[risks] Risks Digest 22.26

From: RISKS List Owner (riskoat_private)
Date: Wed Sep 25 2002 - 16:45:32 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.27"

    RISKS-LIST: Risks-Forum Digest  Weds 25 September 2002  Volume 22 : Issue 26
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/22.26.html>
    and by anonymous ftp at ftp.sri.com, cd risks .
    
      Contents: [Backlogged]
    Press Releases MIT vs Mercuri (Rebecca Mercuri)
    Cost cutting endangers hospital power (Rich Brown)
    South Wales train leaves without driver (Fuzzy Gorilla)
    Greek government doesn't quite ban electronic games (Bruce Anderson)
    Yet another intrusive Web site (Michael Ortega-Binderberger)
    Air passenger jailed for using mobile (George Roussos)
    Re: Microsoft says Win 2000 hacking outbreak subsides (Mike Patnode)
    Re: The pinnacle of chutzpah in spam filtering (Peter Corlett)
    Re: Retrospective Karger/Schell paper on Multics Security Evaluation
      (Paul Karger)
    REVIEW: "Pearl Harbor Dot Com", Winn Schwartau (Rob Slade)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Tue, 24 Sep 2002 13:44:34 -0400
    From: "Rebecca Mercuri" <notableat_private>
    Subject: Press Releases MIT vs Mercuri
    
    I was forwarded the following press release from MIT/CalTech from a source
    at IEEE Spectrum and am seriously concerned about the conclusions they have
    drawn regarding the recent Florida primary election.  The press release is
    here in its entirety, followed by my analysis/rebuttal.  R. Mercuri.
    
    >Date: Thu, 19 Sep 2002 10:56:22 -0700
    >To: Recipient List Suppressed:;
    >Subject: Caltech-MIT Team Find 35% Improvement in Florida's Voting Technology
    
    >For Immediate Release
    >September 19, 2002
    
    >Caltech-MIT Team Finds 35% Improvement in Florida's Voting Technology
    
    >PASADENA, Calif. - If one measures election success by equipment 
    >performance alone, Florida's push to get new voting equipment 
    >on-line for the 2002 election appears to have paid off. 
    
    >Compared with the performance of equipment in past Florida state 
    >primary elections, the new technologies for casting and counting 
    >ballots look like clear improvements according to experts at the 
    >California Institute of Technology and the Massachusetts Institute 
    >of Technology. 
    
    >Researchers from the Caltech/MIT Voting Technology Project 
    >calculated the rate of residual votes (ballots on which no votes or 
    >too many votes were recorded) for the largest counties in Florida 
    >for the 2002 Democratic Gubernatorial Primary and for the last three 
    >Gubernatorial General Elections in Florida (1990, 1994, and 1998). 
    >These counties are Brevard, Broward, Duval, Hillsborough, 
    >Miami-Dade, Palm Beach, and Pinellas.
    
    >The residual vote rate, it appears, has been substantially reduced 
    >as a result of the election reform efforts of the past year. On 
    >average, 2.0 percent of Democratic voters recorded no vote for 
    >governor in these seven counties.  In past elections, the average 
    >has been 3.1 percent.  This is a 35 percent improvement in 
    >performance. 
    
    >The largest apparent improvements came in Brevard and Duval 
    >counties, which switched from punch cards to optically scanned paper 
    >ballots.  The remaining counties purchased new touch screen or 
    >Direct Recording Electronic (DRE) machines.  All of the counties 
    >show some improvement in their capacity to record and count votes.
    
    >Residual Vote Rates for Governor in the 7 Largest Florida Counties
    >County 2002 Voting Equipment Residual Vote Rate
    >      Demo Primary.                   Gen. Gen. Gen.
    >                  2002    1998  Ave.  1998 1994 1990
    >Brevard      1.0% Scanner Punch 4.2%  2.6% 4.5% 5.4%
    >Broward      2.0  DRE     Punch 2.6%  2.7  1.9  3.3
    >Dade         3.0  DRE     Punch 3.2%  4.0  2.7  3.2
    >Duval        2.2  Scanner Punch 3.4%  3.1  2.5  4.5
    >Hillsborough 1.6  DRE     Punch 2.3%  2.7  1.9  N/A
    >Palm Beach   2.3  DRE     Punch 3.1%  3.7  2.3  3.3
    >Pinellas     1.9  DRE     Punch 2.2%  2.3  1.9  2.3
    >Total        2.0                3.1%
      [General elections; PGN approximate reconstitution of a garbled table]
    
    >Source: Florida Division of Elections and county election offices 
    >of each county.
    
