[3067] in RISKS Forum
Risks Digest 23.53
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Thu Sep 16 14:36:41 2004
From: RISKS List Owner <risko@csl.sri.com>
Date: Thu, 16 Sep 2004 11:36:24 PDT
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Thurs 16 September 2004 Volume 23 : Issue 53
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/23.53.html>
The current issue can be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Two human errors silenced Los Angeles area airports (Ben Moore,
Keith Price, Kent Borg)
Korean Airport subject to hackers, viruses, worms, etc. (Bob Heuman)
Homeland Security Science&Technology BAA and Industry Day (Douglas Maughan)
Registration 'nightmare' at UMass (Monty Solomon)
Robert Heinlein Does it Again! Re: e-voting (Paul Robinson)
E-Voting in Nevada (NewsScan)
Electronic voting in Canada (Richard Akerman)
Maryland rules against opponents of e-voting machines (NewsScan)
Washington State primary and voting machines (Paul A Below)
Order of names on electronic ballot (James Meade)
Re: Shutting the train door before the commuter has bolted (Nick Brown)
Wired: Pentagon revives memory project (Joe Shead)
Re: More ID theft, via laptop (F. Barry Mulligan)
Updating the Screaming Telephone (Debora Weber-Wulff)
Re: German TollCollect System (Debora Weber-Wulff)
Re: German unemployment system (Debora Weber-Wulff)
Re: U.S. air travel without government identification (Kathy Gill)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Thu, 16 Sep 2004 14:18:11 GMT
From: "Ben Moore" <ben.moore@juno.com>
Subject: Two human errors silenced Los Angeles area airports
[Source: *LA Times* article, 16 Sept 2004, by Ricardo Alonso-Zaldivar, Eric
Malnic and Jennifer Oldham, PGN-ed]
http://www.latimes.com/news/local/la-me-faa16sep16,1,5928253,print.story
?coll=la-home-headlines
Two separate human errors caused a breakdown in radio communications around
4:30 pm on 14 Sep 2004 that lasted for three hours and brought Southern
California's major airports to a near-stop. There were at least five
instances in which planes came too close during the first 15 minutes of the
communications breakdown.
The FAA's radio system in Palmdale shut itself down because a technician
failed to reset an internal clock -- a routine maintenance procedure
required every 30 days by the FAA. Then a backup system failed, also as a
result of technician error, officials said. (The Palmdale radar system did
not shut down.)
FAA officials said they had known for more than a year that a software
glitch could shut down radio communications and were in the process of
fixing it. In the meantime, they required manual resetting of the
communications system -- a process they described as similar to rebooting a
personal computer. The problem so far has been corrected only in Seattle,
one of 21 FAA regional air-traffic control centers that have used the system
since the mid-1990s. [This is the same problem that was discovered over a
year ago in the Atlanta ATC facility.]
About 30,000 passengers were affected, with 500 or 600 spending the night in
the terminals. The backlog of incoming flights was not cleared until 3
a.m. Wednesday. At LAX, 450 flights were diverted or canceled and another
150 were delayed. An additional 32 were canceled Wednesday morning because
the aircraft did not arrive Tuesday night. Neighboring airports also
experienced significant delays.
------------------------------
Date: Thu, 16 Sep 2004 09:54:55 -0700 (PDT)
From: Keith Price <price@usc.edu>
Subject: Two human errors silenced Los Angeles area airports
I was struck by the details at the end of the *Los Angeles Times* article
[PGN-ed herewith]:
http://www.latimes.com/news/local/la-me-faa16sep16,1,3729661.story
?coll=la-home-headlines
... As originally designed, the VSCS system used computers that ran on Unix.
The VSCS system was built for the FAA by Harris Corp. of Melbourne, Fla., at
a cost of more than $1.5 billion. When the system was upgraded about a year
ago, the original computers were replaced by Dell computers using Microsoft
software. Baggett said the Microsoft software contained an internal clock
designed to shut the system down after 49.7 days to prevent it from becoming
overloaded with data. Software analysts say a shutdown mechanism is
preferable to allowing an overloaded system to keep running and potentially
give controllers wrong information about flights.
Richard Riggs, an advisor to the technicians union, said the FAA had been
planning to fix the program for some time. "They should have done it before
they fielded the system," he said.
