[risks] Risks Digest 21.44

From: RISKS List Owner (riskoat_private)
Date: Mon Jun 04 2001 - 15:20:10 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 21.45"

    RISKS-LIST: Risks-Forum Digest  Monday 4 June 2001  Volume 21 : Issue 44
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/21.44.html>
    and by anonymous ftp at ftp.sri.com, cd risks .
    
      Contents:
    House Science Committee hearings on voting systems (Douglas W. Jones)
    Swimming-pool changing cubicles (Alan Barclay)
    Insurer considers Microsoft NT high-risk (Oleg Broytmann)
    UK Government Gateway blocks non-MS browsers (Chatan Mistry)
    The risks of clueless marketing (Greg Searle)
    Computer-generated mail -- too easy to fake? (David G. Bell)
    Forgery attempt -- risk of identity theft (David Lesher)
    Sex-offender database risks (RISKS)
    Crash leaves disabled riders stranded (Jeremy Epstein)
    BT upgrade: The best laid plans... (John Sullivan)
    Re: Software Engineering, Dijkstra, and Hippocrates (Scot Wilcoxon,
        Richard I Cook)
    Re: EU considers retaining *all* telecom traffic (Michael Weiner)
    Re: NZ Electoral Web Site (Richard A. O'Keefe)
    Re: Another Backhoe Reminder (Arthur Marsh)
    Re: WeatherBug and Gator (David Crooke)
    Re: 37% of programs used in business are pirated (Jurek Kirakowski, 
        Merlyn Kline)
    More SMS SPAM (Simon Waters)
    Re: Lost train (Mark Brader)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Tue, 29 May 2001 15:05:18 -0500 (CDT)
    From: "Douglas W. Jones" <jonesat_private>
    Subject: House Science Committee hearings on voting systems
    
    On May 22, 2001, the House Committee on Science held a hearing entitled
    "Improving Voting Technology: The Role of Standards", with Stephen
    Ansolabehere from MIT, Rebecca Mercuri from Bryn Mawr, Roy Saltman [retired
    from NIST], and myself -- Douglas Jones from the U of Iowa.
    
    The House Science Committee web site has an archive of the written
    testimony submitted in advance of all committee hearings.  For this
    hearing, they also have a real-audio webcast-transcript in their
    archive.  See:
    
      http://www.house.gov/science/full/fchearings.htm
    
    It's sorted in reverse chronological order; scroll down to May 22, 2001. 
    
    In sum, I feel we presented a fairly strong united front on the key problems
    we face when using computers to count votes -- we agreed that current
    technology is poorly regulated, that many current voting systems have major
    defects, and that stronger standards must be put in place before any
    large-scale rush to replace "outmoded" voting systems with new technology.
    
    We did disagree about whether a new standard would have an effect on the
    next presidential election.  I was, I think, the most pessimistic in this
    regard.  It may be that our answers depended on our interpretation of the
    question -- I assumed that it would take a year, at minimum, to put a new
    standard in place, and that it would take vendors a year, at minimum, to
    offer new machines based on this standard.  I also assumed that old machines
    would be grandfathered in, so the new standard would not have a significant
    impact on real polling places for several more years as old machines were
    slowly phased out.
    
    Doug Jones <jonesat_private>
    
    ------------------------------
    
    Date: Mon, 28 May 2001 14:55:49 -0400
    From: Alan Barclay <gorillaat_private>
    Subject: Swimming-pool changing cubicles
    
    *The Register* reports on French swimming pool "Centre Sportif Richard Bozon"
    at http://www.theregister.co.uk/content/28/19236.html. It seems that
    instead of a simple and traditional bolt on the doors to the changing
    cubicles, the centre has installed a computerized array of motion sensors,
    which detect if the cubicle is in use and displays a red or green light
    to indicate occupation. There is nothing to prevent someone from ignoring
    the lights and opening an occupied cubicle.
    
