Subject: RISKS DIGEST 16.26

Subject: RISKS DIGEST 16.26
REPLY-TO: [email protected]

RISKS-LIST: RISKS-FORUM Digest Wednesday 20 July 1994 Volume 16 : Issue 26

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

***** See last item for information on RISKS (comp.risks) *****

Contents:
IRS (Phil Agre)
Crashed bank teller (Kees Goossens)
HERF Vindication II (Winn Schwartau)
The digital individual (Phil Agre)
Victim on the infobahn (Bill Donahue)
Benefits Agency Smart Payment Card (Shaggy)
Risks of confusing "headlines" with "in depth news" (Bob Estell)
Re: Aircraft Avionic Vulnerabilities (A. Padgett Peterson)
Re: Inmates con jail computer (Amos Shapir)
"Firewalls and Internet Security" by Cheswick/Bellovin (review by Rob Slade)
"The Fool's Run" by Camp (review by Rob Slade)
InfoWar II--First Call for Participation (Mich Kabay)
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.

----------------------------------------------------------------------

Date: Wed, 20 Jul 1994 15:36:55 -0700
From: Phil Agre <[email protected]>
Subject: IRS

The 19 August 1994 New York Times carries a long article about hundreds of IRS
(Internal Revenue Service, the American tax collection people) employees being
disciplined for peeking at tax returns that they shouldn't have been. The
IRS's investigations concluded that the employees' suspicious behavior ranged
from out-and-out fraud to simple curiosity. The discovered the need for
guidelines about which degrees of wrongdoing merited which punishments. The
full reference is:

Robert D. Hershey, Jr., IRS staff is cited in snoopings, New York Times,
19 July 1994, pages C1, C12.

It's one of those stories that can be invoked as evidence for either of two
contradictory positions: that employees' illicit use of personal files is
a serious problem, or that it's not a real problem since the wrongdoers are
getting caught. It's clear that private businesses have the same problems
with illicit peeking at personal information. We might ask whether public
or private organizations have a greater incentive to prevent this kind of
thing. Since information can be copied readily, it's not like pilfering in
a warehouse, where the organization loses capital in a straightforward sense
and thus has a straightforward interest in preventing it. An exception would
be information that is leaked to customers who would otherwise purchase the
information from the organization, as opposed to being leaked to people whose
status or purposes would not otherwise permit them to buy the information
through the front door.

Instead, the organization's interest is generally more indirect, having
primarily to do with its reputation and the reputations of its leaders. In
a society without privacy activists or a free press serving a public that is
aware that its privacy is threatened, I think organizations would have little
incentive to do anything about leaks of personal information. In the society
we have right now, I would suggest that the IRS has a greater incentive to
prevent leaks of personal information than does a credit bureau or other
private information holder, since it is politically much more practical
for the legislature to make the IRS bureaucrats miserable than to make the
officers of private firms miserable. Others may disagree, but the important
thing is to understand the mechanisms which create, or *could* create,
organizational interests in genuinely protecting private information. Fear
of legislation is a good one, but others exist as well.

Phil Agre, UCSD

------------------------------

Date: Tue, 19 Jul 94 10:55:35 +0100
From: Kees Goossens <[email protected]>
Subject: Crashed bank teller

[I presume you call a cash till that does not give cash a TELLER? KGG]
[Well, we might as well for the purposes of this message.
It is certainly not an ASKER! PGN]

Today, in my local branch of Banca di Roma, in central Rome, Italy I
encountered a bank teller which had crashed. These machines allow you to
obtain bank statements but do not dispense cash. The display I encountered
contained a number of error messages (file not found, could not create file,
etc) followed by the prompt (A>). Feeling somewhat guilty, I typed DIR, which
worked and listed a number of executables and some documents. I looked at one
called "fine", meaning "end" in Italian, which contained instructions for the
shutdown of the system. At this point I alerted the lady at the counter: "Are
you aware that your system has crashed and that I can modify whatever I want
in the system?". The latter to emphasise the gravity of the situation; I'm
not sure how much I could have done in practice. This did indeed produce some
alarm, and I was told that there was a systems person who'd take of the
situation. I did not see this person arrive during my subsequent wait in the
queue (which this teller is supposed to diminish btw). As for the cause of
the crash, the computer terminals at the counters were dead at roughly the
same time, perhaps due to a common cause.

