[risks] Risks Digest 23.26

From: RISKS List Owner (risko@private)
Date: Mon Mar 08 2004 - 17:36:31 PST

  • Next message: RISKS List Owner: "[risks] Risks Digest 23.27"

    RISKS-LIST: Risks-Forum Digest  Monday 8 March 2004  Volume 23 : Issue 26
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at http://www.risks.org as
      http://catless.ncl.ac.uk/Risks/23.26.html
    The current issue can be found at
      http://www.csl.sri.com/users/risko/risks.txt
    
      Contents:
    U.S. Senate security shenanigans (Kristina Herrndobler via James Bauman)
    PFIR Conference Announcement: "Preventing the Internet Meltdown" (PFIR)
    Yet another worm masquerades as Microsoft update (NewsScan)
    The price of e-mail is constant vigilance (Rob Slade)
    Firms look to limit liability for online security breaches 
      (Jonathan Krim via Monty Solomon)
    Smartcards weren't so smart after all, says Target (NewsScan)
    BBC reports card cloning scam (John Sawyer)
    An interesting airplane user interface (David Magda)
    Re: Legal Mercedes driver jailed for 18 months (David Gillett)
    Extended Call for Papers: Voting, Elections, and Technology (Micah Altman)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Fri, 5 Mar 2004 13:41:26 -0500
    From: "James Bauman" <James.Bauman@safety-kleen.com>
    Subject: U.S. Senate security shenanigans
    
    If an independent or Justice Department investigation occurs beyond the one
    by the U.S. Senate sergeant-at-arms, the security issues (and their possible
    accompanying illegal and/or unethical issues) should be interesting to read
    about.  Right now, there are a lot of questions about the incident and not
    much clarity.
    
    According to a *Chicago Tribune* article, a Senate Republican clerk, Jason
    Lundell, watched a system administrator gain access to Democratic folders on
    a network.  Then, Mr. Lundell, repeated the administrator's actions and
    "downloaded more than 4,670 files" from those folders.  Lundell gave the
    files to Manuel Miranda, who was a staffer for Majority Leader Bill Frist
    (R-Tenn.).  Lundell said "Miranda told him that it was common knowledge that
    staff could access each other's files".  [Then, I suppose?... Republican
    staffers could access Democratic files and Democratic staffers the
    Republican ones.]
    
    A Question" If each side could look at each other's files, then why did
    Jason Lundell need special knowledge about network security to download the
    files?
    
    Regarding this: "Republican committee Chairman Sen. Orrin Hatch of Utah
    condemned the actions of the staff members, who no longer work for the
    Senate."  "'I am mortified that this improper, unethical and simply
    unacceptable breach of confidential files occurred," Hatch said Thursday as
    he released the report. "There is no excuse that can justify these improper
    actions.'"
    
    Later in the article is this: "Furthermore, Mr. Lundell recalled that
    Mr. Miranda had told him that Sen. Hatch wanted the staff to use any means
    necessary to support President Bush's nominees," the sergeant-at-arms
    reported.
    	
    Seems that the two Republican staffers took "any means necessary" in the
    most literal of senses, and Lundell's assertion in the previous paragraph
    could be an embarrassment for Hatch given Hatch's latest statements of
    outrage.
    
    Anyway, it's got the earmarks of a good future read as more facts develop
    and the smoke clears.
    
    Source: Kristina Herrndobler, GOP staffers accused of taking senators'
    files, *Chicago Tribune*, 5 Mar 2004
      http://www.chicagotribune.com/news/nationworld/
      chi-0403050231mar05,1,7561874.story?coll=chi-news-hed
    
    ------------------------------
    
    Date: Sat, 06 Mar 2004 18:14:43 -0800
    From: PFIR - People For Internet Responsibility <pfir@private>
    Subject: PFIR Conference Announcement: "Preventing the Internet Meltdown"
    
                           PFIR Conference Announcement
                        "Preventing the Internet Meltdown"
                                Spring/Summer 2004
                          Los Angeles, California, USA
                           http://www.pfir.org/meltdown
    
             PFIR - People For Internet Responsibility - http://www.pfir.org
            [ To subscribe or unsubscribe to/from this list, please send the
              command "subscribe" or "unsubscribe" respectively (without the
              quotes) in the body of an e-mail to "pfir-request@private". ]
    
    People For Internet Responsibility (PFIR) is pleased to preliminarily
    announce an "emergency" conference aimed at preventing the "meltdown" of the
    Internet -- the risks of imminent disruption, degradation, unfair
    manipulation, and other negative impacts on critical Internet services and
    systems in ways that will have a profound impact on the Net and its users
    around the world.
    
