RISKS-LIST: Risks-Forum Digest Tuesday 4 January 2005 Volume 23 : Issue 65
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/23.65.html>
The current issue can be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Tsunami: natural disaster imminent? (Harry Crowther)
Tsunami warnings and spam (Geoffrey Brent)
New Year's Privacy Resolutions (Bernard Peek)
A deaf Hubble...? (David Lesher)
Missile interceptor doesn't even leave its silo (Vassilis Prevelakis)
Two German projects: Toll and Dole (Debora Weber-Wulff)
The effects of mistaking left- for right-fill (Jan Vorbrüggen)
Ars Team Prime Rib finds fourth-largest prime number ever (Monty Solomon)
Walgreen Overcharges, Reimburses Customers (Monty Solomon)
Thieves take brain remote control (Charles Williams)
Year Zero of Length Zero (Sam'l Bassett)
Re: Cell phones for eavesdropping - finally some public "chatter"
(Bill Stewart)
Re: RFID'ing babies (Jerry Leichter)
REVIEW: "High Tech Crimes Revealed", Steven Branigan (Rob Slade)
RAID: Recent Advances in Intrusion Detection (Deborah A. Frincke)
30 Joint CS & CE conferences in Las Vegas, 20 Jun 2005 (H.R. Arabnia)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Wed, 29 Dec 2004 04:36:37 -0500
From: "Harry Crowther" <crowther@private>
Subject: Tsunami: natural disaster imminent?
It is a dubious rationalization to complain about 'lost productivity' costs
after '3 of 4 tsunami warnings' (in Hawaii?) prove false. Are evacuation
drills and similar preparation, or planning related to disaster response
also be considered too costly, if tsunamis do not occur on some obliging
schedule? (Perhaps.) At some point, technology related to detection and
warning is also 'too costly'. Particular care needs to be taken to
appropriately balance 'lost productivity' costs with the cost of real damage
and lost lives.
Obviously, while an hour's warning is inadequate in many situations, a
six-hour warning could do quite a bit of good given the vast reach of a
tsunami. Presumably the detectors necessary for a one hour warning would be
that same ones required for the six hour warning.
Harry Crowther (hdcrowther@private)
See: Sounding the Alarm on a Tsunami Is Complex and Expensive
John Schwartz, *The New York Times*, 29 Dec 2004
http://www.nytimes.com/2004/12/29/international/worldspecial4/29warn.html
If only people had been warned. An hour's notice for those living and
vacationing along the coastlines of the Indian Ocean might have saved
thousands of lives. But predictions, and acting on them, are not simple,
geoscience experts say. ... According to a NASA Web site devoted to
tsunamis, three of four tsunami warnings issued since 1948 have been
false, and the cost of the false alarms can be high. ... An evacuation in
Hawaii could cost as much as $68 million in lost productivity, according
to the National Oceanic and Atmospheric Administration. Since the 1960's,
there have been two warnings of tsunamis in Hawaii that ended in
evacuations, and both were false alarms.
------------------------------
Date: Wed, 29 Dec 2004 09:08:55 +1100
From: Geoffrey Brent <g.brent@private>
Subject: Tsunami warnings and spam
Around 1 Dec 2004, I and several people I know received this spam:
> THIS IS AN OFFICIAL WARNING!
> A huge 300 ft. high ocean wave is moving towards your continent. Your and
> many other cities are in a real danger. Approximate wave moving speed is
> 700 km/h.
> Please read more about this catastrophe here: [plausible-looking URL
> snipped] We are strongly urging you to evacuate yourself and your family
> as soon as possible, even though you may live far away from your city. The
> tsunami will reach the continent in approximately FOUR hours.
I didn't check the URL then; aside from the "how would you know what city
I'm in?" aspects, I'd previously received very similar messages using other
shock announcements ("Terroract in Australia!") to lure people to their
sites. And indeed, this one was also spam.
But in the wake of this week's tragedy, it reminds me that there is no end
to opportunism. I'm sure we'll see that particular message recycled;
spammers aside, there are several obvious reasons why somebody might find it
convenient to trigger a mass evacuation. (Looting, terrorist attack on
traffic choke points, etc etc...)
We know what false alarms do to the effectiveness of warning schemes. Any
warning system needs to incorporate authentication - which also means
limiting its distribution to people who *will* check authenticity rather
than taking it on trust.
