[1843] in RISKS Forum
Risks Digest 22.67
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Fri Apr 4 14:24:25 2003
From: RISKS List Owner <risko@csl.sri.com>
Date: Fri, 4 Apr 2003 11:24:11 PST
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Friday 4 April 2003 Volume 22 : Issue 67
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at
http://catless.ncl.ac.uk/Risks/22.67.html
and by anonymous ftp at ftp.sri.com, cd risks .
Contents:
Rice cooker reprograms pacemaker? (Mark Batten-Carew)
eBay reacts to charges against its Paypal operation (NewsScan)
Pennsylvania won't identify sites blocked for child porn (Ted Bridis via
Monty Solomon)
The Googlewashing of our language (Alpha Lau)
Is your television watching you? (Phillip Swann via Monty Solomon)
Website hoax on killer virus triggers Hong Kong panic (Monty Solomon)
Ellison predicts major shakeout in Silicon Valley (NewsScan)
Music piracy violations: $150K a song (NewsScan)
Streaming video: a patent on porn (Monty Solomon)
Laws make crypto and untraceable E-mail illegal? (Douglas W. Jones)
The reality behind these laws (Fred Cohen)
State Super-DCMAs will be suicidal (David Harmon)
Draft legislation on using crypto (Anick Jesdanun via Dave Farber to PGN)
Re: Draft legislation on using crypto (David P. Reed)
Patriot software again a concern? (Robert I. Eachus)
Friendly Fire and the Perils of Statistical Reasoning (Thomas A. Russ)
Re: Friendly fire (Anthony Youngman)
NCIC: "Death by Oops?" (Lauren Weinstein)
POW Social Security numbers revealed (Paul Hirose)
Cell phones & 911 service (Jeremy Epstein)
Possibly-wrong expectations about bouncing e-mail (Mark T.B. Carroll)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Tue, 1 Apr 2003 12:56:24 -0500
From: "Mark Batten-Carew" <markbc@paulmartin.ca>
Subject: Rice cooker reprograms pacemaker?
This is an excerpt from a monthly newsletter that sends out interesting
news items. I don't believe this is an April Fools' item, but then who
knows? Mark Batten-Carew
HEARTBREAKING
A Japanese woman's automatic rice cooker changed the settings on her
pacemaker. Doctors doing a routine check up were baffled to find that the
hi tech pumping device they had implanted in the woman, 60, had been
remotely adjusted. They contacted the manufacturer, who visited her home
and found that a rogue rice cooker had somehow beamed signals to the
device. [Source: A&A Economic Digest - April 2003 Edition,
http://www.aacb.com/edigest/, 1 April 2003]
[Quite plausible, in light of previous reported cases of electromagnetic
interference on pacemakers
--- from ACM Software Engineering Notes back issues:
* Arthritis-therapy microwaves set pacemaker to 214, killed patient (S 5 1)
* Retail-store anti-theft device reset pacemaker, man died (S 10 2, 11 1)
* Pacemaker locked up when being adjusted by doctor (S 11 1)
* Electrocauterizer disrupts pacemaker (S 20 1:20)
--- and from RISKS:
* Stores' shoplifting gates can set off pacemakers, defibrillator (RISKS-20.05)
* Heart pacemaker and implantable cardioverter defibrillator
recalls and alerts involve 520,000 devices (S 26 6:8, RISKS-21.60)
PGN]
------------------------------
Date: Tue, 01 Apr 2003 10:43:01 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: eBay reacts to charges against its Paypal operation
Federal prosecutors in Maryland have accused PayPal, the Internet payments
company acquired by eBay, of violating the Patriot Act by facilitating
illegal gambling. The company disclosed the accusation in its annual report
filed with the Securities and Exchange Commission; it says that prosecutors
have offered a complete settlement of all possible claims and notes that the
amount of its earnings from online gambling was less than what prosecutors
asserted. [AP/*San Jose Mercury News*, 31 Mar 2003; NewsScan Daily, 1 Apr
2003]
http://www.siliconvalley.com/mld/siliconvalley/5525363.htm
------------------------------
Date: Thu, 3 Apr 2003 22:09:01 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Pennsylvania won't identify sites blocked for child porn (Ted Bridis)
Mike Fisher, Pennsylvania's attorney general, is citing laws against
distributing child pornography in refusing to identify any of hundreds of
Web sites his office has forced Internet providers to block under a unique
state law that the Center for Democracy and Technology asserts is blocking
Web surfers from accessing legitimate sites, but cannot prove without access
to the list of blocked sites. Fisher's office said disclosing the list of
blocked Web sites would itself be disseminating such pornography, which is
illegal. [Source: Ted Bridis, AP Online, 3 Apr 2003; PGN-ed]
http://finance.lycos.com/home/news/story.asp?story=33704697
------------------------------
Date: Thu, 3 Apr 2003 22:06:12 -0800 (PST)
From: Alpha Lau <avlxyz@yahoo.com>
Subject: The Googlewashing of our language
Taken from Slashdot [1]:
"The Register[2] talks about how a term ("Second Superpower") coined by the
anti-war culture suddenly got radically neutered and altered by a weblog[2]
that a lot of people link to. Searching for the term on Google now brings up
his blog and other people talking about his blog for the first several
entries. Can Google's power to give information to the people be misused and
perverted? This only took 42 days." First the widespread usage of "googling"
to mean web searching, and now this.
