RISKS-LIST: RISKS-FORUM Digest Wednesday 14 July 1993 Volume 14

RISKS-LIST: RISKS-FORUM Digest Wednesday 14 July 1993 Volume 14
: Issue 75

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED
SYSTEMS
ACM Committee on Computers and Public Policy, Peter G.
Neumann, moderator

Contents: [Summer Slowdown Time Continues.]
Bugs in the computer [Ant-ics in the Sun] (Clive Feather)
Re: Important words in other fonts (Frederick G.M. Roeber)
IEEE Computer Magazine Article Analyzes Therac-25 Accidents (Jim
Haynes)
Medical Reimbursements and Computer Glitches (Sanford Sherizen)
Software Safety Workshop: Call for Papers and Participants (Lon
D. Gowen)
Application of Software Metrics and Quality Assurance in Industry
(Pete Mellor)
"Russian Day" in St.Petersburg (Klaus Brunnstein)
Incident Response Workshop info (Gene Spafford)

The RISKS Forum is a moderated digest discussing risks;
comp.risks is its
Usenet counterpart. Undigestifiers are available throughout the
Internet,
but not from RISKS. Contributions should be relevant, sound, in
good taste,
objective, cogent, coherent, concise, and nonrepetitious.
Diversity is
welcome. CONTRIBUTIONS to [email protected], with appropriate,
substantive
"Subject:" line. Others may be ignored! Contributions will not
be ACKed.
The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET
FROM: ADDRESS,
especially .UUCP folks. REQUESTS please to
[email protected].

Vol i issue j, type "FTP CRVAX.SRI.COM<CR>login
anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 14, j always TWO
digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory;
"bye<CR>" logs out.
The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" =
"128.18.10.1".
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username,
password.

For information regarding delivery of RISKS by FAX, phone
310-455-9300
(or send FAX to RISKS at 310-455-2364, or EMail to
[email protected]).

ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL
DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of
regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state
otherwise.

-----------------------------------------------------------------
-----

Date: Wed, 14 Jul 93 11:11:11 BST
From: [email protected] (Clive Feather)
Subject: Bugs in the computer

The following appeared in Unigram.X (a UK newsletter) and Market
Watch
(an electronic news clippings service). On my request, permission
has been
granted to reproduce this item in RISKS provided that the full
text,
up to and including the line beginning with several = signs, is
included.
Clive D.W. Feather, IXI Ltd, Vision Park, Cambridge CB4 4ZR UK
[email protected] Phone: +44 223 236 555 Fax: +44 223 236 466

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -

SUN MICROSYSTEMS INC KNOWS WHY BRAZIL IS KNOWN TO ITS NATIVE
INHABITANTS
AS THE KINGDOM OF THE ANTS

Computergram via First! -- Sun Microsystems Inc knows why
Brazil is known
to its native inhabitants as the kingdom of the ants - it got an
electronic
mail message from its local representative down there asking how
to get rid
of bugs - ants nests to be precise: seems a user had turned his
workstation
off for a few days and on returning to power the thing up was
greeted by
some nasty crunching and popping sounds; opening the lid he was
greeted by
an army of ants whose nest-building had been rudely interrupted
by his
machine's Sparc CPU and disk subsystem coming to life; pest
control was
hurriedly dispatched and the system was soon up and running - Sun
knows its
stuff when it comes to bug-fixing.

[07-08-93 at 14:38 EDT, Copyright 1993, Apt Data Services., File:
g0708183.437]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -

Entire contents (C) 1993 by INDIVIDUAL, Inc., 84 Sherman Street,
Cambridge,
MA 02140 - Phone: 617-354-2230, FAX: 617-864-4066. Unauthorized
electronic
redistribution without prior written approval of INDIVIDUAL, Inc.
is
prohibited by law. Any authorized copy must carry in full the
copyright
notice of the information source, if any, of First! and of
INDIVIDUAL, Inc.
==============[The End - First! (TM) - Your Smart News
Agent]===============

------------------------------

Date: Wed, 7 Jul 1993 09:44:07 +0200
From: [email protected] (Frederick G.M. Roeber)
Subject: Re: Important words in other fonts

Recently I have been working with the "World Wide Web," a project
designed to unite the various data resources on the internet into
a common web of information. The Web began a few years ago at
CERN. I am working at CERN as well, and some people who saw my
work or articles thought I was an official web project member.

