[risks] Risks Digest 22.20

From: RISKS List Owner (riskoat_private)
Date: Thu Aug 22 2002 - 14:46:51 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.21"

    RISKS-LIST: Risks-Forum Digest  Thursday 22 August 2002  Volume 22 : Issue 20
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/22.20.html>
    and by anonymous ftp at ftp.sri.com, cd risks .
    
      Contents:
    "Homeland Insecurity" (Monty Solomon)
    Home overvalued by $200 million affects tax recovery (Fuzzy Gorilla)
    103-year-old man told to bring parents for eye test (Arthur Goldstein)
    Alleged ID thief arrested in NYC (Monty Solomon)
    Your packets know the way to San Jose. (Malcolm Purvis)
    Emergency call-center power-supply woes (Dave Stringer-Calvert)
    YASST: Yet Another Silly Spam Trick (Rob Slade)
    Re: E-mail content filtering ... (Joe Stoy)
    E-mail *envelope* filters blocking NDN and DSN (MAtteo HCE Valsasna)
    Content based e-mail filtering -- timely example (Betsy Schwartz)
    Klez + html login = no security (Leonard Erickson)
    Klez: The Virus That  Won't Die (Monty Solomon)
    The left hand of the government asketh ... (Rob Slade)
    Re: Apple OSX and iDisk and Mail.app (Dave)
    REVIEW: "Computers and Ethics in the Cyberage", Hester/Ford (Rob Slade)
    SAFECOMP 2002 & ECCE-11 (Massimo Felici)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Wed, 14 Aug 2002 10:16:15 -0400
    From: Monty Solomon <montyat_private>
    Subject: "Homeland Insecurity"
    
    Charles C. Mann, a top expert, says America's approach to protecting itself
    will only make matters worse.  Forget "foolproof" technology -- we need
    systems designed to fail smartly...
     
      To stop the rampant theft of expensive cars, manufacturers in the 1990s
      began to make ignitions very difficult to hot-wire. This reduced the
      likelihood that cars would be stolen from parking lots-but apparently
      contributed to the sudden appearance of a new and more dangerous crime,
      carjacking.
    
      After a vote against management Vivendi Universal announced earlier this
      year that its electronic shareholder-voting system, which it had adopted
      to tabulate votes efficiently and securely, had been broken into by
      hackers. Because the new system eliminated the old paper ballots,
      recounting the votes-or even independently verifying that the attack had
      occurred-was impossible.
    
      To help merchants verify and protect the identity of their customers,
      marketing firms and financial institutions have created large computerized
      databases of personal information: Social Security numbers, credit-card
      numbers, telephone numbers, home addresses, and the like. With these
      databases being increasingly interconnected by means of the Internet, they
      have become irresistible targets for criminals. From 1995 to 2000 the
      incidence of identity theft tripled.
    
    http://www.theatlantic.com/issues/2002/09/mann.htm
    
      [This article is extremely timely, well written, and important for
      RISKS readers.  It also features various insights from Bruce Schneier,
      whom Charles interviewed while researching the article.  PGN]
    
    ------------------------------
    
    Date: Mon, 19 Aug 2002 16:20:50 -0700
    From: "Fuzzy Gorilla" <fuzzygorillaat_private>
    Subject: Home overvalued by $200 million affects tax recovery
    
    In Manhattan, Kansas, a home property valued at $59,500 was inadvertently
    changed to $200,059,000, and seriously disrupted the calculation of the
    local budgets for the school district, the city, and Riley County --
    resulting in a 6.5% overstatement of the value of county property, and a
    shortfall in tax revenues of over $2.3 million.  [PGN-ed]
      http://dailynews.yahoo.com/news?u=/ap/20020819/ap_on_fe_st/property_value_2
    
    ------------------------------
    
    Date: Fri, 02 Aug 2002 01:14:55 +0000
    From: arthur.goldsteinat_private
    Subject: 103-year-old man told to bring parents for eye test
    
    Another cute medical mix-up (Reuters, 31 Jul 2002):
    http://news.excite.com/odd/article/
      id/256255|oddlyenough|07-31-2002::12:22|reuters.html
    
    British pensioner Joseph Dickinson, 103, had a shock when his local hospital
    called him in for an eye test and told him to bring his parents.  "I must be
    getting younger, in fact much younger," he told his local paper, the
    Hartlepool Mail.  He was born in 1899, but because the hospital computer
    only read the last two digits it mistook his age as just three years old. ...
    
