[risks] Risks Digest 22.34

From: RISKS List Owner (riskoat_private)
Date: Mon Nov 04 2002 - 15:37:15 PST

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.35"

    RISKS-LIST: Risks-Forum Digest  Monday 4 November 2002  Volume 22 : Issue 34
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/22.34.html>
    and by anonymous ftp at ftp.sri.com, cd risks .
    
      Contents:
    Prior Florida voting woes spawn pre-election frenzy (Charles P Schultz)
    Election counting conclusions (Paul D. Smith)
    Risks of dual-boot systems (Paul Schreiber)
    Windows daylight saving and file time-stamp (Chris Jakeman)
    Microsoft court ruling leaked early through security blunder (Keith Rhodes)
    Exam software -- does it get a passing grade? (David Lesher)
    $3,200 tuition listed on bill as 'Taco Bell' (Fuzzy Gorilla)
    Turnpike commuters play "Where's the Fast Lane?" (Monty Solomon)
    BBC News: Fake bank website cons victims (Chris Leeson)
    GAO: Government Agencies Adhering To Privacy Laws (Monty Solomon)
    REVIEW: "Ethical Issues of Information Systems", Ali Salehnia (Rob Slade)
    REVIEW: "Computer Security Handbook", Seymour Bosworth/M. E. Kabay (Rob Slade)
    CARDIS '02: 5th Smart Card Research/Advanced Application Conference
      (Alex Walker)
    Formal Methods Europe 2003 cfp (Diego Latella)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Mon, 4 Nov 2002 17:45:26 -0500 
    From: Schultz CharlesP-ECS013 <ecs013at_private>
    Subject: Prior Florida voting woes spawn pre-election frenzy
    
    Due to the problems we have had in recent history both with manual voting,
    and the more recent electronic voting systems put into place, it became
    possible to "pre-vote" here in South Florida - most notably in Miami-Dade
    and Broward counties. Over the past few days the reported waiting times for
    "early voters" has steadily risen to today's peak of 2-3 hours. In spite of
    thousands of people waiting in lines and casting their votes, we apparently
    have not yet begun the "election."
      http://www.miami.com/mld/miami/4442229.htm
    
    As it turns out, there seem to be no lessons learned, as the same issues
    that caused problems with electronic voting in the primaries (lack of
    training, poor facilities, lack of equipment to name a few) are still in
    force during this early election period. I am wondering if SO many people
    have already voted now that there will be short lines on election day, or if
    the problems are going to be magnified by the even larger number of people
    who still have not voted. The voting manufacture seems to already be
    covering its tracks by explaining why voters should expect delays and voting
    times of up to 25 minutes per
    person. http://www.essvote.com/index.php?section=news_item&news_id=84
    
    I certainly have some concerns regarding the integrity of the voting process
    and the votes themselves, especially those that are cast during this early
    voting period. During our primaries, we had episodes of votes tallied for a
    precinct being greater than the registered voters in that precinct, lower
    than expected votes (sometimes 0) were recorded for precincts with
    traditionally good voter turnout and poor accounting of individual voting
    machines [The Herald Saturday, September 14, 2002]. So now that this process
    is spread over a period of days, some new risks have been introduced :
    
    - retention of information by voting machines (e.g. does machine get
      accidentally reset from one day to the next)
    
    - influence of "early voting" polls have on the voting taking place on the
      "official" election day
    
    - duplicate voting (e.g. person votes on multiple days by registering with
      different workers)
    
    - memory capacity of individual machines (e.g. can votes get overwritten if
      volume is too high for an individual machine?)
    
    - the integrity of the counting votes from individual machines (I don't
      know whether this is taking place on a daily basis, or must be delayed
      until the end of election day)
    
    - and maybe an even higher than usual number of recounts and finger
      pointing which can be based on this unusual early voting practice, which
      will then expose further problems when results are overturned, etc.
    
    Charles P. Schultz, North Miami Beach, FL
    
    ------------------------------
    
    Date: Thu, 10 Oct 2002 09:07:09 +0100
    From: "Paul D. Smith" <PDSat_private>
    Subject: Election counting conclusions
    
    Many contributors have pointed out the extremes of election counting
    requirements, from the British "1 or 2 contests per ballot, count by hand"
    from the US "Many contests per ballot, count electronically".  This is a
    thread that could run and run but we can draw the various conclusions
    together and define the simple requirements for a good voting system.
    
