RISKS-LIST: Risks-Forum Digest Monday 6 March 2006 Volume 24 : Issue 18
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/24.18.html>
The current issue can be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents: [Backlogged!]
Cockpit usability (David Magda)
Risks of using computers in airplanes (Yvo Desmedt)
NJ Bill Would Prohibit Anonymous Posts on Forums (Lynn)
Desktop-to-mobile Malware (Peter B. Ladkin)
Re: Active content: Bad idea. Bad. (Paul Wallich)
Re: On learning from accidents (Hamish Marson, Jurek Kirakowski,
George C. Kaplan)
New Security Paradigms Workshop: Call for Papers (John McDermott)
2006 USENIX Annual Technical Conference (Lionel Garth Jones)
REVIEW: "Practical Internet Law for Business", Kurt M. Saunders (Rob Slade)
REVIEW: "CyberRegs", Bill Zoellick (Rob Slade)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sun, 26 Feb 2006 12:00:10 -0500
From: David Magda <dmagda@private>
Subject: Cockpit usability
A short-ish study [1] on the usability of aircraft avionics:
> The purpose of this study was to evaluate the accessibility of information
> provided by the avionics system of a technically advanced aircraft. The
> evaluation employed a tool developed by Schvaneveldt et al. (2004) [2]
> which considers the importance of the information source when evaluating
> information accessibility. Results showed that the TAA avionics had
> relatively little clutter but low accessibility ratings, especially in the
> area of Communication.
The interface showed to the operator is an important factor in how a system
works. This topic has been discussed in RISKS on many occasions, but I
thought this item might be of some interest.
[1] http://psychology.wichita.edu/surl/usabilitynews/81/AvionicsSystems.htm
[2] http://www.hf.faa.gov/docs/508/docs/gaPriorityReport.pdf
------------------------------
Date: Sat, 4 Mar 2006 11:02:15 GMT
From: Yvo Desmedt <y.desmedt@private>
Subject: Risk of using computers in airplanes
Many years ago I told [PGN] about a Northwest Airlines airplane in Detroit
unable to take off since the computer could not boot. The airline switched
equipment (planes). You suggested that I should have ... sent it to RISKS.
The following item was in the *International Herald Tribune*, p. 24, in "The
International Traveler Q&A", 3 Mar 2006:
... Los Angeles to London with American Airlines, we took off four hours
late because of a defective computer, and then were diverted to New York
to pick up a new computer ... The new computer wasn't working, so we had
to change planes. We arrived in London nine hours behind schedule ...
George B. Lambrakis, London
------------------------------
Date: Mon, 06 Mar 2006 15:22:15 -0500 (EST)
From: Lynn <lynn@private>
Subject: NJ Bill Would Prohibit Anonymous Posts on Forums (via IP)
http://yro.slashdot.org/yro/06/03/06/1736234.shtml
NJ Bill Would Prohibit Anonymous Posts on Forums
Posted by ScuttleMonkey on Monday March 06, @02:06PM
from the glad-we're-not-in-nj dept.
Privacy The Internet
An anonymous reader writes "The New Jersey legislature is considering a bill
that would require operators of public forums to collect users' legal names
and addresses, and effectively disallow anonymous speech on online forums.
This raises some serious issues, such as to what extent local and state
governments can go in enacting and enforcing Internet legislation."
link to proposed bill:
http://www.njleg.state.nj.us/2006/Bills/A1500/1327_I1.HTM
IP Archives at: http://www.interesting-people.org/archives/interesting-people/
[This of course would have considerable impact on all Internet newsgroups,
and opens up the question of liability that out-of-state moderators would
have. It also greatly increases the difficulties for whistle-blowers who
might wish to publicly air vital concerns without the obvious risks of
retribution. Seems like a bad piece of legislation to me. PGN]
------------------------------
Date: Fri, 03 Mar 2006 13:19:41 +0100
From: "Peter B. Ladkin" <ladkin@private-bielefeld.de>
Subject: Desktop-to-mobile Malware
An organisation called the Mobile Malware Researchers Association has said
that it has identified (indeed, that it has a copy of) the "first" virus
that can infect both Win32 desktops and Windows Mobile Pocket PC machines
and spreads from the former to the latter.
