Subject: RISKS DIGEST 15.71 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 29 March 1994 Volume 15 : Issue 71 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks) ***** Contents: Risks of washroom automation (Paul Colley) Pay-per-View failure lets adult station go unscrambled (Mike Carleton) Role-playing Addiction (Mich Kabay) Software theft statistics (Mich Kabay) Risks of spelling checkers (John Girard, PGN) Busy-waiting woes (Darren Senn) Recent useful newspaper pieces on crypto policy (Lance J. Hoffman) Re: L.A. Phone Fire (Nevin Liber) Re: Canadian Poodles using 911 (Shawn Mamros) Re: Banknotes and photocopiers (Mike Sullivan) Re: IRS persistence (Robin Kenny) Preliminary Program: 7th IEEE Computer Security Foundations Workshop (Li Gong) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: Mon Mar 28 14:22:02 1994 From: ember!pacolley@qucis.queensu.ca Subject: Risks of washroom automation (Erma Bombeck) Here's one paragraph of Erma Bombeck's humour column, The Kingston Whig-Standard, 28 March 1994. "I dropped by an airport washroom. In my stall, I wrestled with my jumpsuit, and in doing so the belt fell into the commode. Before I could retrieve it, the automatic flusher sucked it away and into the sewers of San Jose. I held my hands under the automatic water tap and went for a paper towel. I turned in time to see my handbag fall into the sink and activate the water. It proceeded to drown." The column also enumerates many other more familiar problems with automation. - Paul Colley colley@qucis.queensu.ca +1 613 545 3807 [Beware of the automatic handwringer. PGN] ------------------------------ Date: Tue, 29 Mar 94 13:37:20 EST From: mcarleton@zendia.enet.dec.com Subject: Pay-per-View failure lets adult station go unscrambled Cable company adds unexpected Spice to subscriber's dinner hour. A problem with a pay-per-view system caused all customers of the Greater Media Cable TV service in Worcester Massachusetts to receive the unscrambled broadcast of an Adult cable cannel offered by the system. The Spice cable channel was unscrambled for 90 minutes between 6:00pm and 7:30pm on Monday March 28th. According to a representative of the cable company, Ed Goldstien, the cause of the glitch was not known and an investigation was in progress. Goldstien presented the cable company's apology and promise that it would not happen again to subscribers over the local radio station WXLO. The Greater Media Cable system uses a call in voice response system to allow customers to activate the pay-per-view stations offered by the system. The activation code for the customer's cable box is broadcast over the cable system to unscramble the selected pay-per-view offering. RISKS readers could speculate that this incident is an indication that a universal activation code must exist for all cable decoders in the system. We could further speculate that the voice response system could have broadcast this code in response to a pay-per-view request of a single subscriber if internal tables were faulty. The RISK here is dependence on an automatic system to save cost when the cost of its failure is not taken into account. Mike Carleton mcarleton@zendia.enet.dec.com ------------------------------ Date: 29 Mar 94 12:59:07 EST From: "Mich Kabay [NCSA]" <75300.3232@CompuServe.COM> Subject: Role-playing Addiction Washington Post Staff Writer John Schwartz has published a moving and insightful article entitled, "Game Boy." It explores the life and death of an eighteen year old man addicted to cyberspace role-playing. I have asked Mr Schwartz for permission to post the original article in its entirety. For the time being, here's a brief summary. <> Nathaniel Davenport was an unassertive, socially-isolated teenager who did poorly in high school but had excellent S.A.T. scores. He entered the University of California at Santa Cruz autumn 92 and quickly became active in AmberMUSH, a M.U.D. (multi-user dimension) loosely based on the _Amber_ stories of Roger Zelazny. AmberMUSH "features a series of mirrors that you walk through into different elaborate fictional situations: One is the ruins of a city; another a rowdy Western town; a third, the smoky darkness of the "World's End Bar," a cross-dimensional speakeasy. Wherever you go, other players are there, gathered from around the world to engage in a collective fantasy; you converse with whoever is in the `room' you are in at the time, something like