[1216] in RISKS Forum
RISKS DIGEST 17.91
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Tue Mar 19 15:11:39 1996
From: RISKS List Owner <risko@csl.sri.com>
Date: Tue, 19 Mar 96 12:09:16 PST
To: risks@MIT.EDU
RISKS-LIST: Risks-Forum Digest Tuesday 19 March 1996 Volume 17 : Issue 91
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, caveats, etc. *****
====> ANOTHER ITERATION ON SUBMISSIONS AND REUSE. <====
Contents:
Hare Krsna chants trigger answering machine remote access (Dan Cross)
Medical Device Recalls: Heart monitor (PGN)
Jury-duty-pool selection-criteria risks (Varda Reisner Bruhin)
FTC Targets Internet Fraud (Edupage)
Iomega Stock Volatility Blamed on AOL Postings (Edupage)
Risks of onboard flight manuals (Hank Nussbacher)
Foreign CDA (Kurt Fredriksson)
Risks of assuming all computers are PCs (Timothy Panton)
PacBell ID Blocking [For California readers] (Henry Baker)
Response from Strassmann/Marlow illustrates further risk (Benjamin Bokich)
Flash Crowds (David M. Chess)
Re: Netscape's syntax checking (Matt Welsh, Max TenEyck Woodbury)
Internet Privacy and Security, Call for Papers (Joseph M. Reagle Jr.)
InfoWarCon V 1996: Call For Papers (Winn Schwartau)
ABRIDGED info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 18 Mar 1996 10:35:10 -0500
From: Dan Cross <cross@math.psu.edu>
Subject: Hare Krsna chants trigger answering machine remote access
I bought a CD by the hardcore group ``Shelter'' yesterday. They're a
straight edge (that is, no drugs, alcohol, tobacco, etc) band who are also
quite into Krsna consciousness.
Track number 11 of this CD is a 5 minute section of Hare Krsna chanting and
music. I told my girlfriend this, and she thought that it sounded kind of
``interesting.'' So, when I called her up just a second ago and her
answering machine picked up, I thought it would be humorous to play the
chants REALLY loud so that it would be picked up over the phone. Thinking
that she might be there but just not have answered, I was holding the
receiver to my ear, when to my surprise, I heard the answering machine say,
``enter access code for remote operation...''!
I was quite amazed, and speculated that the chanting had had some sort of
tone in it that triggered an attempt to use the remote operation facility
present in most modern answering machines.
The risk? Things like this go to illustrate how far our modern technical
society has come, and how it has grown in many different directions at once.
It is possible to say that we have advanced to such a point in so many areas
that seemingly innocuous things in one (such as a track of music on a CD)
can trigger *very* unexpected results in another.
Dan C.
------------------------------
Date: Fri, 15 Mar 96 8:49:54 PST
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Medical Device Recalls: Heart monitor
Here is an item reminding us of the pervasiveness of RISKS problems:
From Public Citizen's Health Research Group *Health Letter*
(HRG founded by Ralph Nader and Dr. Sidney Wolfe), Mar 1996, p.8:
Point of View Heart Rate and Blood Pressure Monitor (Class II Recall)
Monitor resets itself causing information to be suspended,
necessitating reprogramming.
Model #:0998-00-0105-01, 424 units distributed world-wide
Manufacturer: Datascope Corporation, Paramus NJ 800-288-2121
Recalled By: Manufacturer
------------------------------
Date: Mon, 18 Mar 1996 07:07:11 -0500
From: Varda Reisner Bruhin <varda@varda.org>
Subject: Jury-duty-pool selection-criteria risks
Emily Green, of New Jersey, has been called to jury-duty -- but she will
not be serving; she has what is being considered a "valid excuse": She
needs to go to school... Emily is only 8 years old and, therefore, is not
*eligible* for jury duty... So why was she even summoned in the first
place? Because Governor Christine Whitman has banned all automatic
exemptions from jury duty... [Source: WPVI-TV6, Philadelphia]
I think the RISKs here are obvious!
