Copy Link
Add to Bookmark
Report
RISKS-FORUM Digest Volume 16 Issue 43
RISKS-LIST: RISKS-FORUM Digest Tues 27 September 1994 Volume 16 : Issue 43
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for information on RISKS (comp.risks) *****
Contents:
Pretty Bad Privacy in Top-Level Negotiations (Charles Dunlop)
Re: Mexico election (H?vard Hegna)
Coyote sues Acme Co. (Luis Fernandes)
Reasoning 101, the FBI Telecom Bill, and EPIC (Jerry Leichter, Marc Rotenberg)
Please!, let's call it the "Government Wiretap Bill" !!! (Jim Warren)
The high-tech university: 500 channels, all alike (Phil Agre)
Pagers and power supplies (Laszlo Nemeth)
Marketing of science (Michael Jampel)
Power Disasters (Matthew D. Healy)
Re: Power Outage in Russia? (Arthur D. Flatau)
Questions re: security of computerized medical records (Richard Goldstein)
Network Security Observations (NSO)
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
----------------------------------------------------------------------
Date: Sun, 25 Sep 1994 18:43:58 -0400
From: "Charles Dunlop" <cdunlop@spruce.flint.umich.edu>
Subject: Pretty Bad Privacy in Top-Level Negotiations
_Business Week_ (October 3, 1994) has obtained a tape of two telephone
calls made by an aide to Jimmy Carter on September 18 during negotiations over
Haiti. The calls were made over an unsecured radio link from Port- au-Prince
to Carter's plane -- one to a National Security Council staff person, and the
other to Carter himself. Shown transcripts of the calls during a CNN
interview, Carter responded that he was "taken aback", and commented "Now I
see what happened to Prince Charles".
[I guess that some public figures still haven't see the air of their waves.]
C.E.M. Dunlop, Philosophy Department, University of Michigan, Flint
Flint, Michigan 48502-2186 (810) 762-3380 cdunlop@umich.edu
------------------------------
Date: Mon, 26 Sep 1994 09:57:15 +0100
From: H?vard Hegna <Havard.Hegna@nr.no>
Subject: Re: Mexico election (Sullivan, RISKS-16.36)
John Sullivan quotes IFE (Federal Electoral Institute) officials who deny
there were problems with the computer system but continues an investigation on
an apparent effort to infiltrate a computer virus into the main computer
system.
In Norwegian newspaper Aftenposten on August 26., the election
is reported as "a great step forward for Mexican democracy" with
a turnout of 75% of the 45 mill. electorate, as compared to the normal 50%.
In a report from Mexico on The Norwegian Broadcasting System (NRK) Radio
Program 2 (P2) on Saturday August 27., Joar Hoel Larsen quotes a professor in
political science at UNAM (?) Louis Javier Garrido who claims that the means
for rigging an election are much more sophisticated now than ever before.
With todays computers and networks one person in the right spot can easily
manipulate a whole election, something which would require an army of election
officials in the earlier primitive systems employed.
Larsen's view was that the Mexicans really wanted to make the election open
and fair this time, and had control rules on election day that bordered on the
paranoid and went a lot further than procedures that are considered quite
acceptable in for instance Norway. So there were few irregularities reported
at the voting stations. Instead, according to professor Garrido, the
manipulation was done at the electorate registry level. 7-8 mill. voters from
districts that were known to have a clear majority in opposition to the ruling
PRI party, were removed from the electorate. Not everybody, but the necessary
percentage from each such district.
The result was a normal turn-out (percentage-wise) and the normal majority in
these districts, but their influence on the totals was reduced. Resulting in
the PRI staying in power. Again according to Garrido, a serious political
independent who is not a member of the loosing PRD, says Larsen.
I have seen reports of complaints on the Mexican election in various media,
but very little mention of this accusation. Has it been reported elsewhere?
Does it have any substance?
Does anybody know what kind of computerized system was used in Mexico this
time, before, during and after the election? Any Direct Recording Equipment?
Hevard Hegna, Norwegian Computing Center, P.O. Box 114, Blindern, 0314 Oslo,
Norway (+47) 22 85 25 00/ (+47) 22 85 26 21 Fax : (+47) 22 69 76 60
------------------------------
Date: Sat, 24 Sep 1994 13:18:34 +0500
From: elf@eccles.ee.ryerson.ca (Luis Fernandes)
Subject: Coyote sues Acme Co.
