[risks] Risks Digest 22.83

From: RISKS List Owner (riskoat_private)
Date: Thu Aug 07 2003 - 12:40:08 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.84"

    RISKS-LIST: Risks-Forum Digest  Thursday 7 August 2003  Volume 22 : Issue 83
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at http://www.risks.org as
      http://catless.ncl.ac.uk/Risks/22.83.html
    The current issue can be found at
      http://www.csl.sri.com/users/risko/risks.txt
    
      Contents:
    Software violates stock ownership limits (Bill Hopkins)
    Photoshop file contains more than the visible images (Nick Brown)
    Virginia Identity Theft Passport (James Moyer)
    Hand-held devices easy to hack (Monty Solomon)
    What Time Is It? (Conrad Heiney)
    Pentagon's online trading market plan draws fire (NewsScan)
    New online futures market bets on next White House scandal (NewsScan)
    Voting tech problems galore in Mississippi (Cathy Hayden via Kim Alexander)
    Electronic voting - once again... (M Baumeister)
    Why e-voting is a non-starter: Risks with e-voting (Bill Thompson via
      Chris Leeson)
    Hospital records stuck in memory stick (Brett McCarron)
    Re: Domain names (Jay R. Ashworth, Sidney Markowitz, Paul Schreiber)
    Tech exodus: 500,000 U.S. jobs moving overseas (NewsScan)
    PFIR Forums Adds "Voting Systems" Discussion Group (Lauren Weinstein)
    REVIEW: "A Guide to Forensic Testimony", Fred Smith/Rebecca Bace
      (Rob Slade)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Mon, 4 Aug 2003 15:29:40 -0400
    From: "Bill Hopkins" <whopkinsat_private>
    Subject: Software violates stock ownership limits
    
    *The New York Times* reported Thursday that a Connecticut money manager
    inadvertently increased his holdings in two medical technology companies
    despite agreeing with both not to do so.  He now owns 75% of one of the
    companies, whose CEO said he told them "three layers of software somehow
    failed" after he agreed in April to limit his investment at the 20%
    level. The other company went from 20% to 33%.  Nobody noticed anything
    wrong until mid-July, despite steady buying.
    
    The money manager is in apparent violation of SEC reporting requirements,
    which carry regulatory penalties.  The companies face a protracted period of
    uncertainty, as the positions are slowly unwound; one has a stock issue
    planned for this week.  The institutional investors in the funds won't be
    able to unload it if the stock prices fall, and other investors in the
    companies who bought during the same period may wind up with losses if the
    stock prices prove to have been inflated.
    
    For the money manager, some obvious RISKs :
    * Allowing computer software to run your business.
    * Layering software (no word, but I'll bet it's from different vendors).
    * Not sending the key memo to all three layers of software.
    * Checking your total holdings every three months.
    
    For companies, the RISKs are less clear.  It's not clear whether they had
    any way of finding out who was actually buying their stock, and that the
    price run-up was anything other than a general market recovery or
    recognition of value.
    
    For investors, well, we all know NASDAQ is a crapshoot in the dark, don't
    we?  (Big Julie will now remember where the spots used to be on the dice you
    just threw.)
    
    The article, "Investor Says He Bought Stock and Didn't Know It," is at
    http://www.nytimes.com/2003/07/30/business/30PLAC.html
    (registration required, free access ends 8/06)
    
    ------------------------------
    
    Date: Tue, 5 Aug 2003 20:45:02 +0200 
    From: Nick Brown <Nick.BROWNat_private>
    Subject: Photoshop file contains more than the visible images
    
    A US TV presenter posted some artistic close-ups of her face.  Using
    Photoshop before saving, she had apparently cropped pictures that were taken
    while she was posing topless.  This enabled the crop to be undone.
    
    This reminds us of what can happen in Word when you do a "regular" save.
    Apparently, Microsoft Word isn't the only application that stores more than
    what you see.
    
    The subliminally-R-rated URL was previously on-line
      http://www.shackspace.com/[...]
    but the link has been taken down, presumably due to heavy traffic from
    referrals from www.cruel.com.
    
