[risks] Risks Digest 22.89

From: RISKS List Owner (riskoat_private)
Date: Tue Sep 02 2003 - 13:55:47 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.90"

    RISKS-LIST: Risks-Forum Digest  Tuesday 2 September 2003  Volume 22 : Issue 89
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at http://www.risks.org as
      http://catless.ncl.ac.uk/Risks/22.89.html
    The current issue can be found at
      http://www.csl.sri.com/users/risko/risks.txt
    
      Contents:
    Chips that can self-destruct (Kenneth Ng)
    Diebold voting machines (John Paulson)
    A new approach to roller coasters (Henry Baker)
    Battling the threat of data extinction (NewsScan)
    Man steals tracking device, which tracks him down (PGN)
    Careful typography in the CAIB report (Craig DeForest)
    EchoStar sued for `No-Call List' breach (Monty Solomon)
    Bahrain's proposed smart ID cards (George Mannes)
    802.11: When Is 54 Not Equal to 54? (Matthew Gast via Monty Solomon)
    EarthLink sues to stop Alabama and Vancouver spammers (Monty Solomon)
    Can't catch it?  A virus can still hurt you.  (Richard A. O'Keefe)
    Hackers cut off SCO Web site (Richard Forno via Dave Farber)
    More theories about Sobig vandal's motivation (NewsScan)
    Re: Sobig affects Amtrak trains, Air Canada (Scott Nicol)
    Re: "Good" worm fixes infected computers (Neil Youngman)
    More on the Davis-Besse worm attack (Martyn Thomas)
    Re: Satellite photo of Eastern North America during blackout (Dan Pritts)
    Re: Nasty elevator death at Houston hospital (Paul D. Walker, Richard H Miller)
    Re: Pilot fixes faulty jet (Daniel Lance Herrick)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Mon, 25 Aug 2003 15:51:55 -0400
    From: "Ng, Kenneth (US)" <kenngat_private>
    Subject: Chips that can self-destruct
    
    Michael Sailor and colleagues at the University of California at San Diego
    have developed a self-destruct mechanism that can be activated (with a
    warning) if a machine detects that it has been stolen.  The first thought I
    had was "program bug".  The second was "virus".  The third was "cyber denial
    of service attack".  Personally, it wouldn't be the same without the "this
    chip will self destruct in 5 seconds, good luck, Jim" followed by the
    standard white smoke from Mission Impossible.
      http://www.newscientist.com/news/news.jsp?id=ns99991795 
        [The technique involves adding gadolinium nitrate to silicon.  PGN]
    
    ------------------------------
    
    Date: Tue, 2 Sep 2003 11:57:59 -0700
    From: john paulson <munchat_private>
    Subject: Diebold voting machines
    
    The head of a company vying to sell voting machines in Ohio told Republicans
    in a recent fund-raising letter that he is "committed to helping Ohio
    deliver its electoral votes to the President next year."
      http://www.cleveland.com/election/index.ssf?/base/news/106207171078040.xml
    
        Inspired by remotely triggered self-destructing chips, how about voting
        machines that can be remotely instructed to add and subtract votes?
        Well, you might say, why bother?  It can already be done locally!  PGN]
    
    ------------------------------
    
    Date: Thu, 28 Aug 2003 10:03:58 -0700
    From: Henry Baker <hbaker1at_private>
    Subject: A new approach to roller coasters
    
      [FYI -- Note the use of Windows OS to run this thing.  HB]
         [Could give new meaning to the Blue Screen of Death. PGN]
    
    ``Roller coasters are boring. ...  But a new two-seat ride called
    RoboCoaster is different.  Its 4,400-pound, 22-foot-long mechanical arm
    provides a much wider array of twists and turns than any single traditional
    coaster can, its makers say.  And because those whipping motions are just
    about infinitely programmable, riders can have radically different
    experiences on the same RoboCoaster, and can even customize their own
    thrills. ...  Made by the German robotics company Kuka Roboter, the $350,000
    RoboCoaster became available last November.  Fourteen have been installed,
    two of them in the United States - at American World Resort in Wisconsin
    Dells, Wis., and at C.J. Barrymore's, 30 miles north of Detroit.  Ten are
    housed in a vast hall at the Legoland theme park in Billund, Denmark, where
    they are called Power Builders.
    
