[risks] Risks Digest 22.25

From: RISKS List Owner (riskoat_private)
Date: Mon Sep 23 2002 - 10:10:47 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.26"

    RISKS-LIST: Risks-Forum Digest  Monday 23 September 2002  Volume 22 : Issue 25
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/22.25.html>
    and by anonymous ftp at ftp.sri.com, cd risks .
    
      Contents: [Backlogged]
    Elections In America - Assume Crooks Are In Control (Lynn Landes via
      Rebecca Mercuri)
    Re: Florida Primary 2002: Back to the Future (Bob Morrell)
    Georgia Secretary of State response to Mercuri (Chris Riggall via
      Donald R. Calabro Jr.)
    Election idiocy crosses state lines (Mark Richards)
    Retrospective Karger/Schell paper on Multics Security Evaluation 
      (Steve Summit)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Wed, 18 Sep 2002 09:09:35 -0400
    From: "Rebecca Mercuri" <notableat_private>
    Subject: Elections In America - Assume Crooks Are In Control, Lynn Landes
    
      [Spin Doctors at it again!  Rebecca.]
    
    Elections In America - Assume Crooks Are In Control
    Lynn Landes, 16 Sep 2002
    
    Don't blame the poll workers in Florida. The facts, supported by voting
    machine experts and numerous newspaper articles, have made it
    clear. Computerized voting machines that were certified by the state of
    Florida, caused most of the problems in Florida's primary election. In the
    absence of paper ballots, the damage is now irreversible.
    
    This was no accident. It's not new. And Florida is not alone.
    
    "The concept is clear, simple, and it works. Computerized voting gives the
    power of selection, without fear of discovery, to whomever controls the
    computer," wrote the authors of VoteScam (1992), James & Kenneth Collier
    (both now deceased). It's a 'must read' book about how elections have been
    electronically and mechanically rigged in the United States for decades, and
    with the knowing and sometimes unknowing support of media giants and
    government officials, including... ironically... Janet Reno.
    
    Only a few companies dominate the market for computer voting machines.
    Alarmingly, under U.S. federal law, no background checks are required on
    these companies or their employees. Felons and foreigners can, and do, own
    computer voting machine companies. Voting machine companies demand that
    clients sign 'proprietary' contracts to protect their trade secrets, which
    prohibits a thorough inspection of voting machines by outsiders. And,
    unbelievably, it appears that most election officials don't require paper
    ballots to back up or audit electronic election results. So far, lawsuits to
    allow complete access to inspect voting machines, or to require paper
    ballots so that recounts are possible...have failed.
    
    As far as we know, some guy from Russia could be controlling the outcome of
    computerized elections in the United States.
    
    In fact, Vikant Corp., a Chicago-area company owned by Alex Kantarovich,
    formerly of Minsk, Belorussia (also known as White Russia, formerly
    U.S.S.R.), supplies the all-important 'control cards' to Election Systems &
    Software (ES&S), the world's largest election management company, writes
    reporter Christopher Bollyn.  According to ES&S, they have "handled more
    than 40,000 of the world's most important events and elections. ES&S systems
    have counted approximately 60% of the U.S. national vote for the past four
    presidential elections. In the U.S. 2000 general election, ES&S systems
    counted over 100 million ballots."
    
    Getting back to Kantarovich, he would not disclose where the control cards
    are made, except they aren't made in America, writes Bollyn. Nor would he
    discuss his previous employment. Bollyn says he got some
    not-too-thinly-veiled threats from Kantarovich.
    
    Kantarovich sounds more like the Russian mafia, than a legitimate businessman.
    
    But the really big deal is this....all of ES&S's touch screen machines
    contain modems, "allowing them to communicate-and be communicated with-while
    they are in operation," reports Bollyn. That communication capability
    includes satellites.  "Even computers not connected to modems or an
    electronic network can still be manipulated offsite, not during the
    election, but certainly before or after," says voting systems expert
    Dr. Rebecca Mercuri.
    
