[1571] in RISKS Forum
Risks Digest 21.22
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Fri Jan 26 18:14:28 2001
From: RISKS List Owner <risko@csl.sri.com>
Date: Fri, 26 Jan 2001 15:12:56 PST
To: risks@csl.sri.com, risks@mit.edu
Message-ID: <CMM.0.90.4.980550776.risko@chiron.csl.sri.com>
RISKS-LIST: Risks-Forum Digest Friday 26 January 2001 Volume 21 : Issue 22
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/21.22.html>
and by anonymous ftp at ftp.sri.com, cd risks .
Contents:
Software crash hits Canadian grocery chain (Aaron PooF Matthews)
Aircraft had near-miss in Finland (Michael Walsh)
UK Trials of GPS controlled car speeds (Steve Loughran)
Theft of vehicle leads to robbery at home (D. Joseph Creighton)
Bank robber nabbed by GPS (Roger H. Goun)
B of A Visa Y2K glitch? (Ethan McKinney)
Risks of shortcuts in user interfaces (Austin Donnelly)
Cross-site scripting still a threat (Michael Sims)
HotMail blocking users from e-mailing Peacefire (Bennett Haselton)
Network vandal attacks Microsoft sites (NewsScan)
Hacker indicted for network vandalism (NewsScan)
Sex-offender Web sites are insecure (Monty Solomon)
Remote disabling of satellite TV receiver smart cards (Jeremy Epstein)
Shoppers seize unauthorized discounts at Macys.com (Monty Solomon)
Re: Palm Pilot Security (Mitch James via Dave Stringer-Calvert)
Clone phones with help from AT&T (Nikita Borisov)
Re: Chinook (Lloyd Wood, Ken Garlington)
Expanding on an urban legend (Danny Burstein)
Re: "Security holes protect your equipment from theft" (Daniel P. B. Smith)
Re: Risks of mail auto-reply (Jerrold Leichter)
Hotmail declines to accept new users with reserved words in last names
(Robert Rossa)
ACM1 Message for RISKS Subscribers (Lillian Israel)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Thu, 25 Jan 2001 20:54:01 -0500
From: Aaron PooF Matthews
Subject: Software crash hits Canadian grocery chain
http://cbc.ca/cgi-bin/view?/news/2001/01/25/sobeys010125
Sobeys (Canada's second largest grocery mega chain) had a computer systems
outage that lasted over a five day period. The result of the outage is that
they will miss their projected profits.
[CBC reported that Sobeys will take an after-tax charge of Canadian
$49.9 million because it had to scrap its SAP software system.
Dan Haggerty also noted this item. PGN]
------------------------------
Date: Mon, 15 Jan 2001 16:52:05 +0200
From: Walsh Michael <michael.walsh@wmdata.fi>
Subject: Aircraft had near-miss in Finland
Last week's Finnish papers were full of the continuing story of how a
Russian Aeroflot plane leaving Helsinki Vantaa airport came within 450 feet
of a Finnair charter flight returning from Malaga. (This happened in
November 2000, but was just reported.) Apparently the Russian plane kept
disappearing (and coming back) from the radar screen in the tower.
In the following days the plot thickened.
* Helsinki Vantaa has since March 2000 a new modern French radar system.
* Aeroflot planes have (since then) often displayed this fault.
* Conclusion (Finnish spokesperson - day one) the problem is with the Russian
planes.
* Day two Aeroflot came back with the comment that their planes were flying
to many other Western European destinations and Helsinki/Finland was the
only airport that had reported this problem.
* Day three the Finnish reply was that the old planes that Aeroflot were
using on the Helsinki run were old, Russian (undertone - rubbish) whereas
they were using better planes in the rest of Western Europe.
Somewhere in the midst of this we had statements from the Finnish side that
passengers were not at risk. Oh yes?
Given the Finnish/Russian history, we're not likely to have this thing
cleared up any day soon.
I tend to **wildly guess** that as the only thing that has changed is the
(French) radar system (we've had old rubbishy Russian planes on this route
for years), someone should be looking at that a bit more closely. It maybe
assumes newer planes than those Aeroflot use.
Anyway, the Risk: Should I choose my Finnair charter flight on the basis of
whether a Russian plane is due to land or take off at roughly the same time,
and how do I cater for the inevitable delayed flights on either side?
