|
RISKS Digest 16.21
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
RISKS-LIST: RISKS-FORUM Digest Thursday 7 July 1994 Volume 16 : Issue 21
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for information on RISKS (comp.risks) *****
Contents:
Risks of REDIAL (via Lance Hoffman and others)
Online services taking big hits (Alan Wexelblat)
Tax Software to Avoid: CA Simply Tax (Smith Craig)
IRS SSN risks may abate (Michael Gerlek)
Re: Fraud on the Internet (Jeff Barber)
Signatures in electronic commerce (Mich Kabay)
Re: Scary (Peter J. Denning)
Just the Facts, Ma'am (AI to screen bad from good cops) (David Honig)
Re: Video cameras in City Centres (Robert Allen)
Digitized CC Signatures (Eric Richards)
Re: Shopping Risks... (Jane Anna LANGLEY)
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
----------------------------------------------------------------------
Date: Thu, 7 Jul 1994 09:53:59 -0400 (EDT)
From: "Lance J. Hoffman" <[email protected]>
Subject: Risks of REDIAL
[via various intermediaries... PGN]
WIRES CROSS AS LOVERS DIAL M FOR MOTHER
LONDON, July 2 (Reuter) - A terrified British mother put police on red alert
after mistaking the sound of lovemaking for a cry for help from her daughter.
*The Independent* newspaper said on [July 2] that two accidental phone calls
woke the woman in Devizes, southern England, in the small hours of the
morning. Hearing moaning, groaning and shouting, she dismissed the first as
an obscene call, but in the second she recognised her daughter crying: "Oh my
God," and heard a man's voice.
Convinced her daughter was being attacked in her bedroom 100 miles (160 km)
away, she dialed the emergency number 999 and a police squad sped to the
daughter's home to investigate. "Officers rushed round and found she wasn't
being attacked -- in fact she was quite willing," a police spokesman said.
"They explained that during the moments of passion one of the couple
accidentally pushed the last-number redial button on the bedside telephone
with a toe. Unfortunately on both occasions it was the girl's mother's phone
number," he said. "This is a warning for other people -- if you're going to
indulge in this sort of thing, move the phone."
The mother and daughter have apologized to police for the confusion.
[Reach out and toe someone? This gives new
meaning to "having your buttons pushed".
And the mother was left to her own Devizes. PGN]
------------------------------
Date: Wed, 29 Jun 94 12:15:22 -0400
From: "Alan (Miburi-san) Wexelblat" <[email protected]>
Subject: Online services taking big hits
On Saturday night, during Game 6 of the Stanley Cup Finals on ESPN, a
commercial for the Prodigy on-line computer service came on. They were
talking about how great the hockey game was, but it didn't compare to the
excitement available on Prodigy. They cut to the computer screen showing
Prodigy, and all of the sudden a big window came up on the screen, saying
"COMMUNICATION ERROR". Users of Prodigy say that when that happened, the
system locked up for almost a minute, then their screen went completely
blank. ESPN quickly cut away to another commercial.
The curse of the live demo!
On another ranch, AOL managed to get its main server building flooded,
knocking out the whole network for hours and denying email service for hours
more after that. No word yet on lost data... [You'd think after the mess
in Chicago a few years back they'd've learned something.]
--Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard, Media Lab
Advanced Human Interface Group [email protected] 617-258-9168
------------------------------
Date: 1 Jul 1994 16:42:38 U
From: "Smith Craig" <[email protected]>
Subject: Tax Software to Avoid: CA Simply Tax
This time of year, taxes are far from mind. That is until I received a letter
from the IRS stating that I had incorrectly figured the credit for child care
expenses on my 1993 return. This is the first year my tax preparer, an
enrolled agent (EA), used the 1040PC format: only the necessary lines are
printed without descriptive text. My EA checked and reports that the software,
Simply Tax by Computer Associates (CA) of MD, carried the incorrect figure to
line 4 of form 2441. To my surprise, he said there were a number of such bugs
resulting in incorrect line transfers on other forms, but he corrected them
manually. What's the point of software that's automatically wrong?
