precedence: bulk Subject: Risks Digest 20.84 RISKS-LIST: Risks-Forum Digest Saturday 18 March 2000 Volume 20 : Issue 84 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at and by anonymous ftp at ftp.sri.com, cd risks . Contents: Report on hacker altering MIT grades: NOT! (Mark Lutton) Radar glitch at Philadelphia's airport (PGN) WAAS Software Problems (Peter B. Ladkin) NASA report: Faster, cheaper is not better (PGN) Sea Launch rocket drops satellite into Pacific Ocean (PGN) Week-long outage after cable cut downs 11,000 phone lines (PGN) Overdue Railtrack calls in the Army (Ursula Martin) Hooked on I-sex (NewsScan) Hackers sued by software-filtering company (NewsScan) Y2K strikes again *R. Geoffrey Newbury) Re: Arizona and Internet elections (Adam Shostack, Steve Wildstrom) It was just a network board... (Wayne Mesard) Risks of software configuration for filtering offensive language (George White) Online gambling operator convicted (NewsScan) The RISKS Of A Hyperactive Anti-Viral Immune System (Jon Seymour) Risks of being a pushy high-tech headhunter (Michael D. Crawford) Voicemail messages silently lost (Dick Karpinski) Correction to privacy risks item (Daniel P. B. Smith) Re: Web Information on heart attacks (Jeffrey Waters) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sun, 12 Mar 2000 21:03:46 -0500 From: Mark Lutton Subject: Report on hacker altering MIT grades: NOT! On 9 Mar 2000, *The Boston Globe* reported that a hacker had broken into an MIT computer system and changed the grades of 22 students in a cell biology class. Some grades were raised and some were lowered but not in any sensible pattern. Teacher Harvey Lodish announced to his class (on Thursday March 2) that a cheating scandal had been uncovered. Suspicions did not point to any particular students in the class. No motive could be inferred and it was believed that an unknown third party had done the hacking for no discernable reason. On 10 Mar 2000, *The Boston Globe* reported that the mystery had been solved. The grades were recorded in a spreadsheet and a teaching assistant had unknowingly sorted the student name column without also sorting the grades columns. No intruder, no hack, no cheating scandal. Officials discovered the source of the mistake only after spending a full week ruling out the possibility of infiltration. It seems to me that bound paper ledger books would be a much better tool for keeping grade records, at least for this teacher and his assistants. Ref: www.boston.com, find Archives, search for "Lodish". Mark Lutton ------------------------------ Date: Sat, 18 Mar 2000 17:15:12 PST From: "Peter G. Neumann" Subject: Radar glitch at Philadelphia's airport THREE times, on the evening of 10 Mar 2000, an almost-40-year-old air-traffic control radar system tracking arriving and departing planes malfunctioned, causing the identification tags of planes on radar screens to be blanked out. This affected about 30 planes on 8 screens, each outage lasting about three minutes -- although on recovery, the tags had to be manually reset by pilots, on request from the tower. Backup was available. This followed on previous outages on 5 May and 17 May 1999. [Source: noted in the *Inquirer* by Andres Zellweger, and in *Infoworld* by John McLean at ubs.com. An unconfirmed report indicated that the malfunction was due to three ``processor cards''. PGN] [An interesting question is whether the proposed new scheme of a highly distributed system that puts greater reliance on the computer systems in each cockpit will add to the risks or decrease them. Distributed systems tend to create risks not generally found in centralized systems. PGN] [Error in May dates fixed in archive copy. PGN] ------------------------------ Date: Wed, 01 Mar 2000 17:15:05 +0100 From: "Peter B. Ladkin" Subject: WAAS Software Problems *AvWeek* reported "software problems" with the Wide Area Augmentation System (WAAS) this week (28 Feb 2000, p49, story by Bruce Nordwall). WAAS is a ground-based system which will augment GPS positioning over the continental US to allow position accuracy to less than 3 meters (from 100 meters). This will enable the FAA to develop near-precision instrument approaches to landing at airports that are not equipped with navigation aids, for properly-equipped aircraft. WAAS accuracy was better than expected during tests (requirement was 7.6m accuracy, but the system achieved better than 3m accuracy). However, integrity is the issue. The probability that a pilot would *not* get a positive warning when WAAS guidance is erroneous for longer than 