FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at http://www.risks.org as
The current issue can be found at
Niagara-Mohawk power grid overload causes major outages
Pilot fixes faulty jet (Chuck Weinstock)
ATM scam netted $620,000 Australian (John Colville)
Credit-card theft spam (Drew Dean)
New worm targets Microsoft security site (NewsScan)
Blaster worm analysis (Monty Solomon)
CERT Advisory CA-2003-20 W32/Blaster worm (Monty Solomon)
DCOM worm analysis report: W32.Blaster.Worm (Dave Ahmad)
FBI enters investigation of Blaster (NewsScan)
Re: Software patching gets automated (Fuzzy Gorilla)
Hidden risks: location dependence (Fuzzy Gorilla)
Another variant on deceptive URLs (Geoffrey Brent)
Risks of globally filtering mail to IT and security staff (Aryeh Goretsky)
Denver school information system on the Internet (Dave Brunberg)
Biloxi schools have cameras in classrooms, pictures on Internet
(Carl G. Alphonce)
Beyond Fear, Bruce Schneier (PGN)
CFP: RFID Privacy and Security Workshop @ MIT (Simson L. Garfinkel)
Abridged info on RISKS (comp.risks)
Date: Fri, 22 Aug 2003 07:01:11 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Niagara-Mohawk power grid overload causes major outages
A grid overload just after 4pm EDT knocked out power in NY City, Boston,
Cleveland, Detroit, Toronto, and Ottawa, among many other cities, and
spanning New York, New Jersey, Vermont, Connecticut, Pennsylvania, Ohio,
Michigan, Ontaria, and parts of Quebec. Much of midtown NYC and Wall Street
were shut down. At least 10 major airports, causing schedule problems
across the country and abroad. Nine nuclear power plants were shut down.
Landline phones and cell circuits were severely affected, with extensive
traffic saturation even where battery backups were available. At least 50
million people were affected. 800 trapped-in-elevator rescues. For a
while, a lightning strike on the US side of Niagara Falls was reportedly the
trigger, and then attributed to a fire, although this morning the exact
cause is still mysterious -- with one power expert suggesting "somewhere in
the midwest". Terrorism is ruled out, but not apparently not yet
cyberactivity. All this supposedly happened in nine seconds, and yet the
cause is still unclear! (My summary is of course *not* a definitive
Once again this should certainly be instructive from a RISKS point of view.
Despite the experience gained from past power-outage propagations, plus the
unrelated but propagationally similar 1980 complete ARPAnet collapse and
1990 nationwide AT&T collapse, we still have a lot to learn. Each time we
get a widespread effect of this nature, the people who keep saying that this
kind of propagation is impossible get serious egg on their faces. Stay
tuned for more detailed analyses and more discussion of what it takes to
have seriously defensive/preventive design and implementation.
One quote from New Mexico governor Bill Richardson is intriguing: "We're a
superpower with a Third World grid."
Date: Tue, 12 Aug 2003 10:34:20 -0400
From: Chuck Weinstock <wein...@sei.cmu.edu>
Subject: Pilot fixes faulty jet
A pilot personally fixed a faulty plane stranded on Spain's Balearic island
of Menorca before getting weary British tourists to vote on whether they
wished to be flown home aboard the repaired jet. The incident occurred on 8
Aug 2003 after a Boeing 757 run by British tour operator MyTravel was found
to have a faulty onboard computer that insisted the aircraft was airborne
when it was in fact parked on the tarmac. Covered in oil after resetting a
sensor in the aircraft's nosewheel, the pilot asked passengers gathered in
the airport's terminal to raise their hands if they wished to board the
plane. In the end, only 13 of nearly 200 tourists decided to stay put.
[Source: AFP, 12 Aug 2003, from *The Times* (London); PGN-ed]
Date: Tue, 12 Aug 2003 08:56:06 +1000
Subject: ATM scam netted $620,000 Australian
ATM swipe-and-snap scam netted A$620,000, court told
Leonie Lamont, 12 Aug 2003, *Sydney Morning Herald*, 12 Aug 2003; PGN-ed
[$A620,000 is about $US400,000.]