Interestingly, the software can print either the 1040PC version or a graphic
facsimile of the IRS forms. When the graphic facsimile was printed, Simply Tax
calculated a second _different_ set of incorrect numbers. I would have assumed
the program implemented a single algorithm, with different output options. It
now appears that the software implements independent (and different)
calculations, depending on which output format is selected! This complicates
the debugging task.
The RISK? Aside from reliance on software that is revised every year (never
debugged?), the 1040PC version threatens to further obfuscate our tax system
and create a new elite of tax preparers. Since I have my taxes prepared
professionally, the IRS no longer sends the forms and instructions. How
comfortable will I be signing next years 1040PC, which I can not decipher, in
the face of suspected bugs? The IRS is moving away from graphic facsimiles, so
that may no longer be an option. In future, expect to file taxes by hand,
1040PC, or electronically. Graphic facsimiles will be allowed only if
identical to the IRS form including the color of the ink (you'll need a full
color printer).
My EA believes that the programmer was not a tax expert. Unlike straight line
programming, tax forms have backwards references (to whit, my incorrect
transfer from line 25 to line 4 on the same form). He suggests tax software be
tested by former IRS agents with experience preparing taxes for the public
(there are many such qualified individuals).
The IRS, with uncharacteristic understanding, is requiring only the tax and
interest, waiving the penalty for an "honest" error. Have they recognized a
software bug? My EA insisted on paying the interest (a paltry 0.5% per month).
Apparently there is a preparer's code covering this. CA, on the other hand,
is under no such obligation. In most industries, a defective product is
exchanged, refunded or repaired by the seller. With the short use life of tax
software, CA assumes no such liability. According to one theory, profits are
maximized when the cost of quality assurance equals the cost of defective
returns. When there is no cost to the seller for defects, quality will be
minimized :-(
Craig A. Smith, Solid State Electronics Center, Honeywell Inc., 12001 State
Hwy 55 Plymouth, MN 55441-4799 (612)954-2895 [email protected]
[By the way, the IRS endorses none of the tax preparation programs,
and is not responsible for any errors they may cause. PGN]
------------------------------
Date: Wed, 6 Jul 94 13:13 PDT
From: gerlek@cse.ogi.edu (Michael Gerlek)
Subject: IRS SSN risks may abate
>From the Wall Street Journal, 6 Jul 94 (pg A1, col 5):
IRS officials are considering removing Social Security numbers from
the mailing labels taxpayers stick on their returns. The reason:
"Some concerns about privacy," an IRS spokesman says.
-[mpg] gerlek@cse.ogi.edu
[Good news! I raised that topic along with some related problems raised
by RISKS readers (such as the amount of the check peeking through the
envelope window) at my IRS Commissioner's Advisory Group meeting in DC
three weeks ago. I'm delighted to see a speedy reaction! PGN]
------------------------------
Date: Wed, 6 Jul 1994 09:03:50 -0400 (EDT)
From: Jeff Barber <jeffb@sware.com>
Subject: Re: Fraud on the Internet (Kabay, RISKS-16.19)
>[Comment from Michel E. Kabay:]
>[...] perhaps these frauds will eventually lead to requirements for
>effective identification and authentication of users. Ultimately, it would be
>helpful to see non-repudiation as a feature of all electronic communications.
>For the time being, caveat lector.]
I find it distressing though not necessarily surprising that Dr. Kabay
would "solve" this "problem" by requiring more stringent I&A. My own
reaction was that the "unscrupulous" investors got exactly what they
deserved. Do we really need to require users to show their identification
papers before they can participate on the Internet?
Jeff Barber jeffb@sware.com
------------------------------
Date: 05 Jul 94 23:26:34 EDT
From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
Subject: Signatures in electronic commerce
[Ben Wright, an attorney teaching the online seminar on The Law of Electronic
Commerce in the NCSAFORUM of CompuServe, has granted permission to post the
following article on signatures. I recommend that it be posted in RISKS
because it addresses assumptions about the need for non-repudiation of
contracts--an area which has been fuzzy for many of us. I hope it will be as
useful for others as it has been for me. --MK]
<<begin article>>
THE VERDICT ON PLAINTEXT SIGNATURES: THEY'RE LEGAL
Summary: Contrary to conventional wisdom, commercial law generally does not
require that a signature be "secure" to be legally effective. That is good
news for e-mail, and electronic commerce in general.