So, on my 'signature' page ( http://info.cern.ch/roeber/fgmr.html
)
I included a disclaimer:

Please note: I am not an official member ....

The lingua franca of the web is HTML, or hypertext markup
language, which is
based on SGML. The codes in angle brackets above are SGML, and
stand for bold
and italics.

I looked at my page with my whiz-bang X-based web browser (NCSA
Mosaic), and
sure enough the line appeared with nice bold and italicised
words.

A short time later, I got a call from a somewhat annoyed web
project guy,
demanding to know why I was claiming to be an offical member. It
seems that
on his NeXT browser, the word "not" was mysteriously absent.

The problem was that his browser didn't support italics.

Why? Well, when the Web began it was "hypertext" based.
Everything was
supposed to be simple, plain text accessible by everybody.
Though HTML was
based on SGML, this was more to be "standard" than to support
fancy markups.
The core team had a nice plan as to how they would expand, slowly
and in step.
Then the NCSA came along, with their elegant multimedia X-based
browser.
Suddenly the web became "hypermedia," and (as it supported much
more of SGML),
even plain text could be marked up in much fancier ways. So
people started
writing documents depending on the capabilities of NCSA Mosaic,
leaving the
earlier browsers behind. In this case, that lapse changed the
entire meaning
of a rather important sentence.

There are a few points here:

1) In important sentences of electronic documents, don't put
important words (like "not") in other fonts or
representations.

2) In fact, avoid needless font and representation twiddling.

3) Don't assume everybody has the same advanced tools you do.

4) If you're going to use a standard, use *all* of the
standard.
HTML is based on SGML. The code is legitimate SGML.

5) If you can't represent a requested font, for pete's sake
don't
just ignore the text! Put it up however you can. In this
case, when I protested my innocence, the other guy loaded up
the page on the old line-mode browser on the VM system.
This
browser ignores virtually all markup commands, so the
unadorned
sentence -- including the 'not' -- appeared.

6) If you launch a project in to the public, be prepared for
someone to take the ball and outrun you. You can't stay
firmly in control. This emphasizes point 4 -- the whole
point of
"standards" is so that when this happens, things are still
compatible.

Frederick G. M. Roeber, CERN/PPE, 1211 Geneva 23, Switzerland
[email protected] or [email protected] | work: +41 22 767 31 80

------------------------------

Date: Tue, 13 Jul 93 13:19:55 -0700
From: [email protected] (Jim Haynes)
Subject: IEEE Computer Magazine Article Analyzes Therac-25
Accidents

by Nancy G. Leveson, Professor of Computer Science and
Engineering at
University of Washington, and Clark S. Turner, doctoral student
at
University of California, Irvine. Pages 18 through 41 of the
current
(July 1993) issue of Computer.

[The report from which this paper is drawn was noted in
RISKS-14.04. PGN]

------------------------------

Date: Thu, 24 Jun 93 10:45 GMT
From: Sanford Sherizen <[email protected]>
Subject: Medical Reimbursements and Computer Glitches

I have been handling some of my elderly mother's bills after her
recent
hospitalization. Since she is in an HMO (Health Maintenance
Organization), she
should not have had any bills other than for personal incidentals
(tv, etc.).
Yet, she kept getting bills from one medical testing lab. When I
made an
inquiry, the lab told me that the bills should have been paid by
the HMO and
that I should notify them, which I did. Several more bills came
from the lab
and several more inquiry calls were made. Yesterday, a letter
came indicating
that the account is delinquent and that it will be turned over to
a collection
agency unless paid immediately. I called and was told that their
records
indicated that the bill had not been paid. After pushing them a
lot to review
their records, they suddenly discovered that the bill had been
paid by the HMO
s more than a month ago. The clerk told me that there had been a
*number of
cases* recently where the computer had not recognized that a
payment had been
made and bills were automatically sent out. He told me that the
computer
problem ws being worked on. When I complained that the lab
continued to send
out bills even though they knew that some of them were false, he
told me that
all people had to do was to call the accounts department (it was
an 800
number) and any errors would be corrected. However, if I had not
insisted
several times that the HMO had been notified and that they had
paid the bill,
the money would be owed by my mother.

The end result is that this lab knows that there is a billing
problem and they
have continued to send out bills, some of which are erroneous.
Their solution
is that (often ill) people will know that the bill has been paid,
will contact
the billing office, will fight to ensure that the correct
information is in
the computer, and all will be resolved. Unfortunately, what will
really
happen is that some people will pay the bill even if they do not
owe the money
and others will have their credit history threatened if they
cannot afford to
pay the money.

