precedence: bulk Subject: RISKS DIGEST 18.93 RISKS-LIST: Risks-Forum Digest Monday 24 March 1997 Volume 18 : Issue 93 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** Contents: Splendour of the Seas not so Splendid (Mich Kabay) County Data Trouble (Dave Rand) Bill Would Outlaw Online Gambling (Edupage) Legal action against Internet provider affects customers (Klaus Johannes Rusch) Austria to disconnect from Internet on March 25 (Gary Beckmann) On looking before you leap? (Dick Mills) The Year 2000 Problem -- a new principle for Y2K tools (Thomas Reps) Retiring hardware after Y2K (Matt Welsh) Virtual Real-Estate (Tony Lima) "The Illusion of Truth" in action: apology to Simson Garfinkel (Troy Heagy) Net random-number server (Stefek Zaba) "Emergency" Web Access! (Robert J. Woodhead) Re: Telephone Scam (James Byers) Area code split and verification (Alan K. Jackson) Re: Risks of online commerce (Bob Frankston) 1997 IEEE Symposium on Security and Privacy program (Mike Reiter) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 24 Mar 1997 05:19:27 -0500 From: "Mich Kabay [NCSA]" Subject: Splendour of the Seas not so Splendid The Canadian _Globe and Mail_ newspaper (97.03.22, p. A17) reports that computerization hit choppy waters on a recent cruise: Splendour on the seas: As we learned one evening, computer problems aren't the sole domain of land lubbers. Nowadays, everything is run by the darned things -- even cruise ships. By Helga Loverseed An after-dinner power failure was probably not what the captain had in mind as part of our evening's entertainment, but just as we were downing our dessert, there was an ominous thump and we were plunged into darkness. The author makes the following key points: * Splendour of the Seas is a fully computer-dependent cruise ship. * After 8 months trouble-free, the ship developed "computer problems" when it sailed through the Caribbean. * The author writes that "the computers evidently didn't like the hot, humid climate." * The computer failure lasted 2 hours; during that time, the ship was dead in the water. * In addition, lights were dim, air-conditioning was off, and toilets wouldn't flush. This behemoth is 11 stories tall, 112 metres long, and 35 metres wide. It houses 2,077 passengers and 723 crew and includes amenities such as a jogging track, shopping, movies, bars, and even an 18-hole miniature golf course. The ship depends on computer-driven stabilizers to control roll in rough seas. [Comments by MK: If the main screws and the ship's toilets don't work without computer control, what else is computer controlled? Navigation? Communication? Why was the time to repair two hours? Are there no backup systems or were the backup systems also down? If anyone has more information about this incident, please contribute to this thread. As for me, I hope the ship's officers test its computers to see if they are Year-2000 compliant ... Mich M. E. Kabay, PhD, CISSP (Kirkland, QC), Director of Education National Computer Security Association (Carlisle, PA) http://www.ncsa.com [I suppose it might add to the hypothetical risks if the ship were to cross the equator for the first time precisely at the Y2K midnight! PGN] ------------------------------ Date: Mon, 24 Mar 1997 08:37:58 -0600 From: Dave R Subject: County Data Trouble From *The Dallas Morning News*, 24 Mar 1997, datelined Lubbock, TX: A cranky county computer has resulted in some minor traffic scofflaws being listed in official records as drug offenders, child molesters, or burglars, according to the *Lubbock Avalanche-Journal* (23 Mar 1997). Apparently, the computer has been mismatching the names and charges of some defendants, including one man who was cited for not wearing a seat belt but listed in the county computer as an accused child molester. Officials at Ki Corp., which developed the software, insist that the computerized criminal record has complete data integrity. [whatever that means! PGN] ------------------------------ Date: Sun, 23 Mar 1997 15:35:44 -0500 From: Edupage Editors Subject: Bill Would Outlaw Online Gambling (Edupage, 23 March 1997) Sen. Jon Kyl (R-Ariz.) has introduced the Internet Gambling Prohibition Act of 1997, which would make illegal the transmission of any information related to gambling, including bets, wagers or the chance to win a prize or lottery. "We don't ask ISPs (Internet service providers) to be law enforcers, constantly checking sites," says Kyl. Rather, ISPs would be asked to cut off Internet access only following a written notice from a law enforcement agency. The