a pickup game in basketball." Nathaniel became a M.U.D. addict. He was asked to leave his university because he had missed all of his classes while living in AmberMUSH. Back in Virginia, he continued his addiction through student terminals at George Mason University, where he would spend entire days interacting with other role players from around the world. Nathaniel's persona in AmberMUSH was Sabbath, a beautiful seductress devoid of empathy for the characters she manipulated. For example, she spent months seducing another character, only to goad him to his death in a battle with a more powerful character. After bitter arguments with his family, Nathaniel agreed to get a job. He began working at a computer company from 5 a.m. to 1:30 p.m. He incorporated his new job into his frenetic role-playing life by skimping on sleep. A week after starting work, he apparently fell asleep at the wheel of his mother's car and smashed head-on into a truck. He died instantly. When Nathaniel's father sent out requests for correspondence on the Internet, addressing the AmberMUSH users his son had spent so much of his life with, he was astonished at the volume and quality of the responses. Over time, Tom Davenport came to believe that Nathaniel's interactions were not futile game-playing or pornographic flirting. "[I]n his quest to better himself, Nathaniel had also turned to the tool he was most comfortable with: He was using his character to explore social interactions, to learn to be funny, charming, direct. `He was using the net,' says Davenport, `to work out his life.'" "Contacted via e-mail, AmberMUSH administrator Mark Grundy said the death of Nathaniel Davenport has made him think hard about players' responsibility to one another in the on-line society. `The future for human relationships in the Communication Age seems particularly uncertain,' Grundy wrote. `For me, the lesson that Tom has taught is that the answers can come, if you look for them with the right heart.'" <> This young man, isolated from a local community, unhappy in his own skin, found happiness as a different person in a different world. The pity is that he lost touch with his own body's needs. Like a rat on an endorphin high, poor Nathaniel died from addiction to his own form of satisfaction. Should we shrug and dismiss his death? "It's his problem--he was free to act as he chose." Surely, but could anyone in his cyberspace community have helped avoid this sad end, crushed uselessly at the age of 18? I wonder if cyberspace role-players will reach out to accept and support the tangible person behind the electronic persona? Would it have helped if someone had asked how Nathaniel was doing instead of focusing only on Sabbath? As human beings interact electronically, we will be forced to integrate morality and reason into cyberspace. Cyberspace must not remain a moral vacuum; common sense must grow to encompass all the ways we now have to touch other people's lives and alter our own. Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn ------------------------------ Date: 29 Mar 94 12:59:16 EST From: "Mich Kabay [NCSA]" <75300.3232@CompuServe.COM> Subject: Software theft statistics >From the Associated Press newswire via Executive News Service on CompuServe (GO ENS): JEANNINE AVERSA, Associated Press Writer, reports on the Software Publishers Association's statistics concerning software theft. Key findings: o Worldwide losses of $7.4 billion for business software in 1993. o Rate is down 25% from $9.7 billion in 1992. o Business software (spreadsheets, electronic mail, accounting and data base programs) sales revenues in 1993 were $6.8 billion. o Companies whose employees make unauthorized copies or put single-copy programs on network servers account for the most frequent violations of software copyright. o The SPA audited or initiated lawsuits against 245 companies, all of which were resolved out of court. o Settlements totalled $3 million. o Manufacturers in the U.S. lost $1.57 billion; Japan lost $650 million; France lost $435 million. o Software theft grew fastest in India and Pakistan (up 95%); Korea and Brazil showed 89%, and Malaysia's theft grew 88%. Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn ------------------------------ Date: Tue, 29 Mar 94 23:32 BST-1 From: John Girard Subject: Risks of spelling checkers I was recently quite shocked (UK: gob-smacked) to find that an event connected with my spell checker could have put me at risk of losing my job. I was editing a publication to be sent to several hundred of my client contacts, and had made a series of trivial spelling corrections, the last being a "replace". Sitting poised over the replace button, I was presented with the suggestion that the word "Goldman" (as in a large company we all know) should be replaced with "goddamn". The word processor involved was MS Word for the Macintosh. I then tested this on Word for Windows, and got the same result. (I have the `always suggest' option selected) This event scared me greatly, because it is easy to go unconscious in front of the mouse and press "replace" one too many times without realizing the result. I contacted my support agency and was told that "goddamn" is in the main dictionary, and that I could not delete it from the main dictionary. It was suggested that I program Goldman as a replacement to goddamn. Of course, defining a replacement in this one case does not assure me that the "bad" word will not be suggested in the future for other replacements. And, I have not yet encountered other unprofessional and undesirable word replacements which I would grudgingly agree that, in an academic sense, belong in the dictionary, but are a risk to my job. Yet, I wait in fear of these discoveries. My concern here is that products such as word processors that are sold for use in "business" applications should either not freely suggest profane words in the main dictionary, or should have an option to leave them out or supply an extra warning. Obviously, the problem is further complicated by words or phrases that have different meanings in different countries even when the language seems otherwise equivalent. Has anyone else had problems similar to this? Are there any alternative "business-oriented" main dictionaries which can be purchased to eliminate the risk? And, should I be obligated to live-with/fix this problem when purchasing a "business" product? John Girard New Science Associates, Ltd./ UK ------------------------------ Date: Tue, 28 Mar 94 16:21:07 PST From: "Peter G. Neumann" Subject: Re: Risks of spelling checkers (Girard, RISKS-15.71) The RISKS archives are full of cases such as transforming a Mafia "enforcer" into an "informer", "payout" into "peyote", "back in the black" to "back in the AfroAmerican", and many other garbles. And I just happen to notice a note from Abhijit Chaudhari in the YUCKS digest (from spaf@cs.purdue.edu) noting that NeXTSTEP 3.0 Webster's barfs on "UNIX", and offers "unfix" instead. That is not Unix-friendly, although I distinctly recall Steve Jobs suggesting at the San Francisco birth announcement for NeXT that NeXT was UNIX-emulatable and UNIX-friendly (but that nobody would care once they had seen NeXT!). I wonder what that spelling corrector does to NeXT? Maybe it gets turned into a NeWT. ------------------------------ Date: Tue, 29 Mar 1994 00:19:48 -0800 (PST) From: sinster@scintilla.santa-clara.ca.us (Darren Senn) Subject: Busy-waiting woes A few years back, I was working as a student computer consultant at UC Santa Cruz. The San Diego Supercomputer Center was pulling itself up by its bootstraps, and a few of the researchers at UCSC had won grants of CPU time on SDSC's CRAY Y/MP. SDSC sent some of their tech. support staff up to Santa Cruz to give our researchers a quick introduction to UNICOS (CRAY's flavor of SYSV UNIX) and SDSC's special features. Needless to say, they didn't want to leave their tech support people in Santa Cruz, so they gave us a small grant for our consultants to use while learning their system. I was one of the lucky consultants who got to participate. So far so good. At the same time, one of my friends was finishing up his physics thesis (a weird little study of aerodynamic surfaces), and had written a small flight simulator to do some of his calculations. This study was weird enough that my friend was calling his programs 'funny', 'goofy', 'damgoofy', etc. It was a simple program which simulated the flight of a plane for a short duration, and the user couldn't adjust any control surfaces after the program started. As a favor to him and as a convenient way to learn more about the Y/MP, I ported his program over to UNICOS. The program normally asked the user for its parameters when it started up, printed the results to the terminal, and waited for the user to hit return before quitting. The program was almost