    We are planning for this conference (lasting two or three days) to take
    place as soon as possible, ideally as early as this coming June, with all
    sessions and working groups at a hotel in convenient proximity to Los
    Angeles International Airport (LAX).
    
    A continuing and rapidly escalating series of alarming events suggest that
    immediate cooperative, specific planning is necessary if we are to have any
    chance of avoiding the meltdown.  "Red flag" warning signs are many.  A
    merely partial list includes attempts to manipulate key network
    infrastructures such as the domain name system; lawsuits over Internet
    regulatory issues (e.g. VeriSign and domain registrars vs. ICANN); serious
    issues of privacy and security; and ever-increasing spam, virus, and related
    problems, along with largely ad hoc or non-coordinated "anti-spam" systems
    that may do more harm than good and may cause serious collateral damage.
    
    All facets of Internet users and a vast range of critical applications are
    at risk from the meltdown.  Commercial firms, schools, nonprofit and
    governmental organizations, home users, and everybody else around the world
    whose lives are touched in some way by the Internet (and that's practically
    everyone) are likely to be seriously and negatively impacted.
    
    Most of these problems are either directly or indirectly the result of the
    Internet's lack of responsible and fair planning related to Internet
    operations and oversight.  A perceived historical desire for a "hands off"
    attitude regarding Internet "governance" has now resulted not only in
    commercial abuses, and the specter of lawsuits and courts dictating key
    technical issues relating to the Net, but has also invited unilateral
    actions by organizations such as the United Nations (UN) and International
    Telecommunications Union (ITU) that could profoundly affect the Internet and
    its users in unpredictable ways.
    
    Representatives from commercial firms, educational institutions,
    governmental entities, nonprofit and other organizations, and any other
    interested parties are invited to participate at this conference.
    International participation is most definitely encouraged.
    
    The ultimate goal of the conference is to establish a set of *specific*
    actions and contingency plans for the Internet-related problems that could
    lead to the meltdown.  These may include (but are not limited to) technical,
    governance, regulatory, political, and legal actions and plans.  Scenarios to
    consider may also include more "radical" technical approaches such as 
    "alternate root" domain systems, technologies to bypass unreasonable 
    ISP restrictions, and a wide range of other practical possibilities.
    
    It is anticipated that the conference will include a variety of panels
    focused on illuminating specific aspects of these problems, along with
    potential reactions, solutions, and contingency planning for worst-case
    scenarios.  Breakout working groups will be available for detailed
    discussion and planning efforts.  Formal papers will not be required, but
    panel members may be asked to submit brief abstracts of prepared remarks in
    advance to assist in organizing the sessions.
    
    The ability of this conference to take place, and necessary conference
    details such as the specific program, costs, etc. will depend largely on the
    response to this announcement and particularly on the number of persons and
    organizations who express a potential interest in attending.
    
    If you may be interested in participating (no obligation at this point, of
    course) or have any questions, please send an e-mail as soon as possible to:
    
         meltdown@private
    
    or feel free to contact Lauren at the phone number below.  As appropriate,
    please be sure to mention how many people from your organization may be
    interested in attending.  If you express an interest in attending, you will
    be added to a private mailing list for upcoming announcements regarding this
    conference unless you ask not to be so notified.
    
    Together, we may be able to stop the Internet meltdown. 
    But we need to act now.
    
    Thank you for your consideration.
    
