Subject: RISKS DIGEST 13.86

Subject: RISKS DIGEST 13.86
REPLY-TO: [email protected]

RISKS-LIST: RISKS-FORUM Digest Saturday 24 October 1992 Volume 13 : Issue 86

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
Software Bombs Out -- Ark Royal revisited (Simon Marshall)
Erased Disk used against Brazilian President (Geraldo Xexeo)
The NSF Net cable-cut story (Steve Martin via Alan Wexelblat)
Risks in Banking, Translation, etc. (Paul M. Wexelblat)
Re: 15th National Computer Security Conference (Dorothy Denning)
Re: Vote Early, Vote Often (Louis B. Moore)
T*p S*cr*t (Berry Kercheval)
Book Review: The Hacker Crackdown (David Barker-Plummer)
Filling station POS terminals: credit card users beware! (Steve Summit)
Int Workshop on Fault and Error Models of Failures in Comp Sys (Ram Chillarege)
Computer Security Foundations Workshop VI call for papers (Catherine A. Meadows)

The RISKS Forum is moderated. Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to [email protected], with relevant, substantive
"Subject:" line. Others may be ignored! Contributions will not be ACKed.
The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS,
especially .UUCP folks. REQUESTS please to [email protected].

Vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 13, j always TWO digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1".
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.

For information regarding delivery of RISKS by FAX, phone 310-455-9300
(or send FAX to RISKS at 310-455-2364, or EMail to [email protected]).

ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.

----------------------------------------------------------------------

Date: Sat, 24 Oct 1992 10:55:28 +0000
From: Simon Marshall <[email protected]>
Subject: Software Bombs Out -- Ark Royal revisited (Re:RISKS-13.44)

From Sat 24 Oct 1992 `Guardian', no author given. It is perhaps not too
surprising that this has not received the attention that it deserves, given the
political situation in the UK at the moment. The British Government is
currently in the process of lurching from one crisis to the next. [See Brian
Randell's contribution in RISKS-13.44 for background. PGN]

Computer software blamed as RAF pilot bombs Ark Royal.

An RAF Harrier jump-jet pilot on exchange with the Royal Navy bombed the
carrier Ark Royal, injuring five crew, because of a computer software
anomaly, it was disclosed yesterday. Four of the injured have returned to
work following the [20 April 1992] incident when the 28lb practice bomb tore
through the flight deck and exploded in one of the mess decks. The fifth ...
is still receiving medical treatment.

The incident happened when four Sea Harriers were practicing dropping bombs
on a target towed 600 yards behind Ark Royal during training .... The RAF
Flight Lieutenant, described as highly experienced, lost radar contact twice
with the ship. He `locked on' for a third time just seconds before going
into the loft manoeuvre. He did not know that the automatic aim-off was not
programmed to cut in within such a short period of time because of an anomaly
in the computer software. The bomb was aimed at the ship and not the target.
The pilot will receive a formal warning and training using loft-mode attacks
has been `put into abeyance'.''

What interested me in particular was that, in a roundabout way, the pilot is
being faulted, even though the software is blamed. It is worrying that the
evaluation of the software (which I assume took place) did not pick this up.
Of course, it could well be that the real problem was much more complicated
than the article suggests. It would not be the first time the press has
simplified a story involving modern technology. Does anyone know more on this?
It does, however, bring home the reality that computers control life and death
situations.

Simon Marshall, Dept. of Computer Science, University of Hull, Hull HU6 7RX, UK
Email: [email protected] Phone: +44 482 465181 Fax: 466666

------------------------------

Date: Thu, 22 Oct 1992 18:58:52 GMT
From: [email protected] (Geraldo Xexeo)
Subject: Erased Disk used against Brazilian President

In the investigation of the process against the Brazilian President (Fernando
Collor de Mello), the Federal Police found (and confiscated) an IBM-PC clone in
the enterprises of Paulo Cesar Farias.

In the hard disk of this computer were found dozens of indications of the
corruption of Collor de Mello and P.C. Farias.

The "folklore" that runs in Brazil now is that the disks were actually erased,
but the FP bought in USA a software that allowed the examination of the disk
and the recovery of the files. It seems that this tale is true.

