precedence: bulk
Subject: Risks Digest 20.55
RISKS-LIST: Risks-Forum Digest Friday 27 August 1999 Volume 20 : Issue 55
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <URL:
http://catless.ncl.ac.uk/Risks/20.55.html>
and at ftp.sri.com/risks/ .
Contents:
New Microsoft Java flaw (Edward W. Felten)
Internet Explorer cannot read www.microsoft.com (Keith Edmunds)
Tokyo traffic chaos in GPS date rollover (Mike Martin)
GPS rollover hits yacht (Justin Mason)
9/9/99 (Lindsay Marshall)
Y2K in China (David Cowhig via Donald B. Wagner)
Downtown Chicago hit by electrical blackout (Doneel Edelson)
Power coming back on causes UPS to lose power (Ray Todd Stevens)
Numeric pager sending alpha messages (Ray Todd Stevens)
Ohio town law against cell phones while driving (Jim Griffith)
Justice seeks wider access to computer data (NewsScan)
Inadvertent nameserver cache poisoning (Rich Lafferty)
Purchase circles and insider information (Joseph A. Dellinger)
Can Linux survive software patents? (Martin Minow)
Canadian spy secrets leak on Web (David Kennedy)
Auto-Fix feature for Dell PCs (Henry Robertson)
Re: Car won't start if payments are delinquent (Keith Edmunds)
gnu touch has an unusual sense of time (B. Elijah Griffin)
Security check powers up computer (Edward Holden)
Re: NCIC 2000 (Otto Stolz)
USENIX Annual Conference 2000, Announcement and Call For Papers (Moun Chau)
USENIX Security Symposium 2000, Announcement and Call for Papers (Moun Chau)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Thu, 26 Aug 1999 19:51:37 -0400
From: "Edward W. Felten" <
[email protected]>
Subject: New Microsoft Java flaw
We have discovered a serious security flaw in the versions of Microsoft's
Java Virtual Machine that are distributed with Internet Explorer 4 and
Internet Explorer 5 for Microsoft Windows. The flaw allows the creation of
a malicious applet that is attached to a HTML page, which could be delivered
over the Web via Internet Explorer or by e-mail via Outlook or other mail
programs that use Microsoft's Java Virtual Machine. When the malicious
applet is executed, it can read, modify, or destroy any data on the
computer, insert a virus, insert software to spy on the user's future
on-line activities, or take any other malicious action. The attack does not
require the user to do anything beyond viewing the Web page or e-mail
message.
The flaw is a programming error (a race condition) in one of the
security-critical parts of Microsoft's Java class libraries. A malicious
applet can exploit this error to violate Java's security rules. The applet
can then proceed to take control of the machine and perform any actions it
likes. We have implemented and tested an applet that demonstrates this flaw
by deleting a file on the victim's PC.
We are not releasing the demonstration applet or any further technical
details about the flaw at this time.
After consultation with us, Microsoft has issued a new version of
their Virtual Machine that fixes this problem. A security bulletin
from Microsoft can be found at
http://www.microsoft.com/Security/Bulletins/ms99-031.asp.
For further information, contact Edward Felten at
<
[email protected]>,
609-258-5906, or Teresa Lunt at <
[email protected]>, 650-812-4424.
Edward Felten, Princeton University
Drew Dean, Xerox PARC
Dan Wallach, Rice University
Dirk Balfanz, Princeton University / Xerox PARC
------------------------------
Date: Fri, 27 Aug 1999 16:24:03 +0100
From: "Edmunds, Keith" <
[email protected]>
Subject: Internet Explorer cannot read www.microsoft.com
I recently installed NT Server 4.0. Before upgrading to Service Pack 5, I
wanted to download some third party drivers. NT4 comes with Internet
Explorer V2, which is dated to say the least. I first decided to visit
Microsoft's web site to upgrade IE2 to IE4 or IE5. However, IE2 refuses to
display the home page at www.microsoft.com, giving instead the following
message: "Unable to open
http://www.microsoft.com/. You do not have
permission to open this item. Directory Listing Denied This Virtual
Directory does not allow contents to be listed."
The RISK here is obvious. Ensure that your web site can be read by old
browsers, even if it isn't very pretty. This is particularly so if your
current product (NT 4.0) includes an obsolete browser itself...