entirely math, so all I had to do was convert it to batch processing. Simple: just change a few scanf()'s to fscanf()'s, tweak a few paths, and we're all set.... Or so I thought. (ominous background music, please). I ftp'd the files over to the cray, compiled them, and made a few short test runs. No problems. So I set it up to calculate 30 seconds of flight at 1ms intervals, and to print out the time when it started and stopped. Then I set it loose. It was truly impressive watching those columns of numbers scrolling by. But alas, my next class was starting, so I couldn't wait for it to finish. I was capturing the output to a file anyway, so I just disconnected and went to my class. That was Friday evening. Sunday morning rolls around, and I get rudely shaken from bed by a phone call at 7am! Imagine the nerve! hmph. It was SDSC's support staff calling. It seems that a renegade program had eaten up all the consultant's time grant by running continuously (100% CPU usage) for 35 hours in the interactive `batch` queue! Clearly this program was intended as some warped prank, considering it was called 'damgoofy'! Uh-oh. I was sure there was some kind of mistake, so I rushed up to campus to see what had happened. It turns out that I had forgotten to remove the program's last gets(): that's the line which made the simulator wait for the user to hit return before quitting. That shouldn't have been a problem in itself, since the function should've immediately returned with an error after it discovered it had lost it's terminal (when I logged out). It didn't. No problem, right? The program should've just stopped waiting for input, consuming no CPU resources. Nope. Under that version of UNICOS, the program was waiting in a busy-loop, uselessly using the CPU while it waited for input. :( Ooooops! Luckily SDSC was nice to us, and the Y/MP was underutilized back then anyway, so they just refunded the money, my friend got an impressive simulation, and I got an anecdote. :) Darren Senn Phone: (408) 988-2640 Snail: 620 Park View Drive #206 sinster@scintilla.santa-clara.ca.us Santa Clara, CA 95054 ------------------------------ Date: Tue, 29 Mar 1994 14:01:51 -0500 (EST) From: "Lance J. Hoffman" Subject: Recent useful newspaper pieces on crypto policy Two interesting newspaper articles on encryption policy recently appeared: In The Australian, an influential national newspaper similar to The Guardian in the U. K. or The New York Times in the U. S., a large article describes the Clipper chip controversy including a bit more technical detail than is common for U. S. newspapers. Professor Bill Caelli of Queensland University of Technology's School of Data Communications is quoted as saying "Is Clipper the start of a more onerous agenda? Does Clipper represent attempts to outlaw the use of encryption in any form by the public unless he or she uses an 'approved' (and breakable) cipher system such as Clipper? This last question is a far darker scenario and goes to the very heart of freedom and privacy in a democratic society." -- All this in The Australian of 29 March 1994. In the New York Times of 26 March 1994, on the first page of the second section and wrapping around to page 26, there is an article "Collisions in Cyberspace on Data Encryption Plan" which starts "To paraphrase Oscar Wilde, the Clinton Administration threw a couple of its lions into a den of savage Daniels here this week" (now last week). That refers to the Fourth Conference on Computers, Freedom, and Privacy in Chicago, and the article appears under a wonderful photo of Emmanuel Goldstein, editor of 2600, clad in T-shirt, etc., taling with Frank Carey of Bell Labs, replete in coat and tie, but holding beer bottle. The article goes on to describe an arrest of a man in the conference hotel (actually a conference attendee) who fit the description of fugitive hacker Kevin Mitnick and the rough go Dave Lytel of the President's Office of Science and Technology Policy had as the keynote speaker trying to defend Clipper. Professor Lance J. Hoffman, Department of Electrical Eng. and Computer Science The George Washington University, Washington, D. C. 20052 (202) 994-4955 ------------------------------ Date: Tue, 29 Mar 1994 02:32:49 -0700 (MST) From: Nevin Liber Subject: Re: L.A. Phone Fire (Weinstein, RISKS-15.67) We felt the effects here in Tuscon, Arizona, 500 miles and another state away from Los Angeles. I went to the local grocery