    Riders use a Windows-based touch-screen computer to program their own
    RoboCoaster experience.  There are seven levels of difficulty, and within
    each level are 14 movements -- dips, falls, rocket starts, butterfly rolls
    and loops - lasting 5 to 15 seconds.  According to Legoland, more than 1.4
    million combinations are possible.  With six axes, the robot can throw
    riders in any number of directions, turning them upside down, spinning them
    side to side, or making them swoop as if they were in a jet fighter -- all
    at 1.9 G's, nearly twice the normal gravitational pull.  Optical sensors
    attached to a motor in each axis calculate the position of the coaster's arm
    every 32 milliseconds.  [Source: Taking Roller Coaster Limits for a Ride, 
    Noah Shachtman, *The New York Times*, 28 Aug 2003; PGN-abridged]
      http://www.nytimes.com/2003/08/28/technology/circuits/28roll.html
      ?pagewanted=print&position=
    
    ------------------------------
    
    Date: Fri, 29 Aug 2003 09:35:18 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: Battling the threat of data extinction (NewsScan)
    
    Because most digital files are dependent on the operating systems in which
    they're stored and the software applications used to create and access them,
    would-be archivists are faced with the task of retaining and maintaining the
    digital hardware necessary to read digital files as well as the files
    themselves. "With each passing day, the reservoir of digital documents
    grows," says Eastman Kodak manager Andrew Lawrence. "Often, there is no
    associated hard-copy output to archive via conventional means. Over time,
    the problem is that media decays and hardware and software platforms evolve,
    placing the electronically stored information at risk." Lawrence suggests
    the best approach to digital preservation is a dual track. For short-term
    needs, users can maintain structured electronic archives in their native
    formats. But for longer-term purposes, Lawrence suggests creating a
    referenced archive of permanent document images in analog format, such as
    microfilm, that could provide a technology-proof repository. Glenn Widener,
    director of Internet technology at Swiftview, has a different solution. He
    recommends using the Printer Control Language (PCL) format, invented by
    Hewlett-Packard for its LaserJet family of printers, as an easy way to
    preserve documents. "Many PCL viewers can view 15 to 20 years back. There
    will always be commercial tools readily available to read it." Meanwhile,
    Dan Schonfeld, director of products for Artesia, says his company's digital
    asset management software enables users to archive viewers, readers and
    players along with files. "Because we can store any type of media, we can
    actually store applications as well as the media files themselves."
    [TechNewsWorld 28 Aug 2003; NewsScan Daily, 29 Aug 2003
    http://www.ecommercetimes.com/perl/story/31436.html
    
    ------------------------------
    
    Date: Mon, 1 Sep 2003 08:56:43 -0700 (PDT)
    From: "Peter G. Neumann" <neumannat_private>
    Subject: Man steals tracking device, which tracks him down
    
    A man stole a $2500 GPS-based computerized home-detention tracking device
    that had been temporarily left outside the home of the woman who was
    supposed to be wearing it.  By the time she reported the loss, prison 
    officials had already rounded up the thief.  [Source: AP item 1 Sep 2003;
    PGN-ed]
      http://www.newsday.com/news/nationworld/wire/
      sns-ap-tracking-device,0,4015374.story?coll=sns-ap-nationworld-headlines
    
    ------------------------------
    
    Date: Wed, 27 Aug 2003 15:19:13 -0600
    From: zowieat_private (Craig DeForest)
    Subject: Careful typography in the CAIB report
    
    I'm sure that many are reading and will contribute about the recent Columbia
    Accident Investigation report:
      http://www.caib.us  
    A rare amusing moment occurs on p. 191, where noted communication expert
    Edward Tufte analyses the horrific viewgraph layout used within NASA.
    
    One of Tufte's points is that even a simple unit measurement ("cubic
    inches") is laid out three different ways in a single viewgraph, making it
    difficult to recognize that the three units are directly comparable (in this
    case an analytical model that was designed for foam chunks up to 3 cubic
    inches was used for a foam chunk that was over 300 times larger).  But a
    diligent copy editor has regularized the three layouts in the corresponding
    figure caption, obscuring Tufte's argument.
    
    Tufte analysed the Challenger explosion in his fabulous book, "Visual
    Explanations".  He convincingly argued that poor communication (caused in
    part by bad charting of the relevant risk factors) played a significant role
    in the loss of Challenger.  The same arguments seem to hold about Columbia.
    