While this does not seem to fall under the legal definition of
fraud, it may
be illegal if the lab is billing with knowledge of a computer
problem of this
sort. I suspect that this problem is more common than recognized
and that the
lab is only one of a number of organizations that have decided
that orderly
processing of accounts is more important than correct billing of
people.
Computer glitch has become an excuse for financial manipulation
and harming of
people.

------------------------------

Date: Wed, 23 Jun 1993 19:17:29 CDT
From: "Dr. Lon D. Gowen" <[email protected]>
Subject: Software Safety Workshop: Call for Papers and
Participants.

CALL FOR PAPERS AND PARTICIPANTS

The '93 International Software Safety Workshop

November 18-19, 1993
Computer Science Department
Mississippi State University
MS State, MS 39762

Tentative Sponsors:
The National Science Foundation (NSF)
The Oak Ridge Associated Universities (ORAU)
Mississippi State University (MSU)

In Cooperation with:
The American Society of Safety Engineers (ASSE)

This workshop's goal is to bring together researchers and
practitioners from
academia, industry, and government in order to (1) enhance the
transfer of
technology and communication, (2) examine current problems
relating to
software safety research and practice, and (3) discuss and
propose new
directions for software safety research and practice. The
workshop's
organizers desire participation from all software-safety-impacted
sectors
such as aviation, medicine, transportation, manufacturing, the
military,
chemical processing, etc. The organizers also encourage
participation by
both industrial and governmental individuals who manage, specify,
design,
code, verify, or certify safety-critical software systems.

Additionally, this workshop seeks papers and presentations
relating
specifically to software safety. A partial list of topics
follows:

* Standards for developing and certifying
safety-critical software
* Techniques for static and dynamic verification &
validation
* Managerial issues and methods
* Case studies in software safety
* Experience reports dealing with software safety
* Tools, techniques, and methodologies
* Technology transfer between researchers and
practitioners
* Improving cooperation and communication between
researchers
and practitioners
* Software hazard analysis and safety-critical
requirements
* Safety-critical designs
* Long-range goals and plans for software safety, and
how best
to achieve them
* Preliminary results from recent research or practice

Authors wishing to submit a manuscript for possible presentation
and
inclusion in the workshop's proceedings must submit five copies
by
3-SEP-1993 of full-length papers (20 single-spaced pages maximum)
or topics
for presentation (2 single-spaced pages maximum) to the
workshop's general
chair at the address below:

Lon D. Gowen, Ph.D.
ISSW '93
Computer Science Department
Mississippi State University
P.O. Drawer CS
MS State, MS 39762

Phone: (601) 325-7508
Fax: (601) 325-8997
E-mail: [email protected]

In addition to the refereed papers and presentations, there
will be
several invited papers and presentations. The organizers
anticipate
presentations by the following organizations: FAA, FDA, FHWA,
DoE, NASA, DLSF
Systems, McKinlay and Associates, plus others. Additionally,
there will be
presentations by various academic researchers.

------------------------------

Date: Sat, 10 Jul 93 15:58:02 BST
From: Pete Mellor <[email protected]>
Subject: Application of Software Metrics and Quality Assurance in
Industry

The annual workshop of the Centre for Software Reliability will
be held this
year in Amsterdam from 29th September to 1st October, co-hosted
with the
Japanese Union of Scientists and Engineers.

The theme is "The Application of Software Metrics and Quality
Assurance in
Industry". Keynote speakers are Vic Basili, University of
Maryland, and
Yoshinori Iizuka, University of Tokyo.

Programme and application form can be supplied in paper or
electronic form.

Under the Human Capital and Mobility scheme of the Commission for
the European
Community, 100% support is available for up to 15 delegates to
attend from
those areas of the EC which qualify for special support (which
include Greece
and Portugal).

Applications are therefore particularly invited from people in
these areas
(although naturally, all applicants are very welcome!).

Please respond preferably by e-mail. If you happen to know of
anyone in one of
the supported areas of Europe who might be interested but who
does not receive
e-mail or read the relevant lists, please pass the information on
and ask them
to respond by fax or snail-mail.

