Subject: RISKS DIGEST 18.44 RISKS-LIST: Risks-Forum Digest Thurs 12 September 1996 Volume 18 : Issue 44 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** Contents: GAO criticizes White House database controls (PGN) Galileo Glitch (Peter Ladkin) Recent KAL 007 discussion (Peter Ladkin) Keeping Your Mouth Open: re: F-15 shootdown (Peter Ladkin) Removal from Lexis' Ptrax database (Betsy P) Encryption's debate-chilling effect on universities? (Lance J. Hoffman) Re: Hidden file info that you do not know about (Edward Reid) Fax machines that tell too much (Christopher J. Bell) Unsolicted e-mail == unsolicited faxes ? (Edward N Kittlitz) "Free Speech" == "Free Speech" ? (Barry Jaspan) Re: AOL curbs incoming spams (Stanton McCandlish, David Allen, Dave Porter) Re: RISK: Dangerous core dumps (Matthew Hunt) Update 3 on GPS battery explosion (David Kennedy) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 11 Sep 96 14:38:49 PDT From: "Peter G. Neumann" Subject: GAO criticizes White House database controls The White House maintains a database of some 20,000 people, and is used for sending greeting cards at Thanksgiving and Christmas, invitations to WH events, and other purposes. The GAO has criticized this database for its inadequate safeguards relating to access controls and lack of audit trails -- making usage monitoring very difficult. Apparently 150 White House employees have authorized access, although only 25 are regular users. [Source: *San Francisco Chronicle*, p.A2, 11 Sep 1996] [I presume the White House staff puts in a few bogus addresses so that they can tell when and how it is being used. I suppose they now also need to worry about a Dick Morris Worm attack. PGN] ------------------------------ Date: Thu, 12 Sep 1996 16:27:31 +0200 From: Peter Ladkin Subject: Galileo Glitch In `Galileo team Wrestles To Keep Second Flyby', Aviation Week and Space Technology, 2 Sep 1996, p56, Michael A. Dornheim reports that `The Galileo orbiter went into "safe" mode on 24 Aug because of a computer error [..] Controllers began sending commands [to restore full operation] on 28 Aug, and the spacecraft and its computer were operating normally again on 29 Aug. [..] The error occurred in a CDS-A processor [..] some [..] data compression software had taken too long to execute, which shut all of CDS-A down. [..] Galileo then automatically entered the safe mode, which put CDS-B in charge and suspended all but basic engineering activities. [..] The cause of the error was not clear [at the time of reporting] [..] Galileo was resending a [Ganymede] image when the problem occurred [..] There are several pieces of data on the [..] recorder that have not been sent yet, and they will be overwritten by the second flyby.' Peter Ladkin ------------------------------ Date: Thu, 12 Sep 1996 16:24:11 +0200 From: Peter Ladkin Subject: Recent KAL 007 discussion (Re: RISKS-18.42) Prompted by a query from a colleague, I searched for "KAL 007" on Altavista http://altavista.digital.com/ to see what recent information had appeared on this major world incident. In this note, I report sources and views of others and add some comments of my own. I am not specifically endorsing any view or assertion here of *what happened* during the incident or its aftermath. Lt. Col. (retd.) Lester W. Grau, of the Foreign Military Studies Office, Ft. Leavenworth, KN, reviews a book on US-USSR relations from 1983-1990 by Don Oberndorfer, a diplomatic correspondent for the WP from 1976, at http://leav-www.army.mil/fmso/books/reviews/turn.htm Grau says that `Izvestia conducted a further investigation of the KAL 007 aircraft downing [..] Mr. Oberndorfer apparently has not read it since his book continues the Soviet myth about warning shots being fired in front of the passenger plane.' The Izvestia article has been translated by Roy F. Cochrun and is available as a zip file at http://www.clark.net/pub/royfc/zip/kal007.zip The translation as well as the Izvestia original is contained in a number of files. (I got this URL from the last line of http://aeroweb.lucia.it/~agretch/RAFAQ/KAL007.html of which the main contents are a couple of messages from rec.aviation.military that do not seem to contain definitive information.) A short summary and endorsement of R.W.Johnson, Shootdown: Flight 007 and the American Connection, Penguin, 1987, is at http://www.pir.org/books.87 Johnson was a young politics Don at Magdalen College, Oxford (where I was in the early 70's). He basically read all the NYT and WP reports concerning the incident and aftermath to piece together a coherent story of who knew what and when in the US executive after the shootdown. The