Risks Digest 20.87

From risks@csl.sri.com
Date Fri, 28 Apr 2000 13:44:43 -0700 (PDT)

[: hacktivism :]

RISKS-LIST: Risks-Forum Digest  Friday 28 April 2000  Volume 20 : Issue 87

   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/20.87.html>
and by anonymous ftp at ftp.sri.com, cd risks .

Explanation for long RISKS hiatus (PGN)
UCITA, the Uniform Computer Information Transactions Act (Bruce Schneier)
Canadian teen held in Web attacks (NewsScan)
Swedish 16-year-old arrested 3 hours after Web attack (Ulf Lindqvist)
Teenage hacker stole Gates' credit-card info (NewsScan)
Man indicted for vandalizing government computers (NewsScan)
Hackers penetrate Gazprom (Steve Bellovin)
Security experts discover rogue code in Microsoft software (NewsScan)
Encryption code protected by First Amendment (NewsScan)
Hackers crack code protecting King e-book (NewsScan)
U.S. IT job vacancies approach 1 million mark  (NewsScan)
Patent Office revamps Web patent review (NewsScan)
Iridium flames out, literally (NewsScan)
Power failure disrupts National Airport (Andres Zellweger)
Software fault stops 76,000 customers receiving phone calls (John Kerr)
Squirrelcide at San Jose Airport (Dave Stringer-Calvert)
Best new Microsoft bug yet (Martin Minow)
Web server displays admin password on failures (Bill Janssen)
Hotmail wants to know... (Gillian Richards)
no, Virginia (Danny Burstein)
REVIEW: "The Social Life of Information", John Seely Brown/Paul Duguid
  (Rob Slade)
FORMAL METHODS *ELSEwHeRE* --second CfP (Tommaso Bolognesi)
Abridged info on RISKS (comp.risks)


Date: Thu, 30 Mar 2000 12:12:19 PST
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Explanation for long RISKS hiatus 

I was in Europe, completely off the net for the first two weeks of April, --
including attending a NATO conference in Brussels on Commercial
Off-The-Shelf Products in Defence Applications: The Ruthless Pursuit of
COTS, for which I gave a keynote talk on the challenge of building robust
systems and discussing COTS vs nonclosed-source software.  The slides can be
found at http://www.csl.sri.com/neumann/ .  Since returning, I have been
trying to play catch-up, and was able to begin to read the RISKS e-mail only
in the past two days.

In this issue, I have tried to make a dent in the huge backlog.  I am very
grateful that I could rely on NewsScan items that wonderfully captured some
of the events that happened in the interim.  My profound thanks to John Gehl
and Suzanne Douglas, for my being able to repeat their copyrighted items
here, with their permission, and apologies to their regular readers who are
seeing these items for the second time!  But otherwise it would have taken
much longer to edit down many of the media reports that are still in the
queueueueueueue.  PGN


Date: Mon, 17 Apr 2000 13:30:26 -0500
From: Bruce Schneier <schneier@counterpane.com>
Subject: UCITA, the Uniform Computer Information Transactions Act 

  [From CRYPTO-GRAM, April 15, 2000, with permission]

Virginia Gov. James S. Gilmore III signed the UCITA, and it is now law in 
Virginia.  The Maryland legislature overwhelmingly passed the bill, and it 
is on its way to become law in that state.

I put this horrible piece of legislation in the Doghouse last month, but 
it's worth revisiting one portion of the act that particularly affects 
computer security.

As part of the UCITA, software manufacturers have the right to remotely
disable software if the users do not abide by the license agreement.  (If
they don't pay for the software, for example.)  As a computer-security
professional, I think this is insane.

What it means is that manufacturers can put a back door into their products.
By sending some kind of code over the Internet, they can remotely turn off
their products (or, presumably, certain features of their products).  The
naive conceit here is that only the manufacturer will ever know this disable
code, and that hackers will never figure the codes out and post them on the

This is, of course, ridiculous.  Such tools will be written and will be 

Once these tools are, it will be easy for malicious hackers to disable
peoples' computers, just for fun.  This kind of hacking will make Back
Orifice look mild.

Cryptography can protect against this kind of attack -- the codes could be
digitally signed by the manufacturer, and the software wouldn't contain the
signature key -- but in order for this to work the entire system has to be
implemented perfectly.  Given the industry's track record at implementing
cryptography, I don't have high hopes.  Putting a back door in software
products is just asking for trouble, no matter what kinds of controls you
try to put into place.