Varda Reisner Bruhin <varda@varda.org> <wordsmith@varda.org>
------------------------------
Date: Sun, 17 Mar 1996 19:56:44 -0500 (EST)
From: Educom <educom@elanor.oit.unc.edu>
Subject: FTC Targets Internet Fraud (Edupage, 17 March 1996)
The Federal Trade Commission is conducting a "wholesale crackdown" on
perpetrators of allegedly deceptive marketing schemes that are advertised in
Internet news groups or on the World Wide Web. Charges were filed against
nine individuals or companies accused of misleading the public, and agency
officials say this is only the beginning: "The Internet opens a world of
opportunities for consumers. Unfortunately, it also presents opportunities
for scam artists. We intend to monitor the Internet rigorously and act
decisively when we see deceptive and misleading marketing," says the
director of the FTC's Bureau of Consumer Protection. (*Investor's Business
Daily*, 15 Mar 1996, A4)
------------------------------
Date: Sun, 17 Mar 1996 19:56:44 -0500 (EST)
From: Educom <educom@elanor.oit.unc.edu>
Subject: Iomega Stock Volatility Blamed on AOL Postings (Edupage, 17 Mar 1996)
Iomega, maker of high-capacity removable disk drives, is the focus of
controversy on America Online's Motley Fool bulletin board. Company
officials have complained to the SEC that postings on Motley Fool and other
BBSs have contained false information and may be contributing to the
volatility of its stock. Online exposure has "raised the visibility of some
stocks as well as the interest in those stocks," says an outside spokesman
for Iomega. "At the same time, we're very concerned about how online
services can be used to attempt to drive stock prices higher or lower
through misinformation." Postings about Iomega escalated to flaming and
physical threats last month, causing Motley Fool to pull some of the more
offensive ones, but critics of online BBSs note Iomega's problems are a
result of the practice of using "screen names" and the lack of verification
of information that's posted. "You don't know if the person is a Ph.D. or
in Sing Sing," says one critic. (*Wall Street Journal*, 15 Mar 1996, A5C)
------------------------------
Date: Sun, 17 Mar 96 10:02:08 UTC
From: Hank Nussbacher <hank@ibm.net.il>
Subject: Risks of onboard flight manuals
A friend of mine is the general manager of a company called Excalibur that
makes simulators of airline computers. He was recently sitting with a rep
of a different company that happens to be a co-pilot of 747s. The guy
wanted to buy some of Excalibur's processor cards to test out the system
they are designing. What system? Turning all online airline manuals into
an intelligent information system. Turns out that each 747 has a shelf of
books the size of telephone books describing what to do and when to do it.
The pilot was describing that it is constantly being updated by Boeing or by
a specific airline and that it is close to impossible to find anything or
understand anything in these onboard manuals. As an example, he produced a
page from Northwest Airlines updates to the B-747 Emergency/Abnormal
Procedures when there is a fuel-line blockage (17 Oct 1995, page 2.28.13):
# 5. Scavenge center tank until empty.
# If, after the center tank is empty, the NO 2 MAIN tank quantity is greater
# than the NO 1 MAIN tank quantity plus the NO 1 RES and/or the NO 3 MAIN
# tank quantity is greater than and NO 4. MAIN tank quantity plus the NO 4
# RES: Accomplish the "Inboard Dual Boost Pump Failure or Inboard X-Feed
# Valve Failure Without Center Tank Fuel" procedure in this section.
The pilot said ``Imagine you are 30,000 feet up and you have a fuel blockage
and the co-pilot starts reading this?'' He said this is a typical type of
page. The risks are obvious.
Hank Nussbacher Israel
------------------------------
Date: Mon, 19 Feb 96 08:05:52 +0100
From: etxkfrn@aom.ericsson.se (Kurt Fredriksson)
Subject: Foreign CDA
There are two aspects of the censorship of the Internet that haven't been
published in the Risks-Forum yet:
1 Even if most of the material found on the Internet is written in English,
there exists material in other languages. If you are doing a search for
English indecent words, I am pretty sure that you will get hits. But the
word may not be indecent in the foreign language.
(An innocent example: The Swedish for the digit six is "sex".)
2 How much it must hurt the feelings of the inhabitants of the country
who started it all: you can't control the net. It has grown out of the
control of an individual country.
If every country in the world bans what they dislike, what will be left?
Kurt Fredriksson, Sweden
------------------------------
Date: Tue, 19 Mar 1996 16:41:06 +0100
From: Timothy Panton <tim@West.NL>
Subject: Risks of assuming all computers are PCs
I gave a talk at Sun's Dutch JavaDay last Thursday. In keeping with the WWW
atmosphere, I presented my slides from HTML pages, and (stupidly) without
notes. Two unpleasant things happened to me whilst on stage.
When I walked on, the previous speaker handed me a mouse and said
"You will have to plug this in". He had used it to illustrate some of the
basic problems Java has to overcome (1 button vs 3 button mice). Now whilst
you can unplug a mouse from a PC with out much risk, Sparcs (which is what
was sitting in front of me) tend to halt if they lose contact with their
rodent. Fortunately this one didn't.
