Subject: RISKS DIGEST 17.52

Subject: RISKS DIGEST 17.52

RISKS-LIST: Risks-Forum Digest Thursday 7 December 1995 Volume 17 : Issue 52

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

***** See last item for further information, disclaimers, etc. *****

Contents:
Bidirectional text processing (Amos Shapir)
Java warnings (i.e., everything under the sun...) (John Oram)
Dartmouth Time Sharing System: Beware the Ides of March (Warren Montgomery)
Loopholes in pharmacy database? (Brian D. Oberquell)
Excel Version 7 scary risks (Andrew Goodman-Jones)
Test it as it will be used (Flint Pellett)
Re: Getting your clearance on the net (David M Kennedy)
Data Erasure (Lindsay F. Marshall)
New Book: Civilizing Cyberspace (Gary Chapman)
Microsoft grammar checker (Daniel P. B. Smith)
Re: Ambiguous abbreviations (David Eddy)
Re: Costs of 1999->2000 date fix: FIX (Mark Jackson)
Re: What do we call the 2000s? (Aaron L Dickey via Mark Brader)
Re: Luggage lockers (Edward Rice)
Watergate and erasure (Lawrence Kestenbaum)
Program Announcement - ISOC 1996 Symp. Netw. & Distr. Sys. Security
(David M. Balenson)
ABRIDGED info on RISKS (comp.risks)

***** [Lots of pending contributions discussing alarms and
***** spelling checkers. I'll get to some of them. PGN]

----------------------------------------------------------------------

Date: Mon, 4 Dec 1995 15:01:16 GMT
From: [email protected] (Amos Shapir)
Subject: Bidirectional text processing

A full page ad for a computerized cash register is published today in a few
papers here. The ad is in Hebrew, except for one technical term, which is
displayed in latin font as "ENIL NO" a few times throughout...

The problem of mixed-direction text processing is notoriously tricky, but
the real RISK in this case (or is it a KSIR? :-)) is that the ad's text
seems to have been processed automatically, and has not been viewed by a
human being -- at least a person who knows what it's about -- before the
final version was printed.

Amos Shapir, nSOF Parallel Software, Ltd., Givat-Hashlosha 48800, Israel
Net: [email protected] Tel: +972 3 9388551 Fax: +972 3 9388552

[ENIL NO SEE, ENIL NO HEAR, ENIL NO DO.
The text processor must be ENIL RETENTIVE. PGN]

------------------------------

Date: Mon, 4 Dec 1995 23:49:52 -0800
From: [email protected] (John Oram)
Subject: Java warnings (i.e., everything under the sun...)

This warning is included in some Java applets from Sun. Looks as if they
have been reading RISKS...

THIS SOFTWARE IS NOT DESIGNED OR INTENDED FOR USE OR RESALE AS ON-LINE
CONTROL EQUIPMENT IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE
PERFORMANCE, SUCH AS IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT
NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL, DIRECT LIFE
SUPPORT MACHINES, OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF THE
SOFTWARE COULD LEAD DIRECTLY TO DEATH, PERSONAL INJURY, OR SEVERE
PHYSICAL OR ENVIRONMENTAL DAMAGE ("HIGH RISK ACTIVITIES"). SUN
SPECIFICALLY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR
HIGH RISK ACTIVITIES.

------------------------------

Date: Mon, 4 Dec 95 13:29:59 CST
From: [email protected] (nd9430600-Montgomery)
Subject: Dartmouth Time Sharing System: Beware the Ides of March

[This item was prompted by the Bernie Greenberg story in RISKS-17.18.]

The Dartmouth Time Sharing System was an operating system and suite of
application software developed and maintained primarily by students in the
early 1970's. One year the maintainer of the BASIC compiler introduced a
special "feature": In celebration of the Ides of March, on March 15th it
would print the numbers appearing in messages as Roman Numerals. The
college got a good laugh out of it at the time. The year after this person
graduated and moved on, Dartmouth sold the system commercially to a handful
of sites. In January of that year, in a routine test, the new owner of
Basic discovered that while the Roman Numeral code had been removed from the
distributed version, the special check for March 15th that activated it had
not been, with the result that on March 15th, BASIC would surely fail when
it attempted to print a number. The fix was quickly determined and
bulletins distributed to the other installations with special instructions
that it was vital to install it before March 15th. In spite of several
warnings, however, some or all of the installations outside of the college
experienced a BASIC compiler failure on March 15th because they had not
installed the fix. Morals to be drawn include:

* Be very careful of temporary hacks. They have a habit of outliving
carefully implemented programs.