------------------------------
Date: Tue, 28 Dec 2004 23:03:39 +0000
From: Bernard Peek <bap@private>
Subject: New Year's Privacy Resolutions (Rotenberg, RISKS-23.64)
It's common for RISKS posts to point out unintended consequences of
well-meaning actions, so some response to Marc's post seems called for.
Having worked in the advertising and marketing industries and having run
marketing campaigns I should point out some unexamined assumptions. The main
one is that enhanced privacy is an unalloyed benefit. It isn't, there are
costs.
Advertisers use targeted advertising because they have no desire to
advertise to people who are not going to buy the product. The phrase I
coined while in the industry was "Every ad a wanted ad." Targeting isn't
perfect but the more information an advertiser has the better their
targeting and the less they have to advertise to people who aren't
interested.
If consumers don't provide that information, the advertisers will use less
efficient, more expensive, advertising media including large blanket
mailshots. Because all advertisers would be equally affected I would expect
them to be free to pass on the extra costs to their customers. Privacy is a
laudable aim, but not a zero cost option.
I need to add that part of the warning does not apply in the UK where I
am. In general if you provide personal information to a European company
they are not free to sell it on. The European model assumes that you own the
data and when you "give" it to a company what they receive is a limited
license to use that data. Unlicensed use of the data is a criminal
offence. As a database manager I, and my company directors, could do jail
time for buying or selling names and addresses. Adopting a similar
legislative framework in the USA would do more to protect electronic privacy
than any other measure.
Bernard Peek, London, UK. DBA, Manager, Trainer & Author
------------------------------
Date: Sun, 2 Jan 2005 20:24:25 -0500 (EST)
From: David Lesher <wb8foz@private>
Subject: A deaf Hubble...?
James Oberg wrote a great piece on the Cassini-Huygens mission that
reminds us: it's the things we DON'T test that can really bite us.
http://www.spectrum.ieee.org/WEBONLY/publicfeature/oct04/1004titan.html
[This is a rather remarkable story of Boris Smeds, whose discovery
of a flaw in Cassini's receiver and subsequent persistent apparently
has saved the mission. PGN]
------------------------------
Date: Tue, 4 Jan 2005 09:16:29 -0500 (EST)
From: vp@private (Vassilis Prevelakis)
Subject: Missile interceptor doesn't even leave its silo
>From Aviation Week and Space Technology December 20/27, 2004, pp. 34-36:
The trial began Dec. 15 around 00:45 EST when the target (for the
interceptor) was fired from Kodiak, Alaska. However, about 16 min later,
the interceptor at the Kwajalein missile range in the South Pacific shut
down 23 sec. prior to launch owing to a still unspecified anomaly. It was
the first test of Boeing's ground-based midcourse missile defense system
using the operational Orbital Sciences Corp. interceptor.
Pentagon officials are still assessing why the missile defense test
failed, but are pressing ahead anyway with the next round of enhancements.
Are they simply going through the motions because nobody expects this system
to be used against an actual enemy?
Vassilis Prevelakis, Computer Science Department
Drexel University, Philadelphia, Pennsylvania
------------------------------
Date: Tue, 04 Jan 2005 09:09:57 +0100
From: Debora Weber-Wulff <weberwu@fhtw-berlin.de>
Subject: Two German projects: Toll and Dole
Germany introduced not one, but two big projects on 1 Jan 2005.
This was not by design, but because the toll collection scheme on
the autobahns was delayed by about 18 months.
1) Toll collection
The government is happy to report that all is well, they collected some real
money and there were no problems reported. Spiegel, however,
(http://www.spiegel.de/wirtschaft/0,1518,335367,00.html) reports on its
on-line edition that 10 % of all attempts to use the system ended in failure
or in people just not paying the toll.
The system started with just 320.000 "On-Board Units" (OBU) installed that
calculate the tolls using a complicated, satellite-based scheme. If a
trucker does not have an OBU they must either purchase a ticket by mobile
phone (costly) or at a toll booth in a rest stop. The problems here are
that many truckers do not know exactly what exit they will be getting off
at. In addition, if there is a traffic jam or other problems and they have
to take a detour, they must change their toll ticket.