    1. A hand count, with observers from the contesting parties present, is the
    safest and fairest way to count ballots, especially close, or suspect
    ballots.
    
    2. Where a simple, accurate, electronic system can be used, then it may be
    but is MUST be possible to back this up with a hand count, using the
    original ballot papers, in the event of any irregularities or concerns from
    the candidates or voters.
    
    3. The method of indicating a choice on a ballot should be simple and the
    results immediately visible to, and correctable by, the voter.  The voter
    indicating "OK", whether by depositing the ballot in a box or pressing a
    leaver or whatever, should have NO affect on the voting slip - for example
    this is NOT the time to punch out the holes indicating the selections
    because the act of punching could fail leaving the voter with no indication
    of their spoiled or incorrect vote.
    
    Note that I have deliberately not commented on the risks of voting for many
    contest (did somebody mention 45!) in one ballot.  This is a matter for the
    residents of the ballot area to consider -- do they want to vote at this
    degree of choice or are they happy to delegate to a representative?
    [The answers may well be No! and No! in many cases.  PGN]
    
    I believe that pretty much covers the ideal voting system.  All flaws in
    existing systems result because the system fails to address one or more of
    the three criteria above.
    
    ------------------------------
    
    Date: Sat, 2 Nov 2002 15:14:29 -0800
    From: Paul Schreiber <shrubat_private>
    Subject: Risks of dual-boot systems
    
    A friend of mine has a dual-boot PC running Windows 98 and Windows
    2000. Last week, it was booted into Windows 98 when the daylight savings
    time changeover occurred.
    
    Windows 98 was smart enough to automatically adjust the clock back an
    hour. However, when he rebooted into Windows 2000, it adjusted the
    clock back a second hour.
    
    This could lead to many problems if not caught, including alarms going off
    at the wrong time, scheduled tasks running at inconvenient hours, incorrect
    email headers and much more destructive behaviour if used in a
    mission-critical situation.
    
    ------------------------------
    
    Date: Sun, 3 Nov 2002 21:48:22 -0000
    From: "Chris Jakeman (Bigfoot)" <cjakemanat_private>
    Subject: Windows daylight saving and file time-stamp
    
    Discovered today that a misbehaving program was due to a strange behaviour
    in Windows. (Can't find any reference to this on comp.risks.)
    
    When the computer clock changes due to Daylight Saving Time (we gained an
    hour a week ago in the UK), Windows also changes the time stamp of all its
    files by an hour.
    
    This came to light when synchronising files between a Unix webserver and a
    Windows copy of the website, using Dreamweaver.
    
    Microsoft discusses this behaviour in its Knowledge Base at
      http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q129574&
    but apparently sees nothing wrong in providing a time stamp that changes.
    
    One query: When Samba is used to make Unix files look like Windows ones,
    does it fiddle the time stamp to emulate this bizarre behaviour?
    
    Risks: On networks that mix Unix and Windows, this problem might screw up
    any utility that relies on timestamps such as incremental backups and source
    code control systems.
    
    ------------------------------
    
    Date: Mon, 4 Nov 2002 09:24:17 -0800 (PST)
    From: Keith Rhodes <rhodeskat_private>
    Subject: Microsoft court ruling leaked early through security blunder
    
    Court staffers didn't realize that the ruling placed on their servers became
    public knowledge two hours early -- even though it wasn't posted on their
    Web site.  [Source: Patick Gray, *ZDNet Australia*, 4 Nov 2002; PGN-ed]
      http://zdnet.com.com/2100-1104-964415.html
    
      [Interesting competition of ideas: They want to put the file on the Web so
      that people will find it, but they think it will be safe until they
      release it if they put it on the Web because no one will be able to find
      it.  Keith]
    
        [The judgment went up at 2:40pm EST Friday, prior to its intended
        release time of 4:30pm EST.  The URL was fairly obvious, and the
        directory was freely browsable.  PGN]
    
    ------------------------------
    
    Date: Wed, 30 Oct 2002 21:04:43 -0500 (EST)
    From: David Lesher <wb8fozat_private>
    Subject: Exam software -- does it get a passing grade?
    