The second thing was *much* worse. I was demonstrating an applet
I've written that monitors the status of a UPS. Due to the weight of the UPS
and the security restrictions in Java, I had chosen to leave the UPS in my
office, attached to my Solaris-2.4-on-intel workstation, and also run a web
server there to provide the slides and the application over the live
internet link Sun provided.
So there I was on stage with no notes -- when the next slide refused
to come up. I continued from memory and my colleague in the audience called
back to the office to see what had happened. It was quickly fixed, and my
talk finished ok -- but having aged me considerably.
So, what had happened? One of my colleagues was looking for a PC to
do some windows work, and seeing my unoccupied work place decided to
shutdown Solaris and reboot it into windows.
Conclusions:
1) buy post-it-notes and write "Keep off - beware of the OG" on them
next time.
2) People who work with PC's assume that all computers behave the same way.
Tim
------------------------------
Date: Fri, 15 Mar 1996 12:50:34 -0800
From: hbaker@netcom.com (Henry Baker)
Subject: PacBell ID Blocking [For California readers]
PacBell will allow you to do `complete blocking' of caller ID for *free* --
but you have to call 1 (800) 298-5000 and specifically request this. You
also have to listen to this 2-3 minute canned speech extolling the virtues
of caller ID before they'll let you get complete blocking. This number
supposedly works 24 hours/day, 7 days/week.
It's very irritating that `complete blocking' wasn't made the default, but
perhaps these telecom dinosaurs will learn a lesson if most people sign up
for complete blocking. Due to the number of busy signals, I gather that
a lot of people aren't interested in caller ID.
BTW, even if you have `complete blocking', I think that you can make your
ID available on a per-call basis by predialing `*82' before the number.
I understand that even complete blocking does not block (800), (900) and
976- ID's. To do that, you have to call one of these `remailer'-type
services, which charge you something like $3/minute.
www/ftp directory: ftp://ftp.netcom.com/pub/hb/hbaker/home.html
------------------------------
Date: Sat, 16 Mar 1996 19:22:22 -0500 (EST)
From: Benjamin Bokich <bokich@andrews.edu>
Subject: Response from Strassmann/Marlow illustrates further risk (17.90)
Both Mr. Mayer-Schoenberger's original message as well as the response by
Messers. Strassmann/Marlow point to an obvious, but often forgotten, risk
regarding information on the Internet: Namely, the propensity to take
anything posted or submitted at face-value and to trust someone else's words
and report explicitly. (If we want to be truly cynical and doubting
Thomases, we could also ask if e-mail from Dorothy Denning can be relied on
to be Strassmann/Marlow's actual thoughts. I have no doubt, however, that
our moderator did some checking of his own to ensure reliability.) Simply
put, even in the absence of deliberate misrepresentation, any statement made
on the net is subject to a certain degree of human bias.
Benjamin Bokich bokich@andrews.edu
------------------------------
Date: Mon, 18 Mar 96 14:02:12 EST
From: "David M. Chess" <chess@watson.ibm.com>
Subject: Flash Crowds
For a taxonomy of risks that includes this very term, see
http://www.research.ibm.com/massive/bump.html
We've also got weeds, freeloaders, and Flying Dutchmen, as well
as the usual Trojan horses, viruses, and worms...
David Chess, IBM T. J. Watson Research
------------------------------
Date: 13 Mar 1996 10:49:47 -0500
From: mdw@CS.Cornell.EDU (Matt Welsh)
Subject: Re: Netscape's syntax checking (Kamens, RISKS-17.89)
Welcome to the computer industry. Companies with a large market share in a
particular area are always apt to ignore the "recognized" standardization
process and implement features which are (a) great for their product, and
(b) probably hard to duplicate in other products.
When applied to operating systems, APIs, and protocols, this can lead to
serious problems, especially when those features are "proprietary".
Need I cite examples?
* Microsoft's Win32 API, which, interestingly enough, is being pushed
through the ISO standardization process (against Microsoft's wishes).
* All commercial versions of UNIX.
* JavaScript.
* Computer hardware, processor, and bus design, especially those systems
for which NDA's must be signed to get programming specifications.
All this amounts to is that "standards" are only as good as the
company-centric market in which they are derived. Jonathan says that the
HTML standardization process is "recognized" --- recognized by whom?
Certainly not Netscape.
