[risks] Risks Digest 21.75

From: RISKS List Owner (riskoat_private)
Date: Mon Nov 19 2001 - 11:24:21 PST

  • Next message: RISKS List Owner: "[risks] Risks Digest 21.76"

    RISKS-LIST: Risks-Forum Digest  Monday 19 November 2001  Volume 21 : Issue 75
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/21.75.html>
    and by anonymous ftp at ftp.sri.com, cd risks .
    
      Contents: [Big backlog.  Another issue tomorrow to catch up.]
    Feds make record counterfeit software seizure (NewsScan)
    Google freely giving out your phone number and home address (Derek Ziglar)
    Researchers probe Net's 'dark address space' (Kevin Poulsen via 
      Dewayne Hendricks and David Farber)
    A large risk of national ID cards (Adam Shostack)
    Re: Programming error scrambles election results (Hamish Marson, Phil Kos)
    Re: DoS attack on Mac OS9 (Erann Gat)
    IP: Announcing URIICA - For the Sake of Internet Users Everywhere (PGN)
    REVIEW: "Internet and Computer Ethics for Kids", Winn Schwartau (Rob Slade)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Mon, 19 Nov 2001 08:04:38 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: Feds make record counterfeit software seizure
    
    California law enforcement officials made the largest seizure of counterfeit
    software in U.S. history, estimated to be worth about $100 million. The
    products, which originated in Taiwan, included about 31,000 high-quality
    copies of Microsoft's Windows Millennium Edition and 2000 Professional
    operating systems and tens of thousands of copies of Symantec security
    software. "They look so good that the purchaser would not know it was
    counterfeit," said Los Angeles County Sheriff Lee Baca. Some of the bogus
    discs even carried the "Do not make illegal copies of this disc" warning.
    Authorities have arrested three people on bribery conspiracy and smuggling
    charges, and another has been charged with state violations of
    counterfeiting a registered trademark. [AP 16 Nov 2001; NewsScan Daily, 19
    Nov 2001  http://news.excite.com/news/ap/011116/20/counterfeit-software]
    
    ------------------------------
    
    Date: Tue, 13 Nov 2001 09:24:58 -0500
    From: "Derek Ziglar" <dziglarat_private>
    Subject: Google freely giving out your phone number and home address
    
    If you are in the USA, try searching in Google for your name, followed 
    by your city, state or zip code--such as: Bob Smith Alaska. The first 
    results you get may well be your home phone number, home address, and a 
    link to a map (in some cases with a satellite photo of your house, too).
    
    The RISKS are staggering that this type of personal information is being
    automatically given out to people that weren't even asking for it. Sure,
    they were looking for some information about you. But cross linking data
    across purposes (web search versus telephone lookup) is one of the biggest
    privacy risks of the modern connected database age. It rapidly becomes
    one-stop shopping for everything anyone would want to know about
    you--whether they were asking for all that detail or not!
    
    In addition, Google does not provide any obvious mechanism to request 
    removal from this telephone listing.
    
    Derek Ziglar (city and state withheld for obvious reasons) dziglarat_private
    
    ------------------------------
    
    Date: Thu, 15 Nov 2001 15:53:54 -0500
    From: David Farber <daveat_private>
    Subject: Researchers probe Net's 'dark address space' (From Dave's IP)
    
    >From: Dewayne Hendricks <dewayneat_private>
    
    Researchers probe Net's 'dark address space'
    By Kevin Poulsen
    Posted: 15/11/2001 at 02:30 GMT
    <http://www.theregister.co.uk/content/55/22850.html>
    
    Broadband customers and US military systems are the most common victims of 
    an online phenomenon researchers have dubbed "dark address space," which 
    leaves some 100 million hosts completely unreachable from portions of the 
    Internet.
    
    For a variety of reasons ranging from contract disputes among network
    operators to simple router mis-configuration, over five percent of the
    Internet's routable address space lacks global connectivity, according to
    the results of a three-year study by researchers at Massachusetts-based
    Arbor Networks, to be released Tuesday.
    
