[risks] Risks Digest 22.81

From: RISKS List Owner (riskoat_private)
Date: Sun Jul 20 2003 - 15:25:00 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.82"

    RISKS-LIST: Risks-Forum Digest  Sunday 20 July 2003  Volume 22 : Issue 81
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at http://www.risks.org as
      http://catless.ncl.ac.uk/Risks/22.81.html
    The current issue can be found at
      http://www.csl.sri.com/users/risko/risks.txt
    
      Contents:
    Reassembly of shredded documents (Richard M. Smith)
    SEVIS foreign students database (Thomas Dzubin)
    IPv6 addresses too big to fit? (Joe Loughry)
    Italian naming problem (Darryl Luff)
    GPS-piloted tractors? (Conrad Heiney)
    Health Commissioner's anonymised case reports not so anonymous (Don Mackie)
    Privacy rights under threat by lawmakers (Dan Gillmor via Monty Solomon)
    Carjacker tracked and bugged by Tele-Aid operator (Jonathan Epstein)
    Samsung Electronics bans camera phones from key factories
      (Ferdinand John Reinke)
    Software helps police draw crime links (Gareth Cook via Monty Solomon)
    AOL blocking e-mail from other ISPs (David E. Ross)
    Lack of Abbey National telephone banking security (Adam Laurie)
    HighGroup Listing of SSN's (Alice K. Whitfield)
    Why are spammers backing spam-control laws? (NewsScan)
    California court rules against Intel in spam case (Elinor Mills Abreu
      via Monty Solomon)
    Re: Virginia Identity Theft Passport (John Sinteur)
    Re: David Nelson and CAPPS II? (Arthur Flatau)
    Re: Error In e-mini Dow Futures creates havoc (Stewart C. Russell)
    Re: Washing machine does the right thing after power outage (Kurt Thams)
    Re: The nuking of RFID chips (Kevin G. Rhoads)
    Formal Methods 2003 - Call for Participation and Programme Details
      (Diego Latella)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Thu, 17 Jul 2003 12:51:45 -0400
    From: "Richard M. Smith" <rmsat_private>
    Subject: Reassembly of shredded documents
    
      Throughout the 1980s, Sascha Anderson, a poet, musician, and literary
      impresario, was one of the leading voices to speak out against the East
      German government and its dreaded secret police, the Stasi.  But his
      credibility gradually evaporated after the Communist government's collapse
      as rumors about him acquired the weight of proof: he had been informing on
      his dissident compatriots all along.
    
    It turns out that his supposedly unretrievable Stasi file was *manually*
    reconstructed from bags of papers that had been shredded during the final
    days of the regime in 1989.  However, the German government is now planning
    on reconstituting 16,000 bagsful from that era, using advanced scanning
    technology.  [Source: Picking Up the Pieces, By Douglas Heingartner, *The
    New York Times*, PGN-ed]
      http://www.nytimes.com/2003/07/17/technology/circuits/17shre.html
      ?pagewanted=all&position=
    
      [The programming effort is certainly an interesting application!]
    
    ------------------------------
    
    Date: Wed, 9 Jul 2003 05:49:23 -0700 (PDT)
    From: Thomas Dzubin <dzubintat_private>
    Subject: SEVIS foreign students database
    
    Under new United States homeland security laws, all U.S. schools have to
    register their foreign students in the database, known as the Student and
    Exchange Visitor Information System (SEVIS).  This system has all the
    attributes of a big system rushed into production before sufficient testing
    could take place.  In my mind, the RISK-iest thing about this story is that
    the effects of the problems can cause life-changing situations for people
    including being jailed and/or deported.
    
    Many problems with this system are detailed in the story including files
    being mysteriously deleted or "misplaced".  Some advisers are telling
    students not to go back to their home countries on school breaks, in case
    SEVIS accidentally deletes their records.  Students who are not in the
    system cannot re-enter the country.  One quote from the story: "Daily
    interactions with SEVIS have become a test of wit and will"
    
    Other bugs/glitches/problems reported:
    
    - Unable to modify existing records which is a problem if a foreigner
      (or spouse) has a baby.
    - extreme system slowness and random crashing
    - insufficient or inadequate help desk technician support
    
    One final quote from the story:
    
    "The technical failings of SEVIS and the difficulty the government has had
    in implementing it undermine its security potential, Cotten says. If the
    American people feel safer because of SEVIS, then they are severely misled,
    she says."
    