The Register article [2] has the details and how powerful google can be.
[3] is the weblog that managed to saturate Google's PageRank.
I had a quick peek on AltaVista and voila, numerous other usages of the term
"Second Superpower" [4].
The Risk? Blindy trusting Google and it's proprietary PageRank algorithm.
Worse yet, as Google gains users trust, it is very easy to trust Google alone.
[1] http://slashdot.org/article.pl?sid=03/04/03/2327239&mode=nested&tid=95
[2] http://www.theregister.co.uk/content/6/30087.html
[3] http://cyber.law.harvard.edu/people/jmoore/secondsuperpower.html
[4] http://www.altavista.com/web/results
?q=Second+Superpower&kgs=0&kls=1&avkw=xytx
------------------------------
Date: Tue, 1 Apr 2003 14:35:48 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Is your television watching you? (Phillip Swann)
Could the federal government find out what you're watching on TV? Even if
you're not the subject of a criminal investigation? If you're a satellite
TV or TiVo owner, the answer is yes, according to legal experts and
industry officials.
Under the USA Patriot Act, passed a month after the 9/11 terrorist attack,
the feds can force a noncable TV operator to disclose every show you have
watched. The government just has to say that the request is related to a
terrorism investigation, said Jay Stanley, a technology expert for the
American Civil Liberties Union.
Under Section 215 of the Act, you don't even have to be the target of the
investigation. Plus, your TV provider is prohibited from informing you
that the feds have requested your personal information. ...
Source: Phillip Swann, TVWeek.com
http://www.tvweek.com/technology/030303isyourtv.html
------------------------------
Date: Tue, 1 Apr 2003 09:42:02 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Website hoax on killer virus triggers Hong Kong panic
[Source: Tan Ee Lyn, Reuters, 1 Apr 2003; PGN-ed]
A teenager's Web Site hoax about the killer virus sweeping Hong Kong sparked
panic food buying and hit financial markets on Tuesday, and the government
said it was placing more than 200 people into isolation camps.
Indonesia, the world's fourth most populous nation, reported its
first three suspected cases. One official said one of the patients
had died but this could not be confirmed.
Severe Acute Respiratory Syndrome (SARS) has now affected almost
1,900 people in at least 12 countries, and 63 are known to have
died.
In Hong Kong, where 685 people have been infected and 16 have died
from the virus, the Web Site hoax forced authorities to deny it
would isolate the entire territory. ...
http://news.lycos.com/news/story.asp?section=Breaking&storyId=691262
------------------------------
Date: Wed, 02 Apr 2003 07:49:12 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: Ellison predicts major shakeout in Silicon Valley
Oracle founder and CEO Larry Ellison says the high-tech industry is poised
for another sweeping consolidation that will eliminate many of his rivals.
