precedence: bulk Subject: Risks Digest 20.66 RISKS-LIST: Risks-Forum Digest Weds 1 December 1999 Volume 20 : Issue 66 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at and by anonymous ftp at ftp.sri.com, cd risks . Contents: ATM User Trapped for 9 Hours (Jack Burke) Dell loses five days' production time to FunLove Virus (Mich Kabay) Risk of portable signs (Geoff Speare) Irish telephone network outage brings Y2K fears (Dermot Casey) Firestation fire blamed on Y2K computer fix (Kevin Whelan) Halifax suspends net share dealing over security flaw (Nigel Cole) Hacker links Staples to online rival Office Depot (Mich Kabay) Risks of "anonymous" e-mail accounts (Bruce Schneier) Sticky fingers with e-mail (Peter Wayner) Privacy breach + plaintext passwords + denial of service (David Mediavilla) Netscape 4.7 Danger: "Active" Newsgroup Messages (John David Galt) Expanding, Embracing, Devouring: IE 5.0 Task Scheduler Elevates (RA Downes) No bounds checking in Microsoft RTF controls (RA Downes) More on DVD encryption cracked (Bruce Schneier) Computer virus tears through companies (Dave Farber) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sun, 28 Nov 1999 12:40:10 -0500 From: Jack Burke Subject: ATM User Trapped for 9 Hours Talk about poor planning by a New Jersey bank--I can't believe that no one thought of this situation. The short version: a bank's inside-the-lobby ATM machine was being used by a man when the lobby's outside doors automatically locked at 9pm on Thanksgiving evening. There was no alarm button (apparently not even a fire alarm lever), no emergency exit, and no way out until the bank manager showed up the next morning (although I wonder why he didn't break the door or window to escape). The man rightfully closed his account the next day. http://www.apbnews.com/newscenter/breakingnews/1999/11/27/trapped1127_01.html [Also noted by Daniel P. B. Smith] ------------------------------ Date: Mon, 22 Nov 1999 13:48:50 -0500 From: Mich Kabay Subject: Dell loses five days' production time to FunLove Virus Dell Computer's plant in Cork,[*] Ireland suffered five days of downtime after the company discovered that 500 of its computers had been infected with the FunLove virus. Staff had to track down the source of the infection and eradicate the virus from all its systems. Paul Taylor (Reuters) wrote, "the attack is regarded as one of the most damaging seen in Europe." In addition to the lost production time, the incident damaged customer relations, with some customers complaining about the delay in delivery of their systems. M. E. Kabay, PhD, CISSP / Director of Education R&D Group, ICSA Labs [Subsequent added note: Limerick City, not Cork? PGN] ------------------------------ Date: Mon, 22 Nov 1999 09:45:20 -0500 From: Geoff Speare Subject: Risk of portable signs The highway I use in my commute to work has been under construction for several months. The construction people were kind enough to park a portable sign unit (LCD display, 3 lines of 8 chars, readable from the car) a couple miles before the construction site. Normally, this sign warns of things like blasting, change in traffic patterns, etc. However, this morning, the sign read: BATTERYS NEED CHARGING The risk? That a generation will grow up thinking that "batteries" is spelled with a Y... Geoff Speare ------------------------------ Date: Tue, 23 Nov 1999 09:25:57 +0100 From: "Casey, Dermot (CAP, GCF)" Subject: Irish telephone network outage brings Y2K fears To summarise Eircom Ireland main teleco had a major failure last Friday afternoon. An upgrade which took place either Thursday night or Friday morning failed. When they switched to backup systems these also failure due to some embedded "software bugs" as described on the radio. The collapse of the first exchange caused a domino effect on exchanges in the centre of Dublin and businesses were left without a service from about 2.30 p.m to 6.00 p.m. Some 80,000 land-lines were effected initially, but this rose significantly as other exchanges were hit. People making calls to numbers in the affected areas were unable to reach them. To compound the problem Eircoms Cell phone customers in the same area where left without service due to an independant problem. The countrys other mobile network Esat was unaffected. A few interesting points, why do people insist on upgrading during the working week when the risks are obvious. The second is this was Eircoms first big test for disaster recovery and it didn't come out very well. The Irish Telecoms Users Group