precedence: bulk Subject: Risks Digest 20.87 RISKS-LIST: Risks-Forum Digest Friday 28 April 2000 Volume 20 : Issue 87 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at and by anonymous ftp at ftp.sri.com, cd risks . Contents: Explanation for long RISKS hiatus (PGN) UCITA, the Uniform Computer Information Transactions Act (Bruce Schneier) Canadian teen held in Web attacks (NewsScan) Swedish 16-year-old arrested 3 hours after Web attack (Ulf Lindqvist) Teenage hacker stole Gates' credit-card info (NewsScan) Man indicted for vandalizing government computers (NewsScan) Hackers penetrate Gazprom (Steve Bellovin) Security experts discover rogue code in Microsoft software (NewsScan) Encryption code protected by First Amendment (NewsScan) Hackers crack code protecting King e-book (NewsScan) U.S. IT job vacancies approach 1 million mark (NewsScan) Patent Office revamps Web patent review (NewsScan) Iridium flames out, literally (NewsScan) Power failure disrupts National Airport (Andres Zellweger) Software fault stops 76,000 customers receiving phone calls (John Kerr) Squirrelcide at San Jose Airport (Dave Stringer-Calvert) Best new Microsoft bug yet (Martin Minow) Web server displays admin password on failures (Bill Janssen) Hotmail wants to know... (Gillian Richards) no, Virginia (Danny Burstein) REVIEW: "The Social Life of Information", John Seely Brown/Paul Duguid (Rob Slade) FORMAL METHODS *ELSEwHeRE* --second CfP (Tommaso Bolognesi) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 30 Mar 2000 12:12:19 PST From: "Peter G. Neumann" Subject: Explanation for long RISKS hiatus I was in Europe, completely off the net for the first two weeks of April, -- including attending a NATO conference in Brussels on Commercial Off-The-Shelf Products in Defence Applications: The Ruthless Pursuit of COTS, for which I gave a keynote talk on the challenge of building robust systems and discussing COTS vs nonclosed-source software. The slides can be found at http://www.csl.sri.com/neumann/ . Since returning, I have been trying to play catch-up, and was able to begin to read the RISKS e-mail only in the past two days. In this issue, I have tried to make a dent in the huge backlog. I am very grateful that I could rely on NewsScan items that wonderfully captured some of the events that happened in the interim. My profound thanks to John Gehl and Suzanne Douglas, for my being able to repeat their copyrighted items here, with their permission, and apologies to their regular readers who are seeing these items for the second time! But otherwise it would have taken much longer to edit down many of the media reports that are still in the queueueueueueue. PGN ------------------------------ Date: Mon, 17 Apr 2000 13:30:26 -0500 From: Bruce Schneier Subject: UCITA, the Uniform Computer Information Transactions Act [From CRYPTO-GRAM, April 15, 2000, with permission] Virginia Gov. James S. Gilmore III signed the UCITA, and it is now law in Virginia. The Maryland legislature overwhelmingly passed the bill, and it is on its way to become law in that state. I put this horrible piece of legislation in the Doghouse last month, but it's worth revisiting one portion of the act that particularly affects computer security. As part of the UCITA, software manufacturers have the right to remotely disable software if the users do not abide by the license agreement. (If they don't pay for the software, for example.) As a computer-security professional, I think this is insane. What it means is that manufacturers can put a back door into their products. By sending some kind of code over the Internet, they can remotely turn off their products (or, presumably, certain features of their products). The naive conceit here is that only the manufacturer will ever know this disable code, and that hackers will never figure the codes out and post them on the Internet. This is, of course, ridiculous. Such tools will be written and will be disseminated. Once these tools are, it will be easy for malicious hackers to disable peoples' computers, just for fun. This kind of hacking will make Back Orifice look mild. Cryptography can protect against this kind of attack -- the codes could be digitally signed by the manufacturer, and the software wouldn't contain the signature key -- but in order for this to work the entire system has to be implemented perfectly. Given the industry's track record at implementing cryptography, I don't have high hopes. Putting a back door in software products is just asking for trouble, no matter what kinds of controls you try to