6.2 seconds must be less than 1 in 10exp7 (units - I presume approaches). This evaluates to one in 47.5 years, apparently. *AvWeek* points out what most safety-critical-system professionals know and others can figure out in a second or two, that confidence to this level can only be achieved by analysis and not by testing. The software problems were not detailed. However, two other problems uncovered during a 60-day stability test (that was terminated early) will be fixed through software. One is related to the switchover between the two ground-uplink stations. The other is multipath signal degradation at 5 of the 25 wide-area reference stations, that will be corrected through filtering software algorithms. Peter Ladkin University of Bielefeld, Germany http://www.rvs.uni-bielefeld.de ------------------------------ Date: Sat, 18 Mar 2000 17:01:57 PST From: "Peter G. Neumann" Subject: NASA report: Faster, cheaper is not better After the recent Mars probes were lost, shuttles delayed, the Hubble Telescope temporarily shut down, and other problems, NASA review boards have concluded that the recent attempts motivated by ``Faster, Cheaper'' have been overzealous, with too little money and not enough oversight. [Source: AP item, 14 Mar 2000, PGN-ed] ------------------------------ Date: Sat, 18 Mar 2000 17:14:41 PST From: "Peter G. Neumann" Subject: Sea Launch rocket drops satellite into Pacific Ocean Launched from a converted ocean-going oil rig, a Russian-Ukrainian rocket carrying a British ICO Global Communications satellite ($100M) fell into the Pacific after liftoff. This was a Boeing-led effort, after two previous successes -- a dummy test launch, and a DirecTV satellite. [Source: *San Francisco Chronicle*, 13 Mar 2000, A11, PGN-ed. No cause given. I hope some RISKS reader can provide details. PGN] ------------------------------ Date: Sat, 18 Mar 2000 17:09:10 PST From: "Peter G. Neumann" Subject: Week-long outage after cable cut downs 11,000 phone lines 11,000 phone lines in northeastern San Jose were down for about a week on 10 Mar 2000, when a construction crew accidentally took out four buried cables. ``The repair work is mind-numbingly tedious, with each wire having to be spliced by hand and then tested.'' [Source: *San Francisco Chronicle*, 14 Mar 2000, A13,18, PGN-ed] ------------------------------ Date: Sun, 12 Mar 2000 20:30:05 -0800 (PST) From: Ursula Martin Subject: Overdue Railtrack calls in the Army [In RISKS-20.67, we noted the Y2K glitch in Railtrack's on-line timetables. Much deeper problems have now arisen. PGN] Privatised Railtrack is running about a year behind schedule and 3 billion pounds over budget in attempting to rebuild the London-Glasgow line. They have now turned to the Royal Logistics Corps and engineers (``sappers'') from the Royal Engineers to teach Army discipline and consult on the repairs. Railtrack employees are being sent to Army training camps. Retired military folks are also being used as consultants. [Sources: The Telegraph, 13 Mar 2000 and 16 Dec 1999; PGN-ed] Two quotes are noteworthy: * Robin Gisby, of Railtrack, said: "We have expertise on rebuilding railways, but have never had anything as complicated as this line. We are using the Army because they have a lot of experience in moving men and materials to tight deadlines." * Don Foster, Liberal Democrat transport spokesman, said: "After the trouble the Army has had with its rifles, let's hope they have more success helping to get the West Coast main line into action." An earlier article explains that the cost overrun from 2.2 billion to 5.8 billion (that's UK pounds and UK billions) were due to the decision to abandon computerised "moving block" signalling, which removes the need for traditional lineside signals. http://www.telegraph.co.uk/et?ac=000125824864271&pg=/et/00/3/13/nrail13.html http://www.telegraph.co.uk/et?ac=000125824864271&pg=/et/99/12/16/ntra16.html [URLs simplified in archive copy, TNX to Lloyd Wood. PGN] ------------------------------ Date: Wed, 01 Mar 2000 06:40:50 -0700 From: "NewsScan" Subject: Hooked on I-sex Psychologists from Stanford and Duquesne universities have published an article in the journal *Sexual Addiction and Compulsivity* claiming that at least 100,000 users are cybersex compulsives who spend more than 11 hours a week visiting X-rated Web sites and chat rooms. The study concludes: "This is a hidden public-health hazard exploding, in part, because very few are recognizing it as such or taking it seriously." The researchers believe that cybersex compulsives have difficulty maintaining