Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: RISKS List Owner (riskocsl.sri.com)
Date: Wed Jun 06 2001 - 17:22:11 CDT
RISKS-LIST: Risks-Forum Digest Wednesday 6 June 2001 Volume 21 : Issue 45
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/21.45.html>
and by anonymous ftp at ftp.sri.com, cd risks .
Ed Felten and researchers sue RIAA, DoJ over right to publish
Billboard error message (Phil Agre)
California bill prohibits online gambling (Jim Griffith)
Dutch government to act against virtual child pornography (Marcus de Geus)
Payday delayed by one day in Belgium (Kris Carlier)
Mobile phones to manage truancy - and other free publicity (Nick Brown)
Inevitability of risks (Mick Topping)
Re: The Faith-Based Missile Defense (S. Alexander Jacobson)
Re: Eurocops want seven-year retention of all phone, Net traffic
Re: Our software is *never* wrong (Scott E. Preece)
WSJ/Word change tracking/"MS Tool Lifts Veil on Spin" (Daniel P. B. Smith)
Re: Word file turns into two disjoint texts (Lloyd Wood)
Steve Gibson: Windows XP Vulnerable; Big ISPs just don't care (Chris Meadows)
Re: Office XP modifies what you type (Bear Giles, LShaping)
Re: "Hacker Insurance" charges higher rates for Windows systems! (Elana)
Re: UK Government Gateway blocks non-MS browsers (David G. Bell)
10th USENIX Security Symposium (Tiffany Peoples)
Announcement - 16th Annual Software Engineering Symposium 2001
Abridged info on RISKS (comp.risks)
Date: Wed, 06 Jun 2001 10:01:08 -0400
From: Declan McCullagh <declanwell.com>
Subject: FC: Ed Felten and researchers sue RIAA, DoJ over right to publish
Code-Breakers Go to Court
By Declan McCullagh (declanwired.com), 6:22 a.m. June 6, 2001 PDT
WASHINGTON -- After a team of academics who broke a music-watermarking
scheme bowed to legal threats from the recording industry and chose not to
publish their research in April, they vowed to "fight another day, in
On Wednesday, Ed Felten of Princeton University and seven other researchers
took their fight to a New Jersey federal court in a lawsuit asking that they
be permitted to disclose their work at a security conference this summer.
Joining them is the Usenix Association, a 26-year-old professional
organization that has accepted Felten's paper for its 10th security
symposium in Washington during the week of Aug. 13. The Electronic Frontier
Foundation is representing the researchers and Usenix.
In what appears to be the first legal challenge to the Digital Millennium
Copyright Act's criminal sections, Usenix is asking the court to block the
Justice Department from prosecuting the conference organizers for allowing
the paper to be presented. [...]
EFF document archive:
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Date: Mon, 4 Jun 2001 19:10:09 -0700
From: Phil Agre <pagrealpha.oac.ucla.edu>
Subject: Billboard error message
I was driving on I-405 northbound in southern Los Angeles County when I saw
a bitmapped billboard on the east side of the road that was displaying a
Windows error message. I couldn't take down the exact text, but it was
something like "The file cannot be played; it may be corrupt". This was a
first for me. I had seem Windows error messages displayed on video monitors
in airports and other public places, but never on a full-sized billboard.
Now, digital billboards that display animation are already a Risk of
distraction to passing drivers; there is an especially bright billboard on
the Sunset Strip that is IMHO a serious traffic hazard, and it often plays
music videos and the like. I don't know what the billboard on I-405
normally shows. One might argue that the giant Windows error is actually an
anti-Risk because it reminds the entire populace just how unreliable
Microsoft products are, thus reducing the likelihood that a passing motorist
will specify such products as part of a safety-critical system once they get
to work. On the other hand, it is easy to imagine the havoc that could be
caused by someone who managed to hack a billboard next to the freeway and
display their own content on it, particularly if the billboard is supposed
to display safety-relevant traffic messages.
[Phil, Please drive safely, with hands-free cell phone headset (unless you
already have a dashboard-mounted videocam/videophone set), coffee in one
hand, a hot dog in the other, while watching your GSP video screen at the
same time. Then you can safely ignore the safety-related signs.
