Subject: RISKS DIGEST 17.16
REPLY-TO:
[email protected]
RISKS-LIST: Risks-Forum Digest Friday 2 June 1995 Volume 17 : Issue 16
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, etc. *****
Contents:
New Yorker Article on Potential Building Collapse: The 59-Story Crisis
(Andy Huber)
``Woodpeckers could delay shuttle''
Ariane-5 test aborted
Military (hi-res) GPS to be opened up? (Cris Pedregal Martin)
Bogus PKZIP 3.00 Trojan horse (Sidney Markowitz)
British man convicted as malicious virus writer (George Smith)
Internet Security -- Oxymoron or Actual Fact? (Edupage)
Pay-Phone Price Gouging (Mich Kabay)
Cellular Roaming broken (Bob Frankston)
Re: Microsoft plans corporate espionage (ASaunders)
MS SMS product, others pose risks (Mark Seecof)
Re: Prodigy held liable (Bob Morrell)
Re: "Nautilus foils wiretaps" (Adam Back)
Re: Ahperader (Paul Andrew Olson)
Re: Negative Ions (Winn Schwartau)
ABRIDGED Info on RISKS (comp.risks) [See other issues for full info]
----------------------------------------------------------------------
Date: Thu, 01 Jun 95 10:02:50 EDT
From: Andy Huber <
[email protected]>
Subject: New Yorker Article on Potential Building Collapse: The 59-Story Crisis
"If they built buildings they way we build software...."
There's a fascinating article in the current issue of The New Yorker
("The Fifty-Nine-Story Crisis", Joe Morgenstern, The New Yorker, vol. LXXI,
no. 14, May 29, 1995, pp. 45-53) that should be of great interest to all
with an interest in software engineering. It's the story of the discovery
and patching of a design/implementation flaw in a 59-story building in New
York City (the Citicorp Center) that had the potential to cause the building
to collapse disastrously under high winds.
The parallels with software are uncanny, because the reasons the
problem occurs are exactly the things that occur in so many software projects:
1. An unusual or novel aspect to the problem. (Building around an existing
structure, a church).
2. A creative, innovative solution that required new design & analysis.
(Putting the main support columns in the middle of each side of the
building, rather than at the corners.)
3. Not quite getting all the implications & analysis of the innovation
right. (The reviewers of the design treated some special, new
diagonal wind braces as trusses rather than columns, thereby
disregarding a required standard and exempting them from a safety
standard.)
4. A critical change in the specification made by the contractor during
construction to save time & money that was not reflected back to the
designers and/or re-analyzed/reviewed for its impact that greatly
weakened the design.
5. A resulting flaw that would only show up in heavy load, and not
under normal use/test.
Anyone interested in making software engineering a profession
will also find the article of interest. Everyone involved exhibited
a high degree of professionalism throughout the discovery, analysis,
and fixing of the problem. (Even the lawyers!) Another amazing thing
is that there's been little if any publicity of this before (at least
to my knowledge; this is the first report I remember seeing). Part of
that may be due to the fact there just happened to be a newspaper
strike going on in New York City at the crucial time.)
WARNING: Do not start reading this until you have time to finish it; I
found it a case of "can't put it down" reading.
[Note: I'm unable to always follow the risks forum closely, but haven't
seen anything on this in there, either recently or in the past.
It will certainly appeal to risks readers. Apologies if others
have submitted this or it's been covered in the past & I just missed
it, in which case simply hit the delete key. Might note also that
if people find this interesting, an interesting book on similar
things that I read a couple of years ago while doing some investigating
on operating system reliability is: "Why Buildings Fall Down", by
Matthys Levy & Mario Salvador, New York, W.W. Norton, 1992. One of
the conclusions is that many buildings fail due to a lack of redundancy,
which I find very interesting since very few operating systems (or
software of any kind) has any kind of redundancy designed or built
into it.]
Andy Huber Data General (919) 248-6072
[email protected]
------------------------------
Date: Fri, 2 Jun 95 10:11:54 PDT
From: "Peter G. Neumann" <
[email protected]>
Subject: ``Woodpeckers could delay shuttle''
Our risks-to-technology annals have another case of animal-kingdom behavior.