Mike Walsh, Helsinki <mnw@bigfoot.com>
[I suppose if there had been an Irish controller in the tower,
the blame would have fallen on a Mickey Finn. PGN]
------------------------------
Date: Fri, 19 Jan 2001 20:33:33 -0800
From: "Steve Loughran" <slo2@iseran.com>
Subject: UK Trials of GPS controlled car speeds
From the Guardian, Saturday Jan 20, an update on the proposal for GPS speed
control of vehicles, where the car determines its maximum speed from an in
vehicle database of speeds of roads.
http://www.guardianunlimited.co.uk/uk_news/story/0,3604,425344,00.html
The government has commissioned a trial of speed limiters in cars, which
could lead to computer-controlled overrides as a standard fitting within
five years. Twenty trial vehicles will be fitted with a system which has
won praise on a prototype Ford Escort driven over thousands of rigidly
monitored miles in the past three years.
The tests, which prevented the car from topping 30mph, 40mph and other
limits, were "highly reliable" according to the Institute of Transport
Studies at Leeds University, which has won funding for the expanded trials
from the Department of Transport, Environment and the Regions."
"We've had two dozen people driving along a 40 mile route, including the
A1M motorway," said Oliver Carsten, head of the project, which has also been
demonstrated on the north circular road in London.
The system uses a computerised navigator linked to the car's electronic
controls and a positioning satellite. Areas with speed restrictions are
fed into the system to trigger action as soon as a limit is breached.
Just think how much fun you'll be able to have by a UK motorway in five
years time from jamming the GPS signals. Or how much a 'chipped' database or
speed limiter will be worth. A more rigorous trial would be to place the
speed limited vehicles in the hands of well known violators of the speed
laws to see how much effort it takes to disable -- the UK home secretary
himself, for example.
Steve Loughran
[Home, Secretary, and don't spare the tires. PGN]
------------------------------
Date: Thu, 11 Jan 2001 11:03:09 -0600
From: "D. Joseph Creighton" <djc@cc.UManitoba.CA>
Subject: Theft of vehicle leads to robbery at home
A laptop computer with sensitive files on high-level drug investigations
was stolen from an RCMP officer's house on New Year's Eve. Apparently,
the officer's van was first stolen while he was attending a hockey game.
The thieves discovered his address from the vehicle registration and drove
to his home where they made off with thousands of dollars in personal
property and the computer. [Source: *Winnipeg Free Press*, 11 Jan 2001]
The risks in keeping such sensitive information at home, presumably not
protected with any sort of encryption, are obvious. But I never realized
that home address information on registration papers was a risk until now.
D. Joseph Creighton [ESTP] | Programmer Analyst, Database Technologies, IST
Joe_Creighton@UManitoba.CA | University of Manitoba Winnipeg, MB, Canada,
------------------------------
Date: Wed, 17 Jan 2001 20:34:49 -0500
From: "Roger H. Goun" <roger@bcah.com>
Subject: Bank robber nabbed by GPS
Together with his loot, a Vancouver bank robber jumped into a taxi that was
equipped with satellite tracking technology. At the request of the police,
the taxi company was able to track the cab by GPS, and the police
apprehended the robber a few blocks away. [PGN-ed from a
Reuters item <http://news.excite.com/news/r/010116/10/odd-taxi-dc>]
Roger H. Goun, Senior Staff Kennel Boy, Brentwood Country Animal Hospital, P.C.
Exeter, New Hampshire, USA
------------------------------
Date: Thu, 18 Jan 2001 11:32:26 -0800
From: Ethan McKinney <e.mckinney@attglobal.net>
Subject: B of A Visa Y2K glitch?
I had Visa card through Bank of America which I canceled last January
(2000). Imagine my surprise when a bill arrived in the mail yesterday!
Fortunately, it was for $0.00, but I was concerned that B of A might have
somehow reactivated my account. When I called their customer service number,
the rep was not at all surprised by my situation. "It's a computer
error. Just ignore it," she said.
Sadly, I don't have any firm proof, but I suspect this was a slow-acting
Y2K glitch. If they're still using two-digit years, they might have set
up the system to read "00" as "100." Noting that it's the year 01 and my
card isn't going to be cancelled until 100, the computer decided to send
me a bill.
Ethan McKinney, 1750 E. Appleton St. #4, Long Beach, CA 90802
------------------------------
Date: Sat, 20 Jan 2001 13:21:11 +0000
From: Austin Donnelly <Austin.Donnelly@cl.cam.ac.uk>
Subject: Risks of shortcuts in user interfaces
You know how bank ATMs have those little buttons down the side of the screen
to select from an on-screen menu? Mostly, they're useful: they allow only
the valid options to be presented to the user, and keep the number of
different buttons required down to a minimum. But ATMs also have a variety
of other buttons on the keypad (usually including "OK" and "Cancel") and
this split screen/keypad user interface can lead to problems.