      - - -
    
    Lauren Weinstein
    lauren@private or lauren@private or lauren@private
    Tel: +1 (818) 225-2800
    Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
    Co-Founder, Fact Squad - http://www.factsquad.org
    Co-Founder, URIICA - Union for Representative International Internet
        Cooperation and Analysis - http://www.uriica.org
    Moderator, PRIVACY Forum - http://www.vortex.com
    Member, ACM Committee on Computers and Public Policy
    http://www.pfir.org/lauren
    
    Peter G. Neumann
    neumann@private or neumann@private or neumann@private
    Tel: +1 (650) 859-2375
    Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
    Co-Founder, Fact Squad - http://www.factsquad.org
    Co-Founder, URIICA - Union for Representative International Internet
        Cooperation and Analysis - http://www.uriica.org
    Moderator, RISKS Forum - http://risks.org
    Chairman, ACM Committee on Computers and Public Policy
    http://www.csl.sri.com/neumann
    
    David J. Farber
    dave@private
    Tel: +1 (412) 726-9889
    Distinguished Career Professor of Computer Science and Public Policy,
        Carnegie Mellon University, School of Computer Science
    Member of the Board of Trustees EFF - http://www.eff.org
    Member of the Advisory Board -- EPIC - http://www.epic.org
    Member of the Advisory Board -- CDT - http://www.cdt.org
    Member of Board of Directors -- PFIR - http://www.pfir.org
    Co-Founder, URIICA - Union for Representative International Internet
        Cooperation and Analysis - http://www.uriica.org
    Member of the Executive Committee USACM
    http://www.cis.upenn.edu/~farber
    
    (Affiliations shown for identification only.)
    
    ------------------------------
    
    Date: Mon, 08 Mar 2004 09:23:00 -0700
    From: "NewsScan" <newsscan@private>
    Subject: Yet another worm masquerades as Microsoft update
    
    The latest variation on the Sober worm -- Sober.D -- tries to trick
    recipients into opening it by disguising itself as a Microsoft Update
    message. "It arrives in an e-mail that pretends to be a patch to protect
    against a version of MyDoom," says a senior consultant at antivirus firm
    Sophos. "The e-mail appears to be a Microsoft patch so people will of course
    double-click on that attachment." Once a user clicks on the file, the worm
    scans the PC to see if it's already infected -- if not, it installs itself
    and uses its own SMTP engine to send copies of itself to e-mail addresses
    found on the victim's PC. Microsoft emphasizes that it does not send patches
    via e-mail and that users should ignore such messages.  [ZDNet 8 Mar 2004;
    NewsScan Daily, 8 Mar 2004]
      http://zdnet.com.com/2100-1105_2-5171243.html
    
    ------------------------------
    
    Date: Sat, 6 Mar 2004 16:37:18 -0800
    From: Rob Slade <rslade@private>
    Subject: The price of e-mail is constant vigilance
    
    Peter Wilson's article on spam and viruses (on Saturday, March 6, 2004)
    lists a number of antispam measures that are currently being promoted.  He
    also retails Bill Gates' confident prediction that spam will be a thing of
    the past by 2006.  Remember that prophecy, because Bill Gates is going to be
    proven wrong.  An examination of the measures listed in the article
    demonstrates why.
    
    SPF (sender-permitted format) is currently garnering the greatest interest.
    The description of SPF as a kind of caller-ID is not quite correct.  All
    e-mail carries caller-ID in the form of the information about who the
    message is from, and information about the Internet Protocol (IP) address
    that originated the message.  SPF is actually an attempt to contact the site
    that is supposed to have originated the message, and verify that these two
    pieces of information match, or, at least, are likely.  Spammers, when
    creating spoofed addresses, don't bother to make sure that they do.  Or, at
    least, they haven't up until now.
    
    Microsoft's own version seems to be either an attempt to compete or an
    attempt to derail SPF: SPF is primarily promoted by AOL, and the two
    companies have never played particularly well together.  Microsoft's plan is
    derided by the SPF camp for being proprietary.  It is true that SPF uses
    features and functions that make more effective use of the e-mail protocols
    that are currently in use on the Internet.  The configuration of factors is
    not universal, though, and some of the activities will require new
    programming for everyone who participates in SPF.  Which may mean that the
    Internet might become split into the camp of those who use SPF, and those
    who don't.
    
    I have seen this in action already.  I have a number of accounts.  (And, of
    course, get tons of spam.)  One is through Vancouver CommunityNet, which
    does not have very much in the way of spam detection or prevention.  Because
    of the volume of spam this account receives (particularly during the Sobig
    flood last summer), I forwarded the account to a service that does spam and
    virus filtering.  One of the functions that the service uses is similar to
    the SPF protocol.  A great deal of the spam that was being forwarded was
    unverifiable, and so the service simply refused to accept it.  This meant
    that a volume of e-mail built up on Vancouver CommunityNet, to the point that
    it affected the mail system as a whole.  (Vancouver CommunityNet, despite
    being informed of all the details, and my own actions to rectify the
    situation, has handled the whole matter in a very sloppy manner.)
    
