• Risks Digest 31.95

    From RISKS List Owner@21:1/5 to All on Fri Jun 5 16:08:22 2020
    RISKS-LIST: Risks-Forum Digest Friday 5 June 2020 Volume 31 : Issue 95

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/31.95>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Lawsuit over online book lending could bankrupt Internet Archive
    (Ars Technica)
    MIT Researchers: If Chips Can't Get Smaller, Programmers Must Get Smarter
    (Srividya Kalyanaraman)
    Programming Languages: Rust Enters Top 20 Popularity Rankings for the First
    Time (Liam Tung)
    Pressure on ZOOM Mounts to Provide End-to-End Encryption (Politico)
    What does cyber-arms control look like? (Andrew Futter)
    Handcrafted phish emails (Dan Jacobson)
    Re: Misinformation About George Floyd Protests Surges on Social Media
    (Amos Shapir)
    Re: Australian Federal Government's automated debt recovery 'Robodebt' was
    illegal (Rodney Parkin)
    Re: REvil Ransomware Gang Starts Auctioning Victim Data (Paul Edwards) Surgisphere: governments and WHO changed Covid-19 policy based on suspect
    data from tiny US company (The Guardian)
    UK Failed to Conduct Data COVID Track/Trace Data Protection Impact
    (Politico)
    Re: Just Stop the Superspreading (Peter Ladkin, Henry Baker)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: June 5, 2020 at 14:18:40 GMT+9
    From: Dewayne Hendricks <dewayne@warpspeed.com>
    Subject: Lawsuit over online book lending could bankrupt Internet Archive
    (Ars Technica)

    Publishers call online library *willful digital piracy on an industrial
    scale*.

    Timothy B. Lee, Ars Technica, 1 Jun 2020

    <https://arstechnica.com/tech-policy/2020/06/publishers-sue-internet-archive-over-massive-digital-lending-program/>

    Four of the nation's leading book publishers have sued the Internet Archive, the online library best known for maintaining the Internet Wayback
    Machine. The Internet Archive makes scanned copies of books -- both public domain and under copyright -- available to the public on a site called the
    Open Library.

    "Despite the Open Library moniker, IA's actions grossly exceed legitimate library services, do violence to the Copyright Act, and constitute willful digital piracy on an industrial scale," write publishers Hachette, HarperCollins, Wiley, and Penguin Random House in their complaint. The
    lawsuit was filed in New York federal court on Monday.

    For almost a decade, the Open Library has offered users the ability to
    "borrow" scans of in-copyright books via the Internet. Until recently, the service was based on a concept called "controlled digital lending" that mimicked the constraints of a conventional library. The library would only "lend" as many digital copies of a book as it had physical copies in its warehouse. If all copies of a book were "checked out" by other patrons,
    you'd have to join a waiting list.

    In March, as the coronavirus pandemic was gaining steam, the Internet
    Archive announced it was dispensing with this waiting-list system. Under a program it called the National Emergency Library, IA began allowing an unlimited number of people to check out the same book at the same time --
    even if IA only owned one physical copy.

    Before this change, publishers largely looked the other way as IA and a few other libraries experimented with the digital lending concept. Some
    publishers' groups condemned the practice, but no one filed a lawsuit over
    it. Perhaps the publishers feared setting an adverse precedent if the courts ruled that CDL was legal.

    But the IA's emergency lending program was harder for publishers to
    ignore. So this week, as a number of states have been lifting quarantine restrictions, the publishers sued the Internet Archive.

    In an email to Ars Technica, IA founder Brewster Kahle described the lawsuit
    as "disappointing."

    "As a library, the Internet Archive acquires books and lends them, as
    libraries have always done," he wrote. "Publishers suing libraries for
    lending books, in this case, protected digitized versions, and while schools and libraries are closed, is not in anyone's interest."

    The publishers have a pretty strong case.

    The publishers' legal argument is straightforward: the Internet Archive is making and distributing copies of books without permission from copyright holders. That's generally illegal unless a defendant can show it is
    authorized by one of copyright law's various exceptions.

