[risks] Risks Digest 21.70

From: RISKS List Owner (riskoat_private)
Date: Fri Oct 19 2001 - 15:49:22 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 21.71"

    RISKS-LIST: Risks-Forum Digest  Friday 19 October 2001  Volume 21 : Issue 70
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/21.70.html>
    and by anonymous ftp at ftp.sri.com, cd risks .
    "Glitch" assigns votes to wrong candidate (Tom Malaher)
    Pregnant chad revisited (Douglas W. Jones)
    Internet voting, revisited (Marcus de Geus)
    LA County voting machine status report (David Schneider)
    Stray bomb caused by typo (Tim Hollebeek)
    Jet engine starter motors (Ben Laurie)
    Your stolen Passport (Monty Solomon)
    Re: A Risk from Excel and Outlook (Martin Torzewski)
    Euro changeover (Douglas Long)
    Re: Outlook for Thanksgiving (Edward Reid, Conor O'Neill)
    Re: Risks of bogus e-mail addresses "FROM: ObL" (Sascha Mattke)
    Improper address-change validation (Leonard Erickson)
    Re: Ham radios in the aftermath of 11 Sep 2001 (Jack Decker)
    ACM Forum on Legal Regulation of Technology (Edward W. Felten)
    International Conference on COTS-Based Software Systems (Carol Biesecker)
    REVIEW: "Viruses Revealed", Robert M. Slade/David Harley/Urs Gattiker
      (Rob Slade)
    Abridged info on RISKS (comp.risks)
    Date: Wed, 17 Oct 2001 23:02:27 -0600
    From: Tom Malaher <risksat_private>
    Subject: "Glitch" assigns votes to wrong candidate
      [With Election Day coming up again (!!!) in the U.S., the first
      four items in this issue seem particularly relevant.  PGN]
    Computer glitch miscounts votes ...  Just after midnight, one of them
    [supporters] decided to take a last look at the results on the city's
    election Web site and discovered Desbarats had won -- a computer glitch had
    assigned the wrong totals to each candidate. ...  The problem, said election
    officials, stemmed from the fact candidate Athena d'Arras's surname starts
    with a lower case "d," and the computer database that sorted election
    results didn't recognize it as the first letter of her last name.  "Capital
    letters were sorted first and smaller letters were sorted next, so
    everything went in for the wrong candidate," said Barbara Clifford, the
    city's returning officer.   [Source: *Calgary Herald*, 17 Oct 2001:]
    [My question is, why would the sort order of the output affect the correct
    assignment of votes to candidates?  Hopefully the unique key being used is
    not the index position in a sorted array, but something more sophisticated.
    Tom M]
      [Perhaps the programmer implicitly assumed the order of appearance was
      indeed ASCII-collating-sequence sorted!  Close but no ASCIIgar.  PGN]
    Date: Fri, 19 Oct 2001 15:16:10 -0500 (CDT)
    From: "Douglas W. Jones" <jonesat_private>
    Subject: Pregnant chad revisited
    I've recently gotten my hands on a Votomatic voting machine (thanks
    to Larry Mandel of Governmental Business systems Inc for sending it
    to me, out of the blue), and I've used it to do some experiments on
    pregnant chad, following up on questions arising from an interview
    I did with the Fort Lauderdale Sun Sentinel last December.  The results
    of my experiments are on the web, in:
    complete with lots of pictures.  In sum, certain ballot positions on a
    Votomatic voting machine, and not others, are particularly prone to jams
    caused by an accumulation of chad inside the mechanism.  This was not
    difficult to uncover -- although punching all that chad was a bit boring.
    If the election community was supported by a decent research capability,
    this problem with the machine ought to have been known years ago.  I'm
    shocked that nothing was mentioned of this possibility in any of the
    testimony I'm aware of from last winter's legal battles or the
    Congressional hearings last spring, because once you take the machine
    apart and look at how it works, the risk is pretty obvious.
    Doug Jones <jonesat_private>
    Date: Wed, 17 Oct 2001 02:02:48 +0000
    From: "Marcus de Geus" <marcusat_private>
    Subject: Internet voting, revisited
    A Dutch RNW news mailing reports that Internet (presumably WWW) voting to find
    a new name for the merged towns of Leidschendam and Voorburg in the
    Netherlands was abandoned after large-scale fraud was suspected.