Kees Goossens <[email protected]> http://www.dcs.ed.ac.uk/staff/kgg
Dip. di Scienze dell'Informazione, Universita di Roma "La Sapienza", Italy

[A considerable risks would exist if there is a way to crash the
system intentionally in order to reach that prompt... Knowing what
we know about risks, we might suspect that to be the case. PGN]

------------------------------

Date: Mon, 18 Jul 94 11:58:19 -0500
From: "Winn Schwartau" <[email protected]>
Subject: HERF Vindication II

As RISKS readers know, I have ruffled more than a few feathers here in the US
and with foreign governments over the issue of HERF (High Energy Radio
Frequency) interference as a potential weapon system. Recently, RISKS readers
have seen mounting evidenced of anomalous electrical interference behavior at
37,000 feet. Boeing and Apple and others companies have tried to quantify the
phenomenon but EMI and RFI interference is highly elusive.

Maybe the July 18, 1994 issue of the New York Times will shed additional
light. The FBI mounted a whistle blower sting operation against General
Electric with the assistance of one of their engineers who alleged that the
company was improperly grounding its jet engines to the detriment of safety to
both commercial and military aircraft. So alarmed was the Air Force One pilot
that he refused to take off from Rome's airport with President Clinton until
he was assured it was safe to do so.

The GE engineer and whistle blower Ian Johnson, said he discovered the
problems with improper engine grounding in 1989 but was subsequently brushed
aside by his concerns. Engine grounding is critical to proper electrical
performance in the air, and the technique GE uses to insure a quality
connection is called electrical bonding. Is it any coincidence that laptop
EMI stories began about a year later when protable digital electronics became
popular?

As any electrical engineer knows, any connection will introduce a given amount
of electrical resistance (measured in ohms . . . Ohm's law, remember?) into
a circuit. The goal is to approach zero resistance in any connection.
Period. Poor connections not only change the values in the circuit thus
changing the circuit performance, but can also become diode-like and act like
unpredictable rectifiers. Not good.

According to the article, GE engine's electrical bonding should result in an
added impedance (resistance) of 2.5 milliohms (.0025 ohms) but were found to
in some cases exceed 60,000 milliohms (60 ohms) and that is a lot: off by a
factor of 24,000! In my former life as a circuit/systems designer, such an
intolerable error would GUARANTEE a failure.

The need for adequate bonding is clear: make sure that stray electrical
signals such as from lightening bolts or from laptop computers or other
consumer electronic devices do not interfere with the safe and reliable
operation of a 100 tons of metal hurtling through the atmosphere.

GE denies it (what else is new!) and there is bound to be a debate as to
whether there really was an intentional cover-up as stated by Mr. Johnson.

In an interesting side note, the FBI had Mr. Johnson wear a wire (a tap
recorder on his person) over a period of 6 months to get the goods on GE.

I guess this case will take over our minds and souls soon enough, on the "All
O.J. Network."

------------------------------

Date: Sat, 16 Jul 1994 14:09:31 -0700
From: Phil Agre <[email protected]>
Subject: The digital individual

An academic journal called _The Information Society_ has just published a
special issue (volume 10, number 2, April-June 1994) entitled "The Digital
Individual". (I'm the issue's guest editor.) It includes five articles whose
general theme is that people's activities increasingly cast "shadows" onto
the insides of computers. As a result, the whole notion of a human individual
is beginning to change. Everyone has their physical self and surroundings and
possessions, but they also have an elaborate digital aspect to their selves
which follows them around through life. People use their digital shadows in
a variety of beneficial ways, for example in sending messages to mailing lists
like Risks, but they are often managed and controlled through their digital
shadows as well. Since the outcome of this ambivalent situation is neither
all-good or all-bad, it helps to make distinctions and put things in contexts,
and that's what the articles in this special issue try to do. If you would
like to see the full contents and abstracts for the special issue, send a
message that looks like this:

