Subject: RISKS DIGEST 17.61 RISKS-LIST: Risks-Forum Digest Monday 8 January 1996 Volume 17 : Issue 61 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, etc. ***** Contents: Snowbound workers overload Nynex lines (Dave Tarabar) Denver Airport baggage misdelivery prompts shutdown (Robert Charette) Estimate of the effects of export controls on U.S. companies (PGN) The Citibank hack, continued (David Kennedy) How They Nailed "The Engineer" (Mark Thorson) DPA: Crime on the Net (Mich Kabay) CompuServe's Can of Worms (Edupage) The risks of using obscenities (Daniel Hicks) Metaphorplay on Compuservile (Henry Baker) Re: Bavarian Police Censors CompuServe (David G. Bell, Russell Stewart) CompuServe Overreaction (Klaus Brunnstein) Re: Problems when PC BIOS is held in flash RAM (Sean Reifschneider) Door-unlocked indicator increases risks? (John Light) ABRIDGED info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: 07 Jan 1996 21:36:42 GMT From: Dave_Tarabar@bcsmac.org (Dave Tarabar) Subject: Snowbound workers overload Nynex lines It occasionally snows in Massachusetts. Last week most of the state got at least twelve inches of snow in a storm that started Tuesday evening and kept going most of Wednesday (3 Jan 96). The storm was forecast several days in advance and many workers avoided a treacherous drive to work by staying home and trying to telecommute. Friday's Boston Globe had a short article that reported that Nynex experienced a 50% increase in phone-line demand in some areas. This resulted in some users having to wait for a dial tone and hearing quick busy signals once they got one. This appears to have been a minor and temporary inconvenience and we all got back to work on Thursday. But I think back to the Blizzard of '78, when a 30+ inch snowfall closed down the state for almost four days. (The state prohibited non-emergency travel and several major highways were blocked by snow covered abandoned cars.) If that happened today, all of home modems and fax machines that might be used by homebound workers might severely stress a phone system that was already suffering from weather related equipment and wiring breakdowns. [And of course, it may have happened today? PGN] ----------------------------- Date: 05 Jan 96 20:43:53 EST From: Robert Charette <75000.1726@compuserve.com> Subject: Denver Airport baggage misdelivery prompts shutdown A recent AP item from Denver (Denver Baggage System Shutdown) indicates that Denver's long-plagued automated baggage-handling system (most recently, see RISKS-16.83), which finally went on-line in October 1995, has a software problem that has caused its sole user (United Airlines) to shut down use for inbound baggage -- which has been handled manually since 22 Dec 1995 pending further analysis, even though the apparent software problem has been fixed. On the other hand, only 15 of 27,706 bags missed their delivery on 22 December. (No details were available on the nature of the bug.) ------------------------------ Date: Mon, 8 Jan 96 08:01:15 PST From: "Peter G. Neumann" Subject: Estimate of the effects of export controls on U.S. companies The Sunday *San Francisco Examiner and Chronicle* carried an item entitled ``Encryption Sales Ban Costs U.S. $60 Billion'' (7 Jan 1996), which quoted a report of the Computer Systems Policy Project, sponsored by IBM, AT&T, and 11 other companies, estimating that in the year 2000 as much as 30 percent of an estimated $200 billion computer systems market would be lost because of the existing U.S. export controls on crypto technology. ------------------------------ Date: 05 Jan 96 03:04:30 EST From: David Kennedy <76702.3557@compuserve.com> Subject: The Citibank hack, continued Russian pleads guilty to stealing from Citibank ... [Courtesy of Reuters North America (4 Jan 1996) and CompuServe's Executive News Service] >> Russian pleads guilty to stealing from Citibank accounts << >> NEW YORK (Reuter) - A Russian national has pleaded guilty for his role in a scheme to penetrate Citibank's computers, steal millions from corporate accounts and transfer the funds to overseas accounts, federal prosecutors said Thursday. Alexei Lachmanov, 28, faces a possible maximum sentence of five years in prison and a $250,000 fine for participating in the scheme that involved the illegal transfer of funds to bank accounts he controlled in Israel. << o The gang's mastermind was Vladimir Levin who was arrested at Heathrow Airport, London UK and is awaiting extradition. o The prosecution believes Levin working in the Russian firm AO Saturn manipulated the computers at Citibank to transfer funds to accounts in Finland, Israel and Bank of America. >> The charges against Lachmanov allege that in August 1994 he told