    Starting on 12 Oct 2001, residents of the two towns, which are due to merge
    on 1 Jan 2002, were given the opportunity to indicate their choice of names
    (which I won't bother you with) for the new municipality via the Internet.
    On 15 Oct, 10,000 votes were counted, which was considered "an improbably
    high count". Also, the town councils received e-mail warnings pointing out
    the susceptibility to fraud of Internet voting.
    As a result, the referendum will be restaged, this time using a new medium:
    e-mail. Voters will be asked to leave their name and address.
    I don't think there's any need to point out the RISKS.
    Marcus de Geus <marcusat_private>  http://www.degeus.com
    Date: Tue, 16 Oct 2001 18:03:48 -0700
    From: "Schneider, David" <David.Schneiderat_private>
    Subject: LA County voting machine status report
    On the KLCS broadcast of 2001.10.10, the Los Angeles County Board of
    Supervisors meeting included an agenda item on digital voting machines.
    I caught it in progress, but was able to make the following notes:
    Conny B. McCormack, The LA County Registrar/Recorder was giving a progress
    report, and made the following points
    - The Cal Tech/MIT report was that digital voting machines [in general?]
      were "not ready" for full deployment.
    - Logistics:  current models are heavy, increasing transportation issues,
      including delivery charges.
    - Training: The decertification of [prescored] punch cards was due to 1-3%
      problems that voters experienced - it can expected to be difficult to keep
      new system problems that low.
    - Training: LA County has to train 2500 poll workers who cover 5000  [500?]
      polling places.
    - Punch cards allow parking-lot setup if polling place is locked; what would
      be the fallback with digital voting machines?
    - Phased introduction is desirable: early voters in 2000 (9 locations 1%
      of voters) and 2002, and full deploy in off-year election such as 2005.
    - Paper ballots are a contingency plan; they remain certified and are
      cheaper but the slow count that results is an issue.
    Supervisor Knabe had the comment that he had observed, in the early voter
    trial, that seniors had fear of the new machines going in, but liked the big
    print; and the disabled liked voice features
    Supervisor Yaroslavsky was asking what is consequences of missing the goal
    of full deployment for the 2004 election, and how would the conversion be
    funded?  (This would be a BIG budget hit).
    Ms. McCormack pointed out in other comments that LA County (among others in
    California) had to respond to the California Secretary of State, but that
    this was being driven by a class-action lawsuit, and the court could mandate
    a stricter schedule than the Secretary of State might.  Also, there was a
    reference made that, "Cal Tech voting machines did not yet exist".
    I hope my summary is reasonably accurate, and that the parts I missed don't
    change the thrust of the discussion.  Meanwhile, voting officials will be
    watching the counties in Florida where digital voting machines would get
    their next big trial.
    David Schneider
    Date: Mon, 15 Oct 2001 13:12:29 -0400
    From: Tim Hollebeek <timat_private>
    Subject: Stray bomb caused by typo
    Several sources are now reporting that a satellite bomb that went astray and
    hit a residential area did so because the pilot entered one digit wrong when
    entering the target coordinates.
    Without more information, it is hard to say definitively how this problem
    could be avoided, but it certainly seems feasible that systems which display
    or accept GPS coordinates could use a check digit that detects one digit
    errors and transpositions, much like the one used in credit-card numbers.
    If at all possible, systems attached to 2000-lb warheads should be as
    resistant to typos as commercial systems are.
    Tim Hollebeek
    Date: Mon, 15 Oct 2001 14:42:49 +0100
    From: Ben Laurie <benat_private>
    Subject: Jet engine starter motors
    Recently I flew from Heathrow to Boston with British Airways on (I think) a
    747. My plane was delayed for two hours while one of the starter motors was
    replaced. We then flew to Boston without event.  Whilst in Boston I joked
    with friends that it was kind of scary that the starter motor was replaced
    and tested precisely once before we flew across the Atlantic. Of course, the
    response (which I naturally expected) was that it only needed to work
    once. But is that true?
    As it happened, on my return flight I spent the takeoff in the cockpit of
    the 777 I flew back on. As we took off, I noted that the copilot switched
    the starter motors to "continuous" after takeoff. When I asked why, he said
    that because there were a lot of clouds, the moisture could put the engines
    out -- so they ran them in continuous start "just in case".
    So, how safe was it to fly across the Atlantic on a single test?