To: [email protected]
Subject: archive send tis-digital

Phil Agre, UCSD

[Remember to sniff it out. The shadow nose! PGN]

------------------------------

Date: 18 Jul 94 21:08:20 EDT
From: Bill Donahue <[email protected]>
Subject: Victim on the infobahn

I learned the other day that I am a victim on the information
superhighway. It's a long story; I'll relate it in hopes that there are folks
out there who have had similar experiences and can tell me about them.
My wife and I had been getting about 15 anonymous calls a day for the
past three weeks. The caller would contact us at all hours, and would never
say anything at all. We were quite rattled because, as it happened, the calls
began coming just as I, a freelance journalist, began work on a murder story
and just as we prepared for the birth of our first child. The unknown man on
the other end of the line was, in our haunted imagination, a crazed murderer
after our new child.
We tried to invoke "Caller ID" to catch our harasser, but this did not
work. Next, we called our phone carrier, US West, and our local sheriff to get
them to look into the matter. We kept a log of all the "harassing" calls, and
asked ourselves who so hated us that they would spend the money to call us via
long distance 15 times a day and hang up each time.
Finally, the other day we got an answer: A computer software firm had
inadvertently entered our number into a database and prompted one of its
modems to keep trying our number, over and over. The lawyer for the company
called me today to apologize for the disturbance his firm had caused us. He
said, "I guess you were just a victim on the information highway. I'm sorry,"
but I was quite struck how minimal this whole thing was on his end (a few
misstrokes on the keyboard) and how massive the disturbance was on our
end--getting woken in the middle of the night, etc.
I'm thinking now of writing a magazine article on our experience, and
am posting for two reasons. First, I'd like to hear from people who, like me,
have become "victims on the infobahn," and second, I'd like to get some
broader perspective. Do people know of any groups which monitor modem-caused
problems? Are you aware of any laws covering such matters, and do you know
how frequently mishaps like mine occur?
Any imput would be greatly appreciated. Thank you,

Bill Donahue 74562,[email protected]

------------------------------

Date: Thu, 14 Jul 94 23:07:36 GMT
From: [email protected] (Shag the Moose)
Subject: Benefits Agency Smart Payment Card

The Benefits Agency (the 65,000 strong government agency responsible for the
administration and payment of welfare benefits in the UK) has announced a new
method of payment system, to be introduced over the next three years
throughout the UK.

Customers will present their personalised smart card to the Post Office, who
will swipe it, do an (as yet unspecified) id check from info held
electronically on the card, and check on-line to the BA office to find out how
much money the person is due. This will replace Girocheques and order books;
a system of 'valuable paper' which has been essentially unchanged since 1948.
The prototype uses a digitised photo and pressure-pad signature.

As the cards will have no inherent value, rough estimates are that payment-
related benefit fraud will be reduced by approximately 90%.

The BA has some 23,000,000 customers at any given time; approximately half
the adult population of the UK. Customers will have an alternative to the
smart card, in the form of ACT payments to their bank.

Shaggy

------------------------------

Date: Tue, 19 Jul 1994 09:30:26 PDT
From: Bob Estell - The Ancient Mariner <[email protected]>
Subject: Risks of confusing "headlines" with "in depth news"

One of the several RISKS of using computers is that ordinary people
(i.e., NOT computer gurus) may tend to listen TOO much to computer gurus.
Why? Probably for reasons akin to why we listen to our doctors or our
auto mechanics: if they are good they know more than we do about something
that is important to us.

OK so far. But we (too many of us) are spoiled to getting news in "sound
bytes" (or their e-mail or paper memo or slide presentation equivalents).
Too many of us do not appreciate the difference between CNN's Headline News
and PBS's McNeil-Lehrer Report; or their computing equivalents, for example
INFORMATIONWEEK and IEEE COMPUTER. Both valuable, but very different.

So we hear one week that ISDN (or some other recent technology) has been
revised and is now thriving; and within a month we hear from some other
guru that the same technology has not lived up to its promise. Promise?
or just hype? not only that, but hype by those same gurus, perhaps a bit
too eager for more clients? or just not reading each other's stuff?
OK, gurus have only 24 hours a day, and can't keep up either.