      [Recovering the hidden information must be known as a "cropshoot".  PGN]
    
    ------------------------------
    
    Date: Mon, 04 Aug 2003 16:47:58 -0400
    From: James Moyer <jamesat_private>
    Subject: Virginia Identity Theft Passport 
    
    As part of my study of photo ID documents (and the theory for explaining how
    they work, the current version of my paper is at
    http://www.njlicense.org/sdt.pdf), I've been trying to figure out the trust
    failure portion of Security Document Theory.
    
    Trust failure occurs when a document is no longer believed to be valid. Too
    much counterfeiting or other security problems causes too many bad documents
    to be in the wild, though I believe that institutions can turn their backs
    on ID documents, which sometimes occurs in countries that have national ID
    cards. (People from several different countries, such as Italy and
    Argentina, have told me that police may just decide not to trust their ID
    card, and haul them in to get their identity assessed differently.)
    
    The Virginia Identity Theft Passport is a different variation of that. The
    trust has eroded from the normal documents, and now people, in certain
    situations, need yet another document to back up their current assortment of
    documents. (My theory considers photo ID card trust failures inevitable, as
    long as the photo ID card performs multiple functions which have value to
    criminals.)
    
    I'm particularly amused by the reductio ab absurdum for the theft passport.
    Instead of a separate document, why couldn't it be an endorsement on the
    individual's driver's license (which would imply something like "this is a
    regular John Smith, who is not *that* John Smith." Or "this is a *real*
    Virginia driver's license."
    
    ------------------------------
    
    Date: Sun, 3 Aug 2003 00:37:49 -0400
    From: Monty Solomon <montyat_private>
    Subject: Hand-held devices easy to hack
    
    Hand-held computers used to store phone numbers, medical and credit-card
    information leave millions of gadget lovers fully exposed to identity-theft
    and other crimes, security experts said on Saturday.  Software is now widely
    available to allow people to steal passwords and other information from
    popular Palm-based computers, especially when they connect to other
    computers to share data, said Bryan Glancey, a manager at wireless security
    services provider MobileArmor of St. Louis, Missouri.  While millions of
    people now rely on handy electronic scheduling and address books, few carry
    sufficient security protections to prevent identity theft if the hand-held
    is lost or stolen, as is commonplace.  Simple programs exist to uncover even
    hidden data, Glancey said. Other software allows people to steal data while
    remaining at some distance from the victims, he added.  ...  [Source:
    Reuters, 2 Aug 2003]
      http://finance.lycos.com/home/news/story.asp?story=35114601
    
    ------------------------------
    
    Date: Mon, 4 Aug 2003 12:47:15 -0700
    From: "Conrad Heiney" <conradat_private>
    Subject: What Time Is It?
    
    *The Guardian* has a fascinating story on the ITU's Study group concerned
    with time.  According to the article, divergent time systems are an
    increasing problem. Conflicts between Earth time, the time provided by
    atomic clocks, GPS time, and other standards raise interesting questions
    about the safety of aircraft and other complex systems that may be running
    on different timescales.
      http://www.guardian.co.uk/uk_news/story/0,3604,985020,00.html
    
    ------------------------------
    
    Date: Tue, 29 Jul 2003 09:23:30 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: Pentagon's online trading market plan draws fire
    
    The U.S. Defense Department's Defense Advanced Research Projects Agency
    (DARPA) has plans to set up an online Policy Analysis Market that will allow
    traders to bet on the likelihood of future terrorist attacks and political
    assassinations in the Middle East. The bizarre scheme has drawn fire from
    Senators Ron Wyden (D-Ore.) and Byron Dorgan (D-N.D.). "The idea of a
    federal betting parlor on atrocities and terrorism is ridiculous and it's
    grotesque," said Wyden, while Dorgan described the plan as "useless,
    offensive and unbelievably stupid. How would you feel if you were the King
    of Jordan and you learned that the U.S. Defense Department was taking bets
    on your being overthrown within a year?" However, the Pentagon defended the
    initiative, comparing it to commodity futures markets. "Research indicates
    that markets are extremely efficient, effective and timely aggregators of
    dispersed and even hidden information. Futures markets have proven
    themselves to be good at predicting such things as election results; they
    are often better than expert opinions." The market would allow traders to
    deposit money in an account and then use it to buy and sell contracts. If a
    particular event comes to pass, the bettors who wagered correctly would win
    the money of those who guessed wrong.  [BBC News 29 Jul 2003; NewsScan
    Daily, 29 Jul 2003]
      http://news.bbc.co.uk/1/hi/world/americas/3106559.stm
    
