Subject: RISKS DIGEST 17.10
REPLY-TO:
[email protected]
RISKS-LIST: Risks-Forum Digest Sunday 30 April 1995 Volume 17 : Issue 10
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, etc. *****
Contents:
Metromover inner loop back on line (Charles P Schultz)
Radar-detector messages & cop-car computers (Mark Seecof)
AOHell (Simson L. Garfinkel)
Terrorism and telecommuting (Tim Kolar)
CyberWinter: A Forecast (Richard K. Moore)
Privacy directory (Simson L. Garfinkel)
Re: Lotus Notes authentication protocol challenged (Charlie Kaufman)
Re: Floating-Point Time (David Cline, Bill Hopkins)
Re: Digital libraries (Shannon Nelson, Michael D. Sullivan)
Clipper paper available for anon FTP (Michael Froomkin)
Advanced Surveillance, Call for Papers (Dave Banisar)
ABRIDGED Info on RISKS (comp.risks) [See other issues for full info]
----------------------------------------------------------------------
Date: 28 Apr 95 08:22:57 -0600
From:
[email protected]
Subject: Metromover inner loop back on line
Miami's Metromover was running again Wednesday afternoon after the downtown
inner loop was closed for more than two days because of "phantom" trains on
the track. Trains began rolling again on the 1.9 mile inner loop at 12:19
p.m. The rest of the 4.4-mile system - an outer loop and extensions north to
the Omni International Mall and south to Brickell - was not affected.
Metro-Dade Transit Agency technicians attributed the problem to a faulty
transmitter in a computer. Manny Palmeiro, a MDTA marketing manager, said
the system detected trains when none were on the tracks.
"Phantom" trains have been a recurring Metromover glitch, one of a long
string of computer and other electronic and electric problems plaguing the
system. MDTA disclosed last week that in the spring and fall, sunshine
sometimes trips safety sensors that detect the presence of trains. Those
sensors are being realigned to shield them from the sun.
Last month, MDTA managers warned that Metromover glitches likely will not go
away soon. In fact, they said glitches may well be a permanent fixture of
the nation's largest and most elaborate downtown automated rail system.
[Source: *Miami Herald*, 27 Apr 1995]
------------------------------
Date: Thu, 27 Apr 1995 19:22:22 -0700
From: Mark Seecof <
[email protected]>
Subject: Radar-detector messages & cop-car computers
At page 91 of the April 1995 Law and Order magazine (v.43 no.4) in the
"Police Equipment News" section a short item describes a "Collision
avoidance system" which "takes advantage of the millions of radar detectors
in civilian use." Basically, the system requires police cruisers and other
emergency vehicles (e.g., ambulance) to be equipped with microwave
transmitters designed to set off speed-radar detectors. Drivers will
presumably react to radar-detector alerts by looking around, improving the
chance that they will see and yield to or avoid a vehicle using lights &|
siren to claim right-of-way. The detector vendor Cobra Electronics
developed the system and sells detectors capable of decoding short text
messages from the alerting signal. Cobra's present CAS transmitters can be
programmed to send either "Emergency Vehicle" (moving vehicle) or "Road
Hazard" (vehicle stopped on highway) and the scheme allows for other
messages.
I'm not sure how to score the risks here. I admire the elegance of
regarding existing radar detectors as general-purpose warning receivers, and
the message encoding is icing on the cake. (I applaud the designers for
using an open and flexible alphameric code to permit arbitrary message
content.) On the other hand, the transmitters will ``pollute the channel''
(degrade S/N ratio) in a sense, making it harder for drivers to detect
``real'' radar threats. So long as police confine system use to emergencies
I think it's great. If the system gains wide use, auto makers could put
alert-receivers into vehicles at the factory (such receivers need not serve
as general radar-detectors; they could discriminate warning signals by their
alphameric code content).
An article in the same magazine at page 77 by Tom Yates titled "Magic Patrol
Cars: Police Travel Information Superhighway" suggests in glowing terms the
many benefits to be had from increasing the computerization of patrol cars.
