Subject: RISKS DIGEST 17.63
RISKS-LIST: Risks-Forum Digest Thursday 11 January 1996 Volume 17 : Issue 63
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, etc. *****
Contents:
Justice Dept announces no prosecution of Phil Zimmermann (Stanton McCandlish)
Human error cuts power at air-traffic control center (Sean Reifschneider)
Misinterpreting technology -- Australian auto-autotolls (Kevin Lentin)
Re: A glitch in time shaves NIST (Rob Huey)
Tutorial on Internet Security for System and Network Administrators (Ed DeHart)
WinWord `Concept Virus' revisited (Tim Parker)
Re: Attacking Compuserve Subscribers (A. Padgett Peterson)
CompuServe's Motives Questioned (Edupage)
Re: CompuServe Overreaction (Sean A Dunn, Ben)
Re: Metaphorplay on Compuservile (Bear Giles)
CIS censorship--The Whole Story (Michael Kunze via Monty Solomon)
ABRIDGED info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Thu, 11 Jan 1996 17:50:27 -0800 (PST)
From: Stanton McCandlish <
[email protected]>
Subject: Justice Dept announces no prosecution of Phil Zimmermann
This is the Justice Dept. press release, verbatim [with considerable
whitespace trimmed by PGN], announcing the dropping of the investigation of
Phil Zimmermann (and presumably anyone else involved with PGP distribution
to Usenet in '91). Transcribed from fax:
[logo] United States Attorney
Northern District of California
San Jose Office (408) 535-5061
280 South First Street, Suite 371
San Jose, California 95113 FAX: (408) 535-5066
PRESS RELEASE, FOR IMMEDIATE RELEASE, January 11, 1995
Michael J. Yamaguchi, United States Attorney for the Northern
District of California, announced today that his office has declined
prosecution of any individuals in connection with the posting to USENET in
June 1991 of the encryption program known as "Pretty Good Privacy." The
investigation has been closed. No further comment will be made by the U.S.
Attorney's office on the reasons for declination.
Assistant U.S. Attorney William P. Keane of the U.S. Attorney's
Office in San Jose at (408) 535-5053 oversaw the government's investigation
of the case.
------------------------------
Date: Thu, 11 Jan 1996 08:49:34 -0600 (CST)
From: Sean Reifschneider <
[email protected]>
Subject: Human error cuts power at air-traffic control center
In this Sunday's paper, the AP reported on yet another failure of the ATC
system. Apparently, this one was caused by a technician who (after an
overnight shift) thought he was working on the standby power conditioning
system.
Power was killed when he went to reinsert a "card" into the system at about
6:55am. "We were completely in the dark for at least 5 and more like 6
minutes, "said a controller and union representative for the National Air
Traffic Controllers Association.
Limited radio contact was restored within minutes, but the main radio and
communications system was not fully operational until 8:38am, and all
systems were not back to normal until 9:32.
It was reported that no emergencies were reported during that time, possibly
due in part because it happened at a time when traffic normally was low.
My analysis: You often will see work being carried out by a group of 2 or 3
people in which only 1 of the people is really "working". A classic example
was a local televised problem that had some utility company working on the
problem. The news was interviewing a representative at the site who was
saying "we're working our butts off to get it fixed" while in the background
there were 3 or 4 guys standing around watching another guy dig.
It sounds like 2 possible actions can be taken in the future. 1 is making
it easier to distinguish the "live" and "standby" systems (some red spray
paint perhaps). Another is to have someone there "helping" the technician.
"Whoa, Bob! Don't'cha think you should be doing that on the STANDBY
machine?" Overnight shifts can be a real killer (no pun intended) if you
aren't extra careful.
(On a side note, I watched Apollo 13 a couple of weeks ago and think techies
can get a lot out of this movie. I loved watching the control systems. In
particular I remember the silenceable alarms similar to the medical ones
we've been talking about lately).