Keith Edmunds Reading UK <
[email protected]>
------------------------------
Date: Tue, 24 Aug 1999 10:55:20 +1000
From: "Martin, Mike" <
[email protected]>
Subject: Tokyo traffic chaos in GPS date rollover
The Australian Financial Review's Tokyo correspondent, Andrew Cornell,
reports (AFR Aug 24) that the GPS date rollover, previously discussed at
length in RISKS, occurred at 9 am Sunday Aug 22 in Japan and that "an
estimated 100,000 systems", mainly used by vehicle drivers for navigation
through Tokyo's unnamed streets, "froze or went blank as the system rolled
over into its new time sequence".
Cornell reports that Pioneer, the GPS market leader, had been advertising to
notify customers of the problem, and had adapted or replaced 210,000 of its
270,000 affected systems.
If this incident is typical of consumers' and small businesses' response to
a technology brick wall then it does not bode especially well for January 1
next year.
Mike Martin
[See also Reuters, *The New York Times*, 23 Aug 1999,
http://www.nytimes.com/library/tech/99/08/biztech/articles/23gps.html/ PGN]
------------------------------
Date: Sun, 22 Aug 1999 20:01:15 +0100
From:
[email protected] (Justin Mason)
Subject: GPS rollover hits yacht
From this evening's RTE news:
The Irish Marine Emergency Service has been dealing with a yacht on route
from the Scilly Isles to Kinsale which ran into fog and heavy weather south
of Ireland this morning. Local reports say that "The Tam-o-Shanter" radioed
for help when its Global Positioning System began to misread the boat's
position. The crew were further hampered by extremely heavy weather and a
torn sail. With the aid of the IMES and Coast Radio Stations, a position was
given and the yacht is now safely in Kinsale Harbour.
It is believed a millennium style bug caused the "Tam-o-Shanter" to lose its
position today. At midnight GMT (1am Irish time) the GPS "rolled over".
After its launch in 1980 it had a life span of 1,024 weeks, which reached
zero this morning when the system reverted back to its start time. All
mariners had been warned of this, but GPS units older than five years would
not have been capable of handling the change.
(snipped from
http://www.rte.ie/news/1999/0822/boys.html)
------------------------------
Date: Mon, 23 Aug 1999 11:43:03 +0100 (GMT)
From:
[email protected]
Subject: 9/9/99
According to a report in one of the UK Sunday papers two real occurrences of
the fabled 9/9/99 bug have been found, one in a non-critical medical
application. It would be interesting to have more information about this as
I have always thought that the 9/9/99 bug sounded like press scaremongering
rather than something that would really arise.
http://catless.ncl.ac.uk/Lindsay
------------------------------
Date: Mon, 23 Aug 1999 09:31:45 +0200
From: "Donald B. Wagner" <
[email protected]>
Subject: Y2K in China
Date: Sat, 21 Aug 1999 20:32:39 -0400
Reply-To: H-Net list for Asian History and Culture <
[email protected]>
From: David Cowhig <
[email protected]>
Subject: H-ASIA: May 1999 China Y2K National Conference: Guarded Optimism
May 1999 China Y2K National Conference: Guarded Optimism A June 1999 report
from U.S. Embassy Beijing
http://www.usembassy-china.gov/english/sandt/Y2kcnfwb.htm
[see also the recently updated links to Chinese Y2K related websites at
http://www.usembassy-china.gov/english/sandt/y2gov.htm ]
Summary: China Y2K Czar Zhang Qi and other speakers at the Second PRC
National Y2K Conference held on May 6-7 in Beijing expressed greater
confidence in China's electric power grids but greater concerns about the
effect of the Year 2000 computer problem on railroad freight, medical
instrumentation and embedded chips. Zhang Qi said that electric power
companies would be assured funding for Y2K solutions. Some Chinese experts
doubt, however, that Y2K funding will be made available; the August 1998
State Council Y2K order made each unit responsible for funding its own Y2K
solutions. Zhang mentioned the recent Shanghai Y2K Seminar with Secretary of
Commerce Daley and her upcoming August 1999 USIA sponsored trip to the
U.S.A.. Central government speakers discussed the Y2K problem in
telecommunications, electric power, and transportation. Local government and
industry Y2K speakers came from Liaoning Province, Beijing Municipality, the
Beijing Municipal Health Bureau, the Baoshan steel company and Chinese
banks. Two speakers discussed Y2K legal liability issues. The speakers
agreed that China faces Y2K difficulties in many sectors but no one foresaw
a national cataclysm. The Embassy Beijing view is that Y2K will not put
American citizens in China into danger but will likely affect business and
especially small businesses such as suppliers and small contractors. These
Y2K problems might affect the overall Chinese economy gradually over weeks
and months.