    Source:
      http://www.govexec.com/dailyfed/0703/070303h1.htm
    (Hopefully this link is still active.  If not, Government Executive Magazine
    does keep old stories archived under a slightly different URL naming
    convention...the title "Foreign student tracking system called inefficient,
    intrusive" should stay the same.)
    
    ------------------------------
    
    Date: Thu, 17 Jul 2003 17:36:27 -0600
    From: "Loughry, Joe" <joe.loughryat_private>
    Subject: IPv6 addresses too big to fit?
    
    In light of the recent announcements by the U.S. Department of Defense in
    support of IPv6, we have been going through our software making the
    necessary changes.  I found several examples of text input fields that were
    too short to hold a valid IPv6 address like
    3ffe:1800:0:3:290:27ff:fe14:cdee.
    
    Also necessary was replacing calls to the standard library functions
    inet_ntoa() and inet_addr(), among others, which do not support IPv6.
    
    On an encouraging note, however, I found that throughout the source code,
    extremely conservative coding practices and good error checking everywhere
    means that our software does not crash when handling IPv6 addresses.
    
    It's Y2K all over again.
    
    Joe Loughry, Lockheed Martin Space and Strategic Missiles, RADIANT MERCURY
    
    ------------------------------
    
    Date: Fri, 18 Jul 2003 12:41:33 +1000
    From: Darryl Luff <dluffat_private>
    Subject: Italian naming problem
    
    Hmm, the simple risk of your perfectly sensible domain name being
    interpreted very differently in other languages.  [NOTE: text not mine.  DL]
    
      At least they should then have created a brilliant logo.....
    
        If you were a company called Powergen and you had a subsidiary that
        operated in Italy, what would you call that company's Web site?.
    
      Probably not http://www.powergenitalia.com
    
      But they really did.  ...
    
        [A high-strung multilingually interpretable literal string!  PGN]
    
    ------------------------------
    
    Date: Fri, 18 Jul 2003 16:28:41 -0700
    From: "Conrad Heiney" <conradat_private>
    Subject: GPS-piloted tractors?
    
    According to a Reuters report on CNN today, a University of Queensland
    researcher is promoting an Australian technology for satellite-guided
    tractors. These are said to be accurate to 2 cm.  Apparently advantages to
    these are that the tractors are more accurate and do not crush the soil as
    much as conventional people-driven equipment, allowing higher yield. As a
    bonus, they could be run at night.
      http://www.cnn.com/2003/TECH/science/07/18/satellite.tractor.reut/index.html
    
    The RISK of unmanned vehicles relying on GPS signals, with or without
    rotating blades attached, is interesting to contemplate, especially at night!
    
    Conrad Heiney  http://contentgoeshere.com/  http://fringehead.org
    
    ------------------------------
    
    Date: Wed, 9 Jul 03 19:32:37 +1200
    From: Don Mackie <donaldat_private>
    Subject: Health Commissioner's anonymised case reports not so anonymous
    
    The New Zealand Health & Disability Commissioner has been dealing with
    complaints about health care for almost ten years. As it says at the website
    (www.hdc.org.nz) the purpose... is to promote and protect the rights of
    health and disability consumers, and to facilitate the fair, simple, speedy,
    and efficient resolution of complaints.
    
    The Commissioner investigates complaints.  Often there are useful lessons to
    be learned from the complaint and the findings, after removal of all
    identifying features, are published so that others can benefit.  Some are
    posted on the website in a range of formats: html, pdf and Word document.
    Some of you will see where this is leading.
    
    A colleague of mine was startled to be told by a patient that a Google
    search on the doctor's name yielded the text of a HDC finding as the top
    hit.  While my colleague acknowledges that there was a complaint about them
    they have learned from it and believed that the publication was anonymous.
    On opening the link from Google, I got a Word document.  Sure, the names of
    the individuals had been removed from the text of the document, but when I
    went Properties -> Summary, there they were.  Waiting to be found by a
    search engine.  I looked at a few other .doc files and the same problem
    existed.  I informed the HDC and they have now pulled the .doc opinions.
    
    Ignorance of the hidden information in word processing files is, of course,
    not new.  This one has had the potential to damage reputations when the HDC's
    office has been careful, but not careful enough, to protect them in the
    past.
    
