[risks] Risks Digest 22.82

From: RISKS List Owner (riskoat_private)
Date: Sun Jul 27 2003 - 11:05:17 PDT


RISKS-LIST: Risks-Forum Digest  Sunday 27 July 2003  Volume 22 : Issue 82

   FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at http://www.risks.org as
  http://catless.ncl.ac.uk/Risks/22.82.html
The current issue can be found at
  http://www.csl.sri.com/users/risko/risks.txt

  Contents:
Serious flaws in electronic voting systems (NewsScan)
South Africa bank Internet spyware and fraud (Heinz M. Kabutz)
Stealing passwords from Kinko's (John F. Whitehead)
New method cracks passwords in seconds (NewsScan)
Bypassing the safeguards (Mark Lutton)
Limit to stupidity? Credit card scam uses rather nasty flaw. (Gillian Brent)
Biometrics technology: not yet ready for primetime (NewsScan)
Spammers who don't read RISKS (Diamond)
Adieu to 'e-mail'? (NewsScan)
E-mail harvesting and re-use as a new virus vector? (Jim Garrison)
Identity theft: a crime that pays? (NewsScan)
Cross *words*? (Mark Brader)
Presidential "doublespeak" ... (Jim Bauman)
Owner of stolen 'sex.com' can sue VeriSign (Monty Solomon)
Another risk of decency filters (J. Lasser)
SCO wants licensing fees from corporate Linux users (Monty Solomon)
Microsoft rediscovers MultiLevel Security (Jeremy Epstein)
Re: Powergenitalia (Eliah Grabbet)
Re: Error in E-Mini Dow Futures creates havoc at CBOT, CME (Greg Compestine)
Re: GPS-piloted tractors? (Kent Borg)
Re: GPS-piloted tractors?  Hell yes!  Que Stephen King! (Fredric L. Rice)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 24 Jul 2003 09:28:33 -0700
From: "NewsScan" <newsscanat_private>
Subject: Serious flaws in electronic voting systems

Johns Hopkins University experts say that high-tech voting machine software
from Diebold Election Systems has flaws that would let voters cast extra
votes and allow poll workers to alter ballots secretly. Aviel D. Rubin,
technical director of the Information Security Institute at Johns Hopkins,
led a team that examined the Diebold software, which has about 33,000 voting
machines operating in the United States. Adam Stubblefield, a colleague of
Rubin's, said that "practically anyone in the country -- from a teenager on
up -- could produce these smart cards that could allow someone to vote as
many times as they like." Diebold has not seen the Institute's report and
would not comment on it in detail, but a company spokesman said: "We're
constantly improving it so the technology we have 10 years from now will be
better than what we have today. We're always open to anything that can
improve our systems." Peter G. Neumann, an expert in computer security at
SRI International, said the Diebold code was "just the tip of the iceberg"
of problems with electronic voting systems.
  [*The New York Times, 24 Jul 2003; NewsScan Daily, 24 Jul 2003]
  http://partners.nytimes.com/2003/07/24/technology/24VOTE.html

------------------------------

Date: Mon, 21 Jul 2003 08:42:44 +0200
From: "Dr. Heinz M. Kabutz" <heinzat_private>
Subject: South Africa bank Internet spyware and fraud

ABSA, the leading bank in South Africa has very weak Internet security.  All
you have to know is someone's bank account number and their pin, and you can
set up beneficiaries, pay money over, to your heart's content.  There is no
TAN like in German banks.  This story is not surprising at all, what is
surprising is that it took so many years for this to happen on such a big
scale.

Here is the story according to the Sunday Times.  Simple spyware was
installed on victim's computers and the account numbers and PIN sent back to
the perpetrator.  This allowed the thief to steal approximately R500,000
(about US$ 65000) from various victims.
  http://www.sundaytimes.co.za/2003/07/20/news/news01.asp

The bank responded with the usual tips:
  http://www.absa.co.za/ABSA/Media_Releases/Article_Page/0,1551,424,00.html

These were the funniest:

* Make sure that the software that is loaded onto your PC via a third party
is licensed. (How would that make a difference?)

* Update your operating system and browser with the latest Microsoft patches
to protect your PC from exploitation. These can be downloaded from the
Microsoft website http://www.microsoft.com (Assuming of course that everyone
in South Africa uses Microsoft - oh, all the victims used Microsoft!)