    "Popular belief holds that the Internet represents a completely connected
    graph," says Craig Labovitz, Arbor Networks' director of network
    architecture. "It turns out that's just not true."
    
    Anecdotal evidence has long hinted at the existence of dark address space,
    but the researchers shed light on the subject by continuously gathering and
    analyzing core routing tables for three years. In the end, they found that
    for much of the Internet, the shortest path between two points doesn't
    exist.
    
    The most common factors contributing to dark address space: aggressive 
    route filtering by network operators seeking to ease the load on 
    equipment, and accidental mis-configuration. US military sites frequently 
    fall into the shadow zone because they often occupy neglected 'Milnet' 
    address blocks dating back to the Internet's stone age. Why cable modem 
    customers also top the list remains one of the unsolved mysteries in the 
    project, says Labovitz, who describes the research findings as preliminary.
    
    Murky Crime
    Despite the large number of hosts that fall into the partitioned space, 
    the phenomenon is generally not noticeable to average Internet users 
    because most Netizens only use a tiny portion of the Net. "Most people 
    access five or ten web sites," Labovitz says.
    
    The study was conducted by Labovitz, Michael Bailey and Abha Ahuja.  [...]
    
      [For IP archives see:
      http://www.interesting-people.org/archives/interesting-people/]
    
    ------------------------------
    
    Date: Mon, 12 Nov 2001 09:58:12 -0500
    From: Adam Shostack <adamat_private>
    Subject: A large risk of national ID cards
    
      (In response to http://www.csl.sri.com/neumann/insiderisks.html)
    
    I believe that there is an important risk, that of reliance, that will
    accompany a high-tech national ID card.  Every terrorist commits their first
    act of terrorism at some time in their life, and before that time, they
    cannot be any database of known terrorists.
    
    Once you start issuing cards, people will start relying on 'identity
    verification' rather than threat management.  We'll see people relying on
    background checks [1] rather than xrays.  We'll see special lines for
    frequent fliers, who are 'known trustworthy.'  They differ from pilots and
    flight crew in that they don't run into co-workers who can notice and react
    to strange behavior before the flight.  If you want to keep knives and guns
    off of planes, the answer lies in xrays, magnetometers, and other searching
    technology, not in believing that you know who's who.  Many of the national
    id card risks come from a layer of indirection from the real problem, which
    is not "Is Alice trusted," but, "Is the person in front of me trusted?"
    National ID cards not only do nothing to solve this problem, they distract
    us from attempting to solve it.
    
    [1] See the last para of
      http://www.spectrum.ieee.org/WEBONLY/special/sept01/idcards.html 
    
    ------------------------------
    
    Date: Mon, 12 Nov 2001 14:37:21 +0000
    From: Hamish Marson <hamishat_private>
    Subject: Re: Programming error scrambles election results (RISKS-21.74)
    
    The question remains. why oh why do companies insist on believing that the
    programmer is the best person to check, test and validate a piece of
    software that THEY have written.
    
    Not withstanding blatant bugs in the implementation of the logic, a tester
    will only test (Baring bugs in their testing of course :) what they
    anticipate the inputs to be. If the same people do the testing that did the
    programming, you are potentially missing out on whole swathes of input,
    because the same person doesn't realise they should be testing something
    they never thought of in the first place...
    
    Personally I like to think that anything I written isn't ready for prime
    time until at least one other person who UNDERSTANDS THE PROBLEM BEING
    SOLVED has had a chance to throw their data at it & verify if valid data
    comes out the other end.
    
    ------------------------------
    
    Date: Fri, 16 Nov 2001 18:20:02 -0800
    From: Phil Kos <PhilKat_private>
    Subject: Re: Programming error scrambles election results (RISKS-21.74)
    
    > .... a veteran county employee claimed to have tested his code, but 
    > apparently had not actually done so.
    
