The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 13 Issue 63

Wednesday 8 July 1992

Contents

o Newsweek Vincennes article
Bob Frankston
o Are bank machines private?
Andre Bacard
o Virus consumes clerks at Sears
Kurt Guntheroth
o GI Observations on IT Security Evaluation Manual (ITSEM) V0.2
Kai Rannenberg
o Voting by Phone in Nova Scotia
Evan Ravitz
o When Cryptography is Outlawed...
Kurt Guntheroth
o Re: computer-literate children find porn
Karl Lehenbauer
o ESORICS 92: Preliminary Programme
Yves Deswarte
o Info on RISKS (comp.risks)

Newsweek Vincennes article

<Bob_Frankston@frankston.com>
Wed 8 Jul 1992 14:02 -0400
I'd be interested in comments on its accuracy.

I won't comment on the larger issues of the "if it moves, shoot it" mentality.
But as a systems designer I can understand the compromises made to meet the
specs, but two small points stick in my mind.

One is the image of a technician madly scanning through a dog-eared issue of
the OAG (the article didn't mention a brand name) to find the Iranian flight.
It's hard enough to not miss an entry when in a quiet airport in a single time
zone.  I realize that tracking civilian flights was not part of the normal
battle plan, but I presume that the system has still not been updated to link
to the civilian airline reservation systems or other such sources of
information.  One change in warfare, which I think the Gulf War illustrated, is
how the commercial technology has, in many ways, surpassed the military.  Of
course, the online airline info might not be accurate which means a delayed
flight could still have been missed.

The other is that the tagging of the plane as an F-14 provided for no level
of ambiguity.  Even in the heat of battle, can the system cope with multiple
interpretations of data or does it mindless lock in on a worst case and then
present it to the befuddled user as fact?

Of course, dealing with ambiguous information from many sources is a very
difficult problem and, as this incident illustrates, neither the system nor
the users are up to task.  Conversely, what good is SDI if the incoming
missiles all follow commercial airline schedules?

   [The article was based on a new report produced jointly by Newsweek and
   the ABC "Nightline" (and scheduled to be broadcast on ABC on 1 July).  The
   report challenges the official U.S. account, claiming that U.S. forces had
   "provoked the episode".  It also cites Admiral Crowe as confirming that the
   Vincennes was in Iranian waters at the time.  The Pentagon replied that
   that was true, but only in self-defense.  Source: NYTimes, 2 July 1992.

     For those of you who don't remember the technological aspects of the
     Aegis system, see my item recounting a discussion with Matt Jaffe in
     RISKS-8.74 (and a follow-on in 8.75).  For anyone seriously interested
     in this bit of technohistory, I recommend your rereading the lead item
     in RISKS-8.74.  PGN]


Are bank machines private?

Andre Bacard <abacard@well.sf.ca.us>
Wed, 8 Jul 92 15:01:04 -0700
   [I just returned from Paris, where I read the following article in the
   "European" newspaper. Hmm...]

PIN Money for Thieves"

Italian thieves have managed to pull off the world's most ingenious cash card
fraud. A perfect replica of a bank cash dispenser was glued on top of the real
thing and swallowed cards inserted by unsuspecting customers when they tried to
withdraw money.

Police say that the thieves collected 104 cards before staff at the bank, in
Busto Arsizio, near Milan, were alerted.

Normally a stolen bank card is useless without the owner's Personal
Identification Number. But the thieves programmed their fake machine to request
the customers' PIN numbers before telling them the card had been accidentally
demagnetized and was being retained.

After collecting the cards, the thieves then spent the night withdrawing money
from genuine cash dispensers.

A police spokesman said: "The thieves have been having a spree, withdrawing
money with the credit cards and the right PIN numbers. They were obviously
electronics experts."