I think the author reveals a certain naivete. For example he writes of one
in-car machine: "the system is easy to learn because the software operates
under the computer industry standard MS-DOS/Windows operating systems. To
make the system even faster dedicated function keys minimize the number of
keystrokes required for a given operation such as calling up information,
editing data, or initiating system functions." He's describing a system to
be used while the patrol car is moving. Considering how the car may lurch
around I wonder if users will get in trouble by sometimes striking the wrong
function key? Later in his column Mr. Yates (who, I should point out, is a
good writer and clearly an expert on police vehicles and operations--if
still on middle of the computer learning curve) discusses engine computers
and suggests that they will be improved to offer very sophisticated
variations in performance for different (e.g., cruising, pursuing)
situations. I'm sure many RISKS readers would wait, as I would, for the
second or third software release...
Mark Seecof <
[email protected]> [all usual disclaimers implied]
------------------------------
Date: Fri, 28 Apr 1995 15:27:59 -0400
From:
[email protected] (Simson L. Garfinkel)
Subject: AOHell
(C) 1995 Simson L. Garfinkel
Originally appeared in The Boston Globe, April 21, 1995
[Reproduced in RISKS with the author's permission]
It's 10:00 P.M. on a weekend night, and some obnoxious guy in the
America Online Chat Forum won't shut up. What do you do?
You give them the finger, of course. And if that doesn't work, you
can always shoot them.
Want everybody in the chat room to shut up so you can talk? Just
click the button labeled "Ghost," and the screen will clear away
everyone else's comments, giving you space to make yourself heard.
You won't find these features on America Online's standard set of menu
options. But they are part of a new anti-AOL program called AOHell
that's making the rounds on some electronic bulletin board systems.
AOHell can do more than make mischief in America Online's chat rooms:
the program has a number of devilish features that seem designed for
turning online lives into living nightmares.
Armed with AOHell, one user can send dozens, or hundreds, of electronic mail
messages to an unwitting victim in just a few seconds, a technique known as
"mail bombing." AOHell can also mail bomb the victim's fax machine and even
his US mailbox. And what if you really don't like another subscriber? Just
click on the "Punt" command and you'll abruptly log them off, thanks to an
apparent bug in America Online's operating software.
Why would someone develop such a program and give it away for free over the
Internet?
"I hate the staff on AOL for one, I hate most of the people on AOL for
another, and I wanted to cause a lot of chaos," explains one of the
anonymous authors of AOHell, who identifies himself only as Da Chronic, in
the program's instruction manual.
Indeed, AOHell's worst punches seem to be aimed directly at America Online
itself.
AOHell has a nefarious system built into it for generating fictitious
credit-card numbers. According to users, the program can make free accounts
that last up to 10 hours of online time or one week, whichever comes first.
For users with high bills for the nation's second-largest online service,
AOHell has the ability to let users download files for free.
"Any member using AOHell will have their account immediately terminated,"
says Margaret Ryan, a spokesperson for the company.
AOHell is a piece of software for engaging in illegal activities, sometimes
called banditware, which runs in conjunction with America Online's
communications software for Windows-based computers. It appears to be the
first time that such a program has been written to directly attack one of
the nation's large online services.
Some of the AOHell's abilities appear to exploit bugs in the America Online
system, while others, such as the ability to display a raised middle finger
in a chat room, seem to merely simulate an extremely rapid typist. Ryan
wouldn't say if AOL has any technical fixes in the works that would prevent
the program from functioning properly.
Indeed, Ryan doesn't even know who wrote AOHell.
Although AOHell's author has chosen to remain anonymous, a built-in feature
allows AOHell users to send bug reports to the program's author. Those
reports get sent to a computer in Finland called an anonymous remailer,
which allows people on the Internet to exchange electronic mail without
knowing each other's identities.
"If you think AOH 2.0 is marvelous, wait until you see 3.0," wrote the
program's author, in response to an electronic mail message. "I'm almost
finished with it and it will make version 2 look like a Commodore 64
program, to say the least."
------------------------------
Date: Fri, 28 Apr 95 23:24:31 PDT
From: Tim Kolar <
[email protected]>
Subject: Terrorism and telecommuting
In the aftermath of the recent tragedy in Oklahoma, there have been several
reports of government agencies allowing at least temporary telecommuting
arrangements for their employees.
