precedence: bulk Subject: Risks Digest 21.68 RISKS-LIST: Risks-Forum Digest Monday 8 October 2001 Volume 21 : Issue 68 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at and by anonymous ftp at ftp.sri.com, cd risks . Contents: Rocket plunges into Indian Ocean (PGN) New interest in network security (NewsScan) Another unitary transformation (Rodney Polkinghorne) AOPA's TurboMedicalsm eases medical application process (Richard Glover) Ham radios in the aftermath of 11 September 2001 (Richard Murnane) 11 Sep 2001: Risks of electronic surveillance (Gisle Hannemyr) Re: "The Risks Are Obvious" (Amos Shapir) Risks of bogus e-mail addresses "FROM: ObL" (Peter Wayner) Remote control of airliners (Steve Bellovin) Re: Oxygen tank kills MRI exam subject (Leonard X. Finegold) MS Front Page 2002 Licence Agreement (Alistair McDonald) Re: Creator of Kournikova virus gets 150 hours ... (Gene Berkowitz) Re: Hacker re-writes Yahoo! (Mark Hull-Richter) Trusted Computing, and Embedded and Hybrid Systems - new NSF programs (Wm Randolph Franklin) Computer Security Applications Conference + Advance Program (Jay Kahn) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, 22 Sep 2001 09:01:03 -0700 (PDT) From: "Peter G. Neumann" Subject: Rocket plunges into Indian Ocean On 21 Sep 2001, a Taurus rocket went off-course 83 seconds after launch. Carrying an Orbital Imaging satellite, a NASA ozone-monitoring QuikTOMS satellite, and the cremated remains of 50 people ($5300 each), the rocket failed to reach its intended altitude and velocity despite an attempted correction, resulting in loss of the payloads. NASA's share of the cost was estimated at $50M. It was the second Orbital Sciences rocket lost in less than four months. [Source: AP item in Newsday.com, 22 Sep 2001, PGN-ed] ------------------------------ Date: Tue, 02 Oct 2001 08:39:44 -0700 From: "NewsScan" Subject: New interest in network security Security companies are being deluged with business opportunities, and CEO Peggy Weigle of the Internet security firm Sanctum explains, "Network security used to be a necessary evil, but now it's a core value of companies." Doing security audits commissioned by 300 organizations, Weigle found the results "scary" and said, "We could have stolen flight manifests, personnel files, sensitive data... We could have easily gotten onto a flight illegally." Research firms Gartner and IDC predict that the network security market in the U.S. will grow 20% to 24% a year between now and 2005. [USA Today 2 Oct 2001; NewsScan Daily, 2 Oct 2001] http://www.usatoday.com/life/cyber/tech/2001/10/2/network-security.htm ------------------------------ Date: Mon, 08 Oct 2001 10:14:17 +1000 From: Rodney Polkinghorne Subject: Another unitary transformation Nature, the journal that told us about cold fusion, posts summaries of recent physics papers at . One of these, "Bose, Einstein and chips," reads: On the atom chip, the magnetic potential minimum that confines the atoms is barely a millimetre or so wide, and it holds the condensate an ultracold cloud of around 1,600 rubidium atoms about 70-440 mm above the chip surface. Or, as a read-source-ful scientist might discover: about 70–440 mm above the chip surface. The online version of the article they are summarising [W. Hansel et al., Nature 413 p498 (2001)], gives the correct height of 70-440 micrometres. The micro symbol is included in ISO 8859-1. Unlike the ohm/watt confusion reported earlier (Rolph, RISKS-21.29 and Peuhkuri, RISKS-21.33), millimetres and micrometres have the same dimensions. At least with SI you are always out by a factor of 1000 or more, which readers of Nature should notice. But given what you would have to pay to see that page for yourself, you would think they could afford a proof reader. Rodney Polkinghorne ------------------------------ Date: Tue, 04 Sep 2001 09:50:24 -0700 From: Richard Glover Subject: AOPA's TurboMedical(sm) eases medical application process From: http://www.aopa.org/whatsnew/newsitems/2001/01-3-042.html AOPA's TurboMedicalsm eases medical application process, 24 Aug 2001 AOPA has launched a new, Web-based tool to help pilots prepare to obtain their medical certificates. AOPA's TurboMedicalsm is the first of a series of "intelligent" online forms to come from AOPA. Pilots who use TurboMedicalsm will be less likely to have FAA delay or deny the issuance of their medical certificate. "AOPA's Web site (www.aopa.org) offers more resources to pilots than any other aviation site on the Internet," said