    Is it just me, or has anyone else noted that the two primary RISKs here are
    developers "testing" their own code and managers who think that software
    development is that trivial? I don't care how experienced a developer is,
    nobody (not even I! ;) can be relied on to find their own bugs. I would have
    certainly chastised the developer for not doing his job well enough, but I
    wouldn't had fired him. Instead I would have fired the people above him in
    the county bureaucracy who feel that critical software doesn't need to be
    tested--they're the truly dangerous ones here, and they're presumably still
    conducting business as usual now that they've sacrificed their scapegoat.
    
      [Testing by other folks is of course not sufficient.  But even more
      critical, design and code reviews are also useful in trying to detect
      Trojan horses, trapdoors, etc., placed intentionally by developers with
      the expectation that they would facilitate rigging elections.  PGN]
    
    ------------------------------
    
    Date: Mon, 12 Nov 2001 14:14:53 -0800 (PST)
    From: Erann Gat <gatat_private>
    Subject: Re: DoS attack on Mac OS9 (RISKS-21.73-74)
    
    Another masterful display of editorial subtlety from our esteemed moderator:
    
    From: "William Kucharski" <kucharskat_private>
    
    > The risk in MacOS 9 is not surprising, and not really a RISK.  Not
    > unless you're expecting the Multiple Users feature of MacOS 9 to provide
    > anything more than rudimentary security.
    
    From: Carl Maniscalco <camannospamat_private>
    
    > In my opinion, anyone who leaves a computer unattended in that state in
    > an insecure environment probably deserves whatever he gets.
    
    So on the one hand the security is so weak that the only risk is that users
    might be foolish enough to think that the feature is something more than a
    simple facade, but on the other hand the security is so strong that we are
    justified in blaming the victims of maliciousness or, more to the point,
    typos, for not being able to log in to their own machines any more.
    
    I really don't want to belabor this, but both of these respondents seem to
    have missed the point: I never meant to suggest that the OS9 multiple users
    feature should be taken seriously as a security measure.  That's why the
    subject of my post was "DoS attack on Mac OS9" and not "Security weakness in
    Mac OS9". The problem is not that security is weak (well, that's a problem
    too, but not the one I was talking about) but that the password can be
    changed without knowing the old password and without confirming the new
    password (which is, of course, not echoed on the screen). I'll grant that in
    reality attacks from malicious users are probably not a major concern, but
    if there's only one account on your machine and you decide to change its
    password then you had better type it in very, very carefully.
    
    Erann Gat <gatat_private>
    
    ------------------------------
    
    Date: Wed, 14 Nov 2001 07:55:43 -0500
    From: "Peter G. Neumann" <neumannat_private> 
    Subject: IP: Announcing URIICA - For the Sake of Internet Users Everywhere
    
    Announcing "URIICA" - Union for Representative International Internet
    	              Cooperation and Analysis
    
    		      http://www.uriica.org
    
    					Lauren Weinstein
    					Peter G. Neumann
    					David J. Farber
    
    					November 13, 2001
    
    An Open Letter to the Global Internet Community
    
         == Executive Summary ==
    
    The Internet has become too important for its development, management,
    security, and other critical aspects to continue largely on an ad hoc
    basis.  Internet-related issues, which now impact our world and lives in a
    vast number of ways, are usually approached in isolation from one another by
    existing organizations, and often in parochial and non-representative ways.
    
    We submit that a new organization is needed, created specifically to provide
    guidance relating to Internet functions and issues on an international and
    truly representative basis.  Such an organization could also help establish
    confidence that the Internet exists to benefit people everywhere, not merely
    commercial and other special interests.  We offer URIICA -- Union for
    Representative International Internet Cooperation and Analysis -- as a
    possible first step towards building such a future.
    
            -------------------------
    
    URIICA - Union for Representative International Internet Cooperation
              and Analysis - http://www.uriica.org
    
    In the more than thirty years since its genesis, the technology of the
    Internet has evolved from a little-known experiment to a major part of the
    world's infrastructures, with massive impacts throughout nearly every aspect
    of our cultures and lives -- from government to commerce, and from education
    to entertainment.  Over the decades, innumerable individuals and informal
    groups have labored to make the Internet what it is today.  Formal
    organizations have also played crucial roles, including ISOC, IETF, and
    ICANN, to name only three among many.
    