    The obvious flaws are pointed out by *The Register*, including the problem
    for colour-blind people, and the sheer stupidity of putting in a high-tech
    solution to a low-tech problem, but they miss other problems, such as false
    positives and false negatives and the requirement to train the users of the
    facility of the meaning of the lights.
    
      [Boz-on and Boz-off?  Beau-saun(a)?  Hose-sauna?  
      But watch out for swimsuits with false positives.  PGN]
    
    ------------------------------
    
    Date: Tue, 29 May 2001 12:20:53 +0400 (MSD)
    From: Oleg Broytmann <phdat_private>
    Subject: Insurer considers Microsoft NT high-risk
    
    [...] An insurance company has started to charge 5-15% more if you use
    Windows NT as a base for Internet services:
    
      "We saw that our NT-based clients were having more downtime" due to
      hacking, says John Wurzler, founder and CEO of the Michigan company, which
      has been selling hacker insurance since 1998.  Wurzler said the decision
      to charge higher premiums was not mandated by the syndicates affiliated
      with Lloyd's of London that underwrite the insurance he sells.  Instead,
      the move was based on findings from 400 security assessments that his firm
      has done on small and midsize businesses over the past three years.
      Wurzler found that system administrators working on open-source systems
      tend to be better trained and stay with their employers longer than those
      at firms using Windows software, where turnover can exceed 33 percent per
      year.  http://www.zdnet.com/intweek/stories/news/0,4164,2766045,00.html
    
    Oleg Broytmann  http://phd.pp.ru/  phdat_private
    
    ------------------------------
    
    Date: Mon, 28 May 2001 20:57:15 +0100
    From: "Chatan Mistry" <Chatanat_private>
    Subject: UK Government Gateway blocks non-MS browsers
    
    An article appeared on *The Register* on 28 May 2001.  The original article
    can be found at http://www.theregister.co.uk/content/4/19239.html
    
    In short, the article briefly described an investigation by the UK Linuxuser
    magazine.  It has found that the certificates being used on parts of
    gateway.gov.uk, the UK governments attempt at making all services available
    online by 2005, are specific to Windows and Internet Explorer 5.01.  These
    signatures are currently provided by Equifax and ChamberSign.  The article
    also goes to say that:
    
      The Government Gateway doesn't exactly have much up on it at the moment,
      but the likelihood is that although simple registration by user name and
      password will give you access to some information services, all of the
      transactional ones will require use of certificates.
    
      The one service available for individuals, electronic filing of tax
      returns, certainly does, so effectively only Windows/IE users can
      currently use it. UK.gov seems to have swallowed the Microsoft pitch
      whole; according to Linuxuser, the explanation given is that "other
      browsers do not give proper support for SSL and digital certificates."
    
    I for one am very concerned.  With Microsoft-based servers apparently being
    hacked almost at will, I can see a future when it will no longer just be the
    Internet where your identity can be used.  And just for variety, what about
    if you are one of these people (aleit in the minority) that uses a non MS
    operating system or x86 hardware (such as a Mac)?
    
    Of course, until the original Linuxuser article appears (the issue
    containing this article goes on sale next week), not of this can be
    collaborated.
    
    ------------------------------
    
    Date: Tue, 29 May 2001 11:22:58 -0400
    From: "Greg Searle" <gsearleat_private>
    Subject: The risks of clueless marketing
    
    Has anyone else noticed the cluelessness of Microsoft's marketing when
    assigning a name to their new line of products?  Do you think any of these
    marketing people are familiar with the popular "emoticons", or "smileys"?
    Has anybody else realized that "XP" is a person wincing and sticking their
    tongue out?  Will the new MS products leave a bad taste in your mouth?  :-b
    
      [:-b is itself quite nice.  A tongue-tied emoticon? PGN]
    
    ------------------------------
    
    Date: Sat, 02 Jun 2001 19:32:56 GMT +0000
    From: dbellat_private (David G. Bell)
    Subject: Computer-generated mail -- too easy to fake?
    