AOPA President Phil Boyer. "TurboMedicalsm is an innovative way to use the Web to remove some of the uncertainty of applying for a medical." The innovative online form "interviews" the pilot to ensure that all of the information on FAA's Form 8500-8 (application for an airman medical certificate or student pilot certificate) is filled in correctly. TurboMedicalsm checks the pilot's answers, and flags anything that might cause problems in issuing a medical certificate. "FAA's Aeromedical Certification Division is currently taking up to three months to review medical applications," said Gary Crump, AOPA director of medical certification. "Some 30 percent of those delays are caused by simple errors on the application form." TurboMedicalsm checks for those errors. The online form takes pilots step-by-step through the 20 question areas on the medical application form. For each question, the form explains exactly what FAA is looking for and why it is asking the question. And there are links to AOPA's expansive online medical data for more information. The form provides advice on the best way to answer each question. For example, TurboMedicalsm tells a pilot that it is usually best to apply for the lowest class of medical that you actually need. Under FAA regulations, even CFIs need just a Third-Class medical certificate to provide flight instruction for compensation, although employers may require a higher class of medical. TurboMedicalsm is particularly useful in helping the pilot answer the medication, medical history and medical visit questions. When a pilot answers the question, "Do you currently use any medications?" TurboMedicalsm checks the answer against AOPA's list of FAA-accepted drugs. For example, TurboMedicalsm will tell a pilot that the popular over-the-counter drug Benadryl is acceptable to FAA as long as the pilot waits 24 hours after taking it before flying. But if the drug isn't on the list, TurboMedicalsm will flag it and provide links to more information. There is even a direct email link to AOPA's medical experts so the pilot can ask specific questions. If a pilot answers "yes" to one of the medical history questions, TurboMedicalsm will search for key words in the explanation to be able to provide more information to the pilot. A pilot can skip a question and return to it later. TurboMedicalsm will temporarily store the answers. A pilot can choose how long TurboMedicalsm will store the answers. Once a pilot has completed all of the questions, TurboMedicalsm will review the form for completeness and accuracy. The pilot can then print out a copy to take to the medical examiners office. Pilots should also keep a copy in their personal records. "TurboMedicalsm is an educational, self-help tool to help pilots prepare to complete the medical form in the doctor's office," said Crump. "But for the future, we're working on an 'FAA-approved' version of TurboMedicalsm that you can complete online and email to your FAA designated medical examiner prior to the examination." The 375,000-member Aircraft Owners and Pilots Association is the world's largest civil aviation organization. More than one-half of the nation's pilots are AOPA members. RISKS Comments: 1. I am no expert, but I question the assertion "All of a pilot's answers on the TurboMedical(sm) form remain absolutely confidential. No one but the pilot will ever have access to the medical information. Data is stored on a secured server and data transmissions are encrypted." We have been told *many times* in other contexts that certain medical data is confidential, but absent a doctor-patient relationship, I think this is generally a very tenuous assertion. I am pretty sure there is no doctor-patient relationship created with this form. 2. "[D]ata *transmissions* are encrypted...." (emphasis added) is not synonymous with "the data is encrypted." If the data is stored on a secure server without encryption, it is still readable by anyone with access to the machine. If the data is encrypted where it is stored, only the person (with well-publicized exceptions) with the "keys" can access it. There is a world of difference. 3. The data is stored on a secure server, but I really don't know what that means. I think my IRS data is on a "secured server," but how many stories do we see where that data has leaked out? Medical data is *far* more sensitive to release than financial data, and I am less concerned with interception in transit than I am with security breaches from the server where the data is. 4. If data is stored "on a secured server" for a specific period of time, what becomes of the routine backups made? Are they periodically destroyed? If not, this information is probably obtainable indefinitely. 