    Georgetown Law Center lets students use their laptops on exams, IFF they
    have installed a package called "SofTest" from ExamSoft.  It blocks other
    uses of the laptop, but allows the exam to be taken on it. Or so it sez..
    
    Known problems include:
    
    * Only works on WinDoze systems; forget that Ti OSX PB, or any Linux laptop.
    * Requires the laptop have a floppy drive
    * Sometimes fails during exams.
    
    But with so many unemployed nerds headed back to grad schools, it's easy to
    imagine OTHER problems. What about VMware? What about a determined
    programmer who decides hacking code is easier than grok-ing Feist vs. Rural
    Telephone? Suppose she writes a Examsoft-specific virus that stay dormant
    until the middle of the exam....then bombs all the OTHER machines in the
    class.
    
    And most of all, who watches the watcher?
    
    Is this an indirect way to get more attorneys who can code?
    
    ------------------------------
    
    Date: Thu, 10 Oct 2002 15:24:43 -0400
    From: "Fuzzy Gorilla" <fuzzygorillaat_private>
    Subject: $3,200 tuition listed on bill as 'Taco Bell'
    
    A glitch in vendor software erroneously caused some University of
    Wisconsin-La Crosse room/board/tuition payments to be listed as charges from
    Taco Bell on credit-card statements.  [Source: AP item, 10 Oct 2002; PGN-ed]
    http://dailynews.yahoo.com/news?tmpl=story2&u=/ap/20021010/ap_on_fe_st/_3
    
    ------------------------------
    
    Date: Mon, 4 Nov 2002 15:04:00 -0500
    From: Monty Solomon <montyat_private>
    Subject: Turnpike commuters play "Where's the Fast Lane?"
    
    The Fast Lanes (like EZPass lanes) are not always in the same configuration
    in Massachusetts, sometimes on one side, sometimes in the middle, sometimes
    combined with exact-change lanes, sometimes right between two exact-change
    lanes.  This seems to be resulting in long lines where they could be avoided
    by a more sensible layouts.  "This results in vehicles switching lanes via
    the Fast Lane/exact change lane like crazed motorized salmon running
    upstream."  [Source: Mac Daniel, *The Boston Globe*, 3 Nov 2002; PGN-ed]
      http://www.boston.com/dailyglobe2/307/metro/Pike_commuters_play_Where_s_the_Fast_Lane_+.shtml
    
    ------------------------------
    
    Date: Tue, 8 Oct 2002 15:44:10 +0100 
    From: "LEESON, Chris" <CHRIS.LEESONat_private>
    Subject: BBC News: Fake bank website cons victims
    
      [It seems that the old Nigerian scam is becoming more hi-tech (although Web
      site spoofing and e-mail scams are hardly news in RISKS).  CL]
    
    As revealed by BBC Radio5Live, West African spam scammers used an unclaimed
    Web domain of a British bank's online service that looked genuine. and found
    still more gullible people.  The UK National Criminal Intelligence Service
    notes that at least two Canadians had lost more than $100,000 after being
    gulled by the fake Web site.  In response to letters, e-mail, and now Web
    sites (one has been shut down), this type of scam somehow continues to be
    profitable for the scammers.  [Greed?  Stupidity?  ...]
    
    "One of the first companies to fall victim to website spoofing was net
    payment service Paypal.  Con-men set up a fake site and asked people to
    visit and re-enter their account and credit-card details because Paypal had
    lost the information.  The Web site link included in the e-mail looked
    legitimate but in fact directed people to a fake domain that gathered
    details for the con-men's personal use."  [Source: BBC News Website; PGN-ed]
      http://news.bbc.co.uk/1/hi/technology/2308887.stm
    
    ------------------------------
    
    Date: Thu, 31 Oct 2002 18:12:50 -0500
    From: Monty Solomon <montyat_private>
    Subject: GAO: Government Agencies Adhering To Privacy Laws
    
    On 30 Oct 2002, the General Accounting Office issued a report "Information
    Management: Selected Agencies' Handling Of Personal Information" finding
    that the Departments of Agriculture, Education, Labor, and State generally
    adhere to government privacy laws.  "The report found that agencies'
    handling of information varies and that a wide range of government personnel
    have access to the information, but by and large, the agencies follow
    current privacy laws."  (Information considered included names, phone
    numbers, addresses, SSNs, financial and legal data, and demographic
    information, provided for a specific purpose such as to receive benefits,
    obtain services or loans, or participate in a specific federal program.)
    [Source: Eric Chabrow, *InformationWeek*, 30 Oct 2002; PGN-ed]
      http://news.lycos.com/news/story.asp?section=Politics&storyId=556059
    