Andre Bacard, POBox 3009, Stanford, California 94309-3009
         abacard@well.sf.ca.us   (e-mail)        (415) 897-6067  (voice)

         [Another variant on the old spoofing attack.  PGN]


Virus consumes clerks at Sears

Kurt Guntheroth <kurt@tc.fluke.com>
Tue, 7 Jul 92 14:49:57 PDT
My mother-in-law is a sales clerk at a Sears store in Everett Washington.  I
saw 25 new CompuAdd point-of-sale terminals in the back room.  They're super
techie, with a small CRT, ASCII keyboard, fancy strip printer, and mag card
stripe reader.  They were supposed to be installed months ago, but apparently
they have a dose of the Michaelangelo virus.

"Michaelangelo?  On a terminal?  Are you sure?" I asked.  Needless to say,
the answer was not too specific.  She said it might also have been on a PC
that configures the terminals, rather than the terminals themselves.  Doesn't
Michaelangelo only strike on one day of the year?  All she knew was that they
were "full of viruses" and could not be installed.

Sears has its share of troubles these days, and apparently it is running so
lean and mean that there is no one in the store with enough computer smarts
to get things cleared up in the intervening months.  So there they sit,
depreciating.  But they'll *sell* you a computer...If you dare...bwah ha ha!

And you thought people who knew what viruses are were scared...


GI Observations on IT Security Evaluation Manual (ITSEM) V0.2

Kai Rannenberg <kara@cs.tu-berlin.de>
Tue, 7 Jul 1992 21:30:44 +0200
The Data Protection & Data Security Task Force of the German Gesellschaft fuer
Informatik (GI) has again published a "Statement of Observations" concerning
the IT Security Evaluation initiative driven by the Commission of the European
Communities.

This time the statement had to be made on the Information Technology
Security Evaluation Manual (ITSEM) in its current Version 0.2.
The ITSEM shall give help to evaluators and sponsors working with
Information Technology Security Evaluation Criteria (ITSEC) and
therefore are related quite closely to them. The current version 1.2
of ITSEC was subject of the last "Statement of Observations" the
GI Task Force published in February 1992.
Discussion of Criticism on ITSEM shall take place in Brussels
(Belgium) from September 8th to September 10th 1992.

Observations, criticism and proposals on ITSEM V0.2 concentrate on the
following issues:

(1) Lack of Correction of ITSEC problems
(2) ITSEC needs much deeper and therefore more improvements than
    admitted in chapter 1.5.
(3) Who oversees the Certification Bodies?
(4) Several Classes of potential attackers are not covered.
(5) Threats can not be enumerated and must be specified the other
    way round.
(6) The discrimination between strength of mechanisms in only 3 classes
    (basic, medium or high) is very poor and not adequate.
(7) Requirements for Tools and Techniques are missing.

The full statement is posted to alt.security, comp.security.misc and
probably comp.society.privacy.

Kai Rannenberg, Technische Universitaet Berlin, Informatics, FR 5-10,
Franklinstr. 28/29, D-W-1000 Berlin 10, Germany  (+49 30) 314-73499


Voting by Phone in Nova Scotia

Evan Ravitz <evanr@alumni.cs.colorado.edu>
Tue, 7 Jul 92 23:27:36 -0600
WORLD'S FIRST VOTING BY PHONE: JUNE 20 IN NOVA SCOTIA

After an initial failure on June 6, the Liberal Party of Nova Scotia held a
primary June 20 to elect its next leader: 94% of the 7416 delegates voted, all
with touch-tone phones. Typical turnout for Canadian elections is 60-70%.

The Liberals were issued Personal Identification Numbers by mail.  For each of
2 ballots, voters called one of five 900 numbers corresponding to their choice
of leader, and then keyed in their "PIN number". The computer then checked
their number off so they couldn't vote again. John Savage won on the second
ballot with almost 53% of the vote.

