[RISKS] Risks Digest 26.02

From: RISKS List Owner <risko_at_private>
Date: Sun, 18 Apr 2010 12:27:28 PDT
RISKS-LIST: Risks-Forum Digest  Sunday 18 April 2010  Volume 26 : Issue 02

Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at

BofA insider to plead guilty to hacking ATMs (Robert McMillan via PGN)
RFID zapper made from a disposable camera! (Eurekalert)
FDA Toughens Process for Radiation Equipment (Walt Bogdanich)
Labour attacked over mailshot to cancer patients (via Ross Anderson)
apache.org hacked (Jidanni)
China disrupts the Internet again (Robert McMillan)
Is your security policy smarter than a 3rd grader? (Jeremy Epstein)
Small policy violations add up (Jeremy Epstein)
Monty Solomon <monty_at_private>
Israel confiscates visiting iPads (via Monty Solomon)
Re: Canada's planned electronic passports easy to hack? (Adam Laurie)
EU project may monitor airline passengers' conversations (Lauren Weinstein)
Is it risky to make Hannah Montana tickets expensive? (Jeremy Epstein)
Unintended consequence of water conservation: bursting pipes (Danny Burstein)
Re: ... circumventing Bayesian filters (John Levine, Jonathan Kamens)
Re: YOUR SAT NAV IS WRONG - GO BACK! (Dag-Erling Smørgrav)
GPS jamming - request for information (Martyn Thomas)
Retracting my observation of the USPS CofA (FJohn Reinke)
New Book: Cryptography Engineering (Bruce Schneier)
Abridged info on RISKS (comp.risks)


Date: Mon, 12 Apr 2010 21:03:51 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: BofA insider to plead guilty to hacking ATMs

Rodney Reed Caverly, a Bank of America computer specialist who had developed
and maintained ATM (and other) software, has been charged with computer
fraud.  In 2009, he reportedly was able to get ATMs to dispense cash while
bypassing the audit trail that would record his transactions.  The maximum
sentence would be five years in prison.  [Source: Robert McMillan, *Computer
World*, 7 Apr 2010; PGN-ed]

  [Highly relevant to this item is a forthcoming book, *Insider Threats in
  Cyber Security and Beyond*, edited by Christian Probst, Jeffrey Hunker,
  Dieter Gollmann, and Matt Bishop, which has just gone to press at Springer
  Verlag.  It includes a chapter I wrote that specifically considers the
  potential roles of insider misuse in computer-related election systems.  A
  table at the end summarizes a few cases of insider misuse that have
  appeared in RISKS over the years.  The burgeoning incidence of insider
  misuse cases should be an alarm for people who believe in the integrity of
  existing paperless (and essentially unauditable) computer-based systems.]


Date: Thu, 15 Apr 2010 14:04:21 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: RFID zapper made from a disposable camera! (Eurekalert)

  [Thanks to Ken Nitz.  PGN]

  Safer swiping while voting and globetrotting: Tel Aviv University security
  expert finds security holes in America's passports and 'smart cards'

Since 2007, every new U.S. passport has been outfitted with a computer
chip. Embedded in the back cover of the passport, the "e-passport" contains
biometric data, electronic fingerprints and pictures of the holder, and a
wireless radio frequency identification (RFID) transmitter.

Although the system was designed to operate at close range, hackers were
able to access it from afar --- until research by Prof. Avishai Wool of Tel
Aviv University's Blavatnik School of Computer Sciences helped ensure that
the computer chip in American e-passports could be read only when the
passport is opened. The research has been cited by organizations including
the Electronic Frontier Foundation.

Now, a new study from Prof. Wool finds serious security drawbacks in similar
chips that are being embedded in credit, debit and "smart" cards. The
vulnerabilities of this electronic approach -- and the vulnerability of the
private information contained in the chips -- are becoming more acute. Using
simple devices constructed from $20 disposable cameras and copper
cooking-gas pipes, Prof. Wool and his students have demonstrated how easily
the cards' radio frequency (RF) signals can be disrupted. The work will be
presented at the IEEE RFID conference in Orlando, FL, this month.