By Benjamin Wright
According to the digital cognoscenti, the only legally effective way to sign
an e-mail message is to run it through a cryptographic algorithm (such as that
for DES or RSA), compute a mathematically unique authentication code,<1> and
append it to the message. But if that's true, it will be many years before
real (legal) electronic commerce comes to e-mail users because very few people
authenticate their e-mail with cryptography.
But fortunately, that reading of the law is not true. Many business e-mail
users already practice electronic commerce. What's more, the law should
generally recognize and enforce it.
Forming Contracts
In commerce the central transaction is the contract. Classically speaking, a
contract is born any time an offer (e-mail from Joe Nightclub owner: "Will you
make me three custom discs for $1000 and deliver next week?") meets acceptance
(e-mail from Artist: "Yes!"). Once a contract is formed, the law gives one
party a remedy if the other backs out.
The orthodox view is that a simple, wholly plaintext e-mail contract cannot be
enforced because it is not signed in a secure way and it will be impossible to
prove in court. This excerpt from a popular magazine exemplifies the
orthodoxy:
[C]onsider an attempt to create an enforceable contract by
exchanging an E-mail offer and acceptance. In the real world,
exchanging letters of offer and acceptance does create an
enforceable contract (assuming something of value is also
eventually exchanged). Unfortunately, without authentication
techniques (e.g., digital signatures), E-mail agreements are
probably unenforceable in court. Under legal rules governing
evidence and contracts, it's hard to prove the existence of a
contract based on E-mail; fabricating an E-mail message is
just too easy.<2>
With all professional respect to the author of this passage, I disagree. The
orthodoxy is wrong.
Many types of contracts do have to be signed, says a law called the Statute of
Frauds (which dates back to Seventeenth Century England),<3> but that law is
admirably liberal in its use of the term _signed_. One signs a document when
he adopts a symbol (any symbol) on the document as his signature. A signature
need not be in ink; it need not be an autograph; and it need not be the least
bit secure against forgery. Remember the illiterate geezer in the western
movies who couldn't write his name? He just marked an X on the document. The
law recognizes that X as his signature.
A signature can be the ASCII characters "Joe Nightclub" appearing in plaintext
in the From line of an e-mail message. "Joe Nightclub" need not even be the
sender's real name. What is important is not the nature of the symbol Joe
uses to identify himself, but rather the intent behind the symbol. If Joe
intends the characters to be a token of his responsibility, then they are his
signature. When Joe sends e-mail offering to buy discs, he intends the
characters in the From line to show he is responsible for the message and the
consequences that flow from it. If that's not his intent, what is it?
Along with Canada, Australia and many other countries, the United States
inherits the common law tradition of ancient England -- a set of living,
breathing principles that are more limber than you might think. The common
law, being the law of the leading industrial civilization over the past
several centuries, has ample experience negotiating waves of new technology --
handwriting, printing press, typewriter, telegraph, telephone, telex, fax --
and it is today suffering no particular problems digesting e-mail as a medium
for transacting commerce.
Given how many thousands of courts and judges there are, it is possible that
the odd one will disagree with my reading of the law. If this worries you
(and those conducting more valuable transactions might be worried), you can
minimize the risk by insisting that the e-mail sender include a statement that
his name in the e-mail is his signature. This makes it very difficult for him
later to claim in court that his name, written in plaintext, is not his
signature.
Proving It
"But wait!" cry the advocates of cryptographic authentication. You can't
prove that e-mail came from Joe Nightclub. Anyone could have sent it. The
Artist herself could have fabricated it.
True. You can write e-mail and make it appear to come from someone
else. You can easily send e-mail from an address opened under a
false name. But just as you can send fake e-mail, so you can send
fake letters, telegrams, telexes, and faxes.
