precedence: bulk
Subject: Risks Digest 20.65
RISKS-LIST: Risks-Forum Digest Sunday 21 November 1999 Volume 20 : Issue 65
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <URL:
http://catless.ncl.ac.uk/Risks/20.65.html>
and by anonymous ftp at ftp.sri.com, cd risks .
Contents:
Nasdaq software failure (Keith A Rhodes)
Netscape's cookie-preserving behavior (Crispin Cowan)
Announcing - PFIR: "People For Internet Responsibility" (Lauren Weinstein)
Businesses could owe millions for popular Year 2000 bug fix (Keith A Rhodes)
Japan rail ticket system crash due to 11/11/11 11:11 (Dave Fossett,
Hiroshi Naito)
Computer prompts increase errors? (Ursula Martin)
Re: Y2K creates "horseless carriages" (Adam Elman)
Possible risks in not examining end-user license agreements? (Anthony Garcia)
Microsoft Y2K liability (Lloyd Wood)
Risks of Office 2000 (Lloyd Wood)
Re: Sarah Flannery (Jean-Jacques Quisquater)
Slashes in spreadsheets (Kent Quirk)
DVD crypto was intended to be weak (M Seecof)
Amazon password change requests poorly authenticated (Andrew R. Thomas-Cramer)
Who protects me from the protectors? (David Mediavilla)
Risks of advertisements in software (Bill Royds)
Workshop on Freedom and Privacy By Design (Lorrie Cranor)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Wed, 17 Nov 1999 08:30:22 -0500
From: "Keith A Rhodes" <
[email protected]>
Subject: Nasdaq software failure
Traders were unable to buy or sell stocks for 17 crucial minutes on 16 Nov
1999 after Nasdaq officials attempted a software upgrade on the fly in the
last half hour of trading. Something went wrong and investors were the ones
who paid the price. [Source: Poorly timed software upgrade paralyzes Nasdaq,
by Larry Barrett ZDII, 16 Nov 1999]
------------------------------
Date: Thu, 04 Nov 1999 18:09:33 +0000
From: Crispin Cowan <
[email protected]>
Subject: Netscape's cookie-preserving behavior
I normally run with cookies completely disabled. Sometimes I hit sites
that insist on using cookies (e.g. slashdot's login for non-anonymous
posting) and so I temporarily enable cookies. I observed (with joy) that
when I disable cookies again, the "cookies" file disappears from my
~/.netscape directory. Good, it appears to delete cookies when I disable
them. So I started telling people about this cool feature.
However, some time later Gil Niger reported back to me that Netscape is
actually preserving cookie information across bouts of disabling cookies.
Consider this experiment:
* enable cookies
* browse a cookie-using site
* observe the cookies file--hmmm, it seems to contain an old cookie from
the washingtonpost.com
* disable cookies
* observe that the cookies file is gone, and a grep of the .netscape
directory failed to show the washingtonpost.com cookie in any file
* re-enable cookies
* browse another cookie-using site (not washingtonpost.com)
* observe the cookies file again--the washingtonpost.com cookie is back
again
Not a huge deal, but it seems misleading, at best, to *appear* to be
deleting cookie information, while actually preserving it. However, I have
never seen any NS documentation that suggested that NS was actually
deleting cookie info when cookies are disabled, so it's just my inference
from watching the file disappear.
I can't wait for Mozilla to stabilize: I really want that "anonymous mode"
feature.
My version: Netscape Communicator 4.7 for Linux/libc5/strong crypto.
Crispin
P.S. Amusing note: NS 4.7's spelling checker just flagged "Mozilla" as an
unrecognized word :-)
Crispin Cowan, CTO, WireX Communications, Inc.
http://wirex.com
Free Hardened Linux Distribution:
http://immunix.org
------------------------------
Date: Tue, 16 Nov 99 09:34 PST
From:
[email protected] (Lauren Weinstein)
Subject: Announcing - PFIR: "People For Internet Responsibility"
ANNOUNCING
PFIR: "People For Internet Responsibility"
http://www.pfir.org
November 16, 1999
PFIR is a global, grassroots, ad hoc network of individuals who are
concerned about the current and future operations, development, management,
and regulation of the Internet in responsible manners. The goal of PFIR is
to help provide a resource for individuals around the world to gain an
ability to help impact these crucial Internet issues, which will affect
virtually all aspects of our cultures, societies, and lives in the 21st
century. PFIR is non-partisan, has no political agenda, and does
not engage in lobbying.