references alone form an essential bibliography for political scholars. I was impressed ten years ago both by his method, and that there was a newspaper which really did contain so much useful information on a regular basis. But I was so much younger then..... http://www.iguide.com/books/reviews/brun.htm is a review by Jacob Levich of Incident at Sakhalin: The True Mission of KAL Flight 007, a recent book by Michel Brun (Four Walls Eight Windows press). Levich says Brun claims that KAL 007 was still airborne 46 minutes after the `officially accepted' shootdown time, and crashed several hundred miles to the south of Sakhalin, not where it was reported to have crashed. `[..] its destruction was not the result of a single botched encounter with Soviet fighters, but part of a two-hour air battle in which at least nine U.S. military planes were shot down; the subsequent cover-up required the covert collaboration of at least four national governments.' Levich thinks this is `firmly grounded in reality' and `accounts for more of the known facts than any "simple" explanation offered so far'. Based only on the above quote, one could really doubt it. However, a much more sober and thorough review of Brun's book appears at http://www.clarityconnect.com/webpages/bookpress/apr96/chase.html Edward R. Chase is former Editor-in-Chief of NYT Books and senior editor at Scribner, and was approached by Brun initially to see if there was interest. Chase introduced Brun to Richard Witkin, former NYT aviation editor, and David Pearson, author of KAL 007: The Cover-up. Chase, via Pearson, put Brun in touch with John Keppel, a retired Foreign Service officer, who collaborated with Brun. According to Chase, Brun's thesis was that KAL007 was a decoy posing as an innocent off-course flight, but was intending to cause the Soviet radars to light up. Such a thesis, I seem to remember, was proposed also by Pearson in a series of articles in The Nation and in his book. Brun's assertion of an air battle is new. Chase says: `Brun's book largely demolishes the U.S. propaganda line. Yet it is impossible for me to agree with all its conclusions. Although I respect his and John Keppel's intent, admire their industry, their skills, and their tenacity, I feel that their work could mislead the public by positing a conspiracy theory that is not credible in key particulars.' Chase continues: `Brun's book makes very onerous reading for the layman. To follow his meticulous analysis of navigational and minute time discrepancies among the various transcripts and reports is a daunting task, rivaling in difficulty interpretations of texts by Kant or Derrida. However, his argument does demolish the official single-intrusion, single-deception, single-shootdown theory. [..] The two black boxes Yeltsin submitted as from KAL 007 in late 1992 and early 1993 are passing strange, apparently phonies, says Brun [..] Brun's proof of the falsity of these black boxes is one of the compelling sections of his argument. [...] the evidence Brun uses to demonstrate that [the] air battle occurred is all circumstantial, painstakingly argued, but, for me and for experts I have queried, unconvincing to say the least. Nor do Brun and Keppel ever clarify the connection between the KAL 007 flight and the intrusion of U.S. military planes around the same time and place. One wishes Brun and Keppel had confined their charge to the persuasive facts they elicit that there was a deliberate intrusion of breathtaking recklessness and stupidity that has been lied about ever since, and that the episode demands full, truthful disclosure.' Chase also reviews: `Another recent book, Warriors of Disinformation by Alvin A. Snyder, an excellent work highly praised by Mike Wallace and Marvin Kalb among others, powerfully supports Brun's charge of government lying in the KAL 007 disaster. [..] Snyder is the official who organised and presented the T.V. account of the shootdown of KAL 007 at the United Nations and then the world, using tape recordings of the Soviet fighter pilot's radio transmissions [..] What Snyder reveals is that the tapes were doctored. [..] Snyder reports that the full transcripts of the tapes show that, contrary to the U.S. allegations at the U.N., the Soviet pilot did fire warning shots, did circle 007 to get its attention, and tilted its wings to force the plane down, after being asked repeatedly by his ground controllers to do so. The Soviets never realised that the airliner was a commercial plane. [..] He also labels as a whopper the lie by U.N. Ambassador Jeanne Kirkpatrick that at no point did the [Soviet] pilots raise the question of the identity