------------------------------
Date: Thu, 12 Aug 1999 16:32:30 -0400
From: "Edelson, Doneel" <
[email protected]>
Subject: Downtown Chicago hit by electrical blackout
Downtown Chicago experienced extensive blackouts on 12 August 1999.
Initially, three of the four transformers at a North Side substation went
off-line. (One transformer had been undergoing repairs.) In addition, a
high-voltage cable failed. This caused Commonwealth Edison to black out
about 2300 customers in two different areas. The Chicago Board of Trade,
other exchanges, banks, businesses, and residences were shut down. [Reuters
item, forwarded by Doneel from Yahoo! News Top Stories Headlines, 12 August;
PGN-ed]
------------------------------
Date: Mon, 23 Aug 1999 20:03:41 +0000
From: "Ray Todd Stevens" <
[email protected]>
Subject: Power coming back on causes UPS to lose power
This is an interesting failure mode. Situation: Computer (monitor
and printer) running on a UPS that is plugged into 110 with other
items. Here is the failure sequence.
Power goes out for a period of several minutes (at least 15 to cause
failure) UPS has been sized to allow 1 hour run time for computer.
Everything runs fine. User acknowledges the UPS alarm and continues to work
as planned. Power is restored. Everyone assumes that all is OK. UPS
switches into battery charge mode and switches to line mode. The combined
load is more than the breaker can take. Now we have a localized power
failure.
#1 The power is back for such a short duration that the alarm on
the UPS doesn't reset and trigger.
#2 The other items on the circuit are noncritical and are not noticed
to be off line.
So, after about 30-45 minutes, the computer crashes with no warning.
Ray Todd Stevens, Senior Consultant, Stevens Services
R.R.#14 Box 1400, Bedford, IN 47421 (812) 279-9394
[email protected]
------------------------------
Date: Mon, 23 Aug 1999 20:05:19 +0000
From: "Ray Todd Stevens" <
[email protected]>
Subject: Numeric pager sending alpha messages
One of my friends works in the customer service call center of a national
pager company. He deals with the usual complaints regarding poor pager
operation, as well as the occasional crank caller demanding to be paged less
often, more often, or by more interesting people.
The best call came from a man who repeatedly complained that he keeps being
paged by "Lucille." He was instructed that he would have to call her and
tell her to stop paging him.
"She don't never leave no number, so I can't call her back," he said.
After three such calls, someone thought to ask how he knew it was Lucille if
she didn't leave a number.
"She leaves her name," was the reply.
After establishing that the customer had a numeric-only pager, the light
bulb came on.
"How does she spell her name?" the service rep asked.
"L-O-W C-E-L-L"
Another problem solved.
[I picked this up off of a joke list, but it certainly seems to apply to
this list also.]
Ray Todd Stevens, Senior Consultant, Stevens Services
R.R.#14 Box 1400, Bedford, IN 47421 (812) 279-9394
[email protected]
------------------------------
Date: Wed, 25 Aug 1999 16:17:00 -0700 (PDT)
From: Jim Griffith <
[email protected]>
Subject: Ohio town law against cell phones while driving
CNN reports that Brooklyn, Ohio has passed a city ordinance banning the use
of all but hands-free cell phones in moving vehicles, except in emergency
situations. Effective September 1, violations may result in a $100 fine.
The city is responding to recent studies that show that the chance of having
an accident dramatically increases (one study says "quadruples") when cell
phones are being used.
http://www.cnn.com/US/9908/25/cellphone.ban/
------------------------------
Date: Fri, 20 Aug 1999 08:20:25 -0700
From: "NewsScan" <
[email protected]>
Subject: Justice seeks wider access to computer data
The Justice Department wants to broaden rules for allowing law enforcement
officials to secretly enter suspects' homes or offices and disable security
on PCs in advance of administering a wiretap or conducting a further search.
An Aug. 4 memo says that encryption software "is increasingly used as a
means to facilitate criminal activity, such as drug trafficking, terrorism,
white-collar crime, and the distribution of child pornography." Officials
at the Justice Department have drafted the Cyberspace Electronic Security
Act, which would expand existing search warrant powers to allow for
disabling encryption. To extract information from the computer, agents
would still be required to get additional authorization from the court.