"We think there's at least 1,000 Silicon Valley companies that need to go
bankrupt," says Ellison, who predicted Oracle would be one of the
survivors, along with Microsoft and IBM. He noted that nearly all software
profits are generated by five companies (including Oracle), out of hundreds
in the sector. Ellison says companies in Silicon Valley haven't come to
grips with the realities of a maturing industry and have resisted the
changes necessary to improve efficiency: "The whole model doesn't make
sense. There's a bizarre belief that we'll be young forever." [*Wall Street
Journal*, 1 Apr 2003; NewsScan Daily, 2 April 2003]
http://online.wsj.com/article/0,,SB104923666370767900.djm,00.html
(subscription required)
------------------------------
Date: Fri, 04 Apr 2003 09:07:26 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: Music piracy violations: $150K a song
The Recording Industry Association of America (RIAA) has filed lawsuits
against four students it says it misappropriated academic computing
resources to "illegally distribute millions of copyrighted works over the
Internet." Two of the accused students are enrolled at Rensselaer
Polytechnic Institute, one student is enrolled at Princeton, and the fourth
is at Michigan Technological University. If they are convicted, they could
be fined as much as $150,000 for each song they illegally traded. Digital
media analyst Phil Leigh says of the RIAA's action: "This is just another
step in the direction of demonstrating to the public that there will be
penalties for what they consider to be copyright violations. I think they're
attempting to take a carrot-and-stick approach here. They're whacking a few
people with a stick now. And the carrot is the more liberal rules relating
to label-backed subscription online services." [*San Jose Mercury News*,
4 Apr 2003; NewsScan Daily, 4 Apr 2003]
http://www.siliconvalley.com/mld/siliconvalley/5558442.htm
------------------------------
Date: Wed, 2 Apr 2003 10:07:00 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Streaming video: a patent on porn
Acacia Research says it owns five U.S. and 17 international patents covering
the transmission and receipt of digital audio and digital video content,
otherwise known as streaming media. But before attempting to enforce its
patents with big outfits such as Yahoo! and The Walt Disney Co., Acacia
instead chose to go after the smallish adult Internet sites that peddle
videos of women (and men) doffing their clothes--and much more. They sent
letters to 700 racy Web sites with offers to arrange royalty deals,
typically consisting of 1% to 2% of gross revenue. Do the deal or we'll see
you in court, warned Acacia. Eight firms agreed to Acacia's terms. But 40
didn't, and Acacia promptly slapped them with lawsuits. Rather than
buckling, though, several of the porno sites joined together and stood their
ground. Now Acacia is in the fight of its life and may even face a
shareholder revolt as a result. ... [Source: Seth Lubove, Forbes.com,
2 Apr 2003; PGN-ed]
http://www.forbes.com/2003/04/02/cz_sl_0402porn.html
------------------------------
Date: Mon, 31 Mar 2003 13:45:24 -0600
From: "Douglas W. Jones" <jones@cs.uiowa.edu>
Subject: Laws make crypto and untraceable E-mail illegal? (Re: RISKS-22.66)
[See items by Ed Felten (USe a Firewall, Go to Jail), Steve Bellovin
and William Allen Simpson in RISKS-22.66). PGN]
[Some of this legislation] could have bizarre consequences for E-voting
advocates, as well as for the entire Internet community.
I quote from Section 750.540c of the Michigan Penal Code,
Full text online at:
http://www.michiganlegislature.org/mileg.asp?page=getObject&objName=mcl-750-540c-amended
This goes into effect today (March 31, 2003):
(1) A person shall not assemble, develop, manufacture, possess, deliver,
offer to deliver, or advertise an unlawful telecommunications access
device or assemble, develop, manufacture, possess, deliver, offer to
deliver, or advertise a telecommunications device intending to use those
devices or to allow the devices to be used to do any of the following or
knowing or having reason to know that the devices are intended to be used
to do any of the following:
(b) Conceal the existence or place of origin or destination of any
telecommunications service.
(c) To receive, disrupt, decrypt, transmit, retransmit, acquire,
intercept, or facilitate the receipt, disruption, decryption,
transmission, retransmission, acquisition, or interception of any
telecommunications service without the express authority or actual consent
of the telecommunications service provider.
In effect, item 1b makes it illegal to create any anonymous communication
service, and all of the interesting protocols for ballot deposit appear to
rely on anonymization schemes of one kind or another.
Item 1c is really hard to make out. It appears to be intended as an
anti-wiretapping rule, but the plain wording appears to require the express
authority or actual consent of every ISP for any use of that ISP's
facilities; does this mean that if I was in Michigan, I'd have to ask
permission before I hit the send key to E-mail this message? I checked
their definition of telecommunications service provider and it is broad.
The owner of the wire, the owner of the switching systems, they're all
involved and each must give permission.
According to slashdot, a goodly number of states are now considering this
kind of law. See:
http://yro.slashdot.org/article.pl?sid=03/03/28/1541230&tid=103
It's pretty obvious that they haven't thought these bills through.