One wonders if widespread telecommuting could alleviate this kind of
problem completely.
Individual attacks and attempts to disrupt the communications backbone are a
possibility, but I'm not sure there's much to attract terrorists in either of
them. Harrassing individuals hasn't done much for the so-called "Unabomber",
and disruption of telephone service is more an annoyance than something to
live in terror of.
In any case, I like the sound of "everyone go home and work" a lot better
than "we'll be installing video cameras on every street corner".
-Tim Kolar
------------------------------
Date: Sun, 30 Apr 1995 09:39:02 +0000
From:
[email protected] (Richard K. Moore)
Subject: CyberWinter: A Forecast
Not that this should be unexpected news to any of you, but Cyber Winter is
at hand.
We are aware of the Cyber Glaciers -- in the form of the S.390 Censorship
Bill and the S.1984 FBI Police-State Enablement Act -- blasted loose from
the Washington Ice Floes by the ever-so-timely Oklahoma explosion. But
merely the _news_ of the glaciers is enough to chill hearts and will...
One list, with mild political content, was shut down last week with no
explanation. After persistent investigation, I was able to learn that
someone up the byte-chain feared that the list _might_ be perceived as
controversial _by someone someday_, and out of concern for his "job and
family", felt he better shut down the list ASAP. I learned this from the
person himself, although it took several rounds of questions to get past his
layers of embarrassment.
This was at a prestigious university. I promised not to name names.
The Internet is very fragile. It doesn't require police activity to shut
it down; all it takes is the fear of controversy, in a climate of
media-fanned public emotions.
The lists and servers operated by universities and corporations are brittle
as fine crystal -- those institutions have no incentive to risk even the
_potential_ censure of their customers, alumni, directors, funding sources,
etc.
Commercial providers (AOL, CServe, etc) similarly won't wait for a knock on
the door before they "clean up their act" -- and I mean sparkling
lemon-fresh baby-powder clean, suitable for children, grannies, and
Baptists (no offense intended.).
We are entering what the ACLU refers to as a "chilling" era. The Well,
CPSR, APC -- and other sites with a conscience -- will in many cases take a
principled, courageous stand for cyber rights. But those are exactly the
sites that the Police State legislation is designed to suppress. They
can't afford to pursue the "Enumerated Defenses", the way Cyberspace INC
will be able to, when it distributes its interactive soft-porn cyber-soaps
into everyone's home, in order to sell burgers, lager, and designer jeans.
Forget open BBS's -- they'll soon be history.
It's time to get out your winter coats. For what little difference it'll
make, you might want to take down the personal email and snail addresses of
your online associates while you still can.
------------------------------
Date: Sun, 30 Apr 1995 10:24:19 -0400
From:
[email protected] (Simson L. Garfinkel)
Subject: Privacy directory
This isn't so much a RISK as a RESOURCE.
The Privacy Journal has assembled a really phenomenal directory of privacy
professionals. The directory has hundreds of people, with their names,
phone numbers, addresses, email addresses, and brief descriptions of what
they do or have done that's notable in the privacy field.
I've been writing about privacy issues for nearly a decade, but even my own
personal database pales in contrast to what the Privacy Journal's publisher
Robert Ellis Smith has assembled.
You can get the directory for $12.50 from Smith. It is available in print
or electronically.
Here is Smith's entry:
Smith, Robert Ellis
Publisher
Privacy Journal
P. O. Box 28577
Providence RI 02908
401/274-7861
fax upon request
Attorney, publishes monthly newsletter, books and
special reports; author of Our Vanishing Privacy (1993), The
Law of Privacy Explained (1993), Compilation of State and
Federal Privacy Laws (1994)
E-mail address:
[email protected]
(Note: I write occasionally for The Privacy Journal, but this is still a
great resource.)