The service was provided by Maritime Telephone & Telegraph and cost each voter
50 cents. The eight-digit PIN numbers enabled one to vote from any billable
touch-tone phone: if you did't have touch- tone, you'd borrow your neighbor's.
Absentee voting was as simple as picking up the phone, wherever you were.

With this success, the Canadian government is considering a national referendum
by phone on the results of their Constitutional Convention, within 6 months.

The Federal Voter Assistance Program of the Pentagon is now considering voting
by phone for servicemen, who had voting by fax from the Persian Gulf. But a
$300 fax machine is overkill when a $10 touch-tone phone will do.  The Program
called the Voting by Phone Foundation of Boulder for their initial information.

The Voting by Phone Foundation is now in a petition drive to put a charter
amendment on November's Boulder City ballot. If passed Boulder would become the
first city in the U.S. to offer the option of phone voting. Please call [Evan
at] (303)444-3596 to help.

The Foundation is holding a demonstration of voting by phone from now until the
November 3rd election. Anyone may call (303)444-3596, 24 hours a day. If you
are registered to vote in Boulder, you will be asked to enter your last name
and birth date for identification.  This limits you to one vote, although not
as effectively as the random PIN number to be used for real elections. A
different question will be asked every 2 weeks, and presidential [... rest
truncated by Evan's mailer?]


When Cryptography is Outlawed...

Kurt Guntheroth <kurt@tc.fluke.com>
Tue, 7 Jul 92 09:03:29 PDT
When Cryptography is Outlawed, Only Outlaws Will Have Cryptography

The really difficult-to-understand part about the Federal Government's
recent assault on cryptographic privacy is how the Feds think they'll keep
cryptography out of the hands of criminals and Evil Foreign Governments.

Now that the Feds have admitted that they have trouble decoding encrypted
messages, any criminal or Evil Spy with a brain will be rushing to purchase
the equipment.  Criminals are hardly worried about breaking any law that
says they can't keep their deeds a secret, and smuggling the technology into
the country will hardly pose a problem to a reasonably proficient Drug Lord.

Perhaps what the Feds are looking for is a new weapon of prosecution; use of
cryptography is by definition a felony, and widespread use of cryptography
is then by definition racketeering as defined by RICO.  It's like bagging
Capone for tax evasion, when he was too slippery to be caught breaking the
law.  I find this sloppiness unacceptable as a taxpayer.

It's just like illegal weapons.  The crooks have the Uzis and MAC-10s, and
the cops have .38s.  And the streets are nevertheless protected.  I see a
future where the world class criminals profit from breaking our insecure-by-
legal-decree comm systems, preying on us law abiding citizens, while carrying
out their business in unlawful security.

Why can't the spies get wise?  Technology is not static.  If the phone becomes
secure, there must be improvements in bugging or some other spook-versus-crook
technology that could replace this information gathering avenue.

How typical of our freedom-loving government to make keeping a secret felonious.

   [By the way, see the July issue of the CACM, which contains material some of
   which has appeared earlier in RISKS, plus a piece by John Perry Barlow and a
   a response to letters from Rivest, Hellman, and Anderson from John Lyons of
   NIST.  PGN]


Re: computer-literate children find porn (RISKS-13.62)

Karl Lehenbauer <karl@sugar.neosoft.com>
Sun, 5 Jul 92 11:10:05 CDT
That same 15-year-old can see some pretty steamy R-rated movies on his
family's cable TV movie channels, or over at his friends.  He can
trade videotapes.  Many mainstream magazines, such as Vogue, purchasable
over the counter by anyone, contain photographs of partially nude women.

It would be tragic if heavy legal restrictions placed on "computer porn", when
it is so difficult to police users' actions and impossible to monitor all
activity on any moderately large BBS in any case, and when "pornography" is so
readily available to everyone through so many other channels, for many of which
no attempt is made to validate the recipient's age at all.