put into place. The UCITA is a bad law, and this is just the most egregious provision. It's wandering around the legislatures of most states. I urge everyone to urge everyone involved not to pass it. Virginia: Maryland: ------------------------------ Date: Wed, 19 Apr 2000 07:53:19 -0700 From: "NewsScan" Subject: Canadian teen held in Web attacks A 15-year-old Canadian boy has been arrested in connection with the denial-of-service attacks that crippled major Web sites including Yahoo, CNN.com, eBay and Amazon in February. The Montreal-area teenager, who uses "Mafiaboy" as his online moniker, was fingered after investigators were able to trace the attacks to that name by examining the log files of a computer at the University of California-Santa Barbara, one of the servers used in the cyber-assaults. [AP/MSNBC 19 Apr 2000: NewsScan Daily, 19 April 2000 http://www.msnbc.com/news/396994.asp] To subscribe or unsubscribe to the TEXT version of NewsScan Daily, send an e-mail message to NewsScan@NewsScan.com with 'subscribe' or 'unsubscribe' in the subject line. To subscribe to our new HTML version of NewsScan Daily, send mail to NewsScan-html@NewsScan.com, with the word 'subscribe' as the subject. (Subscribing to the HTML version won't automatically unsubscribe you from the text version; please unsubscribe yourself as explained above.) We call our news section "Above The Fold" to honor the tradition of the great "broadsheet" newspapers in which editors must decide which news stories are of such importance that they should be placed "above the fold" on the front page. The NewsScan Credo: Be informative, have fun, and get to the point! See http://www.newsscan.com/, and send us mail: John Gehl and Suzanne Douglas , or call 770-590-1017. Copyright 2000. NewsScan Daily (R) is a publication of NewsScan.com Inc. ------------------------------ Date: Wed, 5 Apr 2000 10:15:07 -0700 (PDT) From: Ulf Lindqvist Subject: Swedish 16-year-old arrested 3 hours after Web attack >From the Web site of Swedish newspaper *Aftonbladet*, April 5 2000: When the Web server of The Swedish National Board of Health and Welfare (Socialstyrelsen) was attacked, the system operators called the National Police Computer Crime Squad while the attack was still in progress. The police immediately started tracking the intruder and could get the attacker's home phone number from an ISP. A search warrant was issued and only 3 hours after the attack, police entered the home of the alleged attacker, a 16-year-old boy who was arrested before the eyes of his parents. His computer as well as his parents' computer were seized and, according to the police, records found on the computers links them to attacks on other Web sites in Sweden. Source: http://www.aftonbladet.se/nyheter/0004/05/hacker.html (in Swedish) What I personally find noteworthy in this story is how quickly the police reacted and that it could be a sign of the trend to treat computer crimes no differently than "low-tech" crime. When organizations see that it actually helps to call the police in cases like this, maybe they will be less reluctant to do so. The deterrent effect on would-be criminals by likely detection and immediate response should not be underestimated. Ideally, the risk of fast law enforcement response should only worry attackers, but given the current nature of identification and (lack of) authentication on the Internet, it could also pose a risk to innocent users whose systems are attacked and used to attack other systems. Ulf Lindqvist System Design Lab, SRI International, Menlo Park CA 94025-3493, USA. Phone +1 650 859-2351 http://www.sdl.sri.com/ ------------------------------ Date: Mon, 27 Mar 2000 08:42:39 -0700 From: "NewsScan" Subject: Teenage hacker stole Gates' credit-card info Eighteen-year-old Raphael Gray was arrested on 24 Mar 2000 in Wales on charges of Internet fraud following a joint investigation by the FBI and Welsh police. Gray and an unnamed accomplice had allegedly hacked into nine e-commerce sites, stealing credit card information on 26,000 accounts in the U.S., Canada, Thailand, Japan and Britain. Among the credit cards compromised was one belonging to Microsoft chairman Bill Gates. Gray, who calls himself the "Saint of E-Commerce," said, "I just wanted to prove how insecure these sites are. I have done the honest thing, but I have been ignored." Gray and his accomplice e-mailed the credit card details to NBCi, a subsidiary of the NBC broadcasting group. [Reuters/News.com 26 Mar 2000; NewsScan Daily, 27 Mar 