I would like to know which software was used, and what kind of work the FP did.

Jerry / Xexeo

Geraldo Xexeo, CERN - PPE Division, 1211 Geneve 23, Switzerland
FAX: (41)(22)785-0207 [email protected] [email protected]

------------------------------

Date: Tue, 20 Oct 92 00:15:02 -0400
From: Alan Wexelblat <[email protected]>
Subject: The NSF Net cable-cut story

Date: Mon, 19 Oct 92 23:49:18 -0400
From: Doug Humphrey <[email protected]>
Subject: .0045 mbits/sec

Article <[email protected]> Oct 17 23:37
Subject: T3 Cable Cut
From: [email protected] (Steve Martin)

This is to inform you that Merit (NSF) has experienced a fiber cut in
East Orange, New Jersey. As a result of this, JNvCnet's T3 access to the NSF
net is temporarily out of service till repairs can be made.

All traffic to the NSF net is now being routed through the
9.6k backbone node and will be returned to the T3 as soon as possible.

------------------------------

Date: Thu, 22 Oct 92 23:24:34 EDT
From: [email protected]
Subject: Risks in Banking, Translation, etc.

[The following message came from Pandora Berman at MIT via Jerry Leichter
<[email protected]>, John Robinson <[email protected]>, Clark M. Baker) <cmb>, and
originally from Paul M. Wexelblat <[email protected]>, who noted the
original CACM item ... PGN]

I stumbled across this little item in the current (October 1992) CACM:

BANKS UNDERDRAWN... The banking industry spent over a billion dollars on
technology last year, yet they are not even close to employing leading-edge
tools. A new survey ... indicates that over 75% of bank computer programs
are still written in Cobol and 84% of banking software is designed for
mainframes, not PCs. Moreover, 80% of the software used by banks is over six
years old and only 37% of their locations are networked. The report reveals
most banks are simply not investigating new advances in computer applications.
[Communications of the ACM, Vol 35, No 10, NEWSTRACK, p.9]

Here is a rough translation:

BANKS CONSERVATIVE... The banking industry spent over a billion dollars on
technology that works, rather than the latest glitzy play toy. A new survey
... indicates that over 75% of bank computer programs are written in a
language appropriate to the task as opposed to trying to force their models
into the latest Object Oriented fad and 84% of banking software is designed
to run on systems that have low mean time between failures, juggle hundreds
of users, handle huge databases, and push megabytes at high rates, not tiny
little machines that crash with great regularity, are designed for a single
user, if even that, have minuscule disks, and have bandwidth the
approximating that of a sclerotic soda straw. Moreover, 80% of the software
used by banks has been fairly well debugged and only 37% of their locations
are open to attack by thirteen year olds with modems and a lot of time on
their hands. The report reveals most banks are simply not chasing the latest
fad in confuser science and piddling their money away on recoding working
applications unnecessarily.

Paul Wexelblat

------------------------------

Date: Tue, 20 Oct 92 14:41:43 EDT
From: [email protected] (Dorothy Denning)
Subject: Re: 15th National Computer Security Conference (RISKS-13.85)

David Willcox said

Dorothy Denning suggested that anyone using high-level encryption over a public
network be required to register their encryption keys with some agency. This
agency would then distribute the keys when an appropriate court order was
presented. The risks of this are fairly obvious.

I believe this risk can be reduced to about zero. For example, using a
public-key system, your key could be encrypted under the public key belonging
to, say, the Justice Dept. The encrypted key would be given to and held by an
independent agency. But, the key could be decrypted only by Justice. Thus, if
somone gains access to a key held by the key agency, they wouldn't be able to
decrypt it.

To use a key, law enforcers would have to go through these steps:

1. Get a court order.
2. Submit the court order to the key agency and get the encrypted key.
3. Deliver the encrypted key to Justice with the court order; get back
the plaintext key.
4. Take the court order to the service provider in order to activate the tap
and get the bits.
5. Listen in and decrypt the communications.