has questioned Eircoms Y2K preparedness based on this incident. An Eircom spokesperson said that they were Y2K ready (£ 25 million project, 70 dedicated staff over a number of years) but admitted there were likely to be "glitches" in the system. see the Irish Times Archive for text of a story covering the incident. http://www.ireland.com/scripts/search/highlight.plx?TextRes=eircom&Path=/new spaper/finance/1999/1120/fin50.htm ------------------------------ Date: Mon, 22 Nov 1999 00:59:04 -0500 From: Kev Subject: Firestation fire blamed on Y2K computer fix This past Tuesday's *Montreal Gazette* reports a fire that caused $500,000 damage to a local fire station. The fire started when one of the firemen left french fries cooking when responding to an alarm. The breaker system designed to cut off power to the stove when this occurs had been disconnected ... because it was incompatible with the new Y2K compatible computer system recently installed!!! In addition to the irony of a fire destroying the fire station and a safety system being disconnected because it's incompatible to the new computer system, the station had recently been the object of a successful community effort to save the historic old building from destruction during a development project. According to a city official a patch is required to make the power cut off system compatible with the new system. No details were given regarding the hardware or software for either the new Y2K system or the power cut off system. Ah, the risks of avoiding risks! Kevin Whelan ------------------------------ Date: Fri, 26 Nov 1999 20:33:54 +0000 From: Nigel Cole Subject: Halifax suspends net share dealing over security flaw I originally caught this on CEEFAX teletext service in the UK, but (naturally) it's also on the web: http://news.bbc.co.uk/hi/english/business/newsid_538000/538285.stm Summary: The Halifax (a UK bank) has suspended its online share dealing service after a serious security flaw was found. The flaw made it possible for customers to not only see other customers' accounts, but also to buy and sell shares from them. Dr. Nigel Cole postmaster@zebekia.demon.co.uk [also noted by David Stringer-Calvert in the *Yorkshire Evening Press*, 27 Nov 1999] ------------------------------ Date: Tue, 30 Nov 1999 12:51:32 -0500 From: Mich Kabay Subject: Hacker links Staples to online rival Office Depot On 9 Oct 1999, someone breached security on the Staples Web site and redirected browsers to the Web site of Office Depot, the victim's major competitor. On 30 Nov 1999, Staples announced on that it filed a federal "John Doe" lawsuit against its assailant(s) claiming damages for lost business and for the recovery effort. Staples and Office Depot both said they doubted that Office Depot was in any way responsible for the attack. M. E. Kabay, PhD, CISSP / Director of Education R&D Group, ICSA Labs ------------------------------ Date: Tue, 30 Nov 1999 15:20:17 -0600 From: Bruce Schneier Subject: Risks of "anonymous" e-mail accounts Someone sent a bomb threat from an account from an account named shadowmega@hotmail.com. The police contacted Hotmail, and found that the Hotmail account had been accessed at a particular date and time, using an IP address owned by America Online. Using the AOL information, police identified exactly who was using that IP address at that time and were able to trace the sender to his apartment in Brooklyn. Full story: http://www.zdnet.com/zdtv/cybercrime/news/story/0,3700,2324068,00.html Moral: Don't assume that your anonymous e-mail account is anonymous. Bruce Schneier, CTO, Counterpane Internet Security, Inc. Ph: 612-823-1098 3031 Tisch Way, 100 Plaza East, San Jose, CA 95128 Fax: 612-823-1590 ------------------------------ Date: Tue, 23 Nov 1999 07:51:52 -0500 From: Peter Wayner Subject: Sticky fingers with e-mail According to the AP, a company which acted both as an ISP and a bookseller would use its position in the chain of e-mail to intercept e-mail messages between Amazon and customers who had accounts at the ISP. The ISP apparently used the information to try to gain a competitive advantage as it entered the business. New management settled for a fine of $250,000. There was no mention if the ISP maintained the ability to turn its rack of servers into 40-bit crypto crackers. ------------------------------ Date: Wed, 1 Dec 1999 19:42:23 +0100 From: David Mediavilla Subject: Privacy breach + plaintext passwords + denial of service I left my resume at JobUniverse http://www.idg.es/JobUniverse/curriculum.asp, a