5. Are the links to the medications database stored? If I check on a medication, is the fact I did so recorded? It probably is on my client, and I wonder what "cookies" are employed. 6. I have not used the system (nor am I likely to), but I wonder what "disclaimers" are associated with using it. This kind of information might fall under the Fair Credit Reporting Act (which can have a very broad reach), and a user might have to authorize far more than what is advertised. The RISKS of this system far outweigh its usefulness. We need a machine to tell us how to fill out a form? If you have medical issues, you discuss them with your *doctor*, and he fills out a form. For a fee, of course, but I for one, am willing to pay a reasonable fee for privacy. ------------------------------ Date: Tue, 2 Oct 2001 11:25:10 +1000 From: Richard Murnane Subject: Ham radios in the aftermath of 11 September 2001 As others have noted, the terrorist attacks of 11th September caused major disruption to land-line and cellular phone communications. What hasn't been widely reported is that 570 Amateur (ham) Radio operators from 35 states and two Canadian provinces provided auxiliary radio communications to relief agencies operating in the affected areas. The lesson is that even the most modern communications technology can fail, and that there is still value in having an independent communications infrastructure, especially when it costs the community little or nothing to maintain it. Richard Murnane, Australian Amateur Radio station VK2SKY ------------------------------ Date: Thu, 04 Oct 2001 12:34:35 +0200 From: Gisle Hannemyr Subject: 11 Sep 2001: Risks of electronic surveillance In the aftermath of the September 11 terrorist attacks on the USA, a special feature on automatic electronic surveillance (i.e. Echelon, Carnivore, spy satellites, and all that) was broadcast by the BBC ClickOnline, hosted by Stephen Cole, Sep. 22). The feature included a lengthy interview with Dr. Kevin O'Brian of RAND Europe about the failure of US intelligence to gather enough information to pre-empt the attacks. Of particular interest to RISKS readers is the following quote from Dr. O'Brian: "We've seen reports that they may have actually been spoofing or misdirecting intelligence services quite knowingly, and that they are aware of the fact that they could use the technology against the intelligence services by sending out false signals by sending out false reports and rumours, by using technology such as mobile phone communications or Internet messages to actually misdirect the intelligence services' gaze away from their attacks." The risks are obvious: The over-reliance on massive computer-based automatic systems for scanning and filtering that has characterised much of US intelligence gathering in the post-soviet era can only be effective as long as the bad guys are not aware of what you are doing. The simple fact that computers systems are rule-based (and AI-systems exceedingly so) permit enemy agents to play clever counter-intelligence games, where plotting the response to certain stimuli can be used to "map out" in detail how an automatic surveillance system will respond to diverse inputs and hence "learn" how to misdirect the system on a massive scale. A human-based intelligence system, in particularly a highly organized one, is of course also vulnerable to this type of attack, but the rule-based nature of an AI-based system makes the attack easier and more reliable - gisle hannemyr ( gisle@hannemyr.no - http://hjem.sol.no/gisle/ ) ------------------------------ Date: Thu, 20 Sep 2001 11:08:04 +0300 From: Amos Shapir Subject: Re: "The Risks Are Obvious" I first learned of the event by connecting to a local news site here, at about 4 p.m. local time (which was 9 a.m. EDT). At first try, the site was down; when I finally got in and looked at the headline "Two Airliners crash on NY's WTC" my first reaction (probably the result of reading too many RISKS issues) was "they let their test page leak out as if it were real news"... It seems that this "this isn't happening" initial reaction was shared by many, even some to whom this was actually happening. This had never happened before, and even though technically possible, the perceived risk