    SPF has promise, and it may be possible (unlike the Microsoft proposal) to
    provide workarounds for a variety of systems, platforms, and applications.
    However, there are a number of issues that still have to resolved, such as
    e-mail aliases, third-party services, and applications such as mailing lists,
    which operate in a wide variety of forms.  The difficulties are not
    insurmountable, but an enormous amount of work still has to be done.
    
    Microsoft's micropayments strategy is apparently the most recent one, but
    has been raised many times over the history of the nets.  (One of the
    popular programs providing Usenet news, a type of topical discussion, used
    to remind anyone who attempted to post a message that it would possibly cost
    thousands of dollars to send this to everyone: did they really want to do
    that?)  Unfortunately, the issue of mailing lists comes up almost
    immediately.  Even if we assume one cent per message, if I send a message to
    a popular list such as the RISKS-FORUM Digest, with a possible hundred
    thousand subscribers, am I charged a thousand dollars for that message?  Is
    the list moderator charged?  In the case of RISKS, it is also redistributed
    by a number of sub-mailing lists: do those costs get charged to the accounts
    of the local administrators?  The list moderator?  Me?
    
    (The obvious second question is: who *gets* the money?  The Internet
    Engineering Task Force?  Some bloated bureaucracy parcelling out the cash to
    the various national telecom carriers?  Charity?  Microsoft?  The recipient?
    Hmmm.  Maybe I should rethink my objection to the micropayment system.  At
    one point I was getting 8,000 [yes, eight thousand] copies of spam from one
    system in China.  Per hour.  Same message.)
    
    And, of course, in order to provide for such a micropayment system,
    everybody is going to have to use a Microsoft mailer.  With a Microsoft
    payment system.  And a Microsoft account.  This sounds like an attempt to
    resurrect the (justly derided and roundly condemned) Passport and Palladium
    systems.
    
    The challenge-response system is already being used by a number of outfits
    providing spam filtering and other services.  It is a nuisance.  It can
    create a great deal of annoyance in a number of situations, not least being
    mailing lists.
    
    It also doesn't work.  The most common challenge response systems present a
    graphical image of a word.  This word is supposed to be entered in a field
    on a web page in order to create permission for the message to go through.
    People can read the word easily, but machines have difficulty with this type
    of task, so this makes it impossible for spammers to automate the sending of
    e-mail: they have to read and respond to every challenge.
    
    That's the theory.  In fact, spammers have already been found to be
    "automating" the process--using Internet web surfers.  A number of web pages
    have been set up promising access to pornography.  In order to access the
    files, you have to respond to a challenge.  The challenges are, of course,
    those that are being presented on the antispam filtering sites.  Those
    challenges are simply extracted, presented to the surfers wanting access to
    pornographic images, solved by the user, and the solution fed back to the
    antispam site.  The same problems apply to computational puzzles: they are
    simply another form of challenge-response.
    
    In fact, most of these antispam technologies fail in the face of the problem
    of spam nets set up by viruses.  Spam sent from infected machines could
    simply use the name of the owner, thus verifying the identity.  Spam sent
    from infected machines could use the micropayment "wallet" on the infected
    machine, thus creating not only problems of clean-up for the owner, but also
    a real cost.  Infected machines could be used to crack computational
    puzzles, or the owner could be presented with challenges to respond to, in a
    variety of ways.
    
    Spam has passed the stage of being a nuisance.  E-mail is a means of
    communication that is starting to rival the phone, and spam is seriously
    degrading the effectiveness and utility of e-mail.  Antispam measures are
    badly needed, but we cannot accept any proposed solution uncritically.
    Dividing the Internet into isolated camps of incompatible (and rival)
    antispam technologies takes us back to the early days of online systems,
    when lots of people had e-mail, but nobody could talk to each other.
    