PFIR has been founded in November, 1999 by Lauren Weinstein of Vortex
Technology in Woodland Hills, California and Peter G. Neumann of SRI
International in Menlo Park, California. Both have decades of continual
experience with the Internet and its ancestor ARPANET, Lauren originally at
the UCLA lab which was the ARPANET's first site, and Peter at the net's
second site, located at SRI.
Peter is the chairman of the ACM (Association for Computing Machinery)
Committee on Computers and Public Policy, and the creator and moderator of
the Internet RISKS Forum. Lauren is a member of that same committee, and he
is the creator and moderator of the Internet PRIVACY Forum.
With the rapid commercialization of the Internet and its World Wide Web
during the 1990's, there are increasing concerns that decisions regarding
these resources are being irresponsibly skewed through the influence of
powerful, vested interests (in commercial, political, and other categories)
whose goals are not necessarily always aligned with the concerns of
individuals and the people at large. Such incompatibilities have surfaced
in areas including domain name policy, spam, security, encryption, freedom
of speech issues, privacy, content rating and filtering, and a vast array of
other areas. New ones are sure to come!
While corporate, political, and other related entities most certainly have
important roles to play in Internet issues, it is unwise and unacceptable
for their influences to be effectively the only significant factors
affecting the broad scope of Internet policies.
There are numerous examples. While e-commerce can indeed be a wonderful
tool, it is shortsighted in the extreme for some interests to treat the
incredible creation that is the Internet as little more than a giant mail
order catalog, with ".com" associated hype on seemingly every ad, billboard
and commercial. Protection of copyrights in a global Internet environment,
without abusive monitoring, is a challenge indeed. The Internet can be a
fantastic tool to encourage the flow of ideas, information, and education,
but it can also be used to track users' behaviors and invade individuals'
privacy in manners that George Orwell never imagined in his "1984" world.
PFIR is a resource for discussion, analysis, and information regarding
Internet issues, aimed at providing a forum for *ordinary people* to
participate in the process of Internet evolution, control, and use, around
the entire world. PFIR is also a focal point for providing media and
government with a resource regarding Internet issues that is not controlled
by entities with existing major vested financial, political, or other
interests. This is accomplished through the PFIR Web site, the handling of
telephone and e-mail queries, and through digests, discussion groups,
reports, broadcast and Internet radio efforts, and other venues.
For full details about People For Internet Responsibility, including
information regarding how you can participate in or keep informed about PFIR
activities (including the PFIR Digest mailing list), please visit the PFIR
Web site at:
http://www.pfir.org
Individuals, organizations, media, etc. who are interested in more
information regarding PFIR or these Internet issues are invited to contact:
Phone, Fax, or E-mail:
Lauren Weinstein
TEL: +1 (818) 225-2800
FAX: +1 (818) 225-7203
[email protected]
Please send any physical mail to:
PFIR c/o Peter G. Neumann
Principal Scientist
Computer Science Lab
SRI International EL-243
333 Ravenswood Ave.
Menlo Park, CA 94025-3493 USA
Thank you very much. Be seeing you!
Lauren Weinstein
Peter G. Neumann
16 November 1999
------------------------------
Date: Fri, 12 Nov 1999 14:21:46 -0500
From: "Keith A Rhodes" <
[email protected]>
Subject: Businesses could owe millions for popular Year 2000 bug fix
It turns out the windowing technique used frequently by Y2K remediators to
postpone the Y2K problem (reinterpreting two-digit dates ij: from 00 to xy
as 2000+ij, and from xy+1 to 99 as 1900+ij) was patented in 1998 by Bruce
Dickens, at McDonnell Douglas Corp, now Boeing. He wants to collect
big-time. However, that technique seems to have existed long before the
patent application was submitted (for example, in the 1960s on one-digit
year software). I guess we'll have to wait and see what happens. (There
are apparently also 30 other much more specific patents on Y2K fixes.)