The UCITA is a bad law, and this is just the most egregious provision.  It's
wandering around the legislatures of most states.  I urge everyone to urge
everyone involved not to pass it.




Date: Wed, 19 Apr 2000 07:53:19 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: Canadian teen held in Web attacks

A 15-year-old Canadian boy has been arrested in connection with the
denial-of-service attacks that crippled major Web sites including Yahoo,
CNN.com, eBay and Amazon in February. The Montreal-area teenager, who uses
"Mafiaboy" as his online moniker, was fingered after investigators were able
to trace the attacks to that name by examining the log files of a computer
at the University of California-Santa Barbara, one of the servers used in
the cyber-assaults.  [AP/MSNBC 19 Apr 2000: NewsScan Daily, 19 April 2000

To subscribe or unsubscribe to the TEXT version of NewsScan Daily, send an
e-mail message to NewsScan@NewsScan.com with 'subscribe' or 'unsubscribe' in
the subject line. To subscribe to our new HTML version of NewsScan Daily,
send mail to NewsScan-html@NewsScan.com, with the word 'subscribe' as the
subject.  (Subscribing to the HTML version won't automatically unsubscribe
you from the text version; please unsubscribe yourself as explained above.)

We call our news section "Above The Fold" to honor the tradition of the
great "broadsheet" newspapers in which editors must decide which news
stories are of such importance that they should be placed "above the fold"
on the front page. The NewsScan Credo: Be informative, have fun, and get to
the point!   See http://www.newsscan.com/, and send us mail:  John Gehl
<gehl@NewsScan.com> and Suzanne Douglas <douglas@NewsScan.com>, or call

Copyright 2000. NewsScan Daily (R) is a publication of NewsScan.com Inc.


Date: Wed, 5 Apr 2000 10:15:07 -0700 (PDT)
From: Ulf Lindqvist <ulf@csl.sri.com>
Subject: Swedish 16-year-old arrested 3 hours after Web attack

>From the Web site of Swedish newspaper *Aftonbladet*, April 5 2000:

When the Web server of The Swedish National Board of Health and Welfare
(Socialstyrelsen) was attacked, the system operators called the National
Police Computer Crime Squad while the attack was still in progress. The
police immediately started tracking the intruder and could get the
attacker's home phone number from an ISP. A search warrant was issued and
only 3 hours after the attack, police entered the home of the alleged
attacker, a 16-year-old boy who was arrested before the eyes of his
parents. His computer as well as his parents' computer were seized and,
according to the police, records found on the computers links them to
attacks on other Web sites in Sweden.

http://www.aftonbladet.se/nyheter/0004/05/hacker.html (in Swedish)

What I personally find noteworthy in this story is how quickly the police
reacted and that it could be a sign of the trend to treat computer crimes no
differently than "low-tech" crime. When organizations see that it actually
helps to call the police in cases like this, maybe they will be less
reluctant to do so.  The deterrent effect on would-be criminals by likely
detection and immediate response should not be underestimated.

Ideally, the risk of fast law enforcement response should only worry
attackers, but given the current nature of identification and (lack of)
authentication on the Internet, it could also pose a risk to innocent users
whose systems are attacked and used to attack other systems.

Ulf Lindqvist <ulf@sdl.sri.com>  System Design Lab, SRI International, 
Menlo Park CA 94025-3493, USA. Phone +1 650 859-2351  http://www.sdl.sri.com/


Date: Mon, 27 Mar 2000 08:42:39 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: Teenage hacker stole Gates' credit-card info
Eighteen-year-old Raphael Gray was arrested on 24 Mar 2000 in Wales on
charges of Internet fraud following a joint investigation by the FBI and
Welsh police.  Gray and an unnamed accomplice had allegedly hacked into nine
e-commerce sites, stealing credit card information on 26,000 accounts in the
U.S., Canada, Thailand, Japan and Britain. Among the credit cards
compromised was one belonging to Microsoft chairman Bill Gates. Gray, who
calls himself the "Saint of E-Commerce," said, "I just wanted to prove how
insecure these sites are.  I have done the honest thing, but I have been
ignored." Gray and his accomplice e-mailed the credit card details to NBCi,
a subsidiary of the NBC broadcasting group.  [Reuters/News.com 26 Mar 2000;
NewsScan Daily, 27 Mar 2000]