co-conspirators in Russia about his personal accounts in Tel Aviv, Israel. The co-conspirators had gained unauthorized access to the Citibank Cash Management System, which allows Citibank customers to access a computer network and transfer funds from their Citibank accounts to accounts at other financial institutions. << o Lachmanov admitted to transfers to account to five Tel Aviv banks, and attempting to withdraw US$940,000 from those accounts. o Three other members of the gang have pleaded guilty. Dave Kennedy [US Army MP] [CISSP] Volunteer SysOp National Computer Security Assoc ------------------------------ Date: Sun, 7 Jan 1996 21:26:01 -0800 From: eee@netcom.com (Mark Thorson) Subject: How They Nailed "The Engineer" There was a story tonight on the _60_Minutes_ television program on CBS describing the recent assassination of a terrorist in Israel. Known as "The Engineer", he designed bombs used in a number of terrorist incidents in Israel. At the time of his death, he was in hiding. According to the news story, he was killed by a bomb planted inside a cellphone which was activated by a code sent to the cellphone. The story was that the cellphone had been provided by a trusted person who was presumably an Israeli undercover agent. This implied that only one sabotaged cellphone exists. It seems more likely to me that if you were tracking down a highly elusive enemy using cellphones, you'd infiltrate many more than one cellphone. GAZA-PHONES-ARE-US might be selling nothing but booby-trapped phones during that end-of-the-year "blowout" sale! Then, all you have to do is monitor enough telephone conversations until you catch the guy while he uses one of your sabotaged phones. Send the code, and BOOM! This raises some interesting RISKS possibilities. Selective assassination by dialing in a number? Can the system be hacked? Does the system make mistakes? [What about, Sorry, wrong number?] ------------------------------ Date: 04 Jan 96 10:27:22 EST From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com> Subject: DPA: Crime on the Net >From the German Press Agency news wire via CompuServe's Executive News Service; translated by MK with the help of Power Translator Deluxe 1.0 from Globalink Inc: Copyright DPA, 1995 EDV-Polizeiexperte: Kriminelle nutzen vermehrt Computernetze Mu"nchen (DPA, 95.12.29) - Kriminelle nutzen fur immer mehr Straftaten die elektronischen Mo"glichkeiten der Computernetze. Darauf verweist der Leiter des Sachgebiets Computerkriminalita"t beim Bayerischen Landeskriminalamt in Mu"nchen, Werner Paul. ``Die Palette reicht von der Kinderpornographie, u"ber Rauschgift, den Waffenhandel, Software-Raubkopien bis zum Kreditkartenbetrug'', sagte er am Freitag der DPA. .... Copyright German Press Agency, 1995 EDP - Police Expert: Criminal use of computer networks increasing Munich (German Press Agency) - criminals are increasingly using the electronic possibilities of computer networks. According to the director of the computer crime unit of the Bavarian State Prosecutors Office in Munich, Werner Paul, "The range extends from child pornography to narcotics, the arms trade, software piracy and credit-card fraud." Herr Paul was speaking on Friday to the German Press Agency. Key points: o The investigation of CompuServe in Germany on suspicion of distributing child pornography is not an isolated case. o On-line access suppliers can no more distance themselves from distribution of pornography than from distribution of illegal copies of proprietary software, he said. o Herr Paul argued that the issue is not that the access providers are criminals; the problem is that criminals are using the access providers. o In the fight against computer crime, the networks must, in his opinion, help the police authorities; he conceded that the police authorities do not have enough highly qualified personnel for such investigations. M. E. Kabay, Ph.D. / Director of Education, National Computer Security Assn (Carlisle, PA) ------------------------------ Date: Mon, 8 Jan 1996 14:26:23 -0500 (EST) From: Educom Subject: CompuServe's Can of Worms (Edupage, 7 January 1996) After cutting off subscribers' access to more than 200 electronic bulletin boards that feature adult material last week, CompuServe now is trying to find a technical way to block only German subscribers, whose government originally had lodged the complaint against the commercial online provider. Industry executives are pointing out that this would set a bad precedent, possibly encouraging other governments to make their own demands regarding content restrictions. "Every country will now jump in and say we don't want any antigovernment propaganda. Every country in the world will push its own local