      [This plan was subsequently scrapped.  One of its proponents, John
      Poindexter (head of DARPA's IAO office), reportedly will be retiring.
      PGN]
    
    ------------------------------
    
    Date: Mon, 04 Aug 2003 10:58:36 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: New online futures market bets on next White House scandal
    
    In response to the Pentagon's now-discarded plans for a terrorism futures
    market, academics from half a dozen U.S. universities have created an
    American Action Market, which will offer traders the opportunity to wager on
    the likelihood of various Washington political events, such as: Which
    country will the White House threaten next? Who will be the next foreign
    leader to move off the CIA payroll and onto the White House's "most wanted"
    list? Which corporation with close ties to the White House will be the next
    cloaked in scandal? The AAM will begin registering traders in September and
    will open for business October 1. "It's quite amazing, the Pentagon and the
    White House are very fertile imaginative fields these days," says one of the
    AAM founders. "(The AAM project) sounds humorous, but that just shows how
    far things have gone. We've entered the realm of fiction. Things are really
    Dr. Strangelove." Bob Forsythe, a University of Iowa professor who helped
    set up the Iowa Electronic Markets that speculate on election results, says
    such futures markets can deliver fairly accurate predictions, but the
    traders have to be knowledgeable. "You have to have informed traders or they
    don't work very well. Who are the informed traders in an assassination
    market, for example? The same is true for predicting the White House."
    [Wired.com 4 Aug 2003; NewsScan Daily, 4 Aug 2003]
      http://www.wired.com/news/politics/0,1283,59879,00.html
    
    ------------------------------
    
    Date: Wed, 6 Aug 2003 11:59:43 -0700
    From: Kim Alexander <kimalexat_private>
    Subject: Voting tech problems galore in Mississippi
    
    Errors - human, mechanical - mar Election Day
    By Cathy Hayden, chaydenat_private [PGN-ed]
    http://www.clarionledger.com/news/0308/06/melec02.html
    
    Election officials and political party offices were flooded all day on 5 Aug
    2003 with reports of voting snafus ranging from locked precincts to machine
    malfunctions to voters receiving ballots with the wrong names on them.
    "It's worse than it has been in 10 years," said Claude McInnis, 
    chairman of the Hinds County Democratic Party. "We had redistricting. 
    That made it much more complex."  [...]
    
    Because Mississippi has 82 counties and there are party primaries, "164
    groups of people are running the elections - the Republican county executive
    committee in every county and Democratic county executive committee. There's
    a lot happening," according to David Blount, spokesman for Secretary of
    State Eric Clark.
    
    [The article quotes a voter who did not recognize anyone on the ballot --
    he had been given the wrong ballot, probably the fault of the poll worker.
    Usual tales of a precinct that was locked for three hours (with poll workers
    operating out of their own vehicles), nonworking touch-screen systems,
    failure to read the initialization chip, etc.  PGN]
    
    Kim Alexander, President, California Voter Foundation
    kimalexat_private, 916-441-2494, http://www.calvoter.org
    
    ------------------------------
    
    Date: Thu, 24 Jul 2003 18:32:47 EDT
    From: M Baumeister <MBAUMEISTRat_private>
    Subject: Electronic voting - once again...
    
    "According to election industry officials, electronic voting systems are
    absolutely secure, because they are protected by passwords and tamperproof
    audit logs.  But the passwords can easily be bypassed, and in fact the audit
    logs can be altered.  Worse, the votes can be changed without anyone
    knowing, even the County Election Supervisor who runs the election system."
    
    ... for the rest of the story:
    Inside A U.S. Election Vote Counting Program  [by Bev Harris]
      http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm
    
    ------------------------------
    
    Date: Mon, 28 Jul 2003 10:20:38 +0100
    From: "LEESON, Chris" <CHRIS.LEESONat_private>
    Subject: Why e-voting is a non-starter: Risks with e-voting
    
    Bill Thompson has written an article on the BBC Website about the
    Risks of Electronic Voting:
    
      http://news.bbc.co.uk/1/hi/technology/3095705.stm
    
    He starts by mentioning the recently-revealed DirectX flaw, security
    problems in Windows Server 2003, and thefts from a South African bank due to
    e-mail sniffing.
    