With the ongoing fusion of communications technologies such as computers,
telephones and television, the restrictions' boundaries would broaden to
encompass more and more of the technologies available to us to communicate
with.  Further, since the technology for copying and forwarding images (video,
PC, etc) is so pervasive, enforcement would be spotty and selective, with many
innocent people, for example those whose systems were unknowingly used to
further these peoples' purposes, caught in the net.


ESORICS 92: Preliminary Programme

Yves Deswarte <deswarte@laas.laas.fr>
Tue, 7 Jul 92 10:08:07 +0200
Please find enclosed the preliminary ESORICS 92 programme
in its ASCII English version. PostScript versions of
the full programme can be accessed by ftp at
"laas.laas.fr" (140.93.0.15), in files :
~ftp/pub/esorics/PGM.PS   : PostScript file without laserprep
~ftp/pub/esorics/PGM.PS.Z : idem in compressed form (binary)
~ftp/pub/esorics/PGM.PS.long   : PostScript file with laserprep
~ftp/pub/esorics/PGM.PS.long.Z : idem in compressed form (binary)

If you wish to receive a paper copy, drop me mail.  Yves

===== Yves Deswarte - LAAS-CNRS & INRIA - 31077 Toulouse (France) =====
==== E-mail:deswarte@laas.fr - Tel:+33/61336288 - Fax:+33/61336411 ====

                             ESORICS 92
                       Preliminary Programme
          European Symposium on Research in Computer Security
                November 23-25, 1992, Toulouse, France

Computer security is concerned with the protection of information in
environments where there is a possibility of intrusion or malicious action. The
aim of ESORICS is to further the progress of research in computer security by
establishing a European forum for bringing together researchers in this area,
by promoting the exchange of ideas with system developers and by encouraging
links with researchers in related areas. To achieve this aim under the best
conditions, ESORICS 92 will be a single track symposium and the selected papers
will be presented in a conference hall whose capacity is 290 attendees. ESORICS
92 is the second symposium of a series started with ESORICS 90 held in Toulouse
in October, 1990.

Symposium Chair: Gerard Eizenberg (ONERA/CERT, France)

Organized by AFCET
In Cooperation with
    BCS     The British Computer Society
    CNRS    Centre National de la Recherche Scientifique
    DISSI   Delegation Interministerielle pour la Securite des
                 Systemes d'Information
    DRET    Direction des Recherches Etudes et Techniques
    ERCIM   European Research Consortium for Informatics and
                 Mathematics
    GI      Gesellschaft fur Informatik
    IEE     Institute of Electrical Engineers
    INRIA   Institut National de Recherche en Informatique et
                 Automatique
    NGI     Nederlands Genootschap voor Informatica

                             PROGRAMME
                    Monday, November 23, 1992

 9:00-10:30  Registration and welcome coffee
10:30-11:00  Introduction to ESORICS 92
11:00-12:30  Session: Access Control
   Towards security in an open systems federation
      (John A. Bull, Li Gong, Karen R. Sollins)
   Type-level access controls for distributed structurally object-oriented
      database systems (Udo Kelter)
   On the Chinese wall model (Volker Kessler)
12:30-14:15  Lunch
14:15-15:45  Session: Formal Methods
   Formal methods and automated tool for timing-channel identification in TCB
      source code (Jingsha He, Virgil D. Gligor)
   Separating the specification and implementation phases in cryptography
      (Marie-Jeanne Toussaint)
   Formal specification of security requirements using the theory of
      normative positions (Andrew J. I. Jones, Marek Sergot)
15:45-16:15  Break
16:15-17:45  Invited Talks
   Roger Needham: Key management (to be confirmed)
   Yvo Desmedt: Different views on security
18:00-...    Buffet
18:30-...    Poster Session

[ESORICS 92 will include Poster Sessions devoted to presentations on work in
progress, recent research results and innovative proposals.  These poster
sessions will be held in rooms with paperboards and poster supports, these
rooms being available at any time from the beginning to the end of the
symposium. If you are interested in posting a presentation, please submit a
short description of your presentation with your registration before September
30, 1992.  Notification of acceptance or rejection will be sent by October 25,
1992].