    ES&S supplied the touch screens for Miami-Dade and Broward counties where
    the worst machine failures occurred. But the debacle was nothing new for
    ES&S.  Associated Press (AP) reporter Jessica Fargen wrote in June 2000,
    "Venezuela's president and the head of the nation's election board accused
    ES&S of trying to destabilize the country's electoral process. In the United
    States, four states have reported problems with equipment supplied by the
    company. Faulty ES&S machines used in Hawaii's 1998 elections forced that
    state's first-ever recount."
    
    Sequoia is another voting systems company that sends a cold chill down my
    spine.  "Mob ties, bribery, felony convictions, and threats of coercion are
    visible in the public record of the election services company," according to
    investigative journalist and filmmaker Daniel Hopsicker, and reported in
    Spotlight.com.  Hopsicker says that Pasquale "Rocco" Ricci, a 65-year-old
    senior executive with Sequoia, and the firm's Louisiana representative,
    recently pled guilty to passing out as much as $10 million dollars in bribes
    over the course of almost an entire decade." According to American Law
    Education Rights & Taxation (ALERT), Ricci is the president of Sequoia
    International, which also manufactures casino slot machines.
    
    That's just great. Now, we could possibly have both the Russian mafia and the
    U.S. mafia involved in our elections.
    
    In May 2002 Sequoia was bought by De La Rue, based in England. By their own
    estimate, De La Rue is "the world's largest commercial security printer and
    papermaker, involved in the production of over 150 national currencies and a
    wide range of security documents such as travelers checks and vouchers.
    Employing almost 7,000 people across 31 countries, (De La Rue) is also a
    leading provider of cash handling equipment and software solutions to banks
    and retailers worldwide." And they develop technology for secure passports,
    identity cards, and driver's licenses.
    
    Okay, add Dr. Evil to the mix and be on the look-out for international money
    launderers, drug kingpins, and Nazis.
    
    The Shoup Voting Solutions of Quakertown, Pennsylvania, has a reputation for
    rigging elections, wrote the late co-author of VoteScam, Jim
    Collier. According to Collier, in 1979, Ransom Shoup II, the president of
    the firm, was convicted of conspiracy and obstruction of justice stemming
    from an FBI investigation of a vote-fixing scam involving the old-fashioned
    lever machines in Philadelphia."
    
    These reports are just the tip of the iceberg. The numerous instances of
    U.S. voting systems error and fraud are documented in a 1988 report for the
    U.S. Commerce Department entitled, "Accuracy, Integrity, and Security in
    Computerized Vote-Tallying" by Roy G. Saltman, a computer consultant for the
    National Institute of Standards and Technology's Computer Systems
    Laboratory. Many other experts and observers have been warning and
    complaining about these problems for decades.
    
    But complaints, warnings, reports, and books like "VoteScam," haven't
    deterred government officials like Pinellas County (Florida) Commissioners
    Calvin Harris and County Judge Patrick Caddell. They told the St. Petersburg
    Times in October 2001 that they were aware that all of the voting machine
    companies had "problems in their pasts."  But, Harris said, "We have to look
    at this objectively and not get tied up into the emotions of, 'Some guy
    might be a crook."
    
    Dear Commissioner Harris...when it comes to elections in America...assume
    crooks are in control...and then act accordingly.
    
      Links:
    
      a.. http://www.votescam.com
      b.. http://www.securepoll.com
      c.. http://www.commondreams.org/views02/0805-07.htm
    
    Lynn Landes, 217 S. Jessup Street, Philadelphia, PA 19107 / (215) 629-3553 /
    (215) 629-1446 (FAX & ISDN) lynnlandesat_private
    Lynn Landes is a freelance journalist specializing in environmental issues. She
    writes a weekly column which is published on her website www.EcoTalk.org and
    reports environmental news for DUTV in Philadelphia, PA. Lynn's been a radio
    show host and a regular commentator for a BBC radio program.
    