Spanish job search site. The site claims to keep personal data safe and to have registered with the Spanish Personal Data Agency (See my post on RISKS-20.65 http://catless.ncl.ac.uk/Risks/20.65.html#subj15 ) On 30 Nov 1999, I received e-mail reminding me of updating the resume. It was politely signed by some Javier Nieto, director of IDG.ES. It included my e-mail address and the password I used. This is a risk but not very high. The problem comes when they sent to some addresses (not all) another message including in To: field lots of e-mail addresses (I printed one and it covers 4 pages). In the body, the reminder text including the e-mail address _and_password_ of lots of subscribers. I haven't counted them but the message weighs 170-190 KB (57 pages). And better, they sent this message several times. I received 12, others 182 or 48 copies. After several hours, they removed the resume service from the web. So privacy breach + plaintext passwords + denial of service. I haven't heard about viruses... yet. David Mediavilla Ezquibela ------------------------------ Date: Wed, 01 Dec 1999 13:11:15 -0800 From: John_David_Galt@acm.org Subject: Netscape 4.7 Danger: "Active" Newsgroup Messages Last night, I encountered the newsgroup spam message quoted in full below. As soon as it is viewed, it causes my browser, Netscape Communicator 4.7, to load an unwanted web page -- even though I have preferences set to disable Java and JavaScript in news and mail messages. (The ">" I have added on each line disables this "feature.") This behavior, of course, opens one's system to all the kinds of mischief a hostile web page can do, from giving spammers your e-mail address to running mischievous Java applets or viruses on your machine. Yet when I complained of this on Netscape's forum (the netscape.communicator newsgroup hosted at secnews.netscape.com), it was laughed off and they appear to have no intention of doing anything about it. No browser has any business ever loading a URL unless the user requests it! John David Galt > Message-ID: <3841D1F1.C01EAA5D@softcom.net> > Date: Sun, 28 Nov 1999 17:08:01 -0800 > From: "Jonathan H. Ballard" > Organization: Cybertronix > X-Mailer: Mozilla 4.51 [en] (X11; I; FreeBSD 3.2-RELEASE i386) > X-Accept-Language: en > MIME-Version: 1.0 > Newsgroups: ca.test, ca.driving, ca.earthquakes, ca.environment, ca.general > Subject: HOPE > Content-Type: text/html; charset=UTF-8 > Content-Transfer-Encoding: 7bit > NNTP-Posting-Host: 209.160.172.191 > X-Trace: 30 Nov 1999 17:06:02 -0800, 209.160.172.191 > Lines: 12 > Path: news-west.eli.net!sdd.hp.com!enews.sgi.com!news.idt.net!howland.erols.net!newsfeed.fast.net!uunet!ffx.uu.net!news.sac.bfp.net!209.160.172.191 > Xref: news-west.eli.net ca.test:900 ca.driving:6671 ca.earthquakes:1464 ca.environment:3407 ca.general:17258 > > > -- > cybertronix@softcom.net jon.ballard@usa.net > http://www.softcom.net/users/cybertronix > Save a Tree -> Know How to eMail > ;) CopyRight Ballard ------------------------------ Date: Tue, 30 Nov 1999 17:59:03 +0000 From: main@radsoft.net Subject: Expanding, Embracing, Devouring: IE 5.0 Task Scheduler Elevates Re: http://www.ntsecurity.net/go/load.asp?iD=/security/tasksched.htm What this article will demonstrate is that installing a web browser from Microsoft changes the topology of the underlying operating system - even on Windows NT. Ken Thompson used to say, "keep your hands off the drivers." With all the ridiculous crashes IE4 and IE5 have been guilty of, it's obvious Microsoft has never heeded that good advice. Instead, they now muck about with the innards of your operating system when all they're really supposed to do is install a user mode application. The mind boggles. RA Downes, Radsoft Laboratories http://www.radsoft.net ------------------------------ Date: Thu, 25 Nov 1999 14:08:50 +0000 From: main@radsoft.net Subject: No bounds checking in Microsoft RTF controls I am speechless. Totally speechless. And for reasons which might become clearer later, I have a lump in my throat. This is not funny anymore. Dammit, it is not. I am mad. The morning mailbox contained a newsletter on NT security, and this newsletter had an article about an attack on the Microsoft Rich Edit (RTF) controls. The URL given is: http://www.ntsecurity.net/go/load.asp?iD=/security/richedit1.htm As there are a few discrepancies in the RTF code reproduced there, I made the mistake of assuming that this was a limited problem. But after disconnecting and thinking about the matter a bit (thinking