------------------------------
Date: 28 Apr 95 9:53:31 EDT
From: Charlie Kaufman/Iris <Charlie_Kaufman/
[email protected]>
Subject: Re: Lotus Notes authentication protocol challenged (Gong, RISKS-16.87)
>(2) [...] Cynthia Dwork of IBM Almaden wrote in ACM SIGACT
>News 26(1) (March 1995) that the authentication procedure using public-key
>systems in Lotus Notes, as described in its "Internals online book", has
>security flaws. Lotus's response is (1) the actual system does not work as
>described in the manual and (2) how it actually works is proprietary
>information. [LG: (1) is dangerous by itself, and if (2) is true, then why
>pretending to describe the procedure in the first place.]
It's all true.
The authentication protocol used by Lotus Notes is a somewhat involved mix
of public key and secret key cryptography designed for good security and
performance. In the Security Internals online book in a section on the
certificate hierarchy and the implied trust model, there is an aside on how
authentication takes place once the two sides know each others public keys.
Because the truth was complex and the complexity seemed irrelevant, the
author substituted a "classic" public key authentication protocol for the
real one. Unfortunately, while that protocol was not itself flawed, using
the same public key for that protocol and for the encryption and the signing
of electronic mail would be insecure. That was the central point of the
Dwork article: that two well designed cryptographic protocols can be
insecure when used together sharing keys. The actual Lotus Notes
authentication protocol does not have this problem.
While the Lotus Notes authentication protocol was never intended to be
proprietary or secret, it was also never fully publicly documented, and the
public documentation that did exist was incorrect. A more complete writeup
has subsequently appeared in the book "Network Security: Private
Communication in a Public World", by Charlie Kaufman, Radia Perlman, and
Mike Speciner, Prentice Hall, 1995. The on-line documentation will be
corrected.
Charlie Kaufman Email:
[email protected] Tel: 1-508-392-5276
Iris Associates, One Technology Park Drive, Westford, MA 01886, USA
------------------------------
Date: Sat, 29 Apr 1995 19:49:08 GMT
From:
[email protected] (David Cline)
Subject: Re: Floating-Point Time (Kuenning, RISKS-17.09)
> ... Since there are about 3x10^7seconds in a year, or about 10^8 every
> 3 years, one can represent about 8x16x3 = 384 years to millisecond
> precision without violating that range, right?
Wrong. This confuses milliseconds and microseconds; You can represent 285
years to *microsecond* accuracy in 53 bits. If you only care about
millisecond accuracy, you can represent about 285,000 years. There are also
ways of using the sign bit to double the effective range.
Dave Cline Spring Valley Software
[email protected]
[Your moderator is dismayed that this is dragging on so long! PGN]
------------------------------
Date: Fri, 28 Apr 95 11:12:30 EDT
From:
[email protected]
Subject: Re: Floating-Point Time
On the year-zero and religious wars: PGN suggests [RISKS-17.09] that
first-century dates (which were, after all, not invented until well after
the fact) would have created religious wars had there been computers to
suggest that there should be a year zero.
Any self-respecting computer, however, would have balked at attempts to
divide the factions by zero.
Bill Hopkins
[email protected] Unisys Corporation (Soon to be Loral, they say)
610-648-2854 or 363-7464 Valley Forge Eng'g Ctr, POB 517, Paoli PA 19301
------------------------------
Date: Thu, 27 Apr 95 13:11 PDT
From:
[email protected]
Subject: Re: Digital libraries (Kass, RISKS-17.09)
> [...] However, the only media which has persistence of 50+ years which
> has been proven in a reliable way is film.
This points out a risk of being to close to the technology. Perhaps the
microfilm is the only "technological" way of storing media for 50+ years,
but it seems to me that the low-tech method of printed books has about 5 to
10 times that lifespan, depending on the paper and ink used. It also has
the benefit of being immediately accessible to the reader, as no fancy
technology is necessary to extract the data, outside of a current
prescription for one's glasses.
Shannon Nelson Portland Technology Development, Intel Corp.
[email protected] (503) 642-8149 I don't speak for Intel
------------------------------
Date: 30 Apr 1995 01:20:08 -0400
From:
[email protected] (Michael D. Sullivan)
Subject: Re: Digital Libraries (Kass, RISKS-17.09)
And what about paper (acid-free), papyrus, or other similar media that
have lasted hundreds or thousands of years intact? Or stone (e.g.,
cuneiforms or etchings on silicon)?