    Ben.  http://www.apache-ssl.org/ben.html
    Date: Wed, 3 Oct 2001 22:45:59 -0400
    From: Monty Solomon <montyat_private>
    Subject: Your stolen Passport
    ZDNET, OPINION, By Wayne Rash, 26 Sep 2001
    The way Dave Thomas describes it, he and his staff were trying to track down
    a series of unusual bugs in Windows, when they stumbled across something
    that really worried them. There, on their screens along with the code they
    were debugging, was the name and password they'd just used for Microsoft's
    Passport service. Worse, it was in plain text, and readily accessible. As he
    looked more deeply, he realized that creating a worm that could recover that
    information would be, in his words, "trivial."
    Date: Tue, 16 Oct 2001 13:32:21 +0100
    From: Martin Torzewski <torzewsmat_private>
    Subject: Re: A Risk from Excel and Outlook (Re: RISKS-21.69)
    I encountered this some years ago.  See MS KB extract below (my italics).
    The article goes on to provide around 3 ways of avoiding it (none being
    default - the risk).  When I reported it the mail administrator where I
    worked at the time, we jointly concluded that the existence of the KB entry
    meant MS would be unresponsive to any report.
    As it happened, what was sent to me was sensitive in terms of cell content
    which I shouldn't have seen.
    Martin Torzewski  Work:   +44 (0)20 7426 7280
    OL98: Entire Excel Worksheet Copied Rather than Selected Cells	
    The information in this article applies to:
    *	Microsoft Outlook 98
    Double-clicking a selection of cells that are pasted from Microsoft Excel
    into a Microsoft Outlook 98 e-mail message, displays the entire worksheet
    rather than just the selection of cells.
    This is by design. When you use Microsoft Outlook Rich Text for the default
    e-mail message format and you paste the cells with the Microsoft Excel
    worksheet still open, the default paste option is Microsoft Excel Worksheet.
    Date: Sun, 14 Oct 2001 21:50:48 +0200
    From: Douglas Long <longat_private>
    Subject: Euro changeover
    I am trying to balance my first statement from my French bank.  (For those
    of you not familiar with the Euro conversion, banks in France currently
    allow transactions in both Francs and Euros, which results in a statement
    that contains amounts in both currencies.)  My bank provides two statements,
    the first in Francs and the second in Euros.  Unfortunately, I am trying to
    use Quicken to reconcile my account (which has its own peculiarities with
    respect to non-dollar currencies) and am running up against a problem with
    round off errors.
    Converting all values to Euros and then calculating the account balance, as
    I do in Quicken, yields one answer.  Calculating a partial balance in
    Francs, converting to Euros, and then completing the remaining calculations
    using Euros, as my bank does, yields a slightly different result.  Not
    enough to make a difference to me, but multiplied by 1000's of bank accounts
    one has to wonder if anyone is taking advantage of the rounding errors?
    [This possibility was suggested quite some time ago in
    http://catless.ncl.ac.uk/Risks/19.69.html#subj6.1 .]
    What makes me really wonder here is the way my ATM withdrawals are recorded
    on my statement.  Every withdrawal results in Francs coming out of the
    machine, but some ATM transactions are reported in Francs on the Franc part
    of my statement and others are reported in Euros on the Euro part of my
    statement.  This even occurs when I use the same ATM machine; some are
    recorded Francs, some are reported in Euros!  I can think of no rational
    reason why this is so.
    Douglas Long, Paris, France
    Date: Tue, 16 Oct 2001 9:48:00 -0400
    From: Edward Reid <edwardat_private>
    Subject: Re: Outlook for Thanksgiving (RISKS-21.69)
    > It seems that in some versions of Microsoft Outlook, Thanksgiving 2001 is
    > marked as 29 Nov.  In fact, Thanksgiving is early this year, on 22 Nov.
    That's not early. Thanksgiving has always been celebrated on the fourth
    Thursday in November, never the fifth. (Where "always" :=: as long as I've
    been alive, 52 years.) The risk is not that the celebration date might
    change -- it didn't -- but that the programming was done by someone who
    didn't know the basics of the application area (holidays).
