[risks] Risks Digest 22.96

From: RISKS List Owner (risko@private)
Date: Sat Oct 18 2003 - 10:48:22 PDT

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.97"

    RISKS-LIST: Risks-Forum Digest  Saturday 18 October 2003  Volume 22 : Issue 96
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at http://www.risks.org as
      http://catless.ncl.ac.uk/Risks/22.96.html
    The current issue can be found at
      http://www.csl.sri.com/users/risko/risks.txt
    
      Contents:
    Building cleared after computers blow (Graham Smith)
    Car navigation system led tourist into supermarket (Michael Borek)
    The Joy of Good Design (NewsScan)
    Top 10 data disasters (NewsScan)
    Billboard slip adds to humiliation for Chicago Cubs (Bill Higgins)
    The Future of Surveillance (Bruce Schneier)
    Hacker charged with securities fraud (NewsScan)
    More on the California recall election (Rebecca Mercuri)
    Re: Something Fishy about Diebold (Doug Sojourner)
    Re: Continental taking back mistaken transactions (Phil Reed)
    Re: Satellite photo of Eastern North America during blackout (Mark Brader)
    Deadlock in Licensing Agreement, Dell Dumped (Mark Brader)
    'Lover Spy' software (Geoffrey Brent)
    Re: Unencrypted credit-card submission forms (Bill McGonigle)
    Re: Benjamin Franklin (Jay R. Ashworth)
    Re: W32/Swen: And I thought I had it bad... (Jon Seymour)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Thu, 16 Oct 2003 11:32 +0100 (BST)
    From: gks@private (Kildwick Smith Ltd)
    Subject: Building cleared after computers blow
    
    I bet your company's business risk list doesn't include computers blowing
    up! <grin>
    
    submitted by Graham Smith from
      http://www.thisislincolnshire.co.uk/displayNode.jsp
      ?nodeId=57711&command=displayContent&sourceNode=57238&contentPK=7422650
    
    Building cleared after computers blow 
    *Lincolnshire Echo*, 16 Oct 2003 
      
    An office building was evacuated on 15 Oct 2003 after 30 computers exploded.
    Around 400 members of staff at HBS Business Services, in Brayford Wharf
    North, Lincoln, left the building just after 12.15pm.  Computers in one
    block of the building had blown up, producing smoke and setting off the fire
    alarms.  Workers had to wait for more than 90 minutes before they could
    return to their desks.  The cause was an electrical.  All the computers have
    to be replaced.
     
    ------------------------------
    
    Date: Thu, 16 Oct 2003 12:15:46 -0400
    From: mikkeles@private (Michael Borek)
    Subject: Car navigation system led tourist into supermarket
    
    A US tourist's trip through Bavaria ended with an unexpected visit to a
    supermarket when his car's navigation system led him straight through the
    store's doors.  He depended entirely on the navigation system and did not
    notice approaching the supermarket until entering it.  [Source: Ananova News]
      http://www.ananova.com/news/story/sm_828633.html?menu=news.quirkies
    
    There are details neither on the navigation system in use nor the reason why
    it "thought" there was a carriageway there.  I could see the cause being
    either inaccurate maps (data) or a failure in the resolution of the code
    (assuming that the algorithms work, of course!).  In any case, the
    inattention (or misplaced attention) of the driver, who had been
    celebrating, is a significant factor.
    
    ------------------------------
    
    Date: Tue, 14 Oct 2003 09:05:00 -0700
    From: "NewsScan" <newsscan@private>
    Subject: The Joy of Good Design
    
    Design guru Don Norman says the way a device looks, feels and gives pleasure
    is just as important as how it works, and that good design can make up for
    some -- though not all -- shortcomings. "How attractive something is will
    mean people will overlook some of the bad functionality, but not
    completely." His new book, "Emotional Design: Why We Love (or Hate) Everyday
    Things," -- due out in 2004 -- focuses on the way design works at different
    levels of brain perception. "The visceral level is the low biological level
    and that's where beauty comes in and appearances matter.  On the surface
    something looks attractive and feels good. That is very important and that
    makes the brain function differently," says Norman. The behavioral level,
    which controls muscles, perception and language, perceives an object's
    usability and how it feels. But Norman says the most important aspect of
    design is its ability to invoke the deeper level of reflection, the level
    that dictates how we feel about things. "That is where having a good brand
    name matters. Having a good brand name has to be earned because they stand
    for trust." Good emotional design must incorporate all three levels, and
    Norman cites Apple and Sony as two companies that have managed to do that
    well.  [BBC News 14 Oct 2003; NewsScan Daily, 14 October 2003]
      http://news.bbc.co.uk/1/hi/technology/3175506.stm
    