Microfilm (silver on film) has been around far less time than these. In
fact, the film media used in the 1930s (nitrocellulose) has proven to be
disastrous -- it practically self-destructs. Moreover, silver has only been
in use for a bit over a century as a means of fixing an image, and it has
distinct disadvantages, due to oxidation. Carbon-based ink on non-acid
paper, on the other hand, lasts virtually forever. Perhaps replacing paper
with Mylar would be a good step, but silver halide images would not appear
to be good for long-term archiving; photographers have turned to platinum
and other means of giving longevity to photographic images, in lieu of
silver. India ink on papyrus or vellum might last longer, though. Maybe
convert the data to carbon-based laser toner on Mylar in barcodes?
Michael D. Sullivan | INTERNET E-MAIL TO:
[email protected]
Bethesda, Md., USA | also
[email protected],
[email protected]
------------------------------
Date: Thu, 27 Apr 1995 15:24:59 -0400 (EDT)
From: Michael Froomkin <
[email protected]>
Subject: Clipper paper available for anon FTP
My paper, "The Metaphor is the Key: Cryptography, the Clipper Chip, and
the Constitution" is now available for anonymous FTP. It is about 180pp.
long, and contains more than 800 references.
I would welcome your feedback on this paper -- even (especially?)
contributions to the inevitable errata sheet.
(Please note this document resides at what is officially a "temporary"
site, so that if you create a web link to it, please let me know so that
I can notify you when it moves).
Contents of
FTP://acr.law.miami.edu/pub/..
File Type
- - - - - - - - - - - - - -
clipper.asc ASCII
clipper.wp WP 5.1/Dos
clipperwp.zip Pkzipped version of clipper.wp
clipper.ps My best effort at Postscript. YMMV. (approx. 7Mb.)
clipperps.zip Pkzipped version of clipper.ps
clipper.ps.gz Gzipped version of clipper.ps
Ports provided by nice people (please note I have not checked these):
clipper.ps.Z Unix compressed version of clipper.ps with carriage
returns removed -- courtesy of Whit Diffie
clipperMSW.sea.hqx Binhexed self-extracting Microsoft Word 5.1 for
Macintosh version of clipper.wp -- courtesy
of Ted Byfield
None of these files contains correct and final page numbers, and there are
generally trivial typos that were corrected in the printed version. The
printed version appears at 143 U.Penn.L.Rev. 709 (1995).
I intend to put up a web version presently. The .index file in the above
directory will have details when a clean copy is ready for prime time. A
link to an experimental and highly buggy HTMLized version may appear at
erratic intervals at
http://acr.law.miami.edu at the very bottom of the
homepage.
A.Michael Froomkin, Associate Professor of Law, U.Miami Law School, POB 248087,
Coral Gables, FL 33146 USA +1(305) 284-4285
[email protected]
------------------------------
Date: 29 Apr 1995 13:22:30 -0400
From: "Dave Banisar" <
[email protected]>
Subject: Advanced Surveillance, Call for Papers
CALL FOR PAPERS
Advanced Surveillance Technologies
Sponsored by
Privacy International, and
Electronic Privacy Information Center
4 September 1995
Copenhagen, Denmark
Overview
Over the past decade, fundamental changes have taken place in the nature and
the environment of surveillance. New information systems offer an
unprecedented ability to identify, monitor and track a virtually limitless
number of individuals. Some leading-edge technologies are likely to
revolutionize the practice of surveillance. The factors of cost, scale,
size, location and distance have, in many instances, become largely
irrelevant.
The impact of political and economic change throughout the world has also
created unforeseen dimensions to surveillance. The evolution of a Global
Information Infrastructure will have a profound impact on the scope of
potential surveillance of individuals. The end of the cold war and the
privatization of public sector activities has magnified the impact of
change. The merging of technologies has also created new opportunities for
wide-scale surveillance.
The nature of surveillance has changed to the extent that modern information
systems involve a pre-requisite of general surveillance of populations. The
pursuit of perfect identity has created a rush to develop systems which
create an intimacy between people and technology. Advanced biometric
identification and sophisticated ID card systems combine with geographic
tracking to create the potential to pinpoint the location of any individual.