In early Aug 94, I retire from 34 years of federal service; and will thus
for a while at least be off the InterNet. I'll especially miss RISKS
because it is one of the very few forums that is both current and thorough
which is a tribute to its clients and especially its Moderator.

According to some of these same gurus I am an old dog not able to learn
new tricks; but others say that people like me are a valuable resource.
I believe the latter opinion, not only because it is flattering, but also
because the former may misunderstand the difference between 30 years
experience and 3 years repeated 10 times.

Bob Estell (542 Mary Ann Ave., Ridgecrest, CA 93555)

------------------------------

Date: Wed, 20 Jul 94 10:17:20 -0400
From: [email protected] (A. Padgett Peterson)
Subject: Re: Aircraft Avionic Vulnerabilities (RISKS-16.25)

I have been wearing hearing aids for over twenty years and on numerous
occasions have allowed me to listen to things most people are "deaf" to.

This is made possible by the inductive pickups in my hearing aids, throwing a
switch turns off the microphone and on the inductive pickup & a whole new
world appears.

Just as an example, once upon a time, many people in a particular section of
the building I worked in began complaining of headaches though no reason could
be found. I happened to walk through the area in inductive mode & began to
hear a beeping. Turned out that a RADAR unit at the nearby airbase had become
misaligned and was sweeping the corner of the building. Realignment cured the
headaches.

Through the years I have had many such incidents of being able to identify
electrical problems this way by characteristic "sounds". The point is that the
interior of a commercial aircraft is one of the "noisiest" environments I have
ever encountered with the 400 hz being almost "deafening" and a myriad of
other jingles, jangles, and hums also apparent.

One cannot but think that there must be almost no shielding of any signals in
a modern aircraft and to me the amazing part is not that instruments are
affected by laptops (low amplitude but I can "hear" them) but that they manage
to operate at all in such an electronic bedlam.

Padgett

ps I have no idea what the spectrum of my hearing aids is, just that they
have enabled the detection of too many diverse things to be very limited.
Once they determined that a "haunted" corner in a house was nothing more
than a power box on the other side of the wall.

[Ah, Padgett is an auditory canary, similar to the canary the miners
used to take down with them to provide an early warning on toxic gases!
Think of it as a *gift*. PGN]

------------------------------

Date: 17 Jul 1994 13:29:47 +0300
From: [email protected] (Amos Shapir)
Subject: Re: Inmates con jail computer (Ilieve, RISKS-16.23)

Peter Ilieve <[email protected]> writes:

>`The sophisticated computerised security system was designed to end slopping
>out by allowing one prisoner at a time from each landing to go to the toilet
>during the night. [Sanitation is not the UK prison system's strong point,
>prisoners usually have to make do with a bucket in the corner of the
>cell (...)

This incident demonstrates a far more important RISK than just subverting the
computerized system; the real RISK is that such a system was installed to
solve a problem which should have been solved by a better sewage system!

Amos Shapir, The Hebrew Univ. of Jerusalem, Dept. of Comp. Science.
Givat-Ram, Jerusalem 91904, Israel +972 2 585706,586950 [email protected]

------------------------------

Date: Mon, 18 Jul 1994 01:37:32 -0600 (MDT)
From: "Rob Slade, Ed. DECrypt & ComNet, VARUG rep, 604-984-4067"
<[email protected]>
Subject: "Firewalls and Internet Security" by Cheswick/Bellovin

BKFRINSC.RVW 940502

Addison-Wesley Publishing Company
P.O. Box 520
26 Prince Andrew Place
Don Mills, Ontario
M3C 2T8
416-447-5101
fax: 416-443-0948
Heather Rignanesi, Marketing, x340, [email protected]
or
Tiffany Moore, Publicity [email protected]
Bob Donegon [email protected]
John Wait, Editor, Corporate and Professional Publishing [email protected]
Tom Stone, Editor, Higher Education Division [email protected]
Philip Sutherland, Schulman Series [email protected]
Keith Wollman, Trade Computer Group [email protected]
Lisa Roth Blackman, Trade Computer Group [email protected]
1 Jacob Way
Reading, MA 01867-9984
800-822-6339
617-944-3700
Fax: (617) 944-7273
5851 Guion Road
Indianapolis, IN 46254
800-447-2226
"Firewalls and Internet Security", Cheswick/Bellovin, 1994, 0-201-63357-4,
U$26.95.
[email protected] [email protected] [email protected]

The Internet has a reputation for a lack of security. Those books which
mention security on the Internet generally suggest setting up a firewall
machine in order to protect yourself, but stop short of giving anything
resembling details of how to do such a thing. Cheswick and Bellovin not only
give practical suggestions for firewall construction, they also address other
aspects of Internet security, as well.