BTW, My local movie N-plex recently displayed a bunch of operating
system prompts and reboot script in the space devoted to which shows
were sold out. We've also had reports of similar activities in RISKS.
Date: Wed, 30 May 2001 18:43:08 -0500 (CDT)
Subject: California bill prohibits online gambling
The California Assembly passed a bill today which would make it illegal for
Californians to play games online that are otherwise illegal in California.
The bill would fine first-time transgressors $25 per transaction (not
conviction) and $100 per transaction thereafter. Companies (anywhere)
convicted of catering to Californians could be liable for $1000 per
transaction and 90 days in jail. The bill supposedly specifically allows
prosecutors to go after offshore corporations.
We're barely finished cursing France for their stupidity in attacking
Yahoo!, and we go and do something equally stupid. Hopefully, our Senate or
Governor is a little smarter than our Assembly.
Anyone want to bet that this bill doesn't work as intended? No, wait a
minute, I could get arrested for that.
Date: Thu, 31 May 2001 09:38:35 +0000
From: "Marcus de Geus" <marcusdegeus.com>
Subject: Dutch government to act against virtual child pornography
The Dutch Minister of Justice, Korthals, has announced measures that will
make it illegal to produce or possess child pornography created by means of
electronic image manipulation. The proposed legislation appears to be aimed
at preventing the production and possession of artificially rendered images
that could be interpreted as representations of children involved in sexual
acts. Current Dutch law states that the production or possession of
pornography is a criminal offence if it involves the physical (ab)use of
(real) persons under a certain age. [Based on a report in an e-mail message
from Radio Nederland Wereldomroep.]
Leaving aside for the moment the moral issues involved, as well as the
practical aspects of enforcement, or even the difficulty of ascertaining the
age of a virtual person, the legal ramifications could prove interesting,
since the proposal appears to be based on the assumption that the virtual
representation of an activity can somehow be put on a par with its physical
Few, if any, people will be prepared to argue in favour of sexual acts
involving children, which is why it is an illegal activity. In the same
vein, few would argue in favour of the wholesale slaughter of people for the
purpose of entertainment. We find the idea repugnant, which is why such
activities have also been made illegal, at least in most modern countries.
On the basis of these premises, I wonder how the widespread legal
availability of virtual reality shoot-'em-up computer games will affect, or
be affected by, the proposed legislation. I somehow doubt that Mr. Korthals
will be prepared to do battle with such economic forces as represented by
Messrs. Sony, Nintendo, and soon, Xbox producers, Microsoft.
The RISKS? Assuming that seeing is believing, or that What You See Is What
Marcus de Geus <marcusdegeus.com> http://www.degeus.com
Date: Sat, 2 Jun 2001 10:38:44 +0200 (MET DST)
From: Kris Carlier <rootiguana.be>
Subject: Payday delayed by one day in Belgium
On 1 Jun 2001, the majority of people on the government payroll were paid
with a one-day delay. The same goes for refunds for VAT and taxes. The
reason: Belgian postal services are tasked with doing the money transfers
towards the different banks.
Seems that they had a special situation: on 31 May, not only people had to
be paid, but the next weekend (02-04 Jun) being a long one, an
'exceptionally large number' of transactions were fed to the system. In
itself this should not have been a problem, but the system has some built-in
time-restrictions, described as being rather 'large'. This of course to
avoid runaway jobs from causing further damage, just in case. Yet, some
components were hitting these time-restrictions before they were actually
finished. The Post's spokesman said that this kind of situation is only
encountered once in 5 years.
At first, of course, the functionaries were suspecting their respective
payment departments to be responsible. Phones didn't stop ringing all
day, then finally it was also on the news.
kris carlier - krisiguana.be KC62-RIPE SMS: +32-475-61.43.05
Date: Fri, 1 Jun 2001 16:11:51 +0200
From: BROWN Nick <Nick.BROWNcoe.int>
Subject: Mobile phones to manage truancy - and other free publicity
*The Guardian* (UK) "reports" (by printing a press release) today on a
"system" to allow teachers to report truanting children to their parents.