ISP would not be liable for any damages, penalties or forfeiture resulting from the perpetrator's gambling operation. (BNA Daily Report for Executives 20 Mar 1997; Edupage, 23 March 1997) [Don't bet on it. PGN] ------------------------------ Date: Sat, 22 Mar 1997 18:02:38 CET From: Klaus Johannes Rusch Subject: Legal action against Internet provider affects customers On 20 Mar 1997, all computer equipment at an Internet provider's office, VIP, was confiscated by the police following an order by judge Helene Partik-Pable, who has been investigating a charge against persons unknown regarding the distribution of material containing child pornography more than a year ago. It should be stressed that the provider, VIP, is not subject to any legal action, the confiscation is for evidence only. Both the office rooms and the private homes of the owners were searched, and all equipment, including private computers, office equipment which was not even connected to Internet and computers which customers had placed at the ISP's location and backup tapes, were unplugged (rather than properly shut down) and taken away. Consequently, about 2500 customers have no connection to Internet any more, nor access to their business data and private e-mail. References (in German): [1] Martin J. Laubach on [2] DER STANDARD, March 22, 1997, Klaus Johannes Rusch e8726057@student.tuwien.ac.at, KlausRusch@atmedia.net http://www.atmedia.net/KlausRusch/ [Check out the full press release [1] which was also sent to RISKS by Martin Laubach. PGN] ------------------------------ Date: Mon, 24 Mar 1997 17:18:36 -0500 From: Gary Beckmann Subject: Austria to disconnect from Internet on March 25 [I'm summarizing several reports I read in German.] All the ISPs in Austria are going to pull the plug on the Internet on Tuesday, 25 Mar 1997 from 16:00 to 18:00 MET. This action is being taken to protest the seizure of all the computer equipment of an ISP named ViP last Thursday. [...text duplicating previous message omitted...] The ISP cannot even begin to calculate the financial losses they will post due to this action. There is some disagreement among the Austrian ISPs as to the results of the planned Internet disconnection (A Land Goes Offline), ranging from those that worry about their contracts guaranteeing net access to those who feel that two hours is nothing -- even one day would be barely enough to express their outrage. But all the ISPs have apparently agreed to the two-hour protest shutdown. [The risks of having agencies that don't understand the technology trying to control it have been gone over again and again. This is the first time, though, that I've heard it going to this extreme. It will be interesting to see what the results of the protest are. --gb] ------------------------------ Date: Fri, 21 Mar 1997 15:26:08 -0500 (EST) From: rj.mills@pti-us.com (Dick Mills) Subject: On looking before you leap? I attended a firefighter's training drill this week. We heard from a gas/electric company representative. He related the following anecdote. The gas company was called to a house in Albany, NY to respond to a complaint about a carbon-monoxide alarm activating. When the serviceman questioned the woman of the house about the circumstances, she said that the alarm had been sounding since the night before. Astounded, he asked why she hadn't called immediately. She replied, "My husband charged upstairs to surf the internet for information about what to do about carbon monoxide in the house. I'm still waiting for an answer." The Risk? Letting one's mind roam cyberspace while forgetting that our bodies remain in corporeal space. Personally, I vow to never send the message, "FIRE! FIRE!" via e-mail. Dick Mills +1(518)395-5154 http://www.pti-us.com aka dmills@albany.net ------------------------------ Date: Fri, 21 Mar 1997 20:09:19 -0600 (CST) From: Thomas Reps Subject: The Year 2000 Problem -- a new principle for Y2K tools (RISKS-18.53) Back in October, PGN posted the following note to the RISKS newsgroup. >> I ran into Tom Reps this morning in San Francisco ... Tom has been >> chartered by DARPA to make serious recommendations on the Year-2000 problem. I would like to bring one of the results that came out of this to the attention of RISKS readers. As PGN indicated, the Defense Advanced Research Projects Agency (DARPA) asked me last summer to help them plan a project aimed at reducing the impact of the Year 2000 (Y2K) problem on the Department of Defense. DARPA was particularly interested in whether there were "any techniques in