More than one way to hack a chip

Prof. Wool's most recent research centers on the new "e-voting" technology
being implemented in Israel. "We show how the Israeli government's new
system based on the RFID chip is a very risky approach for security
reasons. It allows hackers who are not much more than amateurs to break the
system," Prof. Wool explains. "One way to catch hackers, criminals and
terrorists is by thinking like one."


In his lab, Prof. Wool constructed an attack mechanism ---- an RFID
"zapper"-- from a disposable camera. Replacing the camera's bulb with an
RFID antenna, he showed how the EMP (electro-magnetic pulse) signal produced
by the camera could destroy the data on nearby RFID chips such as ballots,
credit cards or passports. "In a voting system, this would be the equivalent
of burning ballots -- but without the fire and smoke," he says.

Another attack involves jamming the radio frequencies that read the
card. Though the card's transmissions are designed to be read by antennae no
more than two feet distant, Prof. Wool and his students demonstrated how the
transmissions can be jammed by a battery-powered transmitter 20 yards
away. This means that an attacker can disable an entire voting station from
across the street. Similarly, a terror group could "jam" passport systems at
U.S. border controls relatively easily, he suggests.

The most insidious type of attack is the "relay attack." In this scenario,
the voting station assumes it is communicating with an RFID ballot near it
-- but it's easy for a hacker or terrorist to make equipment that can trick
it. Such an attack can be used to transfer votes from party to party and
nullify votes to undesired parties, Prof.  Wool demonstrates. A relay attack
may also be used to allow a terrorist to cross a border using someone else's

How to make "smart cards" smarter

"All the new technologies we have now seem really cool. But when anything
like this first comes onto the market, it will be fraught with security
holes," Prof. Wool warns. "In America the Federal government poured a lot of
money into e-voting, only to discover later that the deployed systems were
vulnerable. Over the last few years we've seen a trend back towards systems
with paper trails as a result."

But there are some small steps that can be taken to make smart cards
smarter, says Prof. Wool. The easiest one is to shield the card with
something as simple as aluminium foil to insulate the e-transmission. In the
case of e-voting, a ballot box could be made of conductive materials. The
State Department has already taken Prof. Wool's advice: since 2007, they've
also added conductive fibres to the back of every American passport.


Date: Fri, 9 Apr 2010 21:24:53 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: FDA Toughens Process for Radiation Equipment (Walt Bogdanich)

Problems with computer software were most frequently cited as a cause for
the errors, according to letter sent Thursday by Dr. Jeffrey Shuren,
director of the agency's Center for Devices and Radiological Health.  He
said that the agency's analysis ``revealed device problems that appear to be
the result of faulty design or use error that could be mitigated by the
incorporation of additional safeguards.''  [Source: Walt Bogdanich, *The New
York Times*, 9 Apr 2019; PGN-ed TNX to dkross]


Date: Sun, 11 Apr 2010 13:29:39 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: Labour attacked over mailshot to cancer patients

  "The Conservatives and the Liberal Democrats have attacked the Labour
  Party for sending "alarmist" literature to cancer patients, and called for
  an inquiry into whether NHS databases had been used to identify
  recipients.  The row erupted after Labour sent cancer patients mailshots
  saying that their lives may be at risk under a Conservative government."

