mailing list archives
Risks Digest 26.35
From: RISKS List Owner <risko () csl sri com>
Date: Sun, 20 Feb 2011 21:11:37 PST
RISKS-LIST: Risks-Forum Digest Sunday 20 February 2011 Volume 26 : Issue 35
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at
U.S.-centrism: a Blind Spot (Gene Wirchenko)
UK Immigration Officer Puts Wife on the No-Fly List (Bruce Schneier)
Risks of trusting GPS (Steve Lamont)
Court applies "computer use" sentence enhancement due to simple cell
phone use (Lauren Weinstein)
New Hacking Tools Pose Bigger Threats to Wi-Fi Users (Kate Murphy via)
Risk of using old techniques on new technologies (Jim Reisert)
Free File Fillable Forms vs. Foreign Country (jidanni)
Kill Switch, Anyone? (Gene Wirchenko)
DHS/ICE vs. ICANN (Lauren Weinstein)
FBI wants surveillance backdoors in ... pretty much everything
The Dirty Little Secrets of Search (David Segal via Monty Solomon)
How does Nabble store passwords? (jidanni)
SpyTunes (Andrew Mcafee via Monty Solomon)
Precioussss! Mental price comparisons (Gene Wirchenko)
Alarm Fatigue (Cliff Sojourner)
Re: Tree octopus exposes Internet illiteracy (Kelly Bert Manning)
Good, techish, update on Stuxnet (Symantec via Danny Burstein)
REVIEW: "Extrusion Detection", Richard Bejtlich (Rob Slade)
Computers, Freedom and Privacy 2011, WashDC, 14-16 Jun 2011 (Lillie Coney)
Abridged info on RISKS (comp.risks)
Date: Thu, 17 Feb 2011 13:02:14 -0800
From: Gene Wirchenko <genew () ocis net>
Subject: U.S.-centrism: a Blind Spot
Why the revolution will not be tweeted; Twitter and Facebook didn't create
the Egyptian revolution. But Silicon Valley's belief they did shows the
smug, ethnocentric blindness that's damaging the technology industry,
*InfoWorld*, 17 Feb 2011
Paul Revere galloped from Charlestown to Lexington on that famous night in
1775. He couldn't have done it without his horse, so did that mean the
American Revolution was really the "horse revolution"? That's silly, of
course. But calling the Egyptian revolution the "Facebook (or Twitter)
revolution" is just as misguided, and it's a symptom of our ethnocentric
habit of viewing the world through the prism of the American experience or
-- in the case of Egypt -- American technology.
There's no doubt that Twitter and Facebook were tools the mostly young
Egyptian rebels used to good effect. But that's all they were: tools. After
all, the revolution continued -- and intensified -- when those tools were
disabled by the Egyptian government's shutdown of the Internet. Yet we in
the media and the technology industry are absolutely convinced that it
couldn't have happened without social networking. As New Yorker magazine
author Malcolm Gladwell puts it: "Where activists were once defined by their
causes, they are now defined by their tools." Exactly.
The blind spot that puts the American tech industry at risk If that blind
spot extended no further than to foreign news events, it would be crippling
enough. But the emergence of the developing world as a key market, supplier,
and competitor makes that occluded vision all the more dangerous -- and yet
another reason why it's so difficult for us to compete against countries
such as India, China, South Korea, and Singapore.
It's worth noting, for example, that Asia now accounts for 20 percent of
world software revenue; when that's added to Europe's 36 percent share, the
American market is a minority, according to a study by Pierre Audoin
Consultants. The middle class in those countries is growing rapidly, and
like the Horatio Alger story of old, many of those newly prosperous people
are pulling themselves up by their bootstraps.
Still, in the popular discourse, it doesn't seem matter how much logic can
be brought to bear: We're convinced that Twitter and Facebook are the
engines of everything because they are ours. We invented them, we own them,
we know how to use them. They must be important.
Such thinking isn't so different than that of the product manager who can't
find Singapore on a map and wonders why he can't sell anything in that
country or strike a deal with a supplier there. Looking at the world as if
it were a shadow of the United States is foolish and shortsighted, as well
as a recipe for failure.
It is all too easy to consider others as being lesser versions of oneself.
U.S. people are rather prone to this, but it can strike anywhere.
Date: Tue, 15 Feb 2011 00:03:31 -0600
From: Bruce Schneier <schneier () SCHNEIER COM>
Subject: UK Immigration Officer Puts Wife on the No-Fly List
[From CRYPTO-GRAM, 15 Feb 2011. PGN]
A UK immigration officer decided to get rid of his wife by putting her on
the no-fly list, ensuring that she could not return to the UK from abroad.