    There is no easy fix, and there is no easy answer.  Administrators have to
    ensure that they are not providing open relays that can be used for spam.
    E-mail filtering services are checking for inappropriate inbound e-mail, but
    must also check what is going out.  ISPs (Internet Service Providers) must
    be more vigilant in regard to the use being made of the net to which they
    provide access.  Computer users at all levels have to check for malicious
    software, unpatched vulnerabilities, open ports and services, and what is
    going out of their systems as well as what is coming in.  Everybody needs to
    become more aware of what is going on, and keep up with the changes in
    threats around us all.
    
    And anyone who tells you it is not going to be painful is selling something.
    
    rslade@private      slade@private      rslade@private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: Fri, 5 Mar 2004 09:30:15 -0500
    From: Monty Solomon <monty@private>
    Subject: Firms look to limit liability for online security breaches (Krim)
    
    Firms Look to Limit Liability for Online Security Breaches
    Jonathan Krim, *The Washington Post*, 5 Mar 2004; Page E01
    
    In the face of ongoing attacks by computer hackers, some companies that
    store their customers' personal data are adopting a new defensive tactic: If
    your information is stolen, they're not legally responsible.  Across the
    Internet, retailers and other service providers that handle consumer
    transactions are requiring customers to agree to waive any right to sue the
    companies if the businesses are hacked, regardless of how secure their
    systems are.  The waivers are contained in lengthy terms-of-use agreements
    that consumers often click to accept without reading closely.  ...
      http://www.washingtonpost.com/wp-dyn/articles/A31874-2004Mar4.html
    
    ------------------------------
    
    Date: Thu, 04 Mar 2004 10:33:54 -0700
    From: "NewsScan" <newsscan@private>
    Subject: Smartcards weren't so smart after all, says Target
    
    Target is phasing out the computer chips embedded in its branded Visa cards
    less than three years after they were first introduced, citing "limited use"
    by shoppers. The technology allowed cardholders to download coupons from the
    Internet or in-store kiosks in order to receive discounts on merchandise,
    but few customers took advantage of the feature. Only 3.5% of Americans 18
    years or older said they had used a smart payment card like Target's,
    according to a survey conducted by Financial Insights in March 2004. John
    Gould, director of consumer lending and bank cards at TowerGroup, says
    Target had been on the right track with its smartcard rollout and perhaps
    was overhasty in its decision to curtail the program.  "I don't think they
    gave it time to mature," he says.  [Reuters, 3 Mar 2004; NewsScan Daily, 
    4 Mar 2004]
      http://www.reuters.com/newsArticle.jhtml;jsessionid=
      JPT5K1DAV2VEACRBAEKSFEY?type=technologyNews&storyID=4491160&section=news
    
    ------------------------------
    
    Date: Fri, 5 Mar 2004 14:28:34 +0000 (GMT)
    From: John Sawyer <jpgsawyer@private>
    Subject: BBC reports card cloning scam
    
    The BBC is reporting that a Automatic Teller Machine Scam that records card
    and password details to allow card cloning is spreading in Cardiff and other
    parts of West Wales.
      http://news.bbc.co.uk/1/hi/wales/3535473.stm
    
    Risks has seen this kind of thing before but perhaps not to this level of
    sophistication.
    
    Dr John Sawyer, Department of Mechanical and Design Engineering
    University of Portsmouth
    
    ------------------------------
    
    Date: Sat, 6 Mar 2004 08:50:20 -0500
    From: David Magda <dmagda@private>
    Subject: An interesting airplane user interface
    
    I found the following anecdote in Edward Tufte's message board:
      http://www.edwardtufte.com/bboard/q-and-a-fetch-msg? 
      msg_id=0001Gl&topic_id=1&topic=Ask%20E%2eT%2e
    
      Alan Kay and User Interfaces
    
      I attended the course in Boston yesterday, and enjoyed it very much.  Made
      me think about the following story which might spur some discussion or
      comments here. It seems related to the overall theme here.
     
      In 1985 I attended an OOPSLA (Object oriented programming languages ...)
      conference. Alan Kay (PARC/Smalltalk/ Apple/Macintosh/...) gave a
      presentation. Alan told the following true story:
     
      He once flew down to Mexico on vacation, to some lonely place on the
      California peninsula for surfing etc. A pilot was supposed to come in a
      week to pick him up at a rural landing strip. Alan got there on time,
      waited, and eventually the plane, an older DC3, came. When Alan entered
      the plane he noticed that almost all the instruments had been unscrewed
      from the panels, pulled out and twisted around in various positions, and
      were basically standing (or waving) on their cable hoses like flowers on
      their stems. He got worried, considered exiting the plane, but decided to
      stay. The pilot, a younger fellow, seemed trustworthy.
     
