Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 22.37 RISKS-LIST: Risks-Forum Digest Saturday 9 November 2002 Volume 22 : Issue 37 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at and by anonymous ftp at ftp.sri.com, cd risks . Contents: Lynn Landes' analysis of the 2002 Elections (PGN) Quote on election integrity (Susan Marie Weber) Georgia election memory-card problem (Lillie Coney) Unsupervised biometric scanners more toys than serious security measures (c't via Markus Kuhn) U.S. Navy sites spring security leaks (Lillie Coney) Internet home banking unsafe (Erling Kristiansen) Driver killed in "computer-controlled" AirTrain (Daniel Norton) Man banned from driving after trusting in-car computer (Matthew Bloch) Small things add up (Bill Lamb) Re: 'British' spelling (Christopher Allen) Re: What if ... the pundits had nothing ... (Edward Reid) REVIEW: "Information Assurance", Joseph G. Boyce/Dan W. Jennings (Rob Slade) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 8 Nov 2002 11:30:35 PST From: "Peter G. Neumann" Subject: Lynn Landes' analysis of the 2002 Elections [This item is included in its entirety with the permission of the author.] 2002 Elections: Republican Voting Machines, Election Irregularities, and "Way-Off" Polling Results By Lynn Landes, 8 Nov 2002 "The Republicans will never give up their voting machines," said a top Republican party official to Charlie Matulka, the Democratic candidate for the U.S. Senate seat in Nebraska. This statement was in response to Charlie's very public protest against the conflict-of-interest inherent in the candidacy of Senator Chuck Hagel (R-NE). Hagel has held top executive positions (and still has investments) in companies that owned the machines that counted the vote in Nebraska this election and last. Republicans dominate the voting machine business. So, I expected the Republicans to take back the Senate... amid reports of voting machine "irregularities" in several states and polling results that didn't come close to election outcomes. And with billions of dollars at stake, who could resist the temptation to tweak results? It's duck soup. Dr. Rebecca Mercuri, the nation's leading expert in voting machine technology, says, "Any programmer can write code that displays one thing on a screen, records something else, and prints yet another result." But they do make mistakes as we know from the multitude of reports in this election and past ones. Dr. Mercuri's real fear is that one day the "irregularities" will go away, as programmers learn their clandestine craft all too well. Then how can we tell if the "fix was in?" An examination of exit polling and pre-election polling versus election results could raise a few red flags. We can't use Voter News Service (VNS) this year. VNS is a top-secret private consortium owned by ABC News, The Associated Press, CBS News, CNN, Fox News, and NBC News that has "projected" election night winners since 1964. VNS collapsed camp on election day due to technical problems... they said. Or was it the glare of publicity since the 2000 presidential election that brought the charade to an end? Questions have been raised since its inception, that VNS was a cover for election day vote rigging or other shenanigans. And it was strange that when VNS management made its announcement on Tuesday, they didn't make a big deal over how the shutdown affected the 64,000 temporary employees they claim they hired for this election. Anyway, that leaves us with pre-election polling to ponder. An intensive effort to review and interpret that data is currently underway by Bev Harris and her staff at Talion.com. Meanwhile, I called John Zogby of the highly respected Zogby International. I asked him if over the years he had noticed increased variation between pre-election predictions and election results. Zogby said that he didn't notice any big problems until this year. Things were very different this time. "I blew Illinois. I blew Colorado (and Georgia). And never in my life did I get New Hampshire wrong...but I blew that too." Or did he? This year might instead be a repeat of the 2000 presidential election, when the polls accurately predicted the winner (Gore), but the voting system in Florida collapsed under the weight of voting machine failure, election day chicanery, and outright disenfranchisement of thousands of black voters by Republican state officials. And for those who believed that the new election reform law does anything to protect the security of your vote...think again. The federal standards to be developed and implemented as a result of the new law will be VOLUNTARY. What Congress really did was to throw $2.65 billion