The story was distributed by the UK IEE Newsletter this week:
http://www.iee.org/oncomms/sector/informationpro/SectionNews/Object/B54B7AF4-CEDB-41F9-1B0278A0A33B97E6
MARA can be found at http://www.mobileav.org along with its list of
members.
Peter B. Ladkin, University of Bielefeld, Germany <www.rvs.uni-bielefeld.de>
------------------------------
Date: Mon, 27 Feb 2006 14:18:30 -0500
From: Paul Wallich <pw@private>
Subject: Re: Active Content: Bad idea. Bad. (Slade, RISKS-24.17)
> Sorry, but if I've learned anything in almost 20 years of malware research,
> it's that active content can lead to trouble.
This seems even worse to me than to Rob Slade. Dangerous technology, and
deployed at (in significant part) the wrong end of the problem. What we'd
like isn't so much to authenticate a browser (and thus, presumably, the
person at the keyboard) to the site; what we'd like is something to
authenticate the site to the user. At the cost of telling legitimate users
they can only ever use one computer to get to their accounts, the technology
does nothing about the use of stolen personal information to establish new
accounts or to establish fraudulent first-time online access to existing
accounts. Meanwhile, it convinces users to set browser security in such a
way that sites users believe they should trust can execute (potentially)
arbitrary code. Whee.
------------------------------
Date: Tue, 28 Feb 2006 10:47:00 +0000
From: Hamish Marson <hamish@private>
Subject: Re: On learning from accidents (Norman, RISKS-24.17)
Back in the late 80's I was doing my degree at Massey University (NZ). In
many Technology & Physics papers we were taught & graded mercilessly on
getting the 'error' correct for the calculations. And showing the error on
the result as well.
Everything that Don Norman says about showing the correct precision for the
calculation is correct. You lost marks in exams for this. Why have we
suddenly lost the ability to do it in real life now?
Could it be because much of this work is left up to young people who might
be great at coding, but simply don't have an understanding of the reality
behind the calculations they're being asked to program. How many people who
write software actually have relevant experience in the real world for
things they're doing? 10%? Probably less?
------------------------------
Date: Wed, 1 Mar 2006 11:23:46 -0000
From: "Kirakowski, Jurek" <jzk@private>
Subject: Re: On learning from accidents (Norman, RISKS-24.17)
On confidence intervals around predictions:
Don Norman's well-written piece on learning from crash accidents
(RISKS-24.17) highlights the major risk here but skirts around it a little,
perhaps for sound, rhetorical effect. It is required engineering practice,
and indeed in courts of law the same principle is applied to expert
evidence: show the tolerance factor. What is the likelihood of error? How
sure are you?
If you produce a prediction without assessing the confidence interval around
the prediction you have just shown that you don't understand the problem you
are trying to solve. If you can't answer the "likelihood of error" question
in a court of law, then your status as an expert witness can be seriously
undermined.
It has been said that the human race did quite well for several millions of
years without statistics and confidence intervals. Well, it's time to grow
up. The major RISK is that many people, even some so-called experts, fail to
understand this principle.
------------------------------
Date: Wed, 01 Mar 2006 11:38:41 -0800
From: "George C. Kaplan" <gckaplan@private>
Subject: Re: On learning from accidents (Norman, RISKS-24.17)
> I have seen this problem before: overly precise computations
> produce more trust than is warranted.
I collect slide rules as a hobby. One common topic in discussions with
other collectors: Modern calculators and computers make it too easy to fall
into the false-precision trap (e.g. 10-digit answers to problems with
3-digit input data). It's harder to do this with a slide rule, partly
because of the limited precision of the instrument, but also because the
scales graphically illustrate the decreasing significance of the rightmost
digits. Successively finer scale divisions are squeezed closer together,
but all digits on a calculator display are equally prominent.
> I propose a design rule: never give an answer with more precision than is
> warranted. Ideally show locations on a map as a smudge, the size
> comparable to the statistical likelihood.
