OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: RISKS List Owner (riskocsl.sri.com)
Date: Wed Jun 06 2001 - 17:22:11 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    RISKS-LIST: Risks-Forum Digest Wednesday 6 June 2001 Volume 21 : Issue 45

       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/21.45.html>
    and by anonymous ftp at ftp.sri.com, cd risks .

      Contents:
    Ed Felten and researchers sue RIAA, DoJ over right to publish
      (Declan McCullagh)
    Billboard error message (Phil Agre)
    California bill prohibits online gambling (Jim Griffith)
    Dutch government to act against virtual child pornography (Marcus de Geus)
    Payday delayed by one day in Belgium (Kris Carlier)
    Mobile phones to manage truancy - and other free publicity (Nick Brown)
    Inevitability of risks (Mick Topping)
    Re: The Faith-Based Missile Defense (S. Alexander Jacobson)
    Re: Eurocops want seven-year retention of all phone, Net traffic
      (Morten Norman)
    Re: Our software is *never* wrong (Scott E. Preece)
    WSJ/Word change tracking/"MS Tool Lifts Veil on Spin" (Daniel P. B. Smith)
    Re: Word file turns into two disjoint texts (Lloyd Wood)
    Steve Gibson: Windows XP Vulnerable; Big ISPs just don't care (Chris Meadows)
    Re: Office XP modifies what you type (Bear Giles, LShaping)
    Re: "Hacker Insurance" charges higher rates for Windows systems! (Elana)
    Re: UK Government Gateway blocks non-MS browsers (David G. Bell)
    10th USENIX Security Symposium (Tiffany Peoples)
    Announcement - 16th Annual Software Engineering Symposium 2001
      (Carol Biesecker)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Wed, 06 Jun 2001 10:01:08 -0400
    From: Declan McCullagh <declanwell.com>
    Subject: FC: Ed Felten and researchers sue RIAA, DoJ over right to publish

    Code-Breakers Go to Court
    By Declan McCullagh (declanwired.com), 6:22 a.m. June 6, 2001 PDT

    WASHINGTON -- After a team of academics who broke a music-watermarking
    scheme bowed to legal threats from the recording industry and chose not to
    publish their research in April, they vowed to "fight another day, in
    another way."

    On Wednesday, Ed Felten of Princeton University and seven other researchers
    took their fight to a New Jersey federal court in a lawsuit asking that they
    be permitted to disclose their work at a security conference this summer.

    Joining them is the Usenix Association, a 26-year-old professional
    organization that has accepted Felten's paper for its 10th security
    symposium in Washington during the week of Aug. 13. The Electronic Frontier
    Foundation is representing the researchers and Usenix.

    In what appears to be the first legal challenge to the Digital Millennium
    Copyright Act's criminal sections, Usenix is asking the court to block the
    Justice Department from prosecuting the conference organizers for allowing
    the paper to be presented. [...]

      [http://www.wired.com/news/mp3/0,1285,44344,00.html]

    Background:
      http://www.politechbot.com/cgi-bin/politech.cgi?name=felten
    DMCA-related photos:
      http://www.mccullagh.org/theme/dmca-appeals-arguments.html
      http://www.mccullagh.org/theme/dvd-2600-trial.html
      http://www.mccullagh.org/theme/dmca-protest.html
    EFF document archive:
      http://www.eff.org/Legal/Cases/Felten_v_RIAA/

    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe, visit http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/

    ------------------------------

    Date: Mon, 4 Jun 2001 19:10:09 -0700
    From: Phil Agre <pagrealpha.oac.ucla.edu>
    Subject: Billboard error message