hot button," says a University of Pennsylvania professor. (*Wall Street Journal*, 5 Jan 95, B2) ------------------------------ Date: Wed, 3 Jan 1996 12:22:15 -0600 (CST) From: Daniel Hicks Subject: The risks of using obscenities Note: DaveR, a user on an internal IBM system in Lexington, KY, was browsing the ESPN Web pages and came upon some correspondence discussing U of K basketball player Jared Prickett. However, the name appearing on the page was "Jared ett" -- some automatic censor logic was removing "Prick" from posts to the ESPN discussion boards. I have encouraged DaveR to submit directly a RISKS article about this [which is now unnecessary], but I thought the following might make for an interesting counterpoint [...]. Back when I was in college (many many years ago), we had an HP 2000 Time Shared Basic system. It was a fairly primitive system by current standards (16 TTY terminals), but the neatest thing since sliced bread at the time. There were several students, however, who just did not get along well with computers. One of these, a classmate of mine, had spent several hours creating a program to do some task, but the program was not working as expected. In a fit of frustration, the student typed in "SCR*W YOU" on the TTY. However it was the student who was screwed. Any line not prefixed by a line number was interpreted by the system as a command, and the system ignored anything beyond the first three letters of commands. So "SCR*W YOU" was seen as "SCR", meaning "scratch" -- the system's command to erase the current workspace. In a final bit of irony, the system responded with its usual response -- "OK" -- after completing the "scratch" operation. The student was laughing at the system's response -- until he realized his program had disappeared. Dan Hicks IBM Rochester, Minnesota ------------------------------ Date: Sat, 6 Jan 1996 17:25:55 -0800 From: hbaker@netcom.netcom.com (Henry Baker) Subject: Metaphorplay on Compuservile A powerful rule-of-thumb from control theory says that the uncertainty in a control system will gravitate towards the degree of freedom that is hardest to measure and/or hardest to control. A classic example of this problem is the 'horizon effect' in computer chess programs, in which bad (or good) things that happen more moves ahead than the program can look, aren't considered at all; this provides a way for a fair human strategic player to beat a tactically excellent chess program. Politicians appear to be blissfully unaware of this rule, and as a result they go off so half-cocked that their 'cures' are much worse than the diseases for which they are prescribed. For example, instead of having newsgroups whose content is trivially identified, so that people can stay clear of them, the newsgroups will now get innocuous names, and it will be much easier for someone to wander into the middle of an ogrey (sic). However, Santayana was right, and people must learn most things first-hand, so here goes. Instead of beating our breasts over Compuserve's censorship of Usenet newsgroups, we should should respond to this censorship in the same way that people have all through history -- by using metaphoric code. For example, some of the nursery rhymes we learned as children were actually very caustic statements about the powers-that-be of the time, but which if said in plain text would have gotten the speaker's spine stretched and/or severed. Given the indexing machines like www.dejanews.com and www.altavista.digital.com, one can get a list of the 2000 most frequent adjectives, verbs and nouns (exclusive of the proscribed groups, whose names are available at www.eff.org). We and then construct a mapping from these most frequent words onto the words of love & hate, which can provide a vocabulary rich enough for most public purposes. (A brief scan of the 'personals' section of the local newspaper indicates that 2000 words is far more than should be necessary, and probably exceeds by two orders of magnitude the vocabulary of cheap porn flicks.) We now fix our personal spelling dictionaries to suggest the appropriate mappings, and continue usenetting as before. Because we have utilized the most common words from Usenet, any attempt to scan the news with a simple 'stop list' will prove futile and/or will succeed in killing off 99% of _all_ the news. Example: "There once was a student from Nantucket; whose thesis was so long he could..." (You get the picture.) Additionally, some uncommon words like 'exon' and 'compuserve' can also be included in the dictionary. You can intuit their meanings from the usage below. "The first night we met, we exoned like bunnies; our son George is the result." "She was just a compuserver that I met in