An excellent suggestion: Use an analog display to illustrate the limited
precision that's obscured by the bare digital display.
Aviation is one of the few fields in which slide rule-type devices are still
in common use, primarily as backup calculators in case the electronic
systems fail. So it would be ironic if overly precise digital computations
were a contributing factor in the Southwest Airlines crash.
George C. Kaplan, Communication & Network Services, University of California
at Berkeley 1-510-643-0496 gckaplan@private
------------------------------
Date: Tue, 28 Feb 2006 14:50:08 -0500
From: "John McDermott (US Navy Employee)" <mcdermot@private>
Subject: New Security Paradigms Workshop: Call for Papers
NEW SECURITY PARADIGMS WORKSHOP, Call for Papers
Schloss Dagstuhl, Germany, September 18-21, 2006
Submissions due 26 March 2006
http://www.nspw.org
NSPW is a unique workshop that is devoted to the critical examination of new
paradigms in security. Each year, since 1995, we examine proposals for new
principles upon which information security can be rebuilt from the ground
up. We conduct extensive, highly interactive discussions of these
proposals, from which we hope both the audience and the authors emerge with
a better understanding of the strengths and weaknesses of what has been
discussed.
In his seminal book "The Structure of Scientific Revolutions", Thomas Kuhn
describes the progress of science as "a series of peaceful interludes
punctuated by intellectually violent revolutions." These revolutions, which
he called "paradigm shifts", are periods during which "one conceptual world
view is replaced by another."
A paradigm shift is thus not an incremental contribution to an established
branch of science; it is an attempt to replace the fundamental dogma of a
branch of science with a different, and completely incompatible, set of core
principles.
The New Security Paradigms workshop is dedicated to the proposition that
what Kuhn called "anomalies" - signs that the prevailing paradigm can no
longer explain phenomena observed in the real world - are already visible in
the science of information security, and, indeed, that the anomalies are so
obvious and so serious that the prevailing information security paradigm is
or soon will be in crisis. NSPW aspires to be the philosophical and
intellectual breeding ground from which a revolution in the science of
information security will emerge.
We solicit and accept papers on any topic in information security subject
to the following caveats:
1) Papers that present a significant shift in thinking about difficult
security issues are welcome.
2) Papers that build on a recent shift are also welcome.
3) Contrarian papers that dispute or call into question accepted practice or
policy in security are also welcome.
4) We solicit papers that are not technology-centric, including those that
deal with public policy issues and those that deal with the psychology
and sociology of security theory and practice.
5) We discourage papers that represent established or completed works as
well as those that substantially overlap other submitted or published
papers.
6) We discourage papers which extend well-established security models with
incremental improvements.
7) We encourage a high level of scholarship on the part of contributors.
Authors are expected to be aware of related prior work in their topic
area, even if it predates Google. In the course of preparing an NSPW
paper, it is far better to read an original source than to cite a text
book interpretation of it.
Our program committee particularly looks for new paradigms, innovative
approaches to older problems, early thinking on new topics, and
controversial issues that might not make it into other conferences but
deserve to have their try at shaking and breaking the mold.
Participation in the workshop is limited to authors of accepted papers
and conference organizers. Each paper is typically the focus of 45
to 60 minutes of presentation and discussion. Prospective authors are
encouraged to submit ideas that might be considered risky in some other
forum, and all participants are charged with providing feedback in a
constructive manner. The resulting intensive brainstorming has proved to
be an excellent medium for furthering the development of these ideas. The
proceedings, which are published after the workshop, have consistently
benefited from the inclusion of workshop feedback.
We welcome three categories of submission:
1) Research papers. These should be of a length commensurate with the
novelty of the paradigm and the amount of novel material that the
reviewer must assimilate in order to evaluate it.
2) Position papers. These should be 5 - 10 pages in length and should
espouse a well reasoned and carefully documented position on a security
related topic that merits challenge and / or discussion.