For the past several days, yellow-shafted flicker woodpeckers have been
chipping away at the insulating foam on the space shuttle Discovery's
external fuel tank, causing at least 71 holes, from half-inch to four inches
in diameter. [Source: AP item, San Francisco Chronicle, 1 June 1995, p. C2]
[Poly(styrene?), wanna crack 'er? Oh for the old days of silent flickers.]
------------------------------
Date: Fri, 2 Jun 95 10:02:08 PDT
From: "Peter G. Neumann" <
[email protected]>
Subject: Ariane-5 test aborted
After the failure of the main cryogenic motor earlier in May resulted in the
death of two technicians, another test on 30 May (in Cayenne, French Guiana)
was aborted by the computer control system several seconds after ignition of
the new European rocket. I suppose this case counts as a success story for
computers, but a failure for the rocket motor. PGN [Source: A Reuters item,
San Francisco Chronicle, 1 Jun 1995, p. A10.]
------------------------------
Date: Thu, 1 Jun 1995 11:48:21 -0400 (EDT)
From: Cris Pedregal Martin <
[email protected]>
Subject: Military (hi-res) GPS to be opened up?
On 31 May 1995, I heard a story about GPS on NPR-All Things Considered of
interest to RISKS readers. Apologies for any omissions, I didn't take notes
so the following is from memory.
A "blue-ribbon" panel just issued a report on whether to open all of the
satellite-based Global Positioning System (GPS) to civilian use. As it works
now, GPS transmits a low-resolution signal for civilian use, which has
random errors added to it (resolution: about 100m), and an encrypted signal
for military use that's much more precise. The civilian capability was made
available worldwide after the KAL 007 downing over Soviet Airspace during
the Reagan administration, and it is now widely used not just by ships and
planes, but also by hikers and tourists (a palmtop GPS locator sells for
about $300 in the US).
The panel concluded that the hi-res signal had to be opened to use by all.
The military's objection is that enemies could use it to e.g. guide missiles
(one of their own applications) to US targets. They're proposing that the
error may be increased, or the system turned off altogether, at the
discretion of the US President, in "time of war". Civilian aviation
authorities aren't thrilled about using a system on which they don't have
their "hand on the switch," as an official from the British aviation
authority said.
The cat may already be out of the bag. FAA is testing a system that uses the
civilian GPS on an aircraft in concert with a ground-based civilian GPS,
through a radio link. Since the ground based GPS knows its coordinates, it
can listen to the signal from satellites, figure the error, and inform its
airborne partner. Precision is in the 1 meter range now, enough to put a
plane on a glide path and land it in dense fog.
The various RISKs are left as an exercise to the reader.
Cris Pedregal Martin
[email protected]
Computer Science Department UMass / Amherst, MA 01003-4610
[Also reported by Fred Ballard <
[email protected]>, who added
``As our dependence on GPS increases, so do the risks. It might be wise
to check the international scene as well as the weather before flying or
boating when GPS is being relied on.'' PGN]
------------------------------
Date: Fri, 2 Jun 1995 11:50:44 -0700
From:
[email protected] (Sidney Markowitz)
Subject: Bogus PKZIP 3.00 Trojan horse
I saw the following notice on PKWARE's support forum on CompuServe and have
more recently seen it forwarded via the COOL mailing list. The RISK involved
is obvious, but I'm forwarding it in case any of RISK's readers still use
DOS :-). For those who don't: PKZIP is a widely used file
compression/archiving program that is sold as shareware. It's been at
version 2.04G for quite a long time, so people would be quite likely to grab
up a new version quickly.
sidney markowitz <
[email protected]>
Some joker out there is distributing a file called PKZ300B.EXE and
PKZ300B.ZIP. This is NOT a version of PKZIP and will try to erase your
harddrive if you use it. The most recent version is 2.04G. Please tell
all your friends and favorite BBS stops about this hack.
Thank You.
Patrick Weeks Product Support PKWARE, Inc.
------------------------------
Date: Thu, 1 Jun 1995 18:38:49 -0500 (CDT)
From: Crypt Newsletter <
[email protected]>
Subject: British man convicted as malicious virus writer
Finally, after months of delay and postponement, a 26 year old
unemployed computer programmer, Chris Pile, pleaded guilty Friday,
May 26, to eleven charges related to computer virus writing. The
case at Plymouth Crown Court was the first of its kind in British legal
history since passage of the Computer Misuse Act in 1990.