------------------------------
Date: Tue, 1 Apr 2003 05:29:07 -0800 (PST)
From: Fred Cohen <fc@all.net>
Subject: The reality behind these laws (Re: Firewall, Jail, RISKS-22.66)
As I read the Texas bill, it starts out by saying:
http://www.capitol.state.tx.us/data/docmodel/78r/billtext/pdf/HB02121I.PDF
"A person commits an offense if, with the intent to defraud a communications
service..."
The Michigan bill starts out saying:
http://www.michiganlegislature.org/printDocument.asp
?objName=mcl-750-219a-amended&version=txt
http://www.michiganlegislature.org/printDocument.asp
?objName=mcl-750-540c-amended&version=txt
"(1) A person shall not knowingly obtain or attempt to obtain
telecommunications service with intent to avoid, attempt to avoid, or
cause another person to avoid or attempt to avoid any lawful charge
for that telecommunications service by using any of the following:"
> The Bill analysis basically quotes the MPAA website!
> http://michiganlegislature.org/documents/2001-2002/
> billanalysis/house/htm/2001-HLA-6079-b.htm
This analysis agrees with mine. That these bills increase penalties only
for already illegal actions and possibly criminalize what would currently be
some civil matters. If you are paying for one class of service (e.g., home
use of the Internet for one computer) and using it for another class of
services (e.g., selling access to your neighborhood by putting up a NAT
firewall), you are already violating the law and you will also be violating
these laws.
I know that this was the April 1 issue, but the rumors on these bills are
spreading faster than most computer viruses, and they have been spreading
for several days with increasing intensity and are being taken seriously.
Nothing in these bills in any way prevents firewalling, encryption, etc.
UNLESS it is being used to defraud.
Fred Cohen - http://all.net/ - fc@all.net - fc@unhca.com - tel/fax 925-454-0171
Fred Cohen & Associates - University of New Haven - Security Posture
[defraud ... in the eyes of the accuser! PGN]
------------------------------
Date: Tue, 01 Apr 2003 11:23:41 -0500
From: David Harmon <dmh@tiac.net>
Subject: State Super-DCMAs will be suicidal (Re: RISKS-22.66)
I suspect at least the Michigan state legislature may reconsider -- after
their tech industries pick up and *leave*. The first to go will be the ones
actually working on the criminalized tools etc. These will be followed by
those whose lawyers were paying attention. The third wave will be triggered
as both government and private actors start (ab)using the new laws for
arbitrary "takedowns" of their enemies. Of course, quickly repealing or
nullifying the laws *may* stop the exodus, but I expect the state will still
be regretting this bonehead move for some time, as will any other states who
follow suit.
I do, however, doubt Massachusetts will actually *pass* any such law,
given the assured and powerful opposition of MIT and their *many*
friends. I would hope that whoever introduced it gets stomped at their
next election, but that may be too much to ask. On the other hand, some
of the other states in question may not have techies with enough pull to
make their voice heard.
Of course, a fair number of the companies and persons involved will
decide to leave the country altogether, leaving us with fewer national
resources for defense *or* productivity. Steve Kirsch was right:
> The terrorists have won. They have successfully convinced America to
> attack itself.
(from: http://www.skirsch.com/politics/iraq/Lessons911.htm )
Dave H.
PS: The basic pattern I'm seeing here is that private self-defense "in
cyberspace" is being methodically outlawed. Has anyone *else* noticed
that "we" are slowly dismantling the various obstacles to a _Handmaid's_
_Tale_ style techno-coup?
------------------------------
Date: Mon, 31 Mar 2003 16:11:25 -0500
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Draft legislation on using crypto
Cheating on income taxes or neglecting to pay sales taxes on online
purchases could get you five extra years in prison if the government
succeeds in restricting data-scrambling technology, and discourage human
rights workers to protect sensitive data. Draft legislation circulating in
the Justice Department would extend prison sentences for using encryption in
the commission of a crime, something encryption advocates fear would achieve
little in catching terrorists and hurt only legitimate uses of cryptography.
The new proposal is part of the proposed Patriot II legislation. [Source:
Anick Jesdanun, *The Washington Post*, 31 Mar 2003; PGN-ed via Dave Farber]
[The full item is available on Dave's IP Archives:
http://www.interesting-people.org/archives/interesting-people/
PGN]
------------------------------
Date: Mon, 31 Mar 2003 21:21:10 -0500
From: "David P. Reed" <dpreed@reed.com>
Subject: Re: Draft legislation on using crypto (RISKS-22.67)
If they declare that encryptions are arms, perhaps we should point out the
Second Amendment (favorite of the National Rifle Association) guarantees the
right to keep and bear arms. [via Dave Farber's IP]
------------------------------
Date: Mon, 31 Mar 2003 19:53:22 -0500
From: "Robert I. Eachus" <rieachus@attbi.com>
Subject: Patriot software again a concern?