What follows is an excerpt of an article that appeared in the 26 Feb 1990
issue of "The New Yorker" magazine.
Specifically, the article is about a suit brought against Acme Company,
incorporated in Delaware, by Wile E. Coyote who lives in the Arizona Desert
and is seeking, "compensation for personal injuries, loss of business income,
and mental suffering caused as a direct result the actions and/or gross
negligence of said company's... mail-order department..."
The article illustrates the RISKS of operating badly documented and labeled
equipment; the RISKS of using improperly designed equipment, and the RISKS of
using equipment for unintended purposes.
This is a quote from the opening statement of Mr. Coyote's attorney:
Mr. Coyote states that on December 13th he received of Defendant
via parcel post one Acme Rocket Sled. The intention of Mr. Coyote
was to use the Rocket Sled to aid him in pursuit of his prey. Upon
receipt of the Rocket Sled Mr. Coyote removed it from its wooden
shipping crate and, sighting his prey in the distance, activated
the ignition. As Mr. Coyote gripped the handlebars, the Rocket Sled
accelerated with such sudden and precipitate force as to stretch
Mr. Coyote's fore-limbs to a length of fifty feet. Subsequently,
the rest of Mr. Coyote's body shot forward with a violent jolt,
causing severe strain to his back and neck and placing him unex-
pectedly astride the Rocket Sled. Disappearing over the horizon at
such speed as to leave a diminishing jet trail along his path, the
Rocket Sled soon brought Mr. Coyote abreast of his prey. At that
moment the animal he was pursuing veered sharply to the right.
Mr. Coyote vigorously attempted to follow this maneuver but was
unable to do so, due to poorly designed steering and a faulty or
nonexistent braking system. Shortly thereafter, the unchecked
progress of the Rocket Sled brought it and Mr. Coyote into
collision with the side of a mesa.
In another incident, Coyote purchased a pair of rocket skates which, his
attorney claims, Acme sold without sufficient caveat and with "little or no
provision for passenger safety", because the design attached very powerful
jet-engines to "inadequate vehicles"; i.e. the roller-skates.
Other products, manufactured by Acme, that have caused Mr. Coyote great
anguish include: itching-powder, giant kites, Burmese tiger traps, anvils, and
two-hundred-foot-long rubber bands.
RISKS readers are advised to be cautious with products purchased from the Acme
Mail-Order Catalog and especially with explosives purchased from the Acme
Mail-Order Explosives Catalog; the explosives tend to detonate prematurely
very possibly due to the use of faulty primer-cord.
(If ever there was a candidate suitable for the role of RISKS mascot, Wile E.
Coyote is that animal.)
------------------------------
Date: Fri, 23 Sep 94 17:59:42 EDT
From: Jerry Leichter <leichter@lrw.com>
Subject: Reasoning 101, the FBI Telecom Bill, and EPIC
Marc Rotenberg quotes a 1992 GSA report that the FBI's proposals for access
requirements to the telephone system would have an adverse impact on national
security. He says this speaking for the "100 Reasons ... project of the
Electronic Privacy Information Center [EPIC]".
I haven't read the GSA report in question, but from context and the parts
quoted by Rotenberg, it seems clear that the particular issue concerning GSA
was one feature of the 1992 (1991?) version of the FBI proposal, which called
for the telephone companies to link to a central, government-controlled office
somewhere which would then have the ability to initiate taps anywhere without
any further assistance from the telephone companies. The GSA was correct in
pointing out that any breach of the security of this centrally controlled sys-
tem could have serious implications. The GSA was also not alone in pointing
this particular risk.
This year's version of the proposal explicitly states that tapping is to be
done *by telephone company personnel*, on telephone company premises (as is
the case today). The central tapping facility is gone.
How shall we then classify Reason 55? A straw man attack? An appeal to
emotion? (For many years, "national security" was the standard justification
for almost anything the government wanted to do. Now EPIC has appropriated
that battle cry.) Disingenuous? Dishonest?
At the least, if EPIC is going to quote the GSA's report, honesty requires
that they quote enough context to show what the statement is based on. If
their going to use an analysis of the 1992 bill, it's incumbent on *them* to
argue that analysis is applicable to the 1994 incarnation, which has undergone
substantial changes - some of them presumably a direct result of the GSA's
analysis.