store to do some shopping and, you guessed it, they couldn't take my charge card because of that fire (they had notices posted throughout the store). I guess it's not just earthquakes anymore that have a rippling effect all the way to Arizona... ------------------------------ Date: Tue, 29 Mar 94 10:55:27 EST From: mamros@ftp.com (Shawn Mamros) Subject: Re: The RISKs of Canadian Poodles using 911 (RISKS 15.70) John Oram , in RISKS 15.70: >They had 911 on speed dial? Come on - that's inexcusable, given how easy it >is to accidentally hit the wrong button on a phone. Not when the phone manufacturer provides speed dial buttons explicitly labelled for that purpose. I own a General Electric phone (purchased about five years ago) that has three buttons on it labelled "Fire", "Police", and "Ambulance". There are other risks associated with such a phone, in addition to that of pets (or small children) accidentally hitting one of those buttons. The buttons need to be programmed with the correct number, since 911 is not (yet) universal in the US. If the owner of a phone does not set the numbers for those buttons - or worse, moves without changing the numbers (where one of the old or new locations does not have 911) - one could picture a scenario where a guest is present, the phone's owner is incapacitated, and the guest tries to use the "Ambulance" button to contact same... -Shawn Mamros mamros@ftp.com [RISKS received a large number of messages on this topic, including those Jay Schmidgall , Jeff Nelson , Nevin Liber , Tom Russ ) Andrew Duane who noted built-in emergency features. The risks therein seem quite widespread. Also, Bob Peterson noted the risks of defaults returning when batteries are replaced. PGN] ------------------------------ Date: 29 Mar 94 00:12:24 EST From: Mike Sullivan <74160.1134@CompuServe.COM> Subject: Banknotes and photocopiers In RISKS-15.70, Tom Standage noted that some color photocopiers prevent forgery by reacting to the color shift in the ink. This seems similar to how our Xerox black-and-white copiers react to an American Express card. The cards apparently use two different inks for the pattern filling the face of the card, one of which is invisible to the copier, although both inks look identical to the eye. When photocopied, the card image bears the word VOID all over its face (this is the green card; haven't tried it with a gold or platinum one). Perhaps a similar technology is involved in preventing copying of currency. ------------------------------ Date: Wed, 30 Mar 94 10:16:25 +1000 From: Robin Kenny Subject: Re: IRS persistence (Methvin, RISKS-15.70) This is not a good idea. What happened to me, basically, was that I closed my old VISA account with the State Bank Victoria (Australia) with 4 cents credit, , believing I was a good guy for not trying to get the money out - after all, it probably costs VISA $x per transaction. Some years later I had occasion to apply for another VISA card... When trying to use my bank DEBIT card to pay for petrol a security alert was flashed to the operator and my card was seized. Using my ATM card showed no funds and my ATM card was seized. My PASSBOOK account had a security trigger fire when I presented it at the local branch... It was all caused by the previous VISA account; the four cents was never allowed to be reabsorbed by the bank and my application for a new card found a bug in the validation software that said "there is a problem with this applicant". This automatically put a hold on all my finances! Even the home loan joint account was frozen. It took TEN WORKING DAYS for a human to finally backtrack to the root cause (the security re-asserted itself each night) I did get an official letter of explanation (I was beyond accepting apologies) on letter-head so future repercussions could be minimised. What may happen to "dwm" could be something bizarre like being arrested by the IRS for undisclosed income, not so improbable as a friend had his 1987 tax refund assessed as income for 1988! (Did I read in RISKS about a person having $1M accidentally transferred into their savings account, now fighting it out with the bank over the $50,000 funds-transfer tax?) [The original item was in RISKS-15.60. I don't recall seeing the transfer-tax item before. PGN] Robin Kenny (robink@hparc0.aus.hp.com) ------------------------------ Date: Tue, 29 Mar 94 10:33:56 -0800 From: Li Gong Subject: Preliminary Program: 7th IEEE Computer Security Foundations Workshop [This workshop is by invitation of the General Chair only. To participate, please contact Professor Ravi Sandhu at sandhu@isse.gmu.edu as early as possible since the number of spaces is very limited.] 