RISKS-LIST: Risks-Forum Digest Weds 8 December 2004 Volume 23 : Issue 61
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/23.61.html>
The current issue can be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Group urges Government to focus on cybersecurity (NewsScan)
UK "Government department wiped out by IT upgrade disaster" (Bob Heuman)
Cyberspace activism (NewsScan)
"Midway scare is blamed on glitch" (D. McKirahan)
Defibrillator maker issues recall, goes out of business (Caleb Hess)
Expoding cell phones (PGN)
Air Traffic Control blacked out by rodent (D. Joseph Creighton)
'Virus-throttle' software from HP (NewsScan)
E-mail notification (Drew Dean)
When e-commerce and poor translation meet... terrorism? (Harry Neumann)
Job posting follies (Stephen Cohoon)
Re: New Standards for Elections (Atom 'Smasher')
Re: new standards for elections; voting anomalies (J.E. Cripps)
More on the electoral process (J.E. Cripps)
Voter touch-screen no good? Here's a pen! (Joel Garry)
Re: Is Windows up to snuff for running our world? (Sander Tekelenburg)
Deworming the Internet: addressing computer security market failure
(Douglas Barnes)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Wed, 08 Dec 2004 10:22:59 -0700
From: "NewsScan" <newsscan@private>
Subject: Group urges Government to focus on cybersecurity
The Cyber Security Industry Alliance is calling on the Bush administration
to beef up its cybersecurity operations, starting with elevating the
position of national cybersecurity director to assistant secretary
level. "There is not enough attention on cybersecurity within the
administration. The executive branch must exert more leadership," says
Alliance director Paul B. Kurtz, who's a former senior cybersecurity
official in the Bush administration. Kurtz was joined by Amit Yoran, the
former director of Homeland Security's National Cyber Security Division who
resigned in September. Meanwhile, a provision in the recently passed
intelligence overhaul bill that would have raised cybersecurity's profile in
the Homeland Security Department was stripped out before passage. The
Alliance's recommendations mirror those outlined in a report issued Monday
by the House subcommittee on cybersecurity, which also calls for the
administration to consider tax breaks and other incentives for businesses
that make computer security a top priority. In addition, both groups are
urging the Homeland Security Department to take the lead in creating a
disaster recovery and response plan, should the U.S. suffer debilitating
digital sabotage. [*The Washington Post*, 8 Dec 2004; NewsScan Daily,
8 Dec 2004]
http://www.washingtonpost.com/wp-dyn/articles/A45622-2004Dec7.html>
------------------------------
Date: Fri, 26 Nov 2004 10:23:00 -0500
From: "R.S. (Bob) Heuman" <rsh@private>
Subject: Report says "Government department wiped out by IT upgrade disaster"
This is from the United Kingdom, and I really have to wonder how anyone can
download an 'incompatible system' to 80,000 computers in this day and age.
It boggles the mind! Recovery in a day is not shabby, either, if true.
The Department of Work and Pensions (DWP) has suffered what has been
described as the biggest computer crash in government history after a
software upgrade that is believed to have downloaded an incompatible system
throughout the entire DWP network. The government department lost 80 per
cent of its roughly 100,000 PCs following a "routine software upgrade", a
DWP spokeswoman confirmed today. The problem lasted all of yesterday but
the "majority of our system is up and running now", she said. Microsoft and
EDS run the DWP's network as part of a 2-billion pound IT contract. The
situation had apparently been largely rectified by the next day.
[Source: Government department wiped out by IT upgrade disaster;
Another massive computer cock-up, this time at Work and Pensions.
http://www.techworld.com/opsys/news/index.cfm?NewsID=2695&Page=1&pagePos=2
By Laura Rohde, IDG News Service, 26 Nov 2004; PGN-ed]
R.S.(Bob) Heuman, Toronto, ON, Canada Independent Computer Security Consulting
Web Site Auditing for Compliance with Standards rheuman@private
------------------------------
Date: Wed, 01 Dec 2004 09:07:27 -0700
From: "NewsScan" <newsscan@private>
Subject: Cyberspace activism
The German-based Web portal Lycos Europe is offering a screensaver program
that chokes spam servers by flooding them with junk traffic. The company
argues that what it's doing is perfectly legal, but former FCC chief
technologist David Farber comments: "You don't stop a bad thing by being bad
yourself. The idea of somebody coming and hitting you and you hitting back,
you both end up very hurt. It just aggravates an already serious problem."