For example, today I met young lady who was quite distressed because she
thought the ATM had "eaten" her card. The problem was that the on-screen
menu was laid out as follows:
Push here for other services --> [::]
Press Cancel if finished [::]
The poor lady was pushing the bottom (non-active) screen button, rather than
reading the instructions to press a separate key. The screen layout here is
not terribly helpful, since it suggests that the bottom button might do
something.
But the real risk is that if you provide shortcuts to perform common tasks,
then users won't learn how to do things that aren't available from a
shortcut.
Austin
------------------------------
Date: Tue, 23 Jan 2001 14:51:14 -0500
From: Michael Sims <jellicle@inch.com>
Subject: Cross-site scripting still a threat
News.com (CNET) unveiled today a fresh new look to their site. The two
major innovations appear to be:
a) huge, garish advertisements
b) cross-site scripting vulnerabilities
The new site accepts URL variables - user input - for page titles and
headlines in the pages. This allows users with a moderate degree of savvy to
"write your own CNET headlines", or write your own javascript to be executed
from CNET's pages.
You can publicize URLS like this:
http://news.cnet.com/news/topic/0-1003-249-0.html?title=CNET%20Editors%20Agree:%20Slashdot%20is%20a%20better%20news%20site%20than%20News.com&topic=slashdot
or this:
http://news.cnet.com/news/topic/0-1003-249-0.html?title=Breaking%20News:%20Bill%20Gates%20Commits%20Suicide%20at%20Age%2042%20-%20Survived%20by%20three%20ugly%20children%20and%20wife<script>javascript:alert('Javascript%20is%20executed%20-Your%20Site%20is%20Vulnerable')</script>&topic=Microsoft
Javascript executed on the site can grab a user's cookie information or
perform other nefarious tricks; since CNET has a substantial e-commerce
section (auctions, shopping, jobs, etc.) this seems rather dangerous. But
for a news site, "write your own headlines" could be even more damaging.
This problem was widely publicized in the spring and summer of last year
(and frankly, should have been well known to Web developers long before
that). In fact, CNET has several stories about the issue in their archives.
It is apparent, however, that if web developers don't learn from others'
mistakes, they are doomed to repeat them.
CNET was notified six hours before this e-mail was sent to RISKS; they have
not replied at this time or taken any corrective action.
Michael Sims - slashdot.org editor - michael @ slashdot.org
Your Rights Online - http://slashdot.org/yro
------------------------------
Date: 18 Jan 2001 21:41:22 -0500
From: Bennett Haselton <bennett@peacefire.org>
Subject: HotMail blocking users from e-mailing Peacefire
[sent to journalists on Peacefire's press contacts list;
RISKS saw it in a forwarding of a message from Monty Solomon]
We recently discovered that for the last five months, HotMail has been
blocking their users from sending e-mail to peacefire.org addresses. If you
tried to send mail to a peacefire.org address from HotMail, you'd get a fake
error message a day later saying that there was a problem on the recipient's
end -- when it was really HotMail blocking the message from being delivered.
HotMail is part of the same boycott that AboveNet was part of, when AboveNet
was blocking their downstream users from accessing our Web site. After our
ISP owner complained, HotMail stopped blocking their users from e-mailing us
and other Media3 customers.
HotMail is still, however, blocking their users from e-mailing other sites
on their "boycott list". I've talked to several of our members who are
using HotMail, and most of them are furious that HotMail would be censoring
their outgoing mail without telling them.
Again, the irony is that HotMail didn't single us out for anything, we just
happened to be in the same IP address block as other sites that were the
original target of the boycott (e.g. ListSorcerer.com). When our ISP,
Media3, didn't kick them off, the boycott organizers expanded the "boycott
list" to include hundreds of unrelated sites also hosted by Media3.
Several HotMail members that I talked to, have said they would be willing
to talk to the press about HotMail blocking their outgoing mail. Many of
them said they never would have signed up with HotMail if they knew their
mail would be blocked, and some have even said that they're going to
switch to another mail service. (Especially since HotMail is *still*
blocking outgoing mail -- it was just our IP address block that they
exempted from the list.)
-Bennett
bennett@peacefire.org http://www.peacefire.org
(425) 649 9024
- - --
The Telecom Digest is currently mostly robomoderated. Please mail
messages to editor@telecom-digest.org.