M. Welsh, mdw@cs.cornell.edu
------------------------------
Date: Thu, 14 Mar 1996 13:52:51 -0500
From: Max TenEyck Woodbury <mtew@cds.duke.edu>
Subject: Re: Netscape's syntax checking (Kamens, RISKS-17.89)
While I do not particularly care for the way Netscape and its creators
treat syntax errors, Jonathan goes much too far in his condemnation. In my
view a standard is a set of minimum requirements. There are many situations
when a designer may want to go beyond the standard. As long as the person
responsible for the design is aware the the standard is being broached, and
what the consequence of that departure from the standard are, and is willing
to take responsibility for those consequences, that person should be allowed
to do what he or she wants.
However, the existence of Netscape's or any other extensions to the HTML
standard should NOT be subject to debate. Without an ability to try new
things, a standard becomes an inescapable cage, and that which is confined
to the cage will eventually die of starvation.
Jonathan, in condemning the Netscape extensions, is attacking the
wrong problem. If he did succeed in getting what he wanted, we would all
loose by it.
On the other hand, the creators of Netscape must recognize that it is
one of the tools, and sometimes the only tool other than a simple text editor,
used to design web pages and has to provide a mode where departures from the
standard can be flagged. While I am not positive what the consequence of a
failure to provide such a flag will be, I suspect that Netscape will loose
some market share to any decent browser that does provide such a capability.
Max TenEyck Woodbury
------------------------------
Date: Fri, 15 Mar 1996 12:17:23 -0500
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Subject: Internet Privacy and Security, Call for Papers
CALL FOR PAPERS
INTERNET PRIVACY AND SECURITY WORKSHOP
Haystack Observatory, MA
May 20-21, 1996
Privacy and Security Working Group
Federal Networking Council
Research Program on Communications Policy
Center for Technology, Policy, and Industrial Development
Massachusetts Institute of Technology
INVITATION
The Privacy and Security Working Group (PSWG) of the Federal Networking
Council (FNC) and the Research Program on Communications Policy of the
Center for Technology, Policy, and Industrial Development at the
Massachusetts Institute of Technology will hold an invitational workshop at
the Haystack Observatory outside of Boston, MA, on May 20-21, 1996. This
workshop is intended to bring Federal, academic and private sector
participants together in collaboration to develop strategies and potential
solutions related to Internet privacy and security.
Though a principal focus of the workshop will be on the Federal portion of
the Internet, the FNC recognizes that the Federal Internet is tightly
coupled with the Global Internet, whose security policies, practices, and
goals are complementary to those of the Federal Government. To define those
practices, procedures and goals, the PSWG has undertaken two major
initiatives:
- The Federal Internet Security Plan (FISP), which was developed as a
scalable, continual improvement process, based on common principles
and mechanisms compatible with Internet community values and needs; and
- The Collaborations in Internet Security (CIS) project, an effort aimed
at testing the strength of agency approaches to security and moving these
technologies beyond individual agency networking environments and into
both inter-agency and agency-commercial sector communications. The CIS
will result in the development of a new and sustainable process for
developing, integrating, and deploying security technologies that are
interoperable at all levels of the Federal government and within the
commercial and academic sectors.
These initiatives are intended to highlight the critical interface between
Federal and commercial users and developers of Internet services and
technologies.
OBJECTIVES
This workshop will bring together principal players in the Federal
and overall Internet community to discuss the problems and
challenges of privacy and security on the Internet, and will:
- Identify critical issues, requirements, and recommendations related
to future Internet privacy and security research and development efforts;
- Describe "best practice" approaches to Internet privacy and security;
- Develop specific strategies for implementing Internet Security programs
involving all sectors of the Internet community;
- Extend the Federal Internet Security Plan (FISP) by defining specific
implementations; and finally,
- Develop specific strategies for the migration of technologies from the
individual RFC unit test stage to the integration of a complete functional
managed system in the CIS test/demonstration/pilot projects.
SUBMISSIONS
Abstracts or complete paper drafts related to the topics listed
above are welcome. Accepted papers will be a part of the published
record of the workshop. All points of view on Federal policies
affecting Internet privacy and security are welcome. Please make
all electronic submissions in ASCII format.
For further information or to submit an abstract or paper contact:
Internet Security and Privacy Workshop c/o Joseph Reagle
Research Program on Communications Policy
Massachusetts Institute of Technology
One Amherst St. (E40-218)
Cambridge, MA 02139
Voice: (617) 253-4138.
