Subject: RISKS DIGEST 16.37 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Weds 31 August 1994 Volume 16 : Issue 37 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks) ***** Contents: Risks of spread-spectrum cordless phones (Don Alvarez) St. Louis water mishap (David G. Himrich) Satellite imaging for targeted marketing? (Denis Haskin) Millennium goes to prison (Henry Troup) Breakdown of police emergency number (John Colville) Risks of client search tools (the WWWorm turns, and returns, ...) (Rob Slade) Changeable `constants' (James Ashton) Re: vandals Cut Cable, Slow MCI Service (C. Paul Ferroni) Unintended document contents (Walter Smith) Re: Bug in Microsoft Word (Steen Hansen, Pete Ferris, Anthony E. Siegman) Re: system makes bank check forgery easy (Paul Gloger) More on Real World/Cyberspace ID matching (Paul Green) Re: pi = 3 (Mark Brader) New indecency rules proposed for all online services (Daniel J. Weitzner) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: Tue, 30 Aug 1994 09:36:01 -0400 From: Don Alvarez Subject: Risks of spread-spectrum cordless phones I just purchased a 900Mhz spread spectrum phone from Escort (the radar detector people). They don't take P/O's, so I had to order with a credit card. I'm not sure I want to show the following credit card receipt to the ladies down in purchasing... ESCORT PHONE, WHITE $299 ADULT SIGNATURE REQUIRED (Thank goodness they didn't name the thing after a Cobra or an English Sheepdog or mention the "rubber-duckie" antenna... at least this way I only look like your run-of-the-mill degenerate). ------------------------------ Date: 30 Aug 94 10:56:16 EDT From: "David G. Himrich" <76270.1257@compuserve.com> Subject: St. Louis water mishap A pressure valve in the St. Louis city water system opened inadvertently and the resulting pressure spike damaged water mains in 15 locations throughout the City. It also tripped 14 fire alarms by disrupting sprinkler systems. The city water division suspects that a Southwestern Bell Telephone Company repair crew caused an "errant electronic command" which opened the 66-inch (168 cm) diameter valve. The crew was working on a data transmission line at the pressure control room at the Chain of Rocks water works in St. Louis. Southwestern Bell is not officially aware of any link between the repair and the mishap but will "be happy to work with the city to determine if there is any link." [Source: Article by Tim O'Neil and Melanie Robinson in the St. Louis Post-Dispatch, 30 August 1994.] - David Himrich ------------------------------ Date: Tue, 30 Aug 1994 13:18:31 -0500 (EST) From: Denis Haskin Subject: Satellite imaging for targeted marketing? A 25 Aug 1994 article in the *San Jose Mercury News* discusses BADGER (Bay Area Digital GeoResource), an "electronic library of maps, census data, property lines and environmental features." This is a project funded by NASA and involves Bay Area cities+towns, a company called Smart Valley, NASA Ames, Lockheed, and other companies to "create a shared data base of geographic information about the Bay Area and the software to help cities use it to identify polluters, prevent power failures or plan land-use policies." Sounds pretty benign until you get to the discussion of use of this data by private companies for identifying potential customers, to wit: Organizers say private companies might make use of the mapping service as well. For example, a satellite photo that located swimming pools could be cross-referenced to a property-tax map to create a data base of pool owners. That could be useful to pool-cleaning services. With high-resolution satellite images, roofers might be able to locate homeowners with aging wood shake roofs. The risks to personal privacy are, I think, obvious. Denis Haskin, Sr. Mgr., Production Engineering, Information Access Company, 10 Presidents' Landing, Medford, MA 02155 dwh@epub.ziff.com 617 393 3649 ------------------------------ Date: Wed, 31 Aug 1994 15:07:00 -0400 From: "henry (h.w.) troup" Subject: Millennium goes to prison KINGSTON, Ontario -- The success of a recent trial of the Northern Telecom Millennium pay phone at Collins Bay Prison in Kingston, Ontario, may mean the system is set to go to prison for life. Northern Telecom partnered with the Canadian Federal Correctional Services, telephone consortium Stentor, and Bell Canada, to customize the flexible Millennium system architecture to fit the unique demands of a prison setting. The resulting "Millennium Inmate Solution" includes real-time management of inmate phone traffic to allow or restrict numbers, and enhance fraud control. Production on the Millennium Inmate Solution is slated to begin in Calgary by year-end, after final reviews by Stentor and the federal government. Roll out to federal prisons coast to coast is planned for the first quarter of 1995. The new prison phone system was also very well received by the American Correctional Association when it was shown at their conference this month in St. Louis, Missouri. ------------------------------ Date: Wed, 31 Aug 1994 13:49:15 +1000 (EST) From: John Colville Subject: Breakdown of police emergency number [Based on radio reports] Last night (Tue Aug 30), callers to the NSW Police's emergency 000 phone number in Sydney could not get through for a period of about five hours from 7.30 pm. Emergency calls to fire and ambulance, which are also reached by 000, were not affected. One caller, who was reporting a robbery in progress, was asked to call the local police station. 