    ------------------------------
    
    Date: Thu, 28 Aug 2003 08:54:27 -0400
    From: Monty Solomon <montyat_private>
    Subject: EchoStar Sued for `No-Call List' breach
    
    The state of Missouri sued EchoStar Communications Corp. on 27 Aug 2003,
    accusing the satellite television giant of violating the state's
    telemarketing "no-call" list, wrongly calling residents who had home
    telephone numbers registered with the state's no-call list, pitching its
    satellite equipment and television services.  [Source: Jim Suhr, AP Online,
    27 Aug 2003; PGN-ed]
       http://finance.lycos.com/home/news/story.asp?story=35468386
    
    ------------------------------
    
    Date: Thu, 28 Aug 2003 11:36:12 -0400
    From: George Mannes <George.Mannesat_private>
    Subject: Bahrain's proposed smart ID cards
    
    Bahrain Takes Swipe Into The Future With New Smart ID Cards, 26 Aug 2003, AP,
    http://www.informationweek.com/story/showArticle.jhtml?articleID=13900098
    
      Bahraini officials envision a photo ID card with a 64-kilobyte microchip
      holding the card holder's name, address, national identification number,
      digital fingerprints and driver's license, passport, medical, financial
      and educational data.  Users will be able to pay bills, withdraw cash,
      transfer money check their bank balances and conduct Internet transactions
      with a swipe of the card, and use the same card to votes in municipal and
      parliamentary elections.  "We truly believe that this is going to improve
      and change things dramatically," Sheik Ahmed bin Ateyatella Al Khalifa,
      undersecretary of the Central Informatic Organization, told reporters
      Tuesday.
    
    Improve and change things dramatically for whom? The article -- which says
    Bahrainis already used bar-coded ID cards for elections last October --
    doesn't say. I'm guessing I'm not the only RISKS reader who'd be a tad
    concerned about the RISKS of having all my personal, medical, financial,
    educational -- and perhaps political-leanings -- data all in one convenient,
    centrally informatic, location.
    
    ------------------------------
    
    Date: Mon, 1 Sep 2003 04:11:22 -0400
    From: Monty Solomon <montyat_private>
    Subject: 802.11: When Is 54 Not Equal to 54?
    
    When Is 54 Not Equal to 54? A Look at 802.11a, b, and g Throughput
    by Matthew Gast, author of *802.11 Wireless Networks: The Definitive Guide*
    08 Aug 2003 (updated: 14 Aug 2003)
    
    Now that the 802.11g standard has been finalized, comparisons with the other
    standards in the 802.11 family are inevitable. One conclusion that is
    frequently drawn is that 802.11g offers similar speeds to 802.11a. After
    all, both products are advertised as having a data rate of 54 Mbps.
    
    This article develops a simple model for the maximum TCP throughput of
    802.11 networks so that a comparison can move beyond a simple comparison of
    nominal bit rates. According to the model, 802.11g is significantly faster
    than 802.11b. In a network consisting only of 802.11g clients, it is even
    slightly faster than 802.11a. However, "protection" mechanisms added to
    802.11g to ensure backwards compatibility with legacy 802.11b clients can
    cut the throughput by 50 percent or more.  ...
      http://www.oreillynet.com/pub/a/wireless/2003/08/08/wireless_throughput.html
    
    ------------------------------
    
    Date: Thu, 28 Aug 2003 08:51:12 -0400
    From: Monty Solomon <montyat_private>
    Subject: EarthLink sues to stop Alabama and Vancouver spammers
    
    Internet provider EarthLink Inc. said it sued operators in Alabama and
    British Columbia for flooding its network with some 250 million unwanted
    commercial messages, in an attempt to break their e-mail "spam" rings --
    which reportedly hide behind a veil of bogus Web sites and e-mail accounts
    bought with stolen credit-card numbers.  EarthLink estimates costs around $5
    million in employee time and wasted bandwidth.  [Source: Andy Sullivan,
    Reuters, 27 Aug 2003; PGN-ed]
      http://finance.lycos.com/home/news/story.asp?story=35464940
    
    ------------------------------
    
    Date: Wed, 27 Aug 2003 15:41:08 +1200
    From: "Dr Richard A. O'Keefe" <okat_private>
    Subject: Can't catch it?  A virus can still hurt you.
    
    I thought I was safe.  My mail machine is an Alpha running OSF/1.  I use
    mailx, which not only doesn't do anything in particular with attachments, it
    wouldn't know an attachment if one bit it in the backside.  I suppose it's
    theoretically possible to write a virus or worm for the Alpha, but there's
    not that much thrill in persecuting orphans; the bad guys much prefer going
    after idiot boxes.  So I thought no virus could possibly pose a threat to
    *my* mail.
    
