precedence: bulk Subject: Risks Digest 22.78 RISKS-LIST: Risks-Forum Digest Saturday 28 June 2003 Volume 22 : Issue 78 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at http://www.risks.org as http://catless.ncl.ac.uk/Risks/22.78.html The current issue can be found at http://www.csl.sri.com/users/risko/risks.txt Contents: Cancer therapy missed tumor sites (John Colville) Fear of flying? You just might be a terrorist! (Dawn Cohen) How Hulk Crushed the Online Pirate (P.J. Huffstutter via Monty Solomon) E-Mail Swindle Uses False Report About a Swindle (Hafner-Flynn via Monty) New bill injects FBI into P2P battle (David Becker via Monty Solomon) RFID Chips Are Here (Scott Granneman via Monty Solomon) Cell-phone tracking (David Lesher) Student arrested for allegedly derailing election (John Reinke) ISP's DHCP servers infiltrated (Tom Van Vleck) Wireless gives poorer nations chance to catch up ... (NewsScan) Big sites hoard links (Monty Solomon) Crossing Dateline a navigational risk (John Elsbury) More erroneous arrests over erroneous ATM clocks (David Lesher) Re: Soyuz landing problem caused by software? (Peter B. Ladkin) Virgin Mobile makes the oldest mistake in the book (Jay R. Ashworth) PayPal fraud, and the importance of grammar (Geoffrey Brent) When spam filters go bad (Laura Miller via Monty Solomon) New State Laws on Privacy (Robert Ellis Smith) Monty Solomon Secure Coding Principles and Practices, Graff/van Wyk (Monty Solomon) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 23 Jun 2003 11:55:00 +1000 From: colville@it.uts.edu.au Subject: Cancer therapy missed tumor sites Ten critically ill patients with advanced lung or esophagus cancer were given radiation therapy to the wrong spot in the past four years, doctors from Prince of Wales Hospital admitted. Eight of those patients (who were all at the end stages of their illness) have died, although none of them reportedly died as a result of the mistake. The rare treatment (1% of the therapy cases) delivers radiation via a flexible catheter to the tumor site and was reportedly off by millimeters -- although centimeter adjustments may be expected to compensate for breathing variances. Two other patients had the same incorrect treatment in 1993 and 1995. (This treatment is apparently used only for incurable cases, to relieve symptoms.) An investigation is under way to determine the extent of the error, which occurred when the wrong details were entered into a computer used to control the delivery of the therapy. [Source: Ruth Pollard, *Sydney Morning Herald*, 21 Jun 2003; PGN-ed, with American spelling] http://smh.com.au/text/articles/2003/06/20/1055828490830.htm John Colville, Department of Computer Systems, University of Technology, Sydney PO Box 123, Broadway NSW Australia 2007 +61-2-9514-1854 colville@it.uts.edu.au ------------------------------ Date: Mon, 23 Jun 2003 15:06:00 -0400 From: "Dawn Cohen" Subject: Fear of flying? You just might be a terrorist! It was reported this morning on Public Radio International's Marketplace program that a company called QinetiQ is trying to market an "intelligent" airplane seat that would detect nervousness in passengers and alert airline staff. Essentially, it sounded like a motion detector and profiler. QinetiQ appears to be a spin-off for Britain's Defense Evaluation Research Agency (sounded like the British DARPA or some kind of government lab, from the story.) I found it interesting that the first half of the story focused on the terrorism potential for this technology, but the rest of the story went on to outline how helpful it could be for personalizing your flying experience. From the report, it sounded like if you squirmed around a lot or shook for some reason, you might be brought to the attention of the crew, as a potential terrorist. Of course, there would be health benefits, as well: if you sat still for too long the crew could warn you to move around a little to avoid blood clots in your legs. And by the way, the intelligent seat would have some kind of card reader that would let the passenger swipe their personal card to pick a movie to see or to specify other flight options. I'm not sure if this is a marketing ploy wrapped as an anti-terrorism product or an anti-terrorism ploy wrapped as a marketing product. Either way, it seems like it has good potential for mis-use. I wonder how many false positives it will take to have the staff turn the system off altogether. I imagine it would be kind of irritating to the crew to have to investigate squirming 2 year olds, people