And noted computer security expert Dorothy Denning, a professor of defense
analysis at the Navy Postgraduate School, points out that cyberspace
activism of the kind offered by Lycos Europe is likely to have only minimal
impact on spam because "the cost of adding extra bandwidth may be worth the
reward" that spammers get from their activities. She adds: "The interesting
question is whether or not that company [an anti-spam activist company]
might be liable under some law, and would probably be liable, certainly, at
least under a lawsuit by the spammers." [AP 30 Nov 2004; NewsScan Daily, 1
Dec 2004]
http://www.usatoday.com/tech/products/2004-11-30-lycos-attack-spam_x.htm?csp=34
------------------------------
Date: Tue, 23 Nov 2004 05:39:43 -0600
From: "D. McKirahan" <dmckirahan@private>
Subject: "Midway scare is blamed on glitch"
Errors by screeners--not random computer glitches that the federal
government previously blamed--were responsible for false alarms over weapons
that sparked the recent evacuation of Midway Airport and two other U.S.
airports, according to the Transportation Security Administration.
The confusion that led to the terminal evacuation on 15 Nov was prompted by
a hand grenade appearing on an X-ray scanner. The image of the grenade, part
of an exercise used to test screeners, should have been stored in a computer
file by a security agency staff member as part of standard procedure before
an employee shift change at the screening checkpoint, said Amy von Walter,
spokeswoman for the security agency.
Federal security officials initially said a malfunction in a software
program used to test screener performance prompted a computer-generated
image of the grenade to appear randomly on the X-ray screen. A screener
operating the X-ray scanner thought the grenade, artificially projected
inside a carry-on bag, was real.
If the screener were being tested, the grenade image would have disappeared
when the screener tapped a button on the device's console to acknowledge
seeing the item. In this case, the grenade did not vanish.
But the passenger was able to leave the security checkpoint with the suspect
bag before screeners could search its contents, leading to the evacuation
order.
[DMcK submitted two items, a week apart. This is PGN-ed from the more
recent and more accurate. Source: Jon Hilkevitch, Screeners blamed for
bomb scare, *Chicago Tribune*, 23 Nov 2004]
http://www.chicagotribune.com/news/local/chi-0411230350nov23,1,4870091.story
?coll=chi-newslocal-hed
------------------------------
Date: Fri, 12 Nov 2004 13:29:55 -0500
From: Caleb Hess <hess@private>
Subject: Defibrillator maker issues recall, goes out of business
A manufacturer of Automated External Defibrillators (AED) recently announced
a recall due to failure modes in which AEDs failed to deliver a shock when
needed, or "turned themselves on" and subsequently failed to function
(presumably due to drained batteries?). The maker claimed a failure rate of
less than one percent, although it is not clear how that figure was obtained
(many of these units are deployed in public buildings or other settings where
few of them will actually be called upon to operate).
Aside from the risk of shipping an inadequately tested product, the article
below raises some other interesting points:
The manufacturer says that no patient has died because of either failure
mode - which should be obvious, since an AED is only to be applied to a
patient who is already technically dead (pulseless).
A fire chief cites the obvious concern of carrying a piece of equipment
that may not work when needed.
An EMS director notes that, where units cannot be immediately replaced,
their removal turns a 1% probability of not defibrillating into a 100%
probability.