I am fairly confident that the police will catch the thief.  You cannot
transfer money out of the country from South Africa without special
clearance, so at least we did not have the problem with money ending up in
some country that would not cooperate.

He will probably be given a death sentence.  (Not directly, but a visit to
our jails is akin to a death sentence through HIV infection :-(

Dr. Heinz M. Kabutz (Maximum Solutions), Author of "The Java(tm)
Specialists' Newsletter" http://www.javaspecialists.co.za  +27 (83)340-5633

------------------------------

Date: Sat, 26 Jul 2003 12:41:31 -0700
From: "John F. Whitehead" <jfwat_private>
Subject: Stealing passwords from Kinko's

For two years a man stole passwords from customers in New York City Kinko's
copy/printing/office services stores, and used the information to try to
access and open bank accounts:

  "In pleading guilty to computer damage, [Juju] Jiang admitted that,
  between February 14, 2001, and December 20, 2002, without the permission
  of Kinko's Inc., he installed special keylogging software on computer
  terminals located at Kinko's stores throughout Manhattan to
  surreptitiously record keystroking activity on those computers, and
  collect computer usernames and passwords of Kinko's customers.

Jiang also admitted that he then used the confidential information he
obtained to access, or attempt to access, bank accounts belonging to other
persons, and fraudulently open on-line bank accounts.

Jiang also pled guilty to similar fraudulent conduct that he continued to
commit while on bail after his arrest on December 20, 2002."

For more see the Dept of Justice press release:
  http://www.cybercrime.gov/jiangPlea.htm

------------------------------

Date: Wed, 23 Jul 2003 08:48:41 -0700
From: "NewsScan" <newsscanat_private>
Subject: New method cracks passwords in seconds

A senior research assistant at the Swiss Federal Institute of Technology's
Cryptography and Security Laboratory has published a paper outlining a way
to speed up the process of cracking alphanumeric Windows passwords to only
13.6 seconds on average. The previous average time was 1 minute, 41
seconds. The new method uses massive lookup tables to match encoded
passwords to the original text entered by a person, thus reducing the time
it takes to break the code. "Windows passwords are not very good," says
researcher Phillippe Oechslin. "The problem with Windows passwords is that
they do not include any random information." The only requirement for the
cracker is a large amount of memory in order to accommodate the lookup
tables. The larger the table, the shorter the time it takes to crack the
password. Users can protect themselves by adding nonalphanumeric characters
to a password, which adds another layer of complexity to the process. Any
cracker would then need more time or more memory or both to accomplish the
break-in. For more information on Oechslin's method, check out
http://lasecwww.epfl.ch/php_code/publications/search.php?ref=Oech03 [CNet
News.com 22 Jul 2003; NewsScan Daily, 23 Jul 2003]
http://news.com.com/2100-1009_3-5053063.html

------------------------------

Date: Thu, 24 Jul 2003 23:48:51 -0400
From: Mark Lutton <mluttonat_private>
Subject: Bypassing the safeguards

On 23 Jul 2003, New York City Councilman James E. Davis was shot to death by
political opponent Othneil Boaz Askew inside New York's City Hall.  Davis
had a concealed handgun of his own.

How did the two opponents get their weapons past the metal detectors?
According to the news report, the councilpersons (and apparently their guests)
routinely bypass the detectors.

You can have all the technology in the world against violence and terrorism
and it won't do you a damn bit of good if you let everybody and his enemy go
around it.

------------------------------

Date: Fri, 25 Jul 2003 23:19:17 +1000
From: Gillian Brent <reynardoat_private>
Subject: Limit to stupidity? Credit card scam uses rather nasty flaw.

The following Spam arrived on the alt.devilbunnies newsgroup. As we are
fairly used to a couple of certain rabbits trying to pull similar schemes,
we weren't fooled - but I'm sure some people were.

> Finally I found a hack that really works to get free VALID CREDIT CARD
> NUMBERS!  I bought the information off ebay for $15.00.
> Using a valid credit card account, you can get many more VALID CREDIT 
> CARD NUbers for free using my method.
> 
> You basically send a coded message to the yahoo account information 
> computer database.
> All the account information still active is in this computer.  Iam not
> going to explain exactly how it works(its around 7 pages long), I'll
> just tell you a little and how to do it.
> 
> Copy the information below in its exact format or it will not work.
> Make sure to put a zero under each character(number, letter, hyphen, etc)
> you type. Type in small caps.  If you capitalize, it will not work.
> And if you do not send the exact information on the credit card, it
> will not work.  The computer has to register the information to be
> valid before it will send you an account.  I've tried to use a false
> account, it doesn't work.