I believe this scheme is pretty tight. Silvio Micali has evidently invented
another method of safeguarding the keys in a registry, called "fair
cryptography", but I don't know the details.
Dorothy Denning

------------------------------

Date: Tue, 20 Oct 1992 11:09:22 MDT
From: "Louis B. Moore" <[email protected]>
Subject: RE: Vote Early, Vote Often

>It took the action of citizens banding together to file a civil lawsuit to halt
>the abuses after their complaints were rebuffed by the Colorado secretary of
>state's office and the local district attorney.

There is an interesting point related to this particular story. The Colorado
Secretary of State does not have criminal powers. So in the case of vote fraud
like that in Costillo County, the Secretary of State may have to turn the case
over to the District Attorney. The District Attorney may have been elected
with the aid of the vote fraud (s)he is supposed to prosecute. The other
choice of prosecuting authority would be the Attorney General (depending on who
had jurisdiction), another elected official.

It is difficult to see how telephone voting will do anything but further
exploit existing problems in authenticating voters and prosecuting vote fraud.

Louis B. Moore, Systems Programmer, The Children's Hospital of Denver Denver,
Colorado USA 80218 [email protected] +1 303 837 2513

------------------------------

Date: Wed, 21 Oct 92 15:34:30 PDT
From: [email protected] (Berry Kercheval)
Subject: T*p S*cr*t

"Anonymous" mentions in RISKS DIGEST 13.84 that the Department of Defense
conducted an investigation when an message marked "T*p S*cr*t" was found on an
unclassified computer system. (The asterisks are a way of ensuring that the
investigation is not triggered by the words in *his* message, I guess.)

I don't think merely putting the words "Top Secret" in a message is the
problem; putting it in in such a way that it appears to be classified data
*is*.

I have, in the past, held both Department of Energy and Department of Defense
clearances, and if I learned anything it is that the security personnel of both
agencies take their jobs very seriously and do not have much of a sense of
humor where security violations are concerned.

In my initial briefings for these clearances it was emphasized that classified
information must be strictly controlled, and in fact we were given specific
procedures for what to do if we found unattended classified documents lying
around.

It appears that [the author] thinks that the "system wide disclaimers that said
systems are not to be used for classified work" should have been sufficient to
prevent action. I feel that the exact reverse is true -- the appearance of an
APPARENTLY classified message on an insecure* computer is exactly the kind of
security violation that needs to be investigated immediately.

In fact, I can remember one company that sent out "Top Secret" press releases
to their customers -- which included some DoE and DoD sites -- getting an
unpleasant visit from men with dark suits and sunglasses that didn't smile
much. (The gist was "Don't *do* that".)
--berry

------------------------------

Date: Sat, 24 Oct 1992 12:06:23 -0400
From: David Barker-Plummer <[email protected]>
Subject: Book Review: The Hacker Crackdown

"The Hacker Crackdown: Law and Disorder on the Electronic Frontier", Bruce
Sterling, Bantam Books, November 1992, ISBN 0-553-08058-X, 328pp, US$23.

Book Review by Dave Barker-Plummer ([email protected])

"The Hacker Crackdown" is Bruce Sterling's term for a series of seizures of
computer equipment which took place during the summer of 1990. The
circumstances surrounding these raids, the individuals and communities affected
by them, and the consequences for the computing community and society at large,
are the subjects of this book.

Sterling, a cyberpunk author, is at his best when he is telling stories. He
adopts a revelatory style and writes in a tone of wonder and bemusement as
events take one unexpected turn after another. Particularly intriguing is his
telling of the Craig Neidorf/Knight Lightning story. Neidorf was prosecuted
for electronically distributing an edited version of a document copied without
permission from a BellSouth computer. Sterling documents the history of the
document as it was sent across the Internet many times, its publication in the
"Phrack" newsletter, the arrest of Neidorf, the charges against him and the
eventual collapse of the trial. As the story unfolds, one realises that truth
is indeed stranger than even Sterling's bleak cyberpunk fiction.