This worked for three years, until he put in for a promotion and -- during
the routine background check -- someone investigated why his wife was on the
Okay, so he's an idiot. And a bastard. But the real piece of news here is
how easy it is for a UK immigration officer to put someone on the no-fly
list with *absolutely no evidence* that that person belongs there. And how
little auditing is done on that list. Once someone is on, they're on for
That's simply no way to run a free country.
Date: Fri, 18 Feb 2011 12:21:07 -0800
From: Steve Lamont <spl () ncmir ucsd edu>
Subject: Risks of trusting GPS
My commuter train was 90 minutes late on Wednesday evening (2/16/11).
GPS Blamed For Car On Tracks Hit By Train, 17 Feb 2011
A 63-year-old Oklahoma woman in San Diego to visit her son narrowly escaped
injury when her rental car became stuck on train tracks thanks to bad
directions she received from the vehicle's GPS feature. The rented 2009
Hyundai Accent was struck in the rear by a Coaster train at 3298 Kettner
Blvd. around 7:20 p.m. 15 Feb 2011, according to San Diego County sheriff's
Sgt. Darrell Strohl. It was wet and dark outside, and the GPS directed the
woman to turn left onto the railway, which she believed was a street, he
said, adding that the car became stuck on some gravel.
Date: Mon, 14 Feb 2011 09:50:23 -0800
From: Lauren Weinstein
Subject: Court applies "computer use" sentence enhancement due to simple
cell phone use
http://j.mp/gJDb6G (City Business)
But the man objected when federal prosecutors moved to make his sentence
longer for use of a computer. Prosecutors argued his cellphone qualifies
as a computer under the definition in federal law. U.S. District Judge
Richard Dorr agreed, sentencing Kramer to 14 years in prison, a term that
the judge said was more than two years longer than he otherwise would have
imposed. Kramer appealed, arguing he only used his phone to make calls
and send text messages, so it shouldn't be considered a computer. But a
three-judge panel of the St.Louis-based 8th Circuit upheld the sentence,
finding the federal definition of computer is broad enough to encompass
Date: Sat, 19 Feb 2011 01:26:05 -0500
From: Monty Solomon <monty () roscom com>
Subject: New Hacking Tools Pose Bigger Threats to Wi-Fi Users (Kate Murphy)
Kate Murphy, *The New York Times*, 16 Feb 201
You may think the only people capable of snooping on your Internet activity
are government intelligence agents or possibly a talented teenage hacker
holed up in his parents' basement. But some simple software lets just about
anyone sitting next to you at your local coffee shop watch you browse the
Web and even assume your identity online.
"Like it or not, we are now living in a cyberpunk novel," said Darren
Kitchen, a systems administrator for an aerospace company in Richmond,
Calif., and the host of Hak5, a video podcast about computer hacking and
security. "When people find out how trivial and easy it is to see and even
modify what you do online, they are shocked."
Until recently, only determined and knowledgeable hackers with fancy tools
and lots of time on their hands could spy while you used your laptop or
smartphone at Wi-Fi hot spots. But a free program called Firesheep, released
in October, has made it simple to see what other users of an unsecured Wi-Fi
network are doing and then log on as them at the sites they visited.
Without issuing any warnings of the possible threat, Web site administrators
have since been scrambling to provide added protections.
Date: Thu, 17 Feb 2011 14:11:31 -0700
From: Jim Reisert AD1C <jjreisert () alum mit edu>
Subject: Risk of using old techniques on new technologies
"At the Non-volatile Systems Laboratory we have designed a procedure to
bypass the flash translation layer (FTL) on SSDs and directly access the raw
NAND flash chips to audit the success of any given sanitization
technique. Our results show that naively applying techniques designed for
sanitizing hard drives on SSDs, such as overwriting and using built-in
secure erase commands is unreliable and sometimes results in all the data
remaining intact. Furthermore, our results also show that sanitizing single
files on an SSD is much more difficult than on a traditional hard drive."
Jim Reisert AD1C, <jjreisert () alum mit edu>, http://www.ad1c.us
Date: Sun, 13 Feb 2011 09:03:37 +0800
From: jidanni () jidanni org
Subject: Free File Fillable Forms vs. Foreign Country
"Can I electronically file using Free File Fillable Forms if my address
is in a foreign country? No, if the address on Form 1040, Form 1040A or
Form 1040EZ is in a foreign country you will not be able to
electronically file your return."
So junior/aka/bozo/aka/me fills in his mom's address.
And gets hit with a hefty Illinois tax bill.