[Source: Associated Press item by Anick Jesdanun, 11 Nov 1999; PGN-ed]
[NOTE: It will be interesting if the companies then ask Mr. Dickens to fix
the problem after the window expires. Keith]
[The patent office seems to be overwhelmed these days, and is issuing
many patents for which prior art CLEARLY existed at the time. The
entire patent process seems to be getting out of control. PGN]
------------------------------
Date: Fri, 12 Nov 1999 14:18:04 +0900
From: Dave Fossett <dajf@REMOVE_THISpo.teleway.ne.jp>
Subject: Japan rail ticket system crash due to 11/11/11 11:11
Newsgroups: misc.transport.rail.misc
The MARS ticket reservation computer system for the nationwide JR network
crashed spectacularly at 11:10 on the 11th November 1999. The reason was not
initially clear, but while some speculated it was a kind of Y2K-like
problem, the most obvious cause seemed to be the overwhelming number of
requests for tickets printed with the date and time 11/11/11 11:11. In the
Japanese calendar, 1999 is written as Year 11, being the 11th year of the
current emperor.
Dave Fossett, Saitama, JAPAN [via Andre Sintzoff]
------------------------------
Date: Sat, 13 Nov 1999 21:10:55 +0900
From: Hiroshi Naito <
[email protected]>
Subject: Japan rail ticket system crash due to 11/11/11 11:11
Newsgroups: misc.transport.rail.misc
The following is supplemental info of this incident.
The JR's ticket reservation and issuing system crashed on the day at
around 11:11 because of intensive access caused by ticket collectors
who were in favor of a string of 10 "1" letters (11, 11, 11, 11,11)
printed on a platform ticket (Nyujo ken in Japanese). The first two
digits indicate the year of Heisei 11 in original Japanese era
designation still in use as well as the year in the Christian
calendar. Regular train tickets have time stamping printed up to date,
but a platform ticket is printed up to minutes. At that time, the
ticket collectors suddenly started purchasing platform tickets through
the MARS system. The rate of platform tickets issued is usually only
about three percent of the entire tickets while it reportedly soared
up to 75 percent at 11:11 on the day. Besides, the system requires 150%
more processing time per transaction for a platform ticket compared
to for a regular train ticket. This situation caused a massive load on
the central computer beyond its ticket issuing capability and resulted
in the computer down.
This seems to be a good lesson as to the Y2K issue. The transport-related
systems must be well verified and has been fixed for the date processing
problem of Y2K, however, this incident suggests implication of system downs
all over the world on 2000, 1, 1, caused by unexpected overwhelming
transactions.
Hiroshi Naito [via Andre Sintzoff]
[I also received another take on this problem written by Nina Thorsen,
sent via Martin Minow. PGN]
------------------------------
Date: Fri, 12 Nov 1999 18:49:43 -0800
From: Ursula Martin <
[email protected]>
Subject: Computer prompts increase errors?
http://www.newscientist.com/ns/19991106/newsstory1.html
This is a story about experiment suggesting more errors when relying on
computer prompts than when reading instruments manually.
------------------------------
Date: Mon, 8 Nov 1999 21:44:52 -0800 (PST)
From: Adam Elman <
[email protected]>
Subject: Re: Y2K creates "horseless carriages" (Doty, RISKS-20.64)
"Horseless carriage" is a legal designation used by some states to indicate
a particular type of automobile registration, usually for early-20th-century
cars. It's not an issue of a DMV programmer picking an odd-sounding
category.
Of course, this points out a RISK of transient URLs; the San Jose Mercury
usually leaves articles up only for a few days before they move them into
their archive, where you have to pay to retrieve back content. However, I
was able to find this article by searching on "horseless carriage" in both
the San Jose Mercury News site and the Portland, ME Press-Herald
(
http://www.portland.com/) -- which makes it seem much less of an urban
legend.
Adam [also noted by many other contributors! Thanks. PGN]
------------------------------
Date: Thu, 18 Nov 1999 15:01:49 -0600 (CST)
From: Anthony Garcia <
[email protected]>
Subject: Possible risks in not examining end-user license agreements?
Dialpad (www.dialpad.com) is a recently launched free net-to-telephone
gateway service.
The marketing literature on their website states:
"Dialpad.com is the world's first free Java-based
web-to-phone service. With Dialpad.com, you can
make unlimited free phone calls to anybody in the
US as long as the other party has a valid phone number."
and
"There is absolutely no cost involved in using
Dialpad.com. The per call cost of Internet
telephony is much lower than that of regular
telephony. We bear the costs of calls you make and
cover them with the revenue generated from banner ads."