    But while the technical evolution of the Internet has been extraordinary in
    many respects, the ways in which the Internet is "managed" appear to be
    increasingly ill-suited in terms of overall planning, coordination,
    security, reliability, privacy, and numerous other key attributes.  Of equal
    concern is the perception that Internet development has become largely
    hostage to well-heeled, vested interests.  There are few and ever-decreasing
    opportunities for meaningful input on Internet issues from nonprofit
    organizations or ordinary Internet users without significant financial
    resources.
    
    These problems have been exacerbated by the historically isolated nature of
    many organizations working on Internet issues.  There is a tendency for each
    such group to concentrate mainly on their own interests, with little
    coordination with other groups or persons who may have different points of
    view.  There are also indications that some organizations have moved to
    extend their influence beyond their true competencies, and that those who
    have come to wield de facto power over controversial Internet-related issues
    may do so without a due consideration of international concerns, true
    representation, or even ordinary fairness.
    
    In the People For Internet Responsibility (PFIR) "Statement on Internet
    Policies, Regulations, and Control" [1], and "PFIR Proposal for a
    Representative Global Internet Policy Organization" [2], it has been
    suggested that the creation of a new international organization specifically
    to address these issues is a necessary step to successfully bring the
    Internet out of the age of turf wars and amateur theatrics into its
    appropriate role as a critical resource for the *entire* world and *all* of
    its peoples.  Of course, moving from theory to practice is often difficult,
    particularly when dealing with the founding of organizations that must
    tackle controversial issues.
    
    However, the rising importance of the Internet and the continuing decline in
    public confidence regarding its operations suggest that action is urgently
    needed now.  It is with this in mind that we offer "URIICA" - Union for
    Representative International Internet Cooperation and Analysis
    (http://www.uriica.org).  The name may be long, but its premise and goal is
    basically simple:
    
         The Internet should be dedicated to the needs and well-being of
         people all over the world, in a truly representative and fair manner.
    
    We offer URIICA as a forum for discussion, planning, and for building a
    framework towards accomplishing this goal, by bringing together in a
    *representative* manner an *international* group of diverse persons,
    organizations, and other groups who have commitments to the future of an
    open Internet.  These participants will not only encompass commercial
    interests, but also a wide range of nonprofit organizations, educational
    institutions, government agencies, individual Internet users, and anyone
    else who is willing to sit down and work for the common good.  We visualize
    URIICA as being a very big tent indeed, with a structure created from the
    ground up to encompass both domestic and international concerns, based upon
    balanced, fair representation for everyone involved.
    
    We do not present URIICA as a fait accompli.  There are innumerable details
    to be considered.  But we hope URIICA will be a useful vehicle to bring
    together many persons and organizations for the work, debate, and serious
    long-term planning that is desperately needed.  The Internet needs vision
    and dedication to be a beacon of hope for the future, and not merely a
    hi-tech mediocrity.
    
    If you're interested in helping, or have other comments, we'd very
    much appreciate hearing from you.  General comments and questions
    can be e-mailed to:
    
        uriicaat_private
    
    Please also feel free to call Lauren Weinstein on +1 (818) 225-2800
    (M-F 9:30 AM - 5:30 PM Pacific Time) if you wish to discuss this effort.
    
    If you'd like to join a (low-volume) e-mail list dedicated to URIICA and
    these issues, please send the message text:
    
       subscribe
    
    as the first text in the body of a message (the "Subject" field doesn't
    matter) to:
    
       uriica-requestat_private
    
    
    Over two millennia ago, the Greek mathematician Archimedes exclaimed "Eureka!"
    ("I have found it!") when he solved a vexing mathematical problem.  We hope
    that URIICA can be of value in helping us all move towards solving many of
    the important problems of the Internet that we face both today and
    tomorrow.  Thank you, and our best wishes to you all.
    