    ------------------------------
    
    Date: Sun, 13 Jul 2003 20:23:54 -0400
    From: Monty Solomon <montyat_private>
    Subject: Privacy rights under threat by lawmakers
    
    Dan Gillmor, *San Jose Mercury News*, 13 Jul 2003
    
    In the constant battle to preserve what's left of our privacy and roll back
    some of the invasions we've already suffered, one reality is all too clear:
    Elected officials are not on our side.  Last week brought the latest
    perversion of the public will, the cowardly refusal of the California
    Legislature to enact even modest improvements in financial privacy. The
    voters will do it instead, in a ballot measure next year.
    
    Meanwhile, state and federal lawmakers are almost totally oblivious to
    future threats, including some that should be dealt with before they cause
    trouble.  For example, retailers will soon be installing little identifying
    radios, a technology known as RFID, into items they sell, enabling a host of
    new privacy invasions that could make the status quo seem benign.
    
    We all understand why lawmakers hold the public good, and will, in such
    contempt.  They tend to vote on behalf of their financial benefactors.
    Commercial interests see our privacy as a barrier to their business.
    
    Game over? No. We have to care enough to take matters into our own hands.
    Pressuring politicians is vital, but it's plainly not enough.  We'll need to
    do a little multitasking to retrieve our right to be left alone.  ...
    
    http://www.siliconvalley.com/mld/siliconvalley/6293890.htm
    
    ------------------------------
    
    Date: Thu, 17 Jul 2003 13:23:16 -0400
    From: Jonathan Epstein <Jonathan_Epsteinat_private>
    Subject: Carjacker tracked and bugged by Tele-Aid operator
    
    A quick-thinking bystander realized that police could track the movements of
    a carjacker who sped off with two small children in the back seat.  The
    police were able to indirectly both track and listen-in on the car, and
    learn that the kids in the back seat were OK.
      http://www.washingtonpost.com/wp-dyn/articles/A2862-2003Jul16.html
    
    Marc Fisher of the Washington Post writes:
    
    That carjacking the other night raises some fascinating questions. I'm sure
    the mom was tremendously relieved that the operators in Dallas were able to
    listen in on her children as their kidnapper hurtled along Rt. 50 -- and
    goodness knows what might have happened if the Mercedes version of OnStar,
    called Tele-Aid, hadn't been tracking the thug's movements. But do any of
    you have concerns about the ability of Tele-Aid and similar companies to
    turn on the microphone remotely and listen in on the goings-on in your car?
    Or does this case prove that such privacy fears are outweighed by the good
    those devices can do?
    
    ------------------------------
    
    Date: Mon, 7 Jul 2003 15:45:55 -0400
    From: "Ferdinand John Reinke" <ferdinand.john.reinkeat_private>
    Subject: Samsung Electronics bans camera phones from key factories
    
    Samsung Electronics is restricting use of camera phones at key factories and
    research centers to preclude industrial espionage.  (Camera phones have
    become popular in South Korea.)  [Source: Yahoo News, 7 Jul 2003]
    http://news.yahoo.com/news?tmpl=story2&cid=1509
      &u=/afp/20030707/tc_afp/skorea_samsung_it_company_030707080259&printer=1
    
      [I wonder if they remember that PDA's have camera capability? Wonder if
      financial institutions have thought about this "risk"? Not likely. JohnR]
    
    ------------------------------
    
    Date: Fri, 18 Jul 2003 02:13:53 -0400
    From: Monty Solomon <montyat_private>
    Subject: Software helps police draw crime links
    
    The Boston Police Department is rolling out a powerful new computer program
    built to find hidden connections among people and events almost instantly,
    allowing detectives to investigate murders, rapes, and other crimes far
    faster than they can today.  Called ''Coplink,'' the program sifts through
    tens of millions of police records, from 911 calls to homicide
    investigations, to deliver a short list of potential leads in just seconds.
    The same kind of searching currently takes hours or even days of a
    detective's time -- when it is possible at all.  Designed in an Arizona AI
    lab, Coplink searches through arrest records, incident reports, and
    emergency phone calls to identify potential suspects and compile all
    possible leads on them, including past addresses, weapons they have owned,
    and even the arrest records of people with whom they have been stopped in a
    car.  In Boston, it will search only through city police records, though it
    could later be expanded to stretch far more broadly.  ...
    [Source: Gareth Cook, *The Boston Globe*, 17 Jul 2003; PGN-ed]
      http://www.boston.com/dailyglobe2/198/nation/
      Software_helps_police_draw_crime_links+.shtml
    
    ------------------------------
    
    Date: Sat, 19 Jul 2003 12:30:11 -0700
    From: "David E. Ross" <davidat_private>
    Subject: AOL blocking e-mail from other ISPs
    
    AOL has been bouncing E-mail messages from other ISPs.  In their attempt to
    block spam, they are blocking mail servers that they presume are on end-user
    IP addresses. For some reason, some ISP mail servers -- including at large,
    well-run ISPs -- were considered to be among those addresses.
    