Date: Thu, 23 Mar 2000 08:09:12 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: Man indicted for vandalizing government computers

Twenty-seven-year-old Max Ray Butler of Berkeley, California, has been
indicted on charges of breaking into and causing damage to government
computers belonging to such agencies as NASA, the Argonne National Labs, the
Brookhaven National Lab, the Marshall Space Center, and various facilities
of the Department of Defense.  Butler (also known as "Max Vision") has in
the past been an FBI source, helping the Bureau solve computer crimes.
[AP/*San Jose Mercury News* 23 Mar 2000; NewsScan Daily, 23 Mar 2000]

Date: Wed, 26 Apr 2000 20:46:00 -0400
From: Steve Bellovin <smb@research.att.com>
Subject: Hackers penetrate Gazprom

The Associated Press reports that hackers, in conjunction with an insider,
penetrated computer systems belonging to Gazprom, the Russian gas monopoly.
What is especially interesting about this case is that they managed to take
control of the system controlling the flow of gas in pipelines, according to
the Russian Interior Ministry.  This makes it one of the few confirmed
incidents of direct cyberthreats to a country's infrastructure.

		--Steve Bellovin

  [Based on the 26 Apr 2000 AP item, Keith Rhodes also noted that 
  including Gazprom case, Russian police registered 852 cases of computer
  crime in Russia in 1999, up twelve-fold from the year before.  PGN]


Date: Fri, 14 Apr 2000 09:10:08 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: Security experts discover rogue code in Microsoft software

A three-year-old piece of Microsoft software includes a secret password that
could be used to gain illegal access to hundreds of thousands of Web sites,
including site management files that could lead to customers' credit card
numbers. The code was discovered by two security experts who found within
the code the following message: "Netscape engineers are weenies!" Microsoft
is urging customers to delete the file, titled "dvwssr.dll," and plans to
send out an e-mail bulletin and post a warning on its Web site describing
the security hole.  [AP/*San Jose Mercury News*, 14 Apr 2000
http://www.sjmercury.com/svtech/news/breaking/ap/docs/4267471.htm; NewsScan
Daily, 14 April 2000]


Date: Wed, 05 Apr 2000 08:46:37 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: Encryption code protected by First Amendment 

A federal appeals court in Ohio has ruled that encryption software code is
protected by the First Amendment because such code is a means of
communication between computer programmers. The ruling represents the first
time that a federal appellate court has decided software code is protected
as free speech, says Raymond Vasvari, legal director of the American Civil
Liberties Union: "This is a great day for programmers, computer scientists,
and all Americans who believe that privacy and intellectual freedom should
be free from government control." The court's decision means a lawsuit filed
by Cleveland law professor Peter Junger will be reconsidered. Junger had
claimed that the government violated his free-speech rights by requiring
export licenses for encryption programs.  [*Wall Street Journal*, 5 Apr 2000 
NewsScan Daily,  5 April 2000]


Date: Fri, 31 Mar 2000 08:24:25 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: Hackers crack code protecting King e-book 

Computer hackers cracked the software code that was designed to prevent
multiple downloads of Stephen King's "Riding the Bullet" novella, confirming
publishers' worries over the dangers inherent in electronic publishing. The
e-book's publisher, Simon & Schuster, confirmed that at least two hackers
downloaded the software necessary to read the book from Glassbook Inc., one
of the Web companies given rights to distribute the book, and managed to
break the encryption code that prevented more than one customer from having
access to each electronic copy sold. Pirated copies of the book were then
distributed to about six Web sites and chat groups. The publisher contacted
many of the Internet service providers hosting the sites and had them shut
down. "All the publishers are well aware there is no perfect technical
solution to this problem," says Glassbook president Len Kawell. "We will do
our best with technology; the rest is a matter of patrolling."  [*Wall Street
Journal*, 31 Mar 2000; NewsScan Daily, 31 March 2000 


Date: Tue, 11 Apr 2000 08:14:53 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: U.S. IT job vacancies approach 1 million mark 

U.S. technology companies could be left with more than 800,000 unfilled IT
job vacancies this year, according to a study by the Information Technology
Association of America, which predicts 843,000 slots for database
administrators, programmers, software developers, Web designers, and other
IT personnel will go begging due to lack of qualified applicants. The ITAA
results mirror those announced by Silicon.com's Skills Survey 2000, which
found that 47% of European companies have open IT positions they cannot
fill. Research by IDC indicates that the European labor shortage is about
20% less severe than that of the U.S., but that could change as foreign
workers flock to fill U.S. jobs, encouraged by more lenient immigration
rules.  [Silicon.com 11 Apr 2000 http://www.silicon.com/ ;
NewsScan Daily, 11 April 2000]