The two Patriot "failures" in have different -- and understandable --
modalities. Whether these incidents were indicative of a problem with the
system has to be determined. The first thing you have to understand is that
once a missile has been fired, if an aircraft flies between the target and
the Patriot radar on the ground, the missile can acquire the closer aircraft.
The Patriot operator can tell the radar not to track the closer aircraft
when that plane is showing friendly IFF. If this happens, the missile
should reacquire the original target. Off course, if the missile is close to
the aircraft, the wrong target may be attacked anyway.
This seems to be what happened in the incident where the British aircraft
was shot down. It is not clear whether there really was an enemy
missile -- or if the incoming was really a mortar shell.
The decision to put IFF recognition in the Patriot ground systems but not in
the missiles is both a practical design decision and a military one. If the
enemy starts broadcasting "your" IFF code do you want the Patriot system to
be able to override IFF recognition?
In the second incident, the operators were again under attack and apparently
"unassed" the control trailer. My guess is that the radar was in TWS (track
while scan) mode, and the F-15 countermeasures read it as a lock-on -- which
of course it was. If the Patriot battery had been manned they could have
either told the radar not to lock on to the F-15, or turned off the radar so
that the HARM would have lost lock.
In both cases, note that the situation was a typical one for "friendly fire"
incidents -- multi-mode attacks that haven't been considered by the rules of
engagement.
------------------------------
Date: 31 Mar 2003 15:02:39 -0800
From: tar@ISI.EDU (Thomas A. Russ)
Subject: Friendly Fire and the Perils of Statistical Reasoning
Actually, having it be higher in the first Gulf War is not really that
astounding, given the general circumstances. In that war, the overwhelming
majority of all casualties were inflicted by the Coalition Forces. Given
that tremendous disparity, even a very small error rate applied to the
casualty causation numbers would end up being a very large part of the
overall casualties.
While good figures for the Iraqis are hard to come by, CNN's web site lists
the following. Coalition 213 combat fatalities (plus another 145 nonbattle
deaths). Iraqi military fatalities estimated at 100,000. If the latter is
true, then having just a 0.1% error rate would explain about 100 friendly
casualties or about half of all of them...
(CNN did not break down US casualties by cause, although British losses were
listed as 24, 9 by U.S. fire).
Thomas A. Russ, USC/Information Sciences Institute tar@isi.edu
------------------------------
Date: Mon, 31 Mar 2003 10:27:41 +0100
From: Anthony Youngman <Anthony.Youngman@ECA-International.com>
Subject: Re: Friendly fire (RISKS-22.65)
In the first Gulf War, our (the British) "friendly fire" casualties were
about FIFTY percent of total casualties. Nearly all of them were caused by
a single American "hunter air patrol" which, while OUT of its patrol area,
and OUT of radio touch (accidental or deliberate?) with its controllers,
mis-identified two Warrior APCs as Iraqi and destroyed them.
It caused considerable bad press over here, and the impression left was that
the pilots were fed up with not finding targets, wanted to attack
something/anything, and had pretty much disobeyed orders in order to find
something to shoot at. Shame it was a bunch of soldiers on the same side ...
------------------------------
Date: Wed, 02 Apr 2003 20:34:30 -0800 (PST)
From: Lauren Weinstein <lauren@vortex.com>
Subject: NCIC: "Death by Oops?"
The latest "Fact Squad Radio" short audio segment may be of interest. It
concerns the issue of data accuracy in the FBI's NCIC system. It's called:
"The FBI NCIC: Death by Oops?"
and is available via:
http://www.factsquad.org/radio
+1 (818) 225-2800 lauren@pfir.org
PFIR: People For Internet Responsibility - http://www.pfir.org
------------------------------
Date: Thu, 03 Apr 2003 00:02:47 GMT
From: Paul Hirose <x3xpp-c52ye-0401@earthlink.net>
Subject: POW Social Security numbers revealed
The current war in Iraq has highlighted a risky practice the Pentagon has
been following for many years: using the Social Security number as a
military member's "service number". Americans taken POW have been seen and
heard on television identifying themselves as required by the Geneva
Convention. Naturally this included reciting their SSNs.