[Source: Article by Chris Hastings, Maurice Chittenden and Nyta Mann,
(London) *Times Online*, 11 Apr 2010; Noted by Ross Anderson]


Date: Sun, 18 Apr 2010 06:55:10 +0800
From: jidanni_at_private
Subject: apache.org hacked

"Leave it to big organizations to allow something this massive to occur
un-noticed. It's why we have the stupid PCI standards we have today that do
nothing but take the time out of businesses that always played by the
security rules while the big guys were careless. There's a lot of blame and
fingerpointing from who-ever wrote this but all the blame and fingerpointing
should be pointing right at Apache. This attack had nothing to do with
Linux, Slicehost, or whatever else is thrown in to tell a story. Who doesn't
block brute force attacks in 2010? Who doesn't use real password encryption?
Its mindblowing, but im not surprised the big guys always make a muck of
things and then the little guys are stuck dealing with the aftermath."


Date: Fri, 9 Apr 2010 5:16:57 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: China disrupts the Internet again

[Source: Robert McMillan, IDG News Service, 8 Apr 2010; Noted by Jeremy
Epstein, with the comment, `BGPsec value demonstrated again'.  PGN-ed]

For the second time in two weeks, bad networking information spreading from
China disrupted the Internet (for about 20 minutes).  On 8 Apr 2010, bad
routing data from a small Chinese ISP called IDC China Telecommunication was
re-transmitted by China's state-owned China Telecommunications, and then
spread around the Internet, affecting Internet service providers such as
AT&T, Level3, Deutsche Telekom, Qwest Communications and Telefonica.  During
that time IDC China Telecommunication transmitted bad routing information
for between 32,000 and 37,000 networks, redirecting them to IDC China
Telecommunication instead of their rightful owners.  These networks included
about 8,000 U.S. networks including those operated by Dell, CNN, Starbucks
and Apple. More than 8,500 Chinese networks, 1,100 in Australia and 230 owned
by France Telecom were also affected. [...]


Date: Fri, 16 Apr 2010 11:21:55 -0400
From: Jeremy Epstein <jeremy.j.epstein_at_private>
Subject: Is your security policy smarter than a 3rd grader?

In Fairfax County Virginia, a 9-year-old boy was caught accessing the
Blackboard account of Dr. Jack Dale, superintendent of schools.  Initial
reports were that he "hacked" the system, but the real answer came out:

(1) He got a teacher's password - perhaps it was on a yellow sticky, but
    that's not been described.
(2) He logged in as the teacher.
(3) The security policy allowed him to add a "student" to the class - in
    this case, Superintendent Jack Dale.
(4) The security policy allows him to change the password of any student in
    the class - again, Jack Dale.
(5) He logged in as Jack Dale.

Each of these policies makes sense individually, but when put together, the
result was.... surprising!

(Original article says the student "hacked" the system and got administrator
(Says that there was no hacking, and outlines the above sequence of steps)


Date: Sun, 11 Apr 2010 08:17:21 -0400
From: Jeremy Epstein <jeremy.j.epstein_at_private>
Subject: Small policy violations add up

An Israeli soldier is being accused of leaking 2000 classified documents to
a reporter.  That in itself isn't relevant to RISKS (nor is the contents of
the classified documents), but *how* she got the documents out is relevant
-- several "minor" policy violations that combined allowed a major leak.
First, on orders from her commanding general, she moved documents from a
classified system which did not allow printing to an unclassified system so
she could print the documents at the general's request.  Second, the IT
department, at her request, disabled the controls that prevented access to
external media, thus allowing her to write to removable media (I assume a
CD-ROM or similar).  Third, the system designed to detect improper actions
(e.g., leaks) was not yet enabled.

Risks?  In a system with multiple layers of control, we can get complacent
about individual controls operating correctly, and the controls fail.



Date: Thu, 15 Apr 2010 23:31:34 -0400
From: Monty Solomon <monty_at_private>
Subject: Israel confiscates visiting iPads



Date: Mon, 12 Apr 2010 11:34:11 +0100
From: Adam Laurie <adam_at_private>
Subject: Re: Canada's planned electronic passports easy to hack? (Kruk, 26.01)

> In one of his more famous demonstrations, Laurie in 2008 created a passport
> for Elvis Presley, and scanned the document at an automated passport scanner
> in an airport in Amsterdam. ...