Sean Reifschneider <
[email protected]>
URL: <
http://www.tummy.com/xvscan> XVScan -- HP-UX/Linux X11 scanning software
------------------------------
Date: Wed, 10 Jan 1996 18:53:24 +1100 (EST)
From: Kevin Lentin <
[email protected]>
Subject: Misinterpreting technology -- Australian auto-autotolls
The RISKS described below are that when faced with new technology, people
who don't know what they are talking about, yet are given credence, can do
more harm than good. [This is in fact an old topic in RISKS, but it has
some new twists. PGN]
I encountered a double-barreled example on the radio today. The Victorian
Government (Victoria is a state of Australia) plans to build a freeway
system called CitiLink. It will be built and run by private companies and a
French company will be collecting tolls for about 34 years. The road will
cover a distance of something like 40km (22 miles).
A questionaire sent out by the opposition to the government (who detest
anything the government does - moreso than normal these days) was being
discussed on the radio. The 2 points discussed were completely misunderstood
by both the interviewer and the opposition member of parliament who was
pushing the survey results.
1. The system will use a transponder in the car to automatically collect
tolls. The questionaire posed a question describing how you would be able to
open an account with the toll collectors and pre-deposit money into it. It
then stated that they therefore had access to your bank balances and that
was an invasion of privacy. Did people support such a scheme?
It had escaped the minds of these people that if you pay anybody in advance,
or open an account with anybody, that person will know your balance. They
have to. If they don't, who else will? These two had decided that this was
an EFTPOS style system and that they could query your balance unlike any
other EFTPOS system.
This is on the number 1 rating radio show in Melbourne.
2. They claimed that the transponders had 2 way communication with the toll
`booms' and that therefore, all sorts of information about you and your car
could be sent. For example: SPEED! The fact that the transponder is taped to
your windshield and has no other connection to the car escaped their
attention.
Far more important, they missed the _real_ RISK. The tolls are to be taken
at over half a dozen regions along the route. The opposition is yet to bring
up the very real fact that any system that records when you go through each
toll (which most people would insist on seeing on their bills!) can
calculate your average speed between two such points and if you get from
point A to point B too quickly, know you've been speeding.
I am yet to hear any discussion of this point and the privacy problems
associated with it. Does the legislation prevent or allow the authorities to
obtain such information and/or use it in this way.
The only discussion of speed was whether the transponder could transmit the
speed of your car to the toll detectors. And the audience of these
politicians and media geniuses (genii?) will believe anything they hear!
Kevin Lentin
[email protected] CARLTON 21-15-141 d geelong 11-14-80
------------------------------
Date: Thu, 11 Jan 1996 12:15:41 -0500
From:
[email protected]
Subject: Re: A glitch in time shaves NIST (Peterson, RISKS-17.59)
Think about the impact of doing [the correction] at midnight. 1)The day
increments to January 1, 1996, 00:00:00. 2) you reset the clock to 23:59:59
- minus one second. 3) The clock starts running again. 4) the day flips
over, and it's suddenly, January 2, 1996, 00:00:00. No wonder they had
problems. I know that's what my VCR would do if I tried that :-).
My understanding is that in order to minimize problems, this "duplicate"
second was supposed to occur at 7:00pm on December 31, 1995. (Not sure
about 7:00pm, but) It was *not* supposed to happen at midnight. But, based
on the observed effect it sounds like the adjustment did, in fact, happen at
midnight.
What I don't understand is: shouldn't NIST be the responsible body to set
the official time (moment) when the leap second occurred!!?? Did they
decide on 7:00pm 12/31, and then the implementors didn't follow the
specification? :-)) Or were we at the mercy of a world organization
(something else for the militias to worry about :-), that specified the UT
(new/improved GMT :-) when it occurred, and it just happened to be midnight
in Washington? (Although, I think the clock is actually in Colorado?)
I wonder if the government shutdown had any impact on this!!
------------------------------
Date: Thu, 11 Jan 1996 15:52:50 -0500
From: Ed DeHart <
[email protected]>
Subject: Tutorial on Internet Security for System and Network Administrators
First offering...
February 15 at the Software Engineering Institute, Pittsburgh, PA
Who should attend?
* practitioners (UNIX system and network administrators) who need to build
and maintain trustworthy networked systems.