Fax: (617) 253-7326
papers@rpcp.mit.edu
SCHEDULE and DEADLINES
Call for papers - March 14, 1996
Abstracts Due - April 14, 1996
Invitations to Participants - April 20, 1996
Revised/Completed papers due - May 19, 1996
Workshop - May 20-21, 1996
PARTICIPANTS
Participation in the workshop is by invitation, based primarily on
submitted papers and abstracts. Additional individuals may be
invited to ensure that participation reflects a broad cross-section
of the Internet community.
PROGRAM COMMITTEE
Dennis Branstad - Trusted Information Systems (TIS)
Rich Pethia - Computer Emergency Response Team (CERT)
Jeffrey Schiller - Massachusetts Institute of Technology (MIT)
Richard Solomon - Massachusetts Institute of Technology (MIT)
Rick Stevens - Department of Energy /Argonne National Labs (DOE)
STEERING COMMITTEE
Stephen Squires, DARPA (FNC/PSWG Co-Chair)
Dennis Steinauer, NIST (FNC/PSWG Co-Chair)
Tice DeYoung, NASA
Phillip Dykstra, Army Research Laboratory (ARL)
Mike Green, NSA
George Seweryniak, Department of Energy (DOE)
Walter Wiebe, Federal Networking Council (FNC)
BACKGROUND
Federal Internet Security Plan: In September 1995, the PSWG published the
draft Federal Internet Security Plan (FISP). The FISP is oriented toward a
scalable, continual improvement process, based on common principles and
mechanisms compatible with Internet community values and needs. See
<http://www.fnc.gov/SWG.html>. The plan addresses Internet security
requirements, including interoperability, from the perspective of the goals
and objectives outlined in the National Performance Review (NPR),
http://www.npr.gov/. The Federal Networking Council developed this
framework in conjunction with its Advisory Committee which represents
industry, academia, and non-profit sectors.
Action Items, from the FISP, to be addressed during the Workshop:
Internet Security Policy and Policy Support Activities
* Establish overall Internet security policies
* Address security in all Federally supported NII pilots
* Coordinate Internet community involvement
* Establish an ongoing Internet threat database and assessment capability
* Identify legal and law enforcement issues
Internet Security and Technology Development
* Develop an Internet security maturity model
* Develop Internet security architecture
* Enhance Internet security services and protocols
* Develop a "Secure-Out-of-the-Box" endorsement
* Enhance application security
Internet Security Infrastructure
* Establish a set of Internet security interoperability testbeds
* Support privacy, authentication, certificate, and security services pilots
* Establish Internet security testing and evaluation capabilities
* Improve security incident handling capabilities
* Develop security self-assessment capabilities
* Establish effective secure software and document distribution mechanisms
Education and Awareness
* Compile Internet user and site profiles
* Encourage use of available security technologies
* Establish an Internet security information server
* Establish an Internet security symposium/workshop series
* Establish an Internet security fellowship program
Collaborations in Internet Security: With the Federal government's
ever-increasing dependency on computers and distributed systems, there is
great urgency for it to develop and employ enhanced information system
security technologies and practices. At the same time, these Federal
technologies must interoperate with those of the broader Internet community
(encompassing the private and academic sectors, along with the Federal
sector).
In recognition of these needs, the Federal Networking Council's Privacy &
Security Working Group (FNC/PSWG) has been awarded a National Performance
Review (NPR) Innovation Fund grant to compare and validate agency approaches
to security. This Collaborations in Internet Security (CIS) project aims to
test the strength of these technologies beyond individual agency networking
environments, emphasizing the inter-agency and agency-commercial sector
communications. The CIS will result in the development of a new and
sustainable process for developing, integrating, and deploying security
technology that is interoperable at all levels of the Federal Government and
within the commercial and academic sectors.
The governing principles behind the Security Testbeds include: employment of
an open process (with the activities and results open to participation and
comment by both public and private sector participants); a focus on
multivendor technologies; an emphasis on testing and experimentally
deploying security technologies emerging from research and private sectors
as well as security technologies currently in use in the commercial
environment; and an underlying objective to ensure interoperability among
the broad Internet community (federal, private, and academic). Initial tests
will include demonstrations of Kerberos v.5, testing of single-use
passwords, and digital signatures. For more information, please see
(http://www.fnc.gov/cis_page.html)
------------------------------
From: winn@Infowar.Com
Date: Sat, 16 Mar 1996 23:01:35 -0500
Subject: InfoWarCon V 1996: Call For Papers
InfoWarCon 5, 1996
Fifth International Information Warfare Conference
"Dominating the Battlefields of Business and War"
September 5-6, 1996
Washington, DC
Sponsored by:
Winn Schwartau, Interpact, Inc.