    ------------------------------
    
    Date: Thu, 16 Oct 2003 09:09:05 -0700
    From: "NewsScan" <newsscan@private>
    Subject: Top 10 data disasters
    
    Although machine failure is at fault for the majority of lost data
    disasters, humans are increasingly culpable as well, according to recovery
    experts at Kroll Ontrack. "Despite being the easiest problem to prevent, we
    are seeing more cases where human error is to blame. Interestingly, we see a
    15 to 20% increase in calls to recover lost data on Mondays. This could be a
    result of the rush to complete work and leave early for the weekend on
    Friday afternoons, as well as a lack of staff concentration on Monday
    mornings," says a Kroll spokesman. The Top 10 list of unusual data loss
    stories includes laptops being shot or thrown against the wall in a fit of
    e-rage; laptops suffering spills of red wine or latte because users were
    "drinking on the job," laptops falling off mopeds or car roofs, then being
    crushed by oncoming traffic; and PCs being thrown out a window or into a
    river to destroy evidence of theft or fraud. Our favorite? The laptop that
    slipped into the bathtub with its owner while he was working on accounts.
    Amazingly, Kroll Ontrack says in all these cases, it was able to rescue and
    restore computer files.  [BBC News 16 Oct 2003; NewsScan Daily, 16 Oct 2003]
      http://news.bbc.co.uk/1/hi/technology/3193366.stm
    
    ------------------------------
    
    Date: Wed, 15 Oct 2003 11:20:04 -0500
    From: Bill Higgins <higgins@private>
    Subject: Billboard slip adds to humiliation for Chicago Cubs
    
    Last night's baseball game was a difficult and disappointing one for the
    Chicago Cubs.  For most of the game, they were ahead of the Florida Marlins
    in the struggle for the National League championship, entering the eighth
    inning with a score of 3-0.  A fourth victory in the present series of
    playoff games would send them to the World Series-- which the Cubs have not
    reached since 1945-- so excitement was high.
    
    During the eighth inning, a Cubs fan at the edge of the stands reached out
    and deflected an incoming ball, causing a player to miss catching it. Even
    worse, the Marlins began a fantastic rally that ended the eighth inning, and
    ultimately the ballgame, with a score of 3-8.
    
    So, as I write this, the playoff series is 3-3, and tonight's game will
    decide the contest.
    
    This morning I heard WXRT radio report that "somebody at Budweiser hit SEND
    instead of DELETE," causing an animated highway billboard to spell out
    "CONGRATULATIONS 2003 NATIONAL LEAGUE CHAMPION CHICAGO CUBS."
    
    Obviously Budweiser's advertising people had the message ready for the
    contingency of a Cubs victory.
    
    You don't suppose that the same fumble-fingered guy who knocked the ball
    away from the Cubs' outfielder works at Budweiser as a billboard operator?
    Nah.
    
    I hope that the appearance of the mistaken congratulations doesn't jinx the
    Cubs, and that Budweiser will be able to re-use the message tomorrow.
    
    Bill Higgins      Fermi National Accelerator Laboratory  higgins@private
    
      [Unfortunately for the Cubs, that did not work out.  But it was a great
      year for them anyway, and we are once again reminded that baseball is a
      game of inches.  Same thing for the Red Sox (and Giants and Athletics).
      Wait Till Next Year is always the operative slogan for all but the
      eventual winner.  PGN]
    
    ------------------------------
    
    Date: Tue, 14 Oct 2003 22:58:28 -0500
    From: Bruce Schneier <schneier@private>
    Subject: The Future of Surveillance
    
      [From CRYPTO-GRAM, October 15, 2003]
    
    At a gas station in Coquitlam, British Columbia, two employees installed a
    camera in the ceiling in front of an ATM machine.  They recorded thousands
    of people as they typed in their PIN numbers.  Combined with a false front
    on the ATM that recorded account numbers from the cards, the pair was able
    to steal millions before they were caught.
    
    In at least 14 Kinko's copy shops in New York City, Juju Jiang installed
    keystroke loggers on the rentable computers.  For over a year he
    eavesdropped on people, capturing more than 450 user names and passwords,
    and using them to access and open bank accounts online.
    