In the first case of its kind in Australia, a man has pleaded guilty to
defrauding more than A$623,000 from bank customers by electronically spying
on them while they used ATMs. Kok Meng Ng, 29, a Malaysian, admitted in the
District Court yesterday to taking part in an elaborate scheme in which an
electronic skimming device and pin-head camera were planted in 36 ATMs in
Sydney. The skimming devices read the data on the magnetic stripe on
customer's cards, while the camera recorded the PINs as they were punched
in, beaming a signal that could be received up to 400 metres away.
On 64 occasions between May 2001 and November last year, Ng, who was in
Australia on successive tourist visas, transferred amounts of less than
A$10,000 to overseas accounts. Amounts over A$10,000 must be reported by
financial institutions. The court heard that among the incidents, the scam
was conducted on 15 Oct 2002 on a St George ATM in Darlinghurst, a Westpac
machine in Bondi Junction a day later, and, four days later, on a
Commonwealth Bank ATM in Chatswood.
The prosecutor, Sunil de Silva, said Ng was part of a gang that raided the
bank accounts of 315 people, generally withdrawing less than A$1000. Ng also
pleaded guilty to federal charges under the Financial Transactions Act. The
federal charges carry a maximum five year jail term, and the computer crime
charges a three year term. ...
Date: Thu, 14 Aug 2003 12:38:08 -0700 (PDT)
From: Drew Dean <dd...@csl.sri.com>
Subject: Credit-card theft spam
I've recently received a couple pieces of spam trying to induce me to give
out my credit-card number. One used a lot of artwork from PayPal, and even
the decidedly non-PayPal domain the form was submitted to, of course :-)) is
that I don't have a PayPal account.
Interestingly, neither spam used https to actually submit the form. This
makes one wonder about the RISK: what a machine to crack and to steal
credit-card numbers from! The operators of the scam can hardly go to law
enforcement, after all. The owners of the machine, if it's a Web-hosting
service, might be able to go to law enforcement, although it would rather
embarrassing for them.
Drew Dean, SRI International, Computer Science Laboratory
Date: Tue, 12 Aug 2003 11:19:20 -0700
From: "NewsScan" <news...@newsscan.com>
Subject: New worm targets Microsoft security site
A virus-like computer attack expected to infect hundreds of thousands of
computers worldwide is programmed to direct all infected computers to attack
the security-related Microsoft Web site www.windowsupdate.com, used by
millions of Microsoft users each week. The worm, variously called LoveSan,
Blaster and MSBlaster, is apparently similar in structure to the Code Red
virus that affected 300,000 computers two years ago; it targets a flaw in
Microsoft Windows operating systems, and is considered to be a worm type of
virus because it doesn't require computer users to open an e-mail attachment
or take any other action to spread automatically from computer to computer.
Home computer users who leave computers constantly online to the Internet
through DSL or cable are among those most at risk. [*San Jose Mercury News
11 Aug 2003; NewsScan Daily, 12 Aug 2003]
Date: Tue, 12 Aug 2003 15:02:01 -0400
From: "monty solomon" <mo...@roscom.com>
Subject: Blaster worm analysis
Blaster Worm Analysis
Release Date: 11 Aug 2003
Description: The Blaster worm uses a series of components to successfully
infect a host. The first component is a publicly available RPC DCOM exploit
that binds a system level shell to port 4444. This exploit is used to
initiate a command channel between the infecting agent and the vulnerable
target. Once the target is successfully compromised, the worm transmits the
msblast.exe executable (the main body of the worm) via TFTP to infect the
host. The payload used in the public DCOM exploit, as well as the TFTP
functionality, are both encapsulated within msblast.exe.
Date: Tue, 12 Aug 2003 15:05:56 -0400
From: "monty solomon" <mo...@roscom.com>
Subject: CERT Advisory CA-2003-20 W32/Blaster worm
CERT Advisory CA-2003-20 W32/Blaster worm
Original issue date: August 11, 2003
Last revised: August 12, 2003
A complete revision history is at the end of this file.