* UNIX system programmers
* practitioners who evaluate or initiate Internet connectivity
This one-day seminar teaches practical strategies and techniques to combat
the threat of intrusions and improve the security of operating systems
connected to the Internet. Participants typically have at least one thing
in common: the need, the desire, and the organizational mandate to provide
trustworthy network services. They also typically share a lack of
understanding of the issues related to network security and do not know how
to protect their systems from the level of threat that exists on the
Internet today.
The seminar will cover fundamental security practices for UNIX system
administration. Participants will learn about the latest information on
security problems, defensive strategies, offensive strategies, network
security, and establishing appropriate site security policy.
After completing the seminar, participants will be able to establish and
maintain a secure Internet site that allows the benefits of connectivity to
the Internet while protecting the organization's data. Participants will also
gain familiarity with tools that assist them in securing their systems.
Seminar topics include:
* latest information on security problems
* UNIX system security
* network security
* site security policies
SEI Events
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
FAX: 412 / 268-7401
To inquire about registration, payment, or logistics, contact--
Registration, Phone: 412 / 268-7388
Internet:
[email protected]
To inquire about the course [and receive the full announcement], contact--
Customer Relations, Phone: 412 / 268-5800
Internet:
[email protected]
------------------------------
Date: Thu, 11 Jan 1996 03:24:09 -0500
From: Tim Parker <
[email protected]>
Subject: WinWord `Concept Virus' revisited
I've recently had the unfortunate `pleasure' of dealing with the troubling
consequences of the `Concept Virus' that affects Microsoft Word for
Windows (WinWord) and Word for Macintosh. (To refresh your memory, the
`Concept Virus' is a Trojan horse that rides on AutoExec macros that can
be hidden in documents)
Microsoft has distributed a set of macros that partially protects users -
the macros identify documents that have macros and warns users that these
macros MIGHT be hazardous...
Several risks here...
1) The `fix' distributed by Microsoft isn't complete - there are ways to
open documents (like from the recently used files list) that don't trigger
the protection macros.
2) WordBasic is a very useful (albeit very quirky) language - enough so
that alot of people have taken the time to learn it and build useful things
with it - and enough so that just saying "don't run macros" is
unacceptable... And automating tasks without use of AutoOpen macros gets
much more difficult... (a macro named `AutoOpen' is executed when you open
a WinWord document)
3) Without a clear distinction between CODE and DATA, we have the
beginnings of a new form of terrorism - is it safe to read this document?
4) The REAL risk seems to be ignored here. WinWord DOCUMENTS cannot
contain macros - this is reserved to TEMPLATES - the problem here is that
you can give a TEMPLATE a ".DOC" extension and it will look to all in the
outside world that it is really a DOCUMENT. The key flaw here (at many
levels - from the operating system on up to the individual user) is that
everything seems to be relying on the NAME of the file to indicate the TYPE
of the file - rather than looking at the contents of the file to determine
type.
Microsoft has spent a lot of effort building on this fundamental flaw with
all versions of Windows - the application run to edit/view/print a file is
determined by the extension, not by the actual file format. Give a file a
filename with an inappropriate extension and strange things can happen.
(many applications will do a little error checking of their own and die
gracefully - others will just crash - but... use your imagination!) This is
really a thread all of its own...
What can we do to address this problem?
1) ensure that `code' and `data' are clearly distinguishable - we should be
able to communicate data without fear - code, on the other hand, is a
different issue...
2) develop a standard code wrapper scheme to provide authentication and
certification - Authentication (ala PGP) to verify that the file wasn't
altered after the creator created it - and that the creator is really the
creator) and Certification to allow proxies to bestow `trusted' status (This
would allow trusted third parties to `screen' code for you - the `certifier'
would also append a PGP-style signature). Users would have a repository of
public keys for `trusted' sources - the code is `trusted' if either the
`creator' or the `certifier' is in the repository (and, of course, the
signature and the key check out OK)
3) start working NOW to get rid of U.S. export restrictions on crypto
technology - good validation (and, for that matter, good anti-piracy)
depends on secure encryption methods - if we can't export it, we can't use
it in a world marketplace. I'm sure I'm not the first person in the world
to think of encoding messages in pictures or sound files - not too
efficient, but what's a little bandwidth when you really have something to
hide?