To use the service, you have to download a Java applet that runs on your
machine. Downloading the Dialpad client program requires that you click an
"I Accept" button at the bottom of a web page containing their End User
License Agreement, at
http://www.dialpad.com/license_agreement.html
The Dialpad EULA starts off by identifying "The Dialpad.com Website"
as "(the "Website" or "Site")" and continues off into the usual sort
of EULA verbiage.
However, about halfway thru, it includes an interesting clause I've
never noticed before on any other EULA:
Dialpad.com cannot and does not guarantee or warrant that the files
available for downloading from the Site will be free of infection or
viruses, worms, trojan horses or other code that manifest contaminating
or destructive properties. You are responsible for implementing
sufficient procedures and checkpoints to satisfy your particular
requirements for accuracy of data input and output, and for maintaining
a means external to the Site for the reconstruction of any lost
data. YOU ASSUME TOTAL RESPONSIBILITY AND RISK FOR YOUR USE OF THE SITE,
SOFTWARE, SERVICE AND THE INTERNET.
It seems rather strange for Dialpad to make this disclaimer about
their own software's behavior.
Should we beware of Greeks bearing gifts, in this case? Can such a clause
in an agreed-to EULA successfully indemnify someone who installs a Trojan
Horse program on your machine, allowing them to claim your consent?
Anthony Garcia <
[email protected]>
------------------------------
Date: Tue, 16 Nov 1999 15:56:29 +0000 (GMT)
From: Lloyd Wood <
[email protected]>
Subject: Microsoft Y2K liability
I didn't know I _was_ a Microsoft (UK) customer. Must be because they
own Apple. And I refuse to take seriously any Y2K statement ending with:
MOREOVER, MICROSOFT DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS
REGARDING THE USE OR THE RESULTS OF THE USE OF ANY MICROSOFT YEAR
2000 STATEMENT IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY,
OR OTHERWISE.
disclaiming everything previously said, and sent by some clueless
organisation that can't wrap to less than 80 chars.
<
[email protected]>PGP<
http://www.ee.surrey.ac.uk/Personal/L.Wood/>
[Get the full message from Lloyd if you are curious. PGN]
------------------------------
Date: Wed, 17 Nov 1999 19:24:52 +0000 (GMT)
From: Lloyd Wood <
[email protected]>
Subject: Risks of Office 2000
(Pointed out to me by Adam Kirby.) Try this in Office 2000.
Open a new document.
Type 'Hello World'.
Save as HTML.
View source of the saved document.
The length of the resulting document (three pages!) firmly places this
in the 'extend' part of 'embrace and extend'. Risk? We're going to be
drowning networks in even more redundant crud.
<
[email protected]>PGP<
http://www.ee.surrey.ac.uk/Personal/L.Wood/>
------------------------------
Date: Thu, 11 Nov 1999 19:02:56 +0100
From: Jean-Jacques Quisquater <
[email protected]>
Subject: Re: Sarah Flannery (RISKS-20.16)
Do you remember Sarah Flannery and her new cryptoalgorithm?
Here are some links:
http://jya.com/flannery.htm
http://www.intel.com/pressroom/archive/backgrnd/co51198a.HTM
(including Gordon Moore and George Bush!)
http://www.girlscientist.org/links.html
See also comp.risks 20.16 (15 J. 99)
Subject: 16-yr-old Irish girl's crypto system
With comments by PGN
The story continues:
http://www.esat.ie/youngscientists/new/students/eu.htm
http://www.cordis.lu/improving/src/hp_ys.htm
http://europa.eu.int/comm/dg12/press/1999/pr2509en.html
http://europa.eu.int/comm/dg12/press/1999/pr2509en_ann.pdf
And the paper
http://cryptome.org/flannery-cp.htm
Thanks to John Young.
------------------------------
Date: Sun, 07 Nov 1999 17:38:33 -0500
From: Kent Quirk <
[email protected]>
Subject: Slashes in spreadsheets (Re: RISKS-20.64)
> From: Vicky Larmour <
[email protected]>
> ...why should forward slash be treated as an ALT press, but not if I
> am already editing text in a cell?
Ah, bitten by "ancient" history.