dollars at the states, so that they could lavish it on a handful of private companies that are controlled by ultra-conservative Republicans, foreigners, and felons. Let's take a moment to look back rather than forward. In the last several decades the rich have gotten richer and the poor poorer. This is not a formula for a conservative groundswell. Yet both conservative Democrats and right wing Republicans have long enjoyed success at the polls. While, most of Europe still uses paper ballots, voting machines have been in America since 1889. The use of computers in voting technology began around 1964. Today, less than 2% of the American electorate use hand-counted paper ballots. The question is...have elections in America been rigged to slowly, but surely shift power to the right? In the secretive world of voting machine companies, anything is possible. The sad fact is that the legitimacy of government in the United States will remain in question as long as over 98% of the vote is tabulated by machines that can be easily rigged, impossible to audit, and owned by a handful of private companies. Until we get rid of those voting machines, democracy in America may be a distant memory. Lynn Landes is a freelance journalist specializing in environment and election issues on www.EcoTalk.org. Lynn's been a radio show host, a regular commentator for a BBC radio program, and news reporter for DUTV in Philadelphia, PA. Lynn Landes, 217 S. Jessup Street, Philadelphia, PA 19107 (215) 629-3553 / (215) 629-1446 (FAX) lynnlandes@earthlink.net] [Lynn's writings often also run on alternative online media, such as www.CommonDreams.com. She has a Web page for VotingSecurity at http://www.ecotalk.org/VotingSecurity.htm . PGN] ------------------------------ Date: Fri, 8 Nov 2002 23:13:36 -0800 From: "SusanMarieWeber" Subject: Quote on election integrity The right to have the vote counted is infringed, and we have lost the integrity of our voting system, when the ease with which ballots can be manipulated is greater than the ease with which the manipulation can be detected. (Kevin Craig, 2000) www.electionguardians.org [See: Broward vote total short by 104,000 in reporting glitch, Evan S. Benn and Elena Cabral, *Miami Herald*, 7 Nov 2002, for more on the Broward County bulleted item noted in RISKS-22.36.] http://www.miami.com/mld/miamiherald/news/politics/4461857.htm ------------------------------ Date: Fri, 08 Nov 2002 10:22:35 -0500 From: Lillie Coney Subject: Georgia election memory-card problem ELECTION 2002: 2,180 Fulton ballots found late, 67 memory cards misplaced, but shouldn't change results, by Ty Tagami and Duane Stanford, *Atlanta Journal Constitution*, 8 Nov 2002 Fulton County election officials said Thursday that memory cards from 67 electronic voting machines had been misplaced, so ballots cast on those machines were left out of previously announced vote totals. Fifty-six cards, containing 2,180 ballots, were located Thursday. Eleven memory cards still were missing Thursday evening. If the cards could not be found, the votes would be retrieved from the voting machines, election officials said. [Bibb and Glynn Counties each had one card missing after the initial vote count, but the cards were located and counted the next day.][PGN-Excerpted] ------------------------------ Date: Wed May 29, 2002  11:16:20 AM US/Pacific From: Markus Kuhn Subject: Unsupervised biometric scanners more toys than serious security measures An even more fatal blow to off-the-shelf *unsupervised* biometric identification products was given recently by three authors in an article in the well-respected German computer magazine c't: Lisa Thalheim, Jan Krissler, Peter-Michael Ziegler: Körperkontrolle -- Biometrische Zugangssicherungen auf die Probe gestellt.  c't 11/2002, Heise Verlag, ISSN 0724-8679, p 114-, 17 May 2002. An online English translation is now available on http://heise.de/ct/english/02/11/114/ The team tested: * six products involving capacitive fingerprint scanners (Biocentric Solutions, Cherry, Eutron, Siemens and Veridicom) * two optical (Cherry, Identix) fingerprint scanners * one thermal (IdentAlink FPS100U) fingerprint scanner (Atmel FCD4B14 sensor) * Authenticam by Panasonic * an iris scanner that is currently being marketed in the USA and is scheduled to enter the European market in the near future * FaceVACS- Logon, a technical solution for recognizing faces developed by the Dresdner Cognitec AG The authors "were able, aided by comparatively simple means, to outwit all the systems tested" and concluded that "the products in the versions made available to us were more of the nature of toys than of serious security