an IRC Chat Room; she was picked up by the vice squad for compuserving on Hollywood Boulevard before she discovered Cyberspace." Given these meanings, Compuserve will be forced to 'stoplist' these words, which among other things will lead to a Russell-Goedel paradox. Henry Baker www/ftp directory: ftp://ftp.netcom.com/pub/hb/hbaker/home.html Copyright (c) 1996 by Henry G. Baker. All rights reserved. ** Warning: Due to its censorship, CompuServe and its subscribers ** ** are expressly prohibited from storing or copying this document ** ** on CompuServe in any form. ** [But watch out for the russelling goedels unless you are quite undecided. PGN] ------------------------------ Date: Tue, 02 Jan 96 21:35:52 GMT From: dbell@zhochaka.demon.co.uk ("David G. Bell") Subject: Re: Bavarian Police Censors CompuServe (RISKS-17.59) In article you write: > Date: Tue, 2 Jan 1996 15:26:25 +0100 > From: Klaus Brunnstein > Subject: Bavarian Police Censors CompuServe And the story looks more and more confused with every hour that passes... But does anyone else remember a similar incident, several years ago, over the game Wolfenstein 3D? This precursor to Doom, distributed in much the same way, was made available over Compuserve. Unfortunately, some of the graphics included pictures of Adolf Hitler and assorted Nazi insignia, on the walls of the rooms where the player was killing anything and everything that moved. This made the game illegal in Germany. The game was withdrawn from Compuserve, worldwide. Back then, I wasn't on the net. I got my news at a slower pace, in monthly magazines. According to the accounts, as I recall, there was some confusion about who took the decision to remove the game, and Compuserve said it was the decision of the forum sysop (is that the correct term?). In any case, the problem of local laws affecting an international computer network is _not_ new, and Compuserve staff didn't need to read RISKS to know about the possibility. David G. Bell -- Farmer, SF Fan, Filker, Furry, and Punslinger.. ------------------------------ Date: Wed, 03 Jan 96 16:04:36 From: diamond@Rt66.com (Russell Stewart) Subject: Re: Bavarian Police Censors CompuServe (Brunnstein, RISKS-17.59) Actually, I think this should have been titled "Compuserve censors itself." Though I don't agree with the actions of the German police or those of Compuserve, the fact remains that Compuserve made this choice themselves. Why does it matter? Simple; this is all the more reason for anyone who truly cares about freedom of expression in the electronic medium to dump giant, corporate providers like Compuserve and AOL and instead patronize their local ISPs, who (in my experience) are usually very serious about providing their customers with everything that the 'net has to offer. Of course, not every town yet has an ISP, so this is not an option for everyone. But even if only the people in towns that do have good ISPs did this, C$ and AOL would feel it. Russell Stewart, Albuquerque, New Mexico diamond@rt66.com http://www.rt66.com/diamond/ ------------------------------ Date: Wed, 3 Jan 1996 18:22:34 +0100 From: Klaus Brunnstein Subject: CompuServe Overreaction After some discussions with State Attorneys in Munich, there is evidence that CompuServe activities to shutdown worldwide access to 200 electronic discussion groups were legally UNJUSTIFIED to the extent as experienced! The legal background is Para.184 of German Penal Code concerned with "Pornographic Writings" (Schrift). The lengthy paragraph forbids to distribute and give access to pornographic writings to persons under 18 (sentence 1), and it also forbids pornographic broadcasts (sentence 2). Esp. provisions were recently introduced (1994) to forbid distribution, presentation, production etc of child pornography; this part applies to persons of any age. In early November 1995, Munich police notified Bavarian state attorney`s office that CompuServe`s German subsidiary (with its office in Unterhaching, a suburb of Munich) offers access to child pornography also to persons under 18. In German Penal Code, this is an offence which the state attorney MUST prosecute (Offizialdelikt). State Attorney asked the district court (on Nov.11) for a search warrant. On Nov.22, attorneys and police experts searched CompuServe`s office for evidence. CompuServe was given a list with 200 electronic fora to which Para.184 MIGHT apply, but it was explicitly made clear that CompuServe had the responsibility to analyse which of these fora really offended German law. (Indeed, a careful inspection of knowledgeable people would have made clear immediately that several items on this were NO valid candidates for Para.184!) CompuServe reacted VERY late (shortly