of its realization was considered unreal. The main risk is, IMHO, of evaluating the relative costs and benefits of preparing for an eventuality which, by our common sense, is very improbable; while the perpetrators seem to be making their evaluations by a completely different set of priorities and morals. How do we apply "crazy logic" to risk assessment? When do we apply it, and how crazy can we get before making the very notion of assessment senseless? Amos Shapir, Sela Software Labs, Ltd. 14 Baruch Hirsch st., Bnei Brak 51202 ISRAEL Tel: +972 3 6176037 ------------------------------ Date: Wed, 3 Oct 2001 14:11:16 -0400 From: Peter Wayner Subject: Risks of bogus e-mail addresses "FROM: ObL" Sincerely yours, *Not* Osama bin Laden? A Filipino in Belgium ended up in jail after *receiving* a joke e-mail seemingly from Osama bin Laden (but apparently from one of his friends), asking to "stay with you for a couple of days." The man was freed only after a Catholic priest vouched for him as a regular attendee each Sunday. [http://www.vnunet.com/News/1125822] Ah, there's nothing like putting faith in identity, keyword scanning surveillance, and data stored in computers. ------------------------------ Date: Mon, 01 Oct 2001 22:25:03 -0400 From: Steve Bellovin Subject: Remote control of airliners The Associated Press reported on a test of a remotely-piloted 727. The utility of such a scheme is clear, in the wake of the recent attacks; to the reporter's credit, the article spent most of its space discussing whether or not this would actually be an improvement. The major focus of the doubters was on security: But other experts suggested privately that they would be more concerned about terrorists' ability to gain control of planes from the ground than to hijack them in the air. I'm sure RISKS readers can think of many other concerns, including the accuracy of the GPS system the tested scheme used for navigation (the vulnerabilities of GPS were discussed recently in RISKS), and the reliability of the computer programs that would manage such remote control. ------------------------------ Date: Mon, 1 Oct 2001 23:29:14 -0400 From: "Leonard X. Finegold" Subject: Re: Oxygen tank kills MRI exam subject (RISKS-21.67) [Leonard X. Finegold, Physics, Drexel University (3141 Chestnut Street) Philadelphia PA 19104 U.S.A. (215) 895-2740 (allow 5 rings)] Volume 345:1000-1001, 27 Sep 2001, Number 13 Preventable Deaths and Injuries during Magnetic Resonance Imaging To the Editor: In July, a six-year-old child undergoing magnetic resonance imaging (MRI) in New York suffered a skull fracture and intracranial hemorrhage after an oxygen tank that had been brought into the room was pulled into the machine at high speed. He died two days later [1]. Undetected or misplaced metal objects have caused numerous injuries during MRI. Twenty-four of 46 MRI facilities responding to a survey in 1999 (52 percent) reported the occurrence of MRI-related accidents [2]. Large objects involved in such incidents included an intravenous-drug pole, a toolbox, a sandbag containing metal filings, a vacuum cleaner, mop buckets, a defibrillator, and a wheelchair, among others. Five incidents involving oxygen or nitrous oxide tanks, one of which caused facial fractures, have recently been reported [3]. To prevent such incidents, most imaging facilities currently provide safety training to employees and administer patients a standardized questionnaire about implants and other embedded foreign bodies before an MRI examination is performed. Although these efforts prevent many injuries, they are inherently limited. System-wide strategies to decrease the incidence of serious errors are important.4 Safety interventions that work continuously and automatically are generally far more effective than efforts to train large numbers of employees or to enlist the assistance of large numbers of patients. The use of metal detectors over the doors of MRI examination rooms could have prevented every one of the large metal objects listed above from being brought into the MRI rooms and would have prevented the recent death in New York. Highly sensitive walk-through metal detectors, such as those used in airports, are available commercially for about $2,000 to $5,500 and require minimal maintenance. By comparison, a typical MRI unit costs approximately $1.3 million annually to operate and generates net revenues of $1.8 million during use in more than 3000 patients, resulting in an annual net profit of approximately $500,000 [5]. The cost of installing a metal detector could thus easily be paid for with operating revenues. Factoring in liability savings would further decrease real costs. Metal detectors should not replace the screening protocols currently in use, since the detectors may be insufficiently sensitive to detect small implanted metal objects, such as aneurysm clips or cardiac pacemakers. Their installation would, however, be an inexpensive, simple, and potentially life-saving addition to current practice. Christopher Landrigan, M.D., M.P.H. Children's Hospital, Boston, MA 02115 landrigan_c@hub.tch.harvard.edu 1. Chen DW. Boy, 6, dies of skull injury during M.R.I. The New York Times. July 31, 2001:B1, B5. 2. Chaljub G, vanSonnenberg E, Johnson RF Jr. Accidents and incidents in MRI: a questionnaire. AJR Am J Roentgenol 1999;172:Suppl:14-14.abstract 3. Chaljub G, Kramer LA, Johnson RF III, Johnson RF Jr, Singh H, Crow WN. Projectile cylinder accidents resulting from the presence of ferromagnetic nitrous oxide or oxygen tanks in the MR suite. AJR Am J Roentgenol 2001;177:27-30. [Abstract/Full Text] 4. Kaushal R, Bates DW, Landrigan C, et al. Medication errors and adverse drug events in pediatric in-patients. JAMA 2001;285:2114-2120. [Medline] 5. Evens RG, Evens RG Jr. Analysis of economics and use of MR imaging units in the United States in 1990. AJR Am J Roentgenol, 1991;157:603-607. [Abstract] ------------------------------ Date: Fri, 21 Sep 2001 09:58:22 +0100 From: Alistair McDonald Subject: MS Front Page 2002 Licence Agreement Slashdot http://slashdot.org/article.pl?sid=01/09/20/1443226 reports that the latest MS Front Page licence agreement prevents you from any anti-microsoft Web content with it: "You may not use the Software in connection with any site that disparages Microsoft, MSN, MSNBC, Expedia, or their products or services ..." I always click through licences these days, so I wouldn't have read it (not that I'd install Front Page anyway), but what is the world coming to! Is this legal in _your_ country? Alistair McDonald Bacchus Consultancy www.bacchusconsultancy.com [UCITA (RISKS-21.27,45,41) seems to make this legal in those states in which UCITA has passed (at least Virginia and Maryland). Incidentally, The Risks Forum tries to be an equal-disparager forum, but it is worth noting for the record that each issue is prepared using Gnu-emacs on Linux. PGN] ------------------------------ Date: Tue, 02 Oct 2001 00:15:41 -0400 From: "Gene Berkowitz" Subject: Re: Creator of Kournikova virus gets 150 hours ... (RISKS-21.67) "... The American investigation service FBI reported an amount of $166.827 in damages." [Translation from Dutch] Needless to say, I don't think the FBI calculated the damages to the nearest tenth of a cent. As is European custom, the period (.) is used as a thousands separator, while the comma (,) is used as the decimal point. So, is one hundred and sixty-six thousand dollars ($166,827) limited damage? If so, Mr. De W.'s time is apparently worth over one thousand dollars per hour... --Gene Berkowitz ------------------------------ Date: Tue, 2 Oct 2001 11:56:13 -0700 From: Mark Hull-Richter Subject: Re: Hacker re-writes Yahoo! (Stock, RISKS-21.67) Respected news outlets? Respected by whom? And since when does Yahoo! rate? RISK: Assuming that there is such a thing as a "respected news outlet" and that the "news" presented has some resemblance to news (i.e., unbiased information) instead of the usual propaganda. P.S.: Remember, the "liberal press" myth is dead and buried. Mark Hull-Richter, Senior Programmer, Quest Software ------------------------------ Date: Fri, 14 Sep 2001 16:05:21 -0400 From: "Franklin, Wm Randolph" Subject: Trusted Computing, and Embedded and Hybrid Systems - new NSF programs The Computer-Communications Research Division (C-CR) of the Computer and Information Sciences and Engineering Directorate (CISE) of the US National Science Foundation (NSF) is pleased to announce two new programs whose goal is reducing the number of submissions to this valuable newsgroup, comp.risks. For each, the due date is 5 Dec 2001, and $4M-$6M may be available to support 20-25 awards, subject to the usual caveats. ** Trusted Computing (TC), NSF 01-160, http://www.nsf.gov/cgi-bin/getpub?nsf01160 TC seeks to establish a sound scientific foundation and technological basis for managing privacy and security in a world linked through computing and communication technology. This research is necessary to build the