    A front-page story in *The Yorkshire Post* of 2 Jun 2001 reported that fake
    letters had been sent out in Bradford, requesting that people send
    _original_ birth certificates to enable the local council to recreate
    records lost through a computer error.
    
    Original birth certificates are usable for identity theft.
    
    The new twist comes from how the letters were created:
    
      A council spokesman said they had no reason to believe council employees
      had stolen headed paper as the headings on most council correspondence
      were printed of on each individual letter by computer, and so could be
      copied by anyone who has received a letter by e-mail.
    
    I'm not sure just what the computer-printed headings are, whether it
    includes some expensively-designed logo, and what details are actually
    included in e-mails.  Obviously, it's that little bit easier to fake a
    letter if the genuine article is entirely computer-printed, rather than
    using old-fashioned pre-printed paper.  Even with that barrier, people are
    becoming used to entirely computer-printed letters, headings and all.
    
    I just hope I don't get an e-mail from Bradford council, if they have their
    logo attached as a graphics file.
    
    [Original Yorkshire Post story by Amy Binns <amy.binnsat_private>]
    
    David G. Bell -- Farmer, SF Fan, Filker, and Punslinger.
    
    ------------------------------
    
    Date: Sat, 2 Jun 2001 11:11:06 -0400 (EDT)
    From: David Lesher <wb8fozat_private>
    Subject: Forgery Attempt -- risk of identity theft
    
    of a different sort....
    
    <http://washingtonpost.com/ac2/wp-dyn/A10385-2001Jun1?language=printer>
    
      ... The package arrived bearing the official stamp of the Prince George's
      County clerk of the Circuit Court, the signature of the chief judge and a
      court order demanding the immediate release from prison of a triple
      murderer.
    
    {details re: attempt to free prisoner with forged documents}
    
      [Prince George's Chief Administrative Judge William D.] Missouri said he
      believes the signatures were photocopied from real court documents and
      pasted onto the fake release order. He suspects that someone inside the
      courthouse may have been involved.  ...
    
    This is not the first time copied signatures have been used.  It won't be
    the last. But one wonders what the big push at retailers toward digitized
    credit-card slips will bring.
    
    ------------------------------
    
    Date: Tue, 29 May 2001 16:02:19 -0500
    From: RISKS List Owner <riskoat_private>
    Subject: Sex-offender database risks
    
    One of our readers was searching through the Illinois Registered Sex Offender
    database at
      http://samnet.isp.state.il.us/ispso2/sex_offenders/index.asp
    and ferreted out a wide variety of database errors, some of which could have
    really nasty consequences.  There are lots of incorrect street addresses,
    ZIP codes, mispelingz, inconsistencies, people living in different
    apartments shown with the same address, etc.  The Chicago Police Department
    Sex Offender Database is not consistent with the Illinois State Police Sex
    Offender Information.  To discourage vigilantes, the former database omits
    digits of addresses that are given in full in the latter, but the former has
    photos that are omitted by the latter.  One wonders about how many entries
    point to the wrong person.  Overall, the risks are many.
    
    ------------------------------
    
    Date: Sat, 02 Jun 2001 21:49:06 -0400
    From: Jeremy Epstein <jepsteinat_private>
    Subject: Crash leaves disabled riders stranded
    
    MetroAccess is a Washington DC-area public transit system for the disabled
    (door-to-door service).  Users call up at least 24 hours in advance to make
    a point-to-point reservation to get to/from work, shopping, medical care,
    etc.  According to a 1 Jun 2001 article in *The Washington Post*
    (http://www.washingtonpost.com/wp-dyn/articles/A3679-2001May31.html), Metro
    Access lost all reservations for services due to crashes by both the primary
    and secondary systems.  Those with regularly scheduled service (e.g., every
    day or every week) were recovered from a backup system, but anyone with a
    one-time reservation was lost (about 1000 of the 2800 entries in the
    database).
    