    The problem started on Tuesday, 15 July, or earlier.  AOL apparently did not
    know of the problem until a customer of an affected ISP complained on the
    morning of Friday, 18 July.  AOL's response is that they will not be able
    fix the problem until Monday, 21 July, or later.
    
    This seems to be another case of implementing technology without sufficient
    testing.  However, the fact that a problem reported on Friday cannot be
    fixed until Monday indicates this risk arises from placing business
    considerations ahead of either technology or customer service.
    
    David E. Ross <http://www.rossde.com/> 
    
    ------------------------------
    
    Date: Fri, 18 Jul 2003 10:41:16 +0100
    From: Adam Laurie <adamat_private>
    Subject: Lack of Abbey National telephone banking security
    
    I hold an Abbey National account in the joint names of myself and my wife,
    but my wife's entry is still in her maiden name (so from the bank's
    perspective it could be any individual with no special legal
    relationship). This account was created many moons ago, before we were
    married, to facilitate the purchase of a flat. After the transaction, there
    were a couple of hundred pounds left in the account, which have languished
    ever since. We recently moved house and so this account came to our
    attention when the tenants at the previous address forwarded our bank
    statements to us.
    
    And now the scary bit...
    
    Armed only with the statement passed to me by said 3rd party, I was able to
    call up the online bankers, cancel all the cheques and have all the funds in
    the account transferred to an arbitrary account (in this case my personal
    account - i.e. not a joint account with my wife).
    
    The "extra security" questions I was asked were:
    
    1. who is the other named account holder? (this was printed on the 
       back of statement).
    
    2. what is your overdraft limit? (this was printed on the front of 
       the statement).
    
    As the nice kid in Terminator 2 says... "easy money"... :)
    
    Adam Laurie, A.L. Digital Ltd., The Stores, 2 Bath Road, London W4 1LT UK
    http://www.aldigital.co.uk  http://www.thebunker.net  Tel: +44 (20) 8742 0755
    
    ------------------------------
    
    Date: Fri, 18 Jul 2003 10:36:05 -0400
    From: "Alice K. Whitfield" <qcscorpat_private>
    Subject: HighGroup Listing of SSN's
    
    The risks of using social security numbers as personal identifiers in
    the U.S. is better known to members of this community than perhaps any
    other.  You may appreciate then, better than the Social Security
    Administration apparently does, the increased risk that arises when the
    SSA's own published list of valid (partial) numbers contains errors of
    omission (http://www.ssa.gov/foia/highgroup.htm, as of 18 July 2003 at
    1400 UT).
    
    The errors in the July list are not numerous, and may affect mostly
    elderly, former railroad workers.  In past instances, the errors were
    more widespread but eventually fixed.  They show no sign of responding
    to any communications about the current problems, however. Obviously,
    the current list was not verified before the page went live.
    
    Luckily, flunking a flawed social security number verification test 
    under the current regime of Total Awareness, "is not a basis ... for ...
    adverse action ... such as laying off, suspending, firing, or
    discriminating against an individual..." So, according to the Social
    Security Administration, no one should have to worry about those risks,
    at least.
    
    ------------------------------
    
    Date: Fri, 18 Jul 2003 09:26:46 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: Why are spammers backing spam-control laws?  
    
    Bigtime spam-mongers and junk-mail proponents like the Direct Marketing
    Association are backing proposed antispam legislation, while consumer and
    public-interest groups, almost without exception, oppose the bills. What's
    going on? "It's a sign of who benefits from these bills and who doesn't,"
    says a spokesman for the Coalition Against Unsolicited Commercial Email.
    "When you see some of the biggest spammers in the country backing
    legislation that is allegedly antispam, you really need to wonder about what
    these bills actually do." The answer is that rather than banning all
    unsolicited e-mail outright, as many consumer groups wish, they legitimize
    spam, as long as the perpetrators adhere to certain rules, such as using
    accurate subject lines and valid return addresses, and allowing recipients
    to opt out of future mailings. Two bills are currently making their way
    through Congress and a variant of thereof is expected to pass overwhelmingly
    and be signed into law later this year.  [*Wall Street Journal*, 18 Jul
    2003; NewsScan Daily, 18 Jul 2003] 
      http://online.wsj.com/article/0,,SB105848273351539900,00.html (sub req'd)
    