The AP article is at
http://cms.firehouse.com/content/article/article.jsp?sectionId=17&id=36601
------------------------------
Date: Wed, 24 Nov 2004 9:30:01 PST
From: "Peter G. Neumann" <neumann@private>
Subject: Expoding cell phones
Exploding Cell Phones a Growing Problem;
Injuries From Exploding Cell Phones Prompt Recalls;
Bad Batteries or Chargers Often the Culprit (ABC News, AP item, 24 Nov 2004)
Safety officials have received 83 reports of cell phones exploding or
catching fire in the past two years, usually because of bad batteries or
chargers. Burns to the face, neck, leg and hip are among the dozens of
injury reports the Consumer Product Safety Commission has received. The
agency is providing tips for cell phone users to avoid such accidents and
has stepped up oversight of the wireless industry. There have been three
voluntary battery recalls, and the CPSC is working with companies to create
better battery standards. U.S. phone makers and carriers say most fires and
explosions are caused by counterfeit batteries and note that in a country
with some 170 million cell phone users, the number of accidents is extremely
low. [PGN-abst]
------------------------------
Date: Fri, 19 Nov 2004 10:27:30 -0600
From: "D. Joseph Creighton" <djc@private>
Subject: Air Traffic Control blacked out by rodent
Some local wildlife decided to get warm and intimate with power lines,
blowing a transformer, and causing a cascade shutdown of substations across
much of the city of Winnipeg, Canada.
http://winnipeg.cbc.ca/regionalnews/caches/mb_hydro20041118.html
This left every plane in central Canada (Saskatchewan, Manitoba, NW Ontario)
flying blind for some eight minutes as YWG Center went down. Although power
was restored after one minute -- backup power also failed -- the radar and
communication systems took seven more minutes to restart.
http://winnipeg.cbc.ca/regionalnews/caches/mb_powerout20041118.html
D. Joseph Creighton [ESTP] | Info. Technologist, Database Technologies, IST
Joe_Creighton@private | University of Manitoba Winnipeg, MB, Canada, eh?
------------------------------
Date: Wed, 01 Dec 2004 09:07:27 -0700
From: "NewsScan" <newsscan@private>
Subject: 'Virus-throttle' software from HP
Software engineers at Hewlett-Packard are developing "virus-throttling"
software to slow the spread of viruses and worms on the Internet by
identifying suspicious behavior. HP chief technology officer Tony Redmond
says, "Any worm or virus that depends on its ability to spread itself will
be hurt by this technology." Alan Paller, director of research at the SANS
Institute, says the overall idea "makes sense," and adds, "It's an arms
race, not a simple war. I've been hearing people talk about the notion of
throttling for a long time, and it's a spectacular idea if HP can get it to
work." [*The Washington Post*, 30 Nov 2004; NewsScan Daily, 1 Dec 2004]
http://www.washingtonpost.com/wp-dyn/articles/A23527-2004Nov30.html
------------------------------
Date: Fri, 3 Dec 2004 13:21:22 -0800
From: Drew Dean <drew.dean@private>
Subject: E-mail notification
I recently received e-mail from Southwest airlines informing me of an
e-ticket. The only problem is that I didn't make the reservation, and it's
not for me.
While there's a Reply-To: header in the message, with the same address
as the From: header, there's a note at the bottom saying please don't
reply to this address, and the message provides no way to reach
Southwest's customer service department.
I suppose I can dig around their website, or call their general
toll-free number to try and remedy this, but why on earth don't they
include a customer service contact in their e-mail?
[To Southwest's credit, they did NOT include a credit card number in the
e-mail.]
Drew Dean, Computer Science Laboratory, SRI International
------------------------------
Date: Sat, 04 Dec 2004 14:00:43 -0500 (EST)
From: bo025@private (Harry Neumann)
Subject: When e-commerce and poor translation meet... terrorism?
I was recently looking to purchase some items from an online grocer
in Germany, www.lila-se.de , which offers service in both English and
German. Everything seemed relatively straightforward until I examined
the section labelled "Shipping Cost Informations". Zone 1 countries
and regions were listed as follows:
(from the English-language part of the site)
Generally Shipping Costs for Delivery Zone 1 (EU)
Zone 1 - EU(European union) Andorra, the Azores, Belgium, Denmark,
Faeroeer (DK), Finland, France, Greece, Greenland, Great Britain
(inclusive Isle OF one), Guernsey, Ireland, Italy, jersey, Korsika,
Liechtenstein, Luxembourg, larva Irish Republican Army, Monaco, the
Netherlands (Holland), Northern Ireland, Austria, Poland, Portugal,
San Marino, Sweden, Switzerland, Slowakei, Spain (inclusive Balearen),
Tschechien, Vatikanstadt.