    The contractor that runs the system "has no idea who had placed the
    remaining 1000 reservations and made public pleas for anyone with a Metro
    Access reservation to call and confirm it."  Which could, of course, lead
    to more failures as the system gets overloaded with calls.
    
    The article claims that it was a hardware, not a software problem.  No
    information was provided on how often backups are done, or how both the
    primary and secondary systems failed at once (seems quite unlikely if it
    truly is a hardware problem, unless both were hit by lightening or
    something like that).
    
    ------------------------------
    
    Date: Fri, 1 Jun 2001 19:02:50 +0100
    From: John Sullivan <johnat_private>
    Subject: BT upgrade: The best laid plans ...
    
    British Telecom currently offer two fixed-cost internet access plans for
    ISPs to resell. One ISP, PlusNet, has supported the old scheme (SurfTime)
    since last year. However they wanted to move over completely to the new
    scheme (FRIACO) which is simpler and cheaper. This has been in the pipeline
    for months. Amongst other differences SurfTime requires you to buy two
    separate components, one from the ISP and one from BT.
    
    A couple of days ago an email was sent announcing today as the date of the
    big change. It recommended cancelling the BT component of SurfTime last
    night (the 31st May), as they would no longer be supporting at their end as
    of now.
    
    Early this morning user accounts were migrated across, the FRIACO access
    numbers were enabled and the old SurfTime numbers were disabled. The problem
    is that both services require your local exchange to be upgraded and
    configured, by BT, just so. And many exchanges haven't been, resulting in
    many unhappy customers unable to dial in.
    
    At 5pm (about 12 hours after the migration) PlusNet announced that the
    SurfTime access numbers had been re-enabled until such time as BT fixed
    their end of things. Unfortunately some people had already followed the
    instructions in their previous message to cancel their SurfTime subscription
    at the BT end last night...
    
    One message from PlusNet reads:
    
    > We are obviously very disappointed about this as we have spent months on
    > meticulous planning, but we have been let down somewhat by third parties.
    
    Of course, with so much planning it was *bound* to work first time. No need
    to keep the old service available until the new was *proven* to work, oh no.
    
    ------------------------------
    
    Date: Sun, 27 May 2001 10:55:37 -0500
    From: Scot Wilcoxon <scotat_private>
    Subject: Re: Software Engineering, Dijkstra, and Hippocrates (M.Cook, R-21.42)
    
    > The March 2001 issue of the *Communications of the ACM* contains an
    > article by Edsger Dijkstra called "The End of Computing Science?"
    ...
    > As many of the RISKS entries have shown, application and other developers
    > have certainly made a mess of things at times, often of Laurel and Hardy
    > proportions ("That's another fine mess you've got us into."), and worse.
    
    The title refers to "Computing Science".  Most developers have never
    taken a Computer Science course, much less know the underlying concepts
    or apply them.  I suspect many do not know who Dijkstra or the ACM are.
    
    ------------------------------
    
    Date: Tue, 29 May 2001 12:03:46 -0500
    From: "Richard I Cook" <ri-cookat_private>
    Subject: Re: Software Engineering, Dijkstra, Hippocrates (M.Cook, RISKS-21.42)
    
    Michael Cook [no relation] wrote in RISKS-12.42
    
    > If/when Software Engineering becomes a fully licensed profession, perhaps
    > part of the code of ethics should be similar to the intent of part of the
    > Hippocratic Oath, "First, do no harm".  This is a paraphrase of the
    > statement "The health and life of my patient will be my first
    > consideration" which is from the World Medical Association's "Declaration
    > of Geneva" of 1948.
    
    Speaking from experience as a member of the profession for which that oath
    was originally developed, I would suggest that Michael's laudable objectives
    might better be pursued via some other route.
    