    Edward Reid
    Date: Tue, 16 Oct 2001 13:46:25 +0100
    From: "Conor O'Neill" <ONeillCJat_private>
    Subject: Re: Outlook for Thanksgiving
    Surely the real risk here is any program pretending to 'know' anything
    about these public holidays. For the vast majority of the world, the
    US-style 'Thanksgiving' holiday doesn't exist at all.
    Conor O'Neill, Bristol, UK
    Date: Thu, 18 Oct 2001 08:26:25 -0400
    From: Sascha Mattke <mattke.sascha@guj-koeln.de>
    Subject: Re: Risks of bogus e-mail addresses "FROM: ObL" (Wayner, RISKS-21.68)
    That news is nonsense.  I talked with the priest who was cited on vnunet.
    He said that some Filipino members of his church received that sms and were
    also questioned by the police (very politely, he stressed), but this was in
    no way related to receiving the sms.  The padre basically said that the
    story was made up by a leftist ngo called Migrante International, then
    printed without research by the inquirer, and then found its way on the net.
    He and some Filipinos are now demanding the ngo to apologize for spreading
    fear with the relatives of the questioned people.
    Sascha Mattke, Redaktion BIZZ, Stolberger Strasse 200, 50933 Koeln
    Tel +49 (0) 221 - 5341-575  mattke.saschaat_private  http://www.bizz.de
    Date: Tue, 9 Oct 2001 04:35:52 PST
    From: shadowat_private (Leonard Erickson)
    Subject: Improper address-change validation
    About a month ago I decided to update some info in a personal ad on alt.com.
    Among other things, I changed the e-mail address that responses were and
    notifications of potential matches were to to be sent to.
    Imagine my surprise when I found that the confirmation message was sent
    *only* to the new address.
    Sure, it requires a password to get logged in to alt.com. But once there,
    *anyone* could change the info, and the first I'd have known was when I
    couldn't get in.
    While this isn't an application that can cause damage, it is one where
    the results could be more than a bit embarrassing.
    The method of "verification" chosen might guard against mistyping the
    address you wished to change to, but it provides no security.
    I've gotten no response to my e-mail to alt.com pointing out the flaws in
    their "security".
    Leonard Erickson (aka shadow{G})   shadowat_private
    last resort: leonardat_private
    Date: Mon, 15 Oct 2001 17:06:04 -0400
    From: Jack Decker <jackat_private>
    Subject: Re: Ham radios in the aftermath of 11 Sep 2001 (Murnane, R-21.68)
    With all due respect to Mr. Jonz and Mr. Collinsworth, the problems that
    amateur radio operators are having with government officials are, in my
    opinion, largely a product of their own attitudes.  Those who promote Linux
    and other alternative operating systems could take a lesson from this as
    Not too many years ago, there was a requirement that was considered
    absolutely essential for getting into ham radio: That you know Morse code at
    5 words per minute.  That may not seem like a huge obstacle (particularly to
    those who found it easy) but in a way it's like playing the piano - some
    people pick it up naturally and can "play it by ear", some struggle with it
    but do well enough to get by (IF they have sufficient motivation), and some
    are completely tone deaf - no matter how they try, it just doesn't make
    sense to them.  The amateur radio community has steadfastly refused to
    acknowledge that the latter group could even possibly exist.
    But what was worse was the attitude of many hams whenever someone advocated
    dropping the code requirement.  Their attitude was that the code acted as a
    "lid filter" which kept the "undesirables" (read: former CB radio operators)
    out of ham radio.
    The result of this was that there were many kids like myself, who had the
    interest and knowledge of electronics back in the 60's and 70's, but who
    found the code an insurmountable barrier.  Having been this excluded from
    the exclusive group of those who could "pound brass", we found it hard to
    figure out why we should care what happens to ham radio in the future.  We
    moved on to other things, like computers and the Internet.
    Then a little over a decade ago, U.P.S. (the folks who deliver packages
    using brown trucks) petitioned for some 2-meter frequencies that were carved
    right out of the ham bands.  A lot of hams were so arrogant that they
    thought there wasn't a chance that the FCC would give away any of their
    precious spectrum to a commercial interest.  Well, they got a rude
    awakening, and suddenly decided that perhaps it would be in their best
    interest to allow folks into certain classes of amateur radio without the
    code requirement, although even that did not happen without a lot of
    "kicking and screaming" by the older hams.