The "article" contains a number of less-than-stunning revelations, such as
that "a large number of parents have mobile phones", and some highly
meaningless claims, for example "The device can also be used to inform
headteachers, therefore cutting down on the time the overall monitoring
(and don't forget to click on the related story at the end, about students
calling their parents from the classroom to complain about their teachers !)
The RISKs should be fairly obvious to regular readers, both in the system
itself, and also in the phenomenon of supposedly "upmarket" newspapers with
a tradition of investigative reporting, printing technology company press
releases as news. A further example of the latter is the collection of
unverifiable claims in the "article" on Microsoft Office XP at
Nick Brown, Strasbourg, France
Date: Fri, 1 Jun 2001 22:27:15 -0500
From: "Mick Topping" <mickmtopping.com>
Subject: Inevitability of risks
Apparently the Gullibility Virus
has struck more people than first realized
Remember this from several months back?
Subject: New Minnysoota Virus.
Sven and Ole vere here.
Yew have yust received da Sven & Ole Computer Virus.
Because ve don't know how to program computers, dis virus verks
on da honor system. Please delete all da files on yewr hard drive
manually and forward dis message to everyvon on yewr mailing list.
Tank yew fer yewr kewhopeeration.
Sven and Ole
I thought this was pretty funny, at the time, but then I saw the recent
warnings on the Hoax-Virus, like this:
http://www.thestandard.com/article/0,1902,26780,00.html It suddenly came to
me, that someone had taken the Sven&Ole model, and improved on it, just a
little. AND IT IS WORKING! Apparently you don't even have to be a
script-kiddy to make an effective virus. (Hey kid, if you put sugar in your
dad's car's gas tank, it will run real fast...Well, Joe, if you want to get
that charcoal started FAST, try this jar of gasoline...If you don't have a
fuse, just stick a penny in the socket...memes?) It is not surprising that a
few users might fall for this, but the very fact that something like this
can find a toe-hold to spread, confirms that a big risk of technology
(ignorance) has been with us since the first tool user cut himself with the
first sharp rock.
Is real risk of information technology is that it enables the ultra-rapid
spread of malicious memes?
Date: Tue, 29 May 2001 20:49:06 -0400 (Eastern Daylight Time)
From: "S. Alexander Jacobson" <alexshop.com>
Subject: Re: The Faith-Based Missile Defense
I find it surprising that people on this list are so dismissive of
anti-ballistic missile technology:
* the US and Russia both use and sell various forms of surface to air
missiles designed to shoot down even very fast planes like F-16s and
* attack missiles in terminal phase seems like a natural extension of the
capabilities of existing SAM systems (not a radically new technological
* missiles in boost phase are very hot and move very slowly and predictably
(much more so than highly maneuverable fighter planes) -- so there is some
reason to believe that boost phase systems can be more effective than SAMs.
From a technical perspective, development of boost phase interception does
not seem obviously more complex than that of Aegis ship based defense
Moreover, general ABM seems like a natural extension of the Aegis system
in particular. We now know that the USSR actually deployed an integrated
missile tracking system at Krasnoyarsk -- so at very least that portion of
the technology is actually deployable.
Obviously developing and deploying ABM systems will not be easy and there
is substantial risk of failure. Moreover even a successful project will
may be substantially less than 100% effective. However, the same is true
of most defense systems, but we develop and deploy them anyway. Why hold
ABM to a different standard than other defense technology?
Critics may have good policy reasons to oppose deployment of ABM systems,
but creating FUD about development risks is a service to no one.
Alex S. Alexander Jacobson 1-646-638-2300
Date: Tue, 5 Jun 2001 21:58:39 +0200 (MET DST)
Subject: Re: Eurocops want seven-year retention of all phone, Net traffic
> Are they mad? One barely knows where to start enumerating the risks
> of such an undertaking.
Try to remind the politicians of snail mail and the fact that anyone
may send a letter anonymously by dropping it in a mailbox.
I humbly suggests them to put a clerk and a photo copy machine at
every snail mail box. Let the clerk identify everyone droppping
a letter. And of course open the envelope and make a photocopy of
the letter to be archived for seven years.