    Richard I. Cook, MD
    
    ------------------------------
    
    Date: Mon, 28 May 2001 08:17:35 +0200
    From: "Michael Weiner" <michael_weinerat_private>
    Subject: Re: EU considers retaining *all* telecom traffic (Weingart, R-21.42)
    
    Dave Weingart reported on EU plans to retain all telecoms traffic.
    Apparently, the EU is not that ambitious, but the issue is critical enough.
    Current EC telecommunications law protects the privacy of telephone users by
    obliging the operator to delete or anonymize traffic data as soon as there
    is no more pressing need to retain it (e.g., as the bill for the services 
    have been paid, etc. - see article 6 of
      http://europa.eu.int/eur-lex/en/lif/dat/1997/en_397L0066.html).
    
    Law enforcement agencies find this cumbersome as it does not allow them to
    obtain information on past telephone usage (for the period before they
    placed a tap). Statewatch, a British NGO active in the field of privacy
    protection, has published a leaked EU Council document on its website that
    urges the Commission "to review [...] the provisions that oblige operators
    to erase traffic data or to make them anonymous" in order to "ensure that
    the purpose limitations regarding the personal data do not come into
    conflict with the law enforcement authorities' needs of data for crime
    investigation purposes": 
      http://www.statewatch.org/news/2001/may/enfo7277.htm
    
    If this initiative is acted upon, it will significantly reduce the privacy
    protection of telephone users in the European Union. Network operators will
    have to foot the bill for providing the necessary storage space and for
    carrying out the database searches that will no doubt be requested by law
    enforcement agencies.
    
    ------------------------------
    
    Date: Fri, 25 May 2001 14:39:53 +1200
    From: "Dr Richard A. O'Keefe" <okat_private>
    Subject: Re: NZ Electoral Web Site
    
    I've had some responses to my note in RISKS-21.41.  Others have confirmed
    that they find the pages unreadable.  The site maintainer has also been in
    contact, and in fairness I think I should make these points.
    
    (1) NZ law requires a signature on any application to
        change electoral roll records; what the Web site does
        is let you fill out a form electronically which you can
        then fill in, sign, and post, or you can ask them to
        print the completed form and post it to you.
    (2) This means that the newspaper report that you can
        enroll and change your record ONLINE is at best a
        half-truth.  RISK of believing the newspapers?
    (3) The maintainer did not respond with an angry defence
        but has sought constructive advice about improving the
        site.  I sent some advice, and was given a thank-you.
    (4) It's more secure than I said.  Apparently, had I been
        able to get further, I would have been asked for my
        house number as well.  (No comment on my part required.)
    (5) I was assured that the site had been "extensively
        tested":  on Windows, using Netscape 4 and IE 4.  They
        don't apparently have a Mac to test things on.
    (6) The fact that I can't get through *may* have something
        to do with the support (or lack of it) for SSL at this
        end.  (iCab indicates this with "Network error #-15",
        some browsers are better, some are even worse.)
    
    There remains the Risk of a NZ Government project being placed in a position
    where "extensive testing" has to mean Windows-only.
    
    ------------------------------
    
    Date: Thu, 24 May 2001 16:06:19 +0930
    From: Arthur Marsh <arthur.marshat_private>
    Subject: Re: Another Backhoe Reminder (Felsche, RISKS-21.41)
    
    I doubted that there were "thousands" of fibres to reconnect, and looked
    for other accounts of the incident. ZDNet Australia had an account at:
    http://www.zdnet.com.au/news/dailynews/story/0,2000013063,20222584-1,00.htm
    that included:
    
      Telstra crews had to replace 1.5 kilometres of cable and reconnect
      every individual fibre optic wire within it - about 150 strands in total.
    