Date: Wed, 29 Mar 2000 07:58:43 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: Patent Office revamps Web patent review

The U.S. Patent and Trademark Office is overhauling the way it reviews
applications for many online practices, and will now require a broader
search of past practices and inventions before awarding patents. The change
comes in response to critics who charge the Office with granting overly
broad patents for basic Web techniques, such as Amazon's "1-Click" ordering
process. Examiners reviewing applications in the business-method area will
now have to follow new procedures, including searching online databases for
similar technology ideas. "If you make these decisions without adequate
data, you run the very real risk of issuing patents on things that were
already invented, or patents that are far broader than they should be," says
Roland Cole, executive director of the Software Patent Institute. [*Wall
Street Journal, 29 Mar 2000; NewsScan Daily, 29 Mar 2000]

  [It's about time.  Many patents have been getting through where
  prior art has been known for years.  But it does provide lots of
  employment for lawyers.  PGN]


Date: Tue, 11 Apr 2000 08:14:53 -0700
From: "NewsScan" <newsscan@newsscan.com>
Subject: Iridium flames out, literally

Iridium, the bankrupt global satellite telephone corporation that spent $5
billion on the creation of a communications system for "anyone, anytime,
virtually anywhere in the world," will soon start sending 88 giant
satellites hurtling from the skies and burning up before they reach Earth.
Noting that the expensive Iridium phones could not even be used indoors,
industry-watcher and financial analyst James Grant says, "It was a
technology that didn't live up to its hype or its billing. People chose to
overlook the risks because they were bedazzled by the technology and the
promoters or sponsors."  [*The New York Times*, 11 Apr 2000
NewsScan Daily, 11 April 2000]


Date: Thu, 13 Apr 2000 08:16:07 -0400
From: ZellwegA@cts.db.erau.edu (Andres Zellweger)
Subject: Power failure disrupts National Airport

At 7:50pm on the evening of 10 Apr 2000, a power failure shut down radar at
Washington DC's Reagan National Airport after the backup generator failed at
8:41pm.  Traffic was obviously affected.  Hotels were full, trying to take
care of stranded passengers.  [Source: Article by Phuong Ly, *The Washington
Post*, 11 Apr 2000, B02] 
  [Power was resumed around 4am.  So much for back-up systems!  Dres] 
     [Yes, they needed backup to the backup.  
     This event also reported to RISKS by Sy Goodman.  PGN]


Date: Thu, 6 Apr 2000 18:04:18 +1000
From: "John Kerr" <jkerr@gil.com.au>
Subject: Software fault stops 76,000 customers receiving phone calls

At 1615 on 6 April 2000 local time, a Telstra spokesman on ABC Public Radio
advised that 76,000 telephone customers in the Toowong area of Brisbane,
Australia had been affected by a software fault which prevented them
receiving incoming calls although he indicated they seemed to be able to
ring out. He stated the problem had occurred two hours previously and
expected that service would be restored within half an hour but otherwise
gave no details. The radio and station [and I] were in the affected area.

  John Kerr, jkerr@gil.com.au - St Lucia Brisbane Australia
  61 7 3870 9588 when it takes calls


Date: Fri, 14 Apr 2000 06:57:15 -0700
From: Dave Stringer-Calvert <dave_sc@csl.sri.com>
Subject: Squirrelcide at San Jose Airport

Squirrel cuts power to airport  [From www.newschannel11.com]

A spokesman for Pacific Gas & Electric said power was restored to Santa
Clara County office buildings and the San Jose International Airport and all
other customers around 2:30pm.  ... 1,300 customers lost power around noon
when a squirrel touched a conductor and blew a circuit breaker.  As power
failed, back-up generators kept the airport running and planes continued to
take off and land on time. ...  No flight delays ...  No traffic lights
around the airport... luggage handled by hand ...  Terminal C only.  [PGN-ed]


Date: Tue, 18 Apr 2000 13:26:39 -0700
From: "Martin Minow" <martin.minow@thinklinkinc.com>
Subject: Best new Microsoft bug yet


Explorapedia Nature: Earth Rotates in Wrong Direction 

The information in this article applies to:
Microsoft Explorapedia series: World of Nature for Windows, version 1.0

When you run Explorapedia and use the Exploratron to look at the Earth
spinning, the Earth rotates in the wrong direction. 