normal relationships with others. [AP/*The New York Times*, 1 Mar 2000 http://www.nytimes.com/aponline/a/AP-Online-Sex.html; NewsScan Daily, 1 March 2000 ------------------------------ Date: Thu, 16 Mar 2000 09:21:14 -0700 From: "NewsScan" Subject: Hackers sued by software-filtering company Programmers Eddy L.O.Jansson and Matthew Skala are being sued by Massachusetts -based Microsystems Software, which produces and sells "Cyber Patrol" filtering software to protect children from pornographic content on the Internet. The lawsuit alleges the two men illegally "reverse-engineered" its software to create a "cphack" software utility to destroy the effectiveness of Cyber Patrol. Skala says he opposes Internet filtering software on philosophical grounds. [AP/San Jose Mercury News 16 Mar 2000) http://www.sjmercury.com/svtech/news/breaking/merc/docs/025265.htm; NewsScan Daily, 16 Mar 2000] ------------------------------ Date: Wed, 15 Mar 00 11:29:18 -0500 From: "R. Geoffrey Newbury" Subject: Y2K strikes again Robert Challender in Nevada registered his car late. He received a bill for $378,426.25 from the Nevada Department of Motor Vehicles. After the mix-up was resolved, he wound up paying $60. [Source: United States Agency puts brake on bill, *National Post*, 13 Mar 2000, page A14. Of course, he was billed for accrued interest since 1900. I suppose the car should then have been re-registered as a horseless carriage, as per RISKS-20.63-65. PGN-ed] [I received an apology from my sewer pipe root removal service, which installed a new computer system last April, presumably for Y2K compliance. They *just* discovered they had missed my annual service last September. More than 6 months late. I hope they get to the root of the problem. PGN] ------------------------------ Date: Thu, 9 Mar 2000 10:44:15 -0500 From: Adam Shostack Subject: Re: Arizona and Internet elections (Markowitz, RISKS-20.83) Regarding the Arizona elections, the election.com web page on confidentiality makes no promise that there will be no correlation of voters and cotes cast. Further, I'm unable to find a privacy statement of any sort on the web site. In light of recent revelations about 'democracy portals' gathering information, there seems to be a worrysome chance that people's actual votes may be tallied, sorted, and stored in personally identifying formats. (Ross Kerber, *The Boston Globe Online*, 7 Mar 2000) http://www.election.com/political/arizona/security.htm http://www.digitalmass.com/news/daily/03/07/database.html [Also, check out Lauren Weinstein's item on Internet voting, at http://www.pfir.org. PGN] ------------------------------ Date: Thu, 09 Mar 2000 11:12:15 -0500 From: "Steve Wildstrom" Subject: Re: Arizona and Internet elections (Markowitz, RISKS-20.83) Voting is an unusual case where there is a simultaneous need for both authentication and privacy, and it's hard to see how both can be met. It's easy enough in the real world of physical ballots. In Maryland, where I vote, you sign in and are handed a set of ballots. Signatures are at least perfunctorily checked against the registration record, but I have never been asked for additional ID. You vote the ballots in a punch machine. Before depositing the marked ballots into the ballot box, you tear off the numbered stubs which associate the ballots with your identity. This works nicely because the entire process is visible to, and understandable by, the voter. Once you are authenticated on line, how do you cast a secret ballot? Steve Wildstrom, Technology & You Editor, Business Week, 1200 G St. NW Suite 1100, Washington DC 20005 1-202-383-2203 steve_wildstrom@businessweek.com ------------------------------ Date: Tue, 29 Feb 2000 14:27:37 -0500 (EST) From: Wayne Mesard Subject: It was just a network board... (Re: RISKS-20.80) > a handful of network cards, costing about $50 a piece, were not able to > handle [the Y2K witching dates], and were generating erratic packets. > Replacing the boards has fixed the problem, according to *Der > Tagesspiegel*. This story (or rather http://babel.altavista.com/'s translation of same) set off all my Urban Legend alarms. [Beat ya to the pun, PGN.] Most of us have encountered bugs that looked and smelled like one thing (due to coincident or misinterpreted symptoms), but eventually turn out to be something else. Add to that the predisposition to blame anything and everything on Y2K, and you've got a recipe for miss-diagnosis. I'm perfectly willing to believe that this is a Y2K bug. And even that the bug is with the network card as described in the article. But