    Arthur Marsh, Network Support Officer, Information Technology Services
    The University of Adelaide SA 5005 Australia  Ph: +61 8 8303 6109
    
      [PGN notes: This was also discussed by Kent Borg, who added a 
      Lesson: Just because someone is an official spokesman doesn't mean he
      actually knows what he is talking about.  Also, just because something
      is written with quote marks doesn't mean the quote is accurate.
      Someone clearly confused the image of a trunk of a zillion copper
      pairs with fiber optic cables and came up with a mule that doesn't
      exist; and no Australian Broadcasting Corporation editor caught it.]
    
    ------------------------------
    
    Date: Sat, 26 May 2001 00:37:27 -0500
    From: David Crooke <daveat_private>
    Subject: Re: WeatherBug and Gator (Garrison, RISKS-21.42)
    
    Your correspondent seems surprised that the accompanying Gator product
    offers to store passwords, but this is a feature of more than one modern
    browser (Mozilla and Internet Explorer spring to mind) and of almost every
    one of Microsoft's own products, including (laughably but sadly) their PPTP
    VPN client.
    
    ------------------------------
    
    Date: Mon, 28 May 2001 13:49:58 +0100
    From: jk <jzkat_private>
    Subject: Re: 37% of programs used in business are pirated (RISKS-21.42)
    
    This study clearly has shock value as it combines seemingly objective data
    and emotive language.  I have noted a number of misquotations of its
    findings in various news announcements and tried to find out how this figure
    of 37% is really computed.
    
    But first of all, as to credibility of source: does the Business Software
    Alliance (BSA) have any vested interest in artificially inflating or
    deflating this figure? The International Planning and Research (IPR)
    organisation which seems to have advised the BSA says that 'BSA educates
    computer users on software copyrights; advocates public policy that fosters
    innovation and expands trade opportunities; and fights software piracy.'
    The BSA report at http://www.bsa.org/resources/2001-05-21.55.pdf concludes
    that 'To ensure a high level of confidence, member companies of BSA reviewed
    the results of the study and their input was used to validate and refine the
    study assumptions'.
    
    This sounds like an inherently highly risky procedure for obtaining the
    truth.  But to press on...
    
    The methodology, from what I can understand of it, compares the number of
    computers sold to each country with the amount of software sold to that
    country (lots of various 'adjustments' for replacements, maturity etc the
    bases of which are not explained).  The number of computers sold is then
    multiplied by a number (again, all highly convoluted, but no hard details as
    to where these magic numbers come from) to give a figure for the demand for
    software given the hardware sales.  The difference between this demand
    figure and the amount of software actually sold is the amount of 'piracy'.
    This is in fact a gross simplification of their actual methodology but seems
    to be the essence of it.  It relies a lot on magic numbers.
    
    In comparison to the coyness of the description of how all the magic numbers
    are computed, the final data, *is* displayed in glorious detail per country,
    per year, dollar loss, etc.
    
    If the way the magic numbers were arrived at is fair and above board, then
    it would make sense to publish details of the process in order to boost the
    confidence of the report and to show that not only does it make an emotive
    point, but that it has good grounds for doing so. Otherwise, given the
    source, one may be tempted to dismiss it on the grounds of possible
    self-interest by the authors (if they wish to fight software piracy, they
    could hardly publish a report which says that software piracy doesn't exist,
    could they?)
    
    I spoke last summer to a technical manager of a medium-sized company in one
    of the so-called 'black spots' of software piracy fingered in the report.
    He told me that when they up-sized, the company had moved from MS Office to
    Star Office, because the latter was being given away for free.  He also told
    me of how the company sourced shareware and freeware because he didn't trust
    'black-market stuff'. Shareware is usually an order of magnitude cheaper
    than commercial stuff, and you often get to keep in touch with the folk that
    created it as well. He and I have remained in contact and swapped some
    interesting resources, so it isn't all talk.
    
    His approach sounded eminently rational to me: if you're poor, buy the
    hardware and find free- and share-ware on the web.  All of a sudden, the
    conclusions of BSA report sounded a lot more risky to me.
    