still does have its advantages, even in this age when, thanks to Microsoft, information is at your fingertips) I realized it was "easy peasy" to crash any of Microsoft's Rich Edit (RTF) controls any time I wanted, and set about doing so. But let's make sure everyone is up to speed before we continue. RTF is a Microsoft invention (or so they claim) for formatting text. RTF stands for "Rich Text Format", thereof the description "Rich Edit" often used to describe this "technology". Microsoft encapsulates this "technology" all over the place, in their Office suite, in FrontPage, and in two resident system DLLs, RICHED32.DLL and RICHED20.DLL. Again, the attack works on _any_ version of the DLL, and not just one or the other as the article at the above URL implies. RTF consists of a number of "tokens" all introduced with the (you guessed it) backslash. An RTF file is always enclosed in braces (what good this does no one knows, next question please) and after the initial opening brace the token "\rtf1" should follow immediately. (The article online at the URL above incorrectly gives this token as "\rtf" - the '1' on the end, to the best of my knowledge, is necessary.) As the article states, the buffer used for interpreting RTF tokens seems to be 36 bytes. This is such a ridiculous magic number it's not funny. I can't get past this one at all. The backslash is regarded as part of the token in this context: thus any character sequence beginning with a backslash and continuing with at least 35 characters before the next token will send the control south. Also, RTF tokens are considered to conform to the American alphabet: any non American alphabetic character in a token will in effect break the token and avoid the attack. Another tidbit that might prove beneficial to readers: the initial MS Rich Edit control, Riched32.DLL, was written in C, the follow up, Riched20.DLL (sic) is written in C++, and Microsoft probably regards this latter DLL as a vast improvement, which it is not. But as this attack works on all generations of the control it can be concluded that the same brain dead code snippet is in effect here in all cases. The buffer for parsing an RTF token is 36 bytes (including backslash character) - and no checks are used in the code to make sure the buffer does not overflow. There is evidence in the disassembly of a character pointer being incremented with the postfix ++ operator - that the loop not check that this pointer is within bounds really and truly boggles the mind. I can think of hundreds, thousands, hundreds of thousands of loops I have written and seen over the years, everyone of course having a bounds check built in. I mean, this is very _basic_ programming, isn't it? for (cp = buf; cp < buf + BUFSIZE; cp++) /* * */ I mean, this is all really very _elementary_, isn't it? Tell me I'm wrong! Please, someone, _anyone_, tell me I'm wrong!!!! I used to think so. But now that "Redmond RuleZ", who knows what goes anymore? The real pity is that in a week, as everyone becomes aware of this issue and what is behind it, that people will just end up _accepting_ it. Crimenee!!!! This RTF control in all its generations is one of the most used controls from the Microsoft arsenal. That this control be subject to the kindergarten programming practices of Redmond is more than at least this author can stomach. This is absolutely horrendous. I feel literally physically sick. This is not funny any more. RA Downes PS. As this affects almost everyone using any kind of PC program anywhere, I guess I'll just have to devote the rest of this day to writing a wrapper to protect us. The idea is simple: send all references to RTF editors to the wrapper instead, which will first parse the file for evidence of malignant tokens, and then pass the file on to the target editor if all is in order - or otherwise issue a warning and drop the matter entirely. Drop me a line if you have any ideas. As Microsoft will probably handle this "issue" as so many others - i.e. ignore it - and as I rather trust my own code at this point far more than I trust Microsoft's (nil trust there to be honest) I think we have to take matters into our own hands. RA Downes, Radsoft Laboratories http://www.radsoft.net ------------------------------ Date: Mon, 29 Nov 1999 21:58:40 -0600 From: Bruce Schneier Subject: More on DVD encryption cracked (RISKS-20.64-65) The scheme to protect DVDs has been broken. There are now freeware programs on the net that remove the copy protection on DVDs, allowing them to be