In any case, proponents can as easily quote an FBI report to the effect that
*not* passing this bill would have an adverse effect on national security.
Why should one prefer the statement of one three-letter government agency over
another? Duelling appeals to authority do not rational debate make.
-- Jerry
------------------------------
Date: Mon, 26 Sep 1994 12:51:45 EST
From: Marc Rotenberg <rotenberg@washofc.epic.org>
Subject: Re: Jerry Leichter's response
There is nothing in the GSA memo that supports Jerry Leichter's
interpretation. The memo did not even mention the problems associated with
centralized monitoring. Although, it's good of Jerry to bring that up. <grin>
The memo is reprinted in full, along with accompanying materials, in Banisar
and Rotenberg, The Third CPSR Cryptography and Privacy Conference (1993). The
memo is also available at the CPSR ftp site. CPSR.ORG
/cpsr/privacy/communications/wiretap/gsa_wiretap_memo.txt
The GSA memo contains at least *ten* Reasons to oppose the wiretap plan
(incompatibility, impact on federal communication networks, scope of proposed
change, powers of Attorney General, national security, network security,
standards, current capability, cost effectiveness, delay in development of new
systems, international trade, associated costs, impact on new services).
We cited only one Reason -- national security.
A story appeared in *The New York Times* when the memo was obtained (15 Jan
1993, "FBI's Proposal on Wiretaps Draws Criticism from GSA").
Quoting from the NYT article, "the GSA said the proposed legislation was
unnecessary, could hurt the nation's competitiveness in the international
trade arena, and posed a possible danger to national security."
Marc Rotenberg, EPIC
------------------------------
Date: Sun, 25 Sep 94 12:45:38 PDT
From: jwarren@autodesk.com (Jim Warren)
Subject: please!, let's call it the "Government Wiretap Bill" !!!
It is *much* more accurate and much more provocative to call the "digital
telephony" bill the "Government Wiretap Bill."
1. It helps their propaganda and harms our propaganda to call it the "*FBI*
Wiretap Bill."
2. The FBI Wiretap Bill implies that only the FBI would use its access,
whereas all the phrasing of the versions seems to include a catch-all like,
"... and as otherwise authorized by law."
3. We need to emphasize that it's the *government* that wants the snoop-n-
peep power.
4. We need to point out that *all* levels of government can use it, "when
authorized by law," of course. <sarcasm drips>
5. We need to emphasize that the public doesn't *know* when wiretaps can
be used, since the classified and secret lawful authorizations are ... well ...
secret.
6. Most messages about the bill need to cite examples of past abuses of
wiretap authority by those in power, e.g. J. Edgar Hoover as well as Nixon's
Watergate attempt (i.e., he could have pulled it off if his FBI Director had
had "digital telephony" wiretap-at-a-keystroke access as now sought).
7. We should start calling it "telephonEy." :-)
Jim Warren, columnist for MicroTimes, Government Technology, BoardWatch, etc.
jwarren@well.com -or- jwarren@autodesk.com
------------------------------
Date: Sun, 25 Sep 1994 20:04:33 -0700
From: Phil Agre <pagre@weber.ucsd.edu>
Subject: The high-tech university: 500 channels, all alike
In a recent issue of Forbes, Thomas Sowell reports that he's looking forward
to the day when market pressures require universities to distribute a large
proportion of their lectures over video. The reference is:
Thomas Sowell, Letting in the light, Forbes, 12 September 1994, page 98.
He anticipates many advantages of this system. Among them, he says, is that
professors who engage in "propaganda", "pretentious mush", "strident
ideology", and "recruitment of disciples" will be caught on tape and exposed
to public censure. Sowell is a conservative economist and these are all
obviously code-words for the expression of political views with which
conservatives disagree. This is to be expected.
But the danger that such proposals represent is independent of your political
views. Imagine what this new world will be like. It will become unwise to
engage in unscripted give-and-take with students, lest an ambiguous remark be
placed in a foreign context by someone with video editing equipment and a
political axe to grind. It will become unwise to express unpopular opinions
in lectures, and even fundamentally conformist lectures will have to be
structured as a series of soundbites, each of which will survive being edited
into arbitrarily unfriendly contexts. University education, in other words,
will be converted into television -- 500 channels, all alike, and all subject
to the leveling force of external pressure.