7th IEEE Computer Security Foundations Workshop (CSFW-7) (Preliminary Program) Franconia, New Hampshire, June 14-16, 1994 Tuesday, June 14 8:50-9:00am -- Welcoming Remarks Ravi Sandhu (George Mason University, General Chair) Li Gong (SRI, Program Chair) 9:00-10:30am -- Non-Interference and Composability Session chair: Jose Meseguer (SRI) * Unwinding Forward Correctability Jonathan Millen (MITRE) * A State-Based Approach to Non-Interference William Young and William Bevier (Computational Logic, Inc.) * Combining Components and Policies George Dinolt, Lee Benzinger and Mark Yatabe (Loral) 11:00-12:00pm -- Formal Methods and Semantics Session chair: Simon Foley (University College Cork) * Formal Methods for the Informal World Carol Muehrcke (Secure Computing Corporation) * Formal Semantics of Rights and Confidentiality in Deductive Databases with General Integrity Constraints Adrian Spalka (University of Bonn) 12:00-2:00pm -- Lunch Break and Croquet Tournament 2:00-3:00pm -- Modeling Session chair: Stewart Lee (University of Toronto) * Confidentiality in a Replicated Architecture Trusted Database System: A Formal Model Oliver Costich, John McLean and John McDermott (Naval Research Lab) * Conceptual Foundations for a Model of Task-based Authorizations Ravi Sandhu and Roshan Thomas (George Mason University) 3:30-5:00pm -- Panel on "The General Write-Up Problem" Panel moderator: John McDermott (Naval Research Lab) Panelists: to be confirmed Wensdesday, June 15 9:00-10:30am -- Cryptographic Protocol Analysis Session chair: Virgil Gligor (University of Maryland) * A Model of Computation for the NRL Protocol Analyzer Catherine Meadows (Naval Research Lab) * AUTLOG -- An Advanced Logic of Authentication Volker Kessler and Gabriele Riemer (Siemens, AG) * Nonmonotonic Cryptographic Protocols Aviel Rubin and Peter Honeyman (University of Michigan) 11:00-12:00pm -- Security Policies Session chair: John McLean (Naval Research Lab) * Formal Specification of Information Flow Security Policies and Their Enforcement in Security Critical Systems Ramesh Peri and William Wulf (University of Virginia) * A Taxonomy of Security Properties for CCS Roberto Gorrieri and Riccardo Focardi (Universita di Bologna) 12:00-2:00pm -- Lunch Break and Croquet Tournament 2:00-3:00pm -- Access Control Session chair: Joshua Guttman (MITRE) * One-Representative Safety Analysis in the Non-Monotonic Transform Model Ravi Sandhu and Paul Ammann (George Mason University) * Reasoning about Confidentiality Requirements Simon Foley (University College Cork, Ireland) 3:30-5:00pm -- Panel on "Reconsidering the Role of the Reference Monitor" * Redrawing the Security Perimeter of a Trusted System Dan Sterne and Glen Benson (Trusted Information Systems) Panel moderator: Dan Sterne Panelists: Len LaPadula (MITRE), Ravi Sandhu (GMU), Carl Landwehr (NRL), and Glenn Benson (TIS) Thursday, June 16 9:00-10:30am -- Protocol Security Session chair: Michael Merritt (AT&T Bell Labs) * Development of Authentication Protocols: Some Misconceptions and a New Approach Wenbo Mao and Colin Boyd (University of Manchester) * A Taxonomy of Replay Attacks Paul Syverson (Naval Research Lab) * Cryptographic Protocols Flaws Ulf Carlsen (Telecom Bretagne, France) 11:00-12:00pm -- Workshop Business Meeting 12:00pm -- Workshop Adjourns ------------------------------ Date: ongoing From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA) with SUBSCRIBE RISKS or UNSUBSCRIBE RISKS as needed. Users on US Military and Government machines should contact (Dennis Rears). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, send requests to (not automated). CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ARCHIVES: "ftp crvax.sri.comlogin anonymousYourName cd risks: Issue j of volume 15 is in that directory: "get risks-15.j". For issues of earlier volumes, "get [.i]risks-i.j" (where i=1 to 14, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00. "dir" (or "dir [.i]") lists (sub)directory; "bye" logs out. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password. WAIS and bitftp@pucc.Princeton.EDU are alternative repositories. FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 15.71 ************************