Actually, the Elvis stunt was performed by Jeroen van Beek, although we do
regularly work on such things together...


We later performed an even more fun trick at the same Amsterdam location, in
which he presented an off-the-shelf USB RFID reader to the passport
verification system, and it relayed a passport I was holding to a similar
reader in the UK, using a mobile phone data link. In other words, the
Amsterdam system believed it had been presented with a passport that was not
even in the country at the time. This technique also defeats all the new
security measures such as active authentication etc., as it is using a
genuine passport, albeit it one that is somewhere else at the time...

Adam Laurie, Suite 117, 61 Victoria Road, Surbiton, Surrey KT6 4JX
http://rfidiot.org  +44 (0) 20 7993 2690


Date: Thu, 8 Apr 2010 22:52:19 -0700
From: privacy_at_private
Subject: EU project may monitor airline passengers' conversations

EU project may monitor airline passengers' conversations
  http://bit.ly/biUxXQ  (The MoveChannel.com)

Whatever you do, don't tell your seatmate that the in-flight movie is a
"bomb!"   Lauren Weinstein


Date: Fri, 9 Apr 2010 14:28:31 -0400
From: Jeremy Epstein <jeremy.j.epstein_at_private>
Subject: Is it risky to make Hannah Montana tickets expensive?

*The Washington Post* is reporting that a team of Bulgarian programmers
developed a system that buys tickets from Ticketmaster as soon as they go on
sale, allowing their US-based partners to then resell the tickets at higher
prices.  The group, which calls themselves Wiseguys, has software that can
handle the CAPTCHAs, avoids maxing out credit cards, and makes deliberate
"mistakes" in typing to avoid getting caught by the Ticketmaster system.

Is this illegal or just clever programming?  They're not being charged with
scalping the tickets (which isn't a federal crime, but is in many states and
localities)., but with conspiracy, wire fraud and computer crimes
("fraudulent misrepresentation and computer hacking" according to the
indictment).  There's no claim that they did what is currently known as
"hacking" (i.e., breaking into computer systems), but actually is more akin
to what was once known as hacking, namely coming up with clever solutions to
a problem (in this case, purchasing tickets online).

Initially, I thought this was a clear risk that having online systems for
selling tickets makes it easier for scalpers to corner the market than in
the old days where the systems were closed and you had to purchase on the
telephone or in person at a ticket office.  But as I thought more about it,
I realized that having Hannah Montana (*) tickets priced through the
stratosphere is a major advantage for those of us with pre-teenage daughters
- it's easy to tell them that $500 is too much for a ticket, but harder to
make the argument at $50.

Indictment at http://www.washingtonpost.com/wp-srv/metro/documents/wiseguys022310.pdf

(*) Hannah Montana is a so-called entertainer who appeals exclusively
to pre-teenage girls.


Date: Wed, 14 Apr 2010 18:00:30 -0400 (EDT)
From: danny burstein <dannyb_at_private>
Subject: Unintended consequence of water conservation: bursting pipes

  Various areas around Los Angeles have had an increasing number of water
  pipes breaking.  Some folk are suggesting that... the water restrictions
  in the area (no lawn watering, etc.) are leading to higher pipe pressures,
  causing more and more failures.

A blue-ribbon panel of scientists said Tuesday that the high-volume water
main breaks that bedeviled Los Angeles last summer and fall were caused in
part by the city's restrictions on lawn watering, and their findings could
force the city to remake its strict water conservation policy.

The city last June limited the use of lawn sprinklers to Mondays and
Thursdays, and those restrictions have proved highly successful.  Officials
said Tuesday that in February, Los Angeles had its lowest recorded water use
in 31 years.

But the water conservation policy was too much for the city's aging network
of cast-iron iron pipes, causing fluctuations in water pressure that
strained them to the bursting point...