with ADD, people who have various anxiety conditions, people flying to high stakes business presentations, oh yeah, and people who look like they might be from the Middle East, who might just be a little nervous because they've been profiled before. ------------------------------ Date: Thu, 26 Jun 2003 23:57:05 -0400 From: Monty Solomon Subject: How Hulk Crushed the Online Pirate On 25 Jun 2003, Kerry Gonzalez, a 24-year-old New Jersey insurance underwriter, pleaded guilty in a Manhattan federal court to criminal charges of posting a bootlegged early non-final copy of the new movie "The Hulk" on the Internet. He could face a maximum sentence of three years in prison and a fine of $250,000 when he is sentenced Sept. 26 in U.S. District Court for the Southern District of New York. [Source: P.J. Huffstutter, *Los Angeles Times*, 26 Jun 2003] http://www.latimes.com/business/la-fi-hulk26jun26224419,1,1391001.story ------------------------------ Date: Sat, 21 Jun 2003 22:12:36 -0400 From: Monty Solomon Subject: E-Mail Swindle Uses False Report About a Swindle By KATIE HAFNER and LAURIE J. FLYNN, *The New York Times*, 21 Jun 2003 SAN FRANCISCO, June 20 - It was a clever, if not entirely flawless ruse. Many of its potential victims saw through it immediately. Others were less skeptical and were caught in its snare. On Wednesday, starting in the early afternoon, people around the country began receiving an e-mail message with "Fraud Alert" in the subject line. In the guise of concern about a purchase from Best Buy and possible credit card misuse, the message urged recipients to go to a "special" BestBuy.com Web site and correct the problem by entering their credit card and Social Security numbers. E-mail posing as a fraud notice to carry out a fraud - indeed preying on a consumer's fear of being defrauded - is an illegal form of spam, the much-loathed tide of random, unsolicited messages that pours into computer inboxes every day. ... http://www.nytimes.com/2003/06/21/technology/21CARD.html ------------------------------ Date: Sat, 21 Jun 2003 23:45:18 -0400 From: Monty Solomon Subject: New bill injects FBI into P2P battle David Becker, CNET News.com, 20 Jun 2003 A bill introduced in Congress on Thursday would put federal agents in the business of investigating and prosecuting copyright violations, including online swapping of copyrighted works. HR-2517, the Piracy Deterrence and Education Act of 2003, instructs the FBI to develop a program to deter online traffic of copyrighted material. The bureau would also develop a warning, with the FBI seal, that copyright holders could issue to suspected violators. And the bureau would encourage sharing of information on suspected copyright violations among law enforcement, copyright owners and ISPs (Internet service providers). The bill bears the names of two legislators who have been prominent on intellectual property and copyright issues--Reps. Lamar Smith, R-Texas, and Howard Berman, D-Calif. Berman gained attention last year with a bill that would have allowed copyright holders to hack into peer-to-peer networks believed to be distributing protected materials. The new bill also calls for the Department of Justice to hire agents trained to deal with computer hacking and intellectual-property issues, and it requires the Attorney General, in conjunction with the departments of Education and Commerce, to develop programs to educate the public on copyright issues. A lawyer with the Electronic Frontier Foundation said the bill includes a number of troubling aspects, particularly the blurring of distinctions between official prosecution of criminal acts and civil enforcement of copyright provisions. ... http://news.com.com/2100-1028-1019811.html ------------------------------ Date: Fri, 27 Jun 2003 17:49:36 -0400 From: "monty solomon" Subject: RFID Chips Are Here RFID chips are being embedded in everything from jeans to paper money, and your privacy is at stake. [Scott Granneman, Security Focus, 26 Jun 2003] http://www.securityfocus.com/columnists/169 ------------------------------ Date: Sun, 22 Jun 2003 12:05:26 -0400 (EDT) From: David Lesher Subject: Cell-phone tracking IRS Headquarters employee LaToya Taylor vanished after meeting her ex-BF for lunch. Police searching in Southern MD, an hour+ away from DC recovered a body that may be hers. Why look there? The search in Southern Maryland came after police reviewed the records of Taylor's cell phone. They determined that at least one call was made to her cell phone last weekend while it was in the