(I very much doubt whether this information actually came from eBay.)

I'm not going to insult your intelligence with the rest of this, but apart
from the risk of losing control of your own credit card, it seems to be
using a vulnerability in the yahoo system.

Or just the gullibility of the fools sending their credit-card info to
(account_deleted)@yahoo.com.

------------------------------

Date: Tue, 22 Jul 2003 09:27:32 -0700
From: "NewsScan" <newsscanat_private>
Subject: Biometrics technology: not yet ready for primetime

Gartner Research director Anthony Allen told guests at the launch of
European Biometrics Forum that while widespread use of biometrics was likely
by 2008, the technologies still had some kinks to be ironed out.
Biometrics, which includes technologies used for voice, face, iris and
fingerprint identification systems, is virtually useless without adequate
back security measures and databases, said Allen, and current systems have
several fallibilities that must be corrected. For instance, evidence shows
that wearing eyeglasses can fool an eyescanner, prosthetic makeup can
confuse face scanners, a sore throat can change a voice print and breathing
heavily on a fingerprint scanner can make prints unrecognizable. However,
newer generations of technology are beginning to rectify some of these
shortcomings; the latest fingerprint scanners now incorporate methods of
detecting body heat and blood flow and can scan below the surface later,
making it more difficult to deceive.  [*The Register*, 22 Jul 2003; NewsScan
Daily, 22 Jul 2003]
  http://www.theregister.co.uk/content/55/31865.html

------------------------------

Date: Sat, 26 Jul 2003 17:11:48 -0000
From: <diamondat_private>
Subject: Spammers who don't read RISKS

Reuters Internet Report:

  A hoax e-mail was circulating around the Internet on Friday purporting to
  be a new cookery book from British celebrity chef Jamie Oliver dishing up
  recipes from sushi rolls to fish and chips.

Now here's the kicker:

  Penguin Books, the UK publisher for Oliver's books, said it was trying to
  track down the e-mail's author.  It contained a 121-page Microsoft Word
  document attachment replete with color photos, scores of recipes and a
  fictitious title, "The Naked Chef 2."

Anyone care to place bets on where they're most likely to find the author's
name?

------------------------------

Date: Mon, 21 Jul 2003 08:39:36 -0700
From: "NewsScan" <newsscanat_private>
Subject: Adieu to 'e-mail'?

France's Culture Ministry has announced a ban on the use of the word 
"e-mail" in all government ministries, publications or Web sites and is 
encouraging French Internet users to adopt the term "courriel" when 
referring to electronic mail. Courriel is derived from "courrier 
electronique" -- electronic mail -- and, according to the General 
Commission on Terminology and Neology, the term is "broadly used in the 
press and competes advantageously with the borrowed 'mail' in English." 
However, some Internet industry experts disagree with that assessment: "The 
word 'courriel' is not at all actively used.   Protecting the language is 
normal, but e-mail's so assimilated now that no one thinks of it as 
American," says Marie-Christine Levet, president of French ISP Club 
Internet, who adds that her company has no plans to switch its terminology. 
[AP, 19 Jul 2003; NewsScan Daily, 21 Jul 2003]
  http://apnews.excite.com/article/20030719/D7SCS9201.html

  [I presume this is in part the result of the use of the word "email"
  (e'mail is a perfectly good French word relating to lacquer, and email
  without the hyphen is unfortunately ACM's publication standard!).  Nothing
  in the foregoing to the contrary notwithstanding, my long-time crusade for
  "e-mail" rather than "email" continues.  See
    http://www.csl.sri.com/neumann/hyphen.html 
  if you have not already.  On the other hand, one of the musical
  instruments I play is certainly not a Freedom Horn.  PGN]

------------------------------

Date: Sat, 26 Jul 2003 21:34:31 -0500
From: Jim Garrison <jhgat_private>
Subject: E-mail harvesting and re-use as a new virus vector?