Part one gives a basic background, both of security, and of TCP/IP. If you
didn't think you needed security before, you will after reading chapter two.
Part two details the construction of firewall gateways, as well as
authentication, tools, traps, and cracking tools for use in testing the
integrity of your system. Part three discusses attacks, and the logging and
analysis, thereof. The book also looks at legal aspects, secure communication
over insecure links, resources and various helpful information.

Although the book deals specifically with TCP/IP, the concepts, which are the
parts stressed, are applicable to any network-connected systems. This is
probably destined to become one of the security classics within its specialized
field.

copyright Robert M. Slade, 1994 BKFRINSC.RVW 940502

==============
Vancouver Institute for Research into User Security Canada V7K 2G6
[email protected] [email protected] [email protected] [email protected]

------------------------------

Date: Wed, 20 Jul 1994 13:05:39 -0600 (MDT)
From: "Rob Slade, Ed. DECrypt & ComNet, VARUG rep, 604-984-4067"
<[email protected]>
Subject: "The Fool's Run" by Camp

BKFLSRUN.RVW 940428

%A Camp, John
%C 2801 John Street, Markham, Ontario, Canada L3R 1B4
%D 1989
%G 0-451-16712-0
%I Penguin/Signet
%O U$4.95/C$5.95
%T "The Fool's Run"

I very strongly suspect that whoever wrote the screenplay for "Sneakers" read
this first. There is a mob connected corporation. They wish to do some
espionage. They hire a tiger team to do it for them. They try to betray, and
possibly destroy, the tiger team. The team is then forced to "crack" their
former client. There is the same paranoia about the National Security Agency.

I don't know who the technical consultant was for this book, but he, she or it
did an even better job here than Captain Crunch did for the movie. We have
insider information, phone phreaking, database surfing, social engineering and
overconfident systems managers. Chapter thirteen introduces computer viral
programs, and I had to go back and check the copyright date. At a time when
the supposedly technical books were printing absolute garbage, this novel had
the concepts down pat (although slightly shaky on the details).

Probably it won't become a classic in either literature or data security, but a
reasonably fun read, and refreshingly accurate technical details.

copyright Robert M. Slade, 1994 BKFLSRUN.RVW 940428

==============
Vancouver Institute for Research into User Security Canada V7K 2G6
[email protected] [email protected] [email protected] [email protected]

------------------------------

Date: 19 Jul 94 12:22:13 EDT
From: "Mich Kabay [NCSA Sys_Op]" <[email protected]>
Subject: InfoWar II--First Call for Participation

[For further information, contact Mich at [email protected]. PGN]

FIRST CALL FOR PARTICIPATION

Second International Conference on Information Warfare:
"Chaos on the Electronic Superhighway"

Conference Date: Wed 18 January 1995
Conference Locale: Dorval Airport Hilton Hotel
Montreal, Canada

1. INTRODUCTION

Cultures that depend on information systems are vulnerable to Information
Warfare. Attacks on data confidentiality, data integrity and data
availability will damage individuals, corporations and other private
organizations, government departments and agencies, nation-states and
supranational bodies.

It is essential to erect legal, organizational, and cultural defences
against information warfare.

The Second International Conference on Information Warfare will focus on panel
discussions of Winn Schwartau's new book, _Information Warfare: Chaos on the
Electronic Superhighway_, published in 1994 by Thunder's Mouth Press (ISBN
1-56025-080-1).

This announcement serves as a request for participation by those wishing to
appear on panels, those wishing to suggest speakers, and others wishing to be
added to a mailing list (electronic and snailmail) for further details as they
develop.