measures" and that "business should not treat the security needs of its customers quite so thoughtlessly". It is worth stressing that none of the deception techniques used are really applicable in a *supervised* two-factor application, for example where a border control or social benefits officer watches someone using the finger or iris scanner in order to confirm the identity information stored in a presented smartcard. The relevance of these attacks to the discussion about the use of biometric features in a national identity infrastructure is unfortunately sometimes misrepresented. I am still convinced that both iris scanning and finger print recognition in a *supervised* scan can be made easily several orders of magnitude more reliable than human photo/face comparisons. What currently marketed sensors lack is a really robust detection technique for whether the detected signal comes from live human tissue, and this still looks very much like an open research problem. Parts of suitable solutions might be: * tests of various involuntary reactions that require significant effort to simulate, for example, is the iris pattern deforming correctly when the pupils contract because of illumination? * test whether the body part is functional, i.e. can the fingerprint be detected from a finger that is typing fluently on a keyboard or can the pupil inside the contracting iris read text at the same time? * is it possible to build low-cost spectrographic cameras/scanners that can distinguish materials and tissues by using hundreds instead of just three (red/green/blue) wavelength bands, etc. Markus G. Kuhn, Computer Laboratory, Univ. of Cambridge, UK mkuhn at acm.org ------------------------------ Date: Fri, 08 Nov 2002 11:48:24 -0500 From: Lillie Coney Subject: U.S. Navy sites spring security leaks A French group known as Kitetoa discovered that files on several Navy Web sites and other sides running IBM's Lotus Domino software were easily accessible. Exposed information included hundreds of trouble tickets since 1989 for the Consolidated Automated Support System; a Naval Supply Systems Command site that enables Navy personnel to order commercial software and internally developed applications -- including records on who registered to use the system and their passwords. The Navy apparently does not feel the information thus compromised was particularly sensitive, but has reportedly taken some systems off the Net and tighter security controls in others. [Source: Wired News, 6 Nov 2002; PGN-ed] Lillie Coney, Public Policy Coordinator, U.S. Ass'n for Computing Machinery Suite 510, 2120 L Street, NW, Washington, D.C. 20037 1-202-478-6124 ------------------------------ Date: Fri, 08 Nov 2002 22:13:48 +0100 From: Erling Kristiansen Subject: Internet home banking unsafe The 28 Oct 2002 edition on the programme "Netwerk" of the Dutch TV station NCRV ran an item on Internet home banking. The programme featured a person accessing his bank account via Internet, and another person with a laptop reading a clear-text transcript of the session. The programme was not very technical, but two hints were given that helped in finding out what was going on: The two persons "were colleagues" (in network terms: were on the same LAN), and the scenario was described as a "man in the middle" attack. I know from own experience that the Dutch home banking system uses a secure web session. A challenge-response authentication device ("token" or e.dentifier) is used to authenticate the user, but this is not relevant to this discussion. Poking around a bit, I found several references to a vulnerability in Internet Explorer 5.0, 5.5 and 6.0. A good explanation can be found at http://www.thoughtcrime.org/ie-ssl-chain.txt I am not an expert in SSL and PKI and such matters. But, in brief, as I understand it, a certification Authority can delegate its authority to somebody else. This is designed to be safe, provided, of course, it is implemented properly. IE skips one step in its implementation of the procedure, essentially allowing somebody who can gain access to the data stream (e.g. by being on the same LAN or having access to a router somewhere along the path) to delegate the certification authority to himself. This, in turn gives the man-in-the-middle access to the data. I am sure this description is not precise, but I hope it catches the essence of the attack. Otherwise, please read the referenced article. I had an e-mail conversation with somebody from the TV programme, who confirmed that "indeed, it is a problem in IE". They did not say this in the programme because "the problem is the responsibility of the banks, not Microsoft". Apparently, their