    A lot has been written about the dangers of increased government
    surveillance, but we also need to be aware of the potential for more
    pedestrian forms of surveillance.  A combination of forces -- the
    miniaturization of surveillance technologies, the falling price of digital
    storage, the increased power of computer programs to sort through all of
    this data -- means that surveillance abilities that used to be limited to
    governments are now, or soon will be, in the hands of everyone.
    
    Some uses of surveillance are benign.  Fine restaurants sometimes have
    cameras in their dining rooms so the chef can watch diners as they eat their
    creations.  Telephone help desks sometimes record customer conversations in
    order to help train their employees.
    
    Other uses are less benign.  Some employers monitor the computer use of
    their employees, including use of company machines on personal time.  A
    company is selling an e-mail greeting card that surreptiously installs
    spyware on the recipient's computer.  Some libraries keep records of what
    books people check out, and Amazon keeps records of what books people browse
    on their website.
    
    And, as we've seen, some uses are criminal.
    
    This trend will continue in the years ahead, because technology will
    continue to improve.  Cameras will become even smaller and more
    inconspicuous.  Imaging technology will be able to pick up even smaller
    details, and will be increasingly able to "see" through walls and other
    barriers.  And computers will be able to process this information better.
    Today, cameras are just mindlessly watching and recording, but eventually
    sensors will be able to identify people.  Photo IDs are just temporary;
    eventually no one will have to ask you for an ID because they'll already
    know who you are.  Walk into a store, and you'll be identified.  Sit down at
    a computer, and you'll be identified.  I don't know if the technology will
    be face recognition, DNA sniffing, or something else entirely.  I don't know
    if this future is ten or twenty years out -- but eventually it will work
    often enough and be cheap enough for mass-market use.  (Remember, in
    marketing, even a technology with a high error rate can be good enough.)
    
    The upshot of this is that you should consider the possibility, albeit
    remote, that you are being observed whenever you're out in public.  Assume
    that all public Internet terminals are being eavesdropped on; either don't
    use them or don't care.  Assume that cameras are watching and recording you
    as you walk down the street.  (In some cities, they probably are.)  Assume
    that surveillance technologies that were science fiction ten years ago are
    now mass-market.
    
    This loss of privacy is an important change to society.  It means that we
    will leave an even wider audit trail through our lives than we do now.  And
    it's not only a matter of making sure this audit trail is accessed only by
    "legitimate" parties: an employer, the government, etc.  Once data is
    collected, it can be compiled, cross-indexed, and sold; it can be used for
    all sorts of purposes.  (In the U.S., data about you is not owned by you.
    It is owned by the person or company that collected it.)  It can be accessed
    both legitimately and illegitimately.  And it can persist for your entire
    life.  David Brin got a lot of things wrong in his book The Transparent
    Society.  But this part he got right.
    
    Kinko's story:
    <http://www.computercops.us/article2568.html>
    <http://www.securityfocus.com/news/6447>
    
    ATM fraud story:
    <http://www.globetechnology.com/servlet/story/RTGAM.20030812.gtatmm0812/ 
    BNStory/Technology>
    <http://canada.com/search/story.aspx?id=f07cac50-62c7-46d8-892a-b66dfa2f 
    1d88>
    
    Net spying:
    <http://www.nytimes.com/2003/10/10/technology/10SPY.html>
    <http://news.com.com/2100-1029_3-5083874.html>
    
    ------------------------------
    
    Date: Fri, 10 Oct 2003 08:42:05 -0700
    From: "NewsScan" <newsscan@private>
    Subject: Hacker charged with securities fraud
    
    A 19-year-old student at Drexel University in Pennsylvania is being charged
    by the Securities & Exchange Commission (SEC) of fraud and identity theft
    for hacking into someone's investment account and making a complex and
    illegal trade. The student is accused of using a program called the Beast to
    monitor every keystroke typed on the target machine, and by doing so was
    able to obtain the log-in and password for the investor's online brokerage
    account with TD Waterhouse.  [*The New York Times*, 10 Oct 2003; NewsScan
    Daily, 10 October 2003]
      http://partners.nytimes.com/2003/10/10/business/10HACK.html
    
    ------------------------------
    
    Date: Mon, 13 Oct 2003 17:31:08 -0400
    From: "Rebecca Mercuri" <notable@private>
    Subject: More on the California recall election 
    