         [1] PFIR Statement on Internet Policies, Regulations, and Control
             http://www.pfir.org/statements/policies
    
         [2] PFIR Proposal for a Representative Global Internet Policy Organization
             http://www.pfir.org/statements/proposal
    
    Sincerely,
    
    Lauren Weinstein
        laurenat_private or laurenat_private or laurenat_private
        Tel: +1 (818) 225-2800
        Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
        Co-Founder, Fact Squad - http://www.factsquad.org
        Co-Founder, URIICA - Union for Representative International Internet
                             Cooperation and Analysis - http://www.uriica.org
        Moderator, PRIVACY Forum - http://www.vortex.com
        Member, ACM Committee on Computers and Public Policy
    
    Peter G. Neumann
        neumannat_private or neumannat_private or neumannat_private
        Tel: +1 (650) 859-2375
        Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
        Co-Founder, Fact Squad - http://www.factsquad.org
        Co-Founder, URIICA - Union for Representative International Internet
                             Cooperation and Analysis - http://www.uriica.org
        Moderator, RISKS Forum - http://risks.org
        Chairman, ACM Committee on Computers and Public Policy
        http://www.csl.sri.com/neumann
    
    David J. Farber
        farberat_private
        Tel: +1 (610) 304-9127
        Member of the Board of Trustees EFF - http://www.eff.org
        Member of the Advisory Board -- EPIC - http://www.epic.org
        Member of the Advisory Board -- CDT - http://www.cdt.org
        Member of Board of Directors -- PFIR - http://www.pfir.org
        Co-Founder, URIICA - Union for Representative International Internet
                             Cooperation and Analysis - http://www.uriica.org
        Member of the Executive Committee USACM
        http://www.cis.upenn.edu/~farber
    
    (Affiliations shown for identification only.)
    
    ------------------------------
    
    Date: Thu, 15 Nov 2001 08:03:15 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "Internet and Computer Ethics for Kids", Winn Schwartau
    
    BKINCMEK.RVW   20010815
    
    "Internet and Computer Ethics for Kids", Winn Schwartau, 2001,
    0-9628700-5-6, U$15.95/C$24.95
    %A   Winn Schwartau www.nicekids.net winnsat_private
    %C   11511 Pine St. N., Seminole, FL   33772
    %D   2001
    %G   0-9628700-5-6
    %I   Inter.Pact Press
    %O   U$15.95/C$24.95 727-393-6600 fax: 727-393-6361
    %P   ~150 p.
    %T   "Internet and Computer Ethics for Kids"
    
    Computer ethics can be a very frustrating field.  Professional organizations
    appear to have abandoned the area: they seem to have given up on the idea of
    "codes of ethics" and now prefer to write "codes of conduct."  "Values
    education" has progressed very little in the last thirty years.  All of us
    seem to be the disciples of Kohlberg, and assume that by sitting around
    discussing ethics, moral dilemmas, and scenarios, we will all somehow become
    moral individuals.
    
    And that's for the adults.
    
    For kids, the task is even more important, and much more difficult.  Maybe
    it's impossible.  But it is good to see that someone has at least given it a
    try.  I don't agree with everything Winn has done, but he has produced a
    valuable and helpful tool.  I hope that a great many people try it out, and,
    if it needs tuning, feed ideas back to improve it.
    
    This volume is a tool, and must be seen as such to be valued.  Schwartau
    has, probably wisely, not attempted to provide a full examination of ethical
    theories or systems.  The chapters are all very short: they are
    introductions, not expositions.  (As Blaise Pascal famously noted, it takes
    much longer, and much more work, to write a short piece than a long one.)
    The text is generally possible for the sixth grade reader, and is backed up
    with a short section on relevant ideas from the law, topics to think about
    and discuss, and resources for further study and research.
    
    Unfortunately, the work starts out weakly.  The introduction is vague.
    Seemingly the book is addressed to everyone.  The preface also states that
    the book has questions, but no answers.  A second introduction is more
    personal, but no clearer as to the intent of the text.
    