aim was to expose the banks. A few thoughts: It would seem that the problem affects not only home banking but any application using a secure web session. The exploit also highlights that security depends not only on good design, but also on proper implementation. You have to trust the software vendor. Do you?? SPECULATION MODE ON Why is Microsoft reluctant to fix this bug that is present in 3 consecutive versions of IE? In view of the nature of it, it cannot be that difficult to fix. Could it be that they do not want to fix it? Either because they want to exploit it themselves, or because somebody twisted their arm to provide a back door. SPECULATION MODE OFF It is, actually, a very well hidden back door that is not easily discovered unless you have access to the source code, or you know what you are looking for. I wonder how it was discovered. ------------------------------ Date: Fri, 8 Nov 2002 11:22:40 -0500 From: "Daniel Norton" Subject: Driver killed in "computer-controlled" AirTrain I wrote last year (RISKS-21.82) about my concerns of a computer-controlled train (the JFK AirTrain) being installed that would carry hundreds of passengers at speeds of over 60 miles per hour (95 kmh). A test run of the system on 27 Sep 2002 was under manual control with automatic speed regulators deliberately disabled. The train was traveling about 55 miles per hour (90 kmh) when it approached a downhill curve, jumped the track, knocked away 150 feet (45m) of a concrete wall, and tore a gash in the front of the train. Tons of concrete in the train -- used as ballast to simulate passengers -- slid along the floor and crushed the driver to death. As several pointed out in follow-ups to my post last year, the greater RISKS of train systems are human errors, and this recent tragedy seems to support that position. [Of course, in the JFK train test, the driver was posthumously blamed for going to fast. Perhaps that was the speed they had asked him to reach, as part of the test? And who is to blame for not realizing that the ballast should have been anchored down? So, that's what testing is for? A substitute for thoughtful design and operation? PGN] ------------------------------ Date: Sat, 9 Nov 2002 16:59:39 +0000 From: Matthew Bloch Subject: Man banned from driving after trusting in-car computer A man was banned from driving for 6 months and fined £300 + £45 costs after being caught doing 92mph down the A64 in England. "This will now mean commuter belt train travel for my client. The ban will cause all sorts of problems for him at work", said his lawyer. The reason he gave for speeding was that he was late for a business meeting in York, a large city in the North-East, which was caused by a navigation error. After typing "York" into his in-car computer, it dutifully guided him to York, a small village on the opposite side of the country, North-West of Manchester. The man claimed to be "very nervous" when he approached Manchester but trusted the navigation system when it claimed he was "10 miles from York". "When he was driving down the M6 he began to have doubts that it was the right way", said his lawyer, "But he thought 'it must be right, it's a computer'". [Source: *York Evening Press*, 9 Nov 2002] Or maybe he should read comp.risks more often. Or a map of England :-) Matthew Bloch Bytemark Computer Consulting Limited +44 (0) 8707 455026 http://www.bytemark.co.uk/ [If the man had ever eaten Yorkshire Pudding not knowing where to find a York shire, he may have been pudding it mildly. Terrier Hair Out! (The last sentence is a memory test for long-time readers who were reading RISKS in May 1990.) PGN] ------------------------------ Date: Thu, 07 Nov 2002 23:31:49 -0600 From: Bill Lamb Subject: Small things add up My favorite risks are those little things in life that often seem silly simply because they are - no matter how cool and modern they appear. I visit a nearby convenience store daily. Over the past few years I have watched as the owners (a small regional chain) converted its cash register to a system that controlled the gas pumps, too. It was a common practice and one that makes sense, I suppose. Later, I watched as a new computerized register system was installed, one with so many buttons, bells and whistles that the store's constantly rotating staff found the system difficult-to-impossible to learn. Still later, a new check system was added. One writes a check, signs it, hands it to the clerk who then runs it through a machine and hands it back to you. I'm sure there is some very logical reason for this apparent silliness. (I mean, why write a check if they're just going to give it back to you? I've watched