    I was driving on I-405 northbound in southern Los Angeles County when I saw
    a bitmapped billboard on the east side of the road that was displaying a
    Windows error message. I couldn't take down the exact text, but it was
    something like "The file cannot be played; it may be corrupt". This was a
    first for me. I had seem Windows error messages displayed on video monitors
    in airports and other public places, but never on a full-sized billboard.
    Now, digital billboards that display animation are already a Risk of
    distraction to passing drivers; there is an especially bright billboard on
    the Sunset Strip that is IMHO a serious traffic hazard, and it often plays
    music videos and the like. I don't know what the billboard on I-405
    normally shows. One might argue that the giant Windows error is actually an
    anti-Risk because it reminds the entire populace just how unreliable
    Microsoft products are, thus reducing the likelihood that a passing motorist
    will specify such products as part of a safety-critical system once they get
    to work. On the other hand, it is easy to imagine the havoc that could be
    caused by someone who managed to hack a billboard next to the freeway and
    display their own content on it, particularly if the billboard is supposed
    to display safety-relevant traffic messages.

    Phil Agre

      [Phil, Please drive safely, with hands-free cell phone headset (unless you
      already have a dashboard-mounted videocam/videophone set), coffee in one
      hand, a hot dog in the other, while watching your GSP video screen at the
      same time. Then you can safely ignore the safety-related signs.

        BTW, My local movie N-plex recently displayed a bunch of operating
        system prompts and reboot script in the space devoted to which shows
        were sold out. We've also had reports of similar activities in RISKS.
        PGN]

    ------------------------------

    Date: Wed, 30 May 2001 18:43:08 -0500 (CDT)
    From: griffitholagrande.net
    Subject: California bill prohibits online gambling

    The California Assembly passed a bill today which would make it illegal for
    Californians to play games online that are otherwise illegal in California.
    The bill would fine first-time transgressors $25 per transaction (not
    conviction) and $100 per transaction thereafter. Companies (anywhere)
    convicted of catering to Californians could be liable for $1000 per
    transaction and 90 days in jail. The bill supposedly specifically allows
    prosecutors to go after offshore corporations.

    http://www0.mercurycenter.com/breaking/docs/064216.htm

    We're barely finished cursing France for their stupidity in attacking
    Yahoo!, and we go and do something equally stupid. Hopefully, our Senate or
    Governor is a little smarter than our Assembly.

    Anyone want to bet that this bill doesn't work as intended? No, wait a
    minute, I could get arrested for that.

    ------------------------------

    Date: Thu, 31 May 2001 09:38:35 +0000
    From: "Marcus de Geus" <marcusdegeus.com>
    Subject: Dutch government to act against virtual child pornography

    The Dutch Minister of Justice, Korthals, has announced measures that will
    make it illegal to produce or possess child pornography created by means of
    electronic image manipulation. The proposed legislation appears to be aimed
    at preventing the production and possession of artificially rendered images
    that could be interpreted as representations of children involved in sexual
    acts. Current Dutch law states that the production or possession of
    pornography is a criminal offence if it involves the physical (ab)use of
    (real) persons under a certain age. [Based on a report in an e-mail message
    from Radio Nederland Wereldomroep.]

    Leaving aside for the moment the moral issues involved, as well as the
    practical aspects of enforcement, or even the difficulty of ascertaining the
    age of a virtual person, the legal ramifications could prove interesting,
    since the proposal appears to be based on the assumption that the virtual
    representation of an activity can somehow be put on a par with its physical
    counterpart.

    Few, if any, people will be prepared to argue in favour of sexual acts
    involving children, which is why it is an illegal activity. In the same
    vein, few would argue in favour of the wholesale slaughter of people for the
    purpose of entertainment. We find the idea repugnant, which is why such
    activities have also been made illegal, at least in most modern countries.

    On the basis of these premises, I wonder how the widespread legal
    availability of virtual reality shoot-'em-up computer games will affect, or
    be affected by, the proposed legislation. I somehow doubt that Mr. Korthals
    will be prepared to do battle with such economic forces as represented by
    Messrs. Sony, Nintendo, and soon, Xbox producers, Microsoft.

    The RISKS? Assuming that seeing is believing, or that What You See Is What
    You Get.