    ------------------------------
    
    Date: Tue, 20 Aug 2002 22:17:56 -0400
    From: Monty Solomon <montyat_private>
    Subject: Alleged ID thief arrested in NYC
    
    A man captured by the US Marshals Service in New York is accused of stealing
    the identities of 12 Boston lawyers to buy lavish cars and finance spending
    sprees, the agency said yesterday.  Shawn R. Pelley, 26, had evaded
    authorities for nearly a year before he was caught after a car chase.  Once
    convicted of fraud, he allegedly began an identity-theft scam shortly after
    his release from prison last summer.  Using information from a law
    directory, he allegedly obtained his victims' birth certificates and credit
    reports, opened credit-card accounts, and took bank loans on the stolen IDs.
    [Source: Thanassis Cambanis, *The Boston Globe*, 20 Aug 2002; PGN-ed]
      <http://www.boston.com/dailyglobe2/232/metro/Alleged_ID_thief_arrested_in_NYC+.shtml>
    
    ------------------------------
    
    Date: Wed, 21 Aug 2002 22:32:00 +1000
    From: Malcolm Purvis <malcolmpurvisat_private>
    Subject: Your packets know the way to San Jose.
    
    The Southern Cross Cable Network, a significant supplier of bandwidth
    between Australia and the US, recently announced a new access point in San
    Jose.  The Associated Press release says in part:
    
      The new San Jose access point is located at Market Post Tower, which
      currently houses the world's most famous Internet peering point, MAE
      West. Virtually all of the network access points and data centers in the
      surrounding San Francisco Bay Area connect to Market Post Tower via
      high-speed local fiber rings. ...  70% of the Internet traffic from the
      Western United States and 40% of the world Internet traffic passes through
      the building that houses the new Southern Cross access point.
    
    I wonder how well the rest of the Internet would cope if something happened
    to that building (which has a web site, so you can learn all about it).  I
    also see that MAE West is owned by WorldCom.
    
    The press release is at:
      <http://www.southerncrosscables.com/layup_ms19_8_02.htm>
    
    ------------------------------
    
    Date: Mon, 19 Aug 2002 21:46:05 -0700
    From: Dave Stringer-Calvert <dave_scat_private>
    Subject: Emergency call-center power-supply woes
    
    One of North Yorkshire Police's main telephone switchboards was shut down
    for four hours as the result of a serious control-room power-supply problem
    in Newby Wiske, Northallerton.  Traffic was redirected to the York control
    room, which had considerable congestion due to the reduced total number of
    operators.  [Source: Article by Tony Tierney, *Yorkshire Evening Press*, 19
    Aug 2002; PGN-ed]
    
    ------------------------------
    
    Date: Sun, 4 Aug 2002 14:58:43 -0800
    From: Rob Slade <rsladeat_private>
    Subject: YASST: Yet Another Silly Spam Trick
    
    At the moment I have a hotmail account, rmsladeat_private  It gets a ton
    of spam, of course.  Recently, as I was cleaning ou the accumulated sludge
    (Hotmail's "junk" settings are pretty useless), I noted a message that
    appeared to come from "rmslade."  Now, it isn't unusual for spammers to set
    up the mailing so that the messages have a forged "From" line that contains
    the same address the message is sent to.  Only in this case, the message was
    from rmsladeat_private, and that is not an address I own.
    
    Looking at the headers in detail revealed (along with the fact that the
    spammer is probably yallddamail.com [65.121.131.5] [Qwest Communications])
    that the actual address used is $userat_private
    
    Now, as I said, spammers spoof addresses all the time.  But does Hotmail
    have to enable such a transparent means of allowing it?
    
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: Mon, 29 Jul 2002 10:32:34 -0400
    From: Joe Stoy <stoyat_private>
    Subject: Re: E-mail content filtering ... (Miller, RISKS-22.16)
    
    My favourite story along these lines is about the two German musicologists
    who were having a learned discussion by e-mail about Bach's B Minor Mass,
    until both simultaneously came to the conclusion that the other side was
    losing interest towards the end of the Gloria.  But it turned out that their
    e-mail system was simply refusing to let through any mention by name of the
    magnificent fugue at the end of that section.
    