2000] http://cnet.com/news/0-1007-200-1590629.html?tag=st.ne.1002.bgif.1007-200-1590629 ------------------------------ Date: Thu, 23 Mar 2000 08:09:12 -0700 From: "NewsScan" Subject: Man indicted for vandalizing government computers Twenty-seven-year-old Max Ray Butler of Berkeley, California, has been indicted on charges of breaking into and causing damage to government computers belonging to such agencies as NASA, the Argonne National Labs, the Brookhaven National Lab, the Marshall Space Center, and various facilities of the Department of Defense. Butler (also known as "Max Vision") has in the past been an FBI source, helping the Bureau solve computer crimes. [AP/*San Jose Mercury News* 23 Mar 2000; NewsScan Daily, 23 Mar 2000] http://www.sjmercury.com/svtech/news/breaking/merc/docs/008604.htm ------------------------------ Date: Wed, 26 Apr 2000 20:46:00 -0400 From: Steve Bellovin Subject: Hackers penetrate Gazprom The Associated Press reports that hackers, in conjunction with an insider, penetrated computer systems belonging to Gazprom, the Russian gas monopoly. (http://www.techserver.com/noframes/story/0,2294,500197283-500270387-501418162-0,00.html) (http://www.techserver.com/noframes/story/ 0,2294,500197283-500270387-501418162-0,00.html) What is especially interesting about this case is that they managed to take control of the system controlling the flow of gas in pipelines, according to the Russian Interior Ministry. This makes it one of the few confirmed incidents of direct cyberthreats to a country's infrastructure. --Steve Bellovin [Based on the 26 Apr 2000 AP item, Keith Rhodes also noted that including Gazprom case, Russian police registered 852 cases of computer crime in Russia in 1999, up twelve-fold from the year before. PGN] ------------------------------ Date: Fri, 14 Apr 2000 09:10:08 -0700 From: "NewsScan" Subject: Security experts discover rogue code in Microsoft software A three-year-old piece of Microsoft software includes a secret password that could be used to gain illegal access to hundreds of thousands of Web sites, including site management files that could lead to customers' credit card numbers. The code was discovered by two security experts who found within the code the following message: "Netscape engineers are weenies!" Microsoft is urging customers to delete the file, titled "dvwssr.dll," and plans to send out an e-mail bulletin and post a warning on its Web site describing the security hole. [AP/*San Jose Mercury News*, 14 Apr 2000 http://www.sjmercury.com/svtech/news/breaking/ap/docs/4267471.htm; NewsScan Daily, 14 April 2000] ------------------------------ Date: Wed, 05 Apr 2000 08:46:37 -0700 From: "NewsScan" Subject: Encryption code protected by First Amendment A federal appeals court in Ohio has ruled that encryption software code is protected by the First Amendment because such code is a means of communication between computer programmers. The ruling represents the first time that a federal appellate court has decided software code is protected as free speech, says Raymond Vasvari, legal director of the American Civil Liberties Union: "This is a great day for programmers, computer scientists, and all Americans who believe that privacy and intellectual freedom should be free from government control." The court's decision means a lawsuit filed by Cleveland law professor Peter Junger will be reconsidered. Junger had claimed that the government violated his free-speech rights by requiring export licenses for encryption programs. [*Wall Street Journal*, 5 Apr 2000 http://interactive.wsj.com/articles/SB954899134353800815.htm; NewsScan Daily, 5 April 2000] ------------------------------ Date: Fri, 31 Mar 2000 08:24:25 -0700 From: "NewsScan" Subject: Hackers crack code protecting King e-book Computer hackers cracked the software code that was designed to prevent multiple downloads of Stephen King's "Riding the Bullet" novella, confirming publishers' worries over the dangers inherent in electronic publishing. The e-book's publisher, Simon & Schuster, confirmed that at least two hackers downloaded the software necessary to read the book from Glassbook Inc., one of the Web companies given rights to distribute the book, and managed to break the encryption code that prevented more than one customer from having access to each electronic copy sold. Pirated copies of the book were then distributed to about six Web sites and chat groups. The publisher contacted many of the Internet service providers hosting the sites and had them shut down. "All the publishers are well aware there is no perfect technical