    ------------------------------
    
    Date: Wed, 11 Sep 2002 13:18:09 -0400
    From: "Bob Morrell" <bmorrellat_private>
    Subject: Re: Florida Primary 2002: Back to the Future (Mercuri, RISKS-22.24)
    
    I think the problems with the Florida voting system could be used as a case
    study on how not to implement a computerized system. Indeed, any intelligent
    analysis of the tasks and resources should have warned designers that
    significant problems were ahead. Device use is infrequent. The staff
    responsible for the devices (poll watchers) are usually undertrained
    volunteers, often elderly retirees with little experience with electronic
    devices, much less computers. Overall system management responsibility is
    completely decentrallized and has low priority in all locations. The main
    user (voters) are completely untrained. The frequency of exceptions to rules
    and the need for override capability is high (flying in the face of the
    needs for security) and resource allocation (after the initial post 2000
    flurry of concern) for changes and needed alterations is extremely low. Some
    of the problems listed by Rebecca Mercuri (Risks Digest 22.24) and in the
    general media are so incredible, one has to assume that the vendor selected
    for the contract won bid by cutting some very basic corners.
    
    I think that Mercuri's call for a moratorium throughout the United States
    (and world) on the procurement of electronic voting systems that do not
    provide voter-verifiable paper ballots is the starting point for reform. But
    beyond that, given the current operational parameters, one has to ask
    whether this system, as is, can be computerized to any great degree.
    
    Bob Morrell  http://home.triad.rr.com/bmorrell/ 
    
    ------------------------------
    
    Date: Mon, 16 Sep 2002 20:29:17 -0400
    From: "Donald R. Calabro Jr." <Donat_private>
    Subject: Georgia Secretary of State response to Mercuri in RISKS-22.24
    
    This is a response to Rebecca Mercuri's article "Florida Primary 2002: Back
    to the Future," from Chris Riggall, The Press Secretary for Cathy Cox, GA
    Secretary of State.
    
    Mr. Calabro:  Thanks for your message, and for passing along the response
    from Ms. Mercuri.
    
    I'm not sure what issues Ms. Mercuri refers to as far as the equipment in
    Georgia is concerned, but I'll try to take a stab at it. We operated the new
    AccuVote TS systems in two counties in the Aug. 20th Primary and Sept. 10th
    runoff elections.  The performance of the equipment in these "real world"
    settings was quite good, and based on both media accounts and our personal
    visits to precincts those days in Hall and Marion Counties, the response of
    voters was overwhelmingly positive.
    
    On the Primary Aug. 20th, many of the other 157 counties also had the
    equipment displayed in voting precincts with a demonstration ballot.  This
    was one component of a broad based voter education campaign -- to let voters
    see for themselves the new technology they would vote on in November.  Among
    these units about five percent reported problems with screen freezes -- and
    the solution in that circumstance is to turn the unit off, then back on
    again.  This was unfortunate, but not unanticipated since several weeks
    prior to the primary Diebold and we became aware that this problem could
    occur and was the result of a conflict between the unit's firmware and a new
    release of Windows CE that serves as the units' operating system (as a PR
    guy, I'm on shaky ground trying to explain this to an IT expert!).  Diebold
    programmers developed a patch which was applied to the units deployed in
    Hall and Marion counties, and we were pleased that not one freeze was
    reported among the tens of thousands of votes cast there.  Unfortunately, we
    simply did not have the time to apply the patch to the demo units, but that
    is now occurring to all units in all counties and the last increment of
    shipments from Diebold had this fix loaded before leaving the factory.
    
    Not referring to Ms. Mercuri, of course, but we have had some wild
    allegations about equipment failures in Hall and Marion during these two
    elections.  One Georgia political party chairman (he'll go unnamed) put out
    a news release claiming that voters in one Hall precinct were turned away
    because of equipment failures and were issued "vouchers" so they could
    return and vote later.  Balderdash.  Never happened.
    
    Regarding Maryland, the coverage that I saw of that election using Diebold
    equipment last week came from the Washington Post -- not exactly an
    uncritical media outlet.  The primary complaints from that seemed to be
    focused on Montgomery County, (one of four counties using that equipment --
    representing 40 % of that state's voters) where results were relatively slow
    to be compiled and reported.  While slow reporting is not ideal, it is not
    in the least the kind of critical failure that occurred in two Florida
    counties (Dade and Broward) out of the 15 that deployed new DRE systems last
    Tuesday.
    