    ------------------------------
    
    Date: Mon, 29 Jul 2002 16:24:00 +0200 (CEST)
    From: MAtteo HCE Valsasna <valsasnaat_private>
    Subject: E-mail *envelope* filters blocking NDN and DSN
    
    Many RISKS readers have already reported about RISKs associated with e-mail
    filters based on the contents. But serious service RISKs are also associated
    to envelope-based filters, i.e., filters based on the sender (or recipient)
    used in SMTP transactions (in contrast with those present in the e-mail
    headers).
    
    Many SMTP servers have started fitering e-mail with an empty envelope sender,
    their administrators claiming they can block a lot of spam that way. This is
    in clear contrast with RFC [rfc1123, see quote below].
    
    A reason for this is that an empty envelope sender must be used with NDN
    (Non Delivery Notification) and DSN (Delivery status notification) messages,
    which are used to inform the sender that his message couldn't be delivered
    to the recipient, or to confirm to the sender the delivery or the reading of
    a message [rfc1891, see quote below].
    
    Filtering those messages could mean that, under certain conditions, a
    delivery confirmation could fail to reach the sender, or, much worse, a
    non-delivery notification could never reach the sender.
    
    When empty reverse path filtering is applied at the SMTP server receiving
    messages for the user's address, NDN and DSN messages originated at other
    servers will be rejected. This can happen for example if the user uses a
    different SMTP server to send her messages, if the SMTP server that receives
    a message does not reject it immediately, but rather accepts it and later
    generates a negative DSN message to inform the reader of the missed
    delivery, and also happens for DSN messages generated at a different domain
    than the sender's.
    
    SPMT gives no guarantees about the delivery of a message, but makes any
    possible effort to inform the sender that a message could not be delivered
    (also these efforts are not generally guaranteed to succeed).  Filtering
    messages with an empty envelope sender risks to render these attempts
    useless.
    
    Users have got accustomed to receive a negative confirmation (NDN) when they
    send a message that will never reach the recipient, so they may trust that a
    message for which they received no NDN has actually been delivered (a
    classical problem of double-negative logic). Filtering empty reverse path
    messages will void this trust, leaving the sender with the impression that
    his message has reached someone. The RISKs associated with this false
    assumption are obvious.
    
    The assumption is actually false basing on SMTP's absence of guarantees, not
    on the improper loss of NDN messages due to empty smtp sender filtering, but
    users do not read manuals, they look at how the service actually works and
    build their assumptions accordingly.
    
    Another general-purpose RISK (assuming that a system that usually works will
    *always* work).
    
    MAtteo HCE Valsasna - Network & Linux Administrator
    Centro SIC - Univ. degli Studi dell'Insubria
    
    http://www.faqs.org/rfcs/rfc1123.html (Requirements for Internet Hosts
    -- Application and Support)
    
     5.2.9  Command Syntax: RFC-821 Section 4.1.2
    
             The syntax shown in RFC-821 for the MAIL FROM: command omits
             the case of an empty path:  "MAIL FROM: <>" (see RFC-821 Page
             15).  An empty reverse path MUST be supported.
    
    http://www.faqs.org/rfcs/rfc1891.html (SMTP Service Extension for
                       Delivery Status Notifications)
    
    7.1 SMTP Envelope to be used with delivery status notifications
    
       The DSN sender address (in the SMTP MAIL command) MUST be a null
       reverse-path ("<>"), as required by section 5.3.3 of [9].  The DSN
       recipient address (in the RCPT command) is copied from the MAIL
       command which accompanied the message for which the DSN is being
       issued.  [...]
    
    ------------------------------
    
    Date: Sun, 11 Aug 2002 12:59:17 -0400
    From: Betsy Schwartz <betsysat_private>
    Subject: Content based e-mail filtering -- timely example
    
    Another problem is that it's impossible for any one sysadmin to know, for a 
    given string, whether it's a legitimate word or name in some contexts.
    
    I've had several people say to me recently: "but, what legitimate e-mail 
    could possibly contain the word 'klez' "?  Well, I am a big fan of klezmer 
    music and there will be some sad wedding parties if "klez" is filtered out! 
    See http://www.klezmershack.com 
    
      [And this will undoubtedly get THIS issue filtered for some readers.  PGN]
    
    ------------------------------
    
    Date: Tue, 20 Aug 2002 03:12:14 PST
    From: shadowat_private (Leonard Erickson)
    Subject: Klez + html login = no security
    
    I mostly use a DOS based mail reader program, so I often get MIME
    encoded mail or other mail that may or may not have viral payloads (or
    just typical Microsoft "everyone uses our mailer" dreck).
    