See, back in the days when Lotus was King and Microsoft a wannabe, Lotus
1-2-3 was effectively an operating system on a lot of computers. There were
huge numbers of people who started it up in the morning and used it all day
long for everything -- not just spreadsheets, but letters, graphics, etc.
1-2-3's menu system (before any attempt at GUI standards and before the
mouse was common) was invoked by hitting slash. Once you got used to it, you
really really liked it. So /fr was "menu file retrieve", etc.
Lotus was forced by its customers to support this mode of usage in future
spreadsheets. It did so by popping up a little dialog box containing nothing
but the original 1-2-3 menu when you hit the slash key; whatever command you
typed would then be translated to Windows GUI commands for you. (During the
internal development process of the Windows version of 1-2-3, when this
feature was introduced, the dialog box was labeled "Same as it ever was.")
Microsoft was busy watching the Lotus look-and-feel lawsuit around this
time, and they presumably didn't wish to be *quite* as obvious as
popping up a 1-2-3 menu system. So instead, they made the slash key
invoke the windows menu in the same way that Alt does.
> Why isn't this listed in the keyboard shortcuts in the Excel help?
Probably because they had hopes of making it go away someday, and they
didn't want to create a generation of users that depended on it.
Kent Quirk, Game Designer,
[email protected] http://www.cognitoy.com/
------------------------------
Date: Tue, 09 Nov 1999 15:11:00 -0800
From:
[email protected]
Subject: DVD crypto was intended to be weak
Sure, the DVD CCS encryption scheme was weak. Weak methods are cheap and
easy to implement. Since people analyzing licensed software decoders
would've broken even strong encryption of DVD movies, movie vendors had no
incentive to pay for anything but weak encryption. They prefer to fight
piracy with jackbooted enforcement of ill-conceived laws like the "Digital
Millennium Copyright Act," an interesting Herman-Kahn'ian case of relying on
deterrence rather than defence.
------------------------------
Date: Mon, 15 Nov 1999 11:37:28 -0600
From: "Andrew R. Thomas-Cramer" <
[email protected]>
Subject: Amazon password change requests poorly authenticated
The Web business Amazon.com will provide new account passwords over the
phone given only heavily-distributed public knowledge. Access to the
account allows ordering with its credit-card number.
Because I'd forgotten my Amazon password, I called via voice to change it.
I was asked first for:
* My e-mail address.
* The last purchase.
Since I didn't recall my last purchase, I was asked instead for:
* My e-mail address.
* My name.
* My zip code.
* The last four digits of my phone number.
I think it's in the realm of possibility that one or two other people might
know my e-mail address, name, zip code, and phone number. I haven't yet
received an e-mail notice that my password has changed, but it's been only
ten minutes.
Fortunately, the shipping address for an order can't be changed unless the
credit card number is re-entered. However, this only reduces, not
eliminates, the risk of theft, and it doesn't forestall pranks.
BTW, this e-mail was *not* sent from the same address referenced by my Amazon
account.
------------------------------
Date: Tue, 9 Nov 1999 14:32:46 +0100
From: David Mediavilla
Subject: Who protects me from the protectors?
The Agencia de Protecci�n de Datos (
http://www.ag-protecciondatos.es/ ) is
the Spanish authority that registers and oversees use of personal data
(names, addresses,...) in private and official files.
They offer a form (
http://www.ag-protecciondatos.es/dato4.htm ) for
requests from citizens.
The form redirects to a ~secure~ server
https://wwws.servicom.es/ag-protecciondatos/dato4.htm .
There, you _must_ (according to standard procedure
https://wwws.servicom.es/ag-protecciondatos/por_que.htm ) provide your
personal data (name, postal address, e-mail address).
It is the first time an official organization requests my postal address and
e-mail address at the same time. But I may think that since these people are
the ones who defend me against privacy breaches, they will keep my privacy.
All this trust is lost because, in the jump to secure HTTP, they used an SSL
2.0 certificate from RSA Data Security valid until _12/10/99_ 23:59:59.
David Mediavilla Ezquibela <
[email protected]>
------------------------------
Date: Sun, 14 Nov 1999 22:51:27 -0500
From: "Bill Royds" <
[email protected]>
Subject: Risks of advertisements in software
A company called Conducent (
http://www.conducent.com also called TimeSink)
is offering to pay creators of free Microsoft Windows software if the
software contains modules to display banner ads when the software is
used. These modules are installed on the client's machine when the freeware
is installed and is added to the user's start-up entry in the Windows
Registry file without informing the user of the fact. This is an entry for
TSADBOT.exe in the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
entry. Shareware the does this includes PKZipW and Cute-FTP.