    We would completely agree, and media accounts from Florida suggest, that the
    critical issue is education of voters and, even more importantly, poll
    workers before the election takes place.  We are putting a tremendous focus
    on this and providing to the counties an array of training and technical
    support -- including hands-on classroom training for about 6,000 poll
    workers.  I think her suggestion about using college IT students is an
    excellent one, and we have been working with county election officials for a
    year to help them expand their poll worker recruitment efforts and expand
    their traditional pool to include teachers, students and others with some
    level of technical knowledge.
    
    Also regarding Maryland, I thought I would include some information Diebold
    put out last week -- don't mean to burden you with corporate PR stuff, but
    there are some quotes from Maryland election officials which I thought you
    would find of interest.
    
    Again, thanks for contacting us.  I know that not every single thing on Nov.
    5th will take place perfectly (no election has ever met that standard) but
    we are very cognizant of the training issues and are working hard to make
    sure the counties perform in this critical  area.  Here's the Diebold info:
    
    DIEBOLD TOUCH-SCREEN VOTING TERMINALS PERFORM WELL IN PRIMARY ELECTIONS
    
    Voters in Maryland, Georgia and Kansas Show Widespread Acceptance to New
    Technology
    
    Photo available at http://www2.diebold.com/whatsnews/pr/photo.htm 
    
    NORTH CANTON, Ohio - Diebold Election Systems, Inc., a wholly owned
    subsidiary of Diebold, Incorporated, today announced its touch-screen voting
    terminals performed extremely well in four counties within the state of
    Maryland.  This election marks the state's first widespread use of the new
    AccuVote-TS electronic touch-screen voting system to be deployed statewide
    for future elections.
    
    Over 40 percent of the state's 2.7 million registered voters, located in
    four counties -Montgomery, Prince George's, Allegheny, and Dorchester - were
    the first to use the new electronic voting system in Tuesday's primary
    election.
    
    Currently, Diebold has touch-screen voting systems in more than 170 counties
    in many states throughout the United States, totaling more than 35,000
    voting stations.  Diebold's touch-screen system was not utilized in the
    recent Florida primary election.
    
    "The response from voters was absolutely positive," said Margaret Jurgensen,
    election director, Montgomery County Board of Elections.  "I spoke to many
    voters after they cast their ballots, and they stated that they loved the
    ease of voting with the new system.  Many voters commented about the ease of
    reading the ballot on the touch screen.  One visually impaired voter was
    able to vote for the first time without assistance because of the ballot
    magnification feature of the system.  As with any new technology, our
    election staff grew more comfortable with the system as the day progressed,
    and we see the implementation of the touch screen system continuing to
    improve as our staff becomes more familiar with the technology."
    
    "Our first touch screen primary election was a tremendous success," stated
    Donna Rahe, Dorchester County election director.  "The voters of Dorchester
    County adapted to the touch screen technology extremely well, and the
    combined coordination efforts of the county's election staff and Diebold
    Election Systems caused a very smooth transition to the new election
    system."
    
    Diebold experienced similar success in August when voters in Hall and Marion
    counties in the state of Georgia tallied primary election results on the
    touch-screen voting system.  Georgia is the first state in the country to
    implement a uniform statewide, computerized touch-screen voting system.
    Earlier this year, Diebold announced a $54 million agreement with Georgia
    officials to overhaul the state's election system technology making the
    state a national leader in replacing outdated election equipment.
    
    "Georgia's new uniform electronic voting system received its first test in
    the Primary Election and the Diebold units passed with flying colors," said
    Georgia Secretary of State Cathy Cox, Georgia's chief elections official.
    "Throughout Hall and Marion Counties we heard extremely positive comments
    from voters and poll workers about the convenience, security and ease of use
    of the new AccuVote-TS units."
    
    Voters in Johnson County, Kansas, were pleased with the touch-screen system
    as well.  Approximately 99-percent of the voters who completed a comment
    card after using the system gave it a favorable rating.
    
     "The Johnson County Election Office is proud of its reputation of making
    voting convenient and accessible," said Connie Schmidt, Johnson County
    Election Commissioner.  "We are pleased to be the first county in the
    Midwest to deploy touch-screen voting computers to all polling places
    countywide."
    