Nonetheless, regardless of the medium through which a business
message is carried, the origin and genuineness of the message can
usually be proven in court. Rarely are they proven from the
signature that happens to be attached to the message (or document),
despite what you may think from watching _Perry Mason_. Much more
often, origin and genuineness are determined in court from all the
facts and circumstances that surround the message -- the full
relationship of the people involved.
We don't do business in vacuums. We do business based on
relationships. When the Artist receives e-mail from Joe Nightclub,
she wants to learn more before she parts with her precious discs.
If she's never dealt with this customer before, she's going to
check the guy out: call him on the phone, go meet him, ask for
references, or ask for advance payment. Lest she be a fool, the
Artist wants to collect evidence that this is a bona fide customer
who is very likely to pay as promised.
All the mundane facts and circumstances she collects can be,
through testimony and otherwise, used in court to lend credence to
Joe's e-mail. Sure, there will be disputed evidence. And under no
circumstances are the judge and jury guaranteed to believe that any
given message is genuine. But that is just the way commercial law
works. Proving things in law is much more sloppy than proving
things in science.
Forgeries
A supposed virtue of paper over e-mail as a legal medium is that it
is hard to make inconspicuous changes to paper, whereas plaintext
ASCII can easily be changed. Upon receipt of Joe's e-mail offering
$1000, the Artist could change it to say the offer is for $2000.
If she took this e-mail to court, there would be no way to tell
from the face of the message whether it originally said $1000 or
$2000.
Yet paper suffers the same infirmity. If the Artist receives a
letter from Joe offering $1000, she could rip it up and write a
replacement, offering $2000, on a sheet of cheap, fake letterhead.
She could then scribble something that purports to be Joe's
handwritten signature. Later, a court could not tell from the face
of the document whether Joe did or did not send it. Although Joe
would repudiate it, sternly declaring that neither the letterhead
nor the signature is his, the Artist would swear that this is
indeed the letter she received. If this is not Joe's normal
letterhead and signature, she'd contend, then Joe must have sought
to deceive her, and the court, by sending an offer using unusual
letterhead and signature. Although the Artist would be lying, the
court would not know it just from inspecting the letter.
Indeed, we can play the same authentication games with paper that
we can with plaintext e-mail. When you receive a paper letter in
the mail, bearing what looks to be an original autograph, you have
no technical proof of its origin. Neither do you have technical
proof of origin when you get a telegram or telex (unless you
require it be authenticated with a cipher code, which is rarely
done). So the reality is that routine business communications are,
and have always been, risky. Still, business traders seem to have
compensated for this risk.
Cryptography's Role
Don't misunderstand. I'm not denigrating cryptography as a means
for ensuring the authenticity of messages or denying its rightful
role in electronic commerce. Just as the engraved and magnetized
paper used for currency is necessary for financial transactions in
the world of paper, so cryptographic authentication is needed for
electronic funds transfers. But just as we don't securely engrave
and magnetize the pulp on which we write business letters and
contracts, so we don't need to cryptographically authenticate most
of our business e-mail.
Sure, if you use e-mail for business you should keep complete
records, and the more secure the records, the better. Consult your
own lawyer. If you work for a large organization, records can be
secured by placing them under the control of an independent
department (e.g., internal audit).<4> But if you work solo, you
can just establish a routine for making a log of business messages
on your PC. Yes, someone could claim you falsified your log. But
if you faithfully keep the log as a regular business practice, you
can, if ever called to court, confidently vouch for the integrity
of your records, and your story will more likely jibe with the
ambient facts and circumstances.
It is ironic that some of the most ardent champions of e-mail are
so quick to assume that plaintext e-mail is somehow deficient. If,
as they suggest, it is necessary to use fancy cryptographic methods
to make e-mail legal, then they ask much more of digital media than
we do of its predecessors.
=========
NOTES:
<1> The proponents of cryptography often refer to unique
authentication codes as "message authentication codes" or "digital
signatures." These are streams of scrambled numbers that, when
unscrambled using the necessary cryptographic keys, give
mathematically supportable evidence as to who created a message and
whether the message has changed. See Larry Oyama, "Using
Encryption and Authentication for Securing Data," EDI Forum,
Special Edition on EDI Legal and Audit Issues (1992) p. 111.