* Never count on your ability to get someone to install an update to
prevent a disaster.

I can hardly wait for 1/1/00!

Warren Montgomery ih4sh!warren or [email protected]

------------------------------

Date: Tue, 5 Dec 95 07:11 PST
From: [email protected] (Brian D. Oberquell)
Subject: Loopholes in pharmacy database?

British Columbia has implemented a province-wide database called PharmaNet;
the main objective is to reduce the number of fraudulent or duplicate
prescriptions by having all pharmacies networked together. Another objective
is to reduce the incidence of drug interactions, and this is where the
system *may* fall down.

I recently purchased a bottle of cough syrup with codeine; in B.C. this is
not a prescription item, but is rather an over-the-counter (OTC) item that
you must request from the pharmacist. I noticed that, while prescriptions
were entered into the database, the cough syrup was not. The pharmacist
confirmed for me that they were not required to enter items like this into
the database.

I'm no pharmacist, but I would imagine that there are prescription drugs
that can interact adversely with codeine or other OTC drugs that pharmacies
dispense.

I plan on writing the Ministry of Health about this, but this loophole shows
that it's in the patient's best interest to ask questions to make sure
anything they take is safe, and won't interact adversely with something
else.

------------------------------

Date: Thu, 7 Dec 1995 01:37:05 +1100 (EST)
From: Andrew Goodman-Jones <[email protected]>
Subject: Excel Version 7 scary risks

Excel 7 has a new feature where if you are entering data in columns and
what you have typed so far matches an entry earlier in the column, then
that full entry is placed in the cell you are entering until you press a
key that is different from the previous entry.

For example, Say I have a stock list with

BOLT 25mmx.6mm $4.00
BOLT 25mmx.8mm $4.50
BOLT $2.50

When I come to entering BOLT the second time, Excel prompts with the
measurement information and if it is the same, I can just hit enter to
accept it or I can type over it to replace it. If I'm not looking at the
screen as I type it it doesn't matter as my typing replaces the selection.
HOWEVER when I come to entering the third item here, which in this case has
no further information following it, Excel enters the measurement
information anyway and as I hit enter it is accepted. If I am working from a
paper list somewhere and entering lots of information very quickly - not
looking at the screen very often, then I can enter totally incorrect data.
My example is not a fantastic one, but I have NOTICED that I have been
stuffed up several times already by this cute little feature. How many times
have I not noticed that the information is incorrect? I think that this
little feature will cause a lot of heartache around the world as some data
becomes entered incorrectly.

Andrew Goodman-Jones [email protected]

------------------------------

Date: Wed, 6 Dec 1995 18:27:07 CST
From: [email protected] (Flint Pellett)
Subject: Test it as it will be used

The article about the Intel CD-ROM reminded me of a similar case I
encountered only a few weeks ago. My son purchased a CD-ROM with software
for a game on it. The minimalist instructions said merely to "Insert the CD
in your computer, cd to the drive your CD is on, and type 'install'." (I
note that you are expected to realize that the lower-case "cd" means
change-directory, while the upper-case "CD" means compact-disc. I wonder
how many neophytes get confused by these.)

It didn't work. It appears that the packaging strategy that was employed
was to copy three things to the CD: a compressed archive about 15MB big, a
program that could uncompress archives of that type, and a 3-4 line install
script that would invoke the uncompress program to uncompress it out to
whatever directory on your hard disk you specified.

Other than the obvious stupidity inherent in having a 15 MB compressed
archive as the only file on a CD-ROM capable of holding 600 MB, rather than
just putting 30 MB of uncompressed files on the CD, the problem was that the
uncompression program they used worked by creating a temporary file in the
same directory as the archive file: it is therefore incapable of
uncompressing a file on a Read-Only file system like a CD where it isn't
allowed to create files.

In order to install the software, I had to figure out that that the above
situation was in fact the problem (not easy based on the error message I was
given, which read merely "archive file corrupt", when in fact it was fine),
copy the archive file to my hard disk, then uncompress it there. This also
meant that I needed a lot more disk space free than they claimed in the
"requirements" on the box.

The RISK Lesson? Don't assume that the installation program you tested when
you ran it in your development environment (from a Read-Write Hard Disk) is
going to work when used in the actual installation environment unless you
test it in exactly that environment.