Newburg area; the call was unanswered. This speaks to a level of log retention by cell carriers that has not been admitted to before. The FCC is requiring [RISKS-22.69] "enhanced 911" but in reality such location-tracking can function whenever the phone is powered-up. One wonders how long before divorce attorneys start subpoenaing same, and employers demand access as a condition of employment. ------------------------------ Date: Tue, 24 Jun 2003 12:14:39 -0400 From: "John Reinke" Subject: Student arrested for allegedly derailing election Student arrested for allegedly hacking university computers to derail election Shawn Nematbakhsh, a 21-year-old student at the University of California at Riverside, was arrested for allegedly hacking into a university computer system during student elections and casting 800 votes for his own fabricated candidate (American Ninja). (He told police he was tring to point out that the UCR network was vulnerable.) The election will be redone next month. [Source: Associated Press, 21 Jun 2003; PGN-ed] http://famulus.msnbc.com/famulusgen/ap06-21-053420.asp?t=APNEW Good thing it was a made up candidate. Otherwise they might not even have known! Computer security is an "art" just like brain surgery. But, "anybody" can do it. I just read this and chuckle. Can government do any thing "right". And, some want to run real elections this way? John F. John Reinke, 3 Tyne Court, Kendall Park, NJ 08824 732-821-5850 reinkefj@yahoo.com ------------------------------ Date: Fri, 20 Jun 2003 15:33:15 -0400 From: Tom Van Vleck Subject: ISP's DHCP servers infiltrated http://ask.slashdot.org/article.pl?sid=03/06/19/2325235&mode=thread&tid=126&tid=172&tid=95 "... It turns out, Charter Communications' DHCP servers were infiltrated and were providing p5115.tdko.com as the 'Connection-specific DNS suffix', causing all non-hardened Windows (whatever that means in a Windows context) machines to get lookups from a hijacked subdomain DNS server which simply responded to every query with a set of 3 addresses (66.220.17.45, 66.220.17.46, 66.220.17.47). On these IPs were some phantom services. There were proxying Web servers (presumably collecting cookies and username/password combos), as well as an ssh server where the perpetrators were most likely hoping people would simply say 'yes' to the key differences and enter in their username/password..." Hmm, my cable ISP was down this morning. Maybe coincidence. ------------------------------ Date: Fri, 27 Jun 2003 08:36:17 -0700 From: "NewsScan" Subject: Wireless gives poorer nations chance to catch up ... In a speech prepared for a UN conference on the social implications of wireless communications technologies, UN Secretary-General Kofi Annan declared that wireless Internet access has "a key role to play everywhere, but especially in developing countries and countries with economies in transition... It is precisely in places where no infrastructure exists that Wi-Fi can be particularly effective, helping countries to leapfrog generations of telecommunications technology and infrastructure and empower their people." (Reuters, 26 Jun 2003) http://asia.reuters.com/newsArticle.jhtml?type=internetNews&storyID=2998152 ... But needs to be watched for security breaches Using a laptop with a wireless card outside the main office of a Palo Alto, California school district, a reporter was able to gain access to such data as grades, home phone numbers and addresses, emergency medical information, student photos, and psychological evaluations. Unlike the majority of the district's information, the documents available on this wireless network were not password-protected. Superintendent Mary Frances Callan says: "I don't see this as such a huge news story." The real story, says Callan, is the great progress represented by the network itself, which was made possible by new software purchases, employee training sessions, and technology-use policies. (*Palo Alto Weekly*, 25 Jun 2003) http://www.paloaltoonline.com/paw/paonline/weekly/ morgue/2003/2003_06_25.wire25.html NewsScan Daily, 27 Jun 2003 ------------------------------ Date: Mon, 23 Jun 2003 01:52:25 -0400 From: Monty Solomon Subject: Big sites hoard links *Technology Research News*, 23 Jun 2003 The Internet is scale-free, meaning it is made up of a few nodes, or servers, that have many links, and many nodes with only a few links. It is also a small-world network -- you can get to any node via only a few links among adjoining nodes. University of London researchers have uncovered another clue about