Date: Thu, 17 Feb 2011 13:44:28 -0800
From: Gene Wirchenko <genew () ocis net>
Subject: Kill Switch, Anyone?
Ted Samson, Feds wrongly links 84,000 seized sites to child porn;
Homeland Security overshoots as it takes down popular mooo.com domain
alongside child porn sites, *InfoWorld*, 17 Feb 2011
Imagine, if you will, that you're a respectable, law-abiding owner of a
small-business. You show up to your shop one fine morning only to find the
doors barred and a big sign in front window reading, "The Federal government
has seized this business as it's affiliated with creating, distributing,
and/or storing child pornography."
As part of the successful seizure of 10 Web domains suspected of storing,
displaying, or peddling child pornography, The Department of Justice and
Homeland Security's ICE (Immigration and Customs Enforcement) office also
seized a domain called mooo.com, the most popular shared domain at
afraid.org, which belongs to a DNS provider called FreeDNS.
According to FreeDNS, mooo.com isn't a domain used for anything related to
child porn; rather, it's home to some 84,000 Web sites primarily belonging
to individuals and small businesses. Yet in pulling the plug on mooo.com,
the Feds effectively shut down all 84,000 of those sites. But visitors to
those sites wouldn't simply get an error along the lines of "This site is
currently down," or even "This site has been temporarily seized by Homeland
Nope, instead, a visitor would be taken to a banner with the logos of the
Homeland Security and the Department of Justice, beneath which text reading:
"This domain name has been seized by ICE -- Homeland Security Investigations
pursuant to a seizure warrant ... under the authority of Title 17 USC
2254. Advertisement, distribution, transportation, receipt, and possession
of child pornography constitute federal crimes...."
One of the big questions here is, how did this happen? Under Federal law,
the ICE simply needs to convince a district court judge to sign a seizure
warrant, then to order the domain registries to redirect the seized domains
to warning message. What's not clear, though, is how or why mooo.com ended
up seized. Clerical error? Typo? Who knows?
Date: Thu, 17 Feb 2011 15:17:33 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: DHS/ICE vs. ICANN
Greetings. In the vein of making lemonade when you have lemons, it occurs
to me that the upcoming damage from ICANN's TLD expansion madness may have
an unexpected solution -- the folks at DHS/ICE.
Here's the simple plan. All we have to do is convince ICE to confiscate
domains faster than ICANN can issue TLDs for new ones. Given how ICE
managed to shut down 84K innocent domains in one fell swoop and tarnish them
with c-porn allegations for site visitors, this should be easy as pie for
those guys, especially since due process isn't required!
After all, much of the world is going to block dot-ex-ex-ex from day one
anyway. And probably dot-gay. And who knows what else ...
All it should take is a few allegations of illicit Disney videos hosted on
(or even just linked from) a TLD, and ICE will be out at the registry
ordering them to flip the domain "off" switch.
In fact, to make this even easier, perhaps the government should have direct
access to DNS databases so that they can terminate domains without all the
muss and fuss of dealing with the registries and registrars at all!
Or is that already in pending legislation? Gotta go check that again.
It's all so much simpler when you just toss Internet Freedoms out the
window. Phew. Problem solved.
http://j.mp/euQaAB (Google Buzz)
Lauren Weinstein (lauren () vortex com): http://www.vortex.com/lauren
Network Neutrality Squad: http://www.nnsquad.org Tel: +1 (818) 225-2800
Blog: http://lauren.vortex.com Twitter: https://twitter.com/laurenweinstein
Date: Thu, 17 Feb 2011 10:56:21 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: FBI wants surveillance backdoors in ... pretty much everything
[From Network Neutrality Squad]
Date: Sun, 13 Feb 2011 15:14:59 -0500
From: Monty Solomon <monty () roscom com>
Subject: The Dirty Little Secrets of Search (David Segal)
David Segal, The Dirty Little Secrets of Search, 12 Feb 2011
PRETEND for a moment that you are Google's search engine. Someone types the
word "dresses" and hits enter. What will be the very first result? There
are, of course, a lot of possibilities. Macy's comes to mind. Maybe a
specialty chain, like J. Crew or the Gap. Perhaps a Wikipedia entry on the
history of hemlines.
O.K., how about the word "bedding"? Bed Bath & Beyond seems a candidate. Or
Wal-Mart, or perhaps the bedding section of Amazon.com. "Area rugs"? Crate
& Barrel is a possibility. Home Depot, too, and Sears, Pier 1 or any of
those Web sites with "area rug" in the name, like arearugs.com.