the research community that could be applied to the Y2K problem and have impact beyond present commercial Y2K products and services". The most exciting of the ideas that turned up concerns a method for using path profiling as a heuristic to locate some of the sites in a program where there are problematic date manipulations. It works as follows: In path profiling, a program is instrumented so that the number of times each different loop-free path executes is accumulated during an execution run. With such an instrumented program, each run (or set of runs) of the program generates a path spectrum for the execution --- a distribution of the paths that were executed. Path spectra can be used to identify paths in a program that are good candidates for being date-dependent computations by finding differences between path spectra from execution runs on pre-year-2000 data and post-year-2000 data. By choosing input datasets to hold all factors constant except the way dates are used in the program, any differences in the spectra obtained from different execution runs can be attributed to date-dependent computations in the program. Differences in the spectra reveal paths along which the program performed a new sort of computation during the post-year-2000 run, as well as paths --- and hence computations --- that were no longer executed during the post-year-2000 run. With some further analysis of the spectra, for each such path that shows up in the spectral difference, it is possible to identify the shortest prefix that distinguishes it from all of the paths in the other path set. For the Y2K problem, the path-spectrum comparison technique may provide help with two aspect of the problem: (i) determining the sites at which date-manipulation code occurs, and (ii) post-renovation testing. Of course, the path-spectrum comparison technique is not guaranteed to uncover all sites of date manipulations. No technique can do this; all one can hope for are good heuristics. However, because path-spectrum comparison involves a different principle from the principles that lie behind the heuristics used in commercial Y2K tools, it should be a good complement to current techniques. Furthermore, the path-spectrum comparison technique is actually applicable to a much wider range of software-maintenance problems than just the Y2K problem; it offers new perspectives on program testing, on the task of creating test data, and on what tools can be created to support program testing. This work is described in the following paper: Reps, T., Ball, T., Das, M., and Larus, J., "The use of program profiling for software maintenance with applications to the Year 2000 Problem". Technical Report TR-1335, Computer Sciences Department, University of Wisconsin, Madison, WI, January 1997. The paper is available over the WWW at URL http://www.cs.wisc.edu/wpis/papers/tr1335.ps. A prototype tool for gathering and comparing path spectra (for programs that run under Solaris on Sun SPARCstations) has been built at the University of Wisconsin. (The Wisconsin Alumni Research Foundation is in the process of seeking patent protection for these techniques.) Tom ------------------------------ Date: 23 Mar 1997 12:43:52 GMT From: mdw24@cl.cam.ac.uk (Matt Welsh) Subject: Retiring hardware after Y2K In 18.90, Geoffrey Cooper writes: >We decided to retire the product in (or at least upgrade the flash ROM >by) the year 2037. I hate to point this out, but this is exactly the mentality that caused the Y2K problem in the first place. How do you know that all of these devices will be out of use by 2037? It seems that people can either fix the problem, or ignore it, or pretend to fix it and give themselves a good pat on the back for doing so. M. Welsh, Cambridge Computer Laboratory ------------------------------ Date: Sun, 23 Mar 1997 20:34:00 -0700 From: tony.lima@toadhall.com (Tony Lima) Subject: Virtual Real-Estate In the San Francisco area, Coldwell-Banker is running an ad for their real-estate services. This ad shows a woman worrying about how she will be able to keep the house clean while it is for sale, what with their three kids, two dogs, and so on. Her solution? Coldwell-Banker puts their house on the Web, keeping it (virtually) spotless. The risks are obvious. Next step: virtual patching of that cracked foundation... tony.lima@toadhall.com (Tony Lima) [I'd be just as suspicious of Real Virtual-Estate. PGN] ------------------------------ Date: Mon, 24 Mar 1997 12:14 -0500 (EST) From: Troy_Heagy@ccmail.orl.lmco.com Subject: "The Illusion of Truth" in