countless people ask, "What do I do with it now?") The latest change involved adding a credit/debit card unit to the computerized register system. On the whole, you'd think all of this was pretty nifty. But not really. As I have watched all of this advancement taking place at the store, I have also noticed the lines and waits grow longer and longer. For all the technology they've bought into, the time it takes to service a sale has gone up tremendously. Ever try finding and swiping the bar code of a Sunday newspaper on a crowded counter top? It can be a pain, so much so that the clerks now clip and keep one bar code and swipe the little slip of paper over the reader to avoid the hassle. Credit cards? Wait for clearance, then wait for the ticket to print out, then sign it and get your copy. (Why are those small printers so slow?) Checks? The same: clearance is slower by far than simply putting the check into the cash drawer like they used to. It's bad enough when all the systems work, but when one component fails for whatever reason, the poor clerks, who know nothing about the system, are left to try and try again as the rest of us grow impatient in line. Then today, the ultimate: the entire system died. Nothing worked. At all. People were leaving left and right, but I braved the counter and told the clerk what I wanted. "Uh ... you have the exact change?" she asked. Digging in my pocket, I said, "How much is it?" You guessed it. She didn't know because few of the store's items are priced in English, only via the bar code. And only the computer knew those prices. And it wasn't working. Another example of humans outsmarting themselves. [Ah, yes. We had a big storm. Huge power outages, one still going after 24 hours on Friday evening. I just got back from dinner where the restaurant and a large surrounding area lost power; we were the last folks served from gas burners before the kitchen shut down because of no fans. PGN] ------------------------------ Date: Friday, November 08, 2002 4:39 PM From: "Christopher Allen" Subject: Re: 'British' spelling (RISKS-22.36) In comp.risks, Michael (Streaky) Bacon wrote: > I was raised in Jersey (the Channel Island, not the State). This is part of > the United Kingdom, but not the European Union (confusing isn't it?)... I think you may be mistaken, and in any case it's actually a bit worse than that: Guernsey and Jersey *not* part of the United Kingdom but are dependencies of the Crown and so are, as I understand it, consequently considered to be part of Great Britain. This puts them in a situation opposite that of Northern Ireland, which is part of the UK but not Great Britain. Furthermore, while it's true that the Channel Islands are not part of the EU, my partner - like many Channel Islanders - has an EU passport nonetheless, because of English ancestry. Risks? Assuming that jurisdictions are necessarily concentric... or that "The United Kingdom of Great Britain and Northern Ireland" actually includes all of Great Britain. See also: http://www.fotw.ca/flags/gb-dep.html Christopher Allen, Studio 10, 319 Archway Rd. London N6 5AA U.K. cpcallen-usenet@ruah.dyndns.org http://ruah.dyndns.org/~cpcallen/ [PGN adds Michael Bacon's response: "Mea culpa - I intended to type 'British Isles', it just came out as 'United Kingdom' - sorry. It seems that I suffered an even more severe bout of 'finger trouble', as I also intended to type 'Gaelic' but it came out as 'Celtic'."] ------------------------------ Date: Fri, 8 Nov 2002 15:13:04 -0500 From: Edward Reid Subject: Re: What if ... the pundits had nothing ... (RISKS 22.35) > Modern elections have [...] become opportunities for political analysts to > show off by projecting the results before the votes are counted Of course, much of this prediction is done by projecting from a few reported precincts. Pockets of sanity still exist, however. This from the Gadsden County Times, Quincy FL, 7 Nov 2002, p1: Shirley Knight, supervisor of elections [of Gadsden County], took much of the suspense out of the night, when she opted to wait until all of the votes were tabulated to release them, instead of releasing them as the precincts were counted. "I wanted to keep down any confusion," she said. ------------------------------ Date: Fri, 8 Nov 2002 08:02:44 -0800 From: Rob Slade Subject: REVIEW: "Information Assurance", Joseph G. Boyce/Dan W. Jennings BKIAMOIS.RVW 20021012 "Information Assurance", Joseph G. Boyce/Dan W. Jennings, 2002, 0-7506-7327-3, U$44.99 %A Joseph G. Boyce %A Dan W. Jennings %C 2000 Corporate Blvd. NW, Boca Raton, FL 33431 %D 2002 %G 0-7506-7327-3 %I Butterworth-Heinemann/CRC Press/Digital Press %O U$44.99 800-272-7737 