Pile, known as the Black Baron, pleaded guilty to hacking into business
computers and planting the computer viruses known as SMEG/Pathogen and
SMEG/Queeg. The case followed an investigation by fraud squad officers and
experts from Scotland Yard. The eleven charges stemmed from a period between
October 1993 and April 1994 when the Black Baron obtained unauthorized
access to computer programs and seeded them with viruses he'd written. He
also pleaded guilty to one charge of inciting others to plant his viruses.
Authorities state that tracing the viruses and repairing damage caused by
them cost "well in excess of half a million pounds." Pile was released on
bail and the trial adjourned for two months to allow the defence to prepare
a pre-sentencing report.
Pile, a Devon man, wrote the SMEG viruses which quickly gained the attention
of anti-virus developers worldwide in mid-1994. Due to publicity on the nets
and in the computer underground, they were rapidly distributed around the
Internet at approximated the same time Pile was arrested in connection with
the charges on which he was tried.
Sentencing will probably depend upon the interpretation of Pile's intent to
incite others to write viruses using his "SMEG" encryption kernel which was
distributed internationally to virus exchange underground bulletin board
systems in mid-1994. It is an arcane issue which calls for the examination
and tracking of a computer archive containing a detailed technical "how-to"
on installing Pile's "SMEG" virus encryption kernel into new viruses, the
encryption software and a sample demonstration virus.
In 1993, another English virus writer, Stephen Kapp, was arrested in
connection with telephone fraud charges. Kapp was known as the "President
of ARCV," or ARCV virus writing group which stood for Association of Really
Cruel Viruses.
It is worth noting that in 1992 at the height of the Michelangelo virus
scare, few virus writers were easily identified. This is no longer the
case. Due to the growth in computer networks and an increasing desire for
underground network celebrity, many of the most prominent virus writers in
the world live in plain sight.
Australia's Clinton Haines, a student at the University of Queensland, is
responsible for writing and putting the Dudley and NoFrills computer viruses
into the wild in his country. At various times since 1992, these viruses
have infected SunCorp, a large Australian insurance firm; Australian Telecom
and the Australian Taxation Office, which is similar to the IRS. Haines has
been interviewed at length by the Australian newsmedia.
In America, James Gentile, a teenager living in San Diego, has written a
number of viruses, all of which have emerged in the wild. His Satan Bug
crashed US Secret Service networks in 1993. Since then another of his
creations, known as Natas - Satan spelled backwards - has become one of the
most common computer viruses in North America. It has been reported as far
south in the hemisphere as Argentina.
George Smith
[email protected]
On the World Wide Web: URL:
http://www.soci.niu.edu:80/~crypt
------------------------------
Date: Thu, 1 Jun 1995 21:09:03 -0400
From:
[email protected] (Edupage)
Subject: Internet Security -- Oxymoron or Actual Fact? (Edupage 1 June 1995)
William Cheswick, a senior researcher at Bell Labs, thinks the Internet is
risky business and "a bad neighborhood," in which "hackers can eavesdrop on
the packet flow... It is past time for the deployment of encrypted
sessions." But investment banker and consultant Ted Prince says: "What we
have is a tiny number of hacker incidents that have been blown out of
proportion by the tabloid technoliterati... You have more chance of getting
your credit-card number stolen in a restaurant or on a phone in Grand
Central Station than you do of having it stolen on the Internet."
(Computerworld 5/29/95 p.96)
[Perhaps Prince is correct at the moment, but Cheswick seems to be
thinking further ahead. Someday <your> Prince will come <around>. PGN]
------------------------------
Date: 30 May 95 14:47:14 EDT
From: "Mich Kabay [NCSA Sys_Op]" <
[email protected]>
Subject: Pay-Phone Price Gouging
>From the Associated Press news wire via CompuServe's Executive News Service:
Pricey Pay Phones,, By JEANNINE AVERSA, Associated Press Writer
WASHINGTON (AP, 29 May 1995) -- Between appointments, Mary Viar dashed to a
pay phone in Hagerstown, Md., to wish her daughter in Pittsburgh a happy
birthday. A week later, she got the bill: $21.39 for her 22-minute call.
For the same amount, she could have called Paris and talked for half an hour.