                             PROGRAMME
                    Tuesday, November 24, 1992

 8:30- 9:00  Welcome coffee
 9:00-10:30  Session: Authentication I
   Verification and modelling of authentication protocols
      (Ralf C. Hauser, E. Stewart Lee)
   KryptoKnight authentication and key distribution system
      (Refik Molva, Gene Tsudik, Els Van Herreweghen, Stefano Zatti)
   Associating metrics to certification paths (Anas Tarah, Christian Huitema)
11:00-12:30  Session: Distributed Systems
   An object-oriented view of fragmented data processing for fault and
      intrusion tolerance in distributed systems
      (Jean-Charles Fabre, Brian Randell)
   The development and testing of the identity-based conference key
      distribution system for the RHODOS distributed system
      (M. Wang, A. Goscinski)
   Policy enforcement in stub autonomous domains (Gene Tsudik)
14:15-15:45  Session: Authentication II
   Freshness assurance of authentication protocols
      (Kwok-Yan Lam, Dieter Gollmann)
   A formal framework for authentication (Colin Boyd)
   Timely authentication in distributed systems (Kwok-Yan Lam, Thomas Beth)
16:15-17:00  Invited Talk
   Yvon Klein: What research for security evaluation ?
17:00-18:15  Panel: Availability and Integrity
18:30-...    Poster Session
20:00-...    Banquet

                       PROGRAMME
            Wednesday, November 25, 1992

 8:30- 9:00  Welcome coffee
 9:00-10:30  Session: Database Security
   Polyinstantiation for cover stories (Ravi S. Sandhu, Sushil Jajodia)
   On transaction processing for multilevel secure replicated databases
      (I. E. Kang, T. F. Keefe)
   Security constraint processing in multilevel secure AMAC schemata
      (G. Pernul)
11:00-12:00  Session: System Architectures
   M2S: A machine for multilevel security
      (Bruno d'Ausbourg, Jean-Henri Llareus)
   GDoM, a multilevel document manager (Christel Calas)
13:45-15:15  Session: Applications
   UEPS - A second generation electronic wallet (Ross J. Anderson)
   A hardware design model for cryptographic algorithms
      (Joan Daemen, Rene Govaerts, Joos Vandewalle)
   ASAX: Software architecture and rule-based language for universal audit
      trail analysis (Naji Habra, B. Le Charlier, A. Mounji, I. Mathieu)
15:15-15:30  Closing Remarks

Programme Committee:
    Jean-Jacques Quisquater (UCL, Belgium), Chair
    Bruno d'Ausbourg (ONERA-CERT, France)
    Joachim Biskup (Universitat Hildesheim, Germany)
    Peter Bottomley (RSRE, United Kingdom)
    Yvo Desmedt (University of Wisconsin-Milwaukee, USA)
    Yves Deswarte (LAAS-CNRS & INRIA, France)
    Gerard Eizenberg (ONERA-CERT, France)
    Amos Fiat (University of Tel-Aviv, Israel)
    Dieter Gollmann (University of London, United Kingdom)
    Franz-Peter Heider (GEI, Germany)
    Jeremy Jacob (Oxford University, United Kingdom)
    Helmut Kurth (IABG, Germany)
    Jean-Claude Laprie (LAAS-CNRS, France)
    Peter Landrock (Aarhus University, Denmark)
    Teresa Lunt (SRI, USA)
    John McDermid (University of York, United Kingdom)
    John McLean (NRL, USA)
    Catherine Meadows (NRL, USA)
    Jonathan Millen (MITRE, USA)
    Emilio Montolivo (Fondazione Ugo Bordoni, Italy)
    Roger Needham (University of Cambridge, United Kingdom)
    Alfredo de Santis (Universita di Salerno, Italy)
    Einar Snekkenes (NDRE, Norway)
    Marie-Jeanne Toussaint (Universite de Liege, Belgium)
    Kioumars Yazdanian (ONERA-CERT, France)