If they still think it's a good idea, vote for other politicians.
Date: Thu, 31 May 2001 14:59:40 -0500 (CDT)
From: "Scott E. Preece" <preeceurbana.css.mot.com>
Subject: Re: Our software is *never* wrong (Gat, RISKS-21.41)
It is possible to explain this without the credit-card company rep being
either stupid or over-trusting. If the database tracks changes to the data
and the rep was aware of an automated change (a systematic change to the
database, such as might occur in changing the schema in the database), the
rep might be able to know that you should have gotten a preference update
notification and that no manual changes had been made to your data.
Obviously, it is also possible that there was some break-in, but if the rep
had a reasonable explanation consistent with all the data, Occam's razor
argues for assuming that explanation.
scott preece, motorola/css urbana design center preeceurbana.css.mot.com
1800 s. oak st., champaign, il 61820 1-217-384-8589
Date: Wed, 30 May 2001 20:01:22 -0400
From: "Daniel P. B. Smith" <dpbsmithbellatlantic.net>
Subject: WSJ/Word change tracking/"MS Tool Lifts Veil on Spin"
If you send a Word .doc file directly to someone else, without going to
"track changes" and accepting all changes, your recipient can see all
the edits you have made to the document, with results that can be
humorous, embarrassing, or worse. This is old news to RISKS
readers--how long ago did the first mention of the problem appear in
RISKS? But perhaps the recent appearance of an article about it in The
Wall Street Journal (May 14th, page C1) is worthy of mention.
The article is entitled "How to Read Between the Corporate Lines." It
gives the procedure for viewing Microsoft Word edits, and (with somewhat
less clarity) the procedure you must go through to prevent someone else
from viewing YOUR edits.
The way the Journal puts it: "Just a couple of clicks provides a
revealing peek into how some companies massage their public messages to
Wall Street." In a news release from Ameritrade Holding Corp, "in one
draft, Ameritrade billed the March hiring of Mr. Moglia as one of the
'right decisions' the company made during a difficult second quarter.
But his name ended up on the cutting-room floor, a thin blue line
erasing him from the final version." It mentions that "Analysts and
investors looking at an earlier draft would have found a per-share,
quarterly loss of 31 cents. But that, too, was crossed out and change
to a loss of 30 cents." An Ameritrade spokeswoman brushed off the
changes, saying "it is too bad--but on the other side of it, it is too
bad that someone would think to turn the edits on."
The article goes on to cite minor gaffes from Visa USA, Allied Capital,
Web Street, and Acxiom, leaving little doubt that the problem is widespread.
There are no real howlers or scandals here. But you'd think the RISKS
would be obvious, wouldn't you?
Daniel P. B. Smith <dpbsmithworld.std.com>
"Lifetime forwarding" address: dpbsmithalum.mit.edu
Date: Wed, 30 May 2001 20:05:28 +0100 (BST)
From: Lloyd Wood <l.woodeim.surrey.ac.uk>
Subject: Re: Word file turns into two disjoint texts (Page, RISKS-21.40)
> Word was set to allow "Fast Saves", which is a non-default setting
> that performs incremental rather than complete saves.
It's worth pointing out that for a long time the default was to have
fast save _on_. The first thing I would do with any version of Word is
check for and disable it, having discovered its lack of reliability.
(Many patches to earlier versions of Word were solely to address,
er, issues with fast save.)
The risk lies in changing the defaults when user experience has led to
certain expectations. In this case, if you were hoping that fast save
would let you recover mistakenly deleted text based on experience of
older versions of Word, you'd be out of luck.
Date: Mon, 04 Jun 2001 22:57:10 -0500
From: Chris Meadows <robotecheyrie.org>
Subject: Steve Gibson: Windows XP Vulnerable; Big ISPs just don't care
The report on this webpage
is from Steve Gibson, a respected name in the tech community, and it
details his travails after grc.com came under attack from a 13-year-old
hacker, at first due to a mistaken belief Gibson had called him a name,
then simply because it was fun. It mentions how Windows XP was all but
made with these so-called "script kiddies" in mind, and they're aware of
it--and when it is more widely spread, they will be able to launch
devastating, perhaps unstoppable attacks.