000 calls in other areas e.g. Newcastle and Wollongong were not affected. The State Commander [Officer in charge of day to day operations for NSW] said that nothing like this had ever happen before, to his knowledge. Police are investigating the failure. John Colville, School of Computing Sciences, University of Technology, Sydney Broadway, NSW, Australia, 2007 colville@socs.uts.edu.au +61-2-330-1854 ------------------------------ Date: Tue, 30 Aug 1994 12:45:46 -0600 (MDT) From: "Rob Slade, the famous sleep deprivation experiment" Subject: Risks of client search tools (the WWWorm turns, and returns, ...) I noticed the following on net-happenings as an explanation of why a promised World Wide Web search tool was not released. It doesn't give full details, but, for those who can read between the lines, you can see that such a local client search tool would consume enormous amounts of bandwidth. I'm glad that the developer had the good sense not to pursue it. "Some searches were not meant to be meddled with, Dr. Lemieux!" :-) (btw, for those without W3 who want to access the document cited, send mail to listproc@www0.cern.ch with the command: www http://web.nexor.co.uk/mak/doc/robots/robots.html in the body of the message.) ---------- Forwarded message ---------- Date: Sun, 28 Aug 1994 19:03:53 -0400 (EDT) SENDER: Mac WWW Worm Subject: [announce] Mac WWW Worm First, sorry for my french colleagues for this english answer. I just didn't want to write it twice... ---------- Here are my presents thoughts about that: 1- Due to the net traffic that would be produce by such an easy-to-use 'bot, I first decided that it should _never_ be widely released. 2- My Mac WWW worm was an engine designed to search for specific topics. He was downloading lots of pages, but kept informations only about a little portion of them. This way there's a lot of wasting in net resource. So, if you were striving to get such a tool, you should consider using one of the publicly accessible WWW Database. 3- Everyone running a bot without letting other people acces the data is _wasting_ resources, and should not be permitted to do that... Anyone interested in the subject of WWW Robot should consider reading the following document: http://web.nexor.co.uk/mak/doc/robots/robots.html Before flaming me for not releasing the 'bot, read every thing you can find under that URL. ---------- Beside that, the MacWWW worm program still contains lots of neat HyperCard script that can be easily recycled for any internet based material... I would accept to share all this material with any other HC-minded people. Be aware that building net program is not a little thing. Even if HC permit it to be really easy, you should always keep in mind that the internet is a _public_ network. Don't waste other's resources... Anyway, thanks for your interest. Sebastien Lemieux, dept. biol. lemieuse@alize.ERE.UMontreal.CA http://alize.ere.umontreal.ca:8001/~lemieuse/ Ce message a ete reposte par le reposteur TCL Pour info: lemieuse@ere.umontreal.ca [Very lemieusing! PGN] ------------------------------ Date: Wed, 31 Aug 1994 13:41:00 +1000 (EST) From: "James Ashton" Subject: Changeable `constants' In RISKS-16.36 it was noted that `On some old versions of Basic for PDP-11s, you could assign any value to the "constant" pi.' I believe that on some versions of FORTRAN you could do even better. You could assign any value to numerical constants. While I never tried it, our FORTRAN lecturer told us that (at least in the local implementation of the time) numerical constants were collected by the compiler and stored in writable memory. Statements like `3=4' could then cause the chaos that you might expect. James Ashton, Department of Systems Engineering, Australian National Univ. Canberra ACT 0200 Australia +61 6 249 0681 James.Ashton@anu.edu.au ------------------------------ Date: Tue, 30 Aug 1994 08:15:46 -0400 From: "C. Paul Ferroni" Subject: Re: vandals Cut Cable, Slow MCI Service (Kabay, RISKS-16.36) I would suggest that another plausible explanation is that the cut was designed to allow for insertion of into the line at another point, while the first cut was being fixed. While the line was down for repairs, such an insertion wouldn't be noticed... I hope someone at MCI is thinking. -cpf Paul.Ferroni@ab.com ------------------------------ Date: Mon, 29 Aug 1994 21:37:36 -0700 From: wrs@newton.apple.com (Walter Smith) Subject: Unintended document contents > If all you use is printed copies, you're okay. However, if you give somebody > the file on disk or send it by E-mail, then there may be unintended info... This problem is not at all limited to Microsoft Word--there is another way in which a file can end up containing unintentional disclosures visible to a raw data editor. Checking my own disk, I have found several instances of this. There are many applications that don't write to every byte of their files. On the Macintosh (and presumably some other systems), when file space is allocated, the system doesn't zero the allocated blocks. Whatever data was written there previously remains. Thus, documents can end up with bits of other--completely unrelated, perhaps sensitive--documents trapped inside them. It's a particularly insidious problem, because