played, edited, and copied without restriction. This should be no surprise to anyone, least of all to the entertainment industry. The protection scheme is seriously flawed in several ways. Each DVD is encrypted with something called Content Scrambling System (CCS). It has a 40-bit key. (I have no idea why. The NSA and the FBI shouldn't care about DVD encryption. There aren't any encrypted terrorist movies they need to watch.) It's not even a very good algorithm. But even if the encryption were triple-DES, this scheme would be flawed. Every DVD player, including hardware consoles that plug into your television and software players that you can download to your computer, has its own unique unlock key. (Actually, each has several. I don't know why.) This key is used to unlock the decryption key on each DVD. A DVD has 400 copies of the same unique decryption key, each encrypted with every unlock code. Note the global secret: if you manage to get one unlock key for one player, you can decrypt every DVD. But even if this were all perfect, the scheme could never work. The flaw is in the security model. The software player eventually gets the decryption key, decrypts the DVD, and displays it on the screen. That decrypted DVD data is on the computer. It has to be; there's no other way to display it on the screen. No matter how good the encryption scheme is, the DVD data is available in plaintext to anyone who can write a computer program to take it. And so is the decryption key. The computer has to decrypt the DVD. The decryption key has to be in the computer. So the decryption key is available, in the clear, to anyone who knows where to look. It's protected by an unlock key, but the reader has to unlock it. The DVD software manufacturers were supposed to disguise the decryption program, and possibly the playing program, using some sort of software obfuscation techniques. These techniques have never worked for very long; they only seem to force hackers to spend a couple of extra weeks figuring out how the software works. I've written about this previously in relation to software copy protection; you can't obfuscate software. It might be a bitter pill for the entertainment industry to swallow, but software content protection does not work. It cannot work. You can distribute encrypted content, but in order for it to be read, viewed, or listened to, it must be turned into plaintext. If it must be turned into plaintext, the computer must have a copy of the key and the algorithm to turn it into plaintext. A clever enough hacker with good enough debugging tools will always be able to reverse-engineer the algorithm, get the key, or just capture the plaintext after decryption. And he can write a software program that allows others to do it automatically. This cannot be stopped. If you assume secure hardware, the scheme works. (In fact, the industry wants to extend the system all the way to the monitor, and eventually do the decryption there.) The attack works because the hacker can run a debugger and other programming tools. If the decryption device and the viewing device (it must be both) is inside a tamperproof piece of hardware, the hacker is stuck. He can't reverse-engineer anything. But tamperproof hardware is largely a myth, so in reality this would just be another barrier that someone will eventually overcome. Digital content protection just doesn't work; ask anyone who tried software copy protection. One more lesson and an observation. The lesson: This is yet another example of an industry meeting in secret and designing a proprietary encryption algorithm and protocol that ends up being embarrassingly weak. I never understand why people don't use open, published, trusted encryption algorithms and protocols. They're always better. The observation: The "solution" that the entertainment industry has been pushing for is to make reverse-engineering illegal. They managed in the United States: the Digital Millennium Copyright Act includes provisions to this effect, despite the protests of the scientific and civil rights communities. (Yes, you can go to jail for possessing a debugger.) They got a similar law passed in the UK. They're working on the EU. This "solution" does not work and makes no sense. First, unless reverse-engineering is illegal everywhere on the planet, [and UCITA would like to do that; PGN] someone will be able to do it somewhere. And one person is all you need; he can write software that everyone else uses. Second, the reverse-engineer can -- as in this case -- work