http://www.bh.com/bh/ dp-catalog@bh.com %P 261 p. %T "Information Assurance: Managing Organizational IT Security Risks" The preface states that this book is distinct because 1) it covers concepts and principles (although how this could be a distinctive is somewhat lost on me: many of the chapters relate directly to six of the ten CBK [Common Body of Knowledge] domains), 2) it promotes a defence in depth strategy (hardly unusual in general security works), 3) it attempts to counter the perception of an antagonism between security and operations (fairly conventional), and 4) it points out resources for added information (and how is that unique?) Part one covers the foundational concepts of an organizational IA (Information Assurance) program. Chapter one defines IA in a way that makes it basically the same as any kind of information systems security, and offers vague thoughts on the importance of information. There is a brief review of some basic security concepts (as well as some that are not quite central) in chapter two. Defence in depth is also defined at this point: rather idiosyncratically, it is specified to be in opposition to "security by obscurity" and perimeter defence. Part two is supposed to look at determining the organization's current IA posture. Chapter three purports to help ascertain an IA baseline, but is really just a list of possible security technologies. determining security priorities, in chapter four, talks about data and resource classification, but much of it is vague philosophy, rather than practical advice. While summarized in tables rather than text, chapter five's material on IA posture is just plain, old risk analysis. Part three is presumed to help establish a defence in depth strategy. There is a basic introduction to policies in chapter six. IA management, in chapter seven, is primarily more suited to system administration. Chapter eight's look at IA architecture covers subjects and objects, but has no security models. The text does review threats and various security technologies, and,very strangely, assumes that the OSI (Open Systems Interconnection) network model can be used as a security structure. Operational security administration, in chapter nine, recycles random concepts that have been presented earlier. Configuration management is held to be software change control, and chapter nine also concentrates on "emergency" changes. Chapter eleven's review of the system development life cycle is terse. Chapter twelve, on contingency planning, is extremely terse, and suggests that you have a backup, UPS (Uninterruptible Power Supply) and a disaster recovery plan. The material on training, in chapter thirteen, is both generic and short. Policy compliance oversight is limited to intrusion detection systems, audit logs, and virus scanning, in chapter fourteen. Chapter fifteen's look at incident response is basic and brief. Finally, chapter sixteen examines IA reporting--and suggests that you have a structure for it. This work is yet another attempt at a generic security guide. It has no distinctives. In fact, there are simple security guides for home users that do a better job of explaining the structure, process, and technologies. copyright Robert M. Slade, 2002 BKIAMOIS.RVW 20021012 rslade@vcn.bc.ca rslade@sprint.ca slade@victoria.tc.ca p1@canada.com ------------------------------ Date: 29 Mar 2002 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, send e-mail requests to with one-line body subscribe [OR unsubscribe] which requires your ANSWERing confirmation to majordomo@CSL.sri.com . If Majordomo balks when you send your accept, please forward to risks. [If E-mail address differs from FROM: subscribe "other-address " ; this requires PGN's intervention -- but hinders spamming subscriptions, etc.] Lower-case only in address may get around a confirmation match glitch. INFO [for unabridged version of RISKS information] There seems to be an occasional glitch in the confirmation process, in which case send mail to RISKS with a suitable SUBJECT and we'll do it manually. .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 21" for volume 21] http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. Lindsay Marshall has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r http://the.wiretapped.net/security/info/textfiles/risks-digest/ . http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/ ==> PGN's comprehensive historical Illustrative Risks summary of one liners: http://www.csl.sri.com/illustrative.html for browsing, http://www.csl.sri.com/illustrative.pdf or .ps for printing ------------------------------ End of RISKS-FORUM Digest 22.37 ************************