I've recently received several e-mails from my Dad, with whom I regularly
correspond.  However, the subject lines and message texts were obviously not
intended for me, and I was able to deduce both the intended recipient and
the original time period when the messages were written, which was over a
year ago.  Each such message also contained an e-mail virus.  The headers
indicated the messages originated in Spain (where my Dad is living), but not
from his ISP.

I think this represents a disturbing new trend in virus vectors, the
'harvesting' of messages and correspondence addresses in order to sneak in a
virus disguised as a legitimate message from a trusted correspondent.  I use
Mozilla as my mail reader so of course I see the complete filename
(file.doc.exe) and cannot be tricked into opening it, but people with
Outlook or Outlook Express might easily be fooled.

Is this new, or have I just missed seeing it before?  Anyone else having
this experience?

  [It's been around for some time, but seems to be increasing.  PGN]

------------------------------

Date: Tue, 22 Jul 2003 09:27:32 -0700
From: "NewsScan" <newsscanat_private>
Subject: Identity theft: a crime that pays?

The number of victims that have fallen prey to identity thieves is severely
underreported, according to a study by Gartner Research, which estimates
that 3.4% of U.S. consumers -- about 7 million adults -- have suffered ID
theft in the past year. Moreover, identity thieves generally get away with
it -- arrests are made in only one out of every 700 cases. "The odds are
really stacked against consumers," says Gartner VP Avivah Litan.
"Unfortunately, they are the only ones with a vested interest in fixing the
problem." Typically, victims of ID theft learn of the crime a year or more
later after it happens -- long after the trail has gone cold. "It is
different from payment fraud, where the thief takes a credit card number and
consumers are innocent until proven guilty. With identity theft, it is the
opposite: Consumers are thought to be guilty until proven innocent," says
Litan. "There is a serious disconnect between the magnitude of identity
theft that innocent consumers experience and the [financial] industry's
proper recognition of the crime. Without external pressure from legislators
and industry associations, financial services providers may not have
sufficient incentive to stem the flow of identity crimes."  [CNet News.com
21 Jul 2003; NewsScan Daily, 22 Jul 2003]
http://news.com.com/2100-1009_3-5050295.html

------------------------------

Date: Wed, 23 Jul 2003 10:57:03 -0400 (EDT)
From: msbat_private (Mark Brader)
Subject: Cross *words*?

I don't know how long it will remain online, but
  <http://www.guardian.co.uk/crossword/nonjava/blank/0,7095,-6003,00.html>
currently contains a recent crossword puzzle from the British newspaper
The Guardian.  And above the puzzle diagram, it says:

  Special instructions: Two of the solutions to today's quick crossword
  (no10362) contain numbers.  Unfortunately, we cannot show numbers in
  answers in the usual way.  Click here to view a pdf file...

Risks of unwarranted character set assumptions!

  [Pointed out by Owen McShane in rec.puzzles.crosswords.]

------------------------------

Date: Thu, 24 Jul 2003 09:27:00 -0500
From: Jim Bauman <JBauman@safety-kleen.com>
Subject: Presidential "doublespeak" ...

The risk here is that what is purported to be a way to enhance communication
could actually be a way to do the opposite (Hmmm ... Navigate nine Web pages
instead of sending an e-mail from your mail client to
presidentat_private ... Gee, which would you choose?).  Is it a muddled
signal from the White House that they want the American public's feedback
and yet they don't?

Also, it's a handy way for the White House to sort its e-mail---those in
favor of their position and those who are not.  Would then, the President or
his people bother to read and consider the e-mails not favoring the White
House's policy on a certain national/foreign affair?  Would they pay more
attention to those that favor their position?

Would they have an "accurate" number of e-mails in favor of their policies,
but a nebulous one in regards to the e-mails that don't?

White House puts up obstacle course for e-mails
Critics cite burden of additional steps
By John Markoff, *The New York Times*, 18 Jul 2003
http://www.chicagotribune.com/technology/chi-0307180184jul18,1,7186833.story

Do you want to send an e-mail message to the White House?  Good luck.
In the past, to tell President Bush--or at least those assigned to read
his mail--what was on your mind it was only necessary to sit down at a    
personal computer connected to the Internet and dash off an e-mail note to
presidentat_private

But this week, Tom Matzzie, an online organizer with the AFL-CIO, discovered
that communicating with the White House has become a bit more daunting. When
he sent an e-mail protest against a Bush administration policy, the message
was bounced back with an automated reply that instructed him to send the
message in a new way.