      [RISKS always seeks positive items that do not represent horrible cases
      involving security, privacy, reliability, safety, survivability, financial
      losses, etc.  It is always startling how few really constructive cases 
      there are.  On the other hand, the GAO report clearly does not imply that
      there are no potential problems in those four departments.  PGN]
    
    ------------------------------
    
    Date: Tue, 29 Oct 2002 08:01:28 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "Ethical Issues of Information Systems", Ali Salehnia
    
    BKETHISS.RVW   20020831
    
    "Ethical Issues of Information Systems", Ali Salehnia, 2002,
    1-931777-15-2
    %E   Ali Salehnia
    %C   1331 E. Chocolate Ave., Hershey, PA   17033-1117
    %D   2002
    %G   1-931777-15-2
    %I   IRM Press/Idea Group
    %O   U$ 800-345-432 717-533-8845 fax: 717-533-8661 cust@idea-group.com
    %P   301 p.
    %T   "Ethical Issues of Information Systems"
    
    As with any collection of essays, there isn't much of a common thread
    between the pieces.  However, in this case, there isn't even an
    attempt to set up a structure, or group the papers into subjects.
    
    In chapter one, Internet privacy is very poorly defined, and then we are
    told that an opinion poll and an unqualified panel have decided that there
    are five primary privacy concerns.  Chapter two points out that some
    companies might not benefit from establishing their own global information
    network.  There are some brief thoughts on uniform contract codes and
    jurisdiction in chapter three.  A poorly documented study, in chapter four,
    indicates that neural nets do better than random chance at predicting moral
    attitudes from sets of disjoint questions.  A study in chapter five finds
    that when you ask people ethical questions, and then ask why they decided
    the way they did, morals are a strong factor.  Chapter six is much more
    detailed than most of the other papers, and uses stories of the automation
    of stock markets in China, Russia, and Chile to point out benefits and
    problems with electronic auction systems.  Poor people, and countries, have
    less technology with which to advance themselves, we are told in chapter
    seven.  Chapter eight points out that we should do a proper risk management
    analysis if we are relying on e-commerce.  After careful study and analysis,
    chapter nine finds (from self-reports) that people who have more
    opportunities to pirate software are more inclined to think that the
    practice is OK.  Chapter ten tells us that there are problems with the
    quality of software.  There is a brief, but not bad, introduction to
    information warfare in chapter eleven.  Chapter twelve is a fictional
    "conversation" on the ethics of teachers and researchers.  People who copy
    or pirate software tend to think that it is OK to hurt a big guy (a
    corporation) because hurting a big guy helps the little guy (individual), we
    are told in chapter thirteen.  Chapter fourteen asserts the need for public
    policy in relation to e-commerce.  Soren Kierkegaard theorized that remote
    information keeps people from forming local relationships, and chapter
    fifteen relates this to the Internet.  There are some interesting stories in
    chapter sixteen about competitive intelligence or industrial espionage.  The
    examination of the ethics of outsourcing, in chapter seventeen, is actually
    more about fraud.  Chapter eighteen looks at the Nietzschean concept of
    authenticity; that moral choices need to come from within the individual;
    but does not examine the problems that have been analyzed in regard to the
    very similar concepts involved in Kohlberg's level six of ethical
    development.  A variety of views of ethics are listed in chapter nineteen.
    A compilation of the arguments for and against the Australian Internet
    censorship bill is given in chapter twenty.  Chapter twenty tells us that a
    couple of researchers asked for an opinion survey on whether or not using
    genetic tests for finding genetic diseases was ethical.
    
    Aside from the lack of structure and depth, this book has a number of
    problems.  Some are technical: the proofreading is a definite problem, with
    famous names being spelled incorrectly and punctuation appearing in bizarre
    places.  As demonstrated by the bibliographies attached to each paper, the
    authors are attempting to deal with issues involving technology without
    having read standard technical references.  (An additional bothersome point
    is that all of these papers seem to have been collected from a very limited
    pool of resources: all have appeared in Idea Group books or periodicals.)
    