    >(This table may lose formatting in your email program, see accurate [...]
    
    >"These results are very encouraging," said Stephen Ansolabehere, a 
    >professor at the Massachusetts Institute of Technology and 
    >co-director of the project. "Florida made a major effort to upgrade 
    >its technology and, in the primary, the machines used showed clear 
    >gains over the technologies in past elections." 
    
    >Professor Charles Stewart, another MIT professor working on the 
    >Voting Technology Project, cautions that "the success of an election 
    >cannot be measured solely in terms of equipment performance. 
    >Current events in Florida also illustrate how better technology is 
    >just a first step in improving the functioning of democracy." 
    >Stewart said, "Most of the problems reported by journalists covering 
    >the 2002 Primary Elections in Florida did not concern equipment 
    >malfunctions, but problems encountered preparing for election day, 
    >such as training poll workers."
    
    >R. Michael Alvarez, co-director of the Voting Technology Project and 
    >professor of political science at the California Institute of 
    >Technology, said "As counties and states across the country, 
    >especially here in California, plan out similar changes, we are 
    >learning important lessons about how to make such important changes 
    >in voting technologies."
    
    >"The one distressing thing, though, are the reports from Florida 
    >that polling place workers had difficulties getting some of the new 
    >voting machines up and running on election day in Florida, and that 
    >as a result, some voters might have been turned away from the 
    >polling places. These reports reinforce our calls for more polling 
    >place workers and better training of polling place workers, as they 
    >provide a critical role in making sure that all votes are counted," 
    >Alvarez said.
    
    >MIT's Stewart adds "The fact that the congressional election reform 
    >bill is currently stalled in a House-Senate conference committee 
    >hasn't helped matters any."
    
    >The Caltech/MIT Voting Technology Project is a non-partisan research 
    >project, formed to study election systems following the 2000 
    >presidential election and sponsored by the Carnegie Corporation. 
    >More information and copies of reports are available at 
    >www.vote.caltech.edu.
    
    >MEDIA CONTACT: Jill Perry, Caltech Media Relations Director
    > (626) 395-3226
    
    > Sarah Wright or Ken Campbell, MIT News Office
    > 617 253-2700
    
    >Jill Perry
    >Media Relations Director
    >California Institute of Technology (Caltech)
    >Mailing Address: Mail Code 0-71, Pasadena, CA 91125
    >Street Address: 315 S. Hill Ave., Pasadena, CA 91106
    >Ph: (626) 395-3226
    >Fax: (626) 577-5492
    >jperryat_private
    
     - - - - -
    
    NEWS RELEASE, September 24, 2002
    
    Rebecca Mercuri rebuts recent MIT/CalTech voting systems analysis and
    calls for moratorium on new electronic balloting equipment purchases
    
    After reviewing the press release issued September 19 by MIT and CalTech,
    electronic voting system expert Rebecca Mercuri revealed that "the
    conclusion that MIT/CalTech researchers has drawn, that Florida's new voting
    technology shows a 35% improvement, is based on a flawed analysis and is
    likely erroneous."  She goes on to state that not only are the researchers
    comparing "apples to oranges" in terms of the types of technologies surveyed
    (punch-cards versus optically scanned and DRE machines), but they have
    misleadingly compared Gubernatorial general election results to
    Gubernatorial primary results (and only for the Democrats in the 2002
    primary).
    
    It is well known that voters in general elections turn out in far greater
    numbers (in Florida it is estimated that the November election will show a
    400% increase or more) than in primaries, putting greater strain on the
    performance of systems as well as on poll workers and voters.  The balloting
    style of the typical primary voter (usually a party insider, and certainly a
    partisan with a larger interest in selecting candidates for each race on the
    ballot) is quite different from the general election voter, where
    independents and other non-declared or minority party affiliation citizens
    are permitted to cast ballots.  Thus, only in November will we be able to
    ascertain whether the residual vote rate has actually "improved." Hence,
    Dr. Mercuri asserts, "the conclusion is premature, as well as flawed."
    