    I move the messages to a directory to be checked out later. 
    
    Today I was going thru the message that'd piled up there over the last
    couple of weeks. And I was looking at the other files included in Klez
    infected messages.
    
    One was a file that had "login" as part of the name, and no extension.  A
    quick check with LIST showed it to be an HTML file. Out of curiosity, I
    added an HTML extension, and looked at it on a Windows system.
    
    I found myself on a website for a company I won't name. With the username
    and password having just been entered on a login screen!
    
    A password that seems to still be valid.
    
    I found a "technical problems" email address on the web site and mailed the
    contact the info about the problem. And I deleted the file.
    
    But whatever program created this login "file" (I think html had embedded
    Javascript) is *really* a bad idea to have in this world that has viruses
    that email random files from infected systems to the world.
    
    Anybody care to bet that my report to the company gets ignored?
    
    Leonard Erickson (aka shadow{G})  shadowat_private      
    
    ------------------------------
    
    Date: Thu, 22 Aug 2002 09:15:25 -0400
    From: Monty Solomon <montyat_private>
    Subject: Klez: The Virus That  Won't Die
    
    Already the most prolific virus ever, Klez continues to wreak havoc.
    By Andrew Brandt, Sep 2002 issue of *PC World* magazine, 1 Aug 2002
    
    The Klez worm is approaching its seventh month of wriggling across the Web,
    making it one of the most persistent viruses ever. And experts warn that it
    may be a harbinger of new viruses that use a combination of pernicious
    approaches to go from PC to PC.
    
    Antivirus software makers Symantec and McAfee both report more than 2000 new
    infections daily, with no sign of let-up at press time. The British security
    firm MessageLabs estimates that 1 in every 300 e-mail messages holds a
    variation of the Klez virus, and says that Klez has already surpassed last
    summer's SirCam as the most prolific virus ever.
    
    And some newer Klez variants aren't merely nuisances--they can carry 
    other viruses in them that corrupt your data.  ...
      http://www.pcworld.com/news/article/0,aid,103259,00.asp
    
    ------------------------------
    
    Date: Thu, 1 Aug 2002 08:34:19 -0800
    From: Rob Slade <rsladeat_private>
    Subject: The left hand of the government asketh ...
    
    Despite the reports being a day apart, the following two stories appeared
    next to each other in last evening's Edupage from EDUCAUSE.  EDUCAUSE made
    no comment on the juxtaposition.  However, I suspect that pretty much anyone
    can see the cause for concern here.  Poorly thought out "quick fix"
    legislative solutions, such as the DMCA, can definitely be much more trouble
    than they are worth.
    
    ------- Forwarded message follows -------
    >Date sent:      	Wed, 31 Jul 2002 17:43:42 -0600
    >From:           	EDUCAUSEat_private
    >Subject:        	Edupage, July 31, 2002
    
    [...]
    TOP STORIES FOR WEDNESDAY, JULY 31, 2002
      Clarke Urges Hackers to Find and Report Bugs
      H-P Uses DMCA Against Bug Finders
    
    [...]
    CLARKE URGES HACKERS TO FIND AND REPORT BUGS
    Richard Clarke, the cybersecurity advisor to President Bush, told
    attendees of the Black Hat conference in Las Vegas that they should
    find and report software bugs that compromise computer security. [...]
    Associated Press, 31 July 2002
    http://www.nandotimes.com/technology/story/484376p-3867743c.html
    
    H-P USES DMCA AGAINST BUG FINDERS
    In an apparent first, Hewlett-Packard has invoked the controversial
    Digital Millennium Copyright Act (DMCA) to stop researchers from
    releasing information about software bugs. [...] But H-P sent
    a letter to SnoSoft, a group of researchers, saying that the group
    faces fines of $500,000 and jail time for releasing information about a
    bug in an H-P Unix application. SnoSoft said that they notified H-P of
    the flaw early enough that a patch should have been available before
    public disclosure of the bug. [...]
    CNET, 30 July 2002
    http://news.com.com/2100-1023-947325.html
    