* Microsoft Windows NT 4.0
* Microsoft Windows 2000
* Microsoft Windows XP
* Microsoft Windows Server 2003
The CERT/CC is receiving reports of widespread activity related to a new
piece of malicious code known as W32/Blaster. This worm appears to
exploit known vulnerabilities in the Microsoft Remote Procedure Call
The W32/Blaster worm exploits a vulnerability in Microsoft's DCOM RPC
interface as described in VU#568148 and CA-2003-16. Upon successful
execution, the worm attempts to retrieve a copy of the file msblast.exe from
the compromising host. Once this file is retrieved, the compromised system
then runs it and begins scanning for other vulnerable systems to compromise
in the same manner. In the course of propagation, a TCP session to port 135
is used to execute the attack. However, access to TCP ports 139 and 445 may
also provide attack vectors and should be considered when applying
mitigation strategies. Microsoft has published information about this
vulnerability in Microsoft Security Bulletin MS03-026.
Lab testing has confirmed that the worm includes the ability to launch a TCP
SYN flood denial-of-service attack against windowsupdate.com. We are
investigating the conditions under which this attack might manifest itself.
Unusual or unexpected traffic to windowsupdate.com may indicate an infection
on your network, so you may wish to monitor network traffic.
Sites that do not use windowsupdate.com to manage patches may wish to block
outbound traffic to windowsupdate.com. In practice, this may be difficult
to achieve, since windowsupdate.com may not resolve to the same address
every time. Correctly blocking traffic to windowsupdate.com will require
detailed understanding of your network routing architecture, system
management needs, and name resolution environment. You should not block
traffic to windowsupdate.com without a thorough understanding of your
We have been in contact with Microsoft regarding this possibility of this
denial-of-service attack. ...
Date: Mon, 11 Aug 2003 15:36:24 -0600 (MDT)
From: Dave Ahmad
Subject: DCOM worm analysis report: W32.Blaster.Worm
A Bugtraq user has already pointed out that a worm has been
discovered in the wild that exploits the Microsoft Windows DCOM RPC
Interface Buffer Overrun Vulnerability (Bugtraq ID 8205) to infect
host systems. Symantec has been tracking its activity and is
currently conducting analysis/full disassembly of the malicious code,
which has been named "Blaster". The results of our analysis are
being made available to the public at the following location:
It is expected that this report will be updated frequently as more
information is discovered. Readers are advised to download/refresh
it throughout the day to ensure that any new information is not missed.
David Mirza Ahmad, Symantec
Date: Thu, 14 Aug 2003 08:46:52 -0700
From: "NewsScan" <news...@newsscan.com>
Subject: FBI enters investigation of Blaster
The FBI is investigating the origin of the malicious computer program
Blaster (also known as MSBlaster and LoveSan), which has already wormed its
way into more than 250,000 Internet-connected computers running Windows
software. Blaster has been infecting computers in organizations of every
kind (e.g, CBS, the Senate, and the Federal Reserve Bank of Atlanta) -- in
spite of the fact that computer experts say it's not well-written software.
Dan Ingevaldson of Internet Security Systems Inc. warns: "A better version
of this worm wouldn't crash any machines; it would work correctly every
time, move faster, and delete or steal its victims' files." [*The
Washington Post*, 14 Aug 2003; NewsScan Daily, 14 Aug 2003]
Date: Tue, 12 Aug 2003 12:23:22 -0400
From: "Fuzzy Gorilla" <fuzzyg...@euroseek.com>
Subject: Re: Software patching gets automated (RISKS-22.84)
In http://catless.ncl.ac.uk/Risks/22.84.html#subj11.1 Peter Neumann
speculates: "And when it is *fully* automated, think of how wonderful
it will be to have new Trojan horses and security flaws installed
instantaneously, without having to require human intervention.".
Even without Trojan horses and security flaws, it introduces yet another
point of failure into the system, as evidenced by the "Blaster" worm.
According to a New Scientist article "Computer worm attacks software patch
server" http://www.newscientist.com/news/news.jsp?id=ns99994046 :
After infecting a vulnerable computer, the worm is programmed to send a
volley of bogus traffic to Microsoft's software update service,
windowsupdate.com on 16 August. If enough machines are infected this will
overwhelm the site, preventing system administrators from using it to
download the software patches needed prevent other machines being
infected. "It's an extremely devious trick by Blaster's author," says
Graham Cluley, of UK anti-virus company Sophos. "Blaster attempts to knock
Microsoft's windowsupdate.com Web site off the Internet."