[Source: LA Times, 14 Apr 2010]

  The story as reported is short on many of the details that I'd have liked
  to see, such as a 24-hour time line of the pipe breaks (water use is lower
  at night, pressure goes up).

    [Although this is not particularly RISKS-related, it is illustrative of
    policy decisions that have implementation implications.  PGN]


Date: 9 Apr 2010 03:08:10 -0000
From: John Levine <johnl_at_private>
Subject: Re: ... circumventing Bayesian filters (Kamens, RISKS-26.01)

Those are called hash busters or, occasionally, word salad, and they've been
a well known spammer trick since about 2002.

Hash busters have been around so long that it's more amazing that your
package can't deal with them.  SpamAssassin has had ways to keep hash
busters out of the bayesian filters at least since version 3.0 in
2004.  Modern spam filters deal with them so well that spammers rarely
bother with them any more.

There must be a bad pun lurking here along the lines of reinventing
the salad spinner.


Date: Fri, 09 Apr 2010 06:43:47 -0400
From: Jonathan Kamens <jik_at_private>
Subject: Re: ... circumventing Bayesian filters (Levine, RISKS-26.02)

> Responding to John Levine:
> Those are called hash busters or, occasionally, word salad, and
> they've been a well known spammer trick since about 2002.

That may be, but as far as I can tell, there is something different about
their newest incarnation that makes them orders of magnitude (and yes, I
know what "order of magnitude" means and mean it literally) more effective
than anything that has come before.

One of the things I've always loved about Bayesian filters like bogofilter
is their simplicity and elegance, their "purity," if you will.

Filters like SpamAssassin apply a large number of rules to incoming email
messages.  Each rule is of the form, "Based on this rule, how likely is it
that this message is spam?"  The scores from all the rules are added
together, and if the result exceeds a preset threshold, the message is
considered spam.

That's a perfectly fine way of doing things, but the weights and scores tend
to be quite arbitrary, and users and developers can end up spending a lot of
time tweaking the various rules and their weights to arrive at an effective

In contrast, a Bayesian filter like bogofilter has just one rule -- a
mathematical formula based on the tokens in each message and the frequency
with which those tokens have appeared in spam and "ham" messages in the

I am charmed by that simplicity and straightforwardness, as well as by the
fact that a Bayesian filter has been able to achieve >98% accuracy for me
for most of the time I've been using it.

Having said that, to successfully combat the most recent iteration of spam,
I've had to compromise my principles a bit and apply a couple of rules to my
incoming email for the first time by using a preprocessor called
"spamitarium" written by Tom Anderson.  You can read more about it at
That page also documents the rest of my antispam configuration, for those
who are curious.


Date: Fri, 09 Apr 2010 12:17:19 +0200
From: Dag-Erling Smørgrav <des_at_private>
Subject: Re: YOUR SAT NAV IS WRONG - GO BACK! (Jidanni, RISKS-26.01)

The real issue here is that most satnav systems default to "shortest route",
which is almost *never* what the user actually wants.

I recently bought a car with a built-in satnav system which not only
defaults to "shortest route" but, adding insult to injury, reverts to the
default setting when you enter a new destination...

On a related note: in Norway, you can deduct your daily commute from your
taxable income, at a fixed rate per kilometer, if it exceeds a certain
threshold.  In addition, under certain conditions, medically justified
travel expenses are refundable.  However, these deductions or refunds are
not based on the route you actually travel, but on the shortest route
reported by a specific (gov't-run) online map service.  I know of at least
one case (a specific specialized hospital outside Oslo) where the
gov't-approved shortest route involves a highway off-ramp that no longer
exists and a forest path.


Date: Fri, 16 Apr 2010 09:28:47 +0100
From: Martyn Thomas <martyn_at_thomas-associates.co.uk>
Subject: GPS jamming - request for information (notsp)

I'm currently leading a study by the UK Royal Academy of information into
GPS (and more generally GNSS) usage and vulnerabilities.