Panelists will be asked to analyze selected portions of _Information Warfare_
and to present refutations or support for the author's statements, assertions,
predictions, warnings and recommendations.

The Conference will serve the interests of information security
specialists and strategic planners from the corporate world, military
and government circles, and academia. The Press will be permitted
to cover the event, providing opportunities for increased public
awareness of vulnerabilities of the information infrastructure.

The Conference Proceedings will contribute to the national and
international debates about information warfare and the need for
careful planning to avoid disruption by hostile forces as national
and international information highways develop worldwide.

Following recommendations from last year's participants in the First
International Conference on Information Warfare, we have scheduled more free
time for the animated discussion among participants.

Informal discussions will be aided by Special Interest Group signs allowing
people with specific interests to congregate.

The organizers are making a special effort to reach members of the defence
establishments of Canada and the United States. In order to foster the
greatest degree of serious and productive discussion, room has been reserved
for no more than 100 participants.

2. PROGRAM:

07:30-08:30 Registration and Continental Breakfast
08:30-09:00 Keynote Address:Warfare and InfoSec
09:00-10:15 Class I InfoWar: Attacks on Personal Information
10:15-10:45 Break for informal discussions by topic:
Privacy, Cryptography, Laws, Law Enforcement
10:45-12:00 Class II InfoWar: Corporate InfoSec
12:00-13:30 Buffet lunch and informal discussions by sector:
Corporate, Government, Military, Academic
13:30-14:45 Class III InfoWar: Global InfoSec
14:45-15:30 Informal discussions by network technology:
PCs, LANs, WANs, Internet
15:30-16:15 General discussions among panelists and other
participants
16:15-16:30 Closing comments

The official language of the Conference is English.

3. SUBMISSIONS

The Program Committee will select a suitable number of
participants for the panel discussions. Selection will be based on
subjective judgements of who is likely to offer the most thoughtful
and stimulating expositions and analyses of the topics.

Once panelists have been selected, the Program Committee requests
that they submit a brief written analysis of the topic they agreed to
speak on. This one- to ten-page document will be published in the
Conference Handbook and will then appear in the Conference
Proceedings along with additional materials added during the
Conference.

Deadline for consideration as a panelist: 30 Sep 1994.

Confirmation of panel participation: 15 Oct 1994.

Deadline for submissions for inclusion in Conference Handbook:
15 Nov 94.

[Rest deleted. Write Mich for full text. PGN]

------------------------------

Date: 31 May 1994 (LAST-MODIFIED)
From: [email protected]
Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.

The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
Undigestifiers are available throughout the Internet, but not from RISKS.

SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S.
users on .mil or .gov domains should contact <[email protected]>
(Dennis Rears <[email protected]>). UK subscribers please contact
<[email protected]>. Local redistribution services are
provided at many other sites as well. Check FIRST with your local system or
netnews wizards. If that does not work, THEN please send requests to
<[email protected]> (which is not automated).

CONTRIBUTIONS: to [email protected], with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS
MESSAGES in responses to them. Contributions will not be ACKed; the load is
too great. **PLEASE** include your name & legitimate Internet FROM: address,
especially from .UUCP and .BITNET folks. Anonymized mail is not accepted.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.

ARCHIVES: "ftp crvax.sri.com<CR>login anonymous<CR>YourName<CR> cd risks:<CR>
Issue j of volume 16 is in that directory: "get risks-16.j<CR>". For issues
of earlier volumes, "get [.i]risks-i.j<CR>" (where i=1 to 15, j always TWO
digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory
and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye<CR>"
logs out. CRVAX.SRI.COM = [128.18.30.65]; <CR>=CarriageReturn; FTPs may
differ; UNIX prompts for username, password; [email protected] and
WAIS are alternative repositories. See risks-15.75 for WAIS info.
To search back issues with WAIS, use risks-digest.src.
With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html.

FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving
it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info
regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL
RISKS COMMUNICATIONS; as a last resort you may try phone PGN at
+1 (415) 859-2375 if you cannot E-mail [email protected] .

------------------------------

End of RISKS-FORUM Digest 16.26
************************