Date: Tue, 12 Aug 2003 13:03:31 -0400
From: "Fuzzy Gorilla" <fuzzyg...@euroseek.com>
Subject: Hidden risks: location dependence
Although this example comes from biology rather than computers, I think it
helps to point out the problem of hidden risks and the value of questioning
assumptions. Basically, a researcher was working on a study that showed a
strong link between cholesterol and an Alzheimer's like disease in rabbits --
until he changed the location of his lab.
Sparks has been working with rabbit models of Alzheimer's for years.
"Every time I ever fed a bunny cholesterol, I got Alzheimer's pathology,"
That is, until he moved to the Sun City lab.
"I said, 'Something is wrong. I go down into the vivarium (where lab
animals are kept) and the first thing I see is the wall being lined with
big blue bottles."'
It turns out the rabbits there were given distilled water, while all the
other research animals Sparks had worked with got tap water.
He analyzed the tap water from previous labs and found it contained
copper. When the rabbits at Sun Health were fed tap water, they also
developed Alzheimer's symptoms.
When Sparks added copper to the distilled water and gave the rabbits
cholesterol, they also developed Alzheimer's-like symptoms and brain
Just as in biological systems, computers and computer networks are very
complex and sometimes the variables are well hidden.
Date: Thu, 14 Aug 2003 09:51:46 +1000
From: Geoffrey Brent <g.b...@student.unsw.edu.au>
Subject: Another variant on deceptive URLs
Another refinement of the "please click this link and log into your
financial Web site" scam. This morning I got one purporting to be from
Westpac Australia. Obviously a fraud, since (a) legitimate institutions
don't do business that way, and (b) I don't have an account with them. But
it still took me a moment to see how this one worked.
The link given in the e-mail purported to be "https://olb.westpac.com.au"
(Westpac's online banking site). I was curious to see how this one worked,
so I did what I usually do with such hoaxes and ran the mouse over it. I
expected to see a completely different URL show up in the status bar, or
perhaps something along the lines of "...email@example.com" and
was rather surprised to see what looked to be a genuine Westpac URL,
differing only in being HTTP rather than HTTPS: http://olb.westpac.com.au/
-- which, although unencrypted, would still be owned by Westpac.
In fact, on looking closer, the _real_ URL is:
http://olb.westpac.com.au%20%20%20%20%[lots more space characters snipped]
The spaces ensure that the interesting bits in the link don't show up
onscreen, and since one doesn't expect to see spaces in URLs it wasn't
something I'd expected. (And yes, I missed the ... on the RHS of the bar
that indicated that there was more to follow). AFAICT, the http/s mismatch
is simply sloppiness on the culprit's part rather than a necessary part of
I can't be the first to point this out, but: having a character that is
visually indistinguishable from the absence of a character is in itself a
risk. Perhaps it would be useful for URL-display and similar outputs to use
a visible character to indicate spaces, as can be done with word-processors?
Date: Wed, 13 Aug 2003 02:43:40 -0600
From: Aryeh Goretsky <gore...@adelphia.net>
Subject: Risks of globally filtering mail to IT and security staff
Earlier this evening I received a message in my in-box advertising an
organic compound which, allegedly, would increase the dimensions of a
particular body part.
Such unsolicited messages are quite commonplace these days and a quick
perusal of the message header revealed nothing especially interesting about
What did surprise me, though, was the sender's choice of a falsified
return address from the americanexpress.com domain. Knowing financial
institutions are very sensitive to misuse of their names I forwarded a
copy to "ab...@americanexpress.com" with a self-explanatory subject and
a concise, one-line description of what the message was and I why I
had forwarded it.