He also mentions how much trouble he had getting any of the major ISPs to
cooperate with him.
This is an eye-opening report. Ignore it at your peril.
Chris Meadows aka Robotech_Master Co-moderator rec.toys.transformers.moderated
Date: Tue, 29 May 2001 23:42:20 -0600 (MDT)
From: Bear Giles <bearcoyotesong.com>
Subject: Re: Office XP modifies what you type (RISKS-21.42)
I believe that the RISKS here are far more profound than a few broken links.
In the beginning, authors were responsible for their own words and our
programs (confusingly called 'editors') preserved them. Until those
butchers, our human editors, hacked at them.
Then computers became powerful enough for 'editors' to act as advising
editors. We still owned our own words, at least until
they-who-edit-because-they-cannot-write got ahold of them, but the programs
could handle the tedious work of digging out the dictionary.
Now, for the first time, we see a program usurping the role of the human
editor. Unlike the human counterpart, we can't bribe this one with cheap
booze when the facts fail to sway them. On this issue the program is the
FINAL editor, sans appeal.
This is... scary. The smaller problem is one of liability - if a human
editor screws up, he can face real consequences. But if a program is
responsible for dropping a single word from the sentence "Mr. Smith did not
murder his wife," the humans will still bear the responsibility even though
they were powerless to prevent it. This type of liability isn't
unprecedented, but it probably hasn't seen widespread use since codpieces
were the height of male fashion. (hmmm....)
The bigger problem is that this will be an unbearable temptation to the same
"technical solutions to social problems" crowd that loves photo radar and
net filters in libraries. Why worry about the attitudes that would make
someone type "the N word" if you can require software to automatically edit
out the offensive word or phrase? Even better, we even have the precedence
that WYSIWYG doesn't mean WYSIWYG - it's now perfectly legitimate for the
original author to see what he typed, but for the saved file (and all
subsequent viewers) to see a different word.
What would stop the Republic of Freedonia from requiring all word processors
replace all references to their breakaway province Catatonia with the phrase
"breakaway province of Catatonia"? The Breakaway Province of Catatonia
would naturally have its own laws regarding Imperialistic Freedonia.
In the US we have the First Amendment to protect us from laws requiring such
changes. Which just means that these law will sneak in the back door. Some
obvious examples: how could any school justify allowing minor students to
write obscene screeds? (Never mind legitimate book reports on Mark Twain.)
How can any company defend itself against a sexual harassment suit, already
an extremely confusing body of case law, if company e-mail allows employees
to be referred with "the B and C words?"
This "feature" isn't scary because it will break a few links. It's scary
because it opens the door for our voices to become those of a stranger.
Bear Giles bgiles (at) coyotesong (dot) com
Date: Fri, 01 Jun 2001 13:15:02 GMT
From: LShaping <nospamall.please>
Subject: Re: Office XP modifies what you type (Deegan/Arnold, RISKS-21.42)
Microsoft knows best. That is no different than Windows 95 forcing all
capital-letter file names into Microsoft's chosen format. You have no
choice, you are not given any way to change the behavior, you must submit
to Microsoft's wishes. Must feel good to be a monopoly and be able to
force personal computer users to behave as you wish.
Date: 5 Jun 2001 07:54:19 -0700
From: falcospavexcite.com (Elana Who?)
Subject: Re: "Hacker Insurance" charges higher rates for Windows systems!
Two quotes from the article:
"J.S. Wurzler Underwriting Managers, one of the first companies to offer
hacker insurance, has begun charging its clients 5 percent to 15 percent
more if they use Microsoft's Windows NT software in their Internet
"...found that system administrators working on open source systems tend to
be better trained and stay with their employers longer than those at firms
using Windows software, where turnover can exceed 33 percent per year."