Privacy advocates say the proposed legislation would compromise personal
freedoms: "They have taken the cyberspace issue and are using it as
justification for invading the home," says a spokesman for the Center for
Democracy and Technology. [*The Washington Post, 20 Aug 1999*,
http://www.washingtonpost.com/wp-srv/business/daily/aug99/encryption20.htm;
NewsScan Daily, 20 August 1999; reproduced with permission. To subscribe to
NewsScan Daily, send an e-mail message to
[email protected] with
'subscribe' in the subject line.]
------------------------------
Date: Mon, 23 Aug 1999 02:51:02 -0400
From: Rich Lafferty <
[email protected]>
Subject: Inadvertent nameserver cache poisoning
[Site names omitted to protect the guilty and innocent...--r]
I just ended an unusual conversation in which myself and a colleague were
enlisted to help debug a nameserver problem in which, according to the
original report, a large site had started using a smaller site's nameservers
for all its requests.
As it turns out -- and the nature of the original report, pointing at the
large site, managed to disguise this for a while -- the smaller site was a
domain farm, where, instead of adding A records for their thousands of
domains and hundreds of hostnames in each domain, they had configured their
nameserver to respond with a particular A record for any responses that
managed to make it to their nameserver. While this would also give their
address to queries for names that they weren't authoritative for, this
wasn't a problem in practice, as they had no local users using those
nameservers.
In other words, when working, only queries regarding their domains would
reach their server, and their server would respond with the same address for
all of those. Not particularly elegant, but it seemed to work.
Then they added NS records to those responses. And not just any NS records
-- accidentally or otherwise, all of their responses were claiming NS
authority over .com.
Now, usually, that wouldn't get picked up by anyone -- nameservers querying
their server would have a perfectly-good cached NS record for .com. obtained
from a root nameserver. But it *did* happen that the nameserver at this
large site managed to start thinking that this little nameserver was
responsible for .com., and started sending all of its queries there. As far
as I can tell, it was only a matter of unfortunate timing, with a request
landing at that server and their cached NS record for .com. expiring at
nearly the same time.
The effects were somewhat disastrous, of course. Since the nameserver was
configured to give the same A record for everything, all of the requests for
*.com from the large site ended up at the same page full of
advertisements. The domain servers at the small site were overwhelmed, and
so were the *web* servers, having to serve up the page full of adverts so
often.
While nameserver cache poisoning is something of an old RISK, this instance
had unusual repercussions in that it basically ended up with a denial of
service for all parties involved. (While we hope we caught it before it
became an extended problem, had we not, it would have continued indefinitely
as the small site's nameserver continued reminding the large site that it
was responsible for .com. with every request any of the large site's clients
might have made.)
(Interestingly, it took some explaining before the small site would
acknowledge that the problem was at their end -- it often comes as a
surprise to small Internet quick-buck operations such as these that what
they do wrong can have such a disastrous effect on other parties. The ones
described above ended up getting things resolved after encountering myself
and a colleague on an IRC channel which offers help with Unix.)
Rich Lafferty, Information and Instructional Technology Services, Concordia
University, Montreal, QC 1-514-848-7625
[email protected]
------------------------------
Date: Thu, 26 Aug 1999 15:54:23 -0500 (CDT)
From: "Joseph A. Dellinger" <
[email protected]>
Subject: Purchase circles and insider information
Amazon.com has come out with a new service, "purchase circles". It lets you
look up the 10 most popular books ordered by people at different
companies. I'm not sure amazon.com realizes how powerful an information
source this is. I heard about this new feature from Stanford students near
graduation, who are using it to assess the relative "Dilbert index" of
possible future employers (as indicated by the ratio of new-age management
to technical books making the list). You can also use it to get some idea of
the current mood within a company. One large oil company in particular
stands out: people there are mostly ordering books on changing careers and
on introductory web/programming/internet skills. Not surprisingly, this is a
company about to be acquired.
The complete list of books being ordered by a given company might provide
very interesting insider information. There might be a noticeable spike in
"What color is my parachute" orders preceding public disclosure of an
impending big layoff, for example. A rash of "introductory Spanish" book
orders might indicate a planned expansion into or relocation of workers to a
Spanish-speaking country. How long before employees are ordered not to order
books over the internet using their work accounts?
------------------------------
Date: Sun, 15 Aug 1999 21:14:30 -0700
From: Martin Minow <
[email protected]>
Subject: Can Linux survive software patents?
<
http://linuxjournal.com:82/articles/currents/003.html>
An interesting article on the effect of patents on open source software.
Disclaimer: I'm a co-author of one patent, and recently authored three
software patents for my former employer.