Key points:
o FCC handling growing number of complaints about unexpectedly
high prices for calls made through pay-phones: 4,280 complaints
in the last 12 months.
o Beware of phones controlled by "MD-based Oncor Communications,
whose rates are three to four times as high as those of the
big phone companies."
o Users have filed 800 complaints to the FCC about Oncor's rates.
o Hotels and pay-phone owners charge the high rates even if user
requests connection to their own lower-cost carrier.
o Users can bypass the automatic charges by rogue phone companies
by dialling directly to use their own 800 or 950 access codes
for more reasonable phone carriers.
o Some companies add a surcharge to each call and share the revenue/
with "the hotel, bar or other establishment where a public phone
is located...."
o "The FCC said Oncor's surcharges alone have totaled as much
as $10 per call."
In a related article, the author included the following information:
If you believe you have been unfairly charged for a long-distance
call, you can file a complaint to the FCC, which oversees
interstate service. For local calls, contact the state's
public utility commission, which oversees local phone service.
You may also want to send a letter to the state attorney general,
many of whom have raised concerns about rate gouging.
Complaints may be sent to the Federal Communications Commission,
Enforcement Division, 2025 M Street, N.W., Washington, D.C.,
20554. Additional information also can be obtained by calling
the FCC at 202-418-0190.
M.E.Kabay,Ph.D. / Dir. Education, Natl Computer Security Assn (Carlisle, PA)
------------------------------
Date: Tue, 23 May 1995 22:50 -0400
From:
[email protected]
Subject: Cellular Roaming broken
Last week I was trying to use my cellular phone in Seattle. I couldn't get
it to work because it is a Boston based phone and the Boston database was
being upgraded last week and, basically, got screwed up. I didn't now about
this till Thursday evening but apparently it was a week long problem
according to the Boston Cellular One. The Seattle people said that they
couldn't do anything about it. The first time I called customer support the
suggested solution was to power off and try again in a little while since
they were clueless as to the cause of the problem. Later I spoke to someone
who was more familiar yet was still unable to help.
Perhaps no one really roams on these phones, but one would think a major
outage like this would get more attention and be taken more seriously. But
then, the reality of the cellular network is that it is not a reliable
service. Before automatic roaming you'd have to register locally but that
was only available on a 9 to 5 basis.
Perhaps this is a nonrisk. By not providing a really reliable service,
people are not going to be overly dependent upon the network. Actually, they
will be dependent upon it for emergency services until the first emergency
..
------------------------------
Date: Wed, 24 May 1995 15:02:16 -0400
From:
[email protected]
Subject: re: Microsoft plans corporate espionage
[email protected] writes:
" Microsoft officials confirm that beta versions of Windows 95 include a
small viral routine called Registration Wizard. ...
Unfortunately Information Week got it wrong. The registration wizard is
nothing more than an electronic version of the ordinary reg card that ships
with every software product today. Its use is optional, it does not
interrogate every PC on a network, and the user chooses what information
will be transmitted.
I have enclosed a copy of a response we wrote on this, which you can get from
ftp.microsoft.com/peropsys/win_news/regwiz.txt if you wish.
Alec Saunders, Microsoft Corporation,
[email protected]
--
A recent trade publication article contained inaccuracies regarding the
purpose and operation of the Registration Wizard, the on-line registration
application in Windows 95. The purpose of the Registration Wizard is to
offer an electronic version of the paper-based Registration Card that
traditionally comes with all Microsoft products. The Registration Wizard
asks for similar information to that listed in the paper-based registration
card, such as your hardware configuration and applications usage. Just like
with a traditional registration card, providing this information is
optional. A customer using the Registration Wizard receives dialog prompts
asking them whether they would like to send this information. They must
actively click 'send' for any information to be sent.
There are lots of benefits to customers that provide this information - such
as product update mailings and improved product support because the product
support engineer can refer to your exact system configuration information
on-line. In the end, though, sending this information is optional and a
conscious decision by the user.
Microsoft traditionally does not make information gathered during the
registration process available to third-parties. If the customer chooses to
send system and software information to Microsoft with the Registration
Wizard, it is a one-way, one-time occurrence and takes place at the time the
customer selects 'send.'