Tim Parker, Lobster Information Systems, Inc Litchfield, NH, USA
[email protected]
------------------------------
Date: Wed, 10 Jan 96 16:19:08 -0500
From:
[email protected] (A. Padgett Peterson)
Subject: Re: Attacking Compuserve Subscribers (Kabay, RISKS-17.62)
I really do not understand Mr. Kabay's concern for C$. (Of course, the
repeated reference to the NCSA forum may indicate that there is some bias
there.) Mr. Baker is free to write whatever he wants including a rather
restrictive copyright notice. Peter is free to publish or not and C$ is
free (practically not legally speaking) to respect it or not.
As an expression of intent it is clear that once the electronic word reaches
the Internet, any hope for control is about the same as controlling cats.
Certainly, if notices were universally respected, I would have retired long
ago from shareware revenue. Fortunately, it was not my expectation to derive
an income from it, rather to have some measure of control hence "copyrighted
freeware".
I have an opinion on the subject (in fact is the same one I sent to Klaus
before the first RISKS posting appeared) but it is really not necessary to
discuss. The question Mr. Baker faces is the same as the German authorities
face concerning "International" regulations: enforceability.
Their power to enforce does not extend beyond the limits of their
sovereignty. C$ does business in Germany. If they wish to continue then a
corporate decision must be made (and there are a number of options). It is
probable that Mr. Baker has even less ability to enforce his copyright
statement.
However I suspect that "free speech" is often confused with "property
rights". Anyone may disagree with Mr. Baker's position but to say that he is
wrong to take that position or to declare an intent to limit dissemination
is something entirely different.
I have been flamed on numerous occasions for refusing to provide viral code
or software I have developed to people simply because they feel they have a
need (often just a desire or pure laziness) for it. That is my "right". As a
result it is bothersome to see a respected member of the community chiding
another for putting restrictions on dissemination of what they have created
particularly when the restriction was obviously intended to be a statement
itself.
Padgett
------------------------------
Date: Thu, 11 Jan 1996 16:48:50 -0500 (EST)
From: Educom <
[email protected]>
Subject: CompuServe's Motives Questioned (Edupage, 11 January 1996)
CompuServe's recent action to shut down subscriber access to 200 newsgroups
carrying sexual content was motivated more by U.S. politics than German
objections, apparently. Reports that the action was in response to Bavarian
government complaints are false -- the incident was sparked by an inquiry
from a district attorney in Munich regarding the alt.sex groups. Leaders of
all four parties in the Bundestag have spoken out against any legislation to
regulate the Internet and agree that existing criminal law in Germany is
sufficient to handle any potential legal misconduct. It's rumored that,
rather than reacting to German authorities, CompuServe's restrictions were
enacted in response to legislation pending in Congress against "indecent"
digital content in an effort to bolster CompuServe's reputation as a morally
responsible online service provider. (STERN Infomat, 3, 1996)
------------------------------
Date: Wed, 10 Jan 1996 23:10:17 GMT
From: Sean A Dunn <
[email protected]>
Subject: Re: CompuServe Overreaction (RISKS-17.61)
It puzzles me that so many people are up in arms over Compuserve's decision
to block newsgroups, no matter how many. Discussion over the (lack of) right
of individual countries to say what they think is reasonable is bizarre, to
say the least.
If Germany decides, in any way, that it does not want certain sorts of
material available via Compuserve (a company that provides what amounts to
the largest bulletin board in the world - the Internet is different in that
each computer is actually part of it), and that decision is in accordance
with German law, it has the right to enforce it. Compuserve might find it
technically simpler to treat the entire world as basically groups of people
speaking funny languages, but if it wants to trade in Germany, it must act
in accordance with its laws, however bewildering or unreasonable.