    [...]
    EDUPAGE INFORMATION
    
    To subscribe, unsubscribe, or change your settings, visit
    http://www.educause.edu/pub/edupage/edupage.html
    
    ------------------------------
    
    Date: Sat, 27 Jul 2002 21:08:50 -0400
    From: Dave <davew1at_private>
    Subject: Re: Apple OSX and iDisk and Mail.app
    
    from Volume 22 : Issue 18:
    > Net effect: your iDisk password is transmitted in the clear without
    > your awareness, albeit as a mail password.
    > Problems:
    ...
    > - mac.com's mail password is *always* identical to iDisk password
    
    Yes, by definition. mac.com mail and iDisk are part of iTools (now ".Mac")
    which uses a single account/password to access all of its services.
    
    > - OSX's "do what I mean" friendliness saves passwords without knowledge
    
    Users enter their iTools info in the Internet preferences panel which
    states: "Enter your member name and password. This information is used to
    access iTools, including your iDisk and your e-mail account."  Hard to
    misinterpret that.
    
    > then connects to mac.com which *does not* support any method of
    > encrypted password transmission.
    
    That's the real problem which Apple will correct quickly (right guys?)
    
    ------------------------------
    
    Date: Tue, 20 Aug 2002 15:12:27 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "Computers and Ethics in the Cyberage", Hester/Ford
    
    BKCMETCB.RVW   20020606
    
    "Computers and Ethics in the Cyberage", D. Micah Hester/Paul J. Ford,
    2001, 0-13-082978-1, U$41.00
    %A   D. Micah Hester
    %A   Paul J. Ford
    %C   Scarborough, Ontario
    %D   2001
    %G   0-13-082978-1
    %I   Prentice Hall
    %O   U$41.00 800-576-3800 416-293-3621 fax: 201-236-7131
    %P   498 p.
    %T   "Computers and Ethics in the Cyberage"
    
    This volume is a collection of essays, arranged in a rather complex fashion.
    There are parts, subdivided into chapters, with each chapter containing
    about four papers.  It isn't necessarily difficult to find the theme running
    through each set of papers, but neither does the conjunction of ideas
    support the individual discussions.
    
    The preface, interestingly, states that the book provides no general
    introduction to ethics.  There are also lists of alternative orderings and
    selections of the papers included in the volume, suggested to address
    additional topics.
    
    Part one is an introduction to technology, computers, and values which last
    is rather in contradiction to the assertion that the work contains no such
    introduction.  In any case, there is no introduction to values.  The essays
    in chapter one look at how the machine affects personality (a poetic but
    unconvincing piece), a review of various (both positive and negative but
    primarily religious) views of technology, opinions on technology and moral
    responsibility, and the ethical problems presumed to be unique to computers.
    Chapter two views computer technology as value-laden.  The first paper
    insists that computers should be improved by the addition of abilities for
    responding to simple requests in natural language, apparently implying that
    the search for the "user-friendly" chimera has an ethical driver.  (A common
    desire, but one that flies in the face of user-interface research that
    indicates people are, in fact, unable to frame requests accurately even in
    natural language.)  Others assert that computers fail to distinguish between
    numbers and data (and between information and reason), that work with
    Boolean algebra molds the thinking process, and that computers are fun
    because they are magic.
    
    Part two purports to review computers and quality of life.  Chapter three
    looks at technology and relations with other people.  One paper points out
    that the attitude of the Amish towards the telephone is supportive of
    community living, but admits that the example has almost no relation to
    other technology.  Others discuss various things you can do online, how much
    Howard Rheingold likes the WELL service, and that John Perry Barlow doesn't
    know whether community actually exists (online or in real life).  Computer
    and individuality is addressed, in chapter four, with an unsupported
    assertion that technology has some normative value, wild speculation on
    implantable brain chips, a fictional short story about artificial
    personality, and vague thoughts about the anthropomorphizing effect of the
    changing language with regard to computers.  A look at computers in
    developing nations assumes that the purpose of computer use is control,
    asserts (but does not support) the idea that western (and therefore somehow
    "authoritative") computers are unsuited to Africa (the entire continent is
    assumed to have unreliable data), that information technology can help in
    Latin America but there are problems, presents random memories of email use
    in Jamaica, and asserts, in chapter five, that transferring technology to
    the third world can create problems.
    