To prevent a reoccurrence of the problem before the software glitch is
fixed, Laura Brown, an FAA spokeswoman, said the agency plans to install
a system that would issue a warning well before shutdown.
Greg Martin, the chief FAA spokesman in Washington, said the failure was not
an indication of the reliability of the radio communications system itself,
which he described as "nearly perfect."
------------------------------
Date: Thu, 16 Sep 2004 10:01:54 -0400
From: Kent Borg <kentborg@borg.org>
Subject: Two human errors silenced Los Angeles area airports
According to a report I heard this morning on KCRW, the system shut itself
down on purpose because it had not received its regular 30-day preventive
maintenance!
At first glance this seems crazy: a nicely functioning system comes to a
halt because some calendar flipped over. There were several close calls on
Tuesday because a 30-day timer expired.
However, a coworker of mine made a good point on the likely reason the
system designers took the 30-day time period so seriously: Records. These
systems record radar data and radio transmissions. After 30-days the tapes
(or whatever they use) are probably full. That's pretty serious. It *is* a
safety concern, but probably not something worth halting over.
It is instead a situation to be avoided. I suggest that several days before
the clock is up the system should complain loudly, and probably complain to
the air traffic controllers who are in a position to notice and to do
something about it.
Were this a modern system (doesn't the FAA periodically try to build a
replacement and fail?) I would suggest that there also be e-mailed warnings,
and that if the limit is reached, the system start overwriting old data
instead of shutting down. As it is, the system might not be capable of
either.
However, be wary of systems that degrade gracefully, for unless they
inflict some pain in an attempt to right their hurt, they will tend to
always operate in a degraded state.
------------------------------
Date: Sun, 05 Sep 2004 02:01:56 -0400
From: "R.S. (Bob) Heuman" <rsh@idirect.com>
Subject: Korean Airport subject to hackers, viruses, worms, etc.
Nothing new, of course. If one is going to share a network with the world,
and have no meaningful controls or security, the result is almost always
going to result in the following type of news item.
Only 7,345 viruses in a day or two? Not all that bad, is it, if they were
all stopped and did no damage, and we do NOT know what was defined as a
virus, nor whether the code was viral, or simply backdoors and other junk.
South Korea's Incheon International Airport was reported to be highly
vulnerable to online attacks from hackers and viruses. Incheon's computer
network is vulnerable because it's shared by private airlines and tourist
agencies located in the airport. The National Intelligence Service said
in a report that 7,345 computer viruses were detected May 3-4 in 116
businesses operating within the airport, and that electronic glitches
could lead to flight crashes or other accidents. "There is a high
possibility that Incheon International Airport will be exposed to online
attacks like computer viruses and direct hacking." [Source: UPI via
*Korea Times*, 4 Sep 2004, PGN-ed]
------------------------------
Date: Wed, 15 Sep 2004 22:17:54 -0400
From: "Douglas Maughan" <Douglas.Maughan@dhs.gov>
Subject: Homeland Security Science&Technology BAA and Industry Day
Cyber attacks are increasing in frequency and impact. These attacks continue
to demonstrate that there are extensive vulnerabilities in information
systems and networks, many with the potential for serious damage.
In an effort to reduce these vulnerabilities, the Department of Homeland
Security's Science and Technology Directorate (DHS S&T) has issued a Broad
Area Announcement (BAA 04-17) [see http://www.hsarpabaa.com/] for the
research, development, and deployment of technologies to protect our
nation's cyber infrastructure. DHS S&T intends to evaluate cyber security
technologies for use in operational units within DHS, as well as federal,
state, and local sectors -- for the purpose of increased homeland security.
Many of these technologies will address security needs in the larger public
Internet as well.
HSARPA anticipates that up to $4.5M in funding in FY 2004 will be available
for multiple awards via the solicitation, with a total anticipated amount of
$12-15M over the next 36 months. Copies of the BAA may be downloaded from
the FedBizOpps web site at www.FedBizOpps.gov or at www.hsarpabaa.com. The
HSARPA CSRD BAA 04-17 solicits proposals that address at least one of the
seven technical topic areas:
TTA 1 - Vulnerability Prevention
TTA 2 - Vulnerability Discovery and Remediation
TTA 3 - Cyber Security Assessment
TTA 4 - Security and Trustworthiness for Critical Infrastructure Protection
TTA 5 - Wireless Security
TTA 6 - Network Attack Forensics
TTA 7 - Technologies to Defend against Identity Theft
In addition, HSARPA will hold an Industry Day and Bidders Conference for the
CSRD BAA on September 23rd at the Hilton Crystal City in Arlington,
Virginia. All interested attendees must register online at
https://www.enstg.com/signup/passthru.cfm?ConferenceCode=DHS26146 or linking
from www.hsarpabaa.com.