    While the individual papers may raise some issues that might be interesting
    for discussion, ultimately the book does not contribute to the computer
    ethics debate.  Pretty much everything in the book is either glaringly
    obvious, or has been discussed to death in other works.
    
    copyright Robert M. Slade, 2002   BKETHISS.RVW   20020831
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: Mon, 4 Nov 2002 08:03:31 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "Computer Security Handbook", Seymour Bosworth/M. E. Kabay
    
    BKCMSCHB.RVW   20020911
    
    "Computer Security Handbook", 2002, Seymour Bosworth/M. E. Kabay,
    0-471-41258-9
    %E   Seymour Bosworth sybosworthat_private
    %E   M. E. Kabay mkabayat_private
    %C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
    %D   2002
    %G   0-471-41258-9
    %I   John Wiley & Sons, Inc.
    %O   U$75.00 416-236-4433 fax: 416-236-4448
    %P   1224 p.
    %T   "Computer Security Handbook, Fourth Edition"
    
    There are many recognizable (and a lot more not so recognizable) names
    in the list of contributors.  Authors such as Rebecca Bace, Donn
    Parker, and William Stallings stand out as people who have something
    worth saying, and can say it well.  Other names are associated with
    less worthy works.
    
    Chapter one states that the purpose of the handbook is to describe
    information system security risks, the measures for mitigating those
    risks, and the techniques for managing security risks.  In a sense, it
    does that, but risk management is not the whole of computer security.
    Even if the title of the book were to confine itself to risk
    management, one would still have to say that, overall, there are other
    works that cover the field more completely, with less wasted verbiage.
    
    There has been an attempt to remove the limiting of previous editions
    to topics relevant to "big iron."  However, new technologies still
    seem to get short shrift.
    
    Part one looks at foundations of computer security, with papers
    examining the history and mission of security (actually just history
    of computers), law and computer forensics (random collection of legal
    issues, almost nothing on forensics), common language for computer
    incident information (proposal with no proof that it will either cover
    all incidents or assist with dealing with incidents), surveys of
    computer crime (lots of material on how studies should be conducted,
    and uncritical reports of some studies), and new framework for
    security (Donn Parker says we are missing pieces of security).
    
    Threats and vulnerabilities are reviewed in part two, including essays
    on the psychology of computer criminals (mostly good but some
    questionable observations and theories about black hats), information
    warfare (information systems can be attacked--surprise!), penetrating
    systems and networks (there are different ways to get unauthorized
    access), malicious code (traditional models and some recent examples
    of viruses), mobile code (some aspects of ActiveX and scripting),
    denial of service attacks (reasonable overview of various types--and
    some unrelated exploits), intellectual property (random legislation
    and thoughts), e-commerce vulnerabilities (various weaknesses), and
    physical threats (generic disaster recovery).
    
    Part three covers preventive technical defenses, containing topics
    such as protecting information infrastructure (generic security,
    mostly physical), identification and authentication (brief
    introduction), operating system security (good introduction to access
    control), local area networks (random thoughts), e-commerce safeguards
    (legal protections and vague ideas), firewalls (confused grab bag),
    protecting Internet systems (basic concepts), protecting web sites
    (broad but not deep), public key infrastructure (basic components, but
    no more), antivirus technology (simplistic look at scanning), software
    development (simplistic look at the software development life cycle),
    and piracy (piracy is going on and we have to find some way to stop
    it).
    
    Human factors, in part four, looks at standards for security products
    (verbose description of the Common Criteria components), security
    policy guidelines (miscellaneous related documents), security
    awareness (do interesting seminars), ethics (vague), employment
    policies (grab bag), operations security (and another), Internet use
    policies (yet again), working with law enforcement (generic and poorly
    structured), social psychology (redoing the security awareness article
    with extra psychological jargon), and auditing computer security (a
    checklist).
    
    Part five's look at detection is brief, with intrusion detection
    (excellent introduction), monitoring (you should log stuff), and
    application controls (database integrity).
    
    Remediation reviews computer emergency response teams (generic),
    backups (pedestrian), business continuity planning (have a plan),
    disaster recovery (repeat previous), and insurance (get some) in part
    six.
    
    Part seven examines management's role, including management
    responsibilities (you could be liable), developing policies (generic),
    risk assessment (assess risks), and Y2K (management is now onside--
    yeah, right).
    