    Part three concentrates on the uses, abuses (and maybe consequences) of
    technology.  Chapter six looks at professionals and ethics, with various
    views of whether professions have special obligations (and a final decision
    that computing is not a profession), scenarios emphasizing conflicting
    loyalties, and some factors that might help reduce computer misuse.
    Freedom, privacy and control is the topic of chapter seven, discussing
    problems with direct democracy, reprinting a political speech nominally
    about privacy, and attempting to determine a definition and some
    characteristics of privacy.  A review of intellectual property ownership and
    piracy has an interesting examination of the differences in attitudes to
    copyright between western (stressing ownership and roles) and Asian
    (emphasizing social benefits and outcomes) cultures, as well as a student
    survey, a statement that the arguments in favour of copyright are at best
    unproven, and an opinion promoting copy protection cracking and the
    distribution of "cracked" commercial programs (with the usual lack of logic
    and writing skills).  (Despite this last essay, chapter eight is possibly
    the best in the book.)  Chapter nine has some sensationalistic material on
    hacking (and a very poor introduction to viruses) with no real conclusions,
    a hacker "manifesto," a strong (but no perfect) analysis deciding that
    computer intrusions cannot be held to be "victimless," an interview with a
    self-styled "hacker" (as self- serving as most such), and a weak examination
    of the Morris Worm.
    
    Part four seems to assume that it is moving into more advanced or futuristic
    technologies, although the discussions don't change much.  Chapter ten has
    another fictional short story implying that computers are false gods, a
    replay of "What Computers Can't Do," and a vague wondering about the
    definition of life.  One essay, very much in contradiction to the thesis of
    Rosalind Picard's excellent "Affective Computing" (cf. BKAFFCMP.RVW)
    maintains that a computer which is "superior in every way" (to us) must be a
    "monster," and assumes that artificial intelligence will be devoid of
    compassion.  (Even if one does accept that intelligence must be emotionless,
    there is no mention of the fact that such a system would also lack cruelty.)
    The overview of virtual reality (VR) has an interesting examination of the
    health and safety effects (limited) and benefits of the technology, and two
    assertions of the need for a VR ethic, in chapter eleven.  In chapter
    twelve, Al Gore sells the GII (Global Information Infrastructure), we are
    told that there is pornography on the Internet, Dibbell's classic "Rape in
    Cyberspace" is reprinted, and an article on cyberstalking seems to void its
    premise by repeatedly demonstrating that most of the activities take place
    in the real world, not the net.
    
    Many of the papers in this collection are lifted wholesale from their
    origin.  Although ellipses seem to indicate that material has been cut in a
    number of places, there are still some very odd references to other papers
    or presentations no longer "present," and even comments directed at people
    who are no longer in the audience.
    
    Much of this material is quite seriously flawed by a lack, on the part of
    the authors, of a technical background.  This is not to say that
    non-technical people cannot comment on the social aspects of technology, nor
    that discussions of technical ethics could not benefit from the input of
    philosophers, ethicists, sociologists, and the like.  However, many of the
    speculations bear little relationship to technical reality, and therefore
    the arguments and decisions are invalid.
    
    Overall, there is a lack of direction to the work.  In the end, it gives an
    impression of a vague complaint that computers aren't moral, and aren't
    taking the burden of ethical decisions away from mankind.  Personally, I
    find this position not only unhelpful, but extremely odd.
    
    copyright Robert M. Slade, 2002   BKCMETCB.RVW   20020606
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: Tue, 20 Aug 2002 18:30:11 +0100
    From: Massimo Felici <massimo.feliciat_private>
    Subject: SAFECOMP 2002 & ECCE-11
    
      SAFECOMP 2002
      The 21st International Conference on
      Computer Safety, Reliability and Security
      Catania, Italy, 10-13 September 2002, Catania, Italy
      http://www.safecomp.org/
      contact safecomp2002at_private
    
    Co-located and Coordinated with
      ECCE 11 - Cognition, Culture and Design 
      Eleventh European Conference on Cognitive Ergonomics 
      Catania, Italy, 8-11 September 2002
      http://www.ecce.info/
    
    ------------------------------
    
    Date: 29 Mar 2002 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .MIL users should contact <risks-requestat_private> (Dennis Rears).
       .UK users should contact <Lindsay.Marshallat_private>.
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 21" for volume 21]
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.20
    ************************
    



    This archive was generated by hypermail 2b30 : Thu Aug 22 2002 - 15:32:03 PDT