Organization Committee:
    Yves Deswarte (LAAS-CNRS & INRIA, France), Chair
    Laurent Cabirol (SCSSI, France)
    Jean-Francois Cornet (Consultant, France)
    Michel Dupuy (ENST, France)
    Marie-Therese Ippolito (LAAS-CNRS, France)
    Marie-France Kalogera (AFCET, France)
    Paul Richy (CNET, France)
    Pierre Rolin (ENSTA, France)
    Kioumars Yazdanian (ONERA-CERT, France)

                         GENERAL INFORMATION

Symposium Location: Hotel Palladia
  271 avenue de Grande Bretagne, 31300 Toulouse, France
  telephone: +33 62 120 120, fax: +33 62 120 121
  Hotel Palladia is located in the west district of Toulouse,
  5 km from city centre.

Access to Toulouse:
- By plane: Toulouse-Blagnac International Airport
  (telephone: +33 61 42 44 00). Hotel Palladia is 4 km from the
  airport. Approximate taxi fare is 50 FF.
- By train: Toulouse-Matabiau railway station (telephone:
  +33 61 62 50 50). Bus 14 from railway station to "Chardonnet"
  stop (in front of Hotel Palladia). Approximate taxi fare is 70FF.
- By car: Toulouse is linked to the main European road networks.
  On the Toulouse ring, direction Auch, exit 1 to Casselardit-Purpan.

Tourist Information: Office du Tourisme, Donjon du Capitole,
  31000 Toulouse, telephone: +33 61 11 02 22

Visa: For non European Community citizens, please check with the
  French Consulate in your home country if you need a visa. Visa
  applications take approximately 4 weeks to process.

Registration Procedure:
- Advance: Please complete the registration form and send it to
  AFCET. About 15 days before the beginning of the symposium,
  registered participants will receive their pass, which is to be
  presented at the registration desk to receive symposium documents.
- On-Site: Registration desk and welcome service will be available
  from 8:30 am to 8:00 pm on Monday 23, to 7:30 pm on Tuesday 24 and
  to 4:00 pm on Wednesday 25.
- Fellowships: Applications for half-rate registrations can be sent
  to AFCET with due justification. Students wishing to apply for
  these fellowships should join a recommendation letter from their
  professor.
- Fees: Registrations fees include admission to the technical ses-
  sions, one copy of the proceedings, breaks, lunches, Monday buffet
  and Tuesday banquet.

Payments: Payments are accepted in French Francs only:
- by credit cards (Visa International or MasterCard only): complete
  the charge authorization on the registration form.
- by banker's draft (with indication of your name and ESORICS 92),
  to the order of AFCET, bank account 502 650 009-02 at BIMP,
  22 rue Pasquier, 75008 Paris, France. Please ask your bank to
  arrange the transfer at no cost for the beneficiary. Bank charges,
  if any, are at the participant's expense. To guarantee your regis-
  tration, enclose a copy of your bank transfer.

Cancellations: Refunds of 50% will be made if a written request is
  received before October 23, 1992. No refunds will be made for
  cancellations received after this date. In case of symposium
  cancellation for reasons beyond its control, AFCET limits its
  liability to the registration fees already paid.

Proceedings: ESORICS 92 proceedings will be distributed on-site to
  registered participants. Extra copies of ESORICS 92 and ESORICS 90
  proceedings will be sold on-site.

Languages: English and French, with simultaneous translation.

Social Event: A dinner banquet will be offered to all registered
  participants on Tuesday, November 24, 1992. For accompanying
  persons, banquet price is 250 FF.

Post-Symposium Tour: A visit (by bus) of Toulouse, the medieval city
  of Carcassonne and their region will be organized on Thursday,
  November 26, 1992. If interested, please tick the corresponding
  box on the registration form to receive tour information.