of the target aircraft. Snyder's whole book is first-rate, and his integrity comes across as unquestioned.' Chase hopes that Brun's book will trigger Congressional hearings, else we'll have to wait until 2008, when the classified documents will be disclosed. I object to Chase lumping Derrida with Kant. But that of course has nothing to do with KAL 007. In summary, Pearson and Brun seem to agree on the agent provocateur interpretation. Seymour Hersh's idea was an innocent INS missetting in Alaska (plus a lot of consequent coincidences), but I recall he also documented that parts of the USAF knew it had been an accident when it happened, contrasting unfavorably with what Kirkpatrick asserted at the UN. Johnson agrees with this, as far as I remember, and assembles circumstantial evidence that this was known at higher levels. Snyder confirms this interpretation. (I have not read the ICAO report, nor did I find WWW info on it.) Roll on 2008. Or write to your Congressperson. And let us all hope that nothing like this incident ever happens again. Peter Ladkin ------------------------------ Date: Thu, 12 Sep 1996 16:26:42 +0200 From: Peter Ladkin Subject: Keeping Your Mouth Open: re: F-15 shootdown (Mills, RISKS-18.42) I sympathise with Dick Mills's (RISKS-18.42) desire to try to keep inaccurate information on airplane crashes out of the public domain. Robert Dorsett (RISKS-18.43) notes that public discussion is a given, and that even inaccurate discussion can be beneficial. To control disinformation, Mills proposes that people should keep silent until the final accident report is published. I don't see how that could help, and I do think it would hinder. First, the NTSB itself does not follow that procedure. It issues documents at regular intervals. There are frequent press releases, and various information such as CVR transcripts is available before the docket is released. When the docket is complete, it is generally released to the public. This is usually many months before the final report appears. For example, the public docket for the AA965 accident near Buga, Colombia on 20 Dec 1995 was released on 16 Apr 1996. I quote: `The enclosed material contains: factual reports only; no conclusions; no determinations of probable cause. Analysis of the accident will occur at a later date.' (Punctuation mine). Second, any NTSB information may be considered definitive, as may information from many other accident investigation boards. Such authorities do not `speculate'. Valid conclusions may be drawn from this definitive information. A *valid* conclusion cannot be negated by further information, so there is little chance that this will contribute to spreading disinformation. Third, the most common source of invalid conclusions is some sort of `closed-world assumption' (as the logic programmers would call it). That is, assuming that the information one has is *all* the relevant information. For instance, knowing the AA965 pilots didn't know where they were and drawing the conclusion that that was the sole cause of the accident. That is, of course, mistaken reasoning. Better reasoning is to accept that this is one of probably many causal factors and expect others to be discovered. Discussion of the accident on that basis is not inappropriate. At some point, a closed-world assumption must be made (we usually don't consider gremlins hammering bits off the wing as potential causes, pace The Twilight Zone). Such assumptions can be made explicit in any reasoning, as they should be in final accident reports. One should also not forget that much `far-out' speculation bases itself on *not making* the closed-world assumption that others have made (most conspiracy theories, for example). Fourth, `peer review', that is, earnest discussion amongst interested people with various sorts of competence, including dissident opinions, is an accepted method of improving knowledge, both in academia and outside, in many societies. Consider it a psychological or social fact if you will, but it's a fact nonetheless. Fifth, accident investigation boards are necessarily composed of a small number of the available experts in the field. I don't see any reason why other competents should be enjoined to keep quiet if there are things to say. In particular, journalists are in general not technical experts and newspaper reports *will* appear that require discussion - and all too often, it seems, refutation. I don't see why, for example, a timely comment which includes such a refutation should wait until after an accident report. Sixth, there are various interested parties (airplane manufacturers, airlines, pilot associations, air