solution to this problem," says Glassbook president Len Kawell. "We will do our best with technology; the rest is a matter of patrolling." [*Wall Street Journal*, 31 Mar 2000; NewsScan Daily, 31 March 2000 http://interactive.wsj.com/articles/SB954465411569087773.htm/t000030180.html] ------------------------------ Date: Tue, 11 Apr 2000 08:14:53 -0700 From: "NewsScan" Subject: U.S. IT job vacancies approach 1 million mark U.S. technology companies could be left with more than 800,000 unfilled IT job vacancies this year, according to a study by the Information Technology Association of America, which predicts 843,000 slots for database administrators, programmers, software developers, Web designers, and other IT personnel will go begging due to lack of qualified applicants. The ITAA results mirror those announced by Silicon.com's Skills Survey 2000, which found that 47% of European companies have open IT positions they cannot fill. Research by IDC indicates that the European labor shortage is about 20% less severe than that of the U.S., but that could change as foreign workers flock to fill U.S. jobs, encouraged by more lenient immigration rules. [Silicon.com 11 Apr 2000 http://www.silicon.com/ ; NewsScan Daily, 11 April 2000] ------------------------------ Date: Wed, 29 Mar 2000 07:58:43 -0700 From: "NewsScan" Subject: Patent Office revamps Web patent review The U.S. Patent and Trademark Office is overhauling the way it reviews applications for many online practices, and will now require a broader search of past practices and inventions before awarding patents. The change comes in response to critics who charge the Office with granting overly broad patents for basic Web techniques, such as Amazon's "1-Click" ordering process. Examiners reviewing applications in the business-method area will now have to follow new procedures, including searching online databases for similar technology ideas. "If you make these decisions without adequate data, you run the very real risk of issuing patents on things that were already invented, or patents that are far broader than they should be," says Roland Cole, executive director of the Software Patent Institute. [*Wall Street Journal, 29 Mar 2000; NewsScan Daily, 29 Mar 2000] http://interactive.wsj.com/articles/SB954286078412266261.htm [It's about time. Many patents have been getting through where prior art has been known for years. But it does provide lots of employment for lawyers. PGN] ------------------------------ Date: Tue, 11 Apr 2000 08:14:53 -0700 From: "NewsScan" Subject: Iridium flames out, literally Iridium, the bankrupt global satellite telephone corporation that spent $5 billion on the creation of a communications system for "anyone, anytime, virtually anywhere in the world," will soon start sending 88 giant satellites hurtling from the skies and burning up before they reach Earth. Noting that the expensive Iridium phones could not even be used indoors, industry-watcher and financial analyst James Grant says, "It was a technology that didn't live up to its hype or its billing. People chose to overlook the risks because they were bedazzled by the technology and the promoters or sponsors." [*The New York Times*, 11 Apr 2000 http://www.nytimes.com/library/tech/00/04/biztech/articles/11iridium.html; NewsScan Daily, 11 April 2000] ------------------------------ Date: Thu, 13 Apr 2000 08:16:07 -0400 From: ZellwegA@cts.db.erau.edu (Andres Zellweger) Subject: Power failure disrupts National Airport At 7:50pm on the evening of 10 Apr 2000, a power failure shut down radar at Washington DC's Reagan National Airport after the backup generator failed at 8:41pm. Traffic was obviously affected. Hotels were full, trying to take care of stranded passengers. [Source: Article by Phuong Ly, *The Washington Post*, 11 Apr 2000, B02] [Power was resumed around 4am. So much for back-up systems! Dres] [Yes, they needed backup to the backup. This event also reported to RISKS by Sy Goodman. PGN] ------------------------------ Date: Thu, 6 Apr 2000 18:04:18 +1000 From: "John Kerr" Subject: Software fault stops 76,000 customers receiving phone calls At 1615 on 6 April 2000 local time, a Telstra spokesman on ABC Public Radio advised that 76,000 telephone customers in the Toowong area of Brisbane, Australia had been affected by a software fault which prevented them receiving incoming calls although he indicated they seemed to be able to ring out. He stated the problem had occurred two hours previously and expected that service would be restored within half an hour but otherwise gave no details. The radio and station [and I] were in the affected area. John Kerr, jkerr@gil.com.au - St Lucia Brisbane Australia 61 7 3870 9588 when it takes calls ------------------------------ Date: Fri, 14 Apr 2000 06:57:15 -0700 From: Dave Stringer-Calvert Subject: Squirrelcide at San Jose Airport Squirrel cuts power to airport [From www.newschannel11.com] A spokesman for Pacific Gas & Electric said power was restored to Santa Clara County office buildings and the San Jose International Airport and all other customers around 2:30pm. ... 