National Computer Security Association
Robert Steele, Open Source Solutions, Inc.
Information Warfare represents a global challenge that faces all
late-industrial and information age nation states. It also represents the
easiest and cheapest way for less developed nation-states and religious or
political movements to anonymously and grievously attack major nations and
international corporations.
This Fifth International Conference on Information Warfare is an
unclassified, open source conference, and will examine US and global
perspectives on all three classes of Information Warfare:
Class One: Personal Privacy: In Cyberspace You Are Guilty Until Proven Innocent
Class Two: Industrial and Economic Spying and Warfare
Class Three: Global Conflict, Terrorism and the Military
The three planned tracks will be:
* Financial/Civilian Information Warfare (Class I and Class II)
* Military and Terrorist Information Warfare (Class III)
* Offensive and Defensive Technologies for Business and Government
(Classes I, II and III)
We are seeking forward-thinking papers, demonstrations and interactive
concepts for presentation to an audience of 1000+, representing civilian and
military from more than 20 countries, all branches of the US government and
the top US corporations.
The papers should offer new perspectives, attitudes, studies, and
technologies that can be used for the advancement of the field. You are free
to submit on any subject matter, including, but not limited to:
- Battlefield Dominance
- Industrial Espionage: cases, policies and defense.
- Military perspectives on "Information in Warfare"
- Policy Quagmires - Policy Resolutions
- Personal Privacy in the global marketplace
- Denial of Service techniques and technologies for the private sector
and the military
- Terrorism and Counter-terrorism
- Defending Against the Internet: new techniques and methods
- Threats to Global Electronic Commerce and Solutions
- Anonymous International Banking
- The convergence of the commercial and military in the Post Cold War World
- InfoWar Technologies
- Case Studies
- Your Thoughts and Ideas
Please submit your 1-2 page concept white papers no later than May 5, 1996.
The evaluation committee will let you know the results by May 15, at which
point we will need your complete submission no later than July 15, 1996.
Send you papers to Betty@Infowar.Com
For sponsorship opportunities and registration information at InfoWarCon V
1996, please contact: National Computer Security Association
1.800.488.4595 pgates@ncsa.com or infowar96@ncsa.com
Winn Schwartau - Interpact, Inc., Information Warfare and InfoSec
V: 813.393.6600 / F: 813.393.6361 Winn@InfoWar.Com
------------------------------
Date: 18 March 1996 (LAST-MODIFIED)
From: RISKS-request@csl.sri.com
Subject: ABRIDGED info on RISKS (comp.risks)
The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...]
DIRECT REQUESTS to <risks-request@csl.sri.com> (majordomo) with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:]
INFO [for unabridged version of RISKS information]
CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, nonrepetitious, and without caveats
on distribution. Diversity is welcome, but not personal attacks. [...]
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Particularly relevant contributions may be adapted for the RISKS sections
of issues of ACM SIGSOFT Software Engineering Notes or SIGSAC Review.
* Submissions: By submitting an item that is accepted for publication
in RISKS, the author grants permission for unlimited public distribution
and redistribution in electronic or other form.
* Reuse: Blanket permission is hereby granted for reuse of all materials
in RISKS, under the following conditions. All redistributed items must
include the Risks-Forum masthead line. All reuse must be accompanied by
the following statement:
Reused without explicit authorization under blanket permission
granted for all Risks-Forum Digest materials. The author(s), the
RISKS moderator, and the ACM have no connection with this reuse.
As a courtesy, reusers of individual items (as opposed to forwardings of
entire issues) should notify the authors, and should pay particular
attention to any subsequent corrections.
RISKS ARCHIVES: "ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>
cd risks<CR> or cwd risks<CR>, depending on your particular FTP. [...]
[Back issues are in the subdirectory corresponding to the volume number.]
Individual issues can be accessed using a URL of the form
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]
ftp://ftp.sri.com/risks
The ftp.sri.com site risks directory also contains the most recent
PostScript copy of PGN's comprehensive historical summary of one liners:
get illustrative.PS
PRIVACY: For info on the PRIVACY Forum Digest and Computer PRIVACY Digest,
see the unabridged INFO file at RISKS-Request (send one-line message INFO
to risks-request@CSL.sri.com as noted above).
------------------------------
End of RISKS-FORUM Digest 17.91
************************