<2> Victor J. Cosentino, Virtual Legality, BYTE (March 1994) p.
278.
<3> For example, the statute of frauds, as rendered in Section 2-
201 of the Uniform Commercial Code, says that a contract for the
sale of goods worth $500 or more is generally not enforceable
unless it is supported by a "writing" that is "signed."
<4> See, Benjamin Wright, The Law of Electronic Commerce (Boston:
Little, Brown and Company) Section 6.4.
============
Benjamin Wright ([email protected]) is a Dallas-based attorney and
author of _The Law of Electronic Commerce: EDI, Fax and E-mail_.
He is the instructor for a series of "virtual" seminars on the law
of electronic commerce, sponsored by the National Computer Security
Association (75300.2557@compuserve.com or (800) 488-4595). These
seminars will be delivered via online computer conference.
This article provides general information and is not legal advice
for any specific situation. The formation of contracts is
inherently risky, and this article does not advise which level of
risk is appropriate for you. If you plan to conduct legal
transactions, you should consult your own attorney.
Copyright © 1994 by Benjamin Wright. All Rights Reserved. This
article may be reprinted or redistributed as a whole, but only with
the above information.
<<end article>>
Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn
------------------------------
Date: Wed, 6 Jul 94 15:34:19 EDT
From: pjd@cne.gmu.edu (Peter J. Denning)
Subject: Re: Scary (Horning, RISKS-16.19)
Political prevarication is part of the scene, unfortunately, and part of the
reason that politicians are finding themselves faced with term-limit referenda
around the country. (I support those movements.) At the same time, I am not
"scared" by the prospect that Perot (or any other) might tell me "promises"
that are tailored for me and antithetical to the "promises" that he makes to
you. Why? The same technology that enables him to do that enables him to be
revealed. Many of the people who get such tailored notes are going to compare
notes on public bulletin boards. Prevarications, if they exist, will be
instantly revealed and the candidate discredited. This will help prevent them
from getting elected. Let them reveal their stripes early, I say. Let the
prevaricators be detected before election, not after.
Peter
------------------------------
Date: Wed, 06 Jul 1994 13:08:00 -0700
From: David Honig <[email protected]>
Subject: Just the Facts, Ma'am (was Re: AI to screen bad from good cops)
In Volume 16 : Issue 20 : [email protected] (Piers Thompson) worries about the
legal implications of screening cops for attributes shared with bad cops, when
attributes include race and gender.
In machine learning work I once came across, techniques that automaticly build
decision processes were applied to known data to estimate students' expected
performance in college. These techniques find the most
information-theoreticly useful attributes and use these to sort new instances.
It turned out that race was found to be a very useful attribute in making
predictions in this domain, but for political reasons the decision process had
to be doctored to exclude this.
I think similar things have been found in financial areas, eg., predicting
loan defaults.
(NB: Since present politics allows age and geographical discrimination, auto
insurance companies can and do use these properties in their assessments.)
------------------------------
Date: 6 Jul 1994 20:24:40 GMT
From: [email protected] (Robert Allen)
Subject: Re: Video cameras in City Centres (RISKS-16.20)
An interesting report. Even more interesting to me because I first read about
the efforts to instrument society w/ video cameras in a comic book about 5
years ago, and the comic had been written at least 10 years ago. For those
interested in seeking it out, the comic was a limited series (perhaps 10
issues) called V for Vendetta. It was written by an English author (I believe
it was Alan Moore) who had a 1 page editorial in one of the issues wherein he
decried the slide of English society into what he saw as facism. In his
preface he wrote that he hoped to get himself and his family out of England as
soon as possible because of what he saw happening to society. I believe he
specifically mentioned TV cameras on street corners, and these were definitely
central to the story. They also had audio pickup capability, and vandalizing
them was a capital crime. The story dealt with how the English gov't became
facist after a 3rd world war. "V" is a lone hero (?) who bucks the system,
assassinating various gov't figures, with an ending I won't spoil for you.