    Legal experts tell Ars that the Internet's Archive's best response is to
    argue that its program is fair use. That's a flexible legal doctrine that
    has been used to justify a wide range of copying over the decades -- from recording television broadcasts for personal use to quoting a few sentences
    of a book in a review. Most relevant for our purposes, the courts have held that it is a fair use to scan books for limited purposes such as building a book search engine.

    When considering a fair use claim, courts consider several factors,
    including the impact of the use on the market for the original work. A book search engine, for example, is not a substitute for reading books but,
    rather, helps readers find new books they might want to buy. This is one of
    the reasons the courts found that book scanning for a search engine was
    legal under fair use.

    But it's harder to come up with compelling arguments that the Internet Archive's open-ended lending program is fair use.

    James Grimmelmann, a copyright scholar at Cornell University, told Ars that
    he is withholding judgment until he sees the Internet Archive's
    response. However, he said, "it seems like the publishers have a pretty
    strong case."

    "I think there are arguments for fair use, but they're not terribly strong arguments," he said in a Monday phone interview.

    A pandemic exception?

    The Internet Archive would have had a stronger argument if it had continued
    to limit the number of copies that could be lent out. In that scenario, IA could argue that the program's impact on the market was little different
    from a conventional library.

    Obviously, a patron who checks out a book from a library is less likely to purchase a copy, undermining the market for the book. On the other hand, libraries themselves buy many books -- and the more popular a book is, the
    more copies libraries must buy. So the overall impact of libraries on demand for books is not clear.

    But once the IA stopped buying a copy of a book for every copy it lent out, this argument became a lot weaker. An institution like IA can buy a single
    copy of a book and then "lend" it to dozens, hundreds, or thousands of
    people at the same time. There's little doubt that this has a negative
    impact on the market for new books.

    Instead, the Internet Archive will likely need to make a more novel argument
    -- that the unique circumstances of a pandemic justifies allowing types of infringement that would be clearly illegal at other times. Grimmelmann
    wasn't able to identify any other cases where courts have made that kind of leap.

    ------------------------------

    Date: Fri, 5 Jun 2020 12:14:15 -0400 (EDT)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: MIT Researchers: If Chips Can't Get Smaller, Programmers Must Get
    Smarter (Srividya Kalyanaraman)

    Srividya Kalyanaraman, American Inno, 4 Jun 2020,
    via ACM TechNews, 5 Jun 2020

    Researchers at the Massachusetts Institute of Technology (MIT) suggest the approaching limits of chip miniaturization require future increases in computing power to come from software, algorithms, and specialized
    hardware. MIT's Neil Thompson said shrinking processors has been the
    standard approach to growing computer performance for decades, "but the
    nature of computer processing is changing." Performance extension has long relied on generic hardware and specialized software, but Thompson suggested
    it may prove more economical to design hardware for executing particular
    tasks, even if speed and other factors must be compromised. He added that
    such an approach initially will be applicable to specific areas like supercomputing and quantum computing. https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-25778x222bb6x066701&

    ------------------------------

    Date: Fri, 5 Jun 2020 12:14:15 -0400 (EDT)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: Programming Languages: Rust Enters Top 20 Popularity Rankings for
    the First Time (Liam Tung)

    Liam Tung, ZDNet, 2 Jun 2020 via ACM TechNews, 5 Jun 2020

    The Rust programming language has cracked the top 20 rankings of the Tiobe popularity index for the first time, amid growing interest in using it for systems programming to build major platforms. Microsoft is considering Rust
    for Windows and Azure, aiming to eliminate memory bugs in code authored in C and C++; Amazon Web Services is using Rust for performance-sensitive
    elements in Lambda, EC2, and S3. Tiobe ranked Rust in 20th place this year versus 38th last year, and although this does not mean more people are using Rust, it demonstrates that more developers are searching for information
    about the language. Tiobe software CEO Paul Jansen credited Rust's ascension with being a systems programming language that is "done right." He said,
    "All the verbose programming and sharp edges of other languages are solved
    by Rust while being statically strongly typed," which "prevents run-time
    null pointer exceptions, and memory management is calculated compile-time." https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-25778x222bb7x066701&