3) Discussion topic proposals. Discussion topic proposals should include an
in-depth description of the topic to be discussed, a convincing argument
that the topic will lead to a lively discussion, and supporting materials
that can aid in the evaluation of the proposal. The later may include
the credentials of the proposed discussants. Discussion topic proposers
may want to consider involving conference organizers or previous
attendees in their proposals.
Submissions must include the following:
1) The submission in PDF format, viewable by Adobe Acrobat reader.
2) A justification for inclusion in NSPW. Specify the category of your
submission and describe, in one page or less, why your submission is
appropriate for the New Security Paradigms Workshop. A good justification
will describe the new paradigm being proposed, explain how it departs
from existing theory or practice, and identify those aspects of the
status quo it challenges or rejects. The justification is a major factor
in determining acceptance.
3) An Attendance Statement specifying how many authors wish to attend the
workshop. Accepted papers require the attendance of at least one author
for the entire duration of the workshop. Attendance is limited, and we
cannot guarantee space for more than one author.
No submission may have been published elsewhere nor may a similar submission
be under consideration for publication or presentation in any other forum
during the NSPW review process.
The submission deadline is Monday, 26 March 2006.
Notification of acceptance will be Monday, 28 May, 2006.
See http://www.nspw.org for details of the workshop policies and
for submission procedures.
John McDermott, Publicity Chair, New Security Paradigms Workshop '06
[Slightly pruned for RISKS. This is a very important workshop. PGN]
------------------------------
Date: Mon, 06 Mar 2006 14:37:05 -0800
From: Lionel Garth Jones <lgj@private>
Subject: 2006 USENIX Annual Technical Conference
2006 USENIX Annual Technical Conference
May 30-June 3, 2006, Boston, MA
http://www.usenix.org/usenix06/proga
Early Bird Registration Deadline: May 12, 2006
We're pleased to invite you to attend the 2006 USENIX Annual Technical
Conference. This year we're offering 5 days of training running alongside a
3-day conference program filled with the latest research, security
breakthroughs, and practical approaches to the questions and problems you
wrestle with. You'll also have many opportunities to chat with peers who
share your concerns and interests.
--- Training: Tuesday-Saturday, May 30-June 3, 2006
USENIX '06 offers 5 days of tutorials led by highly respected
Instructors covering crucial topics including:
* Measuring Security, Dan Geer
* Ajax and Advanced Responsive WebApp Development, Alex Russell
* Administering Linux in Production Environments, AEleen Frisch
* Building a Logging Infrastructure and Log Analysis for Security, Abe Singer
* Defense Against the Dark Arts: Repelling the Wily Hacker, Bill Cheswick
To view the entire training program, see:
http://www.usenix.org/events/usenix06/training/
--- Technical Sessions: Thursday-Saturday, June 1-3, 2006
The 3-day technical program begins with the keynote address: "Planetlab:
Evolution vs. Intelligent Design in Planetary-Scale Infrastructure," by
Larry Peterson, Princeton University and PlanetLab Consortium, and includes
other Invited Talks of note, such as:
* Plenary Session: "Why Mr. Incredible and Buzz Lightyear Need Better Tools:
Pixar and Software Development," by Greg Brandeau, Vice President of
Technology, Pixar Animation Studios
* Closing Session: "Real Operating Systems for Real-time Motion Control," by
Trevor Blackwell, CTO, Anybots
* Peiter "Mudge" Zatko, BBN Technologies, on "Success, Failure, and
Alternative Solutions for Network Security"
* Matt Welsh, Harvard University, on "Deploying a Sensor Network on an
Active Volcano"
* And more!
The Systems Practice and Experience track is the premier forum for
presenting the latest in groundbreaking research. Be among the first to
check out the latest innovative work on the topics you need most. Check out
the full technical program at:
http://www.usenix.org/events/usenix06/tech/
Finally, don't miss the opportunity to pose your toughest questions to the
experts in the Guru Is In Sessions. Mingle with colleagues and leading
experts at the Birds-of-a-Feather sessions and at the various evening social
events, including a Poster Session & Happy Hour, vendor sessions, and an
off-site conference reception.