------------------------------
Date: Fri, 26 May 1995 16:45:33 -0700
From: Mark Seecof <
[email protected]>
Subject: MS SMS product, others pose risks
The June 5 Information Week has a big product review story about network-
distributed PC management products which using software on PC's and on
servers to let administrators inventory PC contents, update PC files,
distribute software, monitor usage, and so-on and so-forth. Two of the
products, including most notably Microsoft's SMS, will put any PC into
promiscuous mode to sniff packets from the LAN's to which it may be attached
and forward the data to another machine for analysis.
I feel disappointed that the story doesn't even mention the possibility that
these products may pose security risks. Three such occur to me instantly:
that people can place bad data onto PC's using the distribution facilities;
that people can retrieve confidential data from PC's using the inspection
and monitoring facilities; and that people can steal confidential data from
the network using the remote packet sniffing facilities. I'm sure there are
many more problems. Not only does the story ignore risks, but consequently
it does not mention or rate any product features which might mitigate such
risks (e.g., schemes by which PC's could authenticate purported management
server commands before responding to them).
Doesn't anyone out there in the software business give a hoot about these
issues?
Mark Seecof <
[email protected]>
------------------------------
Date: Fri, 2 Jun 1995 11:25:32 -0400 (EDT)
From: Bob Morrell <
[email protected]>
Subject: Re: Prodigy held liable
So, let me get this straight: Prodigy, by exercising even a modicum of
control is completely liable for whatever appears, while other forums, which
allow anything, no matter how vile, outrageous and slanderous, get off scott
free.
I know I should never be surprised at stupidity, but it does appear they are
encouraging exactly the behavior that the laws are meant to discourage.
Bob Morrell
[email protected]
[It also bodes ill for even the most carefully moderated newsgroups! PGN]
------------------------------
Date: Sun, 21 May 95 17:53:44 +0100
From:
[email protected]
Subject: Re: "Nautilus foils wiretaps" (Vincent, RISKS-17.13)
Malcolm Vincent from a UK email address writes:
> [...] but I do have an account on a FreeNet site in the US which for
> the moment will remain nameless. Now really, what is to prevent me
> downloading nautilus to my free-net and from thence to home.
It may not even be necessary to have a US based account. The mechanism
used is to do a DNS name lookup on your IP number. However there are
plenty of non-US sites with DNS names which look American (end in .com for
instance). Some of the sites have weaker checks, merely requiring you to
agree by virtue of downloading that you are a US citizen.
There are plenty of routes whereby crypto software can leave the US with
very low risk of detection. Consider, for instance, that the software
could be encrypted with PGP, and mailed through a chain of encrypting
anonymous remailers. In fact something of this nature must already have
happened for it is available for ftp in the UK from Oxford University:
ftp://ftp.ox.ac.uk/pub/crypto/misc/nautilus-0.9.0.tar.gz
Also, ITAR only clearly holds if you are a US citizen, currently living in
the US. I don't believe this situation (ftp from outside the US of US
export controlled software) has ever been explored in court, but it is not
immediately obvious that a US law which makes an action illegal in the US
could be held to apply outside the US. Particularly as the physical
jurisdiction in question does not have a similar law.
The whole question rests on the legal interpretation of the action of ftping
a file, which jurisdiction is ftp initiator considered to be in. A
non-computer based example which could be used as a metaphor: obtaining
information from a foreigner on the phone. Say that a US citizen had made a
phone call to the former Soviet Union and had requested KGB classified
information, information which was freely available in the US, would the US
person have committed an offense on Russian soil and hence expect to be
extradited? The telephone example is very similar to the modern
computerised example, ftp is merely an automated information retrieval
system.
Another somewhat related risk, is people outside the US posting crypto code
to USENET, for instance my sig file below implements RSA encryption in 3
lines of perl. If you are not familiar with encryption schemes, RSA is one
of the most secure public key encryption schemes, and is the one used in
PGP. It is also very firmly on the ITAR export control list.
Information on the sig is at:
http://dcs.ex.ac.uk/~aba/rsa/
Some US folks are printing a T-shirt with this code on it, in honour of
ITAR, to produce an export controlled "munitions" T-shirt. Also on the web
page is postscript for a 1x4" mailing label with the code as handed out by
New York lawyer Duncan Frissell at Computers, Freedom and Privacy '95 - for
an export-controlled mailing label. A picture of one of these labels was
printed on the front page of the business section of the New York Times
(April 10th).