[Incidentally, for the mailing of RISKS-21.21, bigfoot.com blocked
the mailing to every subscriber there, because of the number of
subscribers exceeding some spam limit. Too bad. Perhaps they won't
get this message either, letting them know what happened, although we
are trying a different mail configuration for this issue! PGN]
------------------------------
Date: Fri, 26 Jan 2001 08:21:59 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: Network vandal attacks Microsoft sites
Just a day after Microsoft's Web sites were down for an extended period of
time because of the "human error" of a technician, they were victimized by
the "human malice" of a network vandal who subjected them to a "denial of
service" attack that flooded them with bogus communications, causing them to
gridlock and reject legitimate communications from their customers. The
company has called in the FBI for assistance. Computer security expert Abe
Singer of the San Diego Supercomputer Center said that part of Microsoft's
vulnerability to attack was due to the fact that its four domain-name
servers are linked in a single network. "They had all their eggs in one
basket and basically someone knocked down the basket." (*The Washington
Post*, 26 Jan 2001; NewsScan Daily, 26 Jan 2001
http://washingtonpost.com/wp-dyn/articles/A47581-2001Jan25.html)
------------------------------
Date: Fri, 26 Jan 2001 08:21:59 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: Hacker indicted for network vandalism
Twenty-one-year-old Jerome Heckenkamp has been indicted by federal
prosecutors for allegedly hacking into computers at eBay, Exodus, Juniper,
eTrade, Lycos, and Cygnus and causing a total of more than $900,000 in
damage, in events that took place in 1999 while he was a student at the
University of Wisconsin. He has pleaded innocent of all charges and says
the break-ins were done by someone else using his computer. (AP/*San Jose
Mercury News*, 25 Jan 2001; NewsScan Daily, 26 Jan 2001
http://www.mercurycenter.com/svtech/news/breaking/ap/docs/786396l.htm)
------------------------------
Date: Fri, 12 Jan 2001 23:08:58 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Sex-offender Web sites are insecure
Nine state online sex-offender registries have had inadequate computer
security and easily could have been hacked, an MSNBC.com investigation has
found. And in two states, more general criminal records databases also were
found to be insecure. The flaws put Web site data at risk and raised the
possibility that a computer intruder could add or remove people from the
online versions of the databases.
http://www.msnbc.com/news/514284.asp
------------------------------
Date: Fri, 26 Jan 2001 14:01:03 -0500
From: "Jeremy Epstein" <jepstein@webmethods.com>
Subject: Remote disabling of satellite TV receiver smart cards
DirecTV has the capability to remotely reprogram the smart cards used to
access their service, and also to reprogram the settop box. To make a long
story short, they were able to trick hackers into accepting updates to the
smart cards a few bytes at a time. Once a complete update was installed on
the smart cards, they sent out a command that caused all counterfeit cards
to go into an infinite loop, thus rendering them useless.
A commercial use of information warfare? Very interesting article at
http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D143
(sorry for the long URL).
Jeremy
[Reminder: As usual, no guarantee as to the future validity of URLs. PGN]
------------------------------
Date: Tue, 23 Jan 2001 00:13:26 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Shoppers seize unauthorized discounts at Macys.com
Macys.com was victimized by its own 50% discount coupon code that was
inadvertently posted at FatWallet.com. The extent of the resulting spending
spree was not divulged. "Although mistakes of this kind do happen in the
offline world, the speed at which e-commerce moves can make a small glitch
turn into a thousand-dollar error." (Note earlier problems involving
staples.com and amazon.com.) [Source: Greg Sandoval, CNET News.com, 22 Jan
2001 URL: http://news.cnet.com/news/0-1007-200-4564219.html; PGN-ed]
------------------------------
Date: Thu, 25 Jan 2001 16:12:30 -0800
From: Dave Stringer-Calvert <dave_sc@csl.sri.com>
Subject: Mitch James: Re: Palm Pilot Security
PDAs considered insecure... now there's a surprise.
Date: Thu, 25 Jan 2001 15:37:10 -0800
>From: Mitch James <mitchj@AVANADE.COM>
Subject: Re: Palm Pilot Security
To: PEN-TEST@SECURITYFOCUS.COM
The headline is "@stake, a US-based security consultant, has written a piece
of software code that can zap passwords off targeted Palm Pilots through
taking advantage of the PDA's hotsync function. Hotsync is used to transfer
data between the user's PC and a Palm Pilot."