Under a system deployed on the White House Web site for the first time last
week, those who want to send a message to President Bush must navigate as
many as nine Web pages and fill out a detailed form that starts by asking
whether the message sender supports or differs with White House policy.

The White House says the new system, at http://whitehouse.gov/webmail, is
an effort to be more responsive to the public and offer the administration
"real-time" access to citizen comments.  [...]

------------------------------

Date: Fri, 25 Jul 2003 23:04:16 -0400
From: Monty Solomon <montyat_private>
Subject: Owner of stolen 'sex.com' can sue VeriSign

Elinor Mills Abreu, Reuters, 25 Jul 2003

The owner of "sex.com," once considered one of the Internet's hottest
addresses, can seek payment from the company that improperly transferred the
domain to a "con man" who later fled to Mexico when ordered to pay $65
million, a court ruled on Friday.  The Ninth Circuit Court of Appeals in San
Francisco ruled that "computer-geek-turned-entrepreneur" Gary Kremen can
hold VeriSign Inc.'s Network Solutions unit liable for handing the sex.com
Web address over to a "con man."  The decision has widespread implications
for companies that register domains, which until now have not been held
responsible when Web sites are switched from their rightful owners, a lawyer
for the plaintiff said.  ...
  http://finance.lycos.com/home/news/story.asp?story=35007290

------------------------------

Date: Sun, 20 Jul 2003 17:30:40 -0600
From: "J. Lasser" <jonat_private>
Subject: Another risk of decency filters

You could lose a customer.

I've moved out to Colorado and was pursuing broadband through my phone
company. After they verified that my line was DSL-capable, they gave me a
call and asked what ISP I'd like to use. Helpfully, they suggested that MSN
had the best pricing deal with them.

After I agreed that this would be fine, they asked what user ID I would
like. I said 'jonlasser' would be ideal. The system rejected that and
several other variations due, the support technician decided, to the
three-letter word buried in my last name. She asked if I'd like to pick
another user ID.

I said no, and asked about other service providers I could use with their
service. It turns out that there's an option for those of us who already
have mail/web from elsewhere and just need the broadband, which is really
what I wanted in the first place. But for that decency filter, however, MSN
would have had another customer.

Jon Lasser jonat_private 410-659-5333

------------------------------

Date: Mon, 21 Jul 2003 17:48:44 -0400
From: "monty solomon" <montyat_private>
Subject: SCO wants licensing fees from corporate Linux users

SCO wants licensing fees from corporate Linux users
Otherwise, SCO said, companies could be in legal hot water 
Todd R. Weiss, *Computerworld*, 21 Jul 2003

The gloves are now officially off -- all enterprise Linux users have to
pay The SCO Group Inc.  new licensing fees to use Linux, or they could
find themselves on the wrong end of a copyright infringement lawsuit.
That was the ultimatum laid out today by SCO CEO and President Darl
McBride, who said that the $3 billion lawsuit against IBM in March was
apparently just the start of his company's march to defend itself from
what it sees as rampant theft of its Unix System V intellectual property
(IP).  ...

http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,83287,00.html

------------------------------

Date: Fri, 25 Jul 2003 14:01:31 -0700
From: Jeremy Epstein <jeremy.epsteinat_private>
Subject: Microsoft rediscovers MultiLevel Security

Seems that Microsoft has rediscovered the value of MLS, allowing "analysts
who hold the appropriate security clearance and have a need to know with the
ability to access information across databases that may be compartmentalized
or "air-gapped" for security reasons".  The idea is to run multiple OSes on
top of a VMWare (or similar) base, and then run multiple classifications of
windows on the screen.

  http://www.computerworld.com/securitytopics/security/story/
  0,10801,83465,00.html?nas=PM-83465

The more things change, the more they stay the same.

------------------------------

Date: Mon, 21 Jul 2003 16:09:37 +0100
From: Eliah Grabbet <eligrabat_private>
Subject: Re: Powergenitalia (RISKS-22.81)

It should be pointed out that while the unfortunately named
http://www.powergenitalia.com
really exists, and it has caused much merriment in other newsgroups, too, it
is not the website of Powergen's [a British power company] Italian
subsidiary.  As far as I know, Powergen does not even have an Italian
subsidiary.

