precedence: bulk
Subject: Risks Digest 21.00 (), Volume 21 summary 
REPLY-TO: risks@csl.sri.com

RISKS-LIST: RISKS-FORUM Digest      Volume 21 : Issue 00 ()

        FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS 
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

  Contents:
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
SUMMARY OF RISKS VOLUME 21 (15 August 2000 -- )
  (NOTE: This summary is archived in ftp file risks-21.00 at ftp.sri.com,
  cd risks, and is also at http://catless.ncl.ac.uk/Risks/21.00.html.)

----------------------------------------------------------------------

Date: 13 Dec 1999 (LAST-MODIFIED)
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) 
 if possible and convenient for you.  Alternatively, via majordomo, 
 SEND DIRECT E-MAIL REQUESTS to <risks-request@csl.sri.com> with one-line, 
   SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
   INFO     [for unabridged version of RISKS information]
 .MIL users should contact <risks-request@pica.army.mil> (Dennis Rears).
 .UK users should contact <Lindsay.Marshall@newcastle.ac.uk>.
=> The INFO file (submissions, default disclaimers, archive sites, 
 copyright policy, PRIVACY digests, etc.) is also obtainable from
 http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
 The full info file will appear now and then in future issues.  *** All 
 contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
=> ARCHIVES are available: ftp://ftp.sri.com/risks or
 ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
   [volume-summary issues are in risks-*.00]
   [back volumes have their own subdirectories, e.g., "cd 19" for volume 19]
 http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
 http://the.wiretapped.net/security/textfiles/risks-digest/ .
==> PostScript copy of PGN's comprehensive historical summary of one liners:
    illustrative.PS at ftp.sri.com/risks .

------------------------------

Subject: SUMMARY OF RISKS VOLUME 21 (15 August 2000 to ...)
  (archived in ftp file risks-21.00)

RISKS-21.01  Tuesday 15 August 2000
  Russian nuclear sub trapped on bottom of Barents Sea (Keith A Rhodes)
  Risks of train doors: Sydney (Simon Carter)
  Admissions mixup leaves Northeastern University struggling
    (Daniel P.B. Smith)
  Not so smart weapons in Kosovo (Lord Wodehouse)
  Private phone records on Web (Kevin L. Poulsen)
  Barclays Internet-banking security-glitch following software upgrade 
    (Pete Morgan-Lucas