These scenarios might seem paranoid, but one perfectly robust model for them
can already be found in journalism. Substantial institutions have arisen for
harassing journalists whose articles diverge from the political views of those
who care to fund them. Mistakes are magnified, passages are taken out of
context, and political evaluations are assembled and made available to people
whose cooperation the journalist may require to gather stories. Of course,
these activities are all perfectly legal and covered by the First Amendment.
But they are regrettable nonetheless.
(Such practices could already be organized in universities simply through
having monitors sit in on classes and forward notes to a central organization.
This is indeed done on a small scale, but video recording would make it much
easier.)
It will be argued (and indeed, Sowell does argue) that the warnings of college
professors like me are just the self-serving obfuscations of interest groups
with something to hide. But the consequences of such phenomena go far beyond
the university. When work activities that were formerly conducted
face-to-face start to be mediated on a large scale by digital video and other
computerized telecommunications technologies, unless those communications are
given vastly more statutory protection than seems at all likely, the door will
be opened to greatly intensified monitoring and regulation of those activities
by anyone who has legal access to recordings of the signals. If this happens,
we will realize how much slack we got from face-to-face interaction, and we
will be forced to look to one another to find ways of getting it back.
Phil Agre, UCSD
------------------------------
Date: Fri, 23 Sep 1994 21:01:59 -0600
From: Laszlo Nemeth <laszlo@eclipse.cs.colorado.edu>
Subject: Pagers and power supplies
A rather humorous thing happened the other day. I was connecting up a scsi
disk to a sparc 10 (nice small power supply) and had powered everything of.
while leaning over the system to connect the various cables to the disk, my
pager went off in vibrate mode.
I wear my pager clipped backwards in my front jeans pocket (so the nice clear
face doesn't get scratched, it mutes the sound of the pager, and gives really
good contact when vibrating) a very tender spot on most people.
when that pager went off I had a flashback to a time when I forgot how much
power is in a sun 4/260 power supply and decided to test it with me as the
path.
both times I have made it across the room before I knew what happened. From
now on when a system is open, the pager is elsewhere.
laz
------------------------------
Date: Mon, 26 Sep 94 11:29 BST
From: jampel@cs.city.ac.uk (Michael Jampel)
Subject: Marketing of science
Phil Agre <pagre@weber.ucsd.edu> asked [RISKS-16.41] asked (re:
uninterruptable power supplies causing power failures):
> Where do hubristic terms like "uninterruptable" come from?
They come from marketing people and sales people. Scientists and engineers
often have contempt for these people, but unfortunately their mistakes and
their hubris may lead to an anti-science back-lash. Therefore we can't just
let them get on with it: it's not the sales people who will get the sack when
a UPS proves to be interruptible; but the whole discipline of electrical
engineering loses a little credibility. So next time an engineer says
something like ``We must not do X because it is very unsafe'', it is possible
that those who have bee mislead by advertisements will say ``Yeah, yeah, what
do you know.'' This is a risk (not of computers, but applying to any
technical discipline).
Phil then added:
> I've got an "inherently safe nuclear reactor" to sell you
There _is_ a difference between inherent safety and engineered safety. And
one of the first nuclear reactors _was_ inherently safe. It was in Sweden,
called the Triga, and the opening ceremony (by Niels Bohr) consisted of
removing all the cooling rods from the core. Within a minute, the reactor had
stabilised, rather than starting to melt-down, due to the physical properties
of the materials it was made from. (The damping effect went up exponentially
with increasing temperature.) My guess is that the reason no reactors are
like this is commercial, i.e. it didn't make as much power per dollar's worth
of uranium, not technical. Another risk when scientists allow people they hold
in contempt to do a job that doesn't interest them; the anti-nuclear power
lobby has good reasons for its views, all due to mistakes made for commercial
reasons. Possible end result: the whole world is condemned to lack of power
when the oil runs out, because nuclear power will still be considered taboo.
Michael Jampel <jampel@cs.city.ac.uk>
------------------------------
Date: 24 Sep 1994 01:42:23 GMT
From: healy@seviche.med.yale.edu (Matthew D. Healy)
Subject: Power Disasters
All the postings about various incidents in which main power and backup were
both lost serve as examples of a point often missed by risk planners: the
multiplicative probability rule only applies if the events are truly
independent. A common mode failure can take out several "redundant" systems
at once.