anonymously. Laws wouldn't have helped in this case. And third, laws can't put the cat back into the bag. Even if you could catch and prosecute the hackers who did this, it wouldn't affect the hacker tools that have already been, and continue to be, written. What the entertainment industry can do, and what they have done in this case, is use legal threats to slow the spread of these tools. So far the industry has threatened legal actions against people who have put these software tools on their Web sites. The result will be that these tools will exist on hacker Web sites, but will never be in public-domain software -- Linux, for example. The fatal flaw is that the entertainment industry is lazy, and is attempting to find a technological solution to what is a legal problem. It is illegal to steal copyrights and trademarks, whether it is a DVD movie, a magazine image, a Ralph Lauren shirt, or a Louis Vitton handbag. This legal protection still exists, and is still strong. For some reason the entertainment industry has decided that it has a legal right to the protection of its technology, and that makes no sense. Moreover, they are badgering legislatures into passing laws that prop up this flawed technological protection. In the US and UK (and possibly soon in the EU), it is illegal to circumvent their technology, even when you never use it to violate a copyright. It is illegal to engage in scientific research about the encryption used in these systems. It is illegal to peek under the hood of this thing you have legally bought. So not only does this system not work, it creates a black market where there was none before, while doing no social good in the process. This DVD break is a good thing. It served no one's interests for the entertainment industry to put their faith in a bad security system. It is good research, illustrating how bad the encryption algorithm is and how poorly thought out the security model is. What is learned here can be applied to making future systems stronger. http://www.wired.com/news/technology/0,1282,32263,00.html http://www.ntk.net/index.cgi?back=archive99/now1029.txt Summary of the DVD encryption scheme: http://crypto.gq.nu Geek stuff: http://livid.on.openprojects.net/pipermail/livid-dev/1999-October/000548.html http://livid.on.openprojects.net/pipermail/livid-dev/1999-October/000589.html http://livid.on.openprojects.net/pipermail/livid-dev/1999-October/000609.html http://livid.on.openprojects.net/pipermail/livid-dev/1999-October/000671.html My essay on software copy protection: http://www.counterpane.com/crypto-gram-9811.html#copy My comments on the Digital Millennium Copyright Act: http://www.zdnet.com/pcweek/news/0622/22wipo.html New Intel software obfuscation techniques that, I predict, will be broken soon: http://www.intel.com/pressroom/archive/releases/in110999.htm (This originally appeared in the November issue of Crypto-Gram. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.) Bruce Schneier, CTO, Counterpane Internet Security, Inc. Ph: 612-823-1098 3031 Tisch Way, 100 Plaza East, San Jose, CA 95128 Fax: 612-823-1590 ------------------------------ Date: Wed, 01 Dec 1999 04:42:58 -0500 From: Dave Farber Subject: Computer virus tears through companies (From IP) Computer virus tears through companies SAN FRANCISCO (AP) - A computer virus rampaged through corporate systems, devouring files, crippling e-mail systems and affecting thousands of computers Tuesday, according to anti-virus experts. The Mini-Zip virus, related to one that caused a serious outbreak in June, was expected to renew its assault Wednesday morning as unsuspecting users checked their e-mail inboxes. Sal Viveros, a marketing manager for Santa Clara-based Network Associates, which makes the McAfee anti-virus software, said some 20 large corporations had been affected by Tuesday evening. Dan Schrader, vice president of new technology at Trend Micro in Cupertino, said he fielded complaints of significant problems from four Fortune 500 companies and scores of smaller companies. http://www.infobeat.com/stories/cgi/story.cgi?id=2562345881-19a ------------------------------ Date: 23 Sep 1998 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 19" for volume 19] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. also new AUSTRALIAN archive http://mirror.aarnet.edu.au/risks/ PostScript copy of PGN's comprehensive historical summary of one liners: illustrative.PS at ftp.sri.com/risks . ------------------------------ End of RISKS-FORUM Digest 20.66 ************************