    Laudatory statements made by Stephen Ansolabehere, Charles Stuart and
    R. Michael Alvarez regarding Florida's new voting systems are also sorely
    misleading, and do not support their conclusion of 35% improvement.  MIT
    Professor Stuart's comment that "most of the problems covered by
    journalists...did not concern equipment malfunctions" is not based on an
    analysis of the numerous and severe voting system problems that occurred
    throughout the state, but rather on the media reports that surfaced.  Many
    equipment malfunctions were reported by the Associated Press and other news
    bureaus, but these were obfuscated by the public interest stories that
    alternatively showed voters "pleased with the new equipment" or being
    "turned away from the polls in droves."
    
    A lot of the media attention focused on press comments by Governor Jeb Bush
    and members of his staff who erroneously characterized the problems as being
    based only in two counties (Miami-Dade and Broward) and blamed the poll
    workers and election officials there for the situation.  In actuality,
    Miami-Dade and Broward could not have purchased the ES&S machines had they
    not been pre-certified by the state for use.  Sadly, this certification
    failed to provide the counties or their poll workers with sufficient
    notification as to the fact that the voting machines would take 10 minutes
    to start up, with the ones outfitted for the visually impaired taking an
    astonishing 23 minutes.  Some machines also contained a "safety feature"
    that did not permit them to be turned on before 6AM on election day.  Since
    each unit is activated sequentially, simple math shows that a polling place
    containing 10 voting machines, with one outfitted for the visually impaired,
    would not be fully operational until nearly 8AM (an hour after the polls
    opened) under the best conditions.  Mercuri states: "I certainly do not see
    how this can be blamed on the poll-workers, nor how it constitutes an
    improvement.  I'm hard pressed to think of any computer equipment
    manufactured after the 1970's that takes 23 minutes to be started,
    especially those deployed for use entirely in time-critical operations.  The
    failure by MIT/CalTech to raise serious concerns about the engineering of
    these products is remiss."
    
    MIT's Ansolabehere stated that "the machines used showed clear gains over
    the technologies used in past elections."  To which Dr. Mercuri replies:
    "Yes perhaps, if one considers declaring a state of emergency (under threat
    of lawsuit by a major candidate) and extending the election day by two hours
    a "clear gain."  How about in Union County, Florida, where 2,700 optically
    scanned ballots had to be hand counted, because the computers were
    erroneously programmed to only tally votes for Republican candidates? At
    least there, the ballots could be recounted because they were on paper.
    What about the precinct in southern Florida that showed a 1200% voter
    turnout (12 times as many voters as were registered) because the DRE
    activation cards permitted voters to cast ballots on machines in the same
    building that were not in their precinct?  And what about some precincts in
    Miami-Dade and Broward where the vote cartridges reflected over 40% residual
    votes (lost or missing) and data had to be "extracted" from back-up memory
    inside of the machines (one wonders how trusted the reconstructed results
    can be)?"
    
    CalTech's Alvarez states "we are learning important lessons about how to
    make such important changes in voting technologies" and Mercuri asks: "Is it
    fair to allow Florida and other states and communities to feel pressured to
    replace their voting systems while being treated as guinea pigs?  Is the
    United States prepared to reimburse communities for defective and obsolete
    equipment once new standards are in place (since all election equipment is
    still being inspected by the National Association of State Election
    Directors testing authorities to the outdated 1990 Federal Election
    Commission guidelines)? Is it acceptable to certify voting equipment that
    can be reprogrammed internally via a portal on the device (as some were,
    only weeks before the election in Palm Beach County as well as elsewhere in
    the state)?  These new technologies are playing a role in electing
    government officials - the confidence citizens have in the democratic
    process is at stake."
    
    Mercuri, who has testified before the U.S. House Science Committee regarding
    the need for involvement of the National Institute of Standards and
    Technologies in establishing criteria for the procurement and testing of
    election equipment, feels that congressional election reform is sorely
    needed. But, she notes that many of the laws proposed at federal and state
    levels, or enacted since 2000, have been weakly worded so as to permit the
    production of election equipment that does not provide an independent means
    whereby voters can verify human-readable ballots that are secured and
    available for recounts. "Real election reform," Mercuri says, "is only
    possible within a context of adequate and enforceable standards for
    construction, testing, and deployment of voting equipment."
    