first we need more information: - What was done to fix the problem on Jan 1? How did that fix become undone between then and now? - Who is the manufacturer of this network card? Do they know about the problem? Do they agree that it is a Y2K bug? Why have we only heard of this single manifestation of the bug? - Why is a network card aware of the date, anyway? (At $50, I doubt there's any on-board encryption key management, for example.) And how could this information cause it to "generate erratic packets"? Without answers to these questions, I remain skeptical. Wayne(); ------------------------------ Date: Sun, 12 Mar 2000 20:40:25 -0400 (AST) From: George White Subject: Risks of software configuration for filtering offensive language The Royal Court, a UK theatre group known for vigorous opposition to censorship and for plays whose dialogue is intended to shock and offend, recently obtained a new computer system. This system was configured to prohibit entry of expressions that might violate standards appropriate to office e-mail systems in the US, much less dialogue of the sort for which the group is known. [Guardian Weekly, March 2--8, 2000]. George White Halifax, Nova Scotia ------------------------------ Date: Tue, 29 Feb 2000 08:37:28 -0700 From: "NewsScan" Subject: Online gambling operator convicted The first defendant to stand trial in New York for online gambling via offshore locations has been convicted. Jay Cohen, a U.S. citizen, ran an Antigua-based sports betting parlor called the World Sports Exchange. He was found guilty under a federal law against using telephone lines to place illegal wagers. Cohen faces up to five years in prison on a conspiracy charge and two years for each of seven sports betting counts. [Bloomberg/*Los Angeles Times*, 29 Feb 2000; http://www.latimes.com/business/20000229/t000019506.html; NewsScan Daily, 29 February 2000] ------------------------------ Date: Sun, 19 Mar 2000 11:12:14 +1100 From: jon seymour Subject: The RISKS Of A Hyperactive Anti-Viral Immune System A friend was attacked by a worm the other day. This worm is a Visual Basic script that attempts to copy itself to every mapped drive it can find, and then some random ones besides. Having found the worm, he created a copy of it, gave it a safe file name and then sent it to me as an attachment to an e-mail. His intent was simply to share a curio with me. He certainly didn't want to infect me and thought he had taken sufficient pre-cautions to prevent that occurrence. And, in fact, I was never infected. But the lack of a successful infection does not mean I didn't catch a nasty fever. I use Windows NT, Netscape and don't have Visual Basic scripting enabled. I also have a popular virus checker installed with reasonably recent list files. You'd think I could read his mail safely without any problems. You'd be wrong. What happened was this. As soon as I attempted to open my mail, I caught the title of the e-mail "I've been attacked by a worm". Then my mail client froze and several seconds later, the virus checker popped up and told me that my inbox had been infected by the worm and that it couldn't repair the file. So, I think, let's repair it manually. I shutdown Netscape and attempt to make a copy of my Inbox. Can't do it - access denied. Try to tail my inbox. Can't do it - access denied. Try to type my inbox. Can't do it - access denied. Not entirely sure what has happened at this stage, I start my scanner and ask it to do a full scan. 1 hour later it finishes. The only copy of the worm is in my inbox - it hasn't actually executed. But I still can't get at my inbox. So I figure I have to disable the virus checker. That doesn't work. So I reboot. Attempt to tail the file. The virus checker pops up again. Eventually, I manage to disable the virus checker, get access to the mail box, delete the offending mail item. Netscape would still not allow me to open my inbox. Then I realise it doesn't like some of the blank lines I left at the end when I did the manual edit, so I delete them too. Finally, 2 hours after the mail arrived, I could resume normal use of my system. The RISKS? A worm can give you a nasty fever, even if it doesn't find a suitable execution environment. All it has to do is lure a hyperactive anti-viral immune system into acting. jon. PS: out of courtesy to fellow RISKS readers, I haven't added the worm as an informative attachment :-) ------------------------------ Date: Sat, 18 Mar 2000 07:14:41 -0800 From: "Michael D. Crawford" Subject: Risks of being a pushy high-tech headhunter While this isn't