Subject: Risks Digest 20.00 (), Volume 20 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Volume 20 : Issue 00 () FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 20 (1 October 1998 to ...) (NOTE: This summary is archived in ftp file risks-20.00 at ftp.sri.com, and is also at http://catless.ncl.ac.uk/Risks/20.00.html.) ---------------------------------------------------------------------- Date: 23 Sep 1998 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to the automated list server, with first text line SUBSCRIBE or UNSUBSCRIBE [with option of E-mail address if not the same as FROM: on the same line]. INFO gets you this file. HELP gives instructions on using the Majordomo listserver in other ways, although not all are implemented for RISKS. CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, nonrepetitious, and without caveats on distribution. Diversity of content is welcome, but personal attacks are not. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses. Contributions will not be ACKed; the load is too great; if you feel neglected, send a follow-up message. **PLEASE** include your name & legitimate Internet FROM: address. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Particularly relevant contributions may be adapted for the RISKS sections of issues of ACM SIGSOFT Software Engineering Notes. * Submissions: By submitting an item that is accepted for publication in RISKS, the author grants permission for unlimited public distribution and redistribution in electronic or other form. * Reuse: Blanket permission is hereby granted for reuse of all materials in RISKS, under the following conditions. All redistributed items must include the Risks-Forum masthead line. All reuse must be accompanied by the following statement: Reused without explicit authorization under blanket permission granted for all Risks-Forum Digest materials. The author(s), the RISKS moderator, and the ACM have no connection with this reuse. As a courtesy, reusers of individual items (as opposed to forwardings of entire issues) should notify the authors, and should pay particular attention to any subsequent corrections. RISKS can also be read on the web at URL http://catless.ncl.ac.uk/Risks Individual issues can be accessed using a URL of the form http://catless.ncl.ac.uk/Risks/VL.IS.html [yes, VL = volume, IS= issue] (Please report any format errors to Lindsay.Marshall@newcastle.ac.uk) RISKS ARCHIVES: ftp://unix.sri.com/risks if your browser accepts URLs, or ftp unix.sri.comlogin anonymous[YourNetAddress] cd risks or cwd risks, depending on your particular FTP; Issue J of volume 20 is in that directory: "get risks-20.J". For issues of earlier volumes, "get I/risks-I.J" (where I=1 to 19, J always TWO digits) for Vol I Issue j. Vol I summaries in J=00, in both main directory and I subdirectory; "bye" I and J are dummy variables here. REMEMBER, Unix is case sensitive; file names are lower-case only. =CarriageReturn; FTP.SRI.COM = [128.18.30.66]; FTPs may differ; Unix prompts for username and a password. Search engines may find other mirrored sources, but those do not necessarily reflect occasional amendations. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS and illustrative.pdf PRIVACY DIGESTS: * The PRIVACY Forum is run by Lauren Weinstein. It includes a digest (which he moderates quite selectively), archive, and other features, such as PRIVACY Forum Radio interviews. It is somewhat akin to RISKS; it spans the full range of both technological and nontechnological privacy-related issues (with an emphasis on the former). For information regarding the PRIVACY Forum, please send the exact line: information privacy as the BODY of a message to "privacy-request@vortex.com"; you will receive a response from an automated listserv system. To submit contributions, send to "privacy@vortex.com". PRIVACY Forum materials, including archive access/searching, additional information, and all other facets, are available on the Web via: http://www.vortex.com * The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is run by Leonard P. Levine. It is gatewayed to the USENET newsgroup comp.society.privacy. It is a relatively open (i.e., less tightly moderated) forum, and was established to provide a forum for discussion on the effect of technology on privacy. All too often technology is way ahead of the law and society as it presents us with new devices and applications. Technology can enhance and detract from privacy. Submissions should go to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. ------------------------------ SUMMARY OF RISKS VOLUME 20 (1 October 1998 to ...) (archived in ftp file risks-20.00) RISKS 20.01 Thursday 1 October 1998 Computer collapse wipes out British Social Security records (PGN) Calling All Traffic Lights in Dublin! (Fiachra O Marcaigh) Y2K "fix" causes Dublin traffic jams (Mich Kabay) Natural gas plant explosion in Victoria, Australia (Martin Gleeson) Malaise in Malaysia hits satellite uplink (Mich Kabay) Bank of Montreal card functions paralyzed by bug (Mark Brader) Bad power strip knocks out Net service (Andrew Brandt) "Cyberdeath' raises privacy issue (Scott Peterson) How to bypass those pesky firewalls (Mark Jackson) Hacking, Irish-Style (Fiachra O Marcaigh) Re: X-rated net suit (Rishiyur S. Nikhil) Re: Sexy risks of searching for MP3 (John Mee, Don Byrd) Y2K risk in Netscape cookies (J Seymour) Re: "Windows NT Security" (Russ Cooper, Joe Thompson) Enquiry re: problems at universities (Pete Mellor) REVIEW: "Decrypted Secrets", F. L. Bauer (Rob Slade) RISKS 20.02 Saturday 3 October 1998 Risks of Upgrades: Florida fingerprint system (Charles P Schultz) Bank error delays 50,000 Ontario social assistance payments (Mark Brader) More --possibly unpublished-- banking/credit card failures (Luc Bauwens) Attack on blood databases was simulated (Dorothy Denning) JavaScript Flaw in Netscape (Edupage) Not all outages are bugs: taxi credit (George Michaelson) Y2K police planning (Alex Klaus) Re: Win NT C2 Certification (pchallin) Education and other undesirable numbers (David Collier-Brown) Less sinister reason for Disney link in porn site (Andrew Klossner) Re: Sexy risks of searching for MP3 (Michael Smith) Re: Y2K risk in Netscape cookies (Jay Ball) Re: How to bypass those pesky firewalls (Brad Ackerman, Phillip C. Reed, Chris DeLashmutt) Information Security Educators Mailing List (Fred Cohen) Risks Digest 20.03 Tuesday 13 October 1998 Computerized gas-pump cheat (Conrad Heiney) Trojan Horse infests 15,000 Internet chat users (Monty Solomon) Computer glitch trips up Dow Jones industrial average (Cliff Sojourner) IE4 and its "magical" features (Chenxi Wang) Unreliable reception of e-mailed WP documents (Daniel P. B. Smith) Microsoft web site denies access based upon Windows regional settings (Eric Ulevik) Risks of installing Microsoft's Media Player (Wade Ripkowski via James Love) Insidious SQL interpreter bug messes up files (David Tonhofer) Netscape Netcenter password hint (Dan Pritts) Radio clock blows daylight savings (Ian Macky) The risks of "keep it simple" [Martin D Kealey) Finland: Fraud with copied banking cards (Kimmo Ketolainen) Offensive information warfare deemed offensive? (PGN) Hackers stay a step ahead of China's cyber-police (PGN) LA 911 outage...backup worked! (Thomas Maufer) Some good Y2K news: whisky will be on tap for Hogmanay 1999 (Declan McCullagh) Military preparations to mobilize for Y2K (Declan McCullagh) Void where prohibited by date (Rob Slade)