A personal observation from a rest stop visit on Sunday: there were 2 people
posted at the terminal to help people use the system. The costs for this
need to be factored into a success evaluation. The proof of the pudding will
be when there are no helpers around anymore, just the machine with its
rather intricate user interface.
Other media have noted that now other EU countries are jealous and are
considering their own toll systems. We will probably soon see trucks having
to be completely rebuilt in order to accommodate the 25 or so different toll
collection registration units.....
2) The new dole: Arbeitslosengeld II
The new dole system in Germany began on Jan. 1, 2005. The government has
admitted to a "computer problem" in the direct deposit scheme that left
about 5 % of the recipients without money. The computer on-line news system
Heise Online reports in http://www.heise.de/newsticker/meldung/54690 that
the error was with account numbers that were less than the now standard 10
digits. The program was of course supposed to put in *leading* zeros, for
example "0012345678". Instead, the zeros were added at the end
("1234567800") causing the payments to be unassignable to the recipient.
The government had to set up an emergency payment scheme to hand out 100
Euros to people who could show that they had not received the money
properly. It seems strange that there would only be 5 % of people affected,
as only people with newer banking accounts actually have a 10-digit account
number and many people do not put in the leading zeros when they put their
account number in a form.
The company that produced the software, T-Systems (a company that used to be
part of the German telephone company) insists that the error is not theirs,
but in the bookkeeping software of the government that sent them the account
numbers already in the incorrect form. This software has been working for
years, however, so the witch-hunt for the guilty continues.
Since the bank workers tend to still be on Christmas holiday and the ones
left at the bank are concerned with getting the year-end bookkeeping cleaned
up, the money had just been transferred to temporary accounts where it
awaits someone to come along and sort it out.
Meanwhile, the scheme -- which was supposed to save the government money so
that it could use the money to find work for people - has turned out to
actually *not* save money yet. The government requested many personal
details from people in the hopes of denying them money. But instead of the
expected 23%, only 6,5 of the 2.7 million applications for money were
rejected.
http://www.berlinonline.de/berliner-zeitung/tagesthema/409437.html?2005-01-04
There are very few people available for helping people find new jobs, as all
of the available personnel have been concerned with getting the payment
system to work.
Prof. Dr. Debora Weber-Wulff
FHTW Berlin, FB 4, Internationale Medieninformatik
Treskowallee 8, 10313 Berlin
Tel: +49-30-5019-2320 Fax: +49-30-5019-2300
weberwu@fhtw-berlin.de http://www.f4.fhtw-berlin.de/people/weberwu/
[The second system problem also noted by Jan Vorbrüggen, excerpted
next. PGN]
------------------------------
Date: Tue, 04 Jan 2005 16:05:51 +0100
From: =?ISO-8859-15?Q?Jan_Vorbr=FCggen?= <jvorbrueggen-not@private>
Subject: The effects of mistaking left- for right-fill
[...] Among the various media reports, see for instance (in German)
http://www.spiegel.de/wirtschaft/0,1518,335141,00.html.
A comment: Interbank transfers are ubiquitous in Germany - you can even use
them to pay at the supermarket for your groceries. Certainly, everybody
earning a salary receives it that way. It seems almost inconceivable that a
programmer living here would not know that right-filling of account numbers
is the wrong thing to do. Oh, and have they ever heard of testing?
------------------------------
Date: Tue, 4 Jan 2005 17:12:35 -0500
From: Monty Solomon <monty@private>
Subject: Ars Team Prime Rib finds fourth-largest prime number ever
Eric Bangeman, 4 Jan 2005, arstechnica
An anonymous member of Ars distributed computing Team Prime Rib has found
the fourth-largest prime number discovered to date as part of the Seventeen
or Bust effort. The number, 28433 * 2^7830457 + 1, was found after over two
days of processing by the computer that found it. ...
http://arstechnica.com/news.ars/post/20050104-4497.html
------------------------------
Date: Sat, 1 Jan 2005 04:17:36 -0500
From: Monty Solomon <monty@private>
Subject: Walgreen Overcharges, Reimburses Customers
Bloomberg News, 1 Jan 2005
http://www.latimes.com/business/la-fi-rup1.4jan01,1,4107985.story
Walgreen Co., the largest U.S. drugstore chain, accidentally overcharged as
many as 4 million customers buying gifts and decorations the two days before
Christmas because its payment-processing system malfunctioned from overuse.