Before moving to San Francisco, I helped a friend try to recover backup
tapes from MIT-AI (the birthplace of the Open Source movement, though there
was much open source available before that computer). It seems that MIT folk
wanted to recover "prior art" (from the 1960's) that is now being patented.
Martin Minow
[email protected]
------------------------------
Date: Fri, 27 Aug 1999 02:32:39 -0400
From: David Kennedy CISSP <
[email protected]>
Subject: Canadian spy secrets leak on Web
http://www.globeandmail.com/gam/National/19990826/USPYYN.html
by Andrew Mitrovica
>In what intelligence experts are calling an embarrassing gaffe and a
>serious breach of security, one of the military's top-secret electronic
>eavesdroppers posted the names and location of CF-18 pilots based in Italy
>on his own Web page before and during the war in Yugoslavia, The Globe and
>Mail has learned. [...]
>Moreover, he said he set up his Web page with the consent of his superiors
>at the Defence Department before he shut it down in the spring because he
>feared that it might imperil the lives of CF-18 pilots and their crews, who
>made hundreds of bombing sorties during the Balkans war. [...]
>Reg Whitaker, a York University political science professor and an expert
>on intelligence matters, said MCpl. Arsenault's Web page was "a very
>serious breach of security. And it clearly provides confirmation that these
>guys [CSE] were there [in Italy]. It's safe to assume that this kind of
>sensitive information being posted on the Internet is not official policy
>for the agency. That's really very embarrassing." [...]
>His Web page was not the only source of information about military snoops
>and the CSE to appear on the Internet recently.
>
>In March of 1997, the Defence Department briefly posted on its own Web site
>confidential information about military personnel who collect and monitor
>communications for the CSE, known in the military as "291ers."
>
>The department's Web site provided a complete list of the number, location,
>rank and responsibilities of hundreds of researchers throughout Canada, the
>United States and Britain. However, it did not include names.
Dave Kennedy CISSP Director of Research Services ICSA.net
http://www.icsa.net
------------------------------
Date: Thu, 26 Aug 1999 09:34:48 -0400
From: "Henry Robertson" <
[email protected]>
Subject: Auto-Fix feature for Dell PCs
These days many people (not me) have gotten used to the auto-update features
for various software packages. For example, the Norton Antivirus program can
be set so that every Friday night it automatically connects to the Norton
web site and downloads the latest virus protection features. Not a bad idea
if you trust this type of connection. Well, Dell has taken this a bit
further. A product called "Open Manage Resolution Assistant" will reside on
their next series of servers/workstations. It looks for failures or errors
and auto-notifies Dell's technical staff. (The worst is yet to come.) Dell's
staff then has the capability of doing remote diagnostics and running
certain "scripts" on your computer to find the problem. This requires a
major hole in your system firewall! If you feel comfortable with a
technician in Texas roaming around on your financial server, then this isn't
as scary for you as it is for me.
For more info see "Inter@ctive" magazine, vol.6, no.34, page 7.
Henry Robertson, Safety Systems Group, Jefferson Lab
[email protected] 1-757-269-7285
------------------------------
Date: Fri, 27 Aug 1999 16:02:39 +0100
From: "Edmunds, Keith" <
[email protected]>
Subject: Re: Car won't start if payments are delinquent (Smith, RISKS-20.54)
> ...The big difference is that an ignition lock malfunction puts the
> _purchaser_ at risk, so presumably market forces would work to insure
> reliability."
Insure or ensure? "Insure" means you accept that the risk exists and ask
someone else to pay out in some way if the risk is realised; "ensure" means
you do everything you need to do to remove the risk.
The RISK here is a misunderstanding about whether or not the risk exists,
and what comeback there might be if it does. Perhaps the real risk is not
understanding the difference between American and English: as one person
once said, "Two nations divided by a common language."
Keith Edmunds Reading England <
[email protected]>
------------------------------
Date: Fri, 27 Aug 1999 16:59:09 -0400 (EDT)
From: "B. Elijah Griffin" <
[email protected]>
Subject: gnu touch has an unusual sense of time
Today I was trying to use the output of "ls -l" and the --date option of
touch (from GNU fileutils 4.0) to restore time stamps on some files I'd
ftp'd to something close to the original time stamps.
Apparently, however, a command like:
touch --date='Nov 11 1996' file
results in "1996" being interpreted as 7pm plus 96 minutes or 8:36pm, which
I find to be a distinctly non-intuitive understanding of time.
