[risks] Risks Digest 22.90

From: RISKS List Owner (riskoat_private)
Date: Mon Sep 08 2003 - 16:53:18 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.91"

    RISKS-LIST: Risks-Forum Digest  Monday 8 September 2003  Volume 22 : Issue 90
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at http://www.risks.org as
      http://catless.ncl.ac.uk/Risks/22.90.html
    The current issue can be found at
      http://www.csl.sri.com/users/risko/risks.txt
    
      Contents:
    Men steal computers in high-security facility in Australia (David Landgren,
      Craig S. Bell)
    Handicapped's gas pedal on left side of car leads to 3 injuries (Kurt Thams)
    Blackout of mobile phone service in greater Frankfurt (Juergen Fenn)
    Nuclear powerplants may not have firewalls!! (Marty Leisner)
    Computer failures led to NE US blackout (Jeremy Epstein)
    Trade group tells DHS don't use MS (PGN)
    Curtailing online education in the name of homeland security (Jaeger/Burnett
      via Monty Solomon)
    Secrecy and the Patriot Act (Amy Goldstein)
    Identity Theft Victimizes Millions, Costs Billions (Jennifer 8. Lee 
      via Monty Solomon <montyat_private>
    Victims of identity theft and account theft (NewsScan)
    California gets new privacy law (NewsScan)
    ICANN takes hits from lawmakers (NewsScan)
    The benefits and risks of robot surgery (Juergen Fenn)
    WhereWare (Eric W. Pfeiffer via Monty Solomon)
    Covert virus channels? (Rob Slade)
    The dangers of remote start on a car with manual transmission (Jason Lunz)
    Testing by Chimp?  I think it too risky (Bob Heuman)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Sat, 06 Sep 2003 12:41:42 +0200
    From: David Landgren <davidat_private>
    Subject: Men steal computers in high-security facility in Australia
    
    Two men gained access to a high-security computer facility at Sydney
    Internal Airport, passing themselves off as contractors.  They disconnected
    and walked off with two computers on a trolley.  The Australian Federal
    Police and ASIO (Australian Security Intelligence Organisation) would like
    to know as a consequence to what extent their operations have been
    compromised.
    
    Where once again it is shown that security is only as good as its weakest
    link:
      http://www.smh.com.au/articles/2003/09/04/1062548967124.html
    
    ------------------------------
    
    Date: Sat, 06 Sep 2003 19:00:57 GMT
    From: "Craig S. Bell" <craigat_private>
    Subject: Men steal computers in high-security facility in Australia
    
    This appears to have been an inside job.  The stolen hardware may contain
    sensitive security / anti-terror information.  I wonder whether they ran any
    sort of monitoring software that noticed whether the application was
    running.  Even if they were monitoring, would anyone have been able to show
    up or alert the guards in two hours?
    
    Considering the level of security at a corporate datacenter that I frequent,
    I can easily foresee how such a thing can happen -- if you look like you
    know where you're going, you are rarely challenged by the superannuated
    private security guards, who often seem less aware of their surroundings
    than the janitorial staff.
    
    ------------------------------
    
    Date: Tue, 2 Sep 2003 15:48:28 -0700 (PDT)
    From: Kurt Thams <thamsat_private>
    Subject: Handicapped's gas pedal on left side of car leads to 3 injuries
    
      Two elderly women and a young man were hospitalized Monday after an
      85-year-old Stockton man driving on the Santa Cruz Municipal Wharf
      apparently mistook a car's gas pedal for the brake and struck four people.
      [...]  The car did not belong to (the driver) and had a gas pedal for
      handicapped drivers that extends to the left side of the car.
        [http://www.santacruzsentinel.com/archive/2003/September/02/local/
        stories/01local.htm
      or
        http://tinyurl.com/m0x6]
    
    The article does not say whether there is any warning posted on the car that
    the vehicle's controls are not like other cars.  Even so, one wonders if any
    driver accustomed to standard controls could avoid reflexively hitting the
    gas when he meant to hit the brake.
    