vs. the German version (listed under "Versandkosten")
Zone 1 - EU (Europäische Union) Andorra, Azoren, Belgien, Dänemark,
Färöer (DK), Finnland, Frankreich, Griechenland, Grönland,
Großbritannien (inklusive Isle of Man), Guernsey, Irland, Italien,
Jersey, Korsika, Liechtenstein, Luxemburg, Madeira, Monaco,
Niederlande (Holland), Nordirland, Österreich, Polen, Portugal, San
Marino, Schweden, Schweiz, Slowakei, Spanien (inklusive Balearen),
Tschechien, Vatikanstadt.
Note the entry in the English-language page: "larva Irish Republican Army",
between Luxembourg and Monaco. This is definitely a puzzle until one looks
at the corresponding entry on the German page: Madeira. What presumably has
happened is that the word "Madeira" has beeb split in two for some reason,
becoming "Made" and "ira". Then "Made" was translated, becoming "larva",
whereas "ira" was not translated but expanded to become "Irish Republican
Army.". (Why other place names were not subjected to this treatment remains
a mystery).
Three risks (at least):
1) The usual hazards of doing a literal, contextless translation, magnified
by an unexplained parse-split-translate procedure, leading to a result
that, in this case, can be described without exaggeration as "weird" (not
to mention inaccurate).
2) That a potential customer will see these idiosyncratic translations and
assume that they're just the tip of the iceberg in terms of sloppiness,
and take his or her business elsewhere.
3) While no reasonable person will see this site as "terrorist-related"
there's a real risk that blocking software could spot the phrase "Irish
Republican Army", and categorize this site as "Political
Extremism-related", for no evident reason. The RISKS to even cautious
web-surfers living under authoritarian regimes, of accidentally viewing
"Political Extremism" sites need no further explanation.
------------------------------
Date: Mon, 29 Nov 2004 17:15:25 -0600
From: Stephen Cohoon <risks@cohoon-tx.com>
Subject: Job posting follies
While perusing some job posting web sites I found an interesting commentary.
I suspect the comments are intended for either in-house or external
recruiters who just posted it using select-all copy & paste resulting in
text that probably was not intended for public view. Particularly the set
of competitors to raid.
Required: C Plus Plus; Perl; Network Protocols; Linux; TCP/IP; Yes I will
notify you guys in the case that anything else even gets warm. Right now I
don't even have any other recruiters working on this but that may change
by the end of the week. Companies to Pinpoint Recruit from include: <List
of competing companies> (my former boss at <one of the competitors> is now
the VP of Engineering here)
------------------------------
Date: Wed, 10 Nov 2004 02:06:21 -0500 (EST)
From: "Atom 'Smasher'" <atom@private>
Subject: Re: New Standards for Elections (RISKS-23.59)
> 7. Accurate and transparent voting roll purges.
or doing away with purges... if convicted felons are allowed to write the
proprietary software that the machines run and manage the company that
manufactures the machines
<http://www.blackboxvoting.com/modules.php?name=News&file=article&sid=132>,
then convicted felons should be allowed to use the machines.
> 11. An end to minority vote suppression, disenfranchisement, harassment,
> dirty tricks.
to a large extent, it can be argued that purging voters *is* a form is
suppression, disenfranchisement, harassment, and dirty tricks. purging
felons from voting roles was devised as a "jim crow" law, and it can be
argued that jim crow is still proud of it.
this article
<http://www.heraldtribune.com/apps/pbcs.dll/article?AID=/20040708/COLUMNIST36/407080376>
points out how the purge can be used as a precision weapon in the war
against democracy.
------------------------------
Date: Wed, 10 Nov 2004 04:59:04 -0500 (EST)
From: "J.E. Cripps" <cycmn@private>
Subject: Re: new standards for elections; voting anomalies (RISKS-23.59)
Regarding the summary of the NYT editorial, I do not see any requirement
that voters be citizens of the U.S. or any identification requirement.