You could imagine a dozen contenders for each of these searches. But in the
last several months, one name turned up, with uncanny regularity, in the
No. 1 spot for each and every term:
J. C. Penney.
The company bested millions of sites - and not just in searches for dresses,
bedding and area rugs. For months, it was consistently at or near the top in
searches for "skinny jeans," "home decor," "comforter sets," "furniture" and
dozens of other words and phrases, from the blandly generic ("tablecloths")
to the strangely specific ("grommet top curtains").
This striking performance lasted for months, most crucially through the
holiday season, when there is a huge spike in online shopping. J. C. Penney
even beat out the sites of manufacturers in searches for the products of
those manufacturers. Type in "Samsonite carry on luggage," for instance, and
Penney for months was first on the list, ahead of Samsonite.com.
With more than 1,100 stores and $17.8 billion in total revenue in 2010,
Penney is certainly a major player in American retailing. But Google's
stated goal is to sift through every corner of the Internet and find the
most important, relevant Web sites.
Does the collective wisdom of the Web really say that Penney has the most
essential site when it comes to dresses? And bedding? And area rugs? And
dozens of other words and phrases? ...
Date: Sat, 19 Feb 2011 06:25:08 +0800
From: jidanni () jidanni org
Subject: How does Nabble store passwords?
Nabble is a public forum where all users' messages are public records.
With Nabble, your user account is for public posting and identification,
and contains no valuable private information. Because of this public
nature, we do not see a need to encrypt password. Your password is
stored in our secure database but is not encrypted. If you forget your
password, you can retrieve it through our website and the password will
be emailed to you in clear text.
Date: Sat, 19 Feb 2011 01:16:08 -0500
From: Monty Solomon <monty () roscom com>
Subject: SpyTunes (Andrew Mcafee)
Andrew Mcafee, 18 Feb 2011
A little while back I was putting together an iTunes playlist to give to my
Mom as a gift, and found myself frustrated by the application's user
interface. It kept telling me that Mom already had one song after another,
and refusing to let me complete the gifting process until I removed the
duplicate song from the playlist.
After I did this three or four times I gave up, complaining to my girlfriend
how clunky the process was. She replied "That's not the real problem. The
real problem is that iTunes is telling you what music someone else has."
Date: Tue, 15 Feb 2011 10:59:25 -0800
From: Gene Wirchenko <genew () ocis net>
Subject: Precioussss! Mental price comparisons
Inapt price comparisons are all too common. Comparing the price of a with
the price of an equal weight of precious metal might seem to be one, but.
Keir Thomas, High prices threaten to kill tablet adoption;
With the Motorola Xoom rumored to cost $1199, a high-price niche
could turn people away from tablet computing. *ITBusiness*, 15 Feb 2011
This sounds like a grouchy (and obvious) question, but are tablet computers
too expensive? Are high prices going to push the nascent tablet computing
platform into a nose dive it can't recover from?
The Galaxy Tab weighs 368 grams. If you decided to invest in the equivalent
weight of pure silver, it'd cost half the price of a Tab ($356 for 368 grams
of silver vs. $600 for the Tab at $0.97 per gram of silver).
The top-range, Wi-Fi-only iPad is also more expensive as its own weight in
silver: $659.60 for 680 grams of silver vs. $699 for a 64GB Wi-Fi iPad.
Comparisons to precious metals are apt. I've yet to invest in a tablet and
there's a reason: I'm seriously concerned about theft.
Like jewelry, tablet computers are highly portable by design. A computer
journalist friend of mine wanted to write about the practicality of tablets
so he used one on subway trains, and in the park, and on buses. It was going
very well until one particular bus came to a stop, and somebody snatched the
tablet out of his hands before sprinting away.
Date: Fri, 18 Feb 2011 09:23:33 -0800
From: Cliff Sojourner <cls () employees org>
Subject: Alarm Fatigue
As a follow-up from my note 15 years ago in RISKS-17.50,
this article from *The Boston Globe* does a good job relating risks of
medical alarm systems.
"Alarm fatigue" is a good term, I think most people can grasp the concept.
The article also talks about "unintended consequences," a major component of
Date: Wed, 16 Feb 2011 02:49:44 -0500 (EST)
From: bo774 () freenet carleton ca (Kelly Bert Manning)
Subject: Re: Tree octopus exposes Internet illiteracy
Seeing should not always be believing.
Do a web search on BBC Spaghetti Harvest.
West Coast Pioneering photographers found they could earn money making and
selling composite photos of fish superimposed on railway flatcars and
One result of the recent proliferation of using edited digital photos in
court and other arenas is that some people, at least, are beginning to
realize that "photographic evidence" may not be all that it claims to be.