------------------------------

Date: Wed, 22 Nov 1995 13:22:21 -0500
From: David M Kennedy <[email protected]>
Subject: Re: Getting your clearance on the net

[>From: [email protected] (PRIVACY Forum)
PRIVACY Forum Digest Monday, 5 December 1995 Volume 04 : Issue 25
Moderated by Lauren Weinstein ([email protected])
Vortex Technology, Woodland Hills, CA, U.S.A.]

Name withheld on request (RISKS-17.41) discusses a relatively new
system used by the Defense Investigative Service for submission of
Personnel Security Questionnaires (PSQ) called, not surprisingly, the
EPSQ. The current version is 1.2.

>You obviously don't sign the form (no digital signature capability); at
> some point in the future they said I'll be asked to sign a hardcopy.

I have applicants sign the form prior to transmission. We terminate any
applicant who lies on their forms.

>The risks of sending any sort of confidential information over the net
> have been described to death, so there's nothing new. It just amazes
> me that the U.S. government office responsible for handing out
> clearances could be so unaware of the risks as to allow it.
...yadda, yadda, yadda.

The data is encrypted by the EPSQ program as it creates the disk file.
The program uses FUNCky a product of dLESKO, Inc of Jersey City, NJ.
Before the encrypted file is transmitted, it's zipped using PKWARE and
the program requires the user to use PKZIP's encryption feature.
FUNCky has not been evaluated to meet FIPS 140-1 requirements for
cryptographic modules and the DIS recognizes it is not equal to DES.
Most security-aware professionals know of the plethora of PKZip
crackers available.
So Name Withheld's data was double encrypted before being sent
over the net, and it's stored in a file that can't easily be read. This begs
the question of how much security is necessary to protect Name
Withheld's data? After all, we're not talking launch codes here. DIS
recognizes the need to use FIPS 140-1 compliant encryption and is
moving in that direction. In the mean time they've put something in the
hands of security managers in the field that provides adequate
safeguards considering the value of the data and the risks associated
with it's compromise.
Version 2.0 of the EPSQ will have more robust encryption. Among the
products under consideration are RSA's BE SAFE and AT&T's SURITY.
Both Name Withheld and [email protected] demonstrate the RISKS
of posting without checking the facts beforehand.

For PRIVACY Forum Digest readers: DavidG whined about the risks of the US
Army's use of computers to assist in field artillery fire control, something
we've done since Vietnam.

Dave Kennedy [US Army MP] [CISSP] (husband of a former Artillery Officer)
[email protected] volunteer SysOp National Computer Security Assn

------------------------------

Date: Wed, 6 Dec 1995 09:28:36 +0000 (GMT)
From: "Lindsay F. Marshall" <[email protected]>
Subject: Data Erasure

I have been asked to pass on to the list a request from someone from the BBC
who would like to find information about "the largest amount of data ever
lost in a computer related catastrophe". I couldn't think of any
particularly large losses off-hand - perhaps the government records of
Kuwait?

If you can help please send e-mail to [email protected]
and mark the message for the attention of David Concar who will pass
it on to his wife, Caroline North who is the originator of the request....
I suspect a copy to RISKS of any information would be appreciated as well.

http://catless.ncl.ac.uk/Lindsay

------------------------------

Date: Tue, 5 Dec 1995 12:27:47 -0500
From: [email protected] (Gary Chapman)
Subject: New Book: Civilizing Cyberspace

Steven E. Miller, a member of the national board of directors of Computer
Professionals for Social Responsibility, has published a new book,
*Civilizing Cyberspace: Policy, Power and the Information Superhighway*
(Addison Wesley, 1995, 413 pages).

This is the best book I have seen on the public policy debates surrounding
the information superhighway. It covers all aspects of this debate,
including democracy, citizenship, community networks, privacy, intellectual
property, competing models of the NII, universal service, equity, freedom
of expression, protecting the public interest, encryption, and so on.

Highly recommended for anyone interested in this subject, or for use as a
text in classes.