    ------------------------------
    
    Date: Mon, 30 Jun 2003 23:07:18 -0400
    From: Monty Solomon <montyat_private>
    Subject: California court rules against Intel in spam case
    
    The California Supreme Court on 30 Jun 2003 ruled spammers cannot be sued
    under state law for property trespass for just sending e-mail -- a setback
    for Intel Corp., which had sued a former engineer for sending e-mails to up
    to 35,000 company workers.  The 4-3 ruling reversed a lower court order
    prohibiting former Intel engineer Ken Hamidi from sending e-mails critical
    of Intel to thousands of its employees.  Intel claimed the e-mails had
    trespassed on its private network and had harmed the company by reducing
    worker productivity.  But the California Supreme Court found that Intel's
    computer system had not been damaged as a result of the e-mails and,
    therefore, there was no trespass.  The court declined to expand state common
    law covering property trespass to apply to e-mail whose contents may be
    objectionable, but which is otherwise harmless.  ...  [Source: Elinor Mills
    Abreu, Reuters, 30 Jun 2003]
      http://finance.lycos.com/home/news/story.asp?story=34677087
    
    ------------------------------
    
    Date: Mon, 30 Jun 2003 23:07:18 -0400
    From: Monty Solomon <montyat_private>
    Subject: California court rules against Intel in spam case
    
    The California Supreme Court on 30 Jun 2003 ruled spammers cannot be sued
    under state law for property trespass for just sending e-mail -- a setback
    for Intel Corp., which had sued a former engineer for sending e-mails to up
    to 35,000 company workers.  The 4-3 ruling reversed a lower court order
    prohibiting former Intel engineer Ken Hamidi from sending e-mails critical
    of Intel to thousands of its employees.  Intel claimed the e-mails had
    trespassed on its private network and had harmed the company by reducing
    worker productivity.  But the California Supreme Court found that Intel's
    computer system had not been damaged as a result of the e-mails and,
    therefore, there was no trespass.  The court declined to expand state common
    law covering property trespass to apply to e-mail whose contents may be
    objectionable, but which is otherwise harmless.  ...  [Source: Elinor Mills
    Abreu, Reuters, 30 Jun 2003]
      http://finance.lycos.com/home/news/story.asp?story=34677087
    
    ------------------------------
    
    Date: Thu, 17 Jul 2003 07:45:56 +0200
    From: John Sinteur <johnat_private>
    Subject: Re: Virginia Identity Theft Passport (RISKS-22.80)
    
    I can't help but wonder, how long until identity thieves won't just acquire
    a driver's license, credit cards, etc, with their freshly stolen identity,
    but one of these passports as well? Which will be relative unknown to the
    cop on the street, so the first few yours you could hack something together
    yourself in Photoshop as well...
    
    If there's a bug in the way people use paperwork to assert and use
    identities, how is more paperwork going to solve that?
    
      [Similar comment from Michael Hartley.  PGN]
    
    ------------------------------
    
    Date: Thu, 17 Jul 2003 09:44:12 -0500
    From: "Arthur Flatau" <arthur.flatauat_private>
    Subject: Re: David Nelson and CAPPS II? (Slade, RISKS-22.80)
    
    There was a story on this in the *Austin American Statesman* (originally
    from the *Chicago Tribune*).
      http://www.statesman.com/insight/content/auto/epaper/editions/
      sunday/insight_f3e0169a836a10f00085.html
    
    There are at least two David Nelsons in the Austin area.  The articles
    states:
    
        The family [Dr. David and Cindy Nelson of Austin and their two young
        children] plans to fly to Canada in August, and this time they're
        planning countermeasures. They'll try buying David Nelson's airline
        ticket under D. Austin Nelson.
    
    That is surely a tactic that the bad guys would never figure out!
    