Had I not double-checked the results, these mistaken time stamps would have
remained and conflicted with my intent for restoring them in the first
place.
Elijah
Of course, ls's ideas about displaying time are screwy enough.
[Of course, "fileutils" looks like it might be a French word
if you treat the "eu" as a diphthong. But then a diff-thong might be
a program that discriminates between things like thongs and songs. PGN]
------------------------------
Date: Tue, 24 Aug 1999 08:22:45 -0400
From:
[email protected]
Subject: Security check powers up computer
Before flying I normally put my laptop computer in my carry-on bag in
standby mode, where the contents of memory are stored on the hard disk and
the power is off.
Perhaps a dozen times in six months, the procedure for inspecting bags on
entry to the terminal seems to have managed to restart the computer. An
hour into flight, I discover the computer is on and the battery is 80%
used. This is irritating(!) and perhaps dangerous, although none of my
flights has crashed.
Sometimes, now, I remember to check the machine is still power-off by
inspecting it after boarding the plane while still parked at the gate. On
one such occasion I was strongly reprimanded by a flight attendant for
"using" the computer at that time.
I find it interesting that an anti-terrorist inspection might risk creating
an electronic hazard to a flight.
Edward Holden
------------------------------
Date: Mon, 23 Aug 1999 10:17:38 -0600
From: Otto Stolz <
[email protected]>
Subject: Re: NCIC 2000 (Fairfax, RISKS-20.54)
> What is particularly ironic about the new licensing requirement is that
> (legal) firearms ownership has long been limited to those persons who have
> no criminal record. Thus, the statute mandates the collection and
> dissemination of fingerprints from people who are known to have committed
> no crime.
Rather, those fingerprints are collected from people who are not known
to have committed a crime -- an essential difference, and probably part
of the rationale for that statute.
Otto Stolz
------------------------------
Date: Fri, 27 Aug 1999 19:57:52 GMT
From:
[email protected] (Moun Chau)
Subject: USENIX Annual Conference 2000, Announcement and Call For Papers
2000 USENIX Annual Technical Conference
June 18-23, 2000
San Diego Marriott Hotel & Marina
San Diego, California, USA
http://www.usenix.org/events/usenix2000
Sponsored by USENIX, the Advanced Computing Systems Association.
Please see the detailed submission guidelines and conference
information:
http://www.usenix.org/events/usenix2000/cfp
Paper Submissions deadline: November 29, 1999
-----------------------------------------------------
Date: Tue, 24 Aug 1999 20:00:31 GMT
From:
[email protected] (Moun Chau)
Subject: USENIX Security Symposium 2000, Announcement and Call for Papers
9th USENIX Security Symposium 2000 Conference
August 14 - 17, 2000
Denver, Colorado, USA
Conference URL:
http://www.usenix.org/events/sec2000
The USENIX Security Symposium brings together researchers, practitioners,
system administrators, systems programmers, and others interested in the
latest advances in security and applications of cryptography. The keynote
speaker is Dr. Blaine Burnham, Director of the Georgia Tech Information
Security Center (GTISC) and formerly Program Manager for the National
Security Agency (NSA) at Ft. Meade, Maryland.
See
http://www.usenix.org/events/sec2000/cfp/guidelines.html
Paper submissions due: February 10, 2000
[Wow! A year from now, and I just got back last night from the 1999
Conference in WashDC, after sitting on the plane docked at the gate
at Dulles, which finally took off four hours late while we waited
for a bunch of storms to pass. At least I did not have to go through
Chicago, where most UAL flights were cancelled because of someone
who evaded the security controls. PGN]
------------------------------
Date: 23 Sep 1998 (LAST-MODIFIED)
From:
[email protected]
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. Alternatively, via majordomo,
SEND DIRECT E-MAIL REQUESTS to <
[email protected]> with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
INFO [for unabridged version of RISKS information]
.MIL users should contact <
[email protected]> (Dennis Rears).
.UK users should contact <
[email protected]>.
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info
The full info file will appear now and then in future issues. *** All
contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to
[email protected] with meaningful SUBJECT: line.
=> ARCHIVES are available:
ftp://ftp.sri.com/risks or
ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
[volume-summary issues are in risks-*.00]
[back volumes have their own subdirectories, e.g., "cd 19" for volume 19]
or
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue].
PostScript copy of PGN's comprehensive historical summary of one liners:
illustrative.PS at ftp.sri.com/risks .
------------------------------
End of RISKS-FORUM Digest 20.55
************************