    But Mercuri worries that the trend to full automation of the voting process
    could be used to conceal election fraud. She warns, "It is entirely possible
    that Florida and other states may smooth out their election day problems
    such that it appears that the voting systems are functioning properly, but
    votes could still be shifted or lost in small percentages, enough to affect
    the outcome of an election, within the self-auditing machines.  Whether this
    occurs maliciously or accidentally, it presents a frightening prospect.
    Thankfully, new products are being developed that provide the voter with a
    way to determine that their ballot has been tabulated correctly, without
    revealing the contents of their vote, but deployment of such systems is a
    few years down the road."
    
    For these reasons, Dr. Mercuri has requested a moratorium on the purchase of
    any new voting systems that do not provide, at minimum, a voter-verified,
    hand-recountable, physical (paper) ballot while appropriate laws, standards,
    and technologies are developed that will provide accurate, secure, reliable,
    and auditable voting systems. She urges MIT, CalTech, and other concerned
    scientists, public officials and private citizens to join her in this cause.
    
    For further information contact:
    
    Rebecca Mercuri, Ph.D.
    P.O. Box 1166, Phila. PA 19105
    609/895-1375, 215/327-7105
    www.notablesoftware.com/evote.html
    mercuriat_private
    
    ------------------------------
    
    Date: Sat, 21 Sep 2002 09:07:00 -0500
    From: "Rich Brown" <rabbavat_private>
    Subject: Cost cutting endangers hospital power
    
    http://www.twincities.com/mld/twincities/news/4119286.htm
    
      [The above URL may disappear before this issue appears.]
    
    There is no individual villian here - it took the combination of a power
    company willing to reduce reliability in the name of cutting costs and
    errors installing the (multiple) hospital generators to cut operating room
    power.
    
    ------------------------------
    
    Date: Wed, 18 Sep 2002 18:39:30 -0400
    From: "Fuzzy Gorilla" <fuzzygorillaat_private>
    Subject: South Wales train leaves without driver
    
    Another episode of a train leaving the station without its driver occurred
    on a South Wales commuter train between Rhymney and Cardiff.  The driver,
    who had been chatting with railway workers on the platform, did a 100-yard
    sprint to catch up with the train.  However, a spokesman for Valley Lines
    reportedly said that the train would have stopped automatically in another
    fifty yards.  [Source: All Aboard! Except for Driver of Runaway Train,
    Reuters item, 18 Sep 2002, via Yahoo; PGN-ed; perhaps the driver was in
    training (sprintwise)?]
      http://dailynews.yahoo.com/news?tmpl=story2&u=/nm/20020918/od_nm/train_dc
    
    ------------------------------
    
    Date: Fri, 13 Sep 2002 20:27:30 -0400
    From: Bruce Anderson <bruce-andersonat_private>
    Subject: Greek government doesn't quite ban electronic games
    
    This one sounded too far out, so I checked with the local Greek consulate.
    (My question to them was "is this a hoax?", quoting the Web page referenced
    in RISKS-22.23.)  Here is their reply.  I hope this clears the air a bit.
    
      After we received your e-mail we have forwarded it to the Press Office of
      the Greek Embassy in Ottawa. They have informed us they are aware of these
      articles but they are not accurate. The New Greek Law has banned all games
      that can be used for gambling or modified for gambling purposes even if
      they exist in private spaces (Only Casinos are excluded from the banning).
      However neither foreign tourists neither Greek citizens will be prosecuted
      when they use cell phones with games , or lap tops in which games are
      installed or any portable game consoles for example :play stations,
      gameboys, x-box etc, since these games cannot be modified for gambling and
      furthermore the owner doesn't insert coins or credit cards in order to
      continue using them. We hope that this answers your question.
    
    ------------------------------
    
    Date: Thu, 12 Sep 2002 02:50:13 -0700 (PDT)
    From: Michael Ortega-Binderberger <mikiat_private>
    Subject: Yet another intrusive Web site
    
    A few days back, and with the september 11 anniversary, a local news station
    in Los Angeles, CA (reasonably large audience) advertised the efforts of a
    Web site called 4MyEmergency.com.  The idea is that most people do not have
    all their personal information "together" in case of a disaster, and the
    Web site wants to help you get your act together. Its full of good wishes,
    privacy pledge, etc. so far so good.
    