[Citizens, yes. That is understood. Identification? It varies from
place to place, and is seriously abused in some, one way or the other.
PGN]
Appalled as I am at the allegations regarding the 2004 elections,
I do not think that these .orgs address all the anomalies. For example:
Laying the Groundwork: A Study Of Voter Registration In Missouri
http://cf.townhall.com/linkurl.cfm?http://www.centerforethics.org/VoterRegistrationStudy.htm
Moreover, a more fundamental threat was not addressed in the editorial at
all. Both parties are at fault here, recalling the Bush amnesty:
Carrying out the Mandate: Get Borders and Illegal Immigration Under Control
http://cf.townhall.com/linkurl.cfm?http://www.humaneventsonline.com/article.php?id=5718
As PGN stated in an earlier issue of RISKS:
[including] the actual casting of ballots and the creation, evaluation,
certification, testing, and maintenance of voting equipment. But it also
includes the _registration of voters; identification, authentication, and
challenging of voters_; creation of the actual appearance of ballots and
setting up the voting machines; distribution and handling of ballot and
polling-place information, absentee ballots, and especially provisional
ballots; processing of ballots; tabulation and collection of results; and
proper assurance that voters' ballots are treated with adequate respect
for privacy -- along with oversight of each of the steps in the entire
process. comp.risks 23.58, November 4, 2004, (emphasis added)
Many of these are not matters of technology (rushing a polling place in the
last minutes) but surely fall within the ambit of comp.risks. But if either
major party has consistently addressed any of these, I've missed it.
I find the Democratic inattention to the deficiencies of the 2004
technologies before election very perplexing.
Appalling as the allegations which have appeared in sources quoted on this
list are (some of which find corroboration in the RISKS archives), I am
afraid that the proposals, laudable as many of them are, in the NYT
editorial insufficient.
------------------------------
Date: Wed, 10 Nov 2004 05:10:40 -0500 (EST)
From: "J.E. Cripps" <cycmn@private>
Subject: More on the electoral process
Here's another longstanding anomaly:
Nearly 50,00 duplicate registrations: Florida Redux?
http://www.eagleforum.org/column/2004/oct04/04-10-27.html
Here's a Republican warning about technological deficiencies, in May:
Don't Let Judges Jimmy Elections
http://www.eagleforum.org/column/2004/may04/04-05-12.html
The most serious risk: The Scam of Voting by Noncitizens and Felons
http://www.eagleforum.org/column/2004/aug04/04-08-18.html
If this isn't fixed, the system will be broken.
More predictions of the current debacle, from someone with
first-hand experience as a local office candidate:
http://www.NewsWithViews/Devvy/kidd72.htm
Mark my words: We will never know the true vote count next month no matter
how many times the ballots are run through a machine or how many lawsuits
the Democrats file against the Republicans and visa versa. ...
As someone who has run for public office, put their whole heart into the
effort, along with all the volunteers and the financial generosity of so
many, I would rather have waited four or five days for a real vote count
than be cheated. I don't want election results at the speed of a button, I
want a true vote count. ...
A must is to get rid of the insidious Motor Voter Law of 1993. All states of
the Union must purge their voting rolls and start over from scratch. There
is a two year period between elections. That's more than enough time for
anyone who has a real desire to vote, to obtain a certified birth
certificate and personally get down to the county clerk's office to
register. If someone can't find those few minutes over a two year period,
then fine, keep them out of the voting booth.
------------------------------
Date: Mon, 8 Nov 2004 17:26:09 -0800
From: "Joel Garry" <joelgarry@private>
Subject: Voter touch-screen no good? Here's a pen!
As I write this, the extremely close vote for mayor of San Diego is still up
in the air. From
http://www.signonsandiego.com/uniontrib/20041107/news_1m7frye.html :
"But she clearly benefited from the unusual technical aspects of this
election. Because of problems in the March primary with a touch-screen
voting system, the county shifted to optical-scan ballots, which required
voters to fill in bubbles next to their choices. That meant all voters were
handed a pen when they got their ballot, a remarkable turn of luck for
Frye."