In every case I've seen (all on American TV), the interview was edited so
only the first few digits were revealed. I'm not sure who did this; I hope
it occurred at the source (presumably Iraqi state television).
The use of SSNs as service numbers was an issue even before the war. In one
incident, some senior officers suffered identity theft when their SSNs were
published in the Congressional Record:
http://www.washingtonpost.com/ac2/wp-dyn/A35194-2000Apr7?language=printer
Foreign readers should understand the SSN is practically an American's
national identity number, heavily used by the government, employers, banks,
even schools. Broadcasting a POW's name and SSN worldwide creates a severe
risk of identity theft and invasion of privacy.
Perhaps when the change to SSNs occurred (in the Vietnam era, according to
the newspaper article) the danger seemed minimal. But times have
changed. The Pentagon should revert to service numbers which have no meaning
or usefulness outside the military.
Paul Hirose <x3xpp-c52ye-0401@earthlink.net>
------------------------------
Date: Wed, 2 Apr 2003 10:54:10 -0500
From: Jeremy Epstein <jeremy.epstein@webmethods.com>
Subject: Cell phones & 911 service
*The Washington Post* reports on a number of cases where calling 911 from a
cell phone was routed to the wrong jurisdiction, so "response to a
life-threatening -- and ultimately fatal -- emergency was delayed because a
cell phone call to 911 didn't work the way it was supposed to".
The examples given were a caller in Chillum MD routed to 911 in Washington
DC (an immediately adjacent jurisdiction) and the recent case [RISKS-22.58]
where teenagers in Long Island Sound drown because 911 wasn't able to
determine where the call was coming from. They note that in the Chillum
case, the problem occurred because "a wireless signal can get picked up by
the wrong cell phone tower".
In this case, though, the technology isn't at fault, despite what *The Post*
says. Radio waves don't respect human boundaries; the cell phone goes to
the nearest/strongest signal (not sure exactly how this works). If I stand
on one side of a street, I can be in a different jurisdiction from the other
side of the street. There's no way for the cell tower to know which side of
the street I'm on, and route the call to the correct 911 location. The RISK
is that 911 dispatchers aren't trained to recognize calls from adjacent
jurisdictions and route them appropriately.
http://www.washingtonpost.com/wp-dyn/articles/A54802-2003Mar30.html
------------------------------
Date: Fri, 4 Apr 2003 07:50:16 -0500 (EST)
From: "Mark T.B. Carroll" <Mark.Carroll@Aetion.com>
Subject: Possibly-wrong expectations about bouncing e-mail
I have domain names with short names where all e-mail to anyone at that
domain comes past me. One thing I find is that people from organisations
that have a similar domain name to one of mine send their inter-office
stuff to me as they mistype their own organisation's domain name in the
intended recipients' addresses. I wonder if they would be more careful
with internal documents if they realised it is actually not all that
improbable that e-mail to Some.Odd.Name@wrong-short.domain that doesn't
look like spam will be read by at least somebody instead of being bounced
automatically.
------------------------------
Date: 29 Mar 2002 (LAST-MODIFIED)
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. Alternatively, via majordomo,
send e-mail requests to <risks-request@csl.sri.com> with one-line body
subscribe [OR unsubscribe]
which requires your ANSWERing confirmation to majordomo@CSL.sri.com .
If Majordomo balks when you send your accept, please forward to risks.
[If E-mail address differs from FROM: subscribe "other-address <x@y>" ;
this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
Lower-case only in address may get around a confirmation match glitch.
INFO [for unabridged version of RISKS information]
There seems to be an occasional glitch in the confirmation process, in which
case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
.UK users should contact <Lindsay.Marshall@newcastle.ac.uk>.
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info
The full info file will appear now and then in future issues. *** All
contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
=> ARCHIVES are available: ftp://ftp.sri.com/risks or
ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
[volume-summary issues are in risks-*.00]
[back volumes have their own subdirectories, e.g., "cd 21" for volume 21]
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue].
Lindsay Marshall has also added to the Newcastle catless site a
palmtop version of the most recent RISKS issue and a WAP version that
works for many but not all telephones: http://catless.ncl.ac.uk/w/r
http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
http://www.csl.sri.com/illustrative.html for browsing,
http://www.csl.sri.com/illustrative.pdf or .ps for printing
------------------------------
End of RISKS-FORUM Digest 22.67
************************