    Other considerations, such as medical records (good introduction and
    discussion of the issues), using encryption internationally (laws
    differ), censorship (random thoughts), privacy (various laws),
    anonymity (psychological ponderings), and the future (various
    thoughts) make up part eight.
    
    There is useful material in the work, but it is difficult to abstract
    the good from the mundane unless you are already quite expert in the
    field.  The newcomer would be advised to get some basic training or
    reading before attempting to deal with this work, but the expert will
    be able to find some useful nuggets.
    
    copyright Robert M. Slade, 2001, 2002   BKCMSCHB.RVW   20020911
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: Mon, 04 Nov 2002 09:55:37 -0800
    From: Alex Walker <alexat_private>
    Subject: CARDIS '02: 5th Smart Card Research/Advanced Application Conference
    
    5th Smart Card Research and Advanced Application Conference
    San Jose, CA, 21-22 Nov 2002
    http://www.usenix.org/events/cardis02/
    
    Keynote speaker Vincent Cordonnier, LIFL; 14 refereed papers; panel
    discussions; Work-In-Progress reports as well as ample opportunities to
    informally interact with fellow attendees and speakers.  Unlike events
    devoted to commercial and application aspects of smart cards, the CARDIS
    conferences bring together researchers who are active in all aspects of the
    design, validation, and application of smart cards.  The breadth of smart
    card research stimulates a synergy among disparate research communities,
    making CARDIS an ideal opportunity to explore and learn from the latest
    research advances.
    
    Peter Honeyman, CITI, University of Michigan
    CARDIS '02 Program Chair
    
    Alex Walker, Production Editor, USENIX Association
    2560 Ninth Street, Suite 215, Berkeley, CA 94710  1-510/528-8649 x33
    
    ------------------------------
    
    Date: Mon, 04 Nov 2002 11:37:44 +0100
    From: Diego Latella <diego.latellaat_private>
    Subject: Formal Methods Europe 2003 cfp
    
    FM 2003: the 12th International FME Symposium
    Pisa, Italy -September 8-14, 2003
    Papers must be submitted electronically by 7 Mar 2003.
    http://fme03.isti.cnr.it/fme-cfp.htm
    
    FM 2003 is the twelfth in a series of symposia organized by Formal Methods
    Europe, an independent association whose aim is to stimulate the use of, and
    research on, formal methods for software development.  These symposia have
    been notably successful in bringing together a community of users,
    researchers, and developers of precise mathematical methods for software
    development as well as industrial users.
    
    Formal methods have been controversial throughout their history, and the
    realisation of their full potential remains, in the eyes of many
    practitioners, merely a promise. Have they been successful in industry? If
    so, under which conditions? Has any progress been made in dispelling the
    scepticism that surrounds them? Are they worth the effort? Which aspects of
    formal methods have become so well established in industrial practice that
    they have lost the "formal method" label in the meanwhile?
    
    FM 2003 aims to answer these questions, by seeking contributions not only
    from the Formal Method community but also from outsiders and even from
    skeptical people who are most welcome to explain, document, and motivate the
    source of their reluctance. We are confident that a wide spectrum of
    experiences and a loyal contrasting of opinions will foster a better and
    deeper understanding, if not a wider adoption of Formal Methods.
    
    Far from restricting the focus of the conference, however, FM 2003 also
    welcomes papers with strong theoretical content that establish a connection
    with the practice of formal methods.  [PGN-ed]
    
    Dott. Diego Latella, Consiglio Nazionale delle Ricerche
    Area della Ricerca di Pisa - Ist. di Scienze e Tecnologia
    dell'Informazione - ISTI
    Via G. Moruzzi, 1 - I56124 Pisa, ITALY
    phone: +39 0503152982 or +39 348 8283101
      fax: +39 0503138091 or +39 0503138092
    email: Diego.Latellaat_private
     http://www.cnuce.pi.cnr.it/people/D.Latella
    
    ------------------------------
    
    Date: 29 Mar 2002 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .MIL users should contact <risks-requestat_private> (Dennis Rears).
       .UK users should contact <Lindsay.Marshallat_private>.
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 21" for volume 21]
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.34
    ************************
    



    This archive was generated by hypermail 2b30 : Mon Nov 04 2002 - 16:27:11 PST