    Wrong.
    
    My mail comes through the University's Information Technology Services.
    Quoting their recent "ITS Incident Report: E-Mail Services #2", 
    
      E-Mail from off-campus destinations were lost by the University e-mail
      system from approximately 5:00 am until 4:45 pm on August 23.  People will
      have received an e-mail from the sender that contained no subject line or
      content.
    
    In fact I received a couple of hundred such messages.  How could that be?
    Continuing the quote:
    
      Since Wednesday August 20 [to Monday August 25] the University has
      received over 120,000 copies of the Sobig-F virus. ...  The University
      e-mail hubs scan all e-mail messages for viruses.  Any e-mail that
      contains a virus is quarantined and no further delivery attempts are made.
      The quarantined e-mail messages are occasionally analysed in order to
      trace the origins of viruses, with old e-mail messages purged as required.
    
    So far so good.  They try hard to stop viruses getting through, and they
    monitor the bad stuff so they can do a better job.  BUT
    
      With the advent of Sobig-F, the number of e-mail messages quarantined grew
      dramatically.  The file system on the mailhubs only permits 32,000 files
      per directory.  On Thursday last week one of the mailhubs hit this limit.
      At this time it was thought that the large number of quarantined e-mail
      messages was due to historical data not being purged.  However, another
      32,000 virus infected e-mail messages were intercepted by each of the
      mailhubs over the next 36 hours which caused similar failures to the one
      on Thursday.
    
      As a result of these failures, incoming e-mail messages could not be
      written to disk for virus and spam scanning.  When the system went to send
      on the e-mail to its destination, only the sender data was retained.
    
    OOPS.  In hindsight, it was a bad idea to store quarantined messages and
    good ones on the same file system, and it might not have been such a good
    idea to store each quarantined message as a separate file.  However, I'm
    pretty sure I wouldn't have thought of that without the benefit of
    hindsight.
    
      The e-mail messages that have had their content lost are not recoverable.
      The only way for you to know the contents of those e-mail messages is to
      ask for the sender to resend the message(s).  You are urged to take care
      to only request a resend from known senders.  In the event that a request
      for a resent message is made to a spammer, you are likely to receive
      greater volumes of spam in the future.
    
    The really sad thing here is that the guys in ITS *do* have a clue or two,
    and were trying to do their job.
    
      ITS has now stopped reaining block e-mail messages containing viruses.
    
    Oh dear.  Retaining messages was a *good* thing.  The sheer volume of bad
    stuff has stopped them doing it.  Death of the net?  Oh yes, it's entirely
    forgivable that they didn't spend a lot of time thinking about the problem
    on Thursday, because tech support people around the campus have been as busy
    as one-armed paperhangers trying to clean up after Blaster and Sobig-F.
    Yes, they *do* stop those things entering through the network.  Yes, they
    *do* provide up-to-date anti-virus software.  However, people _will_ run
    Windows on their laptops, take them home, and bring the infection back...
    
    Instead of just deleting all virus messages, I think it would be better to
    retain a random sample of (say) 30,000 of them.
    
    So I've learned something:  I can lose a couple of hundred messages because
    of a virus my machine didn't catch and cannot catch, because of what the
    virus did to a mail hub that didn't and couldn't catch it either.
    
    I've also learned that if I receive e-mail without content or subject
    line, I probably shouldn't delete it all, like I did.  Sigh.
    
      [The quoted text was quite sloppy.  Vastly too many "(sic.)"s have been
      removed, and various garbles fixed to make this message more readable.
      My apologies if I missed a few!  PGN]
    
    ------------------------------
    
    Date: Mon, 25 Aug 2003 17:42:09 -0400
    From: Richard Forno <rfornoat_private
    Subject: Hackers cut off SCO Web site (via Dave Farber)
    
    As an IT security professional but also someone who thinks the SCO-World
    case is loonier than Franken-Fox, I'm not sure whether to smirk with
    satisfaction or offer to help find the perpetrator....
    
    Hackers cut off SCO Web site
    By Martin LaMonica, CNET News.com, 25 Aug 2003
    
    This weekend, a denial-of-service attack took down the Web site of The SCO
    Group, which is caught in an increasingly acrimonious row with the
    open-source community over the company's legal campaign against Linux.
    SCO's Web site was largely out of commission until Monday morning, a
    representative of the Lindon, Utah-based Unix and Linux seller said Monday.
    Performance measurement statistics from Netcraft indicated that the site had
    been down since Friday night.
    