the Internet's structure-the rich-club phenomenon. Large, well-connected nodes have more links to each other than to smaller nodes, and smaller nodes have more links to the larger nodes than to each other. ... http://www.technologyreview.com/articles/rnb_062303.asp ------------------------------ Date: Mon, 23 Jun 2003 12:26:42 +1200 From: John Elsbury Subject: Crossing Dateline a navigational risk > Late last week a twin-engined aircraft on a delivery flight from Samoa to > New Zealand - a course a few degrees west of south - missed NZ due to a > navigational error and had to be rescued after they set off their ELB. > They had ended up a long way to the east of New Zealand and, fortunately, > had enough fuel to get to an airport once they had been located by a > samaritan flight. > > The reported cause was "When they crossed the Date Line, they should have > reconfigured the navigation computer for Western Hemisphere coordinates > but did not do so". It seems, then, that on crossing the date line (a > fair distance north of NZ) they started heading as many degrees east of > south as they had hitherto been flying west of south - at least, it looks > that way on the map. > > They were in bad weather, so I can understand not noticing a fairly sudden > change in the relative locations of the moon and stars - but that, surely, > ought to have shown up on the magnetic compass? > > Regards > John Elsbury ------------------------------ Date: Sun, 22 Jun 2003 11:29:52 -0400 (EDT) From: David Lesher Subject: More erroneous arrests over erroneous ATM clocks (RISKS-22.76) By Ruben Castaneda, *The Washington Post*, 22 Jun 2003; Page A01 For nearly a year after Denise Mansfield was strangled in her Prince George's County home last June, police focused their investigation on three female suspects whose identities were a mystery. A surveillance camera videotaped them getting cash from an automated teller machine where Mansfield's missing debit card was used after her slaying. The time of the withdrawal from the dead woman's account, recorded by a bank computer, corresponded to the times stamped on the ATM video of the suspects. ... A SunTrust Bank spokesman declined to comment on the time discrepancy. But Fredrik Nilsson, director of business development for Axis Cameras, which provides video surveillance systems to business and government agencies, said most bank cameras are not synchronized with ATM transactions. The times are set separately and can be off by a few minutes, or even an hour if someone forgets to reset them for daylight saving time, Nilsson said. {and ANOTHER group of victims...but low-tech} The arrests of the three Arizona residents were not the only ones to result from the wrong ATM pictures. Last winter, police charged a pair of sisters from the District with murdering Mansfield after a third sister misidentified them in the surveillance images, which were published in The Post and shown on local TV newscasts. The two were jailed for several weeks, until DNA tests exonerated one of them and the other proved that she had been away on a business trip when the killing occurred. - - - - - This was not the District (RISKS-22.76), rather adjacent Prince Georges County, but the behaviour of the authorities seems virtually identical. [PG is ...noted.. for officer shootings of suspects and unwitnessed confessions, later found untenable. There were allegedly going to be locked cameras installed in the interrogation rooms but I see no mention of same.] In both cases, there was available evidence that the accused had a legitimate reason to be at the ATM. Yet the bank/police did not even LOOK at adjacent transactions in the ATM log? (That would have ID'ed the AZ women immediately.) This after the publicity over the DC mis-identification??? The RISK here is not just faulty timestamps, but faulty analysis of them, and lack of critical thinking by supposedly-expert investigators, and the prosecutors on the case. When dangled a "high-tech" bone, Officer McGruff grabbed the bone and ran, without worrying about other details. Given the growing number of cameras recording our every move, the concept that mere presence near the time of a crime is sufficient to establish guilt unless proven innocent, is downright scary. ------------------------------ Date: Wed, 25 Jun 2003 10:35:56 +0200 From: "Peter B. Ladkin" Subject: Re: Soyuz landing problem caused by software? (Bellovin, Risks 22.74) In RISKS-22.74, Steve Bellovin summarised an article by James Oberg on the Soyuz TMA-1 ballistic reentry on 4 May, 