Douglas Maughan, Ph.D., Program Manager, Cyber Security R&D
Department of Homeland Security, Science and Technology Directorate
Homeland Security Advanced Research Projects Agency
1120 Vermont Avenue, NW, 8th Floor, Washington, DC 20528
Phone: 202-254-6145 Fax: 202-254-6170 Cell: 202-360-3170
E-mail: Douglas.Maughan@dhs.gov
[I thought this item would be of interest to many RISKS readers -- not
just those of you who might write proposals, but to the rest of you who
have a keen sense of the vulnerabilities and threats that desperately need
to be addressed more systematically. PGN]
------------------------------
Date: Wed, 15 Sep 2004 00:16:45 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Registration 'nightmare' at UMass
Computer woes keep many students from class sign-up
By Hiawatha Bray, *The Boston Globe*, 14 Sep 2004
For 25,000 students and faculty on the Amherst campus of the University of
Massachusetts, last week's start of the new term was even more hectic than
usual, thanks to a computer malfunction that prevented many students from
signing up for classes. ... The university uses software from PeopleSoft
Inc. to manage student registration. During the summer, campus computer
administrators installed the latest version of the software but apparently
something went wrong.
http://www.boston.com/business/technology/articles/2004/09/14/registration_nightmare_at_umass/
------------------------------
Date: Sat, 28 Aug 2004 21:43:49 GMT
From: Paul Robinson <postmaster@paul.washington.dc.us>
Subject: Robert Heinlein Does it Again! (Re: e-voting)
In the 1980s, when it was discovered that the wife of the leader of the free
world was using an astrologer to chart her husband's political career, it
was noted that the exact same practice was predicted by Robert A. Heinlein
in his book, "Stranger in a Strange Land" which was published more than a
generation before the revelations about Nancy Reagan.
Robert Heinlein also showed how you can steal an election without anyone
being the wiser: you use a computer system to count votes, where the
computer system's integrity is trusted and there is no means to provide a
reliable audit trail outside of the computer system.
He wrote about that in "The Moon is a Harsh Mistress" which was first
published in 1966. And nearly 40 years later, (almost) nobody seems to have
remembered yet another of the late, great Bob Heinlein's prophetic views.
"The lessons of history teach us -- if the lessons of history teach us
anything -- that nobody learns the lessons that history teaches us."
------------------------------
Date: Mon, 13 Sep 2004 08:34:11 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: E-Voting in Nevada
Nevada $9.3 million voting system worked well in last week's primary.
California official Marc Carrel, who observed the election, says, "They were
incredibly organized. I think California could pull off a similar election
if we had adequate training and education programs for poll workers and
voters." Printers attached to the systems offer assurances that elections
can be fully audited, and a spokesman for Sen. Dianne Feinstein says, "The
Nevada election demonstrates that you can have efficient electronic voting
machines yet at the same time have a paper trail so voters can be assured
they've voted accurately and their vote is being recorded accurately." But
Georgia elections director Kathy Rogers warns that the printers could have
unintended consequences, allowing unethical poll workers to determine how
individuals voted: "We seem to have traded a secret ballot for this piece of
paper." [AP/*USA Today*, 13 Sep 2004; NewsScan Daily, 13 Sep 2004]
http://www.siliconvalley.com/mld/siliconvalley/9647591.htm
------------------------------
Date: Sun, 12 Sep 2004 15:47:00 -0300 (ADT)
From: Richard Akerman <rakerman@chebucto.ns.ca>
Subject: Electronic voting in Canada
The Chief Election Officer ("CEO") of Ontario has produced a report "Access,
Integrity and Participation: Towards Responsive Electoral Processes for
Ontario"
http://www.electionsontario.on.ca/usr_files/election_report_2003_en.pdf
in which he calls for the examination of "21st century automation" such as
electronic and Internet voting.