    Marcus de Geus <marcusdegeus.com> http://www.degeus.com

    ------------------------------

    Date: Sat, 2 Jun 2001 10:38:44 +0200 (MET DST)
    From: Kris Carlier <rootiguana.be>
    Subject: Payday delayed by one day in Belgium

    On 1 Jun 2001, the majority of people on the government payroll were paid
    with a one-day delay. The same goes for refunds for VAT and taxes. The
    reason: Belgian postal services are tasked with doing the money transfers
    towards the different banks.

    Seems that they had a special situation: on 31 May, not only people had to
    be paid, but the next weekend (02-04 Jun) being a long one, an
    'exceptionally large number' of transactions were fed to the system. In
    itself this should not have been a problem, but the system has some built-in
    time-restrictions, described as being rather 'large'. This of course to
    avoid runaway jobs from causing further damage, just in case. Yet, some
    components were hitting these time-restrictions before they were actually
    finished. The Post's spokesman said that this kind of situation is only
    encountered once in 5 years.

    At first, of course, the functionaries were suspecting their respective
    payment departments to be responsible. Phones didn't stop ringing all
    day, then finally it was also on the news.

    kris carlier - krisiguana.be KC62-RIPE SMS: +32-475-61.43.05

    ------------------------------

    Date: Fri, 1 Jun 2001 16:11:51 +0200
    From: BROWN Nick <Nick.BROWNcoe.int>
    Subject: Mobile phones to manage truancy - and other free publicity

    *The Guardian* (UK) "reports" (by printing a press release) today on a
    "system" to allow teachers to report truanting children to their parents.
    The "article" contains a number of less-than-stunning revelations, such as
    that "a large number of parents have mobile phones", and some highly
    meaningless claims, for example "The device can also be used to inform
    headteachers, therefore cutting down on the time the overall monitoring
    process takes."

    Full text:
    http://www.guardian.co.uk/Archive/Article/0,4273,4196245,00.html
    (and don't forget to click on the related story at the end, about students
    calling their parents from the classroom to complain about their teachers !)

    The RISKs should be fairly obvious to regular readers, both in the system
    itself, and also in the phenomenon of supposedly "upmarket" newspapers with
    a tradition of investigative reporting, printing technology company press
    releases as news. A further example of the latter is the collection of
    unverifiable claims in the "article" on Microsoft Office XP at
    http://www.guardian.co.uk/Archive/Article/0,4273,4196242,00.html.

    Nick Brown, Strasbourg, France

    ------------------------------

    Date: Fri, 1 Jun 2001 22:27:15 -0500
    From: "Mick Topping" <mickmtopping.com>
    Subject: Inevitability of risks

    Apparently the Gullibility Virus
    http://bob.bob.bofh.org/~robm/manual/virus/gullibility.html
    has struck more people than first realized

    Remember this from several months back?

       Subject: New Minnysoota Virus.

           Sven and Ole vere here.

          Yew have yust received da Sven & Ole Computer Virus.
          Because ve don't know how to program computers, dis virus verks
          on da honor system. Please delete all da files on yewr hard drive
          manually and forward dis message to everyvon on yewr mailing list.

          Tank yew fer yewr kewhopeeration.

          Sven and Ole

    I thought this was pretty funny, at the time, but then I saw the recent
    warnings on the Hoax-Virus, like this:
    http://www.thestandard.com/article/0,1902,26780,00.html It suddenly came to
    me, that someone had taken the Sven&Ole model, and improved on it, just a
    little. AND IT IS WORKING! Apparently you don't even have to be a
    script-kiddy to make an effective virus. (Hey kid, if you put sugar in your
    dad's car's gas tank, it will run real fast...Well, Joe, if you want to get
    that charcoal started FAST, try this jar of gasoline...If you don't have a
    fuse, just stick a penny in the socket...memes?) It is not surprising that a
    few users might fall for this, but the very fact that something like this
    can find a toe-hold to spread, confirms that a big risk of technology
    (ignorance) has been with us since the first tool user cut himself with the
    first sharp rock.