It's extremely difficult to design truly redundant systems.
The O'Hare incident also seems to illustrate another point. All I know about
this incident is what was posted to RISKS; I gather they were doing some kind
of test on the UPS.
_Chernobyl_ was a disastrous failure triggered by a test of emergency
generation capabilities! The problem was exacerbated by numerous problems in
design and maintenance, but the trigger event was a misguided test of
generating emergency power from the main turbines as they spun down and the
diesel generators were started up.
A test is an inherently hazardous situation; various common-mode failures can
be triggered by tests. Therefore one must be especially careful about
scheduling and running tests!
Matthew D. Healy healy@seviche.med.yale.edu
Postdoc, Yale School of Medicine
------------------------------
Date: Mon, 26 Sep 94 11:20:28 CDT
From: flatau@cli.com (Arthur D. Flatau)
Subject: Re: Power Outage in Russia? (RISKS-16.42)
Dave Barry (syndicated humorist) wrote an article a while back about another
similar situation in Russia. The power to some military complex was shut off
because the bill was not paid, the officer in charge ordered a tank be driven
and parked next to the electric company building. The business end of the
tank was pointed at the building and miraculously power was quickly restored.
The rest of the article was about the advantages of having a tank in resolving
disputes with creditors and how one acquires the tank. The latter is done by
sending in all the credit card applications one gets in the mail, acquiring
enough credit and then charging the tank. When the credit card companies
start demanding payments, it is easy to satisfy them because now you have a
tank.
Art flatau@cli.com Computational Logic, Inc. Austin, Texas
------------------------------
Date: Mon, 26 Sep 1994 07:56:04 -0700 (PDT)
From: Richard Goldstein <richgold@netcom.com>
Subject: questions re: security of computerized medical records
I am a statistician and I sit on the Human Studies Committee (IRB) of a local
HMO. I have been assigned as primary reviewer for our committee for a
recently submitted protocol dealing with security issues on the HMO's
computerized patient data base. (Note: this may not need committee approval
under Federal rules, but it does under local rules.) I am requesting some
help regarding issues I should be asking about and guidance on literature.
Brief explanation of project: the current computerized medical record has two
sections (I am oversimplifying some issues here, without, I hope, being
misleading): a coded section that can be searched via computer and a text
section that currently cannot be automatically searched. The HMO has entered
into an agreement with a 'local' university (about 90 miles away) to attempt
to develop tools for exploiting clinical text data (e.g., access, search,
extract, manipulate the text portion of the record).
The process includes providing the university with example records (size of
sample not known), where the records have been 'sanitized'. "The sanitization
process has three stages:
1. automated masking or identifiers such as addresses and
telephone numbers in ... extract headers as created [at the HMO]
2. automated masking of medical record numbers
3. automated masking of each segment of each member's name
everywhere these segments occur in the ... extract"
There are some known problems with this masking (e.g., regarding the
occurrence of names in the record other than than of the particular patient).
My problem is that I have no idea how much faith, trust, etc. to put into the
"automated masking" process. Of particular help would be guidance on what
questions to ask about this process to help make decisions about whether it is
sufficient (guidance on literature would also be appreciated).
I note also that the people on the project appear to be unaware of the
possibility of identifying patients via combinations of coded information. As
a statistician, I am aware of some of the large literature on this question,
especially with respect to Census information. However, I am not familiar
with recent literature on this question or with computer algorithms; further,
I am not aware of any literature dealing specifically with this question for
medical records (except that I do have a copy of the 9/93 publication from the
Office of Technology Assessment entitled _Protecting Privacy in Computerized
Medical Information_; however, this is not a technical publication).
Another question relates to what we should be asking about the security of the
university computer; we have been told that the center "has implemented data
access security by granting electronic access to [HMO] data only to
researchers designated as members of the [HMO] project." However, we have
been provided with NO details; again, what questions should we be asking and
how do we interpret the responses.
I should mention that our committee very strongly opposes any movement of HMO
data outside the HMO, but in rare circumstances we have agreed when we were
satisfied with the security situation (usually a stand-alone computer in a
room that could easily be locked).