     "Considering the magnitude of these elections, which includes more than
    870,000 registered voters within the four Maryland counties, we are very
    pleased with the results as every single vote was accurately counted," said
    Bob Urosevich, president of Diebold Election Systems, Inc.  "Increased
    familiarity with the system will continue to make the process even smoother
    in future elections.  We are working with the voters, poll workers and
    election officials to ensure that the entire process is intuitive and
    streamlined for everyone involved."
    
    Chris Riggall
    Press Secretary
    Ga. Secretary of State Cathy Cox
    110 State Capitol Atlanta, Ga. 30334
    404-656-5792
    
    ------------------------------
    
    Date: Thu, 19 Sep 2002 16:31:22 -0400
    From: "Mark Richards" <mark.richardsat_private>
    Subject: Election idiocy crosses state lines
    
    When America sends its youth to war, at least in the past, it was for
    protecting our freedoms.  Now we send our youth to war on the whim of a
    weak mind, one incapable of uttering a coherent English sentence,
    drawling nonsense rhetoric.  What for?  Oil of course.  But that's not
    important right now.
    
    What's really important is that the sort of thing people died for in wars
    past, the right to a fair and free election, is in the hands of those with
    little or no mind power, so well-proven by the recent Florida mess, defa vu
    all over again.  I haven't read a single commentator who stood up and
    suggested that the whole thing is downright unpatriotic; a stain on the
    graves of those who died.
    
    Election people, even when given lots of money and another chance,
    managed to screw up, royally.  We can certainly blame the computers and
    the complexity and moan about the lack of testing, redundancy and
    safeguards.  But when I read the news from Marlboro, Massachusetts, and
    the fact that, for the second year, the election people screwed up
    again, it makes me wonder if The Florida Disease, like the West Nile
    virus, is spreading northward.
    
    According to the *Metrowest Daily News*, a snafu brought their
    vote-tabulation system to its knees and resulted in the necessity to
    hand-count the ballots.  I always appreciate it when the press or
    officialdom bring out these cute terms like snafu and glitch.  Makes these
    blunders seem, well, harmless.
    
    Last year's problem?  The people maintaining the city's computer system
    didn't know last year why the clerk's office was on the computer system
    after hours and kicked it off while doing its nightly backup work.
    
    This year?  No one seems to know.  This year, however, the systems
    administrators didn't try to back up the files being used by the clerk's
    office, Bunting said, so she doesn't know what happened.
    
    But don't worry.  Next year (the third time) will be a charm.  We are
    comforted to hear,  The problem shouldn't affect a third election, Bunting
    said. She said she's in the final stages of moving City Hall offices off of
    a 20-year-old computer system and onto a personal computer system.
    
    Massachusetts just suffered one of the worst voter turn outs in record.
    Idiot blunders like these do little to raise confidence that one vote
    counts.
    
    ------------------------------
    
    Date: Thu, 12 Sep 2002 11:00:06 -0400
    From: Steve Summit <scsat_private>
    Subject: Retrospective Karger/Schell paper on Multics Security Evaluation
    
    I'm sure that many, many readers of RISKS are familiar with the story of Ken
    Thompson's Turing Award lecture: of the invisible trapdoor in /bin/login
    maintained by an equally invisible trapdoor in the compiler, of the oblique
    reference to an "unknown Air Force document" whence came the idea for the
    trapdoors, of Ken's request for anyone who knew of the actual paper to let
    him know.  What I, for one, did not know was that the paper and its authors
    had in fact come to light: "Multics Security Evaluation: Vulnerability
    Analysis", written by Paul A. Karger and Roger R. Schell and published by
    the Air Force in 1974.  And in a new paper which is simultaneously a trip
    down memory lane and an up-to-the-moment call to arms, Karger and Schell
    have collaborated on a new, retrospective paper which reviews (and
    incorporates a resurrected copy of!) the former report, while analyzing
    today's computer security landscape in light of the former report's analyses
    and recommendations.
    