traffic control authorities, other government authorities) who have sensitivities that may conflict with a dispassionate explanation of the accident. Airlines must keep public confidence to continue in business. Pilots and air traffic controllers are sensitive to their statutory responsibility, and pilot unions may feel that they are thereby subject to disproportion blame. Regulatory agencies may be pressured by executive and regulatory branches of government, who can react precipitously to the public's precipitous reaction. Manufacturers are keen that the design and construction of their airplanes cannot be faulted. These alternative goals may skew views of accident causes. I should have thought that careful public discussion should be welcomed from those with some competence and no other goal than to try to clarify what happened. Peter Ladkin ------------------------------ Date: Wed, 11 Sep 1996 16:28:42 -0400 (EDT) From: betsyp@vnet.net Subject: Removal from Lexis' Ptrax database (Re: RISKS-18.43) Spurred by RISKS-18.43, I called Lexis's 800 number to request removal from the Ptrax database. I had to spend about 15 minutes on hold to do so; while I was on hold, a sweet-voiced recording assured me [PGN has inserted here the direct quote, provided by mwexler@Adobe.COM (Mike Wexler):] The Ptrax database contains publically available information. It does not contain any private institution information such as credit card numbers, bank account information or mother's maiden names of individuals. You can not view social security numbers. When I reached a human being and explained that I wanted to be removed, guess what was the only information he requested? All those who said "Your Social Security number" get a prize. Whether or not the SSN is hidden, it seems to be a primary key as far as Lexis is concerned. The SSN is both necessary and sufficient; Lexis makes no attempt to verify that the person calling actually owns the Social Security number. The RISKS, alas, are obvious to everybody except our friends in the database business. [REMARK: The SSN information is actually in the database; a given SSN can be used in queries, but SSNs allegedly cannot be retrieved. PGN] [The 800-number message was reported and commented on variously by mwexler@Adobe.COM (Mike Wexler), adelano@frymulti.com (Art Delano) (although Art was asked for his name, but not his full name!), Jim Babka . PGN] ------------------------------ Date: Tue, 10 Sep 1996 20:06:58 -0400 From: "Lance J. Hoffman" Subject: Encryption's debate-chilling effect on universities? [Lance sent me a long copyrighted article that could be of possible interest to some of you. I omit all of the article. PGN] URL AND COPYRIGHT NOTICE FOR ORIGINAL ARTICLE: Copyright (c) 1996 by The Chronicle of Higher Education, Inc. http://chronicle.com Title: Internet Users Irked by U.S. Restrictions on Encryption: They think the rules compromise academic freedom and hinder efforts to combat on-line forgery Author: David L. Wilson Publication date: 13 Sep 1996 Source: The Chronicle of Higher Education Section: Information Technology Page: A27 ------------------------------ Date: Thu, 12 Sep 96 11:24:40 -0400 From: edward@paleo.greensboro.fl.us (Edward Reid) Subject: Re: Hidden file info that you do not know about (McElhearn, R 18-41) > ... you can save a document under Word which includes previous versions. > [I think this problem has appeared previously in RISKS. PGN] Several times I think ... but the misunderstanding persists. When Word does a "normal" save with minor changes, it does not rewrite the entire document. Instead, it simply appends the changes and whatever information it requires to place them in the document. When working with large documents, especially on slower computers and disks, this makes an enormous difference in the time required to save a file -- a couple of seconds vs half a minute, for example. And since these same small computers adhere to the "save often or lose it" user-hostile paradigm, a faster save means fewer unhappy users. The result is that interpreting a raw dump of a Word file can be quite difficult, and that many third-party programs that read other word processor files cannot read Word files unless you first do a "slow save". Also, deleted text may at times appear in the raw dump. This is mostly unpredictable, and does not consist of a "previous version" being included in the file. Edward Reid ------------------------------ Date: Thu, 12 Sep 1996 11:26:32 -0400 (EDT) From: "Christopher J. Bell" Subject: Fax machines that tell too much I was recently the recipient of a large number of faxes from potential job