If Compuserve finds it easiest to solve this problem (almost certainly in
the short-term) by canning all access to some news groups, then so be it -
you don't have to use Compuserve if you don't want to. The risk of trying to
insist that US liberalism should apply across the globe seems dangerous to
me. Expecting another country to obey according to your rules has probably
been a significant factor in the starting of a number of wars over the
centuries!
Global war, or even a local one, is not a likely consequence of differing
restrictions on pornographic material on Compuserve or the Internet. But, a
growing feeling that anyone should be allowed to say anything may be the
outcome. As is evidenced by comments in many newsgroups, the US dominates
Compuserve and the Internet - but US ideals are definitely not appropriate
nor appreciated by every country.
*** Sean Dunn, Wolverhampton, England ***
*** E-mail:
[email protected] ***
------------------------------
Date: Wed, 10 Jan 1996 09:53:04 +1100 (EST)
From:
[email protected]
Subject: Re: CompuServe Overreaction
I've thought of a RISK arising from the reaction of CompuServe to
pornography on its discussion groups.
If there were a discussion group that you wanted to attack, you could submit
some child pornography to it, and then wait for CompuServe to do your dirty
work for you, and close it down. And if you wanted to be thoroughly
despicable, you could submit the pornography via an anonymous remailer.
Every news group in the world is wide open to that kind of risk.
My opinion on the subject is this: if someone uses a telephone to commit a
crime, do you prosecute the telephone company? Obviously not - you prosecute
the person who committed the crime. I think that the case with Internet
service providers is similar.
Just because there are difficulties in the Internet, finding the person who
has committed the crime, doesn't make it reasonable to prosecute someone who
is innocent.
Ben
------------------------------
Date: Wed, 10 Jan 1996 11:04:53 -0700
From: Bear Giles <
[email protected]>
Subject: Re: Metaphorplay on Compuservile (Baker, RISKS-17.61)
I feel compelled to point out that Robert Anton Wilson found an even more
elegant solution in one of his fictional works. He believed it unlikely
that the Supreme Court justices would find their own names obscene, so
(using contemporary Justices) he would have a couple wildly thomasing in the
back of their car, a drunk man renquisting against a tree, a ditzy blonde
model with huge scalias, etc.
For anyone interested, I think this appeared in the second _Schroedinger's
Cat_ book, but I might be mistaken.
Bear Giles
[email protected]
------------------------------
Date: Thu, 11 Jan 1996 03:00:36 -0500
From: Monty Solomon <
[email protected]>
Subject: CIS censorship--The Whole Story
Begin forwarded message:
Date: Sat, 06 Jan 1996 09:33:39 GMT
From:
[email protected] (Michael Kunze)
Newsgroups: alt.censorship
Subject: CIS censorship--The whole story
Dear Nettizens,
Some few five-hundred postings ago, I promised you let you have more details
about the CompuServe censorship case investigated by the editorial staff of
SPIEGEL online. It is not a story of evil but of people acting overambitious
and ignorant. And it is not quite as simple as DrG might be wishing!
To keep it short, here are the facts:
In 1994, a Task Force called "AG EDV" was set up by the Bavarian Minister of
Interior at the Police Headquarters in Munich. Initially, the Task Force was
formed to search persons dealing with pornographic material via BTX the
former online service of German Telekom and its work was limited to one
year.
For the moment, investigations of this Task Force ran successfully due to
the assistance of Telekom. But simultaneously, people being suspected
changed their ways of distributing either to closed BBS systems or chose
more secret methods. So the Task Force was compelled to enhance their
efforts and they raided Munich BBS systems. Furthermore, they studied
computer magazines to find ads for pornographic CD-ROMs. During this
operation they found what they were looking for, and "PC Direkt", a Ziff
Davis publication, and some other magazine were forced to pulp some issues.
All activities of the Task Force could not have happened, if they were not
supported by a whole bunch of local prosecutors and judges. Sticking
together, chatting, doing favours forms a part of the social life in Munich
- in malicious words - the `Munich swamp'.