    ------------------------------

    Date: 5-Jun-2020 15:48:13-GMT
    From: "Peter G. Neumann" <neumann@csl.sri.com>
    Subject: Pressure on ZOOM Mounts to Provide End-to-End Encryption (Politico)

    Zoom is facing more pressure to expand its use of end-to-end encryption to
    free accounts, which it has said need to be accessible to law enforcement.
    On Thursday, Consumer Reports called on Zoom to change course. ``Privacy is
    a right, not a luxury. If Zoom has the technical capacity to safeguard conversations with end-to-end encryption, it should offer the same
    protections for all its users,'' Justin Brookman, Consumer Reports' director
    of privacy and technology policy, said in a statement. Other popular conferencing platforms like Verizon's BlueJeans, Google's Meet and Cisco's Webex offer varying levels of encryption -- features that have drawn more attention since the pandemic forced millions of Americans online for work, school, socializing and medical care.

    In the weeks since Zoom announced its encryption plans,<https://blog.zoom.us/wordpress/2020/05/07/zoom-acquires-keybase-and-announces-goal-of-developing-the-most-broadly-used-enterprise-end-to-end-encryption-offering/>
    security experts and consumer advocates have urged <https://twitter.com/Riana_Crypto/status/1268624308852543488> the videoconferencing giant to extend the new, more robust protections to free accounts, not just paid ones. Instead, the company has stood by its plan, citing the need to monitor meetings that are used to share child sexual
    abuse material and engage in other illegal behavior. ``Zoom is dealing with some serious safety issues,'' said Alex Stamos, a former Facebook chief information security officer who is now advising Zoom on security. Zoom
    faces ``a difficult balancing act,'' Stamos added , by ``trying to both
    improve the privacy guarantees it can provide while reducing the human
    impact of the abuse of its product.''

    ------------------------------

    Date: Thu, 04 Jun 2020 17:19:48 +0200
    From: "Diego.Latella" <diego.latella@isti.cnr.it>
    Subject: What does cyber-arms control look like? (Andrew Futter)

    Four principles for managing cyber-risk, European Leadership Network [1],
    4 Jun 2020
    Andrew Futter [2] - Associate Professor in International Politics at
    the University of Leicester
    European Leadership Network [3]

    I don't quite know whether it is especially computer science or its subdiscipline Artificial Intelligence that has such an enormous affection
    for euphemism. We speak so spectacularly and so readily of computer systems that understand, that see, decide, make judgments, and so on, without
    ourselves recognizing our own superficiality and immeasurable naivete with respect to these concepts. And, in the process of so speaking, we
    anesthetise our ability to evaluate the quality of our work and, what is
    more important, to identify and become conscious of its end use. […] One can't escape this state without asking, again and again: "What do I actually do? What is the final application and use of the products of my work?" and ultimately, "am I content or ashamed to have contributed to this use?" -- Prof. Joseph Weizenbaum ["Not without us", ACM SIGCAS 16(2-3) 2--7, Aug1986]

    [1] https://www.europeanleadershipnetwork.org/policy-brief/what-does-cyber-arms-control-look-like-four-principles-for-managing-cyber-risk/?mc_cid=4afb27a93d&amp;mc_eid=3429fd5ce8
    [2] https://www.europeanleadershipnetwork.org/person/dr-andrew-futter/
    [3] https://www.europeanleadershipnetwork.org/
    [4] http://www.isti.cnr.it

    ------------------------------

    Date: Fri, 05 Jun 2020 00:54:06 +0800
    From: Dan Jacobson <jidanni@jidanni.org>
    Subject: Handcrafted phish emails

    I received one of those evil emails:

    "Your Email Account was just signed in on a new Windows device from this
    IP 114.058.33.178."