The link to the article is here
http://www.vnunet.com/News/1116644
Mitch James
------------------------------
Date: Mon, 15 Jan 2001 17:51:19 -0800
From: Nikita Borisov <nikitab@espresso.CS.Berkeley.EDU>
Subject: Clone phones with help from AT&T
I have cell service with AT&T Wireless Services in the Bay Area, and I
recently purchased a new phone from them. Along with the phone, I received
a 1-800 number to activate my new phone. When I called it, I reached an
automated service, which asked me for:
1. My phone number
2. My 5-digit zip code
3. The ESN (equipment serial number) of my new phone.
After this, the friendly recording informed me that my account information
had been updated, and the new phone should be active in half an hour. It
then offered me the chance to change the ESN for any other phones. Not
being in the cloning business, I declined. My new phone started working,
just as they promised.
The RISKS? Given the small number of possible zip codes in, say, the 415
area code, it shouldn't take long trying zip codes and phone numbers
within the AT&TWS exchanges at random before you get one right. Or
surprise your friends or business partners by taking over their cell
phone service and answering their incoming phone calls!
- Nikita
[Note added later in response to a comment from PGN:]
I actually received some further information from AT&T. In response to my
concerns, they stated:
1) They have detection software that looks for sudden geographic
migration (their example was a shift from Berkeley to Sunnyvale within a
span of 10 minutes).
2) They promise that I won't be billed for an illegally changed ESN.
3) The incidence of such fraud is small enough for them not to take
additional precautions.
I'm still a little worried about the possibility of a directed attack, i.e.,
someone who knows me stealing my cell phone # to find out who calls me. But
there are probably other ways to do this, if you're resourceful enough...
- Nikita
------------------------------
Date: Tue, 16 Jan 2001 15:55:04 +0000 (GMT)
From: Lloyd Wood <l.wood@eim.surrey.ac.uk>
Subject: Re: Chinook (Phil, RISKS-21.19)
> ... putting all your eggs in one basket - flying such a concentration of
> critical expertise in a single aircraft was reckless
The UK electrical engineering establishment (that is, regular Institution of
Electrical Engineer magazine articles, local talks, and sundry university
lecturers in their dotage) will tell you in detail about the tragic life of
Alan Dower Blumlein, an electronics wizard, audio engineer par excellence,
and all-round Good Egg, who sadly died with most of his
almost-as-talented-yet-seemingly-nameless colleagues when a research plane
jolly they were all taking together over England for a bit of a lark came
something of a cropper during The Big One (World War II).
Oh, the loss to electrical engineering! Oh, the loss to the war effort! Oh,
the many retrospective articles on Blumlein's short and tragic life! Oh, the
generations of bored undergraduates! Oh, what might have been!
Half a century on, nothing has changed.
<L.Wood@surrey.ac.uk>PGP<http://www.ee.surrey.ac.uk/Personal/L.Wood/>
------------------------------
Date: Mon, 15 Jan 2001 08:31:31 -0600
From: "Ken Garlington" <kennieg@flash.net>
Subject: Re: Chinook (Beims, RISKS-21.20)
Mike Beims suggests that "Data for whether or not there was a FADEC failure
should have been available in the non-volatile memory built into the FADEC."
This assumes that the FADEC memory survived the crash essentially
intact. From my experience, NVMs in flight systems of this type are not
crash-rated to the extent of a "real" crash recorder, and can fail in a
crash.
------------------------------
Date: Thu, 25 Jan 2001 20:31:04 -0500 (EST)
From: danny burstein <dannyb@panix.com>
Subject: expanding on an urban legend, re: QP -> UL? (Brader, RISKS-21.21)
(Note that I've replaced all entries that had a USA dollar sign with the
word "usads". The reason will be obvious in a bit.)
[discussion of how the legend of 2,400 dollar phone calls came about]
> If you ever see a spam claiming (usads) 242,425/minute, just remember
> you saw it here first."
Note that last line, with the "242,245/minute" comment. The original
postings in comp.dcom.telecom, as well as the repost in comp.risks, used
the graphical representation of a USA dollar sign.
Which, naturally, would get misread by some software so as to prepend yet
another "24" to the figure.
------------------------------
Date: Thu, 25 Jan 2001 18:46:05 -0500
From: "Daniel P. B. Smith" <dpbsmith@world.std.com>
Subject: Re: "Security holes protect your equipment from theft"
RISKS of technical terms with multiple meanings...
Asante, http://www.asante.com/product/index.html, says proudly that their
routers feature "security holes." This is their term for physical holes in
the housing of their device, which facilitate the attachment of a steel
cable so that the device can be physically secured against theft.