    What the Web site does for you is to generate a report that you can leave
    with a loved one in case of disaster.  Unfortunately, disaster can come much
    earlier thanks to its information gathering process. It asks you in a series
    of 7 forms all conceivable information about yourself: name, address/phone,
    birthdate, names/phones of family, friends, your doctor,dentist, pharmacist
    and insurance agent, your medical history, home, car, health and life
    insurance policies (the company, phone, policy numbers and where they are),
    home security company and even though they don't "recommend" you give them
    your security code, yep, there you can write it down if you so choose. To
    make you feel good, you can also include your religious and pet information
    to go with your credit card, banking, accountant, attorney and real estate
    information.
    
    Its actually so concerned with security that it does not ask for your social
    security number, you can just write it down on the final printout, or "mail
    it to a friend or family member you trust".
    
    The homepage states that "For additional security, this Web site uses the
    highest level encryption." However, all of this is transmitted in the clear
    with not even SSL encryption to a Web site that has no credibility beyond
    good wishes and a click-through privacy agreement.
    
    To be fair, most fields are optional, but then, why would anyone use it in
    the first place?
    
    The RISKS? The information they collect is tailor made for identity theft,
    they have no security, and the media is giving them a free pass and even
    some promotion despite frequent warnings about identity theft in southern
    California.
    
    ------------------------------
    
    Date: Wed, 11 Sep 2002 16:25:51 +0100 (BST)
    From: George Roussos <grat_private>
    Subject: Air passenger jailed for using mobile
    
    A passenger who played a game on his mobile phone during a flight has been
    jailed for four months.  (BBC coverage at:
      http://news.bbc.co.uk/1/hi/england/2248683.stm)
    
    The risks of playing Tetris!
    
    ------------------------------
    
    Date: Thu, 12 Sep 2002 16:28:01 -0400
    From: mike.patnodeat_private
    Subject: Re: Microsoft says Win 2000 hacking outbreak subsides (RISKS-22.24)
    
    > MS urges us to take preventive measures to protect themselves against
    > future attacks: eliminate blank or weak administrator passwords, disable
    > guest accounts, run up-to-date antivirus software, use firewalls to
    > protect internal servers, and stay up to date on all security patches.
    
    I just had Windows 2000 installed on my laptop (company policy).  This
    software ships with very little security enabled and numerous webs sites,
    including Microsoft, tell me to update it and change account settings.  But
    it is so hard to figure out what to do!  We are told to change the Admin
    password, but also warned that some (unnamed) programs will stop working if
    we do this.  The computer help files and Microsoft web site do not tell
    which accounts are needed or why.  What I can tell is my machine has now
    been changed into a multi-user environment, which is not what I want.  Also
    Microsoft tells us to use "snap-ins".  What on earth are they?  Which ones
    affect which accounts?  I can't make random changes to my machine, as it has
    to work within a corporate network.
    
    I think the reason this is so confusing is Microsoft does not know what are
    the correct settings for the many pre-installed accounts and is trying to
    make its users figure this out on their own.  Otherwise, wouldn't the
    software be shipped with appropriate settings already enabled?
    
    ------------------------------
    
    Date: Wed, 11 Sep 2002 17:05:10 +0000 (UTC)
    From: abuseat_private (Peter Corlett)
    Subject: Re: The pinnacle of chutzpah in spam filtering
    
    >     [Why you'd have a content filter on an 'abuse@...' is beyond me.]
    >        [Because they get lots of spam also?  PGN]
    
    Yes.
    
    I adopted a username of "abuse" in 1998 or so to reduce the amount of spam I
    received. It was rather effective. Still, the thieves who want to steal my
    bandwidth have now added the new address to their "Trillion Guaranteed
    Addresses" CDs and there's a reasonable chunk aimed at my MX hosts.
    
    The MX hosts run abuse@ through my hand-crufted Exim Filter rules and issue
    bounces. They're based on header peculiarities caused by certain popular
    bits of spamware, so the usual risks of keyword filtering don't seem to
    apply in my specific case. I include a phone number in the bounce, and
    nobody has complained yet, anyway.
    
    When I used to work on an abuse desk, we had an incredible amount of junk
    sent to the abuse@ address as well. Unfortunately, it wasn't sensible to
    attempt to filter that lot, exactly because of the noted RISK. Besides, I
    wouldn't get the BOFHly pleasure of nuking a user for spamming if I'd lost
    the complaint :)
    
    ------------------------------
    
    Date: Wed, 25 Sep 2002 17:48:05 -0400
    From: kargerat_private
    Subject: Re: Retrospective Karger/Schell paper on Multics Security Evaluation
    
    Since our paper was reviewed this week on both RISKS (Summit, RISKS-22.25),
    people who downloaded it may be interested in obtaining a newly revised copy
    that includes a few small changes based on some of the comments and
    suggestions we have received, as well as some typographical corrections.
    Roger and I thank everyone who sent us comments (from Slashdot, RISKS, and
    open-source), as they were most helpful.
    