    Hey wait, wouldn't that be
    114.058.033.178 or
    114.58.33.178 ?

    Sounds kinda hand crafted.

    ------------------------------

    Date: Thu, 4 Jun 2020 11:57:36 +0300
    From: Amos Shapir <amos083@gmail.com>
    Subject: Re: Misinformation About George Floyd Protests Surges on Social
    Media (RISKS-31.94)

    Fight back!

    In the current climate of disrespect of decency and reason, it seems that
    too many people take an attitude of "Who cares if global warming /
    vaccination / moon landing is the result of hard work by tens of thousands
    of people over decades -- we know better because we have read an Internet post!"

    Things like the Flat Earth society have been viewed as harmless weirdness,
    but no more; such ideas had already spilled into the real world and are
    causing real damage and even loss of lives. It's time to fight back.

    Fighting back does not require overt actions like Buzz Aldrin's punching
    the face of a moon landing denier; it's as simple as clicking "reply". I
    have taken to replying to any conspiracy-related post sent to me on social media and mail, specifically those forwarded by friends and colleagues.
    It's rather easy to find the correct information, either from sites
    like *Snopes,
    *or more often, by just clicking the links included in the message itself
    -- almost always, the article's contents contradict the post's headline.

    I always urge posters to read the articles, not the headlines. "Don't send
    me such posts, I actually click the links!"... A link to a scientific
    article posted as "Scientists Show Global Warming is a Hoax" leads to a research which definitely supports the global warming idea; and an article labeled "Soros is out to Destroy America" reveals that his greatest crime is "using his money to support candidates he favors".

    I might be considered a nuisance, but this method greatly reduces the
    volume of nonsense on my feeds, and hopefully contributes just a bit to
    reduce the trend.

    ------------------------------

    Date: Thu, 4 Jun 2020 12:15:48 +1000
    From: <rodney.parkin@spitbrook.net>
    Subject: Re: Australian Federal Government's automated debt recovery
    'Robodebt' was illegal (RISKS-31.94)

    To add some context for non-Australian readers, the scheme made 2
    fundamental errors.

    Firstly, it tried to automatically match income tax returns (which are
    assessed on an annual basis), with social security payments (which are
    assessed on a fortnightly basis). It was assumed that the recipient's fortnightly income was 1/26 of their annual income. But take, for example, a low income worker with casual work from time to time. In slow 2-week
    periods they might be entitled to social security payments, but in better 2-week periods little or no support. By assuming their fortnightly income
    was 1/26 of their annual income, the conclusion was often (but incorrectly) made that their social security had been overpaid in the slow times.

    Secondly, it sent letters of demand putting the onus of proof onto the recipient, where the recipient had little or no ability to provide such
    proof. For example, the claims often related to payments made years before
    - long after the recipient would have retained any records. Further, the letters offered no detail on how the "overpayment" was determined - the recipient was given almost no information about which payments were in
    dispute nor how the "overpayment" amounts had been calculated. The receipts often didn't even know what data was in dispute, let alone have access to
    the records that would allow them to prove their position.

    The government embarked on a massive bluff against members of the community least able to defend themselves. It was clear at the time that it was unreasonable, and it is no surprise that it was eventually reversed.

    ------------------------------

    Date: Thu, 4 Jun 2020 11:01:11 +1000
    From: Paul Edwards <paule@cathicolla.com>
    Subject: Re: REvil Ransomware Gang Starts Auctioning Victim Data
    (RISKS-31.94)

    This is fascinating. Effectively these guys are packaging up bad debt and selling it. It just happens that the collateral against that debt is data rather than a house, car, or boat. I wonder if the auction is a fraction of
    the extortion demanded. Will we have a GDC (Global Data Crisis)? What next? Data futures contracts? :)

    Paul (with tongue slightly in cheek)

    ------------------------------

    Date: Fri, 5 Jun 2020 00:33:42 -0400
    From: Gabe Goldberg <ggoldberg@apcug.org>
    Subject: Surgisphere: governments and WHO changed Covid-19 policy
    based on suspect data from tiny US company (The Guardian)

    Surgisphere, whose employees appear to include a sci-fi writer and adult content model, provided database behind Lancet and New England Journal of Medicine hydroxychloroquine studies

    The World Health Organization and a number of national governments have
    changed their Covid-19 policies and treatments on the basis of flawed data
    from a little-known U.S. healthcare analytics company, also calling into question the integrity of key studies published in some of the world’s most prestigious medical journals.