I'm not sure what problem they're trying to fix. Cringely has said "My
model for smart voting is Canada" because of our simple paper-based,
hand-counted system.
http://www.pbs.org/cringely/pulpit/pulpit20031211.html
Unfortunately, many Canadian elections officials seem determined to bring in
electronic voting technologies anyway.
There has already been Internet voting in Markham Ontario.
http://tinyurl.com/2sv8j
New Brunswick's chief electoral officer also is interested in electronic
voting, which has already been tried in Saint John NB.
http://tinyurl.com/7x3nj
There doesn't seem to be any organized opposition to electronic voting in
Canada.
I have written a summary of the current situation in my blog about the
issue, Paper Vote Canada.
http://tinyurl.com/3vqqu
http://blog.papervotecanada.ca/2004/06/summary-of-canadian-electronic-voting.html
(This story has also been submitted to Slashdot.)
Richard Akerman <rakerman@chebucto.ns.ca> http://www.akerman.ca/
------------------------------
Date: Wed, 15 Sep 2004 07:39:22 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: Maryland rules against opponents of e-voting machines
Maryland's highest court has rejected demands to allow citizens who distrust
TouchScreen voting machines to use paper ballots to ensure the paperless
devices are accurate and secure. Ryan Phair, attorney for the defeated
plaintiff group called TrueVoteMD, complains: "We're basically playing
Russian roulette. We know there is vulnerability. It is just a matter of
time until it happens." TrueVoteMD vows to continue its legal battle to
force the state to use printers on electronic machines in future elections.
[AP/*San Jose Mercury News*, 14 Sep 2004; NewsScan Daily, 15 Sep 2004]
<http://www.siliconvalley.com/mld/siliconvalley/9662979.htm>
------------------------------
Date: Wed, 15 Sep 2004 13:24:09 -0400
From: "Below, Paul A" <paul.below@eds.com>
Subject: Washington State primary and voting machines
Washington State was forced to implement a primary that required the voter
to declare a party preference before voting for that party's candidates. In
addition, the ballot contained a nonpartisan section that all voters were
supposed to be able to use, whether or not they declared a party preference.
News story:
http://seattletimes.nwsource.com/html/localnews/2002036002_primary15m.html
<http://seattletimes.nwsource.com/html/localnews/2002036002_primary15m.html>
After the machine returned his ballot, a poll supervisor at Hobart Community
Church asked whether he had chosen a political party (he had not) and
whether he had deliberately not chosen a party. His ballot was accepted only
after the supervisor opened the machine and pressed a button overriding its
programming. "So much for secret ballots," said Sterling, who claims that
yesterday's voting procedures violate the state constitution's guarantee of
"absolute secrecy" in preparing and depositing ballots. At some King County
polling places, the override button either didn't function properly or
workers didn't know how to use it. Stephen McCloskey watched a frustrated
nonpartisan voter declare a party preference at St. Anne Church in Seattle
because a poll worker couldn't find any other way to get a machine to accept
the woman's ballot. When a voting machine wouldn't accept David Miller's
nonpartisan ballot at Crown Lutheran Church in Seattle, a poll worker put
his ballot on the side of the machine to be counted later. "This leaves my
ballot unprotected for marking at a later time," Miller said.
------------------------------
Date: Tue, 14 Sep 2004 12:47:13 -0700
From: "James Meade" <james.meade@siemens.com>
Subject: Order of names on electronic ballot
As an IEEE member, I recently received my ballot to vote for various
offices. The paper ballot very carefully says that "The order of candidate
names indicates no preference. Ballots have been prepared so that the order
randomly varies." You then have the option of voting on the paper ballot by
traditional mail or voting electronically. Feeling adventurous, I went the
electronic route and surprise, the electronic ballot has the candidates'
names for each office in alphabetic order. The risk? The two voting methods
(paper vs electronic) may provide different results, based on the spelling
on the candidates' name. It's well-known that candidates listed at the top
have an advantage over those listed further down. If my name were John
Adams, I'd be pushing for people to vote electronically. Jim Meade /
Systems Engineer
------------------------------
Date: Fri, 10 Sep 2004 18:16:00 +0200
From: Nick Brown <Nick.BROWN@coe.int>
Subject: Re: Shutting the train door before the commuter has bolted (R-23.52)
Standard GPS is nowhere near accurate enough for this sort of application.