1,300 customers lost power around noon when a squirrel touched a conductor and blew a circuit breaker. As power failed, back-up generators kept the airport running and planes continued to take off and land on time. ... No flight delays ... No traffic lights around the airport... luggage handled by hand ... Terminal C only. [PGN-ed] ------------------------------ Date: Tue, 18 Apr 2000 13:26:39 -0700 From: "Martin Minow" Subject: Best new Microsoft bug yet http://support.microsoft.com/support/kb/articles/Q131/1/09.asp Explorapedia Nature: Earth Rotates in Wrong Direction The information in this article applies to: Microsoft Explorapedia series: World of Nature for Windows, version 1.0 SUMMARY When you run Explorapedia and use the Exploratron to look at the Earth spinning, the Earth rotates in the wrong direction. STATUS Microsoft has confirmed this to be a problem in Explorapedia, World of Nature, version 1.0. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available. [Transcribed by Martin Minow, minow@pobox.com (I shouldn't be so smug, as I got this wrong in one of my applets, too.)] ------------------------------ Date: Wed, 23 Feb 2000 18:44:04 PST From: Bill Janssen Subject: Web server displays admin password on failures Here's a classic from the pilot-unix mailing list: Subject: [Pilot-Unix] Palm Store From: Justin Osborn Date: Wed, 23 Feb 2000 18:04:44 PST To: mblug@mbhs.edu, Palm Unix List I went to the Palm Store (palmorder.modusmedia.com) and I did a search for "Minstrel." I got this error message: CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: Died at D:\enGarde\Apps\Palm\cgi-bin\palmsearch.cgi line 63. dsn=palm;SERVER=ecom-websql;UID=sa;PWD=[******* deleted for RISKS by PGN] ---------- Error Report:---------- Errors for the package: Connection Number: Error number: 1326 Error message: "[Microsoft][ODBC SQL Server Driver]Client unable to establish connection" ----------------------------------- [...] Displaying the system admin password? Come on... Justin Osborn Bill Janssen (650) 812-4763 FAX: (650) 812-4777 Xerox Palo Alto Research Center, 3333 Coyote Hill Rd, Palo Alto, CA 94304 ------------------------------ Date: Thu, 27 Apr 2000 10:50:45 +1000 From: "Richards, Gillian" Subject: Hotmail wants to know... A friend (and indeed myself) write characters in assorted newsgroups, and not all the characters are human. To keep mail pertaining to those characters separate from work, etc, we created Hotmail accounts for each character, and filled in the statistics as if it _were_ the character. As an example, I write a rabbit who is aged about 18 months - the equivalent of a young adult in human terms. (If any of the other writers are reading this, I deny being any of them {fluffystomp!}) Now Hotmail won't let us access our accounts as we are "underaged", unless an adult verifies that we are allowed to. The proof of adult status required? A credit card number. The risks: 1) I refuse to give my credit card number for a non-purchase reason. 2) Who says a real kid is going to enter their correct age anyway? (just like the "click here if you are over 18" checks of the adult sites) 3) If we put in our real ages (and indeed our real details such as zip/post codes and other such stuff) just how much free marketing information is Hotmail getting out of us? Hotmail can trace any mail back to my own ISP account if necessary. Surely that's more than enough information for them. If I start getting junk mail in my ISP mailbox for rabbit feed and viagra, I'll know why. Gillian the Techie ------------------------------ Date: Fri, 31 Mar 2000 12:07:19 -0800 (PST) From: danny burstein Subject: no, Virginia (Re: RISKS-20.86) Permit me to point out that the famous letter, from Virginia O'Hanlon, was first printed in the *New York Sun* of 21 September 1897. [TNX. For historical accuracy, not RISKS relevance. PGN] ------------------------------ Date: Tue, 18 Apr 2000 08:11:42 -0800 From: "Rob Slade" Subject: REVIEW: "The Social Life of Information", John Seely