    A Guardian investigation can reveal the U.S.-based company Surgisphere,
    whose handful of employees appear to include a science fiction writer and an adult-content model, has provided data for multiple studies on Covid-19 co-authored by its chief executive, but has so far failed to adequately
    explain its data or methodology.

    Data it claims to have legitimately obtained from more than a thousand hospitals worldwide formed the basis of scientific articles that have led to changes in Covid-19 treatment policies in Latin American countries. It was
    also behind a decision by the WHO and research institutes around the world
    to halt trials of the controversial drug hydroxychloroquine. On Wednesday,
    the WHO announced those trials would now resume.

    Two of the world's leading medical journals -- the Lancet and the New
    England Journal of Medicine -- published studies based on Surgisphere
    data. The studies were co-authored by the firm's chief executive, Sapan
    Desai.

    Late on Tuesday, after being approached by the Guardian, the Lancet released
    an `expression of concern' about its published study. The New England
    Journal of Medicine has also issued a similar notice.

    An independent audit of the provenance and validity of the data has now been commissioned by the authors not affiliated with Surgisphere because of ``concerns that have been raised about the reliability of the database.''

    https://www.theguardian.com/world/2020/jun/03/covid-19-surgisphere-who-world-health-organization-hydroxychloroquine

    ------------------------------

    Date: Fri, 5 Jun 2020 11:40:30 PDT
    From: "Peter G. Neumann" <neumann@csl.sri.com>
    Subject: UK Failed to Conduct Data COVID Track/Trace Data Protection Impact
    Assessment (Politico)

    U.K. FACING COMPLAINT OVER LACK OF DATA PROTECTION SAFEGUARDS -- Privacy advocates have filed a complaint with the U.K. data protection authority for failing to conduct a data protection impact assessment for its coronavirus track-and-trace program. ``The Government is moving too fast, and breaking things as a result,'' James Killock of the Open Rights Group said. Ravi
    Naik, the lawyer assisting Killock with the complaint, said that deploying
    the tracing program without implementing the proper safeguards is a
    *disaster*.

    <https://www.politico.eu/article/uk-test-trace-privacy-data-impact-assessement/>

    ------------------------------

    Date: Thu, 4 Jun 2020 09:52:23 +0200
    From: Peter Bernard Ladkin <ladkin@causalis.com>
    Subject: Re: Just Stop the Superspreading (Baker, Risks 31-94)

    In Risks 31-94, Henry Baker says that "The NYTimes article below attributes
    the bulk of COVID19 spread to "superspreaders" and "superspreading
    events". "

    Indeed so, but better to cite the source. This info is three months old already, from the London School of Hygiene and Tropical Medicine Centre for Mathematical Modelling of Infectious Diseases (LSHTM CMMID). It has recently been confirmed in two preprints from late May.

    The technical expression is that the disease has an overdispersion parameter value of about 0.1, according to the CMMID estimate. (The parameter is
    usually denoted as "k"=2E.)

    Baker drew attention in Risks 31.84 to a mathematical situation with significant overdispersion even with a low basic reproduction number. He
    seemed to want to turn that exercise into a critique of the concept of R0 in particular and SIR models in general, which puzzled me. As far as I know,
    the CMMID result was obtained with an SIR model.