    He then mentions the general problems with Authentication, and then some
    specific problems found with the Diebold Election Systems equipment. He caps
    this section of the article with noting that the company concerned refuses
    to allow independent code reviews on the grounds of commercial
    confidentiality.
    
    In other words, the same old story.
    
    The article closes with the following paragraphs:
    
      The British Government is still set on giving us all easy ways to vote,
      and the pilots from last year's council elections are being extended.
     
      There is still talk of online voting in the next general election, and of
      moving away from paper ballots entirely in the future.
    
      Yet every time we get to look inside a piece of software or a security
      system that has been developed in secret, and built on the top of a
      compromise between acceptable levels of risk and the cost of doing it
      properly, we find holes and errors.
    
      This is the reason why we must not move to an online voting system. It
      cannot be made secure, it cannot be guaranteed and it cannot be trusted,
      no matter who writes it, and no matter what claims are made.
    
      A democratically elected government of the United Kingdom has massive
      power. The gains to be made from undermining a general election are just
      too high for us to take the risk of moving the election online.
    
      Paper ballots and physical presence in the polling station make the system
      too unwieldy to hack. We should keep it that way.
    
    ------------------------------
    
    Date: Thu, 07 Aug 2003 08:59:54 -0700
    From: "Brett McCarron" <MCCARBWMat_private>
    Subject: Hospital records stuck in memory stick
    
    Hospital bosses in Greater Manchester have tightened up IT security
    procedures after a Crewe estate agent found a memory stick sold as new
    contained confidential details of 13 cancer patients.
    
    A report into the security breach, which happened earlier this year, found
    that the data had been transferred onto the memory stick when a computer
    storing a database of patient details was sent for an upgrade.  The
    hospital's IT supplier Pocos took the computer to MBS Computers in Crewe,
    where the data was copied onto the stick. But the investigation was unable
    to ascertain how it then came to be sold as new.
      http://silicon.com/news/500013-500001/1/5491.html
      http://zdnet.com.com/2110-1105_2-5060979.html
    
      [I'll bet that opened package memory sticks sell pretty quickly at
      computer superstores - BWM].
    
    Brett McCarron, IT Security & Policy Officer, WDFW Information Technology
    Services, 600 Capitol Way N. - Olympia, WA  98501-1091  (360) 902-2331
    
    ------------------------------
    
    Date: Mon, 4 Aug 2003 12:45:04 -0400
    From: "Jay R. Ashworth" <jraat_private>
    Subject: Re: Domain names (RISKS-22.81)
    
    Darryl Luff apparently reads Dave Barry's weblog.  :-)
    So do I, but as far as I know, Dave got the other one from me:
      http://www.whorepresents.com
    Isn't it nice that DNS is case-insensitive so that you can use
    WhoRepresents.com instead?
    
    Jay R. Ashworth, Member of the Technical Staff, Baylink, The Suncoast Freenet
    Tampa Bay, Florida  jraat_private http://baylink.pitas.com  +1 727 647 1274
    
    ------------------------------
    
    Date: Mon, 28 Jul 2003 12:04:34 +1200
    From: Sidney Markowitz <sidneyat_private>
    Subject: Re: Domain Names (RISKS-22.81-82)
    
    RISKS-22.82 correctly points out that powergenitalia.com is not the Web site
    of some Italian subsidiary of the British firm Powergen, and the Web site
    today (as I type this) is just an "under construction" page.  HOWEVER, there
    was a company Web site there when it was mentioned in RISKS-22.81.  You can
    *try* to hide, but often not successfully on the Web.  The Internet Wayback
    Machine reveals that there is a company named Powergen Italia (or else a
    very longstanding Web hoax).  Their location and history can be found at:
    
    http://web.archive.org/web/
      20020210171927/www.powergenitalia.com/inglese/logo1.htm
    http://web.archive.org/web/
      20020203231738/www.powergenitalia.com/inglese/aziendae.html
    
    The whois information matches the information there:
      http://opensrs.org/cgi-bin/whois.cgi?action=lookup&domain=powergenitalia.com
    
    ------------------------------
    
    Date: Tue, 29 Jul 2003 18:26:35 -0400
    From: Paul Schreiber <shrubat_private>
    Subject: Re: Domain Names (RISKS-22.81-82)
    
    I've seen this before: the dotcom "experts exchange" had the domain 
    expertsexchange.com ... ExpertSexChange.com?  Ooops!
    