The article can be found at:
Date: Tue, 05 Jun 2001 07:25:03 +0100 (BST)
From: dbellzhochaka.demon.co.uk ("David G. Bell")
Subject: Re: UK Government Gateway blocks non-MS browsers (Mistry, R-21.44)
The same system is also being used for the electronic submission of EU
subsidy claim forms to MAFF (the UK's agriculture department), the details
of which are available from the www.maff.gov.uk site. While it has been
heavily pushed by MAFF, as a consequence of the outbreak of Foot and Mouth
Disease in the UK, and a desire to reduce the risk of accidental transfer of
the virus by farmers delivering forms to MAFF offices, there is still the
problem of getting the certificates.
Also, some of the claim forms require additional documents, such as sketch
maps, which cannot be so easily presented as a blank electronic form in a
browser. There seems to be a RISK that instead of a large envelope,
containing everything and delivered, with tracking, by the Post Office,
there is an envelope, and a set of electronic data, which must be connected
together somewhere in the MAFF admin system.
There has been some reporting by users, this year and of the trial last
year, in the uk.business.agriculture newsgroup. The abbreviations "IACS"
and "AAPS" will be useful in any searches of news archives.
Incidentally, I had an e-mail discussion, before the trials started, with
one of the MAFF personnel involved, about the various open signature and
encryption standards defined in RFCs. He had, as I recall, not heard of
David G. Bell -- Farmer, SF Fan, Filker, and Punslinger.
Date: Thu, 31 May 2001 16:40:51 -0700
From: Tiffany Peoples <tiffanyusenix.org>
Subject: 10th USENIX Security Symposium
10th USENIX Security Symposium
August 13-17, 2001
Sponsored by USENIX, the Advanced Computing Systems Association www.usenix.org
REGISTER BY JULY 20, 2001 AND SAVE UP TO $200!
PRACTICAL SECURITY FOR THE REAL WORLD
KEYNOTE ADDRESS by Richard M. Smith, CTO, Privacy Foundation
"Web-Enabled Gadgets: Can We Trust Them?"
24 REFEREED PAPERS on the best new research
INVITED TALKS by Matt Blaze, Mark Eckenwiler, Eric Murray,
John Young, Deborah Natsios, etc.
Date: Sun, 3 Jun 2001 20:13:07 +0000 (UTC)
From: cbsei.cmu.edu (Carol Biesecker)
Subject: Announcement - 16th Annual Software Engineering Symposium 2001
SEI 16th Annual Software Engineering Symposium 2001
October 15 - 18, 2001
Grand Hyatt at Washington Center
World Wide Web: http://www.sei.cmu.edu/symposium/
Catalysts for Improving Acquisition and Development of
Software Intensive Systems
Symposium 2001 Conference Coordinator
412 / 268-3007
For more information about the Symposium, contact
Symposium 2001 Conference Coordinator
Phone: 412 / 268-3007
FAX: 412 / 268-5556
World Wide Web: http://www.sei.cmu.edu/symposium/
Date: 12 Feb 2001 (LAST-MODIFIED)
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. Alternatively, via majordomo,
SEND DIRECT E-MAIL REQUESTS to <risks-requestcsl.sri.com> with one-line,
SUBSCRIBE (or UNSUBSCRIBE)
which now requires confirmation to majordomoCSL.sri.com (not to risks-owner)
[with option of E-mail address if not the same as FROM: on the same line,
which requires PGN's intervention -- to block spamming subscriptions, etc.] or
INFO [for unabridged version of RISKS information]
.MIL users should contact <risks-requestpica.army.mil> (Dennis Rears).
.UK users should contact <Lindsay.Marshallnewcastle.ac.uk>.
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
The full info file will appear now and then in future issues. *** All
contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risksCSL.sri.com with meaningful SUBJECT: line.
=> ARCHIVES are available: ftp://ftp.sri.com/risks or
ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
[volume-summary issues are in risks-*.00]
[back volumes have their own subdirectories, e.g., "cd 20" for volume 20]
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue].
Lindsay Marshall has also added to the Newcastle catless site a
palmtop version of the most recent RISKS issue and a WAP version that
works for many but not all telephones: http://catless.ncl.ac.uk/w/r
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
http://www.csl.sri.com/illustrative.html for browsing,
http://www.csl.sri.com/illustrative.pdf or .ps for printing
End of RISKS-FORUM Digest 21.45