  [This was noted by several RISKS readers.  Many thanks.  PGN]

------------------------------

Date: Sat, 26 Jul 2003 17:07:49 -0600
From: Greg Compestine <gmc444at_private>
Subject: Re: Error in E-Mini Dow Futures creates havoc at CBOT, CME

> Apparently an order to sell 10,000 contracts instead of 100 was put in by
> mistake.

Physical checking always uses double entry for amounts. Why not trading
systems? Sounds like a perfect application for voice recognition technology
(no pun intended). The person entering the number has to type in and then
say the amount, and if the two don't agree, then the transaction isn't
accepted.

------------------------------

Date: Mon, 21 Jul 2003 15:47:36 -0400
From: Kent Borg <kentborgat_private>
Subject: Re: GPS-piloted tractors? (Heiney, RISKS-22.81)

> The RISK of unmanned vehicles relying on GPS signals, with or without
> rotating blades attached, is interesting to contemplate, especially at night!

The article said nothing about "unmanned" tractors.  This equipment is
expensive, farmers aren't stupid, they don't send them off on their own,
they ride in them.

Farmers also know that things that have nothing to do with GPS can go wrong
and they want to be there to notice and do something about them when they
do.

Don't jump to such conclusions!  If you want to worry about such things
worry about unmanned lawn mowers or house vacuum cleaners or swimming pool
vacuum cleaners even--they all do exist.

------------------------------

Date: Mon, 21 Jul 2003 11:24:42 -0700 (PDT)
From: "Fredric L. Rice" <quackat_private>
Subject: Re: GPS-piloted tractors?  Hell yes!  Que Stephen King!

In RISKS-22.81 it's noted that there's advocacy of GPS-piloted tractors
going into operation in Australia, sent in by Conrad Heiney who notes that
tractors "with or without rotating blades attached is interesting to
contemplate."

Where's the RISK?  I *love* the idea of fully automated whirling machines of
horrible, mangling death roaming the countryside at night, hiding from
villagers by day, emerging in packs to assault gasoline stations to steal
fuel, killing anyone who tries to stop them.

What's the down side?  I'm sure Stephen King would agree with my delight
that there are people out there working hard on the technology that would
allow roaming packs of automated, economically efficient death to go from
city to city harvesting and de-boning humans, cutting them into manageable
sizes, and packaging them up in shrink wrap for your grocery shelf.  Soylent
Green has to start somewhere!

These machines will dispassionately collect humans just as dispassionately
as they collect potatoes and I can't wait to see what hackers and
anti-genetically modified food activists would make of such wonderful toys.

Man, I hope like hell they call the new technology "Godzilla."

------------------------------

Date: 30 May 2003 (LAST-MODIFIED)
From: RISKS-requestat_private
Subject: Abridged info on RISKS (comp.risks)

 The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  Alternatively, via majordomo,
 send e-mail requests to <risks-requestat_private> with one-line body
   subscribe [OR unsubscribe]
 which requires your ANSWERing confirmation to majordomoat_private .
 If Majordomo balks when you send your accept, please forward to risks.
 [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
 this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
 Lower-case only in address may get around a confirmation match glitch.
   INFO     [for unabridged version of RISKS information]
 There seems to be an occasional glitch in the confirmation process, in which
 case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
   .UK users should contact <Lindsay.Marshallat_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative 
 address from which you NEVER send mail!
=> The INFO file (submissions, default disclaimers, archive sites,
 copyright policy, PRIVACY digests, etc.) is also obtainable from
 http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
 The full info file will appear now and then in future issues.  *** All
 contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
=> ARCHIVES: http://www.sri.com/risks
 http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive
 http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue]
   Lindsay has also added to the Newcastle catless site a palmtop version 
   of the most recent RISKS issue and a WAP version that works for many but 
   not all telephones: http://catless.ncl.ac.uk/w/r
 http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
 http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    http://www.csl.sri.com/illustrative.html for browsing,
    http://www.csl.sri.com/illustrative.pdf or .ps for printing

------------------------------

End of RISKS-FORUM Digest 22.82
************************



This archive was generated by hypermail 2b30 : Sun Jul 27 2003 - 11:38:19 PDT