-- Gary

Gary Chapman, Coordinator, The 21st Century Project
LBJ School of Public Affairs, Drawer Y
University Station, University of Texas
Austin, TX 78713
(512) 471-8326 (512) 471-1835 (fax) [email protected]

------------------------------

Date: Tue, 5 Dec 1995 17:01:39 +0001 (EST)
From: "Daniel P. B. Smith" <[email protected]>
Subject: Microsoft grammar checker

Recent posts about spelling checker oddities spur me to mention the grammar
checker included in Microsoft Word for several years now. The RISKS-related
issues are software bloat, creeping featuritis, and software problems that
escape notice for a long time because apparently nobody ever really uses the
software. I've had several conversations with colleagues about this. I
assert that "obviously nobody at all uses the grammar checker because nobody
seems to be aware that it doesn't work." I usually get a bored response.
But whenever I succeed in actually getting someone to run the thing on one
of their own compositions, I get a stream of amazed comments along the lines
of "Huh?" "Gosh!" "This is _unbelievable_!" "Why on earth did it say
_that_?" "Why is it complaining about the passive voice? This sentence
isn't in the passive voice." "What in the world _is_ it doing?"

For example, presented with the sentence

"Part of health service culture is that young doctors often make mistakes,
and experienced nurses can often fix their mistakes informally."

the grammar checker in Microsoft Word for the Mac version 5.1 responds:

Consider "those" instead of "that." OR Consider "doctor" instead of
"doctors."

When presented with:

"The other possible explanation is that nurses are reluctant to question
the authority of doctors, even if (to a lay observer) the doctor has
clearly made a mistake."

it responds:

"This appears to be a run-on sentence."

The problems with the grammar checker are not subtle. I beg and plead with
anyone tempted to reply in its defense that they try it out, on a piece of
real text, before replying. I truly believe that this is a piece of
software that cannot possibly be of use to anyone: not to students, not to
people who are not native English speakers. It exists only because it makes
a good demo and looks good on a bullet-list chart.

Daniel P. B. Smith [email protected]

------------------------------

Date: Tue, 5 Dec 1995 08:51:14 -0500
From: [email protected] (David Eddy)
Subject: Ambiguous abbreviations (Thornburg, RISKS-17.51)

> ... what does "NCSA" mean?

I suggest you check out the Gale's "AIAD" (Acronyms, Initialisms,
Abbreviations Dictionary) 3 volume dictionary in your library.

Here are the counts for some very common 'standard' abbreviations:

IRS - 49 meanings
MIS - 60 meanings
MIT - 31 meanings

MIT = Massachusetts Institute of Technology or male impotence test?

AMT = amount or alternate mating technique?

I think there were at least a half dozen meanings for THE (normally
discarded as a noise word in automated indexing schemes).

It's all in the context. Humans are pretty good at detecting contextual
clues (explicit & implicit). So far machines are pretty much clueless.

David Eddy Phone: 617-455-0949 [email protected]
Global Software, Inc., P.O. Box 2813, Duxbury, MA 02331-2813

------------------------------

Date: Tue, 5 Dec 1995 05:12:22 PST
From: [email protected]
Subject: Re: Costs of 1999->2000 date fix: FIX (Huggins, RISKS-17.51)

> The article gives a few other estimates, claiming that the average
> Fortune 500 company will spend $100M to convert their own systems.
> Worldwide, the cost is estimated at $300-600M.

This is either an unrevealed combination of different estimates or a typo,
or there are only 3 to 6 Fortune "500" companies. Has the economy gotten
*that* bad?

Mark Jackson - http://www.alumni.caltech.edu/~mjackson

[Also commented on by Sten Drescher <[email protected]>. PGN]

[Oops -- I should have written the total cost
as $300-600 billion, not million. My mistake.
Jim Huggins ([email protected]).]

------------------------------

Date: Tue, 5 Dec 95 12:36:52 EST
From: [email protected]
Subject: Re: What do we call the 2000s?

Date: Mon, 04 Dec 1995 01:32:20 -0500
>From: [email protected] (Aaron L Dickey)
Newsgroups: alt.fan.cecil-adams
Subject: Re: What do we call the 2000s?

In article <[email protected]>, [email protected] (Matthew D
Eayre) wrote:

> Isn't there a bunch of business software written is some language (COBOL
> maybe) that is going to fall apart come the year 2000?

Oh, it's a lot more than just COBOL. There's a whole mailing list devoted
to sorting this mess out, and a FAQ file at <http://www.year2000.com/>.