    ------------------------------
    
    Date: Sun, 07 Sep 2003 00:22:29 +0200
    From: Juergen Fenn <juergen.fennat_private>
    Subject: Blackout of mobile phone service in greater Frankfurt
    
    Mobile phone services of Deutsche Telekom's subsidiary company T-Mobile in
    the greater Frankfurt area were interrupted from 10am on 9 September 2003
    until late evening when phones could be used again.  A spokesman for
    T-Mobile said in a statement to "heise online" that the failure was probably
    due to a power blackout, or to a problem with the software the company is
    using.  The blackout initially was said to end after two hours (report in
    German): http://www.heise.de/newsticker/data/jk-04.09.03-004/ Other
    telephone companies were not affected.
    
    ------------------------------
    
    Date: Mon, 08 Sep 2003 10:25:12 -0400
    From: "Marty Leisner" <mleisnerat_private>
    Subject: Nuclear powerplants may not have firewalls!!
    
      [Source: *The New York Times*, 7 Sep 2003]
      http://www.nytimes.com/2003/09/07/technology/07WORM.html
    
      [...] But an incident in January at the Davis-Besse Nuclear Power Station,
      run by the FirstEnergy Corporation outside Toledo, Ohio, showed that this
      was not always the case. The nuclear plant has not been generating power
      since early 2002, but a computer system there that was not supposed to be
      linked to the Internet was invaded by a worm known as Slammer, causing the
      system to shut down for five hours. The event was not made public until
      Kevin Poulsen reported it on Aug. 20 on SecurityFocus .com, an
      information-security news site.
    	
      Richard Wilkins, a FirstEnergy spokesman, said the company realized after
      the worm struck that it did not have a firewall isolating its corporate
      computers from the computers controlling the reactors, but that it now had
      such a safety precaution in place.
    	
      SIX months after the Davis-Besse problem, the North American Electric
      Reliability Council, the industry group overseeing the electrical grid,
      announced that there were "documented cases in which bulk electric system
      control was impaired" by the same worm. It recommended that utility
      companies separate the computers running their power grids from their
      corporate networks.
    
    I'm amazed by so many things...including they use commercial, virus-plagued
    operating systems systems to run their infrastructure.
    
    ------------------------------
    
    Date: Thu, 4 Sep 2003 10:03:11 -0400 
    From: Jeremy Epstein <jeremy.epsteinat_private>
    Subject: Computer failures led to NE US blackout
    
    According to the WashPost, transcripts of telephone conversations released
    by the House Energy and Commerce Committee show that computer failures in
    monitoring the transmission lines left the operators blind.  That meant they
    couldn't tell what was happening or control the systems, leading to the
    power surge that caused the blackout.
      http://www.washingtonpost.com/wp-dyn/articles/A22588-2003Sep3.html
    
    Readers of RISKS shouldn't be the least bit surprised...
    
    ------------------------------
    
    Date: Tue, 2 Sep 2003 15:36:49 -0700 (PDT)
    From: "Peter G. Neumann" <neumannat_private>
    Subject: Trade group tells DHS don't use MS
    
    The Computer & Communications Industry Association (CCIA) has urged the
    Department of Homeland Security to reconsider its decision to use Microsoft
    software on its desktop and server systems, citing "major security failures"
    created by the raft of vulnerabilities in MS's products.
      http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=44258
    
    ------------------------------
    
    Date: Wed, 3 Sep 2003 01:23:36 -0400
    From: Monty Solomon <montyat_private>
    Subject: Curtailing online education in the name of homeland security
    
    Curtailing online education in the name of homeland security: The USA 
    PATRIOT Act, SEVIS, and international students in the United States
    by Paul T. Jaeger and Gary Burnett
    
    ABSTRACT
    Online courses have become an important part of the academic offerings of
    many institutions of higher education in the United States. However, the
    homeland security laws and regulations enacted since September 2001,
    including the USA PATRIOT Act, have created serious limitations on the
    ability of international students studying in the United States to
    participate in online educational opportunities. Placing online education
    within the context of the mutually beneficial relationships between
    international students and the United States, this article examines the
    assumptions and the impacts of these regulations on the students and the
    institutions of higher education. This article explores the enrollment
    limitations in online courses for international students in terms of
    information policy and concepts of presence and identity in online
    environments, offering an examination of the implications of this issue for
    education and information in United States.
    