    The following Web site contains some useful information pertaining to the
    California recall election and the resulting residual vote totals:
      http://www.votewatch2003.com/forum/showthread.php?p=983#post983
    
    It provides polling data on questions that specifically asked "did you have
    problems using the voting machines" (yes 2%) and also "did you not vote for
    question xyz".  The latter result was off by 2% from the semi-official vote
    totals indicating either that (a) the 2% of people that had problems using
    the machine weren't able to cast their vote properly, or (b) there are 2% of
    the votes being lost by the machines, or (c) the polling data is 2% low.  (I
    am trying to find out how close they were on the totals for "what did you
    vote for" to see if (c) is really the case rather than (a) or (b).)  Also,
    please note the caveat that everything is unofficial until the SoS posts the
    certified results, which will not occur until mid-November.
    
    ------------------------------
    
    Date: Thu, 16 Oct 2003 13:28:56 -0700
    From: Doug Sojourner <dsojourner@private>
    Subject: Re: Something Fishy about Diebold
    
    Actually, all these numbers are so small that I don't think there is much
    here. The most significant case (Palmier) has the Diebold counties giving
    3700 votes out of a total (in those counties) of 1300000, and outside
    Diebold counties 1500 votes out of a total of 6500000. I believe this means
    that in Diebold counties Palmier got 0.19% of the vote, with a sigma of
    0.086%, and outside of Diebold counties 0.023% of the vote with sigma of
    0.039%. With a null hypothesis that these both correspond to the same
    underlying probability of being voted for, I believe that the likelihood of
    this (the null hypothesis) happening is greater than f(0.19/0.86)*f(0),
    which is about 3%. That leaves this on the edge of statistical significance.
    The most dramatic case (Kunzman) actually has more than 8% chance that the
    null hypothesis is true. I didn't compute any others, but I doubt they could
    do better than Kunzman.
     
    So even though I distrust Diebold, I'm not sure this is strong evidence of
    tampering.
     
      [On the other hand there are various alternative scenarios...  With all of
      the different ballot faces, the mapping of vote positions to vote tallies
      is always a potential problem, either accidentally or intentionally (and
      in the latter case, not necessarily deterministic).  Butterfly ballots add
      difficulties for the voters.  If there are many more more bad programmers
      than malicious ones, the election folks who insist that nothing can go
      wrong are seriously suspect.  PGN]
     
    ------------------------------
    
    Date: Fri, 10 Oct 2003 06:24:29 -0700 (PDT)
    From: phil reed <phillipcreed@private>
    Subject: Re: Continental taking back mistaken transactions (RISKS-22.94)
    
    Reading the tale of Continental Airlines taking back free miles reminded me
    of a tale of woe from a few years ago.
    
    A former employer (now defunct) was implementing a direct-deposit function
    for their payroll. The actual payroll processing had been outsourced for
    some time to a large company that does this sort of thing routinely (name
    left out because they are still in business). As part of setting up the
    direct deposit, the payroll group collected bank account numbers and passed
    them along to the outsourcing company, who entered them in their various
    databases. Everything normal, nothing exceptional.
    
    As part of the checking process that looked for routine data entry errors,
    the outsourcing company's strategy was to run a complete end-to-end sequence
    that would perform an actual deposit of $0.00 into everybody's account. This
    would cause all the invalid bank account numbers to show up on the normal
    error report, so they could be corrected before running an actual payroll
    and accidentally not paying somebody on payday.
    
    You can probably guess what happened next: the test deposit was run, but
    with actual payroll amounts, not with a zero dollar deposit. The error was
    discovered after about an hour, and it took another couple of hours to
    prepare a "reverse deposit" transaction to get the money back out of the
    accounts. During that 3 hour window, a handful of people (almost all of them
    spouses of factory workers) discovered the extra money and withdrew it from
    their checking account. Some of them immediately spent it.
    
    I don't know who it was that had to tell those workers that they had to
    return the money, but I cannot imagine that it was a very pleasant job.
    
    ------------------------------
    
    Date: Fri, 10 Oct 2003 01:28:51 -0400 (EDT)
    From: msb@private (Mark Brader)
    Subject: Re: Satellite photo of Eastern North America during blackout (R-22.88)
    
      [Originally submitted 29 Aug 2003, lost in the shuffle.  Sorry.  PGN]
    
    In addition, if the UTC timestamps on the two photos are correct, then the
    labeling as "20 hours before" and "7 hours after", seen both in the images
    and their URLs, is wrong -- as is obvious because the two times are about 24
    hours apart!  The blackout actually at 4:10 pm EDT (give or take a couple of
    minutes, depending on location): that's 20:10 UTC, so the pictures are 19
    hours before and 5 hours after.  The first error looks like someone forgot
    about daylight saving time, but the second is harder to guess an explanation
    for.
    