It's clear that the current GPS signal is easy to jam (and that it is jammed
quite often for criminal and counter-criminal purposes), so one might
predict that this would become more frequent as the incentives increase.

I understand that GPS is used for road tolls in the Netherlands and in
Germany (for lorries). If this is true, is there any evidence that it has
led to jamming? If it has, what consequences have there been?

Thanks for any help, on or off list.  [PREFERABLE OFF LIST, hoping that
  Martyn will summarize the interesting responses -- if relevant.  PGN]

Martyn Thomas CBE FREng <martyn_at_thomas-associates.co.uk>


Date: Thu, 8 Apr 2010 17:57:02 -0400
From: fjohn reinke <fjohn_at_private>
Subject: Retracting my observation of the USPS CofA (RISKS-26.01)

With the assistance of Jonathan Kamens, he and I went through the steps and
urls. It appears that somehow, I wound up on a sleazy third party site,
looking like USPS, offering CofA services. I don't think I did it.  We can't
see any advertising that I could have misclicked on. There's nothing in the
history that gives me a clue. I didn't have a key logger active and perhaps
my memory is not as good as it I think it is. Argh!  So for the time being,
I'll retract my critique with apologies to all.  I'm still interested in if
the CofA goes thru. Thanks to my new acquaintance Jonathan Kamens, I've
learned to be EVEN more skeptical and wary than I have been.


Date: Thu, 15 Apr 2010 00:05:51 -0500
From: Bruce Schneier <schneier_at_private>
Subject: New Book: Cryptography Engineering

  [Excerpted from Bruce's CRYPTO-GRAM, 15 Apr 2010.  PGN]

I have a new book, sort of.  Cryptography Engineering is really the second
edition of Practical Cryptography.  Niels Ferguson and I wrote Practical
Cryptography in 2003.  Tadayoshi Kohno did most of the update work -- and
added exercises to make it more suitable as a textbook -- and is the third
author on Cryptography Engineering.  (I didn't like it that Wiley changed
the title; I think it's too close to Ross Anderson's excellent Security

Cryptography Engineering is a techie book; it's for practitioners who are
implementing cryptography or for people who want to learn more about the
nitty-gritty of how cryptography works and what the implementation pitfalls
are.  If you've already bought Practical Cryptography, there's no need to
upgrade unless you're actually using it.

Here's what's new: We revised the introductory materials in Chapter 1 to
help readers better understand the broader context for computer security,
with some explicit exercises to help readers develop a security mindset.  We
updated the discussion of AES in Chapter 3; rather than speculating on
algebraic attacks, we now talk about the recent successful (theoretical, not
practical) attacks against AES.  Chapter 4 used to recommended using
nonce-based encryption schemes.  We now find these schemes problematic, and
instead recommend randomized encryption schemes, like CBC mode.  We updated
the discussion of hash functions in Chapter 5; we discuss new results
against MD5 and SHA1, and allude to the new SHA3 candidates (but say it's
too early to start using the SHA3 candidates).  In Chapter 6, we no longer
talk about UMAC, and instead talk about CMAC and GMAC.  We revised Chapters
8 and 15 to talk about some recent implementation issue to be aware of.  For
example, we now talk about the cold boot attacks and challenges for
generating randomness in VMs.  In Chapter 19, we discuss online certificate

Signed copies are available.  See the bottom of the book's webpage for



Date: Thu, 29 May 2008 07:53:46 -0900
From: RISKS-request_at_private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.   The mailman Web interface can
 be used directly to subscribe and unsubscribe:
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe_at_private or risks-unsubscribe_at_private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users should contact <Lindsay.Marshall_at_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
 http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:


End of RISKS-FORUM Digest 26.02
Received on Sun Apr 18 2010 - 12:27:28 PDT

This archive was generated by hypermail 2.2.0 : Sun Apr 18 2010 - 13:31:35 PDT