secure and reliable systems required for today's and tomorrow's highly interconnected, information technology enabled society. The program funds innovative research in all aspects of secure, reliable information systems, including methods for assessing the trustworthiness of systems. ** Embedded and Hybrid Systems (EHS), NSF-01-161, http://www.nsf.gov/pubs/2001/nsf01161/nsf01161.html Past research in embedded systems has focused primarily on resource-impoverished computational environments: algorithms and software that must execute on memory-, processing-, and power-constrained processors. The computational design was simple and synchronous to maximize effective operating rates, and a great deal of design effort went into optimizing performance under these conditions. As processing speed and data capacity have increased and demands for automation have expanded, the nature of the problem has changed. Now, hard and soft real-time processes must interact, and they may be required to share the same resources. Applications such as distributed control demand communication, which introduces variability in operation. A scientific foundation currently is lacking for systematic development and integration of physical and computational components in embedded systems. This lack is particularly severe for increasingly complex, distributed embedded systems. Empirical reports show that relying on brute-force testing for verification and validation of software for modern embedded systems can push certification costs to at least half the total cost of the software. Scientific principles and supporting technology are needed to assure that requirements are met during development of software-based systems, in order to reduce the cost of evaluating dependability and certifying that a system is fit for operation. NSF investment is critical to sustain, adapt, and expand the National research and development capacity in embedded systems. I am your humble scribe for the programs' officers, who are: * Dr. Helen Gill, Program Director, CISE, C-CR, 1145, 1-703-202-8910, hgill@nsf.gov * Ms. Carmen Whitson, Associate Program Director, CISE, C-CR, 1145, 1-703-292-8910, cwhitson@nsf.gov Please contact them for more info. Wm Randolph Franklin, Program Director Numeric, Symbolic, and Geometric Computation, CISE/C-CR. Room 1145 National Science Foundation, 4201 Wilson Blvd, Arlington VA 22230 1-703-292-8912, fax: 703-292-9059 email: WFRANKLI@NSF.GOV Relevant due dates:, FY02: Regular NSG: Nov 5. Large ITR preproposals: Nov 9, Medium ITR: Nov 13, Small ITR: Feb 7. ------------------------------ Date: Sun, 30 Sep 2001 22:20:49 -0400 From: Jay Kahn Subject: Computer Security Applications Conference + Advance Program 17th ACSAC, 10-14 Dec 2001, New Orleans, Louisiana, USA. The 17th ACSAC Committee is pleased to announce the availability of the Advance Program for the 17th Annual Computer Security Applications Conference (ACSAC) on our web site at http://www.acsac.org. The Advance Program is available in HTML for web viewing and also in PDF format for downloading and printing. If you need a hard copy of the Advance Program, please send your name and mailing address to Publicity_Chair@acsac.org, and we'll mail you a copy. ------------------------------ Date: 12 Feb 2001 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, send e-mail requests to with one-line body subscribe [OR unsubscribe] which requires your ANSWERing confirmation to majordomo@CSL.sri.com . [If E-mail address differs from FROM: subscribe "other-address " ; this requires PGN's intervention -- but hinders spamming subscriptions, etc.] Lower-case only in address may get around a confirmation match glitch. INFO [for unabridged version of RISKS information] There seems to be an occasional glitch in the confirmation process, in which case send mail to RISKS with a suitable SUBJECT and we'll do it manually. .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 20" for volume 20] http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. Lindsay Marshall has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r http://the.wiretapped.net/security/info/textfiles/risks-digest/ . http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/ ==> PGN's comprehensive historical Illustrative Risks summary of one liners: http://www.csl.sri.com/illustrative.html for browsing, http://www.csl.sri.com/illustrative.pdf or .ps for printing ------------------------------ End of RISKS-FORUM Digest 21.68 ************************