[As I recall, the left margins were (intentionally?) fuzzied. PGN]
In using this sig, there is the risk that news distribution paths cross the
US borders a few times on the way, does this constitute "export"? What
about a mailing list, members will receive copies via the US list server.
Some unsuspecting US usenet reader might quote the sig by accident.
Living in the UK, I feel fairly confident of the safety, and legality of
using my sig, but what about larger programs posted by those outside the US.
I mean if a non-US citizen living outside the US were to fetch nautilus from
the Oxford ftp site and post it (speaking hypothetically here of course)
uuencoded to sci.crypt, would that person be in trouble? I am not sure that
this would be a good idea, but it is an interesting question from a legal
point of view. But the perl rsa implementation is okay at 3 lines? The
question arises about where the cut off point is: 10 lines, 1000?
Adam Back <
[email protected]>
HAVE *YOU* EXPORTED A CRYPTO SYSTEM TODAY? -->
http://dcs.ex.ac.uk/~aba/rsa/
--rsa--------------------------------8<-------------------------------------
#!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX **CENSORED** - export controlled software XXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-------------------------------------8<-------------------------------------
TRY: echo squeamish ossifrage | rsa -e 3 7537d365 | rsa -d 4e243e33 7537d365
[Somewhat similar sentiments were also expressed by
Stuart Smith <
[email protected]>. PGN]
------------------------------
Date: Thu, 1 Jun 95 13:25 EDT
From: Paul Andrew Olson <
[email protected]>
Subject: re: Ahperader
This reminds me of something a colleague told me a few years ago, when her
employer first installed voice mail. Mysteriously, the system would often
prevent her from leaving messages. After the beep, she would start leaving
a message, and then at some point (usually near when she was almost
finished) it would cut her off, saying "That is not a valid code, please
re-enter your message", for no apparent reason. Naturally, this drove her
up the wall. It did not behave this way for anyone else.
It turns out that since her voice is pitched relatively high, the voice mail
system mistook her voice for one of the phone number tones. I guess it
wasn't zero or one, or she would have gotten further instructions. Last I
heard, she started leaving messages with her best James Earl
Jones-impression, and that worked. I don't know if the problem was ever
fixed. Again, the RISK is assuming certain things about the human voice.
------------------------------
Date: Thu, 1 Jun 1995 14:04:41 -0400
From:
[email protected]
Subject: Re: Negative Ions
This talk about positive and negative ions is really nothing new. If you go
through the literature, especially the medical literature of the 60's and
70's on the subject, early research suggested (perhaps empirically in some
cases) that negatively ionized environment promote health, accelerated
healing, and an overall sense of well being.
I have had negative ion generators at home for years, but never too near
computers because `crashes' became too common. In the late 70's and early
80's, companies were attempting to market humongous negative ion generators
for use in the air conditioning systems of new buildings to neutralize the
`positive ion effects of computer equipment.'
I've not yet seen a study of whether wholesale ionization of air-conditioned
buildings with no ventilation is a justified investment or not; some have
claimed that increased worker productivity and fewer sick days were an
immediate benefit.
But that assumes the computers still work.
I'd like to see more of the recent work on the subject, as my file
cabinets full of these files are `antique' - more than 15 years old.
Winn Schwartau Interpact, Inc., Information Security & Warfare
V:813.393.6600 F:813.393.6361
[email protected]
------------------------------
Date: 24 April 1995 (LAST-MODIFIED)
From:
[email protected]
Subject: ABRIDGED Info on RISKS (comp.risks) [See other issues for full info]
The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...]
REQUESTS to <
[email protected]> (which is not yet automated). [...]
CONTRIBUTIONS: to
[email protected], with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome, but not personal attacks. [...]
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
RISKS can also be read on the web at URL
http://catless.ncl.ac.uk/Risks
Individual issues can be accessed using a URL of the form
http://catless.ncl.ac.uk/Risks/VL.IS.html [...]
RISKS ARCHIVES: "ftp unix.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>
cd risks<CR> or cwd risks<CR>, depending on your particular FTP. [...]
[Back issues are in the subdirectory corresponding to the volume number.]
------------------------------
End of RISKS-FORUM Digest 17.16
************************