      [Ah, another item for my Hyphen(h)ater's Handbook?  PGN]
    
    ------------------------------
    
    Date: Wed, 30 Jul 2003 09:36:42 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: Tech exodus: 500,000 U.S. jobs moving overseas
    
    One out of 10 jobs in the U.S. computer services and software sector could
    move overseas by the end of next year, according to a new report from
    Gartner Inc.  And while professionals in the computer industry will be
    especially hard-hit, IT jobs in other sectors such as banking, health-care
    and insurance will feel the impact also, with one in 20 being exported to
    emerging markets such as Russia, India or other countries in Southeast Asia.
    "Suddenly we have a profession -- computer programming -- that has to wake
    up and consider what value it really has to offer," says Gartner VP and
    research director Diane Morello.  Morello estimates that based on her
    preliminary calculations, at least 500,000 jobs will be lost to offshore
    outsourcing by then end of 2004.  The trend toward "offshore outsourcing" is
    heating up as a political issue, with legislators in five states proposing
    bills that would require workers hired under state contracts be American
    citizens or fill a special niche that citizens cannot.  [Reuters/CNN.com 30
    Jul 2003; NewsScan Daily, 30 July 2003]
      http://www.cnn.com/2003/TECH/internet/07/30/jobs.oversees.reut/index.html
    
    ------------------------------
    
    Date: Wed, 6 Aug 2003 11:59:26 PDT
    From: pfirat_private (PFIR - People For Internet Responsibility)
    Subject: PFIR Forums Adds "Voting Systems" Discussion Group
    
    PFIR - People For Internet Responsibility - http://www.pfir.org
    
    The PFIR Forums discussion board located at:
       http://forums.pfir.org
    has added a new discussion group topic:
      "Voting Systems - Benefits and Risks"
    for the discussion of the benefits, risks, problems and solutions related to
    voting technologies, including mechanical and electronic (e-voting) systems,
    especially optical scan, computer-based, and Internet voting.  This group is
    moderated by Peter G. Neumann.
    
    Other discussion groups (all are moderated) on PFIR Forums include:
    
       Civil Liberties vs. Technology 
           Advanced and useful technologies are becoming massive threats 
           to privacy and other civil liberties. How can technology be 
           appropriately controlled and civil liberties protected? 	
    
       E-Mail Issues, Problems, and Solutions
           Discussion of problems, possible solutions, and a wide 
           range of other issues relating to e-mail, including PFIR's 
           Tripoli e-mail proposal 
    
    Informational (read-only) groups include:
    
       Fact Squad Radio 
           Recent listings and e-mail notification for PFIR's Fact 
           Squad Radio short mp3 audio features
    
       PFIR Forums Information and Guidelines 
           Basic information, usage guidelines, privacy policy, etc. 
           for PFIR Forums
    
    As always, your participation in PFIR Forums is cordially invited. 
    Thank you very much.
    
    Lauren Weinstein  http://www.pfir.org/lauren
    laurenat_private  laurenat_private  laurenat_private  +1-818-225-2800
    Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
    Moderator, PRIVACY Forum - http://www.vortex.com
    
    ------------------------------
    
    Date: Tue, 29 Jul 2003 10:54:51 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "A Guide to Forensic Testimony", Fred Smith/Rebecca Bace
    
    BKGDFOTS.RVW   20030604
    
    "A Guide to Forensic Testimony", Fred Chris Smith/Rebecca Gurley Bace,
    2003, 0-201-75279-4, U$49.99/C$77.99
    %A   Fred Chris Smith
    %A   Rebecca Gurley Bace
    %C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
    %D   2003
    %G   0-201-75279-4
    %I   Addison-Wesley Publishing Co.
    %O   U$49.99/C$77.99 416-447-5101 fax: 416-443-0948 bkexpressat_private
    %O  http://www.amazon.com/exec/obidos/ASIN/0201752794/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0201752794/robsladesinte-21
    %O   http://www.amazon.ca/exec/obidos/ASIN/0201752794/robsladesin03-20
    %P   509 p.
    %T   "A Guide to Forensic Testimony"
    
    The subtitle explains the book more fully: "The Art and Practice of
    Presenting Testimony as an Expert Technical Witness."  However, those
    with expectations about the form of technical literature should note
    that the style of this work follows that of the legal profession and
    case law: it primarily teaches by using examples rather than pointing
    out a specific methodology.
    