before Christmas), and CompuServe OVERREACTED in blocking access to ALL these electronic fora WORLDWIDE. As most national laws (with exception of some laws requesting universal applicability :-), German law deliberately applies to Germany :-)! Either was CompuServe TECHNICALLY UNABLE to react ONLY FOR GERMAN users (and leave worldwide users unaffected). OR CompuServe choose its overreaction carefully to produce worldwide uproar against applying national law! Anyhow, CompuServe evidently failed to legally analyse which of the 200 el.fora really addressed the intent of Para.184! The procedure of Bavarian State Attorney may have one week point in whether the term "writing" (evidently meant by legislators as applying to traditional paper-work) may apply to "electronic documents" even in "virtual form". Current interpretation here is that "writing" also applies to printouts and stored files (as they may be printed). Evidently, this MAY NOT APPLY to pictures in RAM just displayed on a screen, as long they are not stored or printed. This may also not apply even to disk cache as long as this is only accessible to the display system. On the other hand, if CompuServe stores such files locally (in Munich), e.g., on a mirror-site, and as CompuServe does *not* differentiate between users according to age (e.g., those under 18), para.184 may indeed apply if CompuServe can be held responsible for the content of their files. It would be interesting to legally clarify also in Germany the question of responsibility, as recently clarified in the Prodigy and CompuServe cases in USA (in one case, a moderated group was regarded as being sort of publisher with responsibility for the content, while in another case, an unmoderated forum was regarded merely as book-seller, with NO re- sponsibility for the content traded). No similar case has been dealt- with in Germany, so far. In this situation, there is NO evidence that the Bavarian procedure in this case may be a signal for introducing censorship in the Internet (as many experts had feared, including my initial reaction :-). But this case may be helpful to start discussions of self-control, including topics of pornography, virtual violence or assault! From a German point of view, it is indeed hard to understand that Nazi propaganda (legally forbidden in Germany since WW II for good reasons, for which we have been re-educated and democratized :-) flows into Germany from Nazi groups, e.g., in Canada, USA and Denmark. Free Flow of Information requires responsibility and ethical standards which so far have hardly been developed in networld. So far, some universities with some sort of "Code of Ethics" (e.g., Hamburg university) have sopped access to (few) pornographic electronic fora since some time. This is NOT a matter of censorship but a matter of Ethics and responsibility! Klaus Brunnstein (Univ Hamburg: January 3,1995) PS: for those capable of German and interested in the text of para.184, I will make the text (in German only!) available on our ftp site, on 4 Jan 1995 (noon Hamburg time): look for ftp.informatik.uni-hamburg.de/pub/virus/laws/para184.txt This site is "under development", and we will store there legal texts related to computer crime, viral and hacker issues, etc. ------------------------------ Date: Wed, 3 Jan 1996 16:56:21 -0600 (CST) From: Sean Reifschneider Subject: Re: Problems when PC BIOS is held in flash RAM (Portman, RISKS-17.58) >Each PC will have to come supplied with a re-load trusted bios program, >but I have no idea how (or if) this would work. It's not just PCs that come with this "feature" but also modems, tape drives, and many other pieces of hardware which allow reprogramming in the field. Modem manufacturer Zyxel has chosen to put more of it's modems "brains" in the flashed software than in hardware which allows them to have supported new features which weren't even thought of when the modem was designed (to an extent). But back to the PCs... I own a couple of PCs which use Flash ROMs. I find it quite assuring to know that I can upgrade to the latest BIOS just by loading a floppy and letting it rip. It's not quite THAT easy though... Many of the BIOS upgrades will need to update the "boot" portion of the ROM which requires physically moving a jumper on the motherboard. These boards also have the ability to boot a minimal system in the event of a bad flash. Unfortunately I *DID* have to test this a short while back. But as with everything, with proper measures taken it seems to be reasonably safe to do. This includes making sure you have the image of the old BIOS on disc and recommendations have been made on UseNet to not try flashing if there's a storm (loss of electricity risks). Of possible