applicants. Many of the applicants were students and as such used university department fax machines where, presumably, they were required to use their own calling cards to make the long distance call. In a number of cases, the originating fax machine had an automatic field displayed at the top of each page showing the number called. Presented to me quite clearly was a large number of calling card numbers with each user's PIN. Not only is this information displayed to the recepient, but the sender likely has no idea it's being made available. Christopher J. Bell Pivot Computing cbell@pobox.com http://pobox.com/~cbell/ ------------------------------ Date: Thu, 12 Sep 1996 11:50:29 -0400 (EDT) From: Edward N Kittlitz Subject: Unsolicted e-mail == Unsolicited faxes ? According to my rusty memory and 2 minutes of Altavista searching, there is a U.S. Telephone Consumer Protection Act of 1991 which requires: 1) identification of the sender at the top or bottom of the first transmitted page; 2) that unsolicited advertisements shall not be sent without invitation (which can implicitly be based upon the existence of a business relationship). If this Act is not unconstitutional, then it seems that the same type of law can be written regarding e-mail. The motivation is the same: 1) senders should be identified, not allowed to roam ISPs anonymously; 2) the receiver is paying for the cost of the advertisement, both in real terms (paper or message charges) and lost opportunity to receive desired items (out-of-paper, busy phone, mailbox size limits, time required to download junk e-mail which could have been spent looking for online smut or even online shopping at a competitor's web page). ------------------------------ Date: Wed, 11 Sep 1996 18:08:58 -0400 From: "Barry Jaspan" Subject: "Free Speech" == "Free Speech" ? (Herr, RISKS-18.43) After reading Fred Herr's statement, >> The judge's injunction ... seemed to rest on a comparison of free speech >> expressed via the USPS as against free speech expressed via on line >> message services, with the assumption, ... that there is no essential >> difference. I had an interesting thought. Won't it be interesting if the US government (via its combined legislative and judicial authority) declares that "guarantee of free speech" applies to commercial advertisements at the cost of the unwilling recipient but does not apply to non-commercial but "indecent" communications among consenting adults? Somehow, such an outcome does not seem even the slightest bit improbable to me; "inevitable" seems more like it. How depressing. Barry Jaspan ------------------------------ Date: Wed, 11 Sep 1996 13:03:41 -0700 (PDT) From: Stanton McCandlish Subject: Re: AOL curbs incoming spams (Giles, RISKS 18.42) None of that may ever come up. There is already a large pile of case law destroying the notion that First Amendment rights can be cost-shifted. No one owes you a printing press, you cannot send junkmail and expect it to be delivered postage due, and you can't junkfax people. Spamming cost-shifts most or all of the expense of advertising on the receiver. There's no First Amendment issue (other than AOL's right to exercise editorial control over a private service, something the TRO rather runs counter to.) I may not be an attorney, but AOL's case seems very strong. The First Amendment protects expression from interference by government, almost exclusively (there are exceptions, such as private schools having some limits on the censorship they may do of student publications, but these exceptions are very narrow, and are few and far between). AOL isn't the government, and their system is not a public space in the legal sense. The philosophical question of whether AOL ought to have anything to do with restricting email in any way, even on their own service, is an important one - even AOL's internal forums have something of the character of a public, rather than a private, space - but such questions should probably be consciously and clearly separated from discussion of the legalities involved, which don't map very well to the theoretics. Lastly, I think one should applaud AOL for shifting gears toward an individually-customizable filtration model. It's far better to have the choices in the hands of the end user, than in the hands of some intermediary, even if AOL offers some overridable defaults to filter out, like Cyber Promotions. Stanton McCandlish, Electronic Frontier Foundation, Online Activist mech@eff.org, http://www.eff.org/~mech/ ------------------------------ Date: Thu, 12 Sep 1996 06:53:32 -0400 (EDT) From: David Allen Subject: Re: AOL curbs incoming spams (Herr, RISKS-18.43) Fred Herr makes some very good points about the negligible costs of spam versus conventional junk mail, but I think the court erred in its comparison in a critical way when it cited First Amendment protection for spam. While advertisers (and common citizens) have a right to speak, *nobody* can compel us to PAY to listen. While the court would certainly find that corporations have a right to send junk mail or engage in telephone solicitation, they would rule quite differently if the corporations sent mail postage due, or tried to call us collect. The court would rule that we have every right to refuse to pay. Since on-line time costs money to the recipient (no matter how little), the comparison to regular junk mail is not appropriate. More appropriate is the FAX, where the owner of the FAX pays for the paper. Anti-Junk Fax laws were passed to stop "FAX-spamming" if you will, and so far have been found constitutional. I think that legislation along the same lines would be appropriate and constitutional. Personally, I have a *major* problem with corporations being afforded constitutional protections as if they were people, but that is another debate entirely David Allen , Contributing Editor, Internet Underground. dallen@nr.infi.net Columnist, Plan 9 from Cyberspace. See PCNet/MacNet, http://www.manzione.com ------------------------------ Date: Thu, 12 Sep 1996 13:18:43 -0400 From: porter@cachelink.com (dave porter) Subject: Re: AOL curbs incoming spams (RISKS-18.41 et al.) This is a mind-numbingly trivial point, but I haven't actually seen it mentioned anywhere in print: if the spammers are so keen on their "right" to freedom of communication, why is it that the spam I receive seldom has a valid return address? Maybe AOL should reject mail not "because it is spam" but "because it does not contain a valid return address" ? [You should note that rejecting mail just because its return address is bad will lose some mail you really wanted. If RISKS rejected every piece of mail whose FROM: address is not a valid address, I would have fewer legitimate contributions to choose from. But many would-be subscribers get bounced immediately, because I remove their new-subscription address as soon as the acknowledgment bounces. As noted in RISKS-18.39, I am looking forward to the new version of Brent Chapman's majordomo, which will do that automatically. PGN] ------------------------------ Date: 12 Sep 1996 07:35:49 -0400 From: Matthew Hunt Subject: Re: RISK: Dangerous core dumps (Bonfield, RISKS-18.43) > I don't know of any systems that will do this without also changing umask > for all your other files. Linux does: mph124:~$ uname -a Linux mph124 2.0.18 #6 Sat Sep 7 12:49:09 EDT 1996 i486 mph124:~$ umask 022 mph124:~$ sleep 10 & [1] 9679 mph124:~$ kill -11 9679 mph124:~$ [1]+ Segmentation fault (core dumped) sleep 10 mph124:~$ ls -l core -rw------- 1 hunt users 278528 Sep 12 07:34 core mph124:~$ ------------------------------ Date: 12 Sep 96 02:35:59 EDT From: David Kennedy <76702.3557@CompuServe.COM> Subject: Update 3 on GPS Battery Explosion >Extracted by Dave Kennedy [CISSP] National Computer Security Assoc from >C4I-Pro-Digest Tuesday, September 10 1996 Volume 02 : Number 463 >Date: Tue, 10 Sep 96 09:39:00 +6 >From: Potter B MSgt ACC/SCXX >Subject: c4i-pro Update to PLGR Battery Venting Event (Update #3) > Please pass to portable lightweight GPS receiver (PLGR) users. Bottom >line: Shorted diode (or NO diode due to wrong battery), external power, and >lithium battery can be a DEADLY combination. Short-circuit is usual diode >failure mode. > Stay tuned. I'll pass-on updates as I receive them. Please direct >queries to Maj Lockhart, below. [MSgt Bob Potter] > > - - - - - - > >From: Lockhart, David E., Maj CZU[SMTP:LockhaDE@gps1.laafb.af.mil] >Sent: Monday, September 09, 1996 6:37 PM > 9 September, 1996 > [...] >Recommendation: > >When operating PLGRs on external power do not use lithium batteries in the >prime power battery compartment. > >Develop a process that allows operators to use lithium batteries when >operating in the stand-alone or internal power mode, but ensures the removal >of lithium batteries prior to connecting to external power. ------------------------------ Date: 15 Aug 1996 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Or use Bitnet LISTSERV. Alternatively, (via majordomo) DIRECT REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] => The INFO file (submissions, default disclaimers, archive sites, .mil/.uk subscribers, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS ------------------------------ End of RISKS-FORUM Digest 18.44 ************************