USENIX '06 promises to be an exciting showcase for the latest in innovative
research and cutting-edge practices in technology. We look forward to seeing
you in Boston in May. Register today at:
http://www.usenix.org/events/usenix06/registration/
On behalf of the USENIX '06 Organizers,
Atul Adya, Microsoft
Erich Nahum, IBM T.J. Watson Research Center
USENIX '06 Program Co-Chairs
2006 USENIX Annual Technical Conference
May 30-June 3, 2006, Boston, MA
http://www.usenix.org/usenix06/proga
Early Bird Registration Deadline: May 12, 2006
------------------------------
Date: Mon, 13 Feb 2006 08:01:36 -0800
From: Rob Slade <rMslade@private>
Subject: REVIEW: "Practical Internet Law for Business", Kurt M. Saunders
BKPRILFB.RVW 20051117
"Practical Internet Law for Business", Kurt M. Saunders, 2001,
1-58053-003-6, U$73.00
%A Kurt M. Saunders
%C 685 Canton St., Norwood, MA 02062
%D 2001
%G 1-58053-003-6
%I Artech House/Horizon
%O U$73.00 800-225-9977 fax: 617-769-6334 artech@artech-house.com
%O http://www.amazon.com/exec/obidos/ASIN/1580530036/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/1580530036/robsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASIN/1580530036/robsladesin03-20
%O Audience s- Tech 1 Writing 2 (see revfaq.htm for explanation)
%P 162 p.
%T "Practical Internet Law for Business"
The preface states that this book is intended to allow business and
system managers to understand the legal issues surrounding electronic
commerce.
Chapter one provides a brief and basic historical overview of the
Internet, stressing the decentralized nature, and the fact that nobody
is in charge. Jurisdiction, and the rulings in regard to it, are
discussed in chapter two. (Somewhat ironically, in view of the topic,
while international decisions are mentioned, the material is
definitely oriented to the legal system of the United States.)
Encryption is the topic of chapter three, which deals with export
controls on cryptographic software (even though the regulations have
been extensively liberalized) and electronic signature laws (even
though many of these laws allow for completely unencrypted
"signatures"). Chapter four very briefly examines the issue of trade
secrets, seemingly without much relation to the Internet. Trademarks,
on the other hand, do have a great deal of relevance to the net in
cybersquatting cases and the like, and are addressed in chapter five.
Some of the material on copyright, in chapter six, repeats content
dealt with in chapter five. Chapter seven provides an interesting and
detailed examination of email privacy in the workplace. Chapter eight
is rather vague, since its definition of "online crime" is not very
specific. (Some of the case law presented is also reported
simplistically: the account of United States vs Thomas, for example,
does not deal with the issue of community standards that made the
material legal in California but not in Tennessee.) The book closes
with patent law, in chapter nine (oddly separated from the other
intellectual property topics in chapters four to six), most of which
deals with the non-patentability of software.
This work is a lot about law, and not very much about the Internet.
How practical it may be is a question that individual readers will
have to answer.
copyright Robert M. Slade, 2005 BKPRILFB.RVW 20051117
rslade@private slade@private rslade@private
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
------------------------------
Date: Mon, 06 Mar 2006 11:14:05 -0800
From: Rob Slade <rMslade@private>
Subject: REVIEW: "CyberRegs", Bill Zoellick
BKCBRRGS.RVW 20051202
"CyberRegs", Bill Zoellick, 2002, 0-201-72230-5, U$39.99/C$59.95
%A Bill Zoellick
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%D 2002
%G 0-201-72230-5
%I Addison-Wesley Publishing Co.
%O U$39.99/C$59.95 416-447-5101 fax: 416-443-0948 bkexpress@private
%O http://www.amazon.com/exec/obidos/ASIN/0201722305/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/0201722305/robsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASIN/0201722305/robsladesin03-20
%O Audience i Tech 1 Writing 2 (see revfaq.htm for explanation)
%P 307
%T "CyberRegs: A Business Guide to Web Property Privacy and Patents"
The introduction states that the nature of the Web is in flux. Those who
take too strong and doctrinaire a stance on the character of the Internet
will be subject to failures in their attempts to do business there. In
addition, the author states his opinion, based on the research conducted for
the book, that attempts to apply regulation to the net should be sparing.