      When the plane had reached cruising altitude and speed Alan suddenly "got
      it" wrt. the instruments. As long as everything was operating correctly,
      all the needles on the instruments was pointing in the same direction! It
      was very easy to spot if anything out of the ordinary was going on, and
      what that might be.
     
      This story has stuck with me as a super example of adapting the technology
      to what we people are good at, as opposed to the other way around which is
      too often the case.
     
      Enjoy, Harald
    
    With the multitude of gauges in a cockpit this is a brilliant way to quickly
    scan the status of the various components of the airplane.  The display of
    information is quite important in complex systems and has been discussed in
    RISKS before (e.g., RISKS-23.12, the whole "Bubba" debate).
    
    ------------------------------
    
    Date: Fri, 05 Mar 2004 00:13:36 -0800
    From: David Gillett <dgillett@private>
    Subject: Re: Legal Mercedes driver jailed for 18 months (Lesser, RISKS-23.2x)
    
    A few years back, before my father retired from traffic engineering, his was
    one of several cars narrowly missed by a vehicle operated with excessive
    speed and careless disregard for others on the road.  He told me that the
    driver, when he appeared in court, argued that as the holder of a racing
    driver's permit, he had been in perfect control of his vehicle at all times.
    
    The judge ruled that it was entirely UNreasonable to assume a similar level
    of skill and coordination on the part of other drivers using the roadway,
    and imposed the maximum available sentence.
    
    Yes, you can be liable for provoking foreseeable mis-reactions....
    
    ------------------------------
    
    Date: Thu, 4 Mar 2004 19:22:28 -0500 (EST)
    From: Micah Altman <Micah_Altman@private>
    Subject: Extended Call for Papers: Voting, Elections, and Technology
    
    Due to the scheduling of other journal issues, the SSCORE editor has given
    us an opportunity to extend the original deadline for submissions to this
    special issue until June 15.
     
      Call for Papers: *Voting, Elections, and Technology*
      a special issue of _Social_Science_Computer_Review_
     
    This special issue of Social Science Computer Review will bring together a
    collection of high quality academic work that extends, refines and
    challenges our understanding of the use, state of the art, and challenges
    associated with voting and election technology, broadly conceived.
     
    This special issue will bring together papers that investigate specific
    cases of the use of technology in voting and elections, as well as analysis
    of policy, and reviews of the state of the art. Papers from a broad range of
    social science perspectives are encouraged. Submissions can be in the form
    of full papers (maximum 20 printed pages) or in the form of short papers (5
    printed pages). Post-graduate students are particularly encouraged to submit
    early work in the form of short papers.
     
     *Sample Topics*: E-voting, Online voter survey methods, Technologies for
    election forecasting, Agent,based models of voting behavior, Web,based
    campaign fundraising, Redistricting technology, Policy implications
    
    [Abridged for RISKS.  For more on SCORE, see this URL:
     	http://hcl.chass.ncsu.edu/sscore/sscore.htm
    ]
    
    ------------------------------
    
    Date: 28 Jan 2004 (LAST-MODIFIED)
    From: RISKS-request@private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-request@private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomo@private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .UK users should contact <Lindsay.Marshall@private>.
    => SPAM challenge-responses will not be honored.  Instead, use an alternative
     address from which you NEVER send mail!
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
       http://www.CSL.sri.com/risksinfo.html
     The full info file may appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risks@private with meaningful SUBJECT: line.
     *** NEW: Including the string "notsp" at the beginning or end of the subject
     *** line will be very helpful in separating real contributions from spam.
     *** This attention-string may change, so watch this space now and then.
    => ARCHIVES: ftp://ftp.sri.com/risks [subdirectory i for earlier volume i]
     http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue]
       Lindsay has also added to the Newcastle catless site a palmtop version
       of the most recent RISKS issue and a WAP version that works for many but
       not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 23.26
    ************************
    



    This archive was generated by hypermail 2b30 : Mon Mar 08 2004 - 18:12:23 PST