    The published source is Endo et al., https://wellcomeopenresearch.org/articles/5-67 . This article was available
    in preprint first on March 11, 2020 at
    https://cmmid.github.io/topics/covid19/

    The k value has been recently confirmed by an Israeli preprint about a different group of cases, Miller et al, 2020-05-22 https://www.medrxiv.org/content/10.1101/2020.05.21.20104521v1 and by a
    preprint from Hong Kong, Adam et al https://www.researchsquare.com/article/rs-29548/v1 from 2020-05-21 (Baker extensively quotes an NYT opinion article from Adam and co-author Cowling).

    The result, that most of the infection comes from superspreading, deriving directly from the k value of around 0.1, seems now to be generally
    accepted. German government advisor, virologist Christian Drosten, mentioned
    it in his podcast last week https://www.ndr.de/nachrichten/info/podcast4684.html (in German), and Oxford epidemiologist David Hunter in a Guardian opinion piece https://www.theguardian.com/commentisfree/2020/may/28/coronavirus-infection-rate-too-high-second-wave

    Prof. Peter Bernard Ladkin, Bielefeld, Germany Styelfy Bleibgsnd
    www.rvs-bi.de

    ------------------------------

    Date: Thu, 04 Jun 2020 08:53:22 -0700
    From: Henry Baker <hbaker1@pipeline.com>
    Subject: Re: Just Stop the Superspreading (Ladkin, RISKS-31.95)

    Once again, Peter Ladkin is misinterpreting my criticism of "R0"-based
    models.

    The problem is a fundamental *logical* problem: if one uses an English term "*THE* R0", it presumes that there is such a more-or-less well-defined
    "number" which is named "R0". But as I have argued, and continue to argue, there is *NO* such individual "number" in the case of superspreaders, since
    the *variance* associated with this "number" is so large.

    Perhaps the best analogy comes from quantum physics. Classical physics presumed the independent existence of "position" and "momentum" of a
    particle, but quantum physics showed that any such notions quickly lead to contradictions with actual experiments, so any attempt to utilize terms like "THE position" or "THE momentum" demonstrates conclusively the lack of understanding by the speaker of the true nature of the situation in our
    actual quantum world.

    For example, the phrase "THE position" of an electron surrounding the proton
    in a hydrogen atom demonstrates conclusively the ignorance of the speaker of the concepts of quantum mechanics. Ditto with "THE orbit", "THE momentum", etc.

    Similarly, any use of the phrase "THE reproduction number" demonstrates conclusively the ignorance of the speaker of the concept of
    "superspreaders".

    For fifty years after Heisenberg, logicians, reporters and popular science writers destroyed entire forests trying to describe quantum physics using *classical* physical terminology; they failed miserably and only produced
    more confusion. Even Einstein himself -- whose paper on the *quantum*
    nature of the photoelectric effect won him his Nobel Prize -- was never able
    to become comfortable with the 'spooky action at a distance' nature of
    quantum mechanics. Einstein couldn't force the reality of quantum mechanics onto the Procrustean bed of existing naive concepts and words.

    Similarly the COVID19 pandemic is causing the destruction of entire virtual forests by talking fat(uous) heads, reporters and popular science writers trying to explain what "THE" reproduction number is, when the demonstrated existence of superspreaders -- e.g., the Boston hotel event, a NY bat
    mitzvah, or a choir practise -- proves that there is NO single reproduction number which can provide any intuition for clear thinking about what is
    going on with this pandemic.

    If the confusion were restricted to non-scientists, such logical errors
    might be excused. Unfortunately, some "scientists" were successful at convincing many politicians to panic due to fatally flawed "models" whose outputs had confidence intervals that wouldn't fit into their conference
    room, much less onto their slides (apologies to XKCD: https://m.xkcd.com/2311/).

    U.S. President Lincoln was well aware of how improper usage of words can
    lead to logical errors. When Lincoln was asked "how many legs does a dog
    have if you call his tail a leg?", Lincoln quickly replied, "Four; saying
    that a tail is a leg doesn't make it a leg."

    ------------------------------

    Date: Mon, 1 Jun 2020 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 31.95
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)