Brown/Paul Duguid BKSOLFIN.RVW 20000222 "The Social Life of Information", John Seely Brown/Paul Duguid, 2000, 0-87584-762-5, U$25.95 %A John Seely Brown jsb@parc.xerox.com %A Paul Duguid duguid@socrates.berkeley.edu %C 60 Harvard Way, Boston MA 02163 %D 2000 %G 0-87584-762-5 %I Harvard Business School Press %O U$25.95 800-545-7685 fax: 617-496-8066 www.hbsp.harvard.edu %P 320 p. %T "The Social Life of Information" The book is not very clear about the social life of information, or why we should care about it. For example, the introduction notes that digital communications removes clues that we would ordinarily receive in a conversation, conveyed through body language. It also asserts that there are a number of people involved in the infrastructure behind accessing a piece of printed information, such as publishers and librarians. The irony of these statements seems to be lost: books hide body language just as effectively as e-mail, and the Internet is the product of a number of communities of people, the cultures of whom are apparent to those who choose to examine the net closely. Chapter one examines the information glut, as well as touching on the fact that knowledge may lose its value as it is atomized into mere data. However, it is difficult to find any central theme, other than a reaction against some of the more facile assertions that are being made about the information age. Agent technology and other forms of low level artificial intelligence are noted to be imperfect, in chapter two. Starting with telecommuting, chapter three looks at other aspects of computers and work. Chapter four discusses the failure of business process re-engineering and the triumph of informal practices of work and socialization. (I can fully agree with the comments on the business-term-du-jour.) Social factors involved in knowledge and learning are addressed in chapter five. A "seed in good soil" model of technical development structures the presentation of knowledge ecologies in chapter six. Chapter seven seems to feel that there is some inherent validation of printed knowledge, but I can certainly attest to the fact that a lot of books are a waste of good pulp. Chapter eight finishes off with a look at higher education, and also provides the only solid suggestion of the work--the "distributed" college, with separation of the various functions. The book makes one important point; that trying to remove information from its social context is fraught with peril. The text is readable, and the material is erudite and even, at times, insightful. Unfortunately, this single message, and a bit of tutting at those leaping into digital waters without looking, doesn't seem to be able to carry interest in the volume all the way through. The content is neither new, nor presented in any novel way. Questions or intents are not very clear, nor strongly pursued. The result is probably worth reading as a reminder not to get too caught up in the techno-hype, but is not earth-shaking. copyright Robert M. Slade, 2000 BKSOLFIN.RVW 20000222 rslade@vcn.bc.ca rslade@sprint.ca slade@victoria.tc.ca p1@canada.com http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade ------------------------------ Date: Fri, 21 Apr 2000 16:21:30 +0100 From: Tommaso Bolognesi Subject: FORMAL METHODS *ELSEwHeRE* --second CfP F M - E L S E w H e R E (FORMAL METHODS *ELSEWHERE*) A Satellite Workshop of FORTE-PSTV-2000, devoted to applications of Formal Methods to areas *other than* communication protocols and software engineering. P i s a , I t a l y, O c t o b e r 1 0 , 2 0 0 0 FM-ELSEWHERE Web page http://www.cs.ukc.ac.uk/people/staff/hb5/Elsewhere/ FORTE/PSTV Web page http://forte-pstv-2000.cpr.it ... Also, we will be keeping a list of known non-traditional applications of formal methods on the workshop web page, http://www.cs.ukc.ac.uk/people/staff/hb5/Elsewhere/ and if you wish to contribute an item to the list mail Howard Bowman (H.Bowman@ukc.ac.uk). SUBMISSIONS by 15 May 2000 Send by e-mail a copy of your paper to Howard Bowman (H.Bowman@ukc.ac.uk). ------------------------------ Date: 13 Dec 1999 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 19" for volume 19] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. Also, new AUSTRALIAN archives at http://mirror.aarnet.edu.au/risks/ and http://the.wiretapped.net/security/textfiles/risks-digest/ . PostScript copy of PGN's comprehensive historical summary of one liners: illustrative.PS at ftp.sri.com/risks . ------------------------------ End of RISKS-FORUM Digest 20.87 ************************