Walgreen discovered the error on Christmas Day and electronically reimbursed
customers whose credit or debit cards had been incorrectly double- and
triple-charged, said company spokesman Michael Polzin. Some credits may not
post on customers' accounts until early next week, he said.
------------------------------
Date: Tue, 4 Jan 2005 12:07:19 +0000
From: Charles Williams <C.D.H.Williams@private>
Subject: Thieves take brain remote control
Reported in several UK newspapers:
Thieves steal a device which allows a woman to sleep by switching off
an implant in her brain.
<http://news.bbc.co.uk/go/em/fr/-/1/hi/uk/4142183.stm>
"... she is hopeful, but not certain, that the hospital caring for her - the
National Hospital for Neurology and Neurosurgery in central London - will be
able to replace the device."
------------------------------
Date: Tue, 28 Dec 2004 14:35:45 -0800
From: "Sam'l Bassett" <samlb@private>
Subject: Year Zero of Length Zero (Re: Y2K?, RISKS-23.63,64)
I have been saying for years that we should define a Virtual Year 0 of
Length Zero, both for computer programming purposes, and to make decades and
centuries come out right -- i.e. the 1960s would run from 1960 to 1969, not
1961 to 1970, and the 20th Century from 1900 to 1999.
------------------------------
Date: Tue, 28 Dec 2004 15:31:00 -0600
From: "Stewart, William C \(Bill\), RTSLS" <billstewart@private>
Subject: Re: Cell phones for eavesdropping - finally some public "chatter"
I *have* accidentally eavesdropped on a meeting using a cell phone. I used
the phone to check my voicemail before going into my meeting, which uses the
same phone number as my phone, turned the ringer to vibrate-only, and forgot
to lock the keypad when I put it into my briefcase. At some point the send
button got bumped, and since I hadn't dialed a number, it called the last
number I'd called, which was my phone. It was busy, so it connected to
voicemail and recorded for ~15 minutes. My briefcase wasn't designed for
acoustics, so it was pretty muffled, but relatively understandable.
------------------------------
Date: Tue, 28 Dec 2004 23:56:40 -0500
From: Jerry Leichter <jerroldleichter@private>
Subject: Re: RFID'ing babies (Stevens, RISKS-23.64)
Ray Todd Stevens, continuing and expanding on an assumption made by Paul
Wallich back in RISKS-23.62, describes possible problems with RFID tags used
to lock doors in hospital neonatal units.
These measures have been around for years. I recall them from when my 3 1/2
year old was born, and I'm pretty sure they were in place when my 9 1/2 year
old was born - and probably even before that. RFID refers to a specific
technology which didn't exist 3 years ago, much less 9 years ago. I would
be surprised if they are used today. RFID tags are cheap and disposable.
The tags used in neonatal units are on lock-on bracelets. As I recall, they
are re-usable. They don't need to provide true identification, only
proximity detection. There will certainly be pressures, once a big RFID
infrastructure is in place, to use RFID chips as the "standard" alternative,
but they will have to battle an incumbent "standard" that's been in place
for years. Change is unlikely to be quick, because the advantages of using
RFID seem minimal.
As for "dumb" readers that just check if any RFID tag is present: Why would
anyone even build such things? It's hard to come up with situations where
they would ever be useful, and anyone who deployed such a device will
quickly be swamped by random tags - and the cost advantages will be minimal,
given how cheap true RFID readers will likely be in a short time. (Early
targets for RFID tags are medicine bottles. A hospital is likely to have
tons of the things moving around its halls pretty soon, whether or not it
actually uses them for anything.)
In any case, it's easy to come up with failure modes, but that doesn't make
them risks. They become risks when people don't deal with them
appropriately. The systems I saw in action were pretty reliable. There was
a clear marking in the hallway of how far you could go before setting off an
alarm. It was quite accurate - we accidentally set the alarm off by walking
a couple of steps too far. (My older one was helping push the younger one's
carrier.) Determining the source of the problem wasn't that big a deal.
(There was more running around by the staff, checking *all* the exits, than
was really called for. This undoubtedly was partially a reflection of the
rarity of such events. I only saw the alarm go off that once. Once could
also argue that checking all the exits is prudent in any case, since the
alarm could be an attempt at a distraction.)