    The URL remains the same:
    
    http://domino.watson.ibm.com/library/cyberdig.nsf/papers?SearchView&Query=(multics)&SearchMax=10
    
    http://domino.watson.ibm.com/library/cyberdig.nsf/papers
      ?SearchView&Query=(multics)&SearchMax=10  
         [broken, if your mailer blows the unbroken version]
    
    Some people downloading it on 24 or 25 September (yesterday and today) may
    have run into problems, both with the link to the actual PDF and with two
    pages being missing from the PDF.  Both of these problems have now been
    resolved, and I hope that they did not cause anyone too much trouble.
    
    ------------------------------
    
    Date: Wed, 11 Sep 2002 19:46:31 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "Pearl Harbor Dot Com", Winn Schwartau
    
    BKPRHRDC.RVW   20020628
    
    "Pearl Harbor Dot Com", Winn Schwartau, 2002, 0-9628700-6-4, U$9.99
    %A   Winn Schwartau winnsat_private
    %C   11511 Pine St. N., Seminole, FL   33772
    %D   2002
    %G   0-9628700-6-4
    %I   Inter.Pact Press
    %O   U$9.99 727-393-6600 fax: 727-393-6361
    %P   512 p.
    %T   "Pearl Harbor Dot Com"
    
    Dear Winn,
    
    Thank you for the copy of "Pearl Harbor Dot Com."  In recognition of this
    book's demonstration of your deep personal commitment to recycling (and at
    least you admit that this story started life as "Terminal Compromise": many
    don't) I was going to reprint my original review (cf. BKTRMCMP.RVW) but I
    suppose that wouldn't be fair to anyone.
    
    You have tightened up the writing considerably.  (With age, and a few more
    books under the belt, comes grammar, eh?)  However, I still note "refuse"
    for "refuge," a semicolon for "that," "hesitancy" for "hesitation," and a
    whole lot of redundancy.  (And what is with your fetish for "Glen Fetich"?)
    
    Your characters are a little more interesting and consistent, although Miles
    Foster (and most of the other technical people) still seem to be geek wish
    fulfillment.
    
    The plot has more tension, but it is still *way* too convoluted.  You've got
    a whole shoal of red herrings (and you know what they say about old fish
    after a while) and a ripped-out wiring closet full of loose ends.
    
    Even disregarding a computer system that will crack Blowfish and AES in
    seconds, and the wonderful, mythical lethal virtual reality feedback bug, I
    still have some technical bones to pick with you.  Why does a power outage
    shut down a battery operated radio?  Carbon dioxide does not suck oxygen out
    of the air.  And my son-in-law is a pilot on that type of aircraft, and has
    had power failures at exactly that point in the flight (the latest due to a
    lightning strike).  My grandchildren aren't orphans yet.
    
    I couldn't ignore your "virus" now, could I?  In having it burn out a
    printer port, were you trying to resurrect the old "Desert Storm virus"
    canard?  I recognized the old timing based video burnout trick and the
    somewhat debated issue of excessive diskette read head travel (neither was
    ever used in a virus).  But, for crying out loud, if you sold three hundred
    million "infected" programs, why would you need a virus?  And if you
    distributed that many copies of malware, you think nobody would notice?
    (Yes, OK, "Windows."  Partial point to you.  But people are finding bugs in
    it every day.)
    
    I agree with your basic point: the general public should be more aware of
    the weaknesses in the technology that controls so much of modern life.  But
    you don't strengthen your argument by making enough mistakes that it looks
    like you don't understand it either.
    
    copyright Robert M. Slade, 1993, 2002   BKPRHRDC.RVW   20020628
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: 29 Mar 2002 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .MIL users should contact <risks-requestat_private> (Dennis Rears).
       .UK users should contact <Lindsay.Marshallat_private>.
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 21" for volume 21]
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.26
    ************************
    



    This archive was generated by hypermail 2b30 : Wed Sep 25 2002 - 17:43:45 PDT