2003. The Oberg article also raised questions of human error. According to the article "Soyuz probe reveals human errors" by Tim Furniss in Flight International, 17-23 June, 2003, p39, the ballistic reentry was caused by a failure in the Busp-M guidance system that controls the normal reentry. Busp-M reads data from gyroscopes and accelerometers and outputs commands to the attitude control system. The yaw control channel "produced undefined readings indicating a malfunction", which resulted in Busp being taken off-line by supervisory control, which switched to ballistic reentry. Busp had performed 49 "flawless" reentries since 1979. The article does not say what caused the "undefined readings". The human errors were unrelated. The crew switched on the Kurs rendezvous-docking system by mistake during reentry; failed to inform search aircraft that they were performing a ballistic reentry; and made mistakes in landing procedures. An earlier *Flight International* article, 3-9 June 2003, p26, reported the change to ballistic reentry as having been caused by a "faulty gyroscope switch". Peter B. Ladkin, University of Bielefeld, Germany http://www.rvs.uni-bielefeld.de ------------------------------ Date: Thu, 19 Jun 2003 20:12:37 -0400 From: "Jay R. Ashworth" Subject: Virgin Mobile makes the oldest mistake in the book My sister got a new cellphone the other day. From Virgin Mobile, though they're reselling SprintPCS's airtime. The e-mail that she got read like this: - ----- Forwarded message follows ------- Date sent: Thu, 19 Jun 2003 04:19:29 -0700 (PDT) From: ourteam@virginmobileusa.com To: nobody@example.com Subject: Virgin Mobile - Your Cell Number and phone programming instructions Hi CINDY, Ready for this? Your Virgin Mobile Phone Number: (727) 123-4567 Your Virgin Mobile Phone's Network ID: 007271234567 (Give your friends your phone number, but keep the super secret Network ID to yourself, you might need it to program your phone… this message may self-destruct.) [ lots of administrivia elided ] Welcome to Virgin Mobile - It doesn't get any easier than this! Enjoy! Virgin Mobile USA If you need to contact us, please call Central Intelligence on (888) 322-1122 or *VM from your Virgin Mobile cell phone, alternatively visit us at www.virginmobileusa.com - ------ End of forwarded message ------- So, did everyone notice the format and contents of that "super secret Network ID"? I've modified it, of course, for this message, but yes, they're the same. Central *Intelligence*? Guess it's just as much of an oxymoron here... Does anyone know Richard Branson's cell phone number? Jay R. Ashworth, Baylink, The Suncoast Freenet, Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274 jra@baylink.com ------------------------------ Date: Wed, 25 Jun 2003 13:28:49 +1000 From: Geoffrey Brent Subject: PayPal fraud, and the importance of grammar In the last four days I've received four e-mail messages purporting to be from PayPal: "Your (sic) As part of our continuing commitment to protect your account and to reduce the instance (sic) of fraud on our Web site, we are undertaking a period (sic) review of our member accounts. You are requested to visit our site by following the link given below." The link is the clickable text "https://www.paypal.com/cgi-bin/webscr?cmd=verification ", but hovering over it and looking at the URL this produces shows that the actual link is http://www.paypal.com@207.44.196.35/~redbarpr/cgi-bin/webscr%3fcmd=verification Something that could very easily be mistaken for a legitimate PayPal site, no doubt set up to steal account details. I think a very similar fraud has been reported on RISKS before, but the text illustrates an interesting point - even when the *technical* side of a scam is well-concealed, frauds often give themselves away by other signs - in this case, a poor grasp of the language. The flip-side to this is that legitimate businesses do well to maintain high standards of presentation, because it makes it easier to distinguish them from most scammers. ------------------------------ Date: Sun, 22 Jun 2003 01:49:33 -0400 From: Monty Solomon Subject: When spam filters go bad Trying to block junk mail, my cable modem company installed a system that prevented me from getting my REAL mail -- and when I complained, insisted it was all for the good of the System. - - - - - - - - - - - - By Laura Miller, 19 Jun 2003 "The equivalent of treating dandruff by decapitation": That's what Frank Zappa, testifying before a Senate committee in 1985, called the censorship plans