There were two rooms adjacent to the exit door, and they were clearly used
all the time without problems with the system. Radio waves may not respect
room boundaries, but systems can be designed to allow for that.
------------------------------
Date: Wed, 29 Dec 2004 08:21:37 -0800
From: Rob Slade <rslade@private>
Subject: REVIEW: "High Tech Crimes Revealed", Steven Branigan
BKHTCRRV.RVW 20041016
"High Tech Crimes Revealed", Steven Branigan, 2005, 0-321-21873-6,
U$29.99/C$42.99
%A Steven Branigan steveb@private
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%D 2005
%G 0-321-21873-6
%I Addison-Wesley Publishing Co.
%O U$29.99/C$42.99 fax: 416-443-0948 800-822-6339 bkexpress@private
%O http://www.amazon.com/exec/obidos/ASIN/0321218736/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/0321218736/robsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASIN/0321218736/robsladesin03-20
%P 412 p.
%T "High Tech Crimes Revealed"
The title is a wee bit misleading: it is not the crimes that are revealed
here as much as it is the investigations, and investigative techniques and
tips. As such, the initial material in the book is more valuable than many
of those that do concentrate on the crimes themselves.
Chapter one deals with an insider attack at a telephone company. Branigan
tells the story well (if sometimes a bit flippantly) and also provides
"rules" for an inquiry as the account progresses. The narrative points out
errors that were made (or fortuitously missed) and notes what might have
been done better. A simple case of ISP (Internet Service Provider) banner
defacement turns out to have larger ramifications in chapter two. But, the
supply of rules seems to dry up, although there are notes reiterating or
expanding on them. Some accidental discoveries result in the discovery of a
pornographic service, in chapter three. Chapter four outlines a hacker
sting operation.
Identity theft is superficially reviewed in chapter five, but the "case" is
minor, and only used as a lead in. There are interviews with a couple of
blackhats (which, if you've read Denning's, Gordon's, or Taylor's work,
don't teach very much) in chapter six. Chapter seven examines the motives
of different types of blackhats. It is difficult to say that this material
will help in understanding attacks or protecting systems. There is a brief
history of information technology in chapter eight. The essay on high tech
crime in chapter nine is a bit redundant at this point. There is also some
questionable material, retailing myths such as Al-Qaida's use of
steganography and the salami scam. Chapter ten describes some common
mistakes in an investigation, and eleven lists an overall, if simplistic,
investigative outline. Chapter twelve finishes off by recapping
miscellaneous thoughts.
The reports of investigations that begin the book are interesting,
particularly since all too many books about computer crime concentrate on
technical details, and forget the legal realities (or, like Kovacich's and
Boni's "High Technology Crime Investigator's Handbook" (cf. BKHTCRIH.RVW)
concentrate on the career and forget the job). It is disappointing that
Branigan's work trails off into more vague generalities.
copyright Robert M. Slade, 2004 BKHTCRRV.RVW 20041016
rslade@private slade@private rslade@private
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
------------------------------
Date: Wed, 29 Dec 2004 11:13:37 -0800
From: "Deborah A. Frincke" <frincke@private>
Subject: RAID: Recent Advances in Intrusion Detection
RAID 2005, CALL FOR PAPERS and PANELS
Eighth International Symposium on Recent Advances in Intrusion Detection
Seattle, Washington, USA, 7-9 Sep 2005
Deadlines:
31 Mar 2005: Paper & practical experience submissions
30 Apr 2005: Panel submissions
15 Aug 2005: Deadline for poster session submissions
www.conjungi.com/RAID/
www.raid-symposium.org
------------------------------
Date: Sun, 26 Dec 2004 15:00:23 -0500 (EST)
From: hra@private
Subject: 30 Joint CS & CE conferences in Las Vegas, 20 Jun 2005
Call For Papers and Call For Session Proposals
The 2005 International Multiconference in
Computer Science and Computer Engineering
(composed of 16 Joint Conferences)
June 27-30, 2005, Las Vegas, USA
The 2005 World Congress in Applied Computing
(composed of 14 Joint Conferences)
June 20-23, 2005, Las Vegas, USA
[Excerpted for RISKS by PGN]
The 2005 International Multiconference in Computer Science and Computer
Engineering is composed of the following 16 conferences (all will be held