Aaron Dickey The Associated Press - New York
[email protected] HotWired Net Soup Contributor

------------------------------

Date: Thu, 07 Dec 1995 12:53:00
From: [email protected] (Edward Rice)
Subject: Re: Luggage lockers (Kilbane, RISKS-17.48)

Steve_Kilbane described a situation in which a security locker might remain
(or become) unsecure, due to race conditions in the use of a shared control
console.

It's not too hard to foresee a race condition where someone pays
to lock your luggage in, and then walks off with the unlocking code.

Of course, a cost-conscious thief will do it the other way: open and close a
locker door, then let you walk up and pay for her locker and then stroll
over to take your belongings. Let's see... saving five shillings per theft,
ten strikes a day, times time and a half for overtime...

------------------------------

Date: Tue, 05 Dec 95 10:47:41 EST
From: Lawrence Kestenbaum <[email protected]>
Subject: Watergate and erasure (Wicklund, RISKS-17.51)

Tom Wicklund wrote in RISKS-17.51 that the contents of the infamous
18.5-minute gap on a Nixon Watergate tape "could have been recovered even if
they were simply erased -- enough signal would remain if you really wanted
to get the information back."

This ability did exist at the time, and the tape was examined by experts in
the field. It turned out that the tape segment in question had been erased
*repeatedly*, perhaps a dozen times, enough to wipe out any pre-existing
information. This evidence established beyond doubt that the erasure was
not accidental.

I understand there are erasure security standards for magnetic media which
specify that the disk or tape be overwritten a certain number of times
(six?) to ensure that the former contents be unrecoverable.

No question, though, that it's preferable to distribute information on
disks which never held any sensitive data.

Lawrence Kestenbaum, [email protected] Political Science Department
Michigan State University

------------------------------

Date: Thu, 07 Dec 1995 11:52:31 -0500
From: "David M. Balenson" <[email protected]>
Subject: Program Announcement - ISOC 1996 Symp. Netw. & Distr. Sys. Security

THE INTERNET SOCIETY 1996 SYMPOSIUM ON
NETWORK AND DISTRIBUTED SYSTEM SECURITY
(NDSS '96)

22-23 FEBRUARY 1996

SAN DIEGO PRINCESS RESORT, SAN DIEGO, CALIFORNIA

The symposium will bring together people who are building software and/or
hardware to provide network and distributed system security services. The
symposium is intended for those interested in the more practical aspects of
network and distributed system security, focusing on actual system design
and implementation, rather than in theory. We hope to foster the exchange
of technical information that will encourage and enable the Internet
community to apply, deploy and advance the state of the available security
technology.

P R E L I M I N A R Y P R O G R A M

WEDNESDAY, FEBRUARY 21

6:00 P.M. - 8:00 P.M. RECEPTION

THURSDAY, FEBRUARY 22

8:30 A.M. OPENING REMARKS

9:00 A.M. SESSION 1: ELECTRONIC MAIL SECURITY
Chair: Stephen T. Kent (BBN Corporation, USA)

Mixing E-mail with BABEL, Gene Tsudik and Ceki Gulcu (IBM
Research Division, Zurich Research Laboratory, SWITZERLAND)

An Integration of PGP and MIME, Kazuhiko Yamamoto (Nara
Institute of Science and Technology, JAPAN)

10:30 A.M. SESSION 2: DISTRIBUTED OBJECT SYSTEMS
Chair: Dan Nessett (Sun Microsystems, USA)

A Security Framework Supporting Domain Based Access Control in
Distributed Systems, Nicholas Yialelis and Morris Sloman
(Imperial College, London, UNITED KINGDOM)

PANEL: Scalability of Security in Distributed Object Systems
Chair: Dan Nessett (Sun Microsystems, USA)
Panelists: Dan Nessett (Sun Microsystems, USA), Nicholas Yialelis
(Imperial College, London, UNITED KINGDOM), and Bret Hartman (Odyssey
Research Associates, USA)

1:30 P.M. SESSION 3: DISTRIBUTED SYSTEM SECURITY
Chair: Michael Roe (University of Cambridge, UNITED KINGDOM)

A Flexible Distributed Authorization Protocol, Jonathan Trostle
(CyberSAFE, USA) and B. Clifford Neuman (Information Sciences
Institute, University of Southern California, USA)

Preserving Integrity in Remote File Location and Retrieval, Trent
Jaeger (University of Michigan, USA) and Aviel D. Rubin (Bellcore, USA)