    Is real risk of information technology is that it enables the ultra-rapid
    spread of malicious memes?

    ------------------------------

    Date: Tue, 29 May 2001 20:49:06 -0400 (Eastern Daylight Time)
    From: "S. Alexander Jacobson" <alexshop.com>
    Subject: Re: The Faith-Based Missile Defense

    I find it surprising that people on this list are so dismissive of
    anti-ballistic missile technology:

    * the US and Russia both use and sell various forms of surface to air
    missiles designed to shoot down even very fast planes like F-16s and
    MIG-29s.

    * attack missiles in terminal phase seems like a natural extension of the
    capabilities of existing SAM systems (not a radically new technological
    development)

    * missiles in boost phase are very hot and move very slowly and predictably
    (much more so than highly maneuverable fighter planes) -- so there is some
    reason to believe that boost phase systems can be more effective than SAMs.
    From a technical perspective, development of boost phase interception does
    not seem obviously more complex than that of Aegis ship based defense
    system.

    Moreover, general ABM seems like a natural extension of the Aegis system
    in particular. We now know that the USSR actually deployed an integrated
    missile tracking system at Krasnoyarsk -- so at very least that portion of
    the technology is actually deployable.

    Obviously developing and deploying ABM systems will not be easy and there
    is substantial risk of failure. Moreover even a successful project will
    may be substantially less than 100% effective. However, the same is true
    of most defense systems, but we develop and deploy them anyway. Why hold
    ABM to a different standard than other defense technology?

    Critics may have good policy reasons to oppose deployment of ABM systems,
    but creating FUD about development risks is a service to no one.

    Alex S. Alexander Jacobson 1-646-638-2300

    ------------------------------

    Date: Tue, 5 Jun 2001 21:58:39 +0200 (MET DST)
    From: marten-risksnorman.qmail.com
    Subject: Re: Eurocops want seven-year retention of all phone, Net traffic

    > Are they mad? One barely knows where to start enumerating the risks
    > of such an undertaking.

    Try to remind the politicians of snail mail and the fact that anyone
    may send a letter anonymously by dropping it in a mailbox.

    I humbly suggests them to put a clerk and a photo copy machine at
    every snail mail box. Let the clerk identify everyone droppping
    a letter. And of course open the envelope and make a photocopy of
    the letter to be archived for seven years.

    If they still think it's a good idea, vote for other politicians.

    Morten Norman

    ------------------------------

    Date: Thu, 31 May 2001 14:59:40 -0500 (CDT)
    From: "Scott E. Preece" <preeceurbana.css.mot.com>
    Subject: Re: Our software is *never* wrong (Gat, RISKS-21.41)

    It is possible to explain this without the credit-card company rep being
    either stupid or over-trusting. If the database tracks changes to the data
    and the rep was aware of an automated change (a systematic change to the
    database, such as might occur in changing the schema in the database), the
    rep might be able to know that you should have gotten a preference update
    notification and that no manual changes had been made to your data.

    Obviously, it is also possible that there was some break-in, but if the rep
    had a reasonable explanation consistent with all the data, Occam's razor
    argues for assuming that explanation.

    scott preece, motorola/css urbana design center preeceurbana.css.mot.com
    1800 s. oak st., champaign, il 61820 1-217-384-8589

    ------------------------------

    Date: Wed, 30 May 2001 20:01:22 -0400
    From: "Daniel P. B. Smith" <dpbsmithbellatlantic.net>
    Subject: WSJ/Word change tracking/"MS Tool Lifts Veil on Spin"

    If you send a Word .doc file directly to someone else, without going to
    "track changes" and accepting all changes, your recipient can see all
    the edits you have made to the document, with results that can be
    humorous, embarrassing, or worse. This is old news to RISKS
    readers--how long ago did the first mention of the problem appear in
    RISKS? But perhaps the recent appearance of an article about it in The
    Wall Street Journal (May 14th, page C1) is worthy of mention.

    The article is entitled "How to Read Between the Corporate Lines." It
    gives the procedure for viewing Microsoft Word edits, and (with somewhat
    less clarity) the procedure you must go through to prevent someone else
    from viewing YOUR edits.

    The way the Journal puts it: "Just a couple of clicks provides a
    revealing peek into how some companies massage their public messages to
    Wall Street." In a news release from Ameritrade Holding Corp, "in one
    draft, Ameritrade billed the March hiring of Mr. Moglia as one of the
    'right decisions' the company made during a difficult second quarter.
    But his name ended up on the cutting-room floor, a thin blue line
    erasing him from the final version." It mentions that "Analysts and
    investors looking at an earlier draft would have found a per-share,
    quarterly loss of 31 cents. But that, too, was crossed out and change
    to a loss of 30 cents." An Ameritrade spokeswoman brushed off the
    changes, saying "it is too bad--but on the other side of it, it is too
    bad that someone would think to turn the edits on."

    The article goes on to cite minor gaffes from Visa USA, Allied Capital,
    Web Street, and Acxiom, leaving little doubt that the problem is widespread.

    There are no real howlers or scandals here. But you'd think the RISKS
    would be obvious, wouldn't you?

    Daniel P. B. Smith <dpbsmithworld.std.com>
    "Lifetime forwarding" address: dpbsmithalum.mit.edu

    ------------------------------

    Date: Wed, 30 May 2001 20:05:28 +0100 (BST)
    From: Lloyd Wood <l.woodeim.surrey.ac.uk>
    Subject: Re: Word file turns into two disjoint texts (Page, RISKS-21.40)

    > Word was set to allow "Fast Saves", which is a non-default setting
    > that performs incremental rather than complete saves.

    It's worth pointing out that for a long time the default was to have
    fast save _on_. The first thing I would do with any version of Word is
    check for and disable it, having discovered its lack of reliability.
    (Many patches to earlier versions of Word were solely to address,
    er, issues with fast save.)

    The risk lies in changing the defaults when user experience has led to
    certain expectations. In this case, if you were hoping that fast save
    would let you recover mistakenly deleted text based on experience of
    older versions of Word, you'd be out of luck.

    <L.Woodsurrey.ac.uk>PGP<http://www.ee.surrey.ac.uk/Personal/L.Wood/>

    ------------------------------

    Date: Mon, 04 Jun 2001 22:57:10 -0500
    From: Chris Meadows <robotecheyrie.org>
    Subject: Steve Gibson: Windows XP Vulnerable; Big ISPs just don't care

    The report on this webpage

        http://grc.com/dos/grcdos.htm

    is from Steve Gibson, a respected name in the tech community, and it
    details his travails after grc.com came under attack from a 13-year-old
    hacker, at first due to a mistaken belief Gibson had called him a name,
    then simply because it was fun. It mentions how Windows XP was all but
    made with these so-called "script kiddies" in mind, and they're aware of
    it--and when it is more widely spread, they will be able to launch
    devastating, perhaps unstoppable attacks.

    He also mentions how much trouble he had getting any of the major ISPs to
    cooperate with him.

    This is an eye-opening report. Ignore it at your peril.

    Chris Meadows aka Robotech_Master Co-moderator rec.toys.transformers.moderated
    robotecheyrie.org <URL:http://www.eyrie.org/~robotech/>

    ------------------------------

    Date: Tue, 29 May 2001 23:42:20 -0600 (MDT)
    From: Bear Giles <bearcoyotesong.com>
    Subject: Re: Office XP modifies what you type (RISKS-21.42)

    I believe that the RISKS here are far more profound than a few broken links.

    In the beginning, authors were responsible for their own words and our
    programs (confusingly called 'editors') preserved them. Until those
    butchers, our human editors, hacked at them.