    Arthur Flatau, Texas Microprocessor Division, Advanced Micro Devices, 
    5900 East Ben White Boulevard, Austin TX 78741 Arthur.Flatauat_private
    
    ------------------------------
    
    Date: Fri, 18 Jul 2003 10:17:40 -0400
    From: "Stewart C. Russell" <scrussat_private>
    Subject: Re: Error In e-mini Dow Futures creates havoc (RISKS-22.80)
    
    It seems that typos are quite common on trading systems. Talking to a friend
    who is a foreign exchange trader, I found out that such misquotes are
    commonly called "wrong big figure" quotes.
    
    A casual web search on this phrase will return an alarmingly large number of
    documents from forex houses. These documents pertain to their liability --
    or lack of it -- for such quotes.
    
    Surely we need to work on the ergonomics of such trading systems?
    
    ------------------------------
    
    Date: Thu, 17 Jul 2003 10:54:38 -0700
    From: "Kurt Thams" <thamsat_private>
    Subject: Re: Washing machine does the right thing after power outage
    
    On the other hand, an enterprising user could pull the power plug at nearly
    the end of the job, load a new batch of clothing, and get his second (and
    third and fourth...) wash free!
    
    ------------------------------
    
    Date: Thu, 17 Jul 2003 09:20:25 -0400
    From: "Kevin G. Rhoads" <Kevin.Rhoadsat_private>
    Subject: Re: The nuking of RFID chips (Cowan, RISKS-22.80)
    
    Most stun guns and cattle prods use current limited high voltage DC.  It is
    easy to provide overload protection for this kind of electrical insult --
    although I doubt that RFID manufacturers will include such protection in the
    early designs.  However, if such deactivation becomes common and
    problematic, it can be designed around.
    
    Better to use a low output Tesla coil, which generates high voltage
    splattered all over the RF spectrum.  Of course, a linear RF power amp
    driven by an RF sweep generator should also work -- but that level of
    equipment is not readily available.  Cheap Tesla coils can be easily
    homebrewed and Edmund Scientific carries a model for about $120 that is
    ideal.
    
    ------------------------------
    
    Date: Fri, 18 Jul 2003 09:58:48 +0500
    From: Diego Latella <Diego.Latellaat_private>
    Subject: Formal Methods 2003 - Call for Participation and Programme Details
    
    The 12th International FME Symposium
    Pisa, Italy - September 8-14, 2003
    http://fme03.isti.cnr.it -  fme03at_private
    
    FM 2003 is the twelfth in a series of symposia organized by Formal Methods
    Europe, an independent association whose aim is to stimulate the use of, and
    research on, formal methods for software development.  These symposia have
    been notably successful in bringing together a community of users,
    researchers, and developers of precise mathematical methods for software
    development as well as industrial users.
    
    Formal methods have been controversial throughout their history, and the
    realization of their full potential remains, in the eyes of many
    practitioners, merely a promise. Have they been successful in industry? If
    so, under which conditions? Has any progress been made in dispelling the
    skepticism that surrounds them? Are they worth the effort? Which aspects of
    formal methods have become so well established in the industrial practices
    to loose the "formal method" label in the meanwhile?
    
    FM 2003 aims to answer these questions, by contributions not only from the
    Formal Methods community but also from outsiders and even from skeptical
    people who are most welcome to explain, document, and motivate the source of
    their reluctance.
    
    FM 2003 will host 7 Workshops, 8 Tutorials and 1 Day dedicated to the
    Industry besides the 3 days of the FME Symposium. Tool demonstrations will
    also take place during the symposium, with the opportunity of holding
    presentations for each tool.
    
    For full details on the Symposium organization and to register please 
    go to the web site http://fme03.isti.cnr.it, or send  your query to 
    fme03at_private
    
    Dott. Diego Latella, Consiglio Nazionale delle Ricerche, ISTI 
    Via G. Moruzzi, 1 - I56124 Pisa, ITALY
    phone +39 0503152982 or +39 348 8283101  fax +39 0503138091 or +39 0503138092 
    Diego.Latellaat_private http://www.isti.cnr.it/People/D.Latella
    
    ------------------------------
    
    Date: 30 May 2003 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .UK users should contact <Lindsay.Marshallat_private>.
    => SPAM challenge-responses will not be honored.  Instead, use an alternative 
     address from which you NEVER send mail!
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES: http://www.sri.com/risks
     http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue]
       Lindsay has also added to the Newcastle catless site a palmtop version 
       of the most recent RISKS issue and a WAP version that works for many but 
       not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.81
    ************************
    



    This archive was generated by hypermail 2b30 : Sun Jul 20 2003 - 16:08:28 PDT