of the Parents Music Resource Center. In the annals of overreaction, draconian measures tend to spring from mind-muddling passions -- in the case of the PMRC, parental desire to protect the young from nastiness. But when it comes to passion, even our darkest, most primal instincts can hardly compare to the raw fury that people have come to feel toward spam. So e-mail users, beware: It's time to watch your head. I can testify from personal experience that the cure has finally become worse than the disease. In June, the company that provides my cable modem service, Road Runner, installed a superaggressive new set of spam blockers on its e-mail servers. Late in the first day of the blockers' activation, I suddenly noticed that I hadn't gotten any e-mail at all in nearly three hours. No e-mail from Salon colleagues or from friends and, most puzzling of all, no e-mail from the editor at the New York Times with whom I'd been corresponding all morning about a freelance piece I was writing for her. I gave her a call. ... http://www.salon.com/tech/feature/2003/06/19/spamblockers/ ------------------------------ Date: Thu, 19 Jun 2003 10:52:36 -0400 From: "Robert Ellis Smith" Subject: New State Laws on Privacy Privacy Journal has published the latest supplement to its "Compilation of State and Federal Privacy Laws," showing a huge increase in state anti-spam laws and do-not-call telemarketing laws. A total of 34 states have passed new laws limiting bulk electronic-mail advertising, according to Privacy Journal's new listing, which includes a description and legal citation for each law. Most states require that "spam" be labeled as advertising and provide a means to get off an e-mail ad list. Other laws are more stringent, making some "spam" a crime or requiring an advertiser to consult a do-not-e-mail list maintained by the state. The Compilation of State and Federal Privacy Laws 2003 Supplement lists shows 26 state laws requiring telemarketers to consult a state-maintained do-not-call list. Some state lists will be merged with a new federal database beginning in late summer this year. The book and 2003 supplement are available for $31 plus $4 handling from Privacy Journal, PO Box 28577, Providence RI 02908, 401/274-7861, fax 401/274-4747, privacyjournal@prodigy.net, www.privacyjournal.net. The 2003 supplement alone costs $21 plus $4. For three years, only the three states with the most intense Internet activity - California, Virginia, and Washington - had anti-spam laws, but now nearly three-quarters of the states have enacted some limits. ------------------------------ Date: Fri, 27 Jun 2003 20:33:26 -0400 From: Monty Solomon Subject: Secure Coding Secure Coding: Principles & Practices By Mark G. Graff, Kenneth R. van Wyk June 2003 0-596-00242-4, Order Number: 2424 224 pages, $29.95 US, $46.95 CA, £20.95 UK Despite their myriad manifestations and different targets, nearly all attacks on computer systems have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access. Secure Coding: Principles & Practices looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. http://www.oreilly.com/catalog/securecdng/ http://www.oreilly.com/catalog/securecdng/desc.html ------------------------------ Date: 30 May 2003 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, send e-mail requests to with one-line body subscribe [OR unsubscribe] which requires your ANSWERing confirmation to majordomo@CSL.sri.com . If Majordomo balks when you send your accept, please forward to risks. [If E-mail address differs from FROM: subscribe "other-address " ; this requires PGN's intervention -- but hinders spamming subscriptions, etc.] Lower-case only in address may get around a confirmation match glitch. INFO [for unabridged version of RISKS information] There seems to be an occasional glitch in the confirmation process, in which case send mail to RISKS with a suitable SUBJECT and we'll do it manually. .UK users should contact . => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES: http://www.sri.com/risks http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue] Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r http://the.wiretapped.net/security/info/textfiles/risks-digest/ . http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/ ==> PGN's comprehensive historical Illustrative Risks summary of one liners: http://www.csl.sri.com/illustrative.html for browsing, http://www.csl.sri.com/illustrative.pdf or .ps for printing ------------------------------ End of RISKS-FORUM Digest 22.78 ************************