action: apology to Simson Garfinkel Last week I posted a message in the Usenet newsgroup rec.arts.sf.tv.babylon5.moderated. The message was then forwarded to the RISKS digest by someone else who was browsing through the newsgroups. It looked as if I had written the article, but I did NOT. The author of that column, "Hard Pressed," was Simson Garfinkel. His Webpage address is http://www.packet.com/garfinkel . "Hard Pressed" reminded me of the recent episode "Illusion of Truth"...how the press reports what it wishes rather than what you actually say...and I wanted to pass it on to Babylon 5 fans. Rather than quote the entire article I should have listed Simson's web page address. OR asked his permission to quote. I did neither. I apologize to Simson Garfinkel and the readers of the Risks Digest for infringing on his copyright and for the misunderstanding this caused. Troy_Heagy@ccmail.orl.mmc.com [Your moderator is astounded, mortified, and apologetic that the obvious self-references pointing to Simson as the creator of that piece (coauthor of books with Spaf, friend of Beth Weise, etc. -- I had seen Simson and Beth at CFP just the week before) did not set off alarm bells and cause me to reject the message as a clear copyright violation. However, I somehow missed them when selecting that item. The volume of RISKS e-mail is enormous, RISKS is a pro bono effort, and this piece was really good based on a fast review for content that incredibly did not pick up on the omitted true identity of the author! Besides, Simson has been occasionally sending me heads-up notices on his particularly-relevant Wednesday packet columns at http://www.packet.com/garfinkel, for possible mention in RISKS, but he did not so so on this seemingly relevant column. So, my apologies as well as Troy's. We also received some groveling from Gary Grossoehme, who, unknowing, submitted the item to RISKS. In any event, this does remind us once again of the risks of enforcing copyrights and the importance of netiquette in attributions. That even gives me a chance to remind you to check the RISKS reuse policy in http://www.csl.sri.com/risksinfo.html if you rebroadcast RISKS items! PGN] ------------------------------ Date: Mon, 24 Mar 1997 22:13:08 +0000 From: Stefek Zaba Subject: Net random-number server Among the risks not yet mentioned is the one of using an observable quantity directly as (for example) keying material. Since the link to the hotbits site is not encrypted, anyone with a machine sharing the transmission medium can see what the random bits are. The cautious crypto-oriented user of this service will mix the bits from the net.randomness server with some locally-generated non-predictable bits; however, the incautious might not, and in any case if a local source of non-predictable (and non-observable) bits is available, using an external non-predictable but observable source adds only the illusion of security. (There are unusual applications where non-predictability is all that's needed, and observability is irrelevant; but it's not the common case.) If this service were to be used for crypto applications, the bits would need to be not just PGP-signed, as Dan Drake suggested, but encrypted. PGP use would require the requester to send a public key with the request; SSL would allow the secure channel to be set up with less manual intervention. Stefek stefek_zaba@hplb.hpl.hp.com ------------------------------ Date: Fri, 21 Mar 1997 16:40:03 -0500 From: "Robert J. Woodhead (AnimEigo)" Subject: "Emergency" Web Access! Like many people, I use a PPP modem-dialup to an ISP to access the net from my portable computer. Usually this is a local call, but occasionally when travelling I have to make a quick long-distance call to get my email. Recently I was at the video studio subtitling samurai films when the urge to check email became too much. The studio had a new phone system, so I found out what the outside line prefix was, adjusted my PPP settings, and happily TCP/IP'd. The next day, back home, I plugged in my Mac and dialed up - but forgot to revert my settings. I dialed, immediately noticed the problem, and aborted the attempt. 