I received the following automated reply (unimportant headers removed):
> Date: Sat, 09 Aug 2003 03:17:53 -0700
> From: no.r...@aexp.com
> To: "Aryeh Goretsky" <gore...@adelphia.net>
> Subject: Inappropriate Language Notification
> A communication sent from your e-mail account was
> intercepted and quarantined because it contained language
> deemed inappropriate for business communications. If
> you feel your message was quarantined in error,
> please contact the intended recipient.
> Sender: Aryeh Goretsky <gore...@adelphia.net>
> Subject: spam sent with forged address
> Date: 08/09/2003, 03:17:53 AM
> Policy: Inappropriate Language
As someone who provided technical support in the security field for a long
time I regularly received messages with "inappropriate" language in them,
usually in the form of messages contained in computer viruses, worms and the
like. As a security professional, I *needed* to know the exact message as
it appeared on-screen or embedded in a program in order to help isolate and
identify the problem.
Frankly, the idea of *not* being able to gather this information because
that someone, somewhere might see "inappropriate" language floored me.
I understand that large companies such as American Express cannot afford to
vet new IT hires, let alone existing ones, for a good organizational fit
which among other things includes not being offended by "inappropriate"
language, but the idea that someone whose job responsibilities may require
viewing such information and not being able to see it strikes me as willful
misconduct by whatever employee(s) came up with such a policy in the first
Perhaps organizations which perform such filtering should provide staff
whose job requirements required them to receive messages containing
"inappropriate" language with a waiver.
In the meantime, I can't help but wonder what would happen if someone
defaced one of American Express's web servers with a message containing
"inappropriate" language and none of their IT or security staff were able to
coordinate a response due to their internal communiques being rejected.
The *RISKS* seem obvious.
[... but not surprising. I have had so many such requests to sites
bounced for similar reasons. PGN]
[True, but I assume (with all problems thereof) a higher level of
accountability from the security/fraud unit of a financial institution.
Date: Thu, 14 Aug 2003 09:33:03 -0400
From: Dave Brunberg <DBru...@FBLEOPOLD.com>
Subject: Denver school information system on the Internet
I found this link to an article about Denver's "Internet Student Information
System," which offers parents (or anyone with a userid/password combo) to
view their children's (targets'?) whereabouts, grades, disciplinary records,
and demographic info online.
Teachers enter class attendance data into the system at the beginning of
each class, and "Almost on an hourly basis, a parent can find out if their
child is in a particular class. Most schools will stick to updating
attendance two or three times a day." "While the systems differ, they
share a concern for security with school-issued user IDs and passwords. "
"If [parents] want to participate, they must take a photo ID to the school
and then they are given a user ID and personal password. They have access
only to their children's information."
Sounds really secure, no? No word on the form of userid or password, or how
to change the password, etc., standard RISKs apply. Near the end of the
article, security and privacy issues are given a brief note:
"Like Castagna at Lakewood High, Bailey said no concerns have been raised
about privacy, and nobody's information has been hacked. David Craven,
Cherry Creek's director of instructional technology, said the systems use
the same safeguards as online banking. "People have an expectation to get
general information on the Web. It's just part of their lives."
"The value is contingent on how secure the database is," said Stephen
Keating, director of the Privacy Foundation at the University of
Denver. "If the school district thinks they've got it protected so that
only the parents or the student can get access to that student's
information, then it sounds viable." But, he cautioned, "just because you
think it's secure doesn't mean it is."
Mark Silverstein, legal director of the American Civil Liberties Union in
Denver, said, "If the information is only available to the parents of a
student, I don't see what the concern is about privacy."
I'll take a brief quote from that to look at again: "If the school district
thinks they've got it protected so that only the parents or the student can
get access to that student's information, then it sounds viable." Um,
shouldn't the district KNOW they've got it protected? Shouldn't they be
actively trying to crack the system? Maybe they can ask some of their
brighter 10th graders to try--that would probably open up some interesting
discussion when the results became known. Anyone want to take a bet on how
many Mountain Dews it takes to crack this one?