Any help or advice would be greatly appreciated and should, preferably, be
sent directly to me at "richgold@netcom.com". If desired, I could post a
summary of the resulting responses to this group.
Rich Goldstein
------------------------------
Date: Tue, 27 Sep 1994 05:21:00 -0400 (EDT)
From: Network Security Observations <NSO@delphi.com>
Subject: Network Security Observations
November 1994 NETWORK SECURITY OBSERVATIONS will be out with its inaugural
issue. NETWORK SECURITY OBSERVATIONS is expected to be the leading
international journal on computer network security for the science, research
and professional community. Every annual volume contains five issues, each
offering ample space for vigorously reviewed academic and research papers of
significant and lasting importance, and a wealth of other network security
information, including security patches and other technical information
supplied by manufacturers, related governmental documents (international),
discussions about ethics and privacy aspects, the Clipper chip and other
cryptologic issues, viruses, privacy enhanced mail, protocols, harmonization
of computer security evaluation criteria, information security management,
access management, transborder data flow, EDI security, risk analysis, trusted
systems, mission critical applications, integrity issues, computer abuse and
computer crime, etc. etc.
If and when appropriate reports of major international conferences, congresses
and seminars will be included, as well as information made available by
governments, agencies, and international and supra national organizations.
Network Security Observations is published in the English language, and
distributed Worldwide. The publication does NOT feature commercial
announcements. National and international organizers of dedicated conferences,
etc. can offer calls for papers and invitations to participate. Relevant
posting from other publishers announcing new relevant books, etc are welcomed
as well.
NETWORK SECURITY OBSERVATIONS provides the in depth and detailed look that is
essential for the network system operator, network system administrator, edp
auditor, legal counsel, computer science researcher, network security manager,
product developer, forensic data expert, legislator, public prosecutor, etc.,
including the wide range of specialists in the intelligence community, the
investigative branches and the military, the financial services industry and
the banking community, the public services, the telecom industry and the
computer industry itself.
Subscription applications by email or fax before November 1, 1994 are entitled
to a special rebated subscription rate. Special academic/educational
discounts, and rebates for governmental personnel, and other special groups,
are available upon request. Network Security Observations is a not-for-profit
journal, and therefore we are sorry to reject requests for trial orders.
For further information please contact:
by email> NSO@delphi.com
Or by fax> +1 202 429 9574
Or alternatively you can write to:
Network Security Observations, Suite 400, 1825 I Street, NW
Washington DC, 20006, United States
------------------------------
Date: 31 May 1994 (LAST-MODIFIED)
From: RISKS-request@csl.sri.com
Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
Undigestifiers are available throughout the Internet, but not from RISKS.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S.
users on .mil or .gov domains should contact <risks-request@pica.army.mil>
(Dennis Rears <drears@pica.army.mil>). UK subscribers please contact
<Lindsay.Marshall@newcastle.ac.uk>. Local redistribution services are
provided at many other sites as well. Check FIRST with your local system or
netnews wizards. If that does not work, THEN please send requests to
<risks-request@csl.sri.com> (which is not automated).
CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS
MESSAGES in responses to them. Contributions will not be ACKed; the load is
too great. **PLEASE** include your name & legitimate Internet FROM: address,
especially from .UUCP and .BITNET folks. Anonymized mail is not accepted.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
All other reuses of RISKS material should respect stated copyright notices,
and should cite the sources explicitly; as a courtesy, publications using
RISKS material should obtain permission from the contributors.
ARCHIVES: "ftp crvax.sri.com<CR>login anonymous<CR>YourName<CR> cd risks:<CR>
Issue j of volume 16 is in that directory: "get risks-16.j<CR>". For issues
of earlier volumes, "get [.i]risks-i.j<CR>" (where i=1 to 15, j always TWO
digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory
and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye<CR>"
logs out. CRVAX.SRI.COM = [128.18.30.65]; <CR>=CarriageReturn; FTPs may
differ; UNIX prompts for username, password; bitftp@pucc.Princeton.EDU and
WAIS are alternative repositories. See risks-15.75 for WAIS info.
To search back issues with WAIS, use risks-digest.src.
With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html.
FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving
it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info
regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL
RISKS COMMUNICATIONS; as a last resort you may try phone PGN at
+1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM .
------------------------------
End of RISKS-FORUM Digest 16.43
************************