Travel Discounts: About 35% reduction for some Air Inter domestic
  return flights can be obtained for the Symposium dates. Please
  tick the appropriate box on the registration form to receive your
  discount voucher.

Hotel Reservations: There are many hotels in Toulouse in every
  category. A list of hotels, within walking distance from Hotel
  Palladia and offering special prices to ESORICS 92 participants,
  is given at the end of this message. For your reservation, please
  contact DIRECTLY the hotel of your choice; do not forget to
  mention ESORICS 92.

Local Organization: Marie-Therese Ippolito, LAAS-CNRS,
  7 avenue du Colonel Roche, 31077 Toulouse (France),
  telephone: +33 61 33 62 74, fax: +33 61 55 35 77,
  E-mail: esorics@laas.fr.



                      REGISTRATION FORM

To be sent to: AFCET - ESORICS 92
               156, boulevard Pereire
               75017 Paris (France)
               Fax : +33 1 42 67 93 12
               Telephone: +33 1 47 66 24 19

          (Please print)
Name:
First Name:
Company:
Address:


Country:
Telephone :                  Fax :
Nb of invoices requested:
Invoice(s) to be sent to:


Air Inter Discount
[]  Please send me an Air Inter discount voucher

Post-Symposium Tour
[]  Please send me tour information

Poster Session
[]  I wish to present a poster and I enclose its description.


FEE (18.6% VAT included):

Member: AFCET []   BCS []   GI []   IEE []   NGI []
            Before October 24, 1992 :  3000 FF []
            After  October 23, 1992 :  3500 FF []

Non member:
            Before October 24, 1992 :  3300 FF []
            After  October 23, 1992 :  3800 FF []

Accompanying persons for banquet:     x 250 FF


                           TOTAL :          FF

PAYMENT (enclosed):

   Banker's draft []
   Purchase order []
   Credit Card Authorization:
        I duly authorize you to charge my  Visa Intl []
                                          MasterCard []
        Expiration :     Card Number:
        Card holder name:
        Signature:                  Date :


                          HOTEL LIST

For all reservations, contact DIRECTLY the hotel of your choice,
mentioning ESORICS 92, and confirm your reservation by fax or telex.

Palladia ****
271 avenue de Grande Bretagne, 31300 Toulouse
telephone : +33 62 120 120         fax : +33 62 120 121
single 490 FF, breakfast 70 FF
(Free shuttle available on request from the airport)

Dotel ***
Avenue des Arenes Romaines, 31300 Toulouse
telephone : +33 61 83 83           fax : +33 61 31 00 10
single 320 FF, breakfast included
(Free shuttle available on request from the airport)

Novotel Toulouse Purpan ***
23 Impasse Maubec, 31300 Toulouse
telephone : +33 61 49 34 10        fax : +33 61 49 63 37
single 430 FF, breakfast 47 FF
(Free shuttle available on request from the airport)

Le Grande Bretagne ***
300 avenue de Grande Bretagne, 31300 Toulouse
telephone : +33 61 31 84 85        fax : +33 61 31 87 12
single 390 FF, breakfast included

Campanile Purpan **
33 route de Bayonne, 31300 Toulouse
telephone : +33 61 31 09 09        fax : +33 61 31 09 10
single 240 FF, breakfast 29 FF

Gascogne **
25 allees Charles de Fitte, 31300 Toulouse
telephone : +33 61 59 27 44        telex : 521090F
single 230 FF, breakfast 35 FF
(3 km from Hotel Palladia, bus 14 "Saint-Cyprien" stop)

===== Yves Deswarte - LAAS-CNRS & INRIA - 31077 Toulouse (France) =====
==== E-mail:deswarte@laas.fr - Tel:+33/61336288 - Fax:+33/61336411 ====

Please report problems with the web pages to the maintainer

Top