Part one deals with copyright. Chapter one reviews the past history of
copyright legislation and purposes, and also the recent case of Napster.
(The book was completed before the Napster case concluded.) "DVD Jon" and
the DeCSS case is the topic of chapter two. The author's experiences with
the publishing and sale of special reports forms the basis for an
examination of licensing, in chapter three, and also the balance of rights
between publisher and user/consumer. The development and shift in copyright
regulations and perspectives is given in chapter four. Chapter five lists
further reading on the topic: an annotated bibliography of text and online
sources. The works are well chosen and the annotations provide good
overviews of the material.
Part two addresses patents. Chapter six outlines the Amazon "1-Click"
patent, and the issue of an idea versus a specific implementation. A
variety of other patents and lawsuits are examined in chapter seven.
Chapter eight deals with the issue of patentability of an entity or item.
The issue of patenting business methods is dealt with in chapter nine.
Chapter ten examines the impact of patents on the Internet. Walker Digital
and the business of creating and holding business patents is in chapter
eleven. Recent US legislation amending patent concepts and applicability is
covered in chapter twelve. Chapter thirteen opines about the future and
fourteen closes off the topic with the reference section.
Part four surveys electronic signatures and the E-Sign act. Chapter fifteen
discusses the provisions of the act itself, including the fact that it
doesn't (in any significant way) define what an electronic signature can be,
thus obviating the need for many of the functions of a signature. (This is
followed by a brief section entitled "A Deeper Look" that explains the
technical concept of digital signatures.) Business will increase because of
the act, says chapter sixteen. Chapter seventeen makes the case (rather
weakly, perhaps) that E-Sign is a good act, because it doesn't impede
allowable technologies. Eighteen is the references chapter for electronic
signatures.
Part four moves in on privacy. Chapter nineteen cites a couple of cases of
the market for private information. US legal precedents regarding the right
to privacy are in chapter twenty. Consumer concerns, in chapter twenty-one,
are followed up by "A Deeper Look" at cookies and Web bugs, and by another
on the Platform for Privacy Preferences Project (P3P). US legislative moves
regarding privacy are discussed in chapter twenty-two. (It is interesting
to note that Zoellick quotes a legislator stating that privacy acts would be
passed before 2002. This did not happen. In addition, of the various
aspects discussed in the chapter, bill S.1789, before the Senate as this
review is being written, addresses only access and enforcement.) Chapter
twenty-three tries, without much success, to propose a framework for
privacy. Again, twenty-four contains references.
An epilogue finishes out the book by opining that businesses can, and
should, work at understanding the Web better, so that they can shape its
future development. As long as they develop it the way the author suggests.
Oddly, this work does not seem to add materially to other discussions of
Internet law. That it examines intellectual property issues in such depth
is interesting, but not illuminating. However, Zoellick does have a much
more engaging writing style than other authors who have written on legal
topics in relation to the net, and the text is much more readable than most
such books. There is a good deal of valuable information in this volume on
the subjects examined: but there is a lot of opinion as well.
copyright Robert M. Slade, 2005 BKCBRRGS.RVW 20051202
rslade@private slade@private rslade@private
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
------------------------------
Date: 2 Oct 2005 (LAST-MODIFIED)
From: RISKS-request@private
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman web interface can
be used directly to subscribe and unsubscribe:
http://lists.csl.sri.com/mailman/listinfo/risks
Alternatively, to subscribe or unsubscribe via e-mail to mailman your
FROM: address, send a message to
risks-request@private
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribe@private or risks-unsubscribe@private
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
The full info file may appear now and then in RISKS issues.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users should contact <Lindsay.Marshall@private>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risks@private with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks [subdirectory i for earlier volume i]
<http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
<http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
------------------------------
End of RISKS-FORUM Digest 24.18
************************
This archive was generated by hypermail 2.1.3 : Mon Mar 06 2006 - 15:52:20 PST