Life imitates art. The complete series is available at any decent comic book
store (check your yellow pages) or even a large book store, in bound, graphic
novel format.
Robert Allen, [email protected]
------------------------------
Date: Wed, 6 Jul 94 13:29:03 PDT
From: Eric Richards <[email protected]>
Subject: Digitized CC Signatures
While buying a bag of cat food at a local PetCo, I was asked to sign my
credit card receipt upon the machine that printed the receipt out. After the
receipt was torn from the machine, I noticed that I had written my signature
on a rubber pad of some sort. I asked the young lady what exactly this was.
She then went into a cheerful explanation of this machine, showing me how
it keeps a low resolution digitized "picture" of the customer's signature.
She put it into test mode and had it print her signature back out.
Her final comment raised my eyebrows: the full system will simply digitize
the customer's signature and keep it as proof of purchase. No second copy at
all -- the customer keeps what the customer signs.
There are, however, a few bugs to fix first, she admitted.
I haven't seen discussion of this machine before and casual examination of
the machine didn't reveal the name of the company that makes it. I'm not
especially thrilled of the notion that someone can have a digitized version of
my signature. Does anyone else have information about the machine and/or
comments on risks of this CC machine's use?
------------------------------
Date: Fri, 1 Jul 1994 11:47:13 +1000
From: [email protected] (Jane Anna LANGLEY)
Subject: Re: Shopping Risks... (Banks, RISKs-16.18)
In Australia there is a code of practice for supermarkets that use scanners.
Here if the item scans at a price higher than the price shown on the shelf you
are entitled to receive that item free. If you are purchasing several of the
same item and this happens, you get one free and the rest at the lower price.
Of course supermarkets do not go out of their way to draw your attention to
this, although some state it on a tiny sticker at each checkout. A few months
ago an elderly couple who had some difficulty with English were ahead of me
in the checkout queue when one of their items scanned at a higher price they
complained, and the checkout operator's did not know about the code of
practice. I pointed out the store's stated policy to both the customers and
the operator, who then referred it to the supervisor.
If you want to avoid being ripped off at the checkout, find out if there is
such a code of practice in your area, and make sure your supermarket sticks
to it. If they don't, make a complaint or go someplace else.
Jane
------------------------------
Date: 31 May 1994 (LAST-MODIFIED)
From: [email protected]
Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
Undigestifiers are available throughout the Internet, but not from RISKS.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S.
users on .mil or .gov domains should contact <[email protected]>
(Dennis Rears <[email protected]>). UK subscribers please contact
<Lindsay.Marshall@newcastle.ac.uk>. Local redistribution services are
provided at many other sites as well. Check FIRST with your local system or
netnews wizards. If that does not work, THEN please send requests to
<[email protected]> (which is not automated).
CONTRIBUTIONS: to [email protected], with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS
MESSAGES in responses to them. Contributions will not be ACKed; the load is
too great. **PLEASE** include your name & legitimate Internet FROM: address,
especially from .UUCP and .BITNET folks. Anonymized mail is not accepted.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
ARCHIVES: "ftp crvax.sri.com<CR>login anonymous<CR>YourName<CR> cd risks:<CR>
Issue j of volume 16 is in that directory: "get risks-16.j<CR>". For issues
of earlier volumes, "get [.i]risks-i.j<CR>" (where i=1 to 15, j always TWO
digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory
and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye<CR>"
logs out. CRVAX.SRI.COM = [128.18.30.65]; <CR>=CarriageReturn; FTPs may
differ; UNIX prompts for username, password; [email protected] and
WAIS are alternative repositories. See risks-15.75 for WAIS info.
To search back issues with WAIS, use risks-digest.src.
With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html.
FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving
it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info
regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL
RISKS COMMUNICATIONS; as a last resort you may try phone PGN at
+1 (415) 859-2375 if you cannot E-mail [email protected] .
------------------------------
End of RISKS-FORUM Digest 16.21
************************
|
|