Peter Mellor, Centre for Software Reliability, City University,
Northampton
Sq., London EC1V 0HB, UK. Tel: +44(0)71-477-8422 (Direct line to
P. Mellor),
Tel: +44(0)71-477-8421 (Direct line to Ms. C.A. Allen, Centre
Manager),
Fax: +44(0)71-477-8585 [email protected],
[email protected]

------------------------------

Date: Wed, 7 Jul 1993 18:36:46 +0200
From: [email protected]
Subject: "Russian Day" in St.Petersburg

In addition to the announcements in Risk Forum 14.60 (May
12,1993), concerning

SECURITY AND CONTROL OF INFORMATION TECHNOLOGY IN
SOCIETY
IFIP WG 9.6 Working Conference, August 12-17, 1993
Venue: the conference ship M/S Ilich between Stockholm and
St.Petersburg

here is an updated program of the "Russian Day" (St.Petersburg,
August
14,1993) To my knowledge, this is the first time where plans for
"Russian
ITSEC" may be compared to other suggestions (ITSEC, FC/FIPS), eg
in related
contributions of Marshall Abrams and one EEC speaker. Klaus
Brunnstein (May
28, 1993)

Saturday August 14: "Russian Day"

Part I: "IT and Security in Russia. Experts view"
-------------------------------------------------
"IT and Security in Russia"
E.V. Evtyushin (Russian Agency for New Information)

"IT vs. Security in Russia"
E.A. Musaev (Russian Agency for New Information
Technologies)

"Problems of information protection in the Northwestern
region of Russia"
P.A. Kuznetsov (Association for Information Protection
"Confident")

Part II: "IT and Security in Russia - Commercial sector"
--------------------------------------------------------
"Bank requirements for Information Security"
TBD (Sberbank of Russia)

"Insurance Companies and Information Security"
TBD (Representative of an insurance company)

Part III: "It and Security in Russia - Public Sector"
-----------------------------------------------------
"The current state of INFOSEC legislation development in
Russia"
A.P. Kurilo (State Technical Committee of Russia)

"The legal aspects of Digital Signature standardisation in
Russian
Federation"
V.V. Markelov (Federal Agency of Government
Communications and
Information)

"The Russian IT Security Evaluation Criteria"
Y.A. Timofeev (National Sub-committee on IT Security
Techniques
Standardisation)

Part IV: "Western Developments in IT-Security"
----------------------------------------------
R.Hackworth (U.K.): "The OECD Guidelines on IT Security"

M.Abrams (USA): "From Orange Book to new US Criteria"

P.White (U.K.): "Drafting Security Policies"

TBD "INFOSEC Security Issues in the EC"

------------------------------

Date: 8 Jul 1993 20:03:29 -0500
From: [email protected] (Gene Spafford)
Subject: Incident Response Workshop info

PRELIMINARY AGENDA
5th Computer Security Incident Handling Workshop
Sponsored by the Forum of Incident Response and Security Teams
(FIRST)

August 10-13, 1993
St. Louis, MO

TUESDAY, August 10, 1993 Full-day Tutorials

1. Creating a Security Policy, presented by Charles Cresson
Wood:
[no abstract available at time of posting]

2. Vulnerabilities of the IBM PC Architecture: Virus, Worms,
Trojan
Horses, and Things That Go Bump In The Night
presented by A. Padgett Peterson:

An intensive look into the architecture of the IBM-PC and
MS/PC-DOS --
What it is and why it was designed that way. An understanding
of
assembly language and the interrupt structure of the Intel
80x86
processor is helpful.

The day will begin with the BIOS and what makes the PC a fully
functional computer before any higher operating system is
introduced.
Next will be a discussion of the various operating systems,
what they
add and what is masked. Finally, the role and effects of the PC
and
various LAN configurations (peer-peer and client server) will
be
examined with emphasis on the potential protection afforded by
login
scripting and RIGHTS.

At each step, vulnerabilities will be examined and
demonstrations made
of how malicious software exploits them. Demonstrations may
include
STONED, MICHELANGELO, AZUSA, FORM, JERUSALEM, SUNDAY, 4096, and
EXEBUG
viruses depending on time and equipment available.

On completion attendees will understand the vulnerabilities and
how to
detect attempted exploitation using simple tools included with
DOS
such as DEBUG and MEM.

3. Unix Security
presented by Matt Bishop:

Unix can be a secure operating system if the appropriate
controls and
tools are used. However, it is difficult for even experienced
system
administrators to know all the appropriate controls to use.
This
tutorial covers the most important aspects of Unix security
administration, including internal and external controls,
useful
tools, and administration techniques to develop better
security.