related to actual software failures I think it's probably relevant to the interests of most of the people who read this list, and the risk to the headhunters will become clear. I used to get jobs and contract through recruiters and job shops regularly but lately I've been finding them especially pushy, crass and just plain ignorant. There are some who are quite good but these days they are definitely in the minority. I also have found a lot of high-tech workers are taken advantage of by the contract firms, such as the fellow who posted to alt.computer.consultants about how he billed his agency at $35/hour, and the agency billed his time to the client at $90/hour, or my friend who was completely unqualified for a contract QA job, so the agency totally fabricated a new resume for him and sent him to the interview without mentioning the fraud, only to have it discovered by the client who asked for details on his exciting, relevant and completely fictitious job experience. What really drove me over the top is that I got a "follow-me" number for my business but chose to let it go to voice mail while I've been away for the week visiting my desperately ill father. A recruiter from Oxford International called wanting me to do some smalltalk work, which I'd like to do but I'm not available, so I called back and left a message saying I had a friend who might be interested in the job, and I'd check with her to find out. Well this recruiter just blasted my business line off the hook, scaring my poor mom who was confused by the cryptic messages from the follow-me service. The recruiter, figuring that she wasn't going to get through on the business line, made the effort to track down my home phone number and then hounded my fiance to locate me, and leaving many messages demanding my friend's phone number. My friend didn't want the job, and sure was adamant about not giving out her number after I described the recruiter's efforts. I called the recruiter back, left a message saying she wasn't going to get my friend's phone number and recommended she go to my web site and read this page, which I've had up for quite a while, ever since I came to the firm conclusion that agencies weren't interested in finding me the kind of work I'm looking for: http://www.goingware.com/notes/recruiters.html Shortly after, a new consultant posted to alt.computer.consultants about how he just got into the business and wanted to know about services that find clients for a fee, saying he was just a programmer, didn't know about marketing, and was reluctant to make cold calls. So I posted everything I knew about finding clients without going through the agencies, and in fact have been doing totally independent consulting since April '98 without a single cold call. I saved the post and then went to a lot of extra effort to write it up real nice in HTML and discuss what I thought of the state of the recruiting business these days and posted it here: http://www.goingware.com/tips/marketing.html The main point of the page isn't just how to find clients - it's how to find clients without going through those obnoxious agencies. It's about taking back the power we were born with and using it to run our lives ourselves without allowing ourselves to be taken advantage of by those who would feed off of us. I'm going to write a corresponding page soon to help employers and clients find employees and consultants without using agencies. The short version: it's not rocket science. Get a web page. Put keywords in it. Submit it to search engines and web indices - clients will find you when they do web searches. Use search engines and web indices to locate clients. It takes some effort but not really that much and actually it's kind of fun. This is a particular case of what's discussed at the Cluetrain Manifesto, which I highly recommend reading: http://www.cluetrain.com which (very briefly stated) points out that businesses that try to control the flow of information and do not serve their customers well will experience a backlash that is greatly aided and amplified by the free flow of information on the Internet, and the ready ability for customers (software consultants) to communicate directly with each other about things that such businesses (headhunters) would rather not have discussed publicly. Mike Crawford crawford@goingware.com http://www.goingware.com ------------------------------ Date: Mon, 13 Mar 2000 22:02:46 -0800 (PST) From: Dick Karpinski Subject: Voicemail messages silently lost Apparently some bugs survive change of ownership. Now that Octel is part