The prevailing opinion of the Task Force and of some prosecutors is that
carriers of digital information could held responsible for the content of
what they are spreading. This meaning matches exactly the content of the
CDA. But this is only one point of view. Up to now, there doesn't exist any
law or direction in Germany concerning responsibilities of ISPs or online
services regarding contents they only do deliver. And so, judges decide from
case to case. The German department of justice thinks that carriers could be
held responsible if they deliver illegal content "deliberately". But then,
could one call them "carriers"? [I suppose, if they are carrying "common"
materials, then they must be "common" carriers! PGN]
Last summer, a kind of hysteria about Internet pornography broke out in
German media. A few journalist had made their first steps in the Internet
and discovered nasty postings in the alt.binaries.pictures.erotica Usenet
hierarchy. A student of Erlangen University was seized because of spreading
child porn via Usenet. Then, the "Time" article about Internet porn was
published and quoted by nearly every German newspaper.
I think at that time the Task Force planned to investigate the Usenet. Due
to the facts that CIS had become a big ISP and their German office is
located in Munich, CIS seemed to be a worthwhile target. Somehow the Task
Force managed to get a search warrant to investigate the Munich CIS office
on November, 22nd. However, the search was more or less like a visit. Let
me quote the public prosecutor: CompuServe "was quite cooperative". "We sat
together talking about chances to kick pornographic contents out of
CompuServe's information system." The police officers just collected a copy
of the CompuServe association contract and the address of the CEO.
Two days later, CompuServe's German managers published that they "will do
anything to support the work of German authorities fighting against
pornography in Cyberspace". On December, 8th, CIS was handed a list of more
than 200 newsgroups by the Task Force. In my opinion, interpreting the
prosecutor and the CIS spokeswoman, this list was presented to CIS as
containing "suspicious newsgroups". In the attached letter from the
prosecutor it is said: "... it is left to CompuServe to take the necessary
steps to avoid possible liabilities to punishment."
So, if CompuServe should have ever had threats, it could have been only very
small ones. But there is no reason to their German management to risk
anything. CompuServe's approach is not to guarantee for "freedom of speech
and information" but to make "money".
When I interviewed the prosecutor, it soon became quite clear that his
department had tried to bring CIS to court to get its legal position checked
by some judges. Because of CIS servile tactics they had to give up their
goal.
The ominous list itself shows how ignorant the members of the Task Force are
about the Usenet. In my opinion, they just sampled all newsgroups containing
words like "sex", "erotic", "gay" and so on and put the result onto the
list.
We have two in-depth articles on the whole affair on our web server. One is
an extended version of what I've posted here, the other deals with the CDA
and the actual political and legal situation concerning the Internet.
Unfortunately for US readers, these articles are in German, because we
didn't find the time to translate them. But I hope will can manage this
until Monday 8th, 8:00 AM, EST. Then, you should point your browser to
<
http://hamburg.bda.de:800/bda/int/spon/online/excl03.html> or have a look
at our complete online services at <
http://www.spiegel.de>.
By the way, SPIEGEL Online is the online department of the [reputable]
German news magazine DER SPIEGEL.
Michael Kunze, Redaktion/editorial staff, Spiegel Online, Brandstwiete 19,
20457 Hamburg / Germany Tel.:+49(0)40-3007-0 Fax :+49(0)40-3007-2986
------------------------------
Date: 11 January 1996 (LAST-MODIFIED)
From:
[email protected]
Subject: ABRIDGED info on RISKS (comp.risks)
The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...]
DIRECT REQUESTS to <
[email protected]> (majordomo) with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:]
INFO [for further information]
CONTRIBUTIONS: to
[email protected], with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, nonrepetitious, and without caveats
on distribution. Diversity is welcome, but not personal attacks. [...]
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
RISKS can also be read on the web at URL
http://catless.ncl.ac.uk/Risks
RISKS ARCHIVES: "ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>
cd risks<CR> or cwd risks<CR>, depending on your particular FTP. [...]
[Back issues are in the subdirectory corresponding to the volume number.]
Individual issues can be accessed using a URL of the form
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]
ftp://unix.sri.com/risks [if your browser accepts URLs.]
------------------------------
End of RISKS-FORUM Digest 17.63
************************