interest to other RISKS readers is the method that some of the larger Hewlett Packard machines have used. They have two banks of programmable memory which you can boot from. If for one bank fails due to a an upgrade failure or chip failure, an operator can switch over to the other bank and boot with the previous version or a backup copy. Specifically I have observed this on a T-500 class machine (I noticed during a firmware upgrade that there were several options and asked the HP field engineer about it). What do you expect on a million-dollar piece of hardware though? >Another RISK is that the flash RAM will probably only be good for tens >of program cycles (updates) to keep costs down. While this may well be a RISK (the motherboard I bought has a reputation of using workstation-quality oscillators so hopefully it's not a risk for me), I think it's worth pursuing to "root cause"... Is the manufacturer to blame? I don't think so... Look at what we now equip our PCs with -- possibly cheap FlashROMs that may be only good for 10 cycles, the RAM doesn't even so much as parity-check any more (the Triton chipset ignores parity bits if your RAM even has it), single spindle hard drives, etc... By contrast, most "workstation" class machines would have possibly better quality components inside, ECC (error correcting) memory, watchdog timers (to detect when the software isn't responding and reset the machine), most of them still use single-spindle hard drives though... (I must say that I was pleasently surprised to see that the first Pentium Pro motherboard I saw DID use ECC RAM) The "root cause" of these shortcomings is of course the consumers. Why pay for workstation-quality components when they can get "the same computer" for hundreds if not thousands of dollars less from someone next door? I guess I'm kind of to blame too... Even though I wanted a PC with ECC memory, RAID storage, and a watchdog timer, I bought the best PC I could because going with these parts would push the price up by literally 3 times. I am planing on installing a watchdog, and I haven't been able to locate PC-class motherboards with ECC ability. Everyone claims to want reliability and good service, but few want to pay for it. Witness people spending half an hour driving to another store to save $.30 on laundry detergent. Or how about the person bashing Gateway (a well known mail-order computer seller) for sending out a replacement motherboard and expecting one UseNet poster's daughter to be able to replace it. I'm sure if they brought the machine to the resellers door the motherboard would have been replaced for them... Sean ------------------------------ Date: Thu, 04 Jan 96 13:43:00 PST From: John Light Subject: Door-unlocked indicator increases risks? My car radio was stolen the one night I didn't lock my car, so I made the following observation. Many modern cars have integrated alarm systems. By "integrated" I mean that locking the car automatically arms the alarm, and unlocking the car automatically disarms the alarm. A side effect is that a light flashes on the dash to indicate the alarm is armed. A thief who frequents a neighborhood will know which cars have alarms. If he sees that the light is not flashing, he will know that the car is not locked without having to either approach the car closely or do something suspicious like try the door handle. So the one night in a hundred when you fail to lock the car will likely be found out. (And you might blame it on Murphy!) It is ironic that the light that is meant to add protection actually reduces it under some circumstances. I intend to disable the alarm flasher, leaving only the radio flasher, which turns on whenever the car is turned off. John Light jjlight@ibeam.intel.com ------------------------------ Date: 6 September 1995 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: ABRIDGED info on RISKS (comp.risks) The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...] DIRECT REQUESTS to (majordomo) with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] INFO [for further information] CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. [...] ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. RISKS can also be read on the web at URL http://catless.ncl.ac.uk/Risks RISKS ARCHIVES: "ftp ftp.sri.comlogin anonymous[YourNetAddress] cd risks or cwd risks, depending on your particular FTP. [...] [Back issues are in the subdirectory corresponding to the volume number.] Individual issues can be accessed using a URL of the form http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue] ftp://unix.sri.com/risks [if your browser accepts URLs.] ------------------------------ End of RISKS-FORUM Digest 17.61 ************************