30 seconds later, the phone rang - it was 911 asking why I'd called! My video studio had chosen "91" as their outside dialing prefix. And, of course, I then needed to have my modem dial 1 for long distance access, thus putting in place a little time bomb for when I returned home! Whoever came up with the idea of 91 as a dialing prefix ought to be stuffed and mounted! Robert J. Woodhead ** trebor@animeigo.com ** "Anime Your Way!" tm WWW.ANIMEIGO.COM - "REGULAR" and "LITE" flavors - CHAT room too! [Another variant on an old RISKS theme. PGN] ------------------------------ Date: Mon, 24 Mar 1997 15:00:36 -0500 From: James Byers Subject: Re: Telephone Scam (Nugent RISKS-18.92; Fernandez, RISKS-18.91) Bill Nugent correctly points out that many telcos leave dialtones on disconnected lines for safety reasons. However, our local phone company was prone to crossing their lines in their jumble of antique phone equipment. Several years ago, I mistakenly attached a phone to a disconnected line. As realized my mistake later that day, the phone rang! I did not pick the phone up, thinking that the call belonged to someone else. It rang about four times and then stopped. Curiosity got the better of me and I dialed the operator from the phone a few minutes later. I told the operator that I was at a pay phone that was not labeled and I wanted to know the number. "You're at a coinbox?" she replied incredulously. With my affirmative reply, she gave me the number. I dialed the phone from another line and, sure enough, my phone rang four times and an answering machine picked up. Apparently, our disconnected phone was crossed with a local construction company! The phone company representative who got to hear this story tried to convince me that that I was imagining things. The representative also refused to believe that an operator would give me the number of a domestic phone. Not surprisingly, their was a repair truck out on the street the next morning. Funny coincidence, the line got disconnected at about the same time. The risks? Certainly there are billing issues here that could cause someone quite a headache. Had I been a more malicious individual, I could have lost the construction company a fair bit of business. The operator also disregarded whatever indications she had that I was not on a pay phone. What would she have done if I had convincingly argued that I was a repairman and needed some sort of special phone access? Another case of a human operator disregarding both training and diagnostic indicators. James Byers byers@cornell.edu http://www.people.cornell.edu/pages/jwb19 ------------------------------ Date: Mon, 24 Mar 1997 07:40:59 -0600 From: "Alan K. Jackson 245-7355" Subject: Area code split and verification Houston split its area code a few months ago, and we are beginning to experience many problems. The latest - my wife received a new credit card. She called the number to enable the card, and it failed because the number in their database didn't match the number she called from - wrong area code! The risk - the credit card issuer will certainly lose some business, anyone not willing to spend the time to get a human to enable the card. In general, this is a problem with the burgeoning systems that take advantage of the ease with which one can now trap the number of an incoming call. One's database of numbers can very quickly become badly out of date. ------------------------------ Date: Mon, 24 Mar 1997 18:40 -0500 From: Bob_Frankston@frankston.com Subject: Re: Risks of online commerce The problem of remembering purchases you made a month ago is one I specifically dealt with in my Masters Thesis (URL on request -- I'm on a plane so can't check it) in 1974. The basic approach is to keep a personal log of all transactions and automatically check the bill against these to note exceptions. The assumption is that there would be too many microtransactions to be able to check them all, especially when there is a delay. Implementing this would require a payment system with a standard client-side component. Something that is difficult in today's decentralized marketplace. ------------------------------ Date: Mon, 24 Mar 1997 14:34:44 GMT From: Mike Reiter Subject: 1997 IEEE Symposium on Security and Privacy program 1997 IEEE SYMPOSIUM ON SECURITY AND PRIVACY May 5-7, 1997 The Claremont Resort, Oakland, California Sponsored by the IEEE Technical Committee on Security and Privacy In cooperation with the International Association of Cryptologic Research Symposium Committee: Stephen Kent, General Chair Michael Reiter, Vice Chair George Dinolt, Program Co-Chair Paul Karger, Program Co-Chair PRELIMINARY PROGRAM Subject to Change Sunday May 4, 1997 4:00-7:00 Registration and Reception Monday May 5, 1997 8:30 Introductory Remarks 9:00-10:30 Panel/Debate Resolved: The concept of Trusted Computing Base as a basis for constructing systems to meet security requirements is fundamentally flawed and should no longer be