David W. Brunberg, Engineering Supervisor, The F.B. Leopold Company, Inc.,
227 South Division Street, Zelienople PA 16063 (724) 452-6300
Date: Wed, 13 Aug 2003 20:28:37 -0400
From: "Carl G. Alphonce" <alph...@cse.Buffalo.EDU>
Subject: Biloxi schools have cameras in classrooms, pictures on Internet
According to a CNN article
the Biloxi, Mississippi school district has put cameras in all of its
classrooms. The project was funded by casino revenues. Pictures taken by
the cameras are viewable on the Internet. If the article is correct, and
the images really are accessible from anywhere on the Net, the risks of
others viewing the pictures is real.
The article does not give much motivation for installing the cameras. It
states, "[Deputy superintendent] Voles said the camera installation is a
precaution, and that students and teachers have said they feel safer." The
potential for abuse and the potential chilling effect on the classroom is
left as an exercise for the reader. I wonder, might the introduction of
these cameras perhaps backfire, attracting those who seek publicity, since
they are guaranteed a record of their activities?
Carl Alphonce, Dept of Computer Science and Engineering
University at Buffalo, Buffalo, NY 14260-2000
Date: Fri, 15 Aug 2003 07:01:44 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Beyond Fear, Bruce Schneier
Beyond Fear: Thinking Sensibly about Security in an Uncertain World
Copernicus Books (a Springer-Verlag imprint)
Copernicus was a Polish astronomer who observed that the Earth rotates on
its axis and revolves around the Sun. That knowledge was absolutely
heretical at the time.
Bruce Schneier is a security guru who generally preaches common sense (a
common theme in RISKS, although common sense is apparently surprisingly
uncommon overall). In our time, common sense may seem absolutely heretical
to people other than those of us who try to practice it. Fortunately, RISKS
readers seem to be much more aware than nonreaders. For those of you who
think you believe in common sense, this book will strongly reinforce your
beliefs -- and will do so quite entertainingly. On the other hand, those
who do not actually practice what we preach here had better read Bruce's
book very carefully.
Date: Wed, 13 Aug 2003 20:05:19 -0400
From: "Simson L. Garfinkel" <s...@ex.com>
Subject: CFP: RFID Privacy and Security Workshop @ MIT
RFID PRIVACY AND SECURITY -- WORKSHOP @ MIT -- CALL FOR PARTICIPATION
Saturday, 15 Nov 2003, 10am - 4pm, Bartos Theater, MIT Media Lab, 20 Ames St.
Radio Frequency Identification technology is fast becoming a lightning rod
for consumer privacy activists. Is RFID destined to become the enabling
technology for massive state-sponsored surveillance, Big Brother's
"call-home" chip? Or is RFID really nothing more than a supply-chain
management technology, its dangers being over-hyped by alarmists who
fundamentally misunderstand the technology? One thing is sure: in the
absence of strong data, decisions are being made and the public is either
being poorly informed or intentionally misled.
Last year Benetton pulled back from a previously-announced RFID trial after
a consumer group announced a global boycott of the clothing manufacturer.
Can pressure from consumer groups effectively prevent the introduction of
RFID technology, or were other matters at work behind the scenes?
The goal of the RFID Privacy Workshop is to bring together RFID
technologists, boosters, critics, privacy activists and journalists
covering the space to establish some technical truths and a creating a
framework for understanding the growing body of RFID policy issues.
To register online and/or submit a paper by 15 Sep 2003, see
Date: 30 May 2003 (LAST-MODIFIED)
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. Alternatively, via majordomo,
send e-mail requests to <risks-...@csl.sri.com> with one-line body
subscribe [OR unsubscribe]
which requires your ANSWERing confirmation to majo...@CSL.sri.com .
If Majordomo balks when you send your accept, please forward to risks.
[If E-mail address differs from FROM: subscribe "other-address <x@y>" ;
this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
Lower-case only in address may get around a confirmation match glitch.
INFO [for unabridged version of RISKS information]
There seems to be an occasional glitch in the confirmation process, in which
case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
.UK users should contact <Lindsay....@newcastle.ac.uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
The full info file will appear now and then in future issues. *** All
contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line.
=> ARCHIVES: http://www.sri.com/risks
http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
http://www.csl.sri.com/illustrative.html for browsing,
http://www.csl.sri.com/illustrative.pdf or .ps for printing
End of RISKS-FORUM Digest 22.85