There are many other stories in the book: the story of Steve Jackson, whose
legitimate games company was raided under sealed warrant, and all of his
computers seized; the story of The Legion of Doom, a group of hackers who
assemble in cyberspace to brag about breaking into computers and sharing stolen
access codes and credit card numbers; the story of the founding of the
Electronic Frontier Foundation by Mitch Kapor, author of Lotus 1-2-3, and John
Perry Barlow, sometime lyricist for The Grateful Dead; and closing the book,
the story of the Computers, Privacy and Freedom conference of 1992, in which
hackers, law enforcement, and civil libertarian groups met to talk about these
issues with unprecedented openness.

Sterling attempts to make these stories take second place to the culture, or
more correctly cultures, of cyberspace. He chooses to structure his book in
four main parts, each dealing with one of these subcultures. While hacker
stories have been told before, this examination of cultures has been neglected,
and Sterling is to be praised for attempting it. However, Sterling does not
seem to comfortable in his self-appointed role. Try as he might, the events
keep overtaking the people, and the book ends up feeling somewhat confused ---
but then the whole subject is rife with confusion: cultural, technical and
ethical.

Although Sterling fails to give it the emphasis it deserves, the main theme of
this book is power. In the first part of the book "Crashing the System",
Sterling describes the power of the telephone companies. From the fledgling
technology of the telephone, through the rise of AT&T, and the significant role
that it played in government and industry, to the break up of the Baby Bells.
The picture that Sterling paints of the contemporary telcos is that of a power
base that is under threat, and which is struggling to preserve its grip on the
power that is being threatened by the more widespread availability of
technology, not to mention the breaking of the economic monopoly. Lest this
sounds like dull reading --- there's not a sentence in this book that can be
described as dull --- I should mention that Sterling brings this history to
life by taking us in detail through the duties of a switchboard operator, and
observing that in the early days of the telephone teenage boys often played
this role until they were found to be "hacking", when they were ejected from
the system. There are intriguing parallels between the time just after the
introduction of the telephone --- which Sterling identifies as the creation of
cyberspace --- and the contemporary era, which represents the settling of that
"place".

The second section of the book, "The Digital Underground", documents the hacker
subculture. Sterling steers a journalistic middle course: on the one hand
stressing the illegality of hacking and debunking the myth of the talented
genius, while at the same time pointing out that the typical hacker is not a
hardened criminal but a teenage boy. Sterling explains the feeling of
technical power for a hacker when he uses a computer to break into a voice mail
PBX, or to break into a password protected system, to gain access to hitherto
inaccessible regions of cyberspace. Sterling makes much of the isolation and
cultural powerlessness of hackers: they are typically teenage boys who grew up
in the Reagan era and have come to believe that all institutions are corrupt,
and who see their computer and modem as weapons against those institutions,
even if it is only to steal insignificant documents, or do no more than
irritate those institutions. He also describes the material available on
"underground" BBSs, illustrating the anarchistic stances adopted by these elite
children of elite families, and debunks the myth that there are "gangs" of
hackers working in concerted effort to bring about the downfall of the
technocracy as we know it, but asserts that their's is typically a solitary
"game". This isolation leads to their need to brag of their exploits to other
hackers, in order to build a reputation, and often thereby to their swift
arrest. Isolation also accounts for the fact that almost every hacker arrested
cooperated fully and informed on his contacts in cyberspace. There is no
hacker community, Sterling implies, and no honour among hackers.

In the third section, "Law and Order", Sterling describes the world of the law
enforcement officers. If one thing comes through from this picture it is that
the law enforcement agencies in this country were/are ill-prepared to
investigate and prosecute computer crime. Sterling remarks that he, a not
particularly computer-literate, author has more computer power in his home than
the typical computer law enforcement officer (of 1990). Sterling describes the
modus operandi of a typical hacker bust, the seizure of everything that looks
like it might be relevant including CDs (that might store data and be disguised
as music CDs), and Sony Walkmen (because they are electronics, I guess). In
his article "Crime and Puzzlement", John Perry Barlow writes "In fairness, one
can imagine the government's problem. This is all pretty magical stuff to
them. If I were trying to terminate the operations of a witch coven, I'd
probably seize everything in sight. How would I tell the ordinary household
brooms from the getaway vehicles?". While Sterling's description of the
problems facing the under-funded, under-equipped and under-skilled government
agencies is sympathetic, he does not seek to justify the excesses in the events
of 1990. He carefully makes and maintains the distinction between hackers from
legitimate computer users, and describes how members of both of these groups
were equally punished by the Hacker Crackdown.