Microsoft has confirmed this to be a problem in Explorapedia, World of
Nature, version 1.0. We are researching this problem and will post new
information here in the Microsoft Knowledge Base as it becomes available. 

  [Transcribed by Martin Minow, minow@pobox.com
  (I shouldn't be so smug, as I got this wrong in one of my applets, too.)]


Date: Wed, 23 Feb 2000 18:44:04 PST
From: Bill Janssen <janssen@parc.xerox.com>
Subject: Web server displays admin password on failures

Here's a classic from the pilot-unix mailing list:

     Subject: [Pilot-Unix] Palm Store
     From: Justin Osborn <josborn@mbhs.edu>
     Date: Wed, 23 Feb 2000 18:04:44 PST
     To: mblug@mbhs.edu, Palm Unix List <pilot-unix@hcirisc.cs.binghamton.edu>

     I went to the Palm Store (palmorder.modusmedia.com) and I did a search for
     "Minstrel."  I got this error message:

     CGI Error
     The specified CGI application misbehaved by not returning a complete set 
     of HTTP headers. The headers it did return are:    
     Died at D:\enGarde\Apps\Palm\cgi-bin\palmsearch.cgi line 63.
     dsn=palm;SERVER=ecom-websql;UID=sa;PWD=[******* deleted for RISKS by PGN]
     ---------- Error Report:----------
     Errors for the package: Connection Number: Error number: 1326
     Error message: "[Microsoft][ODBC SQL Server Driver]Client unable to
     establish connection"

     [...] Displaying the system admin password?  Come on...

     Justin Osborn

Bill Janssen  <janssen@parc.xerox.com> (650) 812-4763  FAX: (650) 812-4777
Xerox Palo Alto Research Center, 3333 Coyote Hill Rd, Palo Alto, CA  94304


Date: Thu, 27 Apr 2000 10:50:45 +1000
From: "Richards, Gillian" <gillian.richards@tafensw.edu.au>
Subject: Hotmail wants to know...

A friend (and indeed myself) write characters in assorted newsgroups, and
not all the characters are human. To keep mail pertaining to those
characters separate from work, etc, we created Hotmail accounts for each
character, and filled in the statistics as if it _were_ the character. As an
example, I write a rabbit who is aged about 18 months - the equivalent of a
young adult in human terms. (If any of the other writers are reading this, I
deny being any of them {fluffystomp!})

Now Hotmail won't let us access our accounts as we are "underaged", unless
an adult verifies that we are allowed to. 

The proof of adult status required? A credit card number.

The risks:

1) I refuse to give my credit card number for a non-purchase reason.

2) Who says a real kid is going to enter their correct age anyway?
   (just like the "click here if you are over 18" checks of the adult sites)

3) If we put in our real ages (and indeed our real details such as
   zip/post codes and other such stuff) just how much free marketing
   information is Hotmail getting out of us?

Hotmail can trace any mail back to my own ISP account if necessary. Surely
that's more than enough information for them. If I start getting junk mail
in my ISP mailbox for rabbit feed and viagra, I'll know why.

Gillian the Techie


Date: Fri, 31 Mar 2000 12:07:19 -0800 (PST)
From: danny burstein <dannyb@panix.com>
Subject: no, Virginia (Re: RISKS-20.86)

Permit me to point out that the famous letter, from Virginia O'Hanlon, was
first printed in the *New York Sun* of 21 September 1897.

  [TNX.  For historical accuracy, not RISKS relevance.  PGN]


Date: Tue, 18 Apr 2000 08:11:42 -0800
From: "Rob Slade" <rslade@sprint.ca>
Subject: REVIEW: "The Social Life of Information", John Seely Brown/Paul Duguid

BKSOLFIN.RVW   20000222

"The Social Life of Information", John Seely Brown/Paul Duguid, 2000,
0-87584-762-5, U$25.95
%A   John Seely Brown jsb@parc.xerox.com
%A   Paul Duguid duguid@socrates.berkeley.edu
%C   60 Harvard Way, Boston MA   02163
%D   2000
%G   0-87584-762-5
%I   Harvard Business School Press
%O   U$25.95 800-545-7685 fax: 617-496-8066 www.hbsp.harvard.edu
%P   320 p.
%T   "The Social Life of Information"

The book is not very clear about the social life of information, or why we
should care about it.  For example, the introduction notes that digital
communications removes clues that we would ordinarily receive in a
conversation, conveyed through body language.  It also asserts that there
are a number of people involved in the infrastructure behind accessing a
piece of printed information, such as publishers and librarians.  The irony
of these statements seems to be lost: books hide body language just as
effectively as e-mail, and the Internet is the product of a number of
communities of people, the cultures of whom are apparent to those who choose
to examine the net closely.