used to justify system security architectures. Arguing in favor: Lead: Bob Blakley (IBM) Second: Darrell Kienzle (U. of Virginia) Opposed: Lead: William R. Shockley Second: LT (USN) James P. Downey (Naval Postgraduate School) Moderator: John D. McLean (Naval Research Laboratory) 11:00-12:00 Authorization and Authentication Toward Acceptable Metrics of Authentication Michael K. Reiter and Stuart G. Stubblebine (AT&T Labs--Research) An Authorization Scheme for Distributed Object Systems V. Nicomette and Y. Deswarte (LAAS-CNRS & INRIA, France) A Logical Language for Expressing Authorizations Sushil Jajodia (George Mason University), Pierangela Samarati (Universita' di Milano) and V. S. Subrahmanian (University of Maryland) 1:30-3:00 Applications Anonymous Connections and Onion Routing Paul F. Syverson, David M. Goldschlag and Michael G. Reed (Naval Research Laboratory) The Design and Implementation of a Multilevel Secure Log Manager Vikram R. Pesati, Thomas F. Keefe and Shankar Pal (Penn State University) A Secure and Reliable Bootstrap Architecture A. Arbaugh, David J. Farber and Jonathan M. Smith (University of Pennsylvania) An MBone Proxy for an Application Gateway Firewall Kelly Djahandari and Dan Sterne (Trusted Information Systems) 3:30-5:00 Security Theory Secure Software Architectures Mark Moriconi, Xiaolei Qian, R. A. Riemenschneider (SRI) and Li Gong (JavaSoft) A General Theory of Security Properties and Secure Composition A. Zakinthinos and E.S. Lee (Cambridge University, U.K.) Analyzing Consistency of Security Policies Laurence Cholvy and Frederic Cuppens (ONERA CERT, France) 6:00-7:30 Reception Tuesday May 6, 1997 9:00-10:30 Panel: Ensuring Assurance in Mobile Computing Moderator: Marv Schaefer (Arca) Panel Members: Sylvan Pinsky (NSA) Drew Dean (Princeton University) Jim Roskind (Netscape) Li Gong (JavaSoft) TBD (Microsoft) 11:00-12:00 Architectures Packet Filtering: Local Enforcement for Global Policies Joshua D. Guttman (MITRE) Providing Flexibility in Information Flow Control for Object-Oriented Systems Elena Ferrari, Pierangela Samarati and Elisa Bertino (Universita' di Milano) and Sushil Jajodia (George Mason University) Automated Analysis of Cryptographic Protocols J. Mitchell, M. Mitchell, and U. Stern (Stanford University) 1:30-3:00 Intrusion Detection and Beyond How to Systematically Classify Computer Security Intrusions Ulf Lindqvist and Erland Jonsson (Chalmers University of Technology, Sweden) Surviving Information Warfare Attacks on Databases Paul Ammann and Sushil Jajodia (George Mason University), Catherine D. McCollum and Barbara T. Blaustein (MITRE) Execution Monitoring of Security-Critical Programs in a Distributed System: A Specification-based Approach Calvin Ko (Trusted Information Systems), Manfred Ruschitzka and Karl Levitt (University of California Davis) Catalytic Inference Analysis: Detecting Inference Threats due to Knowledge Discovery John Hale and Sujeet Shenoi (University of Tulsa) 3:30-5:00 5-Minute talks on breaking research results 5:00-6:00 Meeting, IEEE Technical Committee on Security and Privacy Wednesday May 7, 1997 9:00-10:30 Panel: Security in Innovative New Operating Systems Moderator: Cynthia E. Irvine (Naval Postgraduate School) Panel Members: Robert Grimm, Spin Project (University of Washington) Frans Kaashoek, Exokernel Project (Massachusetts Institute of Technology) Jay Lepreau, Flux Project (University of Utah) George Necula, Fox Project (Carnegie Mellon University) Larry Peterson, Scout Project (University of Arizona) 11:00-12:00 System Vulnerabilities Analysis of a Denial of Service Attack on TCP Christoph L. Schuba, Ivan V. Krsuland, Markus G. Kuhn, Eugene H. Spafford, Aurobindo Sundaram and Diego Zambon (Purdue University) Deniable Password Snatching: On the Possibility of Evasive Electronic Espionage A. Young and M. Yung (Columbia University) Number Theoretic Attacks On Secure Password Schemes Sarvar Patel (Bellcore) 12:00-12:15 Final Remarks [Truncated for RISKS. Registration form, hotel information, etc., at http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/SP97pgmandreg.html . PGN] ------------------------------ Date: 15 Aug 1996 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Or use Bitnet LISTSERV. Alternatively, (via majordomo) DIRECT REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] => The INFO file (submissions, default disclaimers, archive sites, .mil/.uk subscribers, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS ------------------------------ End of RISKS-FORUM Digest 18.93 ************************