Finally, in "The Civil Libertarians" Sterling describes the response of the
Silicon Valley and Austin computer culture to the strange events of the hacker
crackdown, which culminated in the formation of the Electronic Frontier
Foundation. In this very upbeat section, Sterling describes how the computer
elite used their technological power to network and organize, to seize the
public relations advantage, to file suit in defense of Steve Jackson and Craig
Niedorf and to set themselves up to defend civil liberties in cyberspace. In
the view of the civil libertarians, the hacker crackdown was the first skirmish
in the battle for control of cyberspace. The Electronic Frontier is a new
"place" that is currently being populated and the rules that will govern this
place are up for grabs. The civil libertarians are concerned to guarantee
important rights for the citizenry of cyberspace, in particular: freedom of
expression, freedom of association and privacy: in effect a constitution for
cyberspace.

"The Hacker Crackdown" taught me much about the events of the early 90s and it
is entertaining and provoking by turns. I recommend it highly, for its
discussion of the contemporary struggle for technological power, illustrated by
unbelievable, but true, stories of law and disorder on the electronic frontier.

------------------------------

Date: Wed, 21 Oct 92 13:08:15 -0400
From: [email protected] (Steve Summit)
Subject: filling station POS terminals: credit card users beware!

Today I bought gasoline and discovered that the station had some fancy new
pumps with credit card readers built right in. You can drive up, insert your
card, pump gas, and drive away, without even dealing with a clerk. The pump
prints a little receipt when you're finished.

The problem is the receipt. It comes out behind a small clear plastic door
(presumably the door is to protect the printer from the weather); you have to
slide it open so that you can fish the receipt out, slightly awkwardly, with
your finger. If you don't notice the receipt at all, or if you're in a hurry,
or if you aren't in the habit of saving receipts anyway, you could easily leave
it behind.

On the receipt is printed not only your credit card number and type of card
(VISA, MC, etc.), but also your full name, as retrieved from the magstripe.

If Bonnie S. Thomason happens to read this, you forgot your receipt after
buying 13.855 gallons of unleaded at 7:59 this morning, but I promise I won't
use or disclose your credit card number.

Wandering around checking these receipt slots would be reminiscent of wandering
around checking pay telephone coin return slots, but potentially much more
lucrative.

Besides RISKS, I'm writing a letter to the oil company in question today.

[This is of course an old problem for RISKS readers, but it is perhaps
worth including here as a reminder that it recurs continually. PGN]

------------------------------

Date: Fri, 23 Oct 92 08:51:13 EDT
From: "Ram Chillarege (914) 784 7375" <[email protected]>
Subject: Int Workshop on Fault and Error Models of Failures in Comp Sys.

Abstract Submission : NOVEMBER 2, 1992
Deadline Approaching : ****************

Call for Participation

International Workshop on
Fault and Error Models of Failures in Computer Systems

January 25 - 26, 1993 o Palm Beach o Florida

------------------------------------------------------------------

Sponsor The IEEE Computer Society and
IEEE Technical Committee on Fault-Tolerant Computing

Dates
Abstract Deadline: November 2, 1992
Acceptance Notification: December 15, 1992
Session Foils/Agenda: January 8, 1993
------------------------------------------------------------------

Scope

The importance of understanding Computer System failures, in terms of their
fault and error models, failure patterns, and characteristics cannot be over
emphasized. This understanding is critical in influencing the research and
practice of fault-tolerant computing. It is the kernel upon which evaluation
methods, experimental verification, modeling, algorithms and techniques are
developed. In recent years the relative mix in the causes of outage has
shifted from what it was a decade ago. Studies indicate the dominance of
software as a cause of outage, closely followed by maintenance and environment.
However, the industry lacks data and understanding of faults, errors and
failures in these dimensions - severely impacting the progress of
fault-tolerant computing as a research discipline and a practice.