Date: Sat, 12 Feb 2011 23:09:02 -0500 (EST)
From: danny burstein <dannyb () panix com>
Subject: Good, techish, update on Stuxnet (Symantec)
When we released our paper on Stuxnet by Nicolas Falliere, Liam O Murchu,
and Eric Chien in September, we mentioned we=E2=80=99d likely continue to
make revisions. We have two major updates to the paper and some other minor
changes throughout. A summary of these updates follows and more detailed
information can be found in the paper. [Symantec]
Date: Mon, 14 Feb 2011 16:51:47 -0800
From: Rob Slade <rMslade () shaw ca>
Subject: REVIEW: "Extrusion Detection", Richard Bejtlich
"Extrusion Detection", Richard Bejtlich, 2006, 0-321-34996-2,
%A Richard Bejtlich www.taosecurity.com taosecurity.blogspot.com
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%I Addison-Wesley Publishing Co.
%O U$49.99/C$69.99 416-447-5101 800-822-6339 bkexpress () aw com
%O Audience a+ Tech 3 Writing 2 (see revfaq.htm for explanation)
%P 385 p.
%T "Extrusion Detection:Security Monitoring for Internal Intrusions"
According to the preface, this book explains the use of extrusion detection
(related to egress scanning), to detect intruders who are using client-side
attacks to enter or work within your network. The audience is intended to
be architects, engineers, analysts, operators and managers with an
intermediate to advanced knowledge of network security. Background for
readers should include knowledge of scripting, network attack tools and
controls, basic system administration, TCP/IP, as well as management and
policy. (It should also be understood that those who will get the most out
of the text should know not only the concepts of TCP/IP, but advanced level
details of packet and log structures.) Bejtlich notes that he is not
explicitly addressing malware or phishing, and provides references for those
areas. (It appears that the work is not directed at information which might
detect insider attacks.)
Part one is about detecting and controlling intrusions. Chapter one reviews
network security monitoring, with a basic introduction to security (brief
but clear), and then gives an overview of monitoring and listing of some
tools. Defensible network architecture, in chapter two, provides lucid
explanations of the basics, but the later sections delve deeply into
packets, scripts and configurations. Managers will understand the
fundamental points being made, but pages of the material will be
impenetrable unless you have serious hands-on experience with traffic
analysis. Extrusion detection itself is illustrated with intelligible
concepts and examples (and a useful survey of the literature) in chapter
three. Chapter four examines both hardware and software instruments for
viewing enterprise network traffic. Useful but limited instances of layer
three network access controls are reviewed in chapter five.
Part two addresses network security operations. Chapter six delves into
traffic threat assessment, and, oddly, at this point explains the details of
logs, packets, and sessions clearly and in more detail. A decent outline of
the advance planning and basic concepts necessary for network incident
response is detailed in chapter seven (although the material is generic and
has limited relation to the rest of the content of the book). Network
forensics gets an excellent overview in chapter eight: not just technical
points, but stressing the importance of documentation and transparent
Part three turns to internal intrusions. Chapter nine is a case study of a
traffic threat assessment. It is, somewhat of necessity, dependent upon
detailed examination of logs, but the material demands an advanced
background in packet analysis. The (somewhat outdated) use of IRC channels
in botnet command and control is reviewed in chapter ten.
Bejtlich's prose is clear, informative, and even has touches of humour. The
content is well-organized. (There is a tendency to use idiosyncratic
acronyms, sometimes before they've been expanded or defined.) This work is
demanding, particularly for those still at the intermediate level, but does
examine an area of security which does not get sufficient attention.
copyright, Robert M. Slade 2010 BKEXTDET.RVW 20101023
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
Date: Fri, 18 Feb 2011 17:54:59 -0500
From: Lillie Coney <coney () epic org>
Subject: Computers, Freedom and Privacy 2011, WashDC, 14-16 Jun 2011
The 2011 Computers Freedom and Privacy annual conference will convene at the
Georgetown Law Center located in Washington DC on 14-16 Jun 2011. This
year's CFP will explore the intersection of policy, technology, and action.
The meeting will involve technology and policy experts and activists in
forums designed to engage the public and policymakers in discussions about
the information society and the future of technology, innovation, and
freedom. For more on the meeting visit:
A research poster session is planned for 16 Jun 2011. To submit for the
research poster session visit:
To submit proposals for panels, workshops, plenaries, speakers or BoFs visit:
You are encouraged to share information regarding the meeting with your
online and offline network.
Date: Thu, 29 May 2008 07:53:46 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-request () csl sri com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
The full info file may appear now and then in RISKS issues.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users should contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
<http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
End of RISKS-FORUM Digest 26.35
- Risks Digest 26.35 RISKS List Owner (Feb 21)