once the old bits are trapped in the new document, they remain with the document forever. Even if you prepare your CD-ROM (or whatever) on a pristine, newly formatted hard disk, you may be copying little excerpts from the disks of all the machines the documents originated from. - Walter Smith / Newton Software / Apple Computer, Inc. ------------------------------ Date: Tue, 30 Aug 94 08:03:27 -0400 From: Steen Hansen Subject: Re: Bug in Microsoft Word In the August issue of Byte Magazine, columnist Pournelle (Chaos Manor) recommends turning Fast-Save off - he reported losing hours of work because of it. Steen Hansen, Computer Specialist, Ohio State University hansen+@osu.edu ------------------------------ Date: Tue, 30 Aug 94 00:04:35 -0600 From: pferris%mohawk.uucp@drd.com Subject: Re: Bug in Microsoft Word (Moore, RISKS-16.36) Gadzooks! You (and the fellow that originally reported it!) are correct. The problem also exists on the Mac - though I don't see the "Summary" problem as he stated for Windows. Norton revealed the truth of the matter on the Mac. Still, I don't consider this _fatal_ by any means. I just won't send out any Word (Fast Saved - which I keep don't use / disable, BTW!) discs. Thanks to both of you for the warning(s). I thought MS fixed the Fast Save bugs in 5.1a (note the "a"!). Evidently not this one! Hullo Mr. Gates, are you there? Tell me, do you know if this is a problem in Word 5.1a for Macintosh? I haven't encountered it yet, but I seldom rip into Word files with anything but Word. I'm curious, if this might not be used for a (future?) "restore to previously saved version" type thing... but again, why just on "Fast Save"?! Hmmmm.... I'd like to hear MS explain/correct this one (making a note to call tomorrow!). Bullwinkle sez: "Watch this Rocky! Now I'll use CPS Tools to do a Word file recover operation and see which variation of the file it prefers... " I suspect I know... :-< Pete Ferris, N5KBD pferris%mohawk.uucp@drd.com P.S.: To other readers: I stand corrected here... also: FYI: I use a Mac so not all Windows stuff is applicable here... [Another response from Pete, to Norloff, is omitted here. PGN] ------------------------------ Date: Tue, 30 Aug 94 10:14:37 PDT From: "Anthony E. Siegman" Subject: Re: Bug in Microsoft Word (something similar in WriteNow?) >Word summary info area for each document that cannot be turned off. I was using On Location (an excellent Mac utility which builds indices and enables you to find every document on your hard disk containing a given text string) to look for a letter to "Richard Jones" I had written 2 years ago. OL found such a document -- a WriteNow template letterhead I employ -- but when I opened this document the contents appeared to be a later letter to someone else. On a hunch I tried the WriteNow "Revert to Saved" menu command, and the original letter to Richard Jones appeared. Whether this could be a security hole if I sent the later letter by file transfer or over a net to someone else who also had WriteNow, I can't say. Maybe I had only printed the later letter and not Saved it; maybe I typed it in and did a "Save As", leaving the Jones letter still hidden in the template's hidden backup area. --AES siegman@sierra.stanford.edu ------------------------------ Date: Tue, 30 Aug 1994 02:53:02 PDT From: Paul_Gloger.es_xfc@xerox.com Subject: Re: system makes bank check forgery easy I believe I can explain the reported 6-month auto. purge on check stops, in a way which precludes the obvious risk in the usual check-stop case, although not in the actual case reported by Christopher Klaus. There is a U.S. federal banking regulation which says that a check dated more than 6 months ago is deemed "stale," relieving the maker of the check of obligation to honor it. (The banks don't however themselves generally monitor the currency of this date, any more than they generally verify that the signature is valid. Instead, they generally accept the check only with recourse to the payee, and subject to collection from the maker; and they send the maker, their account holder, a periodic checking account statement saying that he has 10 days [or whatever] to protest, after which he is deemed to have accepted the checks for payment. Thus the banks mostly leave it to you to know and claim your rights, while making very sure that they don't get caught in the middle. Thus the only time the bank will actually fully vet a check is when they're cashing it without recourse back to the payee.) Anyway, the 6-month-stale rule was presumably established in pre-current-computer-technology days, to bound the records and balances which must be maintained for outstanding checks, by the maker for all such checks, by the maker and the bank for stopped checks. In conjunction with this rule, a 6-month check stop works fine for checks which have been made and dated and issued and then stopped for some reason. In contrast, a check stop doesn't hold up beyond 6 months for blank checks which have been lost or stolen. However, you've got the right to simply refuse a forged check on your account, per the discussion above, so technically you're still protected; but the bank may make you sweat to exercise that right. In this case, I believe the only response that's secure against even attempted forgery is to close the account, which is what most banks would push for here. Paul Gloger ------------------------------ Date: Tue, 30 Aug 94 11:35 EDT From: Paul_Green@vos.stratus.com Subject: More on Real World/Cyberspace ID matching (Kabay, RISKS-16.35) Regarding Mich Kabay's article that reports the welfare benefits fraud case in the UK and then goes on to make some interesting speculations regarding the larger issues raised... If it is indeed true that we can take approximate measurements of multiple body characteristics and combine them to get a reliable indicator of identify (passes the common sense test; has any authority written on this subject?), then why not measure attributes of the face? >From what I have read of genetics and inheritance, and of course from my own observations, the human face is highly variable. We can speculate why random variation and natural selection has given our species this characteristic (reliably bonding parents and children?), but given that it is there, we can also take advantage of it. For example, we already measure head size (for hats) and inter-eye distance (for glasses). Other advantages are that it is noninvasive, fairly permanent, always at hand, difficult to forge, and well-established as an acceptable, nontechnical means of identification. Some difficulties would be separating identical twins (and someday, perhaps, clones), and accounting for the effects of injury, disease, and aging. As a footnote, I read recently that people whose faces are considered beautiful have facial measurements that are close to the average. Measuring faces could be fairly compute-intensive. If so, in the future, Helen of Troy could be the face that launched a thousand chips. (Gotcha!) Paul Green, Sr. Technical Consultant, Stratus Computer, Inc., Marlboro, MA 01752 (508) 460-2557 Paul_Green@vos.stratus.com; PaulGreen@aol.com ------------------------------ Date: Fri, 26 Aug 1994 19:04:12 -0400 From: msb@sq.com Subject: Re: pi = 3 (Dudley, Bible, RISKS-16.35) > Actually, my home state of Indiana did try to legislate that the value of pi > should be 3. Here is some information from the alt.folklore.urban archives > from an article written by Mark Bader (msb@sq.com) There are three important corrections to be made here. First, the act did not assign pi the value 3; this is quite clear if you actually read my article. Taking the term "pi" to mean the ratio of circumference to diameter, the bill assigned the reciprocal of this ratio the value (5/4)/4, or in other words, pi = 3.2. Second, my name is not Bader. Third, "try to legislate ... the value of pi" is not really accurate. A closer description of the legislation was that it attempted to *recognize* a better value for pi. However, because of the wording used, if passed it would, as a side-effect, have assigned that value. The intent is fairly clear from the description in... > (Further information can be found in "Mathematical Cranks", Underwood > Dudley, The Mathematical Association of America, Washington D.C.). Two additional references are: * Edington, Will E.: "House Bill No. 246, Indiana State Legislature, 1897", Proceedings of the Indiana Academy of Science (PIAS), 1935. * Singmaster, David: "The Legal Values of Pi", Mathematical Intelligencer, vol. 7 (1985) #2, p.69-72. As to the Kings-1 and Chronicles-2 items, one need only murmur the phrase "to one significant digit". [Incidentally several folks noted that the structure need not be circular to satisfy the stated conditions; an oval would do just fine. PGN] Mark Brader, msb@sq.com "But I want credit for all the words SoftQuad Inc., Toronto I spelled *right*!" -- BEETLE BAILEY ------------------------------ Date: Thu, 25 Aug 1994 14:32:40 -0600 From: djw@eff.org (Daniel J. Weitzner) Subject: New indecency rules proposed for all online services (900#s in cyberspace) I. Overview During the final hours before the Senate telecommunications bill (S.1822) was marked-up by the Senate Commerce Committee, a provision was added which would expand the current FCC regulation on obscene and indecent audiotext (900 number) services to virtually all electronic information services, including commercial online service providers, the Internet, and BBS operators. This proposal, introduced by Senator Exon, would require all information service providers and all other electronic communication service providers, to take steps to assure that minors do not have access to obscene or indecent material through the services offered by the service provider. Placing the onus, and criminal liability, on the carrier, as opposed to the originator of the content, threatens to limit the free flow of all kinds of information in the online world. If carriers are operating under the threat of criminal liability for all of the content on their services, they will be forced to pre-screen all messages and limit both the privacy and free expression of the users of these services. Senator Exon's amendment raises fundamental questions about the locus on liability for harm done from content in new digital communications media. These questions must be discussed in a way that assures the free flow of information and holds content originators responsible for their actions. II. Summary of Exon Amendment The Exon amendment which is now part of S.1822, expands section of the Communications Act to cover anyone who "makes, transmits, or otherwise makes available" obscene or indecent communication. It makes no distinction