    > However, there is a surprising amount of light still on, ...
    
    I don't see why John is surprised at this, since the article Andrew quoted
    says that "in the New York region .. nearly 20 percent of the available
    electricity remained on..."  It seems natural that at the scale of a
    satellite photo we would not be able to tell which areas of the city were
    darkened and which were not.
    
    (Toronto, as noted, is pretty much gone in the second photo -- and that's
    correct.  During the blackout I was listening to local radio stations that
    invited people to phone in with information about their neighborhood, and
    there sure weren't any calls that said "we never lost power".)
    
    ------------------------------
    
    Date: Fri, 10 Oct 2003 01:30:22 -0400 (EDT)
    From: msb@private (Mark Brader)
    Subject: Deadlock in Licensing Agreement, Dell Dumped
    
      [Also originally submitted 29 Aug 2003]
    
    Ian Goldberg writes at <http://www.cypherpunks.ca/dell.html> about his
    recent experience buying a Dell computer in Canada.  In brief, the startup
    screen required him to declare that he had first read and then agreed to the
    relevant license agreements -- but the agree- ments themselves were
    shrink-wrapped and could not be read without first agreeing to them.
    
    Deadlock, and nobody he could reach at Dell even saw it as a problem.
    
    ------------------------------
    
    Date: Tue, 14 Oct 2003 09:57:18 +1000
    From: Geoffrey Brent <g.brent@private>
    Subject: 'Lover Spy' software
    
    As reported in various news outlets recently, 'Lover Spy' offer a 
    service for jealous lovers looking to spy on their partners:
    
    "Using this very web site, you can very easily send Lover Spy as an
    e-greeting card. The e-card looks just like a normal e-greeting card sent
    via e-mail. When opened, it will display a graphic of your choice, whether
    it be romantic flowers, a funny e-joke, or kittens. But silently, this
    e-card will secretly install our award-winning spy software on their PC !
    ..."
    
    The spyware then reports back to Lover Spy's customer with a record of
    websites visited, chat sessions logged, passwords captured, etc etc.  Site
    is currently down (hopefully for good), but can be viewed in Google's cache:
    http://tinyurl.com/qsyd (full Google link at the end of this message, for
    those who don't like tinyurl).
    
    There are several very obvious reasons why this is a Bad Thing (not to
    mention illegal), and I doubt anybody on RISKS needs to be told the risks
    this poses to the unwitting recipient of the greeting card.  However, at
    least one message-board poster (see link below) has suggested a more subtle
    angle: presumably this service also requires the customer to install some
    form of software on their own computer to receive the data collected from
    their unsuspecting partner.
    
    What are the chances that the customer-end software is *also* spyware?  As
    any con-man knows, the easiest way to hoodwink your mark is to let him think
    he's hoodwinking somebody else. And when the scheme they sign up for is
    illegal - as this one most certainly is - then they're much less likely to
    squeal when they find out who the real target is. You're already giving
    Lover Spy your credit card number just by signing up for your service - and
    captured bank account details etc. could be the icing on the cake.
    
    http://george.hotelling.net/90percent/linkage/lover_spy.php
    http://www.google.com.au/search?q=cache:7JvdodIm7xoJ:www.gootle.us/technology.
    php+%2B%22lover+spy%22+%2Bgreeting&hl=en&ie=UTF-8
    
    ------------------------------
    
    Date: Fri, 10 Oct 2003 11:48:42 -0400
    From: Bill McGonigle <bill@private>
    Subject Re: Unencrypted credit-card submission forms (Scott, RISKS-22.94)
    
    One of the criticisms of the HTTPS/SSL/TLS protocol is that it provides both
    encryption and authentication without the option to forgo either.  In this
    case, the host has used a default certificate name generated by, probably,
    the OpenSSL toolkit.  Note, it's not a sample certificate, it's randomly
    generated at install time, so the user needn't fret a man-in-the-middle
    attack.  So, in this case, you have encryption but not authentication.  If
    you're confident of the host name and can somehow verify that a DNS spoof
    isn't being employed (known IP, DNSSEC), you're good to go.  Of course, it's
    not reasonable for the general population to make this verification.
    