    CONTENTS
    Introduction: The United States of America, immigrants, and visitors
    International students in the United States
    The USA PATRIOT Act and international students
    Restrictions on the online education of international students
    Identity and presence in online environments
    Conclusion: The policy picture for education and information
    
    http://firstmonday.org/issues/issue8_9/jaeger/index.html
    
    ------------------------------
    
    Date: Mon, 08 Sep 2003 09:59:02 -0400
    From: "Peter G. Neumann" <neumannat_private>
    Subject: Secrecy and the Patriot Act (Amy Goldstein)
    
    [Source: Fierce Fight Over Secrecy, Scope of Law; 
    Amid Rights Debate, Law Cloaks Data on Its Impact 
    By Amy Goldstein, *The Washington Post*, 8 Sep 2003; Page A01; 
    PGN-excerpted from a long and informative article] 
      http://www.washingtonpost.com/wp-dyn/articles/A40110-2003Sep7.html
    
    In Seattle, the public library printed 3,000 bookmarks to alert patrons that
    the FBI could, in the name of national security, seek permission from a
    secret federal court to inspect their reading and computer records -- and
    prohibit librarians from revealing that a search had taken place.
    
    In suburban Boston, a state legislator was stunned to discover last spring
    that her bank had blocked a $300 wire transfer because she is married to a
    naturalized U.S. citizen named Nasir Khan.
    
    And in Hillsboro, Ore., Police Chief Ron Louie has ordered his officers to
    refuse to assist any federal terrorism investigations that his department
    believes violate state law or constitutional rights.  [...]
    
    By its very terms, the Patriot Act hides information about how its most
    contentious aspects are used, allowing investigations to be authorized and
    conducted under greater secrecy.  As a result, critics ranging from the
    liberal American Civil Liberties Union to the conservative Eagle Forum
    complain that the law is violating people's rights but acknowledge that they
    cannot cite specific instances of abuse. [...]
    
    This summer, two major lawsuits were filed challenging the Patriot Act's
    central provisions. The Republican-led House startled the administration in
    July by voting to halt funding for a part of the law that allows more delays
    in notifying people about searches of their records or belongings. And the
    GOP chairmen of the two congressional committees that oversee the Justice
    Department have warned Ashcroft that they will resist any effort, for now,
    to strengthen the law.
    
    ------------------------------
    
    Date: Thu, 4 Sep 2003 23:01:39 -0400
    From: Monty Solomon <montyat_private>
    Subject: Identity Theft Victimizes Millions, Costs Billions
    
    Source: Article by Jennifer 8. Lee, 4 Sep 2003
    http://www.nytimes.com/2003/09/04/politics/04IDEN.html
    
    About 3.3 million American consumers discovered within the last year that
    their personal information had been used to open fraudulent bank, credit
    card or utility accounts, or to commit other crimes, according to the
    Federal Trade Commission's first national survey on identity theft.  The
    commission, in a report issued today, said these cases had collectively cost
    businesses $32.9 billion and consumers $3.8 billion.
    
    In addition, 6.6 million people fell victim to account theft in the last
    year. Unlike identity theft, in which the criminal uses personal information
    to open and use accounts that are in the victim's name, account theft
    entails using stolen credit or A.T.M. cards, or financial records, to steal
    from the victim's existing accounts.
    
    Such account-theft cases, the survey found, caused $14 billion in business
    losses and $1.1 billion in consumer losses. The vast majority of these
    cases, almost 80 percent, involved credit card fraud.
    
    Though account theft and identity theft are often lumped together in popular
    perception, data from the survey showed that the consequences of identity
    theft were more severe.  In identity theft, which accounted for nearly 10
    million of the 27 million cases of both types in the last five years, the
    financial losses were greater, and it took victims longer to resolve the
    cases.  [...]
    
    ------------------------------
    
    Date: Thu, 04 Sep 2003 09:17:35 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: Victims of identity theft and account theft
    
    [...] Half of all victims knew the method by which the thieves had obtained
    the personal information.  About 25% of the victims said the information had
    been stolen through either the mail or the loss of a wallet, and 13% percent
    said it had been stolen in the course of a purchase or another transaction.
    [*The New York Times*, 4 Sep 2003; NewsScan Daily, 4 Sep 2003]
      http://partners.nytimes.com/2003/09/04/politics/04IDEN.html
    
    ------------------------------
    
    Date: Thu, 28 Aug 2003 08:30:19 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: California gets new privacy law
    
    California has just passed privacy legislation aimed at preventing banks,
    insurance companies and other institutions from sharing their personal
    information, and Gov. Gray Davis said: "Most Californians are stunned to
    learn that financial corporations trade their names for money. That is
    wrong, and when I sign this bill, that practice will stop." The law will
    require permission from a customer before financial institutions share any
    information on that customer with an unaffiliated company or an affiliated
    firm in a different line of business.  [AP/*USA Today*, 28 Aug 2003;
    NewsScan Daily, 28 Aug 2003]
    http://www.usatoday.com/tech/news/techpolicy/2003-08-28-davis-privacy-bill_xhtm
    
    ------------------------------
    
    Date: Fri, 05 Sep 2003 08:30:32 -0700
    From: "NewsScan" <newsscanat_private>
    Subject: ICANN takes hits from lawmakers
    
    Rep. Howard Berman (D-Calif.) is critical of ICANN (the Internet 
    Corporation for Assigned Names and Numbers) for not doing enough to stop 
    scammers and child pornographers from registering under false names with 
    stolen credit cards: "I'm disappointed with the failure of the marketplace 
    and regulators to deal with this problem. A legislative solution seems 
    necessary." And Rep. Lamar Smith (R-Texas) agrees: "There's not a real 
    seriousness of intent either by ICANN or the Department of Commerce to have 
    an accurate whois database." Commerce Department General Counsel Theodore 
    Kassinger says that ICANN is busy working on solving the problem. 
    [Reuters/*USA Today*, 4 Sep 2003; NewsScan Daily, 5 September 2003]
      http://www.usatoday.com/tech/news/techpolicy/2003-09-04-net-id-checks_x.htm
    
    ------------------------------
    
    Date: Sun, 07 Sep 2003 00:11:40 +0200
    From: Juergen Fenn <juergen.fennat_private>
    Subject: The benefits and risks of robot surgery
    
    The benefits and risks of robot surgery have been discussed in press reports
    in Germany recently. A medical robot constructed to make operations for
    inserting artificial hip and knee joint implants more precise has been
    criticised for allegedly causing severe harm to at least a small number of
    patients, German news magazine DER SPIEGEL reported recently (in German):
    
      http://www.spiegel.de/spiegel/vorab/0,1518,262585,00.html
      http://www.spiegel.de/spiegel/0,1518,262637,00.html
    
    The reports are claiming "about two dozen cases" would be considered by
    medical experts as some former patients are seeking compensation for rather
    severe damages to their muscles and nerves after undergoing operations. Ten
    lawsuits are pending at a Frankfurt court. According to DER SPIEGEL a Los
    Angeles law firm is said to represent some American patients who underwent
    surgery at a clinic at Frankfurt, Germany, specialising in this kind of
    operations suing the American manufacturer of the system in mass action at a
    Californian court.
    
    The report admits, however, that some 6000 operations have been done in all.
    Most operations are said to have been successful.
    
    In a press release the body responsible for the clinic has said the system
    is also used in Korean and Japanese clinics routinely. Using "Robodoc" meant
    putting considerably less strain on patients than traditional methods. It is
    said to be working rather reliable. The risks of post-surgical complications
    would be much smaller than without the system which has already been used
    for 10 years (in German):
    
      http://www.hvbg.de/d/pages/presse/preme/robodoc.htm
    
    A presentation of the robot's capabilities can be found at
    
      http://www.robodoc.com/eng/robodoc.html
    
    ------------------------------
    
    Date: Mon, 25 Aug 2003 11:00:59 -0400
    From: Monty Solomon <montyat_private>
    Subject: WhereWare
    
      By Eric W. Pfeiffer, Sep 2003, *Technology Review*
      http://www.technologyreview.com/articles/pfeiffer0903.asp
    
    Soon, hardware and software that track your location will be 
    providing directions, offering shopping discounts, and aiding rescue 
    workers-services that promise a windfall for ailing telecom carriers.
    
    Amanda sits idly at the bar of the trendiest restaurant in town, twirling a
    swizzle stick and sipping a cocktail. But cool as she looks, she's feeling
    anxious: her date is nearly 15 minutes late. She considers calling him but
    doesn't want to seem nervous or overeager.  Still, she pulls out her cell
    phone, only instead of calling, she opens a special menu, enters his number,
    and sees that he is at the corner of Prospect and Broadway, not more than
    three minutes away.  When he walks in, Amanda brushes off his apology,
    saying she wasn't at all worried.
    
    Sound fanciful-or outright implausible? Lock on to location-based computing,
    the hottest thing in wireless, which offers new services to customers and
    new revenue streams to carriers, and could save lives in the process. The
    idea is to make cell phones, personal digital assistants, and even fashion
    accessories capable of tracking their owners' every movement-whether they're
    outdoors, working on the 60th floor, or shopping in a basement arcade.
    Already, Japanese telecommunications company KDDI offers over 100 different
    location-based services using technology developed by wireless-equipment
    maker Qualcomm, from bracelets to let parents track their kids in the park,
    to cell phones that point the way to cheap noodle shops in Tokyo's
    skyscraping Shinjyuku district. In Korea, two million citizens use their
    cell phones to locate nearby friends and, for example, find the most
    convenient coffee shops for impromptu meetings. In Europe, cell-phone
    networks can locate users and give them personalized directions to Big Ben,
    or the Eiffel Tower.  [...]
    
    ------------------------------
    
    Date: Wed, 3 Sep 2003 15:56:59 -0800
    From: Rob Slade <rsladeat_private>
    Subject: Covert virus channels?
    
    I am under attack.  Or, at least, it feels like it.
    
    Craig, in Atlanta, has a broadband connection, from atlantabroadband.com.
    He also has Sobig.  And he's been sending me between 60 and 100 infected
    messages *per hour* for the past couple of days.  (He seems to turn his
    machine off at night.  Thank goodness.)
    
    That's about all I can find out about Craig, given his email headers:
    
    Received: from CRAIG (81.cpe.atlantabroadband.com [64.30.ZZZ.ZZ] (may be 
    forged)) by vcn.bc.ca (8.11.7+Sun/8.11.7) with ESMTP id h83LZkX08894 for 
    <rsladeat_private>; Wed, 3 Sep 2003 14:35:47 -0700 (PDT)
    
    After all, Sobig isn't one of those viruses, like Sircam and Klez, that
    steals info from your machine and broadcasts it all over the net.
    
    Or is it?
    
    Given the number of messages I've received from him over the past two days,
    I've got a pretty complete list of the email addresses on his machine.
    
    Not knowing the rag, I don't know whether I'm supposed to be impressed that
    he is in contact with Intelligencerat_private  He seems to be into
    self- promotion--premierlistnyat_private and ratings@about-inc.com.  And maybe
    trying to set up his own business (ezcreationsltdat_private)?  He *does*
    seem to be trying to better himself, maybe get an education
    (ZZZZZZZat_private and LearnLinkinfoat_private).  He
    might be aware that something is wrong with his machine: he seems to be
    rather eclectic in terms of where he goes for help (hot-lineat_private,
    InfoServiceat_private, mssupportat_private, mswsgulfat_private).
    
    All of this may be due to an impending marriage: is he searching for an
    engagement ring (infoat_private)?  And, if so, does his fiancee
    know about helpat_private, salat_private, salformat_private,
    sassyemailat_private, and supportat_private?
    
      [x changed to Z above in hopes of getting by a few filters.  PGN]
    
    Then again, maybe he's a terrorist: mts@lebanon-online.com.lb.
    
    (For those both ethical and unobservant, I have tried to mung anything that 
    seemed to identify any person.)
    
    rsladeat_private      sladeat_private      rsladeat_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: Wed, 3 Sep 2003 14:23:13 -0400
    From: Jason Lunz <lunzat_private>
    Subject: The dangers of remote start on a car with manual transmission
    
      [This story appeared on a local chat mailing list. It's forwarded to
      RISKS and rewritten for brevity with permission.  Jason]
    
    An online acquaintance of mine has a manual-transmission car with remote
    start option.  On Saturday, a stuck antenna switch on the console needed to
    be cleaned.  The car was parked, out of gear, with the hand brake on.  To
    operate the switch, the hand brake had to be released, so the car was put in
    gear to stop it from rolling.  The antenna switch was cleaned and returned
    to working order.
    
    On Sunday when the car was next needed, its state was momentarily
    forgotten.  The remote start button was pressed several times.  Nothing
    happened.  The car alarm was disarmed, and trunk opened for loading. The
    remote start button was tried again, this time with disastrous results.
    The car started, then proceeded driverless over a curb, over some
    rosebushes, over a sapling, and over an embankment wall.
    
    The risk is obvious. Why would it be possible for a remote start feature
    to engage with the car in gear? My automatic-transmission car won't
    shift out of park unless a safety interlock is disengaged, and the
    safety won't operate unless I put my foot on the brake. It's not clear
    why something as potentially dangerous as a remote start system wouldn't
    take similar precautions.
    
    ------------------------------
    
    Date: Tue, 02 Sep 2003 21:57:17 -0400
    From: rshat_private
    Subject: Testing by Chimp?  I think it too risky
    
    How do I describe the risks of using programs tested by Chimps paid 45 cents
    per hour (Banana Dollars?)... This is definitely outsourcing, but who is it
    who is out of their mind?  
     
    Found at http://www.itworldcanada.com/index.cfm/ci_id/47258.htm
    
    Chimps go ape for Visual Basic 6.0
    
    Funny enough, this is no joke [*].  A company in Des Moines, Iowa is
    teaching computer programming skills to chimpanzees and has plans to resell
    their services in outsourcing contracts.  Primate Programming Inc. recently
    conducted research that claims computer programming is a task that most
    higher primates can perform.  And, according to the company, the primate
    programming language of choice is Microsoft Corp.'s Visual Basic 6.0.
    Primate Programming is offering software maintenance and report writing
    services -- all conducted by chimpanzees -- for approximately US$0.69 per
    hour.  The company also offers software testing for US$0.45 per hour -- a
    lower price since the chimps require less skill to conduct tests. Visit
    www.newtechusa.com/ppi/main.asp for more information.
    
      [* It is much too early -- or too late -- for April Fools' Day, and this one
      has been around for quite a while, but I sort of regret having ignored it
      previously, so why not now?  The Web site has matured a little since.
      PGN]
    
    ------------------------------
    
    Date: 30 May 2003 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .UK users should contact <Lindsay.Marshallat_private>.
    => SPAM challenge-responses will not be honored.  Instead, use an alternative 
     address from which you NEVER send mail!
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES: http://www.sri.com/risks
     http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue]
       Lindsay has also added to the Newcastle catless site a palmtop version 
       of the most recent RISKS issue and a WAP version that works for many but 
       not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.90
    ************************
    



    This archive was generated by hypermail 2b30 : Mon Sep 08 2003 - 17:25:20 PDT