Chapter one examines the information glut, as well as touching on the fact
that knowledge may lose its value as it is atomized into mere data.
However, it is difficult to find any central theme, other than a reaction
against some of the more facile assertions that are being made about the
information age.  Agent technology and other forms of low level artificial
intelligence are noted to be imperfect, in chapter two.  Starting with
telecommuting, chapter three looks at other aspects of computers and work.
Chapter four discusses the failure of business process re-engineering and
the triumph of informal practices of work and socialization.  (I can fully
agree with the comments on the business-term-du-jour.)  Social factors
involved in knowledge and learning are addressed in chapter five.  A "seed
in good soil" model of technical development structures the presentation of
knowledge ecologies in chapter six.  Chapter seven seems to feel that there
is some inherent validation of printed knowledge, but I can certainly attest
to the fact that a lot of books are a waste of good pulp.  Chapter eight
finishes off with a look at higher education, and also provides the only
solid suggestion of the work--the "distributed" college, with separation of
the various functions.

The book makes one important point; that trying to remove information from
its social context is fraught with peril.  The text is readable, and the
material is erudite and even, at times, insightful.  Unfortunately, this
single message, and a bit of tutting at those leaping into digital waters
without looking, doesn't seem to be able to carry interest in the volume all
the way through.  The content is neither new, nor presented in any novel
way.  Questions or intents are not very clear, nor strongly pursued.  The
result is probably worth reading as a reminder not to get too caught up in
the techno-hype, but is not earth-shaking.

copyright Robert M. Slade, 2000   BKSOLFIN.RVW   20000222
rslade@vcn.bc.ca  rslade@sprint.ca  slade@victoria.tc.ca p1@canada.com
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade


Date: Fri, 21 Apr 2000 16:21:30 +0100
From: Tommaso Bolognesi <t.bolognesi@IEI.PI.CNR.IT>
Subject: FORMAL METHODS *ELSEwHeRE* --second CfP

         F M - E L S E w H e R E   (FORMAL METHODS *ELSEWHERE*)
         A Satellite Workshop of FORTE-PSTV-2000,
         devoted to applications of Formal Methods to areas
         *other than* communication protocols and software engineering.
         P i s a ,   I t a l y,   O c t o b e r   1 0 ,   2 0 0 0


... Also, we will be keeping a list of known non-traditional applications of
formal methods on the workshop web page,
and if you wish to contribute an item to the list mail Howard Bowman

SUBMISSIONS by 15 May 2000
Send by e-mail a copy of your paper to Howard Bowman (H.Bowman@ukc.ac.uk).


Date: 13 Dec 1999 (LAST-MODIFIED)
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) 
 if possible and convenient for you.  Alternatively, via majordomo, 
 SEND DIRECT E-MAIL REQUESTS to <risks-request@csl.sri.com> with one-line, 
   SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
   INFO     [for unabridged version of RISKS information]
 .MIL users should contact <risks-request@pica.army.mil> (Dennis Rears).
 .UK users should contact <Lindsay.Marshall@newcastle.ac.uk>.
=> The INFO file (submissions, default disclaimers, archive sites, 
 copyright policy, PRIVACY digests, etc.) is also obtainable from
 http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
 The full info file will appear now and then in future issues.  *** All 
 contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
=> ARCHIVES are available: ftp://ftp.sri.com/risks or
 ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
   [volume-summary issues are in risks-*.00]
   [back volumes have their own subdirectories, e.g., "cd 19" for volume 19]
 or http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
 Also, new AUSTRALIAN archives at http://mirror.aarnet.edu.au/risks/ and
   http://the.wiretapped.net/security/textfiles/risks-digest/ .
 PostScript copy of PGN's comprehensive historical summary of one liners:
   illustrative.PS at ftp.sri.com/risks .


End of RISKS-FORUM Digest 20.87

[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]