 http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue]
   Lindsay has also added to the Newcastle catless site a palmtop version 
   of the most recent RISKS issue and a WAP version that works for many but 
   not all telephones: http://catless.ncl.ac.uk/w/r
 http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
 http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    http://www.csl.sri.com/illustrative.html for browsing,
    http://www.csl.sri.com/illustrative.pdf or .ps for printing

------------------------------

End of RISKS-FORUM Digest 22.81
************************
Previous By Date Next
Previous By Thread Next

Current thread: