Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: RISKS List Owner (riskocsl.sri.com)
Date: Tue Apr 17 2012 - 18:00:11 CDT
RISKS-LIST: Risks-Forum Digest Tuesday 17 April 2012 Volume 26 : Issue 79
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at
Hospital generator failure following earthquake (Jonathan Hunt)
For want of an isolating ground, a railroad was shutdown (Danny Burstein)
Insider attack on smart meters (PGN)
UK Government to give consumers control over smart meter data amidst privacy
concerns (Bob Waixel)
Why one in five U.S. adults don't use the Internet (CNN)
60% of Wikipedia entries about companies contain errors: correcting them
isn't easy (Science News)
Computer Fraud Act Case Dismissed (Donn Parker)
GPS is a humanitarian weapon system (jidanni)
DHS chief contemplating proactive cyber attacks (Steve Johnson via
MintChip -- a virtual cryptocurrency backed up by a government (Mark Thorson)
ICANN data breach exposes gTLD applicant data ... (ars technica)
CIA's Secret Fear: High-Tech Border Checks Will Blow Spies' Cover
"Apple under fire for backing off IPv6 support" (Gene Wirchenko)
CISPA, Cybersecurity, and the Devil in the Dark (Lauren Weinstein)
Web freedom faces greatest threat ever, warns Google's Sergey Brin
DARPA Challenge Seeks Robots to Drive Into Disasters (ACM TechNews)
Walled gardens look rosy for Facebook, Apple -- and would-be censors
Re: Unraveling a massive click fraud scheme (Martin Ward)
"Did first DDOS attack sink the Titanic?" (Gene Wirchenko)
Abridged info on RISKS (comp.risks)
Date: Tue, 17 Apr 2012 22:50:08 +1200
From: Jonathan Hunt <risks.orghuntdesign.co.nz>
Subject: Hospital generator failure following earthquake
A report in the Lancet by Michael Ardagh et al. describes the initial
health-system response to the earthquake in Christchurch, New Zealand, in
February 2011, with a focus on the Christchurch Hospital emergency
department. While the response is assessed as effective, the report notes
"Power was lost immediately. Within seconds, six diesel-fueled generators
activated to provide power to electrical outlets designated as essential
services. However, the severe shaking disturbed sump sludge within the
diesel tanks. Consequently during subsequent hours, a generator failed
several times, leaving the emergency department clinical areas, ICU, blood
bank, radiology department, and other areas with no power."
Under Lessons learned, the report states, "The back-up generator diesel
tanks have since been drained and cleaned."
http://www.thelancet.com/journals/lancet/article/PIIS0140-6736(12)60313-4/fulltext (registration required)
Date: Wed, 11 Apr 2012 22:32:51 -0400 (EDT)
From: Danny Burstein <dannybpanix.com>
Subject: For want of an isolating ground, a railroad was shutdown
[from the IG report looking into a Long Island RR
(NYC suburban commuter line) failure last year]
At approximately 4:30 p.m. on 29 Sep 2011, the beginning of the evening
rush, lightning struck near Long Island Rail Road (LIRR) tracks, creating a
power surge that disabled the signal system controlling the train
interlocking just west of Jamaica Station
Approximately three and a half hours after the strike, in an attempt to
repair a computer server believed to have been damaged by the power surge, a
LIRR employee erroneously disabled the separate signaling system controlling
the train interlocking just east of Jamaica Station. At that point, all
service was suspended.
* So, how did lightning get through the various safeguards?
The report continues:
Specifically, OIG found that:
In accordance with its contract, ASTS designed the new signaling system for
the Jamaica Interlocking but LIRR employees installed it. During the
installation, LIRR added a piece of computer equipment called a "serial
server", which was not part of the ASTS design. This server allows LIRR to
remotely monitor various pieces of the equipment.
In the course of attaching the server to the new signaling equipment, a LIRR
employee used one incorrect connector. ASTS, LIRR, and Systra all agree
that this connector created the pathway by which the power surge generated
by the lightning damaged the signal system and brought it down.
Date: Sun, 15 Apr 2012 10:40:46 PDT
From: "Peter G. Neumann" <neumanncsl.sri.com>
Subject: Insider attack on smart meters
Interesting convergence of different underestimated issues - insider
attacks (frequently ignored) and smart meters (largely ignored).
[Thanks to Jeremy Epstein for spotting this one. PGN]
FBI Concerned About Smart Meter Hacking, 9 Apr 2012
According to an FBI cyber bulletin, an unnamed utility company in Puerto
Rico was the target of attacks against smart meters, costing the company
hundreds of millions of dollars. This appears to be the first report of such
attacks and the FBI expects that the occurrence of similar attacks will rise
as the smart grid technology is more widely adopted. The FBI believes that
former employees of the meter manufacturer reprogrammed meters for between
US $300 and US $3,000 so that the associated buildings appeared to be
consuming less power than they actually used. Most meters are read
remotely, making fraud detection difficult. The alterations require physical
Date: Fri, 13 Apr 2012 17:10:36 +0100
From: "Robert (Bob) Waixel" <r.waixelbcs.org.uk>
Subject: UK Government to give consumers control over smart meter data amidst privacy concerns
Outlaw, the blog of the respected UK IT law firm Pinocent Masons has a
thorough article on the risks of installing 'smart' utility (Gas and/or
electricity) meters at:
It refers to a paper by Ross Anderson and Shailendra Fuloria ("Who controls
the off switch?")
Both are well worth reading. There are risks to switching to computerised
metering / systems including
* unwanted intruders to the data held your house, in transit or at the
utility, accessing when you are in/out or being able to have a good guess
at when you are watching TV, or even using the bedroom?
* various other privacy beaches involving an individual or household's
There are an additional set of risks if such a meter incorporates an 'off'
switch to the supply at your location. especially if unauthorised access to
such functionality is a possibility. I know the suppliers will claim their
security is (will be) so perfect that it is ridiculous to consider this as
If it is a business of course, it might be a ripe source of potential
blackmail (greenmail or any colour of your choice).
I'm sure the data will be a tempting target at all stages of its journey
from home or business to utility's database.
Robert (Bob) Waixel, MBCS, MCInstM, FHEA, CITP
RW Systems, Cambridge, UK, r.waixelbcs.org.uk
Date: Fri, 13 Apr 2012 23:53:55 -0700
From: Lauren Weinstein <laurenvortex.com>
Subject: Why one in five U.S. adults don't use the Internet (CNN)
"Even though the Internet has become a key tool for accessing services,
getting an education, finding jobs, getting the news, keeping up with
people you know and much more, one in five U.S. adults still does not use
the Internet at all, according to a new Pew report. Why? Mostly they're
just not interested -- not in the Web, e-mail, YouTube, Facebook or
anything else that happens online." http://j.mp/HSPgL7 (CNN)
Date: Tue, 17 Apr 2012 10:12:30 -0700
From: Lauren Weinstein <laurenvortex.com>
Subject: 60% of Wikipedia entries about companies contain errors -
correcting them isn't easy
http://j.mp/IuII3Q (Science News)
When respondents attempted to engage editors through Wikipedia's "Talk"
pages to request factual corrections to entries, 40 percent said it took
"days" to receive a response, 12 percent indicated "weeks," while 24
percent never received any type of response. According to Wikipedia, the
standard response time to requests for corrections is between two and five
days. Only 35 percent of respondents were able to engage with Wikipedia,
either by using its "Talk" pages to converse with editors or through
direct editing of a client's entry. Respondents indicated this figure is
low partly because some fear media backlash over making edits to clients'
entries. Respondents also expressed a certain level of uncertainty
regarding how to properly edit Wikipedia entries. Of those who were
familiar with the process of editing Wikipedia entries, 23 percent said
making changes was "near impossible." Twenty-nine percent said their
interactions with Wikipedia editors were "never productive."
Date: Wed, 11 Apr 2012 19:41:50 -0400 (EDT)
From: Donn Parker <Donnlornaaol.com>
Subject: Computer Fraud Act Case Dismissed
It has finally happened. The Federal Computer Fraud and Abuse Act has been
The Ninth U.S. Circuit Court of Appeals said:
"Under the prosecution's interpretation [of the Act], "millions of
unsuspecting individuals would find that they are engaging in criminal
conduct," said Chief Judge Alex Kozinski in the majority opinion." The
defendant in the case is still being prosecuted for engaging in other
criminal acts. Although I supported with testimony, helped write, and
assisted in getting the original Computer Fraud and Abuse Act adopted, I
pointed out that all violations it covered seemed to be covered by existing
criminal laws (as was this case) and in most cases had stronger
penalties. Several prosecutors told me that they wouldn't apply the new law
anyway because violation of existing laws would be more easily understood by
the courts. However, there is still value in the Computer Fraud and Abuse
Act for three reasons. It has drawn public attention onto crimes in the new
IT environments, it encouraged potential victims to protect themselves, and
it helped law enforcement agencies get funding and motivation for gaining
the skills and knowledge to investigate and prosecute the old crimes in the
new IT environments. When I write "new IT environments", I mean where a
computer plays one or more of four roles, object of attack, subject (unique
environment), tool, and symbol (for deception.) Donn
Date: Sun, 15 Apr 2012 23:45:16 +0800
Subject: GPS is a humanitarian weapon system
"GPS is a humanitarian weapon system" says Dr Bradford W Parkinson,
Chief Architect of Global Positioning System
"Just before the first Iraq war, the US had turned on the GPS Selective
Availability feature. But the irony was that, as soon as the war started,
they decided to turn it off since many of the soldiers had civilian GPS
sets. It was hurting themselves. We never should have done it in the first
"Incidentally, I was very instrumental in getting that turned off; my
argument always was that wiggling the signal with selective availability was
only going to speed up the introduction of differential systems and that is
exactly what happened. By 1978 we had already demonstrated differential GPS
that could reduce errors to about 2 meters, so I said why on earth would you
try and put something in place that is so trivially defeated."
Date: Tuesday, April 17, 2012
From: Richard Forno
Subject: DHS chief contemplating proactive cyber attacks (Steve Johnson)
Begin forwarded message (via Dave Farber's IP distribution):
Steve Johnson, Homeland Security chief contemplating proactive cyber attacks
*San Jose Mercury News*, 16 Apr 2012 sjohnsonmercurynews.com,
Posted: 04/16/2012 07:35:38 PM PDT
Updated: 04/16/2012 09:08:36 PM PDT
Homeland Security Secretary Janet Napolitano said Monday she would consider
having tech companies participate with the government in "proactive" efforts
to combat hackers based in foreign countries.
Napolitano, who made the comments during a meeting at the *San Jose Mercury
News* with the editorial board and reporters, declined to say what steps
corporations and federal agencies might take against foreign cybercrooks,
who have been blamed for numerous computerized incursions against the United
States. She made the remarks in response to a question, and emphasized the
idea is merely one she would consider and that no decisions have been made.
In discussing the private partnerships she is promoting to combat
cyberattacks, Napolitano was asked if instead of just taking defensive
measures, the government and companies should be launching proactive
counterattacks against foreign-based culprits. "Should there be some aspect
that is in a way proactive instead of reactive?" she responded, and then
answered her own question with "yes." She added, "it is not something that
we haven't been thinking about," noting someone else had raised the subject
with her earlier Monday.
However, Napolitano said some restrictions might have to be placed on
businesses participating in such cyber activities because "what you are
doing is authorizing a private entity to do what might otherwise be
construed as an attack on another entity."
[Long item truncated for RISKS. PGN]
Date: Wed, 11 Apr 2012 14:44:52 -0700
From: Mark Thorson <eeesonic.net>
Subject: MintChip -- a virtual cryptocurrency backed up by a government
One of the major objections to the Bitcoin cryptocurrency is it isn't backed
up by anything, no hard assets or government. MintChip aims to succeed
where Bitcoin faltered by having the backing of the Royal Canadian Mint.
Is it secure? Of course it's secure! It has the dual advantages
of a (presumably) cryptologically reliable technology combined
with a totally secret implementation.
Date: Fri, 13 Apr 2012 10:44:36 -0700
From: Lauren Weinstein <laurenvortex.com>
Subject: ICANN data breach exposes gTLD applicant data ... (ars technica)
ICANN data breach exposes gTLD applicant data, leads to deadline extension
http://j.mp/IlHuaN (ars technica)
"The group that oversees the Internet's address system has extended the
application deadline for new generic top level domains (TLDs) and warned
that a glitch in its processing system exposed potentially sensitive
applicant information to competitors."
They can't even get the basic application security right.
Date: Thu, 12 Apr 2012 10:31:31 -0400
From: Robert Schaefer <rpshaystack.mit.edu>
Subject: CIA's Secret Fear: High-Tech Border Checks Will Blow Spies' Cover
Who would have guessed that this would happen - high-tech security is
getting so good at border crossings that it can actually catch spies.
Robert Schaefer, Atmospheric Sciences Group, MIT Haystack Observatory,
Westford MA 01886 http://www.haystack.mit.edu 781-981-5767 rpshaystack.mit.edu
Date: Mon, 16 Apr 2012 08:08:53 -0700
From: Gene Wirchenko <genewocis.net>
Subject: "Apple under fire for backing off IPv6 support"
Apple under fire for backing off IPv6 support
Presenters at the North American IPv6 Summit expressed annoyance that
the latest version of Apple's AirPort Utility is no longer compatible with IPv6
4/13/2012 3:01:00 PM By: Carolyn Duffy Marsan
Date: Sat, 14 Apr 2012 12:01:42 -0700 (PDT)
Subject: CISPA, Cybersecurity, and the Devil in the Dark
Lauren Weinstein's Blog Update, April 14, 2012
CISPA, Cybersecurity, and the Devil in the Dark
The threat of "cyberattacks" is real enough. But associated risks have in
many cases been vastly overblown, and not by accident of chance.
The "cybersecurity" industry has become an increasingly bloated "money
machine" for firms wishing to cash in on cyber fears of every stripe, from
realistic to ridiculous. And even more alarmingly, it has become an excuse
for potential government intrusions into Internet operations on a scope
never before imagined.
There are warning signs galore. While we can all agree that SCADA systems
that operate industrial control and other infrastructure environments are in
need of serious security upgrades -- most really never should have been
connected to the public Internet in the first place -- "war game" scenarios
now being promulgated to garner political support (and the really big
bucks!) for "cyber protection" have become de rigueur for agencies and
others hell bent for a ride on the cybersecurity gravy train.
Phony demos purporting to illustrate mass cyber attacks are more akin to
Fantasyland than reality, and the turf war between the Department of
Homeland Security (DHS) and intelligence agencies such as CIA and NSA in
this sphere should give all of us cause for significant concern.
The Cyber Intelligence Sharing and Protection Act (CISPA - H.R. 3523) has
become the embodiment of hopes for those entities who hope to turn overblown
fears of cyber attacks into a pipeline for potentially massive access by
government into the private data of Internet users.
Sponsors of the legislation tout its relative shortness and generality, but
those are precisely among the aspects that make this legislation so
CISPA effectively overrides virtually all existing laws related to Internet
privacy protections. And since CISPA offers firms access to government
cybersecurity "threat data" in exchange for ostensibly voluntary feeding of
data back from those firms to the government, and provides for broad
protective immunity for companies that choose to do so, a pantheon of tech
heavyweights have lined up in support.
Just a few of the firms who have to various extents professed direct support
of CISPA include Facebook, Symantec, Verizon, IBM, Intel, Microsoft, and
Oracle. There are many others.
Notably absent from this list is Google, who has not taken a formal position
on the existing CISPA legislation and apparently is unlikely to do so.
Google's current approach to CISPA seems particularly prescient.
While it would be absolutely incorrect to attribute bad motives to the firms
supporting CISPA, the legislation itself is in my view so vague and general
that it represents largely an "empty vessel" capable of enormous potential
damage if deployed and then subjected to the inevitable stream of court
CISPA claims to ban using data collected under its authority for other than
cyber threat activities. But we've seen such data compartmentalization bans
fall many times before in other data collection contexts.
Since the legislation creates such a broad override of existing privacy
protections, and such encompassing immunities for firms that provide
associated data to the government, the lack of specificity in so many
aspects of CISPA creates what could be the opportunity for a "perfect storm"
of abuses down the line.
There are indeed genuine risks of serious attacks on the Internet and
connected infrastructural systems. But in the fog of the
military-industrial complex's rapid push into this area, it has become
obvious that realistic assessments are being shoved aside in favor of scare
tactics, agency power struggles, and "get rich quick" scheming.
This entire area has become a quintessential example of sowing F.U.D. --
Fear, Uncertainly, Doubt -- while legitimate questions of privacy and
individual rights are purposefully being marginalized.
We saw much the same thing happen after 9/11, with the knee-jerk rush to
pass the PATRIOT Act and Homeland Security Act, with a range of profiteering
and abuses against individual liberties that then resulted -- even leading
the U.S. down the evil path of torture.
We must avoid a repeat of this madness.
Information sharing can be a crucial element of cybersecurity, but for
legislation addressing this area, the devil is very much in the details, and
the lack of details in CISPA is an invitation to possible privacy disasters.
To the extent that cybersecurity threats do exist, the desire to quell them
must not be permitted to run slipshod over our personal privacy, liberties,
and associated protections in existing laws.
We can work together to help protect ourselves from actual cyber threats,
without allowing ourselves to become cyber schnooks in the process.
Date: Sun, 15 Apr 2012 09:51:37 -0700
From: Lauren Weinstein <laurenvortex.com>
Subject: Web freedom faces greatest threat ever, warns Google's Sergey Brin
"The principles of openness and universal access that underpinned the
creation of the Internet three decades ago are under greater threat than
ever, according to Google co-founder Sergey Brin. In an interview with
the Guardian, Brin warned that there were "very powerful forces that have
lined up against the open Internet on all sides and around the world. I am
more worried than I have been in the past it's scary." He said the threat
to the freedom of the Internet came from a combination of governments
increasingly trying to control access and communication by their citizens,
the entertainment industry attempting to crack down on piracy, and the
rise of "restrictive" so-called walled gardens such as Facebook and Apple,
which tightly controlled what software could be released on their
platforms." http://j.mp/IJN8Z1 (Guardian)
I agree 100% with Sergey. And regardless of how you personally feel
about Google, to try deny the truth of his remarks is beyond foolish.
Date: Wed, 11 Apr 2012 11:24:11 -0400
From: ACM TechNews <technewsHQ.ACM.ORG>
Subject: DARPA Challenge Seeks Robots to Drive Into Disasters
Excerpted from ACM TechNews, Wednesday, April 11, 2012
Read the TechNews Online at: http://technews.acm.org
J. Nicholas Hoover, DARPA Challenge Seeks Robots to Drive Into Disasters,
*Information Week* 10 Apr 2012
The U.S. Defense Advanced Research Projects Agency (DARPA) announced the
Robotics Challenge, which will offer a $2 million prize to anyone who can
build a robot capable of navigating disaster-response scenarios and using
human devices that range from hand tools to vehicles. The challenge aims to
improve the ability of robots to navigate rough terrain at disaster sites,
operate vehicles, and use common tools, as well as to make robot hardware
and software development more accessible. As part of the challenge, robots
will be required to complete several discrete tasks, including traveling
across rubble, removing debris from a blocked entryway, climbing a ladder,
and entering and driving a car. DARPA says it will provide "a robotic
hardware platform with arms, legs, torso, and head" to some entrants,
although robots in humanoid form are not required to enter the challenge.
"For robots to be useful to [the U.S. Department of Defense], they need to
offer gains in either physical protection or productivity," notes DARPA's
Kaigham Gabriel. DARPA's announcement says the "proposed research should
investigate innovative approaches that enable revolutionary advances in
science, devices, or systems." The challenge will take place in two phases
and will finish at the end of 2014.
Date: Tue, 17 Apr 2012 10:56:34 -0700
From: Lauren Weinstein <laurenvortex.com>
Subject: Walled gardens look rosy for Facebook, Apple -- and would-be censors
Battle for the Internet:
Walled gardens look rosy for Facebook, Apple - and would-be censors
Zittrain's real worry is that "the personal computer is dead". His
conclusion is a call to arms: "We need some angry nerds" - people capable
of breaking out of the walled gardens. Indeed, the US government has
found some: it has backed projects such as "the Internet in a suitcase",
which could set up a telecommunications network inside a country separate
from the existing infrastructure. Zittrain acknowledges such projects,
but for the wider world, he says, "convenience is great. I wouldn't call
for a return to the green blinking cursor of [Microsoft's pre-Windows]
MS-DOS or the [text-based] Apple II. But we should build architectures
that permit innovation and experimentation if consumers wish to go
Date: Thu, 12 Apr 2012 11:01:45 +0100
From: Martin Ward <martingkc.org.uk>
Subject: Re: Unraveling a massive click fraud scheme (NNSquad)
Panos Ipeirotis writes at the end of his dissection of the click fraud scheme:
"The guy essentially realized that this type of fraud is really behaving like
a parasite within a much bigger ecosystem."
Given that the entire advertising industry is itself a parasite,
this makes the guy a parasite on a parasite: which is probably a good thing!
Is it really "fraud"? Only in the same sense that running Adblock Plus
is fraud, or recording the programmes I want to watch and editing out
the adverts before I watch them is fraud. What about going
to the kitchen to get a drink when the adverts are on? Or just not paying
attention to the adverts? Or paying attention but deciding not to buy
the goods advertised?
What is the worst that could happen? The collapse of the entire
advertising industry? And this would be a bad thing?
(Those worried about all the jobs that would be lost needn't worry:
they could all get jobs in the stone-throwing-and-reglazing industry,
with no loss to the economy as a whole).
STRL Reader in Software Engineering and Royal Society Industry Fellow
Date: Mon, 16 Apr 2012 08:42:58 -0700
From: Gene Wirchenko <genewocis.net>
Subject: "Did first DDOS attack sink the Titanic?"
Did first DDOS attack sink the Titanic?
Well maybe not. But overstressed wireless operators inundated with
personal messages played a critical role on the night of the tragic sinking.
4/13/2012 10:12:00 AM By: Sharon Gaudin
Date: Mon, 6 Jun 2011 20:01:16 -0900
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribecsl.sri.com or risks-unsubscribecsl.sri.com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
The full info file may appear now and then in RISKS issues.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact <Lindsay.Marshallnewcastle.ac.uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risksCSL.sri.com with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
is no longer maintained up-to-date except for recent election problems.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
End of RISKS-FORUM Digest 26.79