When the user runs the software, an Internet connection is attempted to
a bank of computers controlled by Conducent, posting information about what
program is running and other information about the user. This seems to be
the method by which Conducent determines which software is running for
royalty payments. It also uses the information to determine which
advertising to show the user.
This is very similar to the Trojan horses that worry people so much and is
probably illegal in countries with strong privacy laws. If someone was able
to intercept these transmissions they could determine internal network and
personal information about a user. Many users would not install these
programs if the realised the nature of how the advertising works.
But an even worse fate occurs if the AdBot is thwarted in its attempts to
connect to Conducent by a firewall or other controls. It starts to attempt
to connect continually, about 10 times/second causing a huge load on local
network facilities. If it can't connect even then, it tries to connect using
Telnet and other ports with the background AdBot retrying the HTTP connects
after several hours.
Bill Royds, 3414 McCarthy Road, Ottawa, ON K1V 9A1 Canada
1-513-733-7727
[email protected]
------------------------------
Date: Fri, 12 Nov 1999 17:30:33 -0500
From: Lorrie Cranor <
[email protected]>
Subject: Workshop on Freedom and Privacy By Design
(Note the extended deadline)
DEADLINE REMINDER, CALL FOR PARTICIPATION
WORKSHOP ON FREEDOM AND PRIVACY BY DESIGN
COMPUTERS, FREEDOM, AND PRIVACY 2000
--> Submissions due November 30, 1999 <--
Westin Harbor Castle Hotel, Toronto, Canada, 4-7 April 2000
http://www.cfp2000.org/
This announcement is at
http://www.cfp2000.org/workshop
PURPOSE:
CFP has traditionally focused strongly on legal remedies as essential
instruments in the fight to ensure freedom and privacy. But law is often
very slow to catch up to technology, and has limited reach when considering
the global scope of modern communication and information technologies.
This workshop instead explores using -technology- to bring about strong
protections of civil liberties which are guaranteed by the technology
itself---in short, to get hackers, system architects, and implementors
strongly involved in CFP and its goals. Our exploration of technology
includes (a) implemented, fielded systems, and (b) what principles and
architectures should be developed, including which open problems must be
solved, to implement and field novel systems that can be inherently
protective of civil liberties.
We aim to bring together implementors and those who have studied the social
issues of freedom and privacy in one room, to answer questions such as:
o Implementation
o How can we avoid having to trade off privacy for utility?
o What sorts of tools do we have available?
o What sorts of applications may be satisfied by which architectures?
o What still needs to be discovered?
o What still needs to be implemented?
o Is open source software inherently more likely to protect civil
liberties, or not? Should we push for its wider adoption?
o Motivation
o How do we motivate businesses to field systems that are inherently
protective of their users' civil liberties---even or especially when
this deprives businesses of commercially-valuable demographic data?
o How can we encourage users to demand that implementors protect users'
rights?
o Evaluation criteria
o Given some particular goal(s) for a particular project or technology---
such as protecting privacy---can we tell in advance if the end result
is likely to help?
o How can we tell if a system, once fielded, has achieved its goal(s)?
The intended end products of this workshop are:
o Ideas for systems that we should field, and
o Implementation strategies for fielding them.
------------------------------
Date: 23 Sep 1998 (LAST-MODIFIED)
From:
[email protected]
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. Alternatively, via majordomo,
SEND DIRECT E-MAIL REQUESTS to <
[email protected]> with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
INFO [for unabridged version of RISKS information]
.MIL users should contact <
[email protected]> (Dennis Rears).
.UK users should contact <
[email protected]>.
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info
The full info file will appear now and then in future issues. *** All
contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to
[email protected] with meaningful SUBJECT: line.
=> ARCHIVES are available:
ftp://ftp.sri.com/risks or
ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
[volume-summary issues are in risks-*.00]
[back volumes have their own subdirectories, e.g., "cd 19" for volume 19]
or
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue].
PostScript copy of PGN's comprehensive historical summary of one liners:
illustrative.PS at ftp.sri.com/risks .
------------------------------
End of RISKS-FORUM Digest 20.65
************************