simultaneously, same location and dates: June 27-30, 2005, Las Vegas, USA):
1. The 2005 International Conference on Parallel and Distributed Processing
Techniques and Applications (PDPTA'05)
2. The 2005 International Conference on Artificial Intelligence (ICAI)
3. The 2005 International Conference on Software Engineering Research and
Practice (SERP'05)
4. The 2005 International Conference on Internet Computing (ICOMP'05)
5. The 2005 International Conference on Computer Design (CDES'05)
6. The 2005 International Conference on Wireless Networks (ICWN'05)
7. The 2005 International Conference on Modeling, Simulation and
Visualization Methods (MSV'05)
8. The 2005 International Conference on Foundations of Computer Science
(FCS'05)
9. The 2005 International Conference on Imaging Science, Systems, and
Technology: Computer Graphics (CISST'05)
10. The 2005 International Symposium on Web Services and Applications
(ISWS'05)
11. The 2005 International Conference on Pervasive Systems and Computing
(PSC'05)
12. The 2005 International Conference on Machine Learning; Models,
Technologies and Applications (MLMTA'05)
13. The 2005 International Conference on Communications in Computing
(CIC'05)
14. The 2005 International Conference on Engineering of Reconfigurable
Systems and Algorithms (ERSA'05)
15. The 2005 International Conference on Programming Languages and Compilers
(PLC'05)
16. The 2005 International Conference on Embedded Systems and Applications
(ESA'05)
The 2005 World Congress in Applied Computing is composed of the following 14
conferences (all will be held simultaneously, same location and dates 20-23
Jun 2005, Las Vegas, USA):
1. The 2005 International Conference on Grid Computing and Applications
(GCA'05)
2. The 2005 International Conference on e-Business, Enterprise Information
Systems, e-Government, and Outsourcing (EEE'05)
3. The 2005 International Conference on Biometric Authentication (BIOAU'05)
4. The 2005 International Conference on Computers for People with Special
Needs (CPSN'05)
5. The 2005 International Conference on Data Mining (DMIN'05)
6. The 2005 International Conference on Human-Computer Interaction (HCI'05)
7. The 2005 International Conference on Computer Vision (VISION'05)
8. The 2005 International Conference on Scientific Computing (CSC'05)
9. The 2005 International Conference on Information and Knowledge
Engineering (IKE'05)
10. The 2005 International Conference on Security and Management (SAM'05)
11. The 2005 International Conference on Mathematics and Engineering
Techniques in Medicine and Biological Sciences (METMBS'05)
12. The 2005 International Conference on Algorithmic Mathematics and
Computer Science (AMCS'05)
13. The 2005 International Conference on Data Fusion - From Multi-Source
Data to Information (FUS'05)
14. The 2005 International Conference on Frontiers in Education: Computer
Science and Computer Engineering (FECS'05)
(a link to each conference's URL can be found at
http://www.world-academy-of-science.org - currently under construction.)
GENERAL CHAIR AND COORDINATOR:
H.R. Arabnia, PhD, The University of Georgia, Department of Computer Science
415 Graduate Studies Research Center, Athens, Georgia 30602-7404, U.S.A.
Tel: (706) 542-3480 Fax: (706) 542-2966 E-mail: hra@private
Deadline for submission of papers 16 Feb 2005:
------------------------------
Date: 29 Dec 2004 (LAST-MODIFIED)
From: RISKS-request@private
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. Mailman can let you subscribe directly:
http://lists.csl.sri.com/mailman/listinfo/risks
Alternatively, to subscribe or unsubscribe via e-mail to mailman your
FROM: address, send a message to
risks-request@private
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribe@private or risks-unsubscribe@private
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
INFO [for unabridged version of RISKS information]
.UK users should contact <Lindsay.Marshall@private>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
<http://www.CSL.sri.com/risksinfo.html>
The full info file may appear now and then in future issues. *** All
contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks@private with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks [subdirectory i for earlier volume i]
<http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
<http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
------------------------------
End of RISKS-FORUM Digest 23.65
************************
This archive was generated by hypermail 2.1.3 : Fri Jan 28 2005 - 10:24:33 PST