    But even then, they reserved the higher classes of amateur licenses - the
    ones that had access to frequencies capable of spanning long distances - for
    those that could decipher Morse Code at a higher rate of speed.  Even though
    some hams (and potential hams) had absolutely zero desire to communicate
    using Morse Code, the requirement was still forced upon them by the "old
    guard".  Wouldn't want any former C.B.'ers communicating with people
    overseas, you know!
    Well, guess what - that generation that the hams snubbed is the generation
    that's now holding political offices.  Many of those who know enough about
    amateur radio that they are not voting out of total ignorance, also know
    that they were welcomed on CB and told to go study the Morse Code (already a
    dying form of communication) by the hams.
    I see the same type of struggle happening today in the Linux community,
    between those who feel that Linux should be made as easy to use as Windows,
    and those who feel that people ought not to even be allowed to own a
    computer unless they know how to use the command line interface (I've even
    seen a few Linux folks suggest that computer users should be
    licensed!). Fortunately, since the use of Linux is not licensed by any
    government, vendors can make their own decisions as to how much
    user-friendliness to incorporate into the product.
    The risk is that if you set up something, be it a hobby or a computer
    operating system, in such a way that it appears that you are making it
    *deliberately* harder to learn than it needs to be, some folks either cannot
    or will not make the effort, and those are lost opportunities for making
    friends.  And it's also something that could come back to bite you in the
    butt, should those of the "excluded" class ever reach positions of power.
    Personally, I have good friends who are ham radio operators and yet I still
    find it difficult to have much sympathy for the plight of hams as expressed
    by Mr. Jonz and Mr. Collinsworth.  From where I sit, the hams (or at least
    their predecessors in the hobby) brought much of it on themselves.
    Jack Decker
    Date: Wed, 17 Oct 2001 06:55:24 -0700
    From: "Edward W. Felten" <feltenat_private>
    Subject: ACM Forum on Legal Regulation of Technology
    ACM Forum on Legal Regulation of Technology
    Laws and legal regulations are increasingly affecting what technologists can
    do. The ACM Forum on Legal Regulation of Technology is a new venue for
    technologists to discuss how the law is changing their work.
    There are many examples of the law's impact on technology. The growth of
    intellectual property claims, including software and business-model patents,
    has affected many technologists. Prohibitions on specific technologies, such
    as those in the U.S. Digital Millennium Copyright Act, have affected both
    researchers and practitioners. Applications of antitrust law have shaped the
    landscape for companies both large and small.
    Legal scholars have been discussing these issues for some time, but computer
    scientists have not been nearly as active in the debate. The forum seeks to
    bring technologists into the debate. Although we welcome the contributions
    of legal scholars, the forum belongs to technologists and has a
    technology-centric view.
    Many discussions will necessarily focus on the laws of a particular country,
    often the United States, but the forum is international in scope. Discussion
    of any country's laws will be welcome. In light of economic globalization,
    international treaties, and countries' efforts to harmonize their laws with
    each other, we expect technologists throughout the world to face many of the
    same issues.
    The forum will follow the model of ACM's successful RISKS Forum, issuing a
    periodic digest of contributions. Contributions will be chosen by a
    moderator, and generally will be short but may point to lengthier
    discussions elsewhere.
    The forum is sponsored by ACM. It is hosted by the Department of Computer
    Science at Princeton University. The moderator is Edward W. Felten.
      How To Subscribe:
      To subscribe, send an e-mail message to majordomoat_private The
      body of the message should contain the single line "subscribe lawtech".
      If all goes well, you will receive a reply message saying that you have
      been subscribed to the forum.
    Date: Mon, 15 Oct 2001 17:31:06 +0000 (UTC)
    From: cbat_private (Carol Biesecker)
    Subject: International Conference on COTS-Based Software Systems (ICCBSS)
    International Conference on COTS-Based Software Systems (ICCBSS)
    4 - 6 February 2002
    Orlando, Florida, USA
    World Wide Web: http://www.iccbss.org
    Implementing COTS-based software systems presents unique problems that
    typical reuse practices do not address.  As systems increasingly depend on
    the successful integration of COTS products, practitioners and researchers
    must be ready to meet these challenges.