C-HTTP - The Development of a Secure, Closed HTTP-Based Network on the
Internet, Takahiro Kiuchi (University of Tokyo, JAPAN)
and Shigekoto Kaihara (University of Tokyo Hospital, JAPAN)

3:30 P.M. SESSION 4: PANEL: INTELLECTUAL PROPERTY PROTECTION
Chair: Peter G. Neumann (SRI International, USA)
Panelists: David Bernstein (Electronic Publishing Resources, USA),
Russ Housley (Spyrus, USA), and Dan Boneh (Princeton University, USA)

7:00 P.M. DINNER BANQUET

FRIDAY, FEBRUARY 23

8:30 A.M.
SESSION 5: NETWORK SECURITY
Chair: Matt Bishop (University of California at Davis, USA)

Designing an Academic Firewall: Policy, Practice and Experience with
SURF, Michael B. Greenwald, Sandeep K. Singhal, Jonathan R. Stone,
and David R. Cheriton (Stanford University, USA)

Digital Signature Protection of the OSPF Routing Protocol, Sandra
Murphy and Madelyn Badger (Trusted Information Systems, USA)

A Case Study of Secure ATM Switch Booting, Shaw-Cheng Chuang and
Michael Roe (University of Cambridge, UNITED KINGDOM)

10:30 A.M.
SESSION 6: KEY MANAGEMENT
Chair: Burt Kaliski (RSA Laboratories, USA)

SKEME: A Versatile Secure Key Exchange Mechanism for Internet,
Hugo Krawczyk (IBM T.J. Watson Research Center, USA)

IDUP and SPKM: Developing Public-Key-Based APIs and Mechanisms for
Communication Security Services, Carlisle Adams (Bell-Northern Research,
CANADA)

1:00 P.M.
SESSION 7: ENCRYPTION
Chair: Paul Lambert (Oracle, USA)

An Empirical Study of Secure MPEG Video Transmissions, Iskender
Agi and Li Gong (SRI International, USA)

Parallelized Network Security Protocols, Erich Nahum and David J. Yates
(University of Massachusetts, USA), Sean O'Malley, Hilarie Orman and
Richard Schroeppel (University of Arizona, USA)

A "Bump in the Stack" Encryptor for MS-DOS Systems, David A.
Wagner (University of California at Berkeley, USA) and Steven M. Bellovin
(AT&T Bell Laboratories, USA)

3:00 P.M.
SESSION 8: PANEL: PUBLIC-KEY INFRASTRUCTURE
Chair: Warwick Ford (Bell Northern Research, CANADA)
Panelists: John Wankmueller (MasterCard International, USA), Taher ElGamal
(Netscape Communications, USA), and Michael Baum (VeriSign, USA).

GENERAL CHAIR:
Jim Ellis, CERT Coordination Center

PROGRAM CHAIRS:
David Balenson, Trusted Information Systems
B. Clifford Neuman, USC Information Sciences Institute

FOR MORE INFORMATION on registration, contact Donna Leggett by phone at
703-648-9888 or via e-mail to [email protected], or FAX to (703) 648-9887,
or regular mail to NDSS96, 12020 Sunrise Valley Drive, Suite 210, Reston,
VA, 22091, USA, or WEB PAGE http://www.isoc.org/conferences/ndss96
Contact the San Diego Princess Resort at 1-800-344-2626 (+1-619-274-4630 if
outside the United States) for lodging. To receive the special group rates,
reservations must be made no later than January 20, 1996.

David M. Balenson [email protected]; tel 301.854.5358; fax 301.854.5363
Trusted Information Systems, 3060 Washington Rd., Glenwood, MD 21738 USA

------------------------------

Date: 6 September 1995 (LAST-MODIFIED)
From: [email protected]
Subject: ABRIDGED info on RISKS (comp.risks)

The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...]
DIRECT REQUESTS to <[email protected]> (majordomo) with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:]
INFO [for further information]

CONTRIBUTIONS: to [email protected], with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome, but not personal attacks. [...]
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.

RISKS can also be read on the web at URL http://catless.ncl.ac.uk/Risks

RISKS ARCHIVES: "ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>
cd risks<CR> or cwd risks<CR>, depending on your particular FTP. [...]
[Back issues are in the subdirectory corresponding to the volume number.]
Individual issues can be accessed using a URL of the form
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]
ftp://unix.sri.com/risks [if your browser accepts URLs.]

------------------------------

End of RISKS-FORUM Digest 17.52
************************