between those entities which transmit the communications from those which create, process, or use the communication. This section of the Communications Act was originally intended to criminalize harassment accomplished over interstate telephone lines, and to require telephone companies that offer indecent 900 number services to prevent minors from having access to such services. The 900 number portions are known as the Helms Amendments, having been championed by Senator Jesse Helms. These sections have been the subject of extension constitutional litigation. If enacted into law, these amendments would require that anyone who "makes, transmits, or otherwise makes available" indecent communication take prescribed steps to assure that minors are prevented from having access to these communications. In the case of 900 numbers, acceptable procedures include written verification of a subscriber's age, payment by credit card, or use of a scrambling device given to the subscriber after having verified his or her age. Failure to do so would result in up to a $100,000 fine or up to two years imprisonment. III. Carrier Liability and Threats to the Free Flow of Information These provisions raise serious First Amendment concerns. (Note that we use the term 'carrier' here to refer to a wide range of information and communication service providers. This does not suggest that these entities are, or should be, common carriers in the traditional sense of the term.) Overbroad carrier liability forces carriers to stifle the free flow of information on their systems and to act as private censors If carriers are responsible for the content of all information and communication on their systems, then they will be forced to attempt to screen all content before it is allowed to enter the system. In many cases, this would be simply impossible. But even where it is possible, such pre-screening can severely limit the diversity and free flow of information in the online world. To be sure, some system operators will want to offer services that pre-screen content. However, if all systems were forced to do so, the usefulness of digital media as communication and information dissemination systems would be drastically limited. Where possible, we must avoid legal structures which force those who merely carry messages to screen their content. Carriers are often legally prohibited from screening messages In fact, under the Electronic Communications Privacy Act of 1986, electronic communication service providers are generally prohibited from examining the contents of messages or information carrier from one subscriber to another. Extension of the 900 number rules to all electronic information services may be unconstitutional The regulation of indecent 900 number programming was only accomplished after nearly a decade of constitutional litigation, with rules being overturned by the Supreme Court. The regulations were finally found constitutional only after being substantially narrowed to meet First Amendment scrutiny. Since the access methods offered by online service providers are significantly different than simple telephone access to 900 services, we doubt that the same constitutional justifications would support the newly expanded rules. This issue requires considerable study and analysis. Content creators, or those who represent the content as their own, should be responsible for liability arising out of the content In sum, it should be content originators, not carriers, who are responsible for their content. Any other approach will stifle the free flow of information in the new digital media. IV. Next Steps Having only just received the language offered by Senator Exon, EFF still needs to do further analysis, and consult with others in the online community. We also hope to speak with Senator Exon's staff to understand their intent. Another important hearing will be held on S.1822 in mid-September by the Senate Judiciary Committee. By that time, we hope to have this issue resolved. While we agree that these carrier liability problems are in need of Congressional consideration, we do not believe that the time is ripe to act. Before any action is taken, hearings must be held and careful evaluation of all the issues, not just indecency, must be undertaken. Daniel J. Weitzner, Deputy Policy Director, Electronic Frontier Foundation, 1001 G St. NW Suite 950 East, Washington, DC 20001 +1 202-347-5400(v) ------------------------------ Date: 31 May 1994 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to (which is not automated). CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. All other reuses of RISKS material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using RISKS material should obtain permission from the contributors. ARCHIVES: "ftp crvax.sri.comlogin anonymousYourName cd risks: Issue j of volume 16 is in that directory: "get risks-16.j". For issues of earlier volumes, "get [.i]risks-i.j" (where i=1 to 15, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye" logs out. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password; bitftp@pucc.Princeton.EDU and WAIS are alternative repositories. See risks-15.75 for WAIS info. To search back issues with WAIS, use risks-digest.src. With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html. FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 16.37 ************************