The use of distributed databases and data matching programs makes such
tracking economically feasible on a large scale.
Extraordinary advances have recently been made in the field of visual
surveillance. Closed Circuit Television (CCTV) systems can digitally scan,
record, reconfigure and identify human faces, even in very poor light
conditions. Remote sensing through advanced satellite systems can combine
with ground databases and geodemographic systems to create mass surveillance
of human activity.
The globalization of information systems will take information once and for
all away from the protection and jurisdiction of national boundaries. The
development of data havens and rogue data states is allowing highly
sensitive personal information to be processed outside any legal protection.
At a more intimate level, research is underway in more than a dozen
countries with the aim of implanting microchip technology directly into the
human brain. US and European medical institutes have already conducted many
such operations. The creation of a direct link between the human brain and
computer technology is at an advanced stage. Such procedures are initially
aimed at stimulating dead senses and paralyzed limbs. Within two decades, it
is possible that such implants will be at a sufficiently advanced stage to
enable complex interaction between the brain and external technology.
The science of nanotechnology, which involves the re-configuration of
individual atoms and molecules, will present the potential for virtually
undetectable covert surveillance.
These and other developments are changing the nature and meaning of
surveillance. Law has scarcely had time to address even the most visible of
these changes. Public policy lags behind the technology by many years. The
repercussions for privacy and for numerous other aspects of law and human
rights need to be considered sooner rather than later.
This one day conference will present an overview of these leading-edge
technologies, and will assess the impact that they may have in the immediate
future. Experts and analysts will discuss the nature and application of the
new technologies, and the public policy that should be developed to cope
with their use.
The conference theme is unique, and interest in the event has
already been expressed from throughout the world.
Program contents
The first session will assess new dimensions in current surveillance
technologies. The remainder of the day will be devoted to exploring
technologies which are in the formative stage of development.
Preliminary List of Topics:
o Advanced Satellite Surveillance
o Microchip Implants
o Nanotechnology
o Biometrics and perfect identity
o Advanced Geodemographic Systems
o Data Havens and Rogue Data States
o Information Warfare
o Cryptography
The conference will be held in Copenhagen, and is timed to coincide with the
17th annual international meeting of privacy and data protection
commissioners.
Number of participants : approximately one hundred
Cost: US $75 - Individuals/non-profit organizations
$175 - Commercial organizations
Privacy International and the Electronic Privacy Information Center are now
requesting abstracts for papers. Papers should be directed at a general
audience, and should either present an overview of an aspect of advanced
surveillance technology, or they should discuss the likely use and impact of
the technology.
Abstracts or papers can be emailed to Privacy International at:
[email protected]
Alternatively, they can be sent to :
Privacy International Washington Office
666 Pennsylvania Ave, SE, Suite 301
Washington, DC 20003 USA
1-202-544-9240 (phone)
1-202-547-5482 (fax)
Web address:
http://privacy.org/pi/
gopher/ftp cpsr.org /cpsr/privacy/privacy_international/
David Banisar (
[email protected]) * 202-544-9240 (tel)
Electronic Privacy Information Center * 202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301 * ftp/gopher/wais cpsr.org
Washington, DC 20003 *
HTTP://epic.digicash.com/epic
------------------------------
Date: 24 April 1995 (LAST-MODIFIED)
From:
[email protected]
Subject: ABRIDGED Info on RISKS (comp.risks) [See other issues for full info]
The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...]
REQUESTS to <
[email protected]> (which is not yet automated). [...]
CONTRIBUTIONS: to
[email protected], with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome, but not personal attacks. [...]
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
RISKS can also be read on the web at URL
http://catless.ncl.ac.uk/Risks
Individual issues can be accessed using a URL of the form
http://catless.ncl.ac.uk/Risks/VL.IS.html [...]
RISKS ARCHIVES: "ftp unix.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>
cd risks<CR> or cwd risks<CR>, depending on your particular FTP. [...]
[Back issues are in the subdirectory corresponding to the volume number.]
------------------------------
End of RISKS-FORUM Digest 17.10
************************