    Chapter one states that there are no rules, and then lays out some rules.
    Aside from the contradiction, which may be too subtle for the younger end of
    the audience, but which will probably be picked up by the later teens,
    relativism makes it difficult to discuss ethics at all.  To the question of
    what ethics are, chapter two has little explanation except to say that they
    are the "little voices."  A brief Internet history is probably supposed to
    point out that the Internet has grown too fast for formal regulation, in
    chapter three.  Chapter four starts out by raging against stereotypes of all
    kinds, and then stereotypes the media.  The text also tersely outlines
    various types of hackers.  Chapter five is a scenario, a rather simplistic
    story of a young person who is very clearly dealt with unfairly by "the
    Establishment," whose only possible recourse is to make unauthorized
    alteration of data on a computer.
    
    The material starts to get stronger as it becomes more specific.  Passwords,
    and the needs for strong ones, are discussed in chapter six.  Graffiti is
    equated with web page defacement in chapter seven.  Phone phreaking, war
    dialing, and anonymity are defined in eight to ten.  Malware, viruses and
    trojan horse programs, are covered in chapters eleven and twelve.  Chapters
    thirteen and fourteen deal with spoofing and spam.  Chapter fifteen points
    out that you have no idea whether what is said on the net is true, which
    leads to discussions of scams, online business, and rumours in sixteen to
    eighteen.  Stealing, in chapter nineteen, leads to examinations of software
    piracy and plagiarism.
    
    Chapters twenty two to twenty five look at the more ambiguous topics of
    social engineering, flaming, meeting people, and stalking.  Technical
    subjects, digital special effects and eavesdropping, get a brief look in
    chapters twenty six and twenty seven.
    
    The topics get harder as chapter twenty eight deals with pornography, then
    two chapters on privacy, another on monitoring, and ratting on others.
    
    Although the topics could be presented in various sequences, it might have
    been better to place chapter thirty three, discussing ethics and the law,
    closer to chapter two.  But it is also a good lead-in to civil disobedience
    and hacktivism, in chapter thirty four.
    
    The review of personal responsibility, in chapter thirty five, is very good.
    "Computer Police," in thirty six, deals mostly with law enforcement
    concerns, with a brief mention of vigilantism.  An interesting juxtaposition
    with chapter thirty seven, on getting caught.
    
    Chapter thirty eight, asks who makes the rules, but deals primarily with the
    home and who is in charge.  Again, making ethical decisions, in thirty nine,
    is good, but should be related to two and thirty three.
    
    Although it finishes off the book, chapter forty, and cyber-parenting, is
    the introduction for parents and teachers.  It is quite realistic and
    balanced.
    
    A final set of pages is probably an important part of the book.  A set of
    lined pages, they are important exercises for self-examination, headed with
    "My Personal CyberEthics," "My Family's CyberRules," "My Friends'
    CyberEthics," "CyberRules at My Friends' House," "CyberRules at School,"
    "What My Parents Need to Learn," "What My Teachers Need to Learn," "My
    Company's CyberEthics and Rules," and "What I think I Need to Learn."
    
    I won't give this book to my grandchildren, even though the oldest would
    probably be able to read a good part of it.  But I will give it to their
    mothers.
    
    Not being a marketroid, I will not say that this book is a "must have" for
    anyone with kids.  Unlike many other books, and like many computer
    technologies, it must be used to be of any value.  Parents can't simply
    present it to their children and forget it: to do so would be to teach that
    ethics are not important.  If you want to get anything out of this work, you
    will have to read it with your kids, or give it to them to read, and discuss
    it with them.  It can be read in an afternoon, but shouldn't be.  The
    material should be taken a chapter at a time, perhaps once a week, perhaps
    at even longer intervals.  It may take years to finish this slim volume (by
    which time all the URLs may be 404).  As the adult you will have to be
    patient, and accept that the discussions may not proceed in straight lines,
    as you think they should.
    
    The end result, though, should be worth it.  You'll have ethical kids.
    
    copyright Robert M. Slade, 2001   BKINCMEK.RVW   20010815
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: 12 Feb 2001 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .MIL users should contact <risks-requestat_private> (Dennis Rears).
       .UK users should contact <Lindsay.Marshallat_private>.
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 20" for volume 20]
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 21.75
    ************************
    



    This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 12:51:42 PST