of Lucent, I thought I'd see if they fixed the problem I was reporting perhaps five years ago. Looks like not: I wrote this: Years ago Octel voicemail replies had to be terminated with ## in order to be delivered. My efforts to get that changed were resisted at the time. Can you tell me if it is still so, please? Lucent responded: Hello Richard, I am personally unfamiliar with your prior request however, we have not changed the commands. Perhaps this was not explained adequately in the past. The first # ends the recording and allows for the entry of sending options, like private and priority, to be added to the message, and also, allows for deleting and re-recording the reply should the person wish to change what is in the content of the message. Then, the second # is the command to send the message. I believe it would be unlikely to change that in the future as the control functions after recording a reply are important and even mandatory. If you wish to offer further suggestions, I would offer that sending them in to our Marketing and Engineering groups would be a good route as they are constantly looking at ways to improve our products. > Thank you for your question and interest in Lucent Technologies, voice > messaging products. > Roger J. Miller > Manager, Messaging Technical Services Organization > Lucent Technologies So I wrote: I shall do as you say, but I personally request that you consider the plight of the average guy using the system. If he's not really well trained in replying to voice mail, he may treat it as if it were voice mail. That is, when he's done talking to the machine, he hangs up. The problem is not even that such messages are unceremoniously dumped. The problem is that the message is lost AND NO ERROR IS INDICATED. A guy can go for months telling people he DID return their voice mail while they tell him they never got it. It wouldn't take a big change to fix the problem, but all the experts chalk up the failures to inadequate training. I chalk it up to a BROKEN user interface that allows slightly forgetful users to go on making mistakes for a long time. This makes the whole organization seem stupid or irresponsible. It may die the death of a thousand cuts. This is not a trivial matter. They are your customers and they deserve better. Yours for a better world, Dick Karpinski The world's largest leprechaun. |=|:-}= PS. Could you let me know how to reach your Marketing and Engineering groups to suggest the change? ------------------------------ Date: Tue, 14 Mar 2000 06:34:30 -0500 (EST) From: "Daniel P. B. Smith" Subject: Correction to privacy risks item (RISKS-20.83) I recently cited SPEBSQSA, a non-profit organization to which I belong, as an exemplar of a tendency of more and more organizations to casually roll out Web sites with privacy risk exposure on an "automatic" or "opt-out" basis. My item on SPEBSQSA contained a factual error. I criticized their members-only web site for making chapter rosters available, with name/address/phone information. This information is in fact only made available to registered Chapter officers. This reduces the privacy risks and means that the Web site's privacy policy is similar that of SPEBSQSA. This restriction is not obvious to a casual observer, but I should have checked this specifically before submitting this item to RISKS. Apologies to those concerned. Daniel P. B. Smith [This correction is included in the interest of barber-shop harmony. PGN] ------------------------------ Date: Thu, 09 Mar 2000 08:22:47 -0600 From: "Jeffrey Waters" Subject: Re: Web Information on heart attacks (RISKS-20.83) I would encourage Mr. Turner to review the current manuals used by the American Heart Association for training health-care providers in BLS (Basic Life Support) CPR. This document does mention the coughing routine. As I recall, it does not endorse this method but does outline what purpose the coughing serves. I would hope the ER department at RGH will have a few words with Mr Turner. And if he has a heart attack, by all means, don't let him cough! J Waters ------------------------------ Date: 13 Dec 1999 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 19" for volume 19] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. Also, new AUSTRALIAN archives at http://mirror.aarnet.edu.au/risks/ and http://the.wiretapped.net/security/textfiles/risks-digest/ . PostScript copy of PGN's comprehensive historical summary of one liners: illustrative.PS at ftp.sri.com/risks . ------------------------------ End of RISKS-FORUM Digest 20.84 ************************