It's possible that the designers assumed that they would be able to use
EGNOS-enhanced GPS signals, which will give 1-2 metre accuracy, but at the
time of writing, I don't think that the UK falls within the footprint of any
EGNOS-transmitting satellite, due to a combination of EGNOS system
implementation delays and a satellite launch problem (both well-known RISKs,
of course).
The discussion as to whether or not a system with even this degree of
accuracy, and the complexity of manual override described, is a good idea,
is of course still equally valid.
------------------------------
Date: Mon, 13 Sep 2004 13:08:50 -0500
From: "Joe Shead" <Joe@sheadprogramming.com>
Subject: Wired: Pentagon revives memory project
The Department of Defense is handing out contracts for a project to record
what soldiers see and do in battle zones. The new initiative closely
resembles another, called LifeLog, that the Pentagon scrapped months ago.
Wired.com article by Noah Shachtman:
http://www.wired.com/news/privacy/0,1848,64911,00.html?tw=wn_story_mailer
------------------------------
Date: Fri, 10 Sep 2004 23:35:59 -0400
From: "F. Barry Mulligan" <mulligan@acm.org>
Subject: Re: More ID theft, via laptop (Lesher, RISKS-23.52)
When the Red Cross started asking for SSN, long before identity theft and
data mining hit the popular lexicon, I refused and they just assigned an
in-house number. What I remember is the nurse's immediate response: "Do you
work for IBM?". When queried, she said that at blood drives at the IBM
division headquarters none of the engineers and programmers would give their
SSNs. When I suggested that perhaps they knew something she didn't, she
acquired a rather thoughtful expression that lasted through the rest of the
interview.
------------------------------
Date: Fri, 10 Sep 2004 16:29:13 +0200
From: Debora Weber-Wulff <weberwu@fhtw-berlin.de>
Subject: Updating the Screaming Telephone (DWW, RISKS-23.51)
I reported in RISKS-23.51 on the Siemens 65 family of mobile phones that
suffer from, if you will, terminal screaming (a painfully loud sound when
the battery is empty).
Siemens rushed to put an update on its site, bringing down the wrath of many
mobile phone providers who had had to pull the phones off their shelves and
had not yet tested the update. They forced Siemens to remove not just the
link but also the files until they were happy with the fix.
On 9 Sep 2004, Siemens blanketed the print media with a very unconventional
ad [2] - "Oops, that was our moose test" (DaimlerBenz had some problems 1997
with tests they performed on their A-class cars [1] - when doing the 'moose
test', i. e. swerving to miss a big thing in the middle of the road, the
cars had an annoying tendency to flip over).
In a very friendly, humorous but rueful tone the ad describes the "little
technical problem" that is "extremely seldom", but we owe it to our
customers etc. who expect quality products etc. etc. It then goes on: "We
have learned that nobody is perfect. But one can learn from errors, and
react honestly, openly, and fairly." [translations dww]
This is an amazingly open ad from a company that prefers rather cool, calm,
and collected, buttoned-up ads. So even with the technical problems the
company has had, they seem to have hired some good spin doctors.
The software update is at [3] - there are *10* different versions, one for
each type of mobile phone. Wouldn't it make business sense to have just one
sort of basic kind of program that was modular and would work on all of the
different kinds of phone?
[1] http://www.krisennavigator.de/mafa4-d.htm
[2] http://www.gwa.de/modules/news/index.php?show=all&news_id=1439&pos=0
[3] http://www.siemens-mobile.de/cds/frontdoor/0,2241,de_de_0_66868_rArNrNrNrN,00.html
Prof. Dr. Debora Weber-Wulff, FHTW Berlin, FB 4, Treskowallee 8, 10313 Berlin
+49-30-5019-2320 http://www.f4.fhtw-berlin.de/people/weberwu/
------------------------------
Date: Fri, 10 Sep 2004 17:04:13 +0200
From: Debora Weber-Wulff <weberwu@fhtw-berlin.de>
Subject: Re: German TollCollect System (DWW, RISKS-23.51)
The woes of the German TollCollect (RISKS-23.51) continue as the German
government sues the consortium of Telekom and DaimlerChrysler to the tune of
4.5 billion Euros for damages arising because the toll system, which was
supposed to start in August 2003, has now slipped to January 2005. The
consortium vigorously denies needing to pay anything.