    The preface illustrates another difference between the technical and
    legal worlds.  Computer work generally involves finding an answer to a
    problem: if the code works, background study and documented analysis
    is generally irrelevant.  The legal profession, on the other hand,
    absolutely depends upon advance preparation, and an answer is almost
    useless unless the reasoning, background, and process is not only
    chronicled, but properly and legally obtained.  Thus the authors are
    aware of the twin needs to inform technical experts about the
    requirements of the legal world, and to instruct legal professionals
    in aspects of technology that may be relevant to the pursuit of a
    case.  The introduction notes the possible tragedies that can result
    if either the trial attorney or the technical expert attempts to act
    as ventriloquist to the other's dummy.
    
    Chapter one gives examples of expert witnesses, starting with a
    fictional example from a movie.  Normally this would not be very
    instructive, but the authors are careful to point out, from the
    fictional story, important legal points to be aware of in regard to
    the possibilities and limits of expert testimony (and also the legal
    restrictions that would prevent some of the story points from
    happening in a real case).  The rest of the chapter then goes on to
    introduce legitimate and recognized experts, and present their
    opinions and advice in regard to the practice of expert testimony. 
    Chapter two is supposed to promote both the idea of becoming an expert
    witness, and of preparing for the experience.  In fact, most of the
    material deals with Bill Gates' first deposition in the antitrust
    litigation, and the mistakes that he made.  The example does make
    valid points both about the value of preparation and the need to
    testify whether we want to or not, but the message is not always
    obvious.  Using testimony to provide a story about what happened is
    presented in chapter three.  The example, though, is the tracing of
    Kevin Mitnick's intrusion on the systems managed by Tsutomu Shimomura,
    and therefore the testimony, which never happened, is simulated, which
    weakens the lessons the text intends to convey.  Chapter four outlines
    the rules of testimony and the legal process, and is the section that
    technical people should probably study most thoroughly.  Although
    there are important points to be made in regard to the dangers of
    reasoning beyond the facts, chapter five reads more like an editorial
    inveighing against pseudoscience.
    
    Ethical issues are discussed in chapter six.  The early material
    involves a great deal of text from two case decisions, but eventually
    there is a review of codes of conduct, and even examination of some of
    the moral aspects of court battles.  Chapter seven deals specifically
    with the matter of bias.  The gatekeeper function of American judges,
    who must decide not only whether a witness is truly expert, but on
    what the expert may testify about or to, is covered in chapter eight. 
    This material also reviews important points about the qualifications
    for experts and the characteristics of good evidence.  Credible and
    convincing evidence and presentation is described in chapter nine, and
    this is extended to visual exhibits in chapter ten, demeanour in
    eleven, and non-verbal communications in twelve.  Chapter thirteen
    contains examples of, and advice from, some experts who have extensive
    experience in court testimony.
    
    The book sometimes flows rather oddly, and it would be easy to take
    issue with a number of the topics or the emphasis given to certain
    ones over others.  Even so, this work *is* important, and information
    security professionals; and certainly those in management or
    consulting roles; should seriously consider it.  The text is written
    with the technical worker in mind, although legal professionals would
    undoubtedly find the research, advice, and explanations to be helpful
    in preparing for technical cases.  Litigation involving technical
    topics is increasing all the time, and new (and therefore unfamiliar)
    technologies are now as constant a fact of legal life as forensic
    concerns are in technical work.
    
    copyright Robert M. Slade, 2003   BKGDFOTS.RVW   20030604
    rsladeat_private      sladeat_private      rsladeat_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: 30 May 2003 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .UK users should contact <Lindsay.Marshallat_private>.
    => SPAM challenge-responses will not be honored.  Instead, use an alternative 
     address from which you NEVER send mail!
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES: http://www.sri.com/risks
     http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue]
       Lindsay has also added to the Newcastle catless site a palmtop version 
       of the most recent RISKS issue and a WAP version that works for many but 
       not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.83
    ************************
    



    This archive was generated by hypermail 2b30 : Thu Aug 07 2003 - 13:22:56 PDT