    In a distributed denial-of-service (DDoS) attack, numerous computers
    simultaneously send so much data across a network that the targeted system
    slows to a crawl while trying to keep up with the traffic it's receiving.
    The SCO representative could not say where this weekend's strike originated.
    However, unofficial open-source spokesman Eric Raymond suggested in a
    posting Sunday to open-source news Web site NewsForge that the attack was
    launched by someone angry at comments from SCO executives criticizing the
    open-source community's role in the legal battles over Linux.  [...]
      http://news.com.com/2100-1002_3-5067743.html?tag=fd_top
    
    Source: Dave Farber's IP distribution
      http://www.interesting-people.org/archives/interesting-people/
    
    ------------------------------
    
    Date: Tue, 26 Aug 2003 08:28:20 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: More theories about Sobig vandal's motivation
    
    Is money the real motivation for the spread of the Sobig virus? Sobig is 
    transmitted as an e-mail attachment and is the sixth variant of the 
    malicious code by an unknown attacker. Mikko H. Hypponen, director of 
    antivirus research at F-Secure corporation in Finland says: "I think the 
    motivation is clear: it's money. Behind Sobig we have a group of hackers 
    who have a budget and money." Computer security expert Russ Cooper suggests 
    that the vandal is acting out comic book fantasies: "You can liken this guy 
    to Lex Luthor and we're all Supermen. Luckily, we've been able to get the 
    kryptonite from around our necks each time so far." One popular theory is 
    that Sobig is the work of an e-mail spammer who is aggressively trying to 
    build a clandestine infrastructure for blitzing the Internet with junk 
    e-mail. Antivirus software researcher Joe Hartman of TrendMicro says, "If 
    machines remain infected they could be used in any kind of attack. The 
    question we ask ourselves is, What is he trying to achieve? We don't think 
    it's planned for a specific threat, rather its more likely a money-making 
    spam scheme." And Bruce Hughes of Trusecure points out: "There is some 
    evidence that he's been tied in with spammers." Sobig spreads further only 
    when a computer user selects the attached program that then secretly mails 
    itself to e-mail addresses stored in the user's computer. The Computer 
    Emergency Response Team at Carnegie Mellon University says, "Our current 
    advice is: Don't open an attachment unless you are expecting one."  [*The
    New York Times*, 26 Aug 2003; NewsScan Daily, 26 August 2003]
      http://partners.nytimes.com/2003/08/26/technology/26VIRU.html
    
    ------------------------------
    
    Date: Wed, 27 Aug 2003 22:17:34 -0400
    From: Scott Nicol <snicolat_private>
    Subject: Re: Sobig affects Amtrak trains, Air Canada (Leisner, RISKS-22.88)
    
    According to a technically sparse press release by CSX
    <http://www.csx.com/?fuseaction=company.news_detail&i=45722&news_year=-1>,
    it wasn't the signalling computers that were affected, but rather the
    communication lines that the signals are sent on.  One would have to
    assume this means that the communication lines that are used for
    signalling are also used for other purposes, including sending e-mail.
    
    What happens when somebody inside CSX sends an e-mail to "all", on the
    subject of, say, next years health plan choices, with a 20MB powerpoint
    presentation attached?  Do the signals get blocked for a few minutes until
    the e-mail is dispatched everywhere?
    
    ------------------------------
    
    Date: Wed, 27 Aug 2003 18:51:16 +0100
    From: Neil Youngman <no.spam.for.n.youngmanat_private>
    Subject: Re: "Good" worm fixes infected computers (Schindler, RISKS-22.87)
    
    > Even though the new worm is "good," it can cause plenty of
    > trouble for computer users ...  
    
    I remember discussing the topic of "good viruses" and why there was no such 
    thing -- way back in 1989; see 
      http://www.ja.net/CERT/CERT-CC/virus-l/archives/1989/v2i117
    
    Now I know of one company whose network was taken off line for at least 24
    hours by this "good virus". A truly destructive "good virus" may have taken
    a long time to arrive but I'm sorry to see that it finally got here.
    