    The new paper is "Thirty Years Later: Lessons from the Multics Security
    Evaluation".  It is to be presented at the Annual Computer Security
    Applications Conference (ACSAC, http://www.acsac.org/) in December, and a
    preprint copy is available under <http://domino.watson.ibm.com/library/
    cyberdig.nsf/papers?SearchView&Query=(multics)>.  Anyone remotely interested
    in computer security (which probably includes just about everyone reading
    RISKS) should probably not bother reading any more of this note of mine, but
    should head directly to the domino Web site to fetch a copy.  It's an
    excellent read, and the opportunity to view the problem from the 1974
    perspective -- via the incorporated copy of the 1974 paper -- is priceless.
    (Among other things, it makes you realize how little we've learned since.)
    
    Dismayingly, but not surprisingly, the authors do not find that the
    operating systems of today have benefited much from their in-depth analyses
    of Multics.  Multics with moderate improvements was, they felt, adequately
    secure for a closed environment, but would not have been secure in an open
    environment (i.e. accessible to untrusted users) without a new security
    kernel which was never completed.  Today's popular operating systems, on the
    other hand, are barely as secure as the unimproved Multics was, yet of
    course they are routinely asked to serve in the very harshest of
    environments: the open Internet.
    
    I'm afraid that the paper may be dismissed by some as another antiquarian
    pro-Multics rant, and I've also seen suggestions that it's thinly disguised
    Microsoft- or Unix-bashing.  Neither criticism is remotely accurate: the
    paper's analysis is impartially objective and if anything borders on the
    excessively sober.  To point out security flaws in popular operating systems
    is not to bash them; those problems are simple facts.
    
    My only criticism of the paper is not a criticism but a lament, similar to
    the one I sometimes feel when reading RISKS these days.  Those of us who
    like to think we understand security have been discussing these issues for
    decades, but the message does not seem to be getting out; systems at all
    levels remain variously depressingly or laughably insecure.  The current
    activity surrounding security is almost all what Karger and Schell call a
    "battle of wits" between attackers and defenders; little is being done to
    make commodity systems fundamentally secure.
    
    The obvious concluding question -- of a paper like Karger and Schell's, or a
    review like this one -- is, what should be done?  The authors are not
    dogmatic, merely pointing out that the current situation is unstable and
    that some truly secure mechanisms (already known to be both theoretically
    and practically viable) will have to be deployed lest chaotic disasters
    ensue.  The question for the rest of us is, do we agree, and can we persuade
    the parties who matter that they've got to take security more seriously?  An
    all too likely reaction to the paper is that its insistence on new,
    verifiably secure kernels is extreme and unnecessary, that all we've got to
    do to win the "battle of wits" is to try a little harder.  Alas, it's not
    clear that we're even keeping up with the adolescents who perpetrate
    scourges like Nimda and Klez, and it's even more unpleasant to contemplate
    how we might fare if faced with "industrial-strength espionage" (as Vernor
    Vinge put it in his haunting novel Marooned in Realtime).  Let's hope we can
    find the collective wherewithal to do *something*; I'd rather not find
    myself marooned in the postapocalyptic husk of a once-great but inadequately
    secure cyberspace.
    
    Steve Summit <scsat_private>
    
      [The Web version has an explicit caveat relating to the fact that the
      two papers have been submitted to the Classic Papers section of the 18th
      Annual Computer Security Applications Conference (ACSAC), 9-13 Dec 2002,
      Las Vegas NV, and that until then the papers are considered restricted
      in their distribution.  However, discussion of these papers has already
      reached Slashdot.  We include this notice here to encourage discussion
      of their RISKS-relevance, and to encourage your attendance at ACSAC if
      this topic interests you, not to induce you to violate the caveat on the
      watson.ibm.com site.  PGN]
    
    ------------------------------
    
    Date: 29 Mar 2002 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .MIL users should contact <risks-requestat_private> (Dennis Rears).
       .UK users should contact <Lindsay.Marshallat_private>.
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 21" for volume 21]
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.25
    ************************
    



    This archive was generated by hypermail 2b30 : Mon Sep 23 2002 - 11:08:44 PDT