This workshop is intended to bring together experts from industry, academia,
and government. The goal is to develop the needed insight, define and
calibrate models, and gain knowledge to guide research and practice in
fault-tolerant computing. This workshop will be highly interactive. It will
be run as a workshop, and will not have a conference flavor. It is intended
that at the end of the two day meeting, there will evolve a substantial
accomplishment towards these goals. These results are intended to be the
starting point of a sequel to this workshop, on fault-injection. The
fault-injection workshop, also sponsored by the Technical Committee on
Fault-Tolerant Computing, is planned to be held in Sweden in June 1993.

Submission

To participate in this workshop, submit seven copies (or use email) of a two
page abstract describing the contribution you will make to the workshop. The
program committee will review the abstracts and notify you of your acceptance.
To enhance interaction the attendance at the workshop will be limited to a
maximum of fifty.

Workshop Chair

Ram Chillarege, IBM Research, USA

Program Committee

Bob Horst - Tandem Computers, USA
Ravi Iyer - University of Illinois, USA
Karama Kanoun - LAAS-CNRS, France
Dan Siewiorek - Carnegie Mellon, USA
Yoshihiro Tohma - Tokyo Institute, Japan
Jan Torin - Chalmers University, Sweden

Submit Abstracts to

Ram Chillarege
IBM T. J. Watson Research Center
30 Saw Mill River Road
Hawthorne, NY 10532, USA
(914) 784-7375 Fax: (914) 784-6201
email: [email protected]

Important Dates

Submission Deadline: November 2, 1992
Acceptance Notification: December 15, 1992
Session Foils/Agenda: January 8, 1993

Ex Officio

Jacob Abraham, FTC-TC Chair,
University of Texas, Austin, USA

------------------------------

Date: Fri, 23 Oct 92 18:59:51 EDT
From: [email protected] (Catherine A. Meadows)
Subject: Call for papers, Computer Security Foundations Workshop VI

CALL FOR PAPERS
COMPUTER SECURITY FOUNDATIONS WORKSHOP VI
June 15-17, 1993
Franconia, New Hampshire
Sponsored by the IEEE Computer Society

The purpose of this workshop is to bring together researchers in computer
science to examine foundational issues in computer security, with emphasis on
formal models that provide a framework for theories of security and techniques
for verifying security as defined by these theories.

We are interested both in papers that describe new results in the theory of
computer security and in papers, panels, and working group exercises that
explore open questions and raise fundamental concerns about current theories of
security. Possible topics include access control, covert channels, information
flow, database security, secure protocols, verification techniques, integrity
and availability models, interactions of computer security requirements with
other system requirements such as dependability and timing, and the role of
formal methods in computer security.

The proceedings are published by the IEEE Computer Society and will be
available at the workshop. Selected papers will be invited for publication in a
special issue of the Journal of Computer Security.

Instructions for Participants: Workshop attendance will be limited to
thirty-five participants. Prospective participants should send four copies
of a paper (limit 7500 words), panel proposal, or working group exercise to
Catherine Meadows, Program Chair, at the address below. Please provide email
addresses and telephone numbers (voice and fax) for all authors.
The contact author should be clearly identified.

IMPORTANT DATES: Author's submission: January 29, 1993
Notification of acceptance: March 10, 1993
Camera-ready final papers: April 9, 1993

Program Committee

Marshall Abrams, MITRE John Mclean, NRL
Simon Foley, University College, Cork Jonathan Millen, MITRE
Li Gong, ORA Robert Morris, DoD
James Gray, NRL Ravi Sandhu, GMU
Jeremy Jacob, Oxford Marv Schaefer, CTA

For further information contact:

General Chair
Ravi S. Sandhu
ISSE Department
George Mason University
Fairfax, VA 22030-4444
+1 703-993-1659
[email protected]

Program Chair
Catherine Meadows
Code 5543
Naval Research Laboratory
Washington, DC 20375
+1 202-767-3490
[email protected]

Publications Chair
Joshua Guttman
The MITRE Corporation
Burlington Road
Bedford, MA 01730
+1 617-271-2654
[email protected]

------------------------------

End of RISKS-FORUM Digest 13.86
************************