Upon completion, Unix system administrators will have a better
understanding
of vulnerabilities in Unix, and of methods to protect their
systems.

WEDNESDAY, August 11, 1993

8:30 - 8:45 Opening Remarks - Rich Pethia (CERT/CC)

8:45 - 9:30 Keynote Speaker - Dr. Vinton Cerf (XXXX)

9:30 - 10:00 Break

10:00 - 12:00 International Issues - Computer networks and
communication lines
span national borders. This session will focus on
how computer
incidents may be handled in an international
context, and on
some ways investigators can coordinate their
efforts.
SPEAKERS:
Harry Onderwater (Dutch Federal Police)
John Austien (New Scotland Yard)
other speakers pending

12:00 - 1:30 Lunch with Presentations by various Response Teams

1:30 - 3:00 Professional Certification & Qualification - how
do you know if
the people you hire for security work are
qualified for the
job? How can we even know what the appropriate
qualifications
are? The speakers in this session will discuss
some approaches
to the problem for some segments of industry and
government.
SPEAKERS:
Sally Meglathery ((ISC)2)
Lynn McNulty (NIST)
Genevieve Burns (ISSA)

3:00 - 3:30 Break

3:30 - 6:00 Incident Aftermath and Press Relations - What
happens after an
incident has been discovered? What are some of
the
consequences of dealing with law enforcement and
the press?
This session will feature presentations on these
issues, and
include a panel to answer audience questions.
SPEAKERS:
Laurie Sefton (Apple Computer)
Jeffrey Sebring (MITRE)
Terry McGillen (Software Engineering Institute)
John Markoff (NY Times)
Mike Alexander (InfoSecurity News)

7:00 - 9:00 Reception

THURSDAY August 12

8:30 - 10:00 Preserving Rights During an Investigation - During
an
investigation, sometimes more damage is done by
the
investigators than from the original incident.
This session
reinforces the importance of respecting the rights
of victims,
bystanders, and suspects while also gathering
evidence that may
be used in legal or administrative actions.
SPEAKERS:
Mike Godwin (Electronic Frontiers Foundation)
Scott Charney (Department of Justice)
other speaker pending

10:00 - 10:30 Break

10:30 - 12:00 Coordinating an Investigation - What are the steps
in an
investigation? When should law enforcement be
called in? How
should evidence be preserved? Veteran
investigators discuss
these questions. A panel will answer questions,
time permitting.
SPEAKER:
Jim Settle (FBI)
other speakers pending

12:00 - 1:30 Special Interest Lunch

1:30 - 3:00 Liabilities and Insurance - You organize security
measures but
a loss occurs. Can you somehow recover the cost
of damages?
You investigate an incident, only to cause some
incidental
damage. Can you be sued? This session examines
these and
related questions.
SPEAKERS:
Mark Rasch (Arent Fox)
Bill Cook (Willian, Brinks, Olds, Hoffer, & Gibson)
Marr Haack (USF&G Insurance Companies)

3:00 - 3:15 Break

3:15 - 5:30 Incident Role Playing -- An exercise by the
attendees
to develop new insights into the process of
investigating a computer security incident.
Organized by Dr. Tom Longstaff of the CERT/CC.

7:30 - ? Birds of a Feather and Poster Sessions

FRIDAY August 13

8:30 - 10:00 Virus Incidents - How do you organize a successful
virus
analysis and response group? The speakers in this
session have
considerable experience ans success in doing
exactly this. In
their talks, and subsequent panel, they will
explain how to
organize computer virus response.
SPEAKERS:
Werner Uhrig (Macintosh Anti-virus Expert)
David Grisham (University of New Mexico)
Christoph Fischer (CARO)
Karen Picharczyk (LLNL/DoE CIAC)
Ken van Wyk (DISA/Virus-L)

10:00 - 10:15 Break

10:15 - 11:15 Databases - How do you store incident, suspect,
and
vulnerability information safely, but still allow
the
information to be used effectively? The speakers
in this
session will share some of their insights and
methods on this
topic.
SPEAKERS:
John Carr (CCTA)
Michael Higgins (DISA)
speaker pending

11:15 - 12:15 Threats - Part of incidence response is to
anticipate riska and
threats. This session will focus on some likely
trends and
possible new problems to be faced in computer
security.
SPEAKERS:
Karl A. Seeger
speakers pending