Daniel P. B. Smith <dpbsmith@world.std.com>
"Lifetime forwarding" address: dpbsmith@alum.mit.edu
------------------------------
Date: Sun, 21 Jan 2001 15:38:18 -0500 (EST)
From: Jerrold Leichter <jerrold.leichter@smarts.com>
Subject: Re: Risks of mail auto-reply (RISKS-21.16)
In RISKS-21.16, Dan Birchall writes about the exposure of possibly-sensitive
data - where someone works, when they'll be away, who else works with them -
in e-mail automatic responses.
The more things change, the more they stay the same. Seven or eight years
ago, when some variant of the old "vacation" program - which implemented
such messages on Unix systems - became widely used, there were a bunch of
flames on the old Unix-Haters mailing list about the deluge of junk
"vacation" messages sent mailing lists. I humorously suggested at the time
that the appropriate way to get across the message that this wasn't the kind
of thing everyone in the world wanted to - much less *should* - see would be
to create a new Usenet group, alt.houses.nobody-home, to which such messages
could be gatewayed. For even greater effect, any readily available
information (from phone books and such) could be added.
These days, of course, the Internet is *much* larger, and it's *much* easier
to go from a name to an address and from an address to such information as
how likely there are to be valuables in homes in the area.
It continues to astound me that people blindly let thousands of absolute
strangers know not only that they will be away, but often for exactly how
long - and often even where they will be. These same people probably are
careful to have their mail picked up, their newspaper deliveries stopped,
and lights on timers going off and on around their houses, all so that they
don't look empty!
Jerry
------------------------------
Date: Thu, 25 Jan 2001 14:12:28 -0600
From: "Robert Rossa" <rossa@csm.astate.edu>
Subject: Hotmail declines to accept new users with reserved words in last names
For example, if your name is Billingsley, you get an error message when you
try to sign up. The objectionable word seems to be "Billing". Removing one
'l' lets you sign up.
------------------------------
Date: Fri, 26 Jan 2001 09:54:39 -0500
From: Lillian Israel <israel@hq.acm.org>
Subject: ACM1 Message for RISKS Subscribers
ACM examines the future of information technology (IT) and the
potential impact of IT on science and society at "ACM1: Beyond
Cyberspace," a special Conference (March 12-14, 2001) and
Exposition (March 10-13), held at the San Jose Convention
Center. Register at: http://www.acm.org/acm1.
Speakers include: Steve Ballmer (Microsoft), David Baltimore
(California Institute of Technology); Rodney A. Brooks (MIT AI Lab);
Bill Buxton (Alias/Wavefront); Vint Cerf (WorldCom); Rita Colwell
(NSF); Sylvia Earle (National Geographic Society); Shirley Ann
Jackson (RPI); Dean Kamen (DEKA and FIRST); Alan Kay (Disney
Imagineering); Ray Kurzweil (Kurzweil Technologies, Inc.); Marcia
McNutt (Monterey Bay Aquarium Research Inst.); Martin Schuurmans
(Philips Center for Industrial Technology); and Neil de Grasse Tyson
(Hayden Planetarium), with Bob Metcalfe as Master of Ceremonies.
The FREE "hands-on" Exposition, a "field day for the mind," geared
for families and kids, will showcase the latest R&D software & hardware
from 70+ companies, universities, and research/educational institutions.
ACM1 also features a FREE Educators Day (March 10th) that will
address broad educational initiatives and provide educators with proven
strategies for engaging girls and minorities in technology-based education.
For ACM1 educational offerings: http://www.acm.org/acm1/educators.
------------------------------
Date: 26 Dec 2000 (LAST-MODIFIED)
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. Alternatively, via majordomo,
SEND DIRECT E-MAIL REQUESTS to <risks-request@csl.sri.com> with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
INFO [for unabridged version of RISKS information]
.MIL users should contact <risks-request@pica.army.mil> (Dennis Rears).
.UK users should contact <Lindsay.Marshall@newcastle.ac.uk>.
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info
The full info file will appear now and then in future issues. *** All
contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
=> ARCHIVES are available: ftp://ftp.sri.com/risks or
ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
[volume-summary issues are in risks-*.00]
[back volumes have their own subdirectories, e.g., "cd 20" for volume 20]
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue].
http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
http://www.csl.sri.com/illustrative.html for browsing,
http://www.csl.sri.com/illustrative.pdf or .ps for printing
------------------------------
End of RISKS-FORUM Digest 21.22
************************