    ------------------------------
    
    Date: Sun, 31 Aug 2003 15:00:15 +0100
    From: "Martyn Thomas" <martyn@thomas-associates.co.uk>
    Subject: More on the Davis-Besse worm attack (RISKS-22.88)
    
    "When the Davis-Besse nuclear power plant in Ohio was hit by the Slammer
    worm [in Jan 2003], the reactor happened to be off-line.  But the worm
    disabled a safety monitoring system for nearly five hours.  'We are still
    working through the information to find out what happened', says a spokesman
    for Akron-based FirstEnergy, which owns the plant."  [Source: *New
    Scientist*, 30 Aug 2003, page 5]
    
    ------------------------------
    
    Date: Wed, 27 Aug 2003 17:15:06 -0400
    From: Dan Pritts <dannoat_private>
    Subject: Re: Satellite photo of Eastern North America during blackout (R-22.88)
    
    Given the population density, I would be shocked if there were not more cars
    and generators per square mile in metro NYC than anywhere else on the
    continent.  Detroit and Cleveland are certainly much less densely populated
    than metro NYC (I don't know about Toronto but it can't be any MORE dense).
    
    I would also expect that the saturation of generators is likely very low in
    all of these areas compared to the saturation of cars.  Most families have
    multiple cars - few families have generators.  Obviously not all the cars
    were on, but traffic snarls in NYC might also suggest that the commuters all
    were still trying to get home 7 hours later.
    
    ------------------------------
    
    Date: Sat, 23 Aug 2003 22:30:19 +0800
    From: "Paul D. Walker" <pdwalkerat_private>
    Subject: Re: Nasty elevator death at Houston hospital (RISKS-22.87)
    
    > RISKS reported the earlier cases in Ottawa [...]
    
    Actually, there were three deaths that summer from elevators.  I lived in
    Ottawa during that summer and since then I have become extra cautious about
    crossing elevator doors.
    
    ------------------------------
    
    Date: Fri, 22 Aug 2003 10:08:51 -0500 (CDT)
    From: rickat_private (Richard H Miller)
    Subject: Re: Nasty elevator death at Houston hospital
    
    > ... We also previously reported the Houston elevator that failed
    > in the floods caused by Tropical Storm Allison and by default went down to
    > the BOTTOM, drowning its occupant (RISKS-21.47).
    
    Actually this is becoming a bit of an urban legend. The elevator did not
    take the woman down to the basement. What happened was the several people
    walked down to the lower levels of the garage to attempt to move their cars
    higher.  [I believe it was the woman and a security guard].  In the basement
    level, a wall separating the garage from the bayou was penetrated and the
    water came rushing into the garage.  The woman was picked up by the water
    and happened to be flung into the open elevator.  Some of the details may be
    fuzzy but it was not a case of an elevator opening into a flood
    
    Richard H. Miller, MCSE, Information Security Manager, Information Technology
    Security and Compliance, Information Technology - Baylor College of Medicine
    
    ------------------------------
    
    Date: Tue, 2 Sep 2003 13:42:16 -0400 (EDT)
    From: daniel lance herrick <herrickat_private>
    Subject: Re: Pilot fixes faulty jet (Ladkin, RISKS-22.88)
    
    Peter Ladkin's followup in RISKS-22.88 had the URL of a BBC story on the
    incident. That story had a whole lot of (generally uninformed) comments
    added at the end. There was one highly informative contribution:
    
     I was one of the passengers on this flight (with my wife and 2 young
     children) and have been amazed by the inaccuracy of the reporting on this
     event. The vote was not to see if we should "risk it" but merely whether
     passengers wanted to go the lengths of boarding the plane again (3rd time)
     to try and fly home. The only "risk" was that the plane would only be able
     to taxi to the end of the runway and because of the fault not start the
     initialisation sequence. We would then have had to go straight back to the
     terminal and wait at least another 4 hours for the engineers to be flown
     from the UK.
    
     All the news I have read today is about a "patched" plane "personally
     repaired" by the pilot and then us voting whether we thought it was safe to
     fly, which is just not the case but obviously makes for a better
     headline. It is funny that the bit of oil on the pilots shirt has now
     become him being "caked" and "covered" in oil!  Nigel, England
    
    What a letdown!
    
    ------------------------------
    
    Date: 30 May 2003 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .UK users should contact <Lindsay.Marshallat_private>.
    => SPAM challenge-responses will not be honored.  Instead, use an alternative 
     address from which you NEVER send mail!
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES: http://www.sri.com/risks
     http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue]
       Lindsay has also added to the Newcastle catless site a palmtop version 
       of the most recent RISKS issue and a WAP version that works for many but 
       not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.89
    ************************
    



    This archive was generated by hypermail 2b30 : Tue Sep 02 2003 - 14:29:54 PDT