    Then computers became powerful enough for 'editors' to act as advising
    editors. We still owned our own words, at least until
    they-who-edit-because-they-cannot-write got ahold of them, but the programs
    could handle the tedious work of digging out the dictionary.

    Now, for the first time, we see a program usurping the role of the human
    editor. Unlike the human counterpart, we can't bribe this one with cheap
    booze when the facts fail to sway them. On this issue the program is the
    FINAL editor, sans appeal.

    This is... scary. The smaller problem is one of liability - if a human
    editor screws up, he can face real consequences. But if a program is
    responsible for dropping a single word from the sentence "Mr. Smith did not
    murder his wife," the humans will still bear the responsibility even though
    they were powerless to prevent it. This type of liability isn't
    unprecedented, but it probably hasn't seen widespread use since codpieces
    were the height of male fashion. (hmmm....)

    The bigger problem is that this will be an unbearable temptation to the same
    "technical solutions to social problems" crowd that loves photo radar and
    net filters in libraries. Why worry about the attitudes that would make
    someone type "the N word" if you can require software to automatically edit
    out the offensive word or phrase? Even better, we even have the precedence
    that WYSIWYG doesn't mean WYSIWYG - it's now perfectly legitimate for the
    original author to see what he typed, but for the saved file (and all
    subsequent viewers) to see a different word.

    What would stop the Republic of Freedonia from requiring all word processors
    replace all references to their breakaway province Catatonia with the phrase
    "breakaway province of Catatonia"? The Breakaway Province of Catatonia
    would naturally have its own laws regarding Imperialistic Freedonia.

    In the US we have the First Amendment to protect us from laws requiring such
    changes. Which just means that these law will sneak in the back door. Some
    obvious examples: how could any school justify allowing minor students to
    write obscene screeds? (Never mind legitimate book reports on Mark Twain.)
    How can any company defend itself against a sexual harassment suit, already
    an extremely confusing body of case law, if company e-mail allows employees
    to be referred with "the B and C words?"

    This "feature" isn't scary because it will break a few links. It's scary
    because it opens the door for our voices to become those of a stranger.

    Bear Giles bgiles (at) coyotesong (dot) com

    ------------------------------

    Date: Fri, 01 Jun 2001 13:15:02 GMT
    From: LShaping <nospamall.please>
    Subject: Re: Office XP modifies what you type (Deegan/Arnold, RISKS-21.42)

    Microsoft knows best. That is no different than Windows 95 forcing all
    capital-letter file names into Microsoft's chosen format. You have no
    choice, you are not given any way to change the behavior, you must submit
    to Microsoft's wishes. Must feel good to be a monopoly and be able to
    force personal computer users to behave as you wish.

    ------------------------------

    Date: 5 Jun 2001 07:54:19 -0700
    From: falcospavexcite.com (Elana Who?)
    Subject: Re: "Hacker Insurance" charges higher rates for Windows systems!

    Two quotes from the article:

    "J.S. Wurzler Underwriting Managers, one of the first companies to offer
    hacker insurance, has begun charging its clients 5 percent to 15 percent
    more if they use Microsoft's Windows NT software in their Internet
    operations. "

    "...found that system administrators working on open source systems tend to
    be better trained and stay with their employers longer than those at firms
    using Windows software, where turnover can exceed 33 percent per year."

    The article can be found at:
    http://www.zdnet.com/intweek/stories/news/0,4164,2766045,00.html

    -Elana

    ------------------------------

    Date: Tue, 05 Jun 2001 07:25:03 +0100 (BST)
    From: dbellzhochaka.demon.co.uk ("David G. Bell")
    Subject: Re: UK Government Gateway blocks non-MS browsers (Mistry, R-21.44)

    The same system is also being used for the electronic submission of EU
    subsidy claim forms to MAFF (the UK's agriculture department), the details
    of which are available from the www.maff.gov.uk site. While it has been
    heavily pushed by MAFF, as a consequence of the outbreak of Foot and Mouth
    Disease in the UK, and a desire to reduce the risk of accidental transfer of
    the virus by farmers delivering forms to MAFF offices, there is still the
    problem of getting the certificates.