    For the princely sum of up to $900 per year per hostname, SSL vendors like
    Verisign will sign a certificate for you saying that you are who you claim
    to be.  Your web browser will trust the certificate and not display a
    warning because, e.g. Verisign's certificate is built into your web browser.
    The trouble is, the amount of verification many certificate vendors go
    though is minimal (some require only a faxed letter on company letterhead),
    you have to trust the signer, and your certificates can be stolen (only some
    browsers support certificate revocation).  So, critics charge that all you
    have is a false sense of security, which can be a greater risk.  Some people
    fail to buy a 'real' certificate for cost reasons and some for philosophical
    reasons. Most just go ahead and pony up the cash to make the warning go away
    for the users.
    
    ------------------------------
    
    Date: Mon, 13 Oct 2003 14:06:05 -0400
    From: "Jay R. Ashworth" <jra@private>
    Subject: Re: Benjamin Franklin (RISKS-22.93-94)
    
    > Ben's original quote also gives the Patriot Act guys plenty of wiggle room,
    > by using the phrases "essential liberty" and "temporary safety."  Who's to
    > judge "essential" and "temporary"?
    
    Franklin himself, I think.  He wasn't providing interpretative wiggle room
    there, IMHO, he was making *another* value judgment: that liberty *is*
    essential, and security often only temporary.  Remember the environment
    *they* lived in... it was, likely, much closer to today's America than 3
    years ago's America... and yet they did what they did.
    
    Why can't *we* (, Mr Ashcroft)?
    
    Jay R. Ashworth, Baylink, The Suncoast Freenet, Tampa Bay, Florida
    http://baylink.pitas.com   +1 727 647 1274   jra@private
    
    ------------------------------
    
    Date: Fri, 17 Oct 2003 09:27:59 +1000
    From: Jon Seymour <jon.seymour@private>
    Subject: Re: W32/Swen: And I thought I had it bad...
    
    Admittedly I was quickly disavowed of that notion by a few private 
    responses to my last RISKS post - mine was but a mild dose of W32/Swen
    
    And then this, from 
    http://www.theage.com.au/articles/2003/10/16/1065917549896.html
    
      The Swen virus has been blamed for delaying e-mails to BigPond customers
      by up to several days.  On 14 Oct 2003, BigPond reported its customers
      were receiving e-mails late due to a rapid rise in messages being sent and
      received through the network.  E-mail messages had increased on average
      from about eight million to 13 million daily.
    
      Spokeswoman Kerrina Lawrence today said the Swen virus was responsible for
      the sudden surge in traffic.  "Telstra's technical staff has been working
      around the clock to establish additional network capacity to cater for the
      unexpected ... increase in e-mail traffic," she said in a statement.  Ms
      Lawrence said the additional capacity will help cater for the rise in
      messages.  "Telstra understands that the virus/worm has been taking over
      customers' computers and using them to send large amounts of junk e-mails
      (spam)," Ms Lawrence said.
    
    So, if only 1/2 of this 5 million per day increase is due to the e-mail
    containing the Swen worm (being generous and allowing for bounce messages),
    then Telstra is busily working to add an extra 2.5 *1,000,000 * 145kB /
    (24*3600) * 8 =~ 32Mbps capacity to their e-mail network.
    
    One presumes that they are also doing something about filtering so that 
    all that extra capacity does not get eaten up by the worm, but then 
    perhaps I presume too much.
    
    ------------------------------
    
    Date: 30 May 2003 (LAST-MODIFIED)
    From: RISKS-request@private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-request@private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomo@private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .UK users should contact <Lindsay.Marshall@private>.
    => SPAM challenge-responses will not be honored.  Instead, use an alternative 
     address from which you NEVER send mail!
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risks@private with meaningful SUBJECT: line.
     *** NEW: Including the string "notsp" at the beginning or end of the subject
     *** line will be very helpful in separating real contributions from spam.
     *** This attention-string may change, so watch this space now and then.
    => ARCHIVES: http://www.sri.com/risks
     http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue]
       Lindsay has also added to the Newcastle catless site a palmtop version 
       of the most recent RISKS issue and a WAP version that works for many but 
       not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.96
    ************************
    



    This archive was generated by hypermail 2b30 : Sat Oct 18 2003 - 11:19:41 PDT