    Jurek Kirakowski, HFRG, Ireland  http://hfrg.ucc.ie/   http://hfrg.ucc.ie/jk/
    
    ------------------------------
    
    Date: Tue, 29 May 2001 16:25:51 +0100
    From: "Merlyn Kline" <merlynat_private>
    Subject: Re: 37% of programs used in business are pirated (RISKS-21.42)
    
    > tops the list in terms of dollars (an estimated $4 billion) lost to piracy.
    
    This sounds like one of those inflammatory and inflationary statements the
    RIAA has become fond of recently. To my mind there is a big difference
    between this statement (which describes something that I can't imagine a
    means of estimating) and a statement like "tops the list in terms of dollars
    (an estimated $4 billion) retail value of pirated software". Many users
    would not be using the software they are using if they were forced to buy it
    rather than pirate it - they would be using a cheaper alternative.
    
    ------------------------------
    
    Date: Sat, 26 May 2001 19:58:02 +0100
    From: Simon Waters <Simonat_private>
    Subject: More SMS SPAM (Re: Moskowitz, RISKS-21.42)
    
    Robert Moskowitz's Risks article 'Great DoS attack for cell phones' prompted
    me to write.
    
    This week I've received two identical SMS messages telling me to urgently
    call a number, normal enough for a busy IT consultant perhaps, but the
    number was for a premium rate line.
    
    Such abuses are not specifically SMS related (A favourite UK scam was to
    make very cheap goods and holiday offers via junk fax, where to accept it
    the order must be sent to a premium rate fax number - no doubt some Office
    employees figured they would turn their employers phone bill into their
    holiday money and ordered despite knowing the number was premium rate),
    although the ever changing number schemes inflicted on the average Brit by
    our telecoms regulator is making it harder and harder to sort out the wheat
    from the chaff, and the sheer number of mobile phones will make these scams
    more profitable and presumably therefore more common.
    
    At least I may have found a use for the premium rate number blocking service
    offered by many mobile phone operators, it will let people act on their SMS
    messages without be lumbered with an unexpectedly large bill.
    
    Perhaps someone would care to enlighten me as to what urgent messages I
    declined to pay for?
    
    Simon Waters  www.eighth-layer.com  Tel: +44(0)1395 232769  ICQ: 116952768
    Moderated discussion of teleworking issues at news:uk.business.telework
    
    ------------------------------
    
    Date: Wed, 30 May 2001 11:45:01 -0400 (EDT)
    From: msbat_private (Mark Brader)
    Subject: Re: Lost train (Weber-Wulff, RISKS-21.42)
    
    I don't think the Swiss Federal Railways (Schweizerische Bundesbahnen,
    SBB, http://www.sbb.ch) could have been involved here: the lines from
    Chur to Davos are part of the Rhaetian Railway system (Rha"tische Bahn,
    RhB, http://www.rhb.ch).
    
    Mark Brader, Toronto, msbat_private
    
      [Correction noted in RISKS-21.43.  But could be a joint arrangement? PGN]
    
    ------------------------------
    
    Date: 12 Feb 2001 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) 
     if possible and convenient for you.  Alternatively, via majordomo, 
     SEND DIRECT E-MAIL REQUESTS to <risks-requestat_private> with one-line, 
       SUBSCRIBE (or UNSUBSCRIBE) 
     which now requires confirmation to majordomoat_private (not to risks-owner)
     [with option of E-mail address if not the same as FROM: on the same line,
     which requires PGN's intervention -- to block spamming subscriptions, etc.] or
       INFO     [for unabridged version of RISKS information]
     .MIL users should contact <risks-requestat_private> (Dennis Rears).
     .UK users should contact <Lindsay.Marshallat_private>.
    => The INFO file (submissions, default disclaimers, archive sites, 
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All 
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 20" for volume 20]
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a 
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing, 
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 21.44
    ************************
    



    This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 16:29:23 PDT