The *Berliner Zeitung* from 10 Sep 2004 quotes an internal report by
DaimlerChrysler that states "The possibility of a late deployment was clear
from the very beginning." These are normal, well-known "risks for the
project development and project implementation". So we don't know how to do
it any better?
The article goes on to report that both the German transport ministry and
TollCollect now no longer doubt the technical feasibility of the system. (If
they did have doubts, why were they building such a complicated and
expensive system with tax dollars in the first place?!).
The reliability testing is now said to be at 99% (up from 97% 2 weeks ago,
if this is indeed based on a test and not on a reporter's
exaggeration). There need to be about 500 000 OBU (On Board Units) installed
on trucks by the beginning of next year. Two weeks ago we had 37000 reported
installed, now we have 45000 units reported installed. There are 15 more
weeks in the year, so if they continue at this rate they will only have to
put in about 280 000 units between Christmas and New Year's to have a
functioning system....
Prof. Dr. Debora Weber-Wulff, FHTW Berlin, FB 4, Treskowallee 8, 10313 Berlin
+49-30-5019-2320 http://www.f4.fhtw-berlin.de/people/weberwu/
------------------------------
Date: Tue, 14 Sep 2004 08:51:42 +0200
From: Debora Weber-Wulff <weberwu@fhtw-berlin.de>
Subject: Re: German unemployment system
Germany seems to be a hotbed of stuff like this at the moment. There is a
monstrous disaster brewing over the new unemployment system. At the rate at
which the politicians are assuring people that everything will work just
fine on 1 Jan 2005, I am sure that it will be in the class of the toll
collect woes. This one might just bring down the government, though, because
the mob is angry. And if they don't get their unemployment checks cut on
time, there will be hell to pay....
------------------------------
Date: Tue, 14 Sep 2004 16:45:34 -0700
From: kathy gill <kegill@u.washington.edu>
Subject: Re: U.S. air travel without government identification
In response to Dan's story about air travel without an ID - here is a
similar one originating in Seattle.
Last September (2003), my SO and I were flying from SEA to Charlotte NC
where we planned to pick up a car and drive down to Georgia. When we were
about 15 minutes from SeaTac -- and 20 minutes from home with a little more
than an hour before our flight -- Mike realized he had left his wallet at
home. We ride motorcycles, and he had put his wallet in his gear because he
needed to buy gas. He forgot to put it back in his pants.
I phoned the airline, even though we knew we'd never make it if we drove
home, got the wallet, and returned -- unless the plane was running late (an
unusual occurrence for a red-eye flight). The person on the other end
(United) said that the decision to let him fly or ground him would be made
by both the check-in desk and security: in other words, two gauntlets.
He did have his Microsoft photoID, because he wears it on a retractable clip
and it lives on his pants. Unlike Dan, Mike had NO ID other than his MSFT
badge -- no credit cards, no SS card, not even a business card.
Fortunately, I'd made the flight arrangements (and had ID and CC) and we had
our boarding passes, which were printed at home.
Like Dan, Mike was shuttled through a more invasive security check in.
"No ID?" was the question that greeted him as well. No other questions,
even though he sports a ponytail.
We had a friend overnight mail the wallet (yeah FedX) the next day, because
we were to be gone for a week, and we didn't want to chance his not being
able to fly out of Charlotte. And yes, there were risks, there, too, but at
the time, we thought they were the lesser of the two sets.
Kathy E. Gill, Department of Communication, University of Washington
http://faculty.washington.edu/kegill/
------------------------------
Date: 2 Jun 2004 (LAST-MODIFIED)
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. To subscribe or unsubscribe via
e-mail to mailman your FROM: address, send a message to
risks-request@csl.sri.com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit the process by sending directly to either
risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
INFO [for unabridged version of RISKS information]
.UK users should contact <Lindsay.Marshall@newcastle.ac.uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
<http://www.CSL.sri.com/risksinfo.html>
The full info file may appear now and then in future issues. *** All
contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks [subdirectory i for earlier volume i]
<http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
<http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
------------------------------
End of RISKS-FORUM Digest 23.53
************************