This highlights a risk of computerized voting: More difficult to write in a
candidate, and conversely, if a fallback system is used, that can stimulate
a change in vote. Also, the web page that shows the results
http://www.sdcounty.ca.gov/voters/Eng/Eindex.html is a bit difficult to
figure out the vote tally, whoever wrote it didn't seem to consider the
possibility of a write-in - so there is a separate link to see the slowly
increasing Frye vote, as opposed to the regular candidates and "write in."
------------------------------
Date: Tue, 9 Nov 2004 22:29:56 +0100
From: Sander Tekelenburg <tekelenb@private>
Subject: Re: Is Windows up to snuff for running our world? (Bean, RISKS-23.59)
> Apple is missing out on a huge market here by not allowing their OS to run
> on other vendors' hardware. Nobody's going to buy a Mac to run an ATM or a
> cash register, but they might buy the OS if they thought it would work
> better.
Apple being wrong about not letting their OS run on non-Apple hardware is an
age-old argument. The age-old counter argument is that part of the quality
of Apple's OS is the fact that Apple controls the hardware. That gives them
an enormous advantage when it comes to guaranteeing some level of quality to
customers. Without it, when Mac OS X would have to run on any (and *cheap*)
third-party hardware, Apple cannot guarantee the hardware quality, customers
with crappy hardware will blame Apple for problems, Apple loses its name of
offering quality products.
If you want quality, you need to be willing to pay for it. It's that simple.
It seems Apple understands that.
Of course that doesn't mean some enterprising bank could not try to get
Apple interested in working together on building ATM hardware running Mac OS
X. Steve Jobs might like the challenge. But it seems to me that something
like Mac OS X is way overkill for an ATM machine... Possibly Darwin. But
then there's other BSDs too to choose from.
Sander Tekelenburg, <http://www.euronet.nl/~tekelenb/>
------------------------------
Date: Sat, 20 Nov 2004 10:38:15 -0600
From: "Douglas Barnes" <salguod@private>
Subject: Deworming the Internet: addressing computer security market failure
I thought RISKS folks might be interested in a paper I've written which is
just now available on SSRN. In part it's a response to the periodic calls
for "liability" (notably from Bruce Schneier) as a mechanism for solving
computer problems. The upshot is that I think Bruce is right that there is
a need for a regulatory response, but that extending, say, tort liability to
software would be a disaster. In addition to my more complicated law &
economics argument for why this is, I point out in passing that ordinary
tort liability could crush open source software, which has the potential to
act as a positive force in addressing the underlying market failure.
Douglas Barnes http://www.salguod.com
Abstract:
Both law enforcement and markets for software standards have failed to solve
the problem of software that is vulnerable to infection by
network-transmitted worms. Consequently, regulatory attention should turn to
the publishers of worm-vulnerable software. Although ordinary tort liability
for software publishers may seem attractive, it would interact in
unpredictable ways with the winner-take-all nature of competition among
publishers of mass-market, internet-connected software. More tailored
solutions are called for, including mandatory "bug bounties" for those who
find potential vulnerabilities in software, minimum quality standards for
software, and, once the underlying market failure is remedied, liability for
end users who persist in using worm-vulnerable software.
http://papers.ssrn.com/abstract=622364
------------------------------
Date: 2 Jun 2004 (LAST-MODIFIED)
From: RISKS-request@private
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. To subscribe or unsubscribe via
e-mail to mailman your FROM: address, send a message to
risks-request@private
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit the process by sending directly to either
risks-subscribe@private or risks-unsubscribe@private
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
INFO [for unabridged version of RISKS information]
.UK users should contact <Lindsay.Marshall@private>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
<http://www.CSL.sri.com/risksinfo.html>
The full info file may appear now and then in future issues. *** All
contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks@private with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks [subdirectory i for earlier volume i]
<http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
<http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
------------------------------
End of RISKS-FORUM Digest 23.61
************************
This archive was generated by hypermail 2.1.3 : Fri Jan 28 2005 - 10:24:11 PST