12:15 - 12:30 Closing Remarks - Dennis Steinauer (NIST/FIRST)

12:30 - 2:00 Lunch

2:00 - 3:00 FIRST General Meeting and the Steering Committee
Elections

3:00 - 4:00 FIRST Steering Committee Meeting

^^^^^^^^^^^^^^^^^^^^^Registration Information/Form
Follows^^^^^^^^^^^^^^^^^^^^^

INQUIRES:

Direct questions concerning registration and payment to: Events
at 412-268-6531

Direct general questions concerning the workshop to: Mary Alice
"Sam" Toocheck
at
214-268-6933

Return to: Helen E. Joyce
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Facsimile: 412-268-7401
TERMS:

Please make checks or purchase orders payable to SEI/CMU. Credit
cards are not
accepted. No refunds will be issued, substitutions are
encouraged.

The registrations fee includes materials, continental breakfast,
lunches (not
included on August 13), morning and afternoon breaks and an
evening reception
on August 11. Completed registration materials must be received
by the SEI no
later than July 10, 1993.

A minimum of 7 attendees are needed for each tutorial and there
will be limit
of 50 attendees. You MUST indicate which tutorial you would like
to attend and
an alternate if your first choice is full.

GOVERNMENT TERMS:

If your organization has not made prior arrangements for
reimbursement of
workshop expenses, please provide authorization (1556) from your
agency at the
time of registration.

GENERAL REGISTRATION INFORMATION:

Workshop................................. ..............$300.00
All registrations received after July 10, 1993..........$350.00
Tutorials (Must be registered by July, 10, 1993)........$190.00
[Yes, I know ... If you call today, tell them a RISKS
issue with
this info did not come out until today. Maybe they can
bend. PGN]

NAME:

TITLE:
COMPANY:

DIVISION:

ADDRESS:

CITY:

STATE:

ZIP:

BUSINESS PHONE:

EMERGENCY PHONE:

FACSIMILE NUMBER:

E-MAIL ADDRESS:
DIETARY/ACCESS REQUIREMENTS:

CITIZENSHIP: Are you a U.S. Citizen? YES/NO

Identify country where citizenship is held if not the U.S.:

(Note: there will be no classified information disclosed at this
workshop.
There is no attendance restriction based on citizenship or other
criteria.)

GENERAL HOTEL INFORMATION:

RATES: A block of rooms has been reserved at the Hyatt Regency at
Union
Station, One St. Louis Union Station, St. Louis, Missouri 63103.
The hotel
will hold these rooms until July 10, 1993. Hotel arrangements
should be made
directly with the Hyatt, 314-231-1234. To receive the special
rate of $65.00
per night, please mention the Fifth Computer Security Incident
Handling
Workshop when making your hotel arrangements.

ACCOMMODATIONS: Six-story hotel featuring 540 guest rooms,
including 20
suites. All rooms have individual climate control, direct-dial
telephone with
message alert, color TV with cable and optional pay movies.
Suites available
with wet bar. Hotel offers three floors of Regency
accommodations, along with
a Hyatt Good Passport floor, and a special floor for women
travelers.

LOCATION/TRANSPORTATION FACTS: Downtown hotel located in historic
Union
Station one mile from Cervantes Convention Center and St. Louis
Convention
Center and St. Louis Arch. Fifteen miles (30 minutes) from St.
Louis Zoo.

DINING/ENTERTAINMENT: Italian Cuisine is features at Aldo's, the
hotel's
full-service restaurant. Enjoy afternoon cocktails in the Grand
Hall, an
open-air, six-story area featuring filigree work, fresco and
stained glass
windows. The station Grille offers a chop house and seafood
menu.

RECREATIONAL/AMUSEMENT FACILITIES: Seasonal outdoor swimming
pool. Full
health club; sauna in both men's and women's locker rooms.
Jogging maps are
available at the hotel front desk.

SERVICES/FACILITIES/SHOPS: Over 100 specialty shops throughout
the hotel,
including men's and women's boutiques, children's toy shops and
train stores.

Gene Spafford, COAST Project Director
Software Engineering Research Center & Dept. of Computer Sciences
Purdue University, W. Lafayette IN 47907-1398
Internet: [email protected] phone: (317) 494-7825

------------------------------

End of RISKS-FORUM Digest 14.75

Downloaded From P-80 International Information Systems 304-744-2253