    Also, some of the claim forms require additional documents, such as sketch
    maps, which cannot be so easily presented as a blank electronic form in a
    browser. There seems to be a RISK that instead of a large envelope,
    containing everything and delivered, with tracking, by the Post Office,
    there is an envelope, and a set of electronic data, which must be connected
    together somewhere in the MAFF admin system.

    There has been some reporting by users, this year and of the trial last
    year, in the uk.business.agriculture newsgroup. The abbreviations "IACS"
    and "AAPS" will be useful in any searches of news archives.

    Incidentally, I had an e-mail discussion, before the trials started, with
    one of the MAFF personnel involved, about the various open signature and
    encryption standards defined in RFCs. He had, as I recall, not heard of
    them.

    David G. Bell -- Farmer, SF Fan, Filker, and Punslinger.

    ------------------------------

    Date: Thu, 31 May 2001 16:40:51 -0700
    From: Tiffany Peoples <tiffanyusenix.org>
    Subject: 10th USENIX Security Symposium

    10th USENIX Security Symposium
    August 13-17, 2001
    Washington, D.C.
    http://www.usenix.org/events/sec01
    Sponsored by USENIX, the Advanced Computing Systems Association www.usenix.org

    REGISTER BY JULY 20, 2001 AND SAVE UP TO $200!

    PRACTICAL SECURITY FOR THE REAL WORLD

    KEYNOTE ADDRESS by Richard M. Smith, CTO, Privacy Foundation
      "Web-Enabled Gadgets: Can We Trust Them?"
    24 REFEREED PAPERS on the best new research
    INVITED TALKS by Matt Blaze, Mark Eckenwiler, Eric Murray,
      John Young, Deborah Natsios, etc.
    6 TUTORIALS

    ------------------------------

    Date: Sun, 3 Jun 2001 20:13:07 +0000 (UTC)
    From: cbsei.cmu.edu (Carol Biesecker)
    Subject: Announcement - 16th Annual Software Engineering Symposium 2001

    SEI 16th Annual Software Engineering Symposium 2001
    October 15 - 18, 2001
    Grand Hyatt at Washington Center
    Washington, D.C.
    World Wide Web: http://www.sei.cmu.edu/symposium/

    Catalysts for Improving Acquisition and Development of
    Software Intensive Systems

    Symposium 2001 Conference Coordinator
    412 / 268-3007
    E-mail: symposiumsei.cmu.edu

    For more information about the Symposium, contact
    Symposium 2001 Conference Coordinator
    Phone: 412 / 268-3007
    FAX: 412 / 268-5556
    E-mail: symposiumsei.cmu.edu
    World Wide Web: http://www.sei.cmu.edu/symposium/

    ------------------------------

    Date: 12 Feb 2001 (LAST-MODIFIED)
    From: RISKS-requestcsl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

     The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you. Alternatively, via majordomo,
     SEND DIRECT E-MAIL REQUESTS to <risks-requestcsl.sri.com> with one-line,
       SUBSCRIBE (or UNSUBSCRIBE)
     which now requires confirmation to majordomoCSL.sri.com (not to risks-owner)
     [with option of E-mail address if not the same as FROM: on the same line,
     which requires PGN's intervention -- to block spamming subscriptions, etc.] or
       INFO [for unabridged version of RISKS information]
     .MIL users should contact <risks-requestpica.army.mil> (Dennis Rears).
     .UK users should contact <Lindsay.Marshallnewcastle.ac.uk>.
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues. *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksCSL.sri.com with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 20" for volume 20]
     http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing

    ------------------------------

    End of RISKS-FORUM Digest 21.45
    ************************