    National Research Council Canada, the Software Engineering Institute, and
    the USC Center for Software Engineering present the inaugural International
    Conference on COTS-Based Software Systems (ICCBSS). ICCBSS is the first
    conference dedicated to solving the unique problems of using COTS products
    in large systems [*].  We have assembled a unique program that includes
    keynote addresses by Barry Boehm of the USC Center for Software Engineering,
    David Baum of Motorola Labs, Ivar Jacobson of Rational Software, and Mike
    Moore of NASA.  The conference features over 25 presentations covering COTS
    management and engineering processes, technical strategies, and practical
    experiences using COTS products in large systems.  In addition, panel
    discussions will address the critical issues involved in constructing
    survivable systems using COTS products, testing systems incorporating COTS
    products, and dealing with COTS vendors.
    Additional information about the program and conference registration
    can be found on this Web site: http://www.iccbss.org
    Contact: Barb Hoerr, E-mail: iccbss2002at_private, Phone: + 1 412 268 3007
      [* NOT TRUE.  I keynoted a NATO conference on that subject in Brussels,
      April 2000.  On my Web site you will find lecture notes for the talk, and
      references to many of the published papers given in my report on
      survivable systems and networks.  http://www.csl.sri.com/neumann PGN]
    Date: Tue, 16 Oct 2001 11:57:29 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "Viruses Revealed", Robert M. Slade/David Harley/Urs Gattiker
      [I think this book is very much worthy of mention in RISKS,
      despite the identity of the reviewer.  PGN]
    BKVR.RVW   20011013
    "Viruses Revealed", Robert M. Slade/David Harley/Urs Gattiker, 2001,
    0-07-213090-3, U$39.99
    %A   Robert M. Slade rsladeat_private, rsladeat_private, p1at_private
    %A   David Harley harleyat_private, macvirusat_private
    %A   Urs Gattiker (Denmark)
    %C   300 Water Street, Whitby, Ontario   L1N 9B6
    %D   2001
    %G   0-07-213090-3
    %I   McGraw-Hill Ryerson/Osborne
    %O   U$39.99 905-430-5000 +1-800-565-5758 fax: 905-430-5020
    %P   700 p.
    %T   "Viruses Revealed"
    The International Institute for Fashion and Other Really Nasty Things today
    announced the winner of the 2001 Award for the World's Ugliest Book Cover.
    "Normally, we wouldn't announce a winner until next spring some time," said
    Frederick Krueger, the Institute's president, "but with the release of
    `Viruses Revealed,' there really isn't room for any competition."
    Spokespeople for Osborne/McGraw-Hill would not speak for attribution, but
    one did admit that they were pleased with the award.  "We said we were going
    for `bold' and `eye-catching,' but our real target was to produce that
    sick-to-your-stomach flu feeling, to give people a real virus queasiness.
    It's nice to know we succeeded."
    Security specialists were equally quick to comment on the contents of the
    work.  "What a thick book!" said David Chess.
    "Da- I mean, darn it, where are the taxonomies?" said Winn Schwartau, author
    of "Internet and Computer Ethics for Kids."  He also promised to give us his
    *real* reaction "as soon as I get rid of the best of these rugrats."
    "I think more time should go by between Slade's books." - Larry Bridwell
    "How come my work didn't get mentioned?" - sarah gordon
    "read it" - A. Padgett Peterson
    "Should be `reviled'." - PGN
    "A mythic work!  No, sorry, that should be `mythical'." - Jeff Crume
    "Why are these guys misusing my name?" - Gene Spafford
    "Makes a great doorstop." - Tom Sheldon
    "Oooh, a foreword from spaf!" - David Chess (no relation)
    "Fills an unneeded gap." - Fred Cohen
    Misinformation about semi-recent viruses can be found at
    http://www.osborne.com/virus_alert/, while marketing hype is available
    at http://victoria.tc.ca/techrev/vrupdate.htm and
    http://sun.soci.niu.edu/~rslade/vrupdate.htm.  Some real links can be
    found at http://www.sherpasoft.org.uk/viruses-revealed/.
    copyright Robert M. Slade, 2001  BKVR.RVW   20011013
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    http://victoria.tc.ca/techrev   or   http://sun.soci.niu.edu/~rslade
    Date: 12 Feb 2001 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .MIL users should contact <risks-requestat_private> (Dennis Rears).
       .UK users should contact <Lindsay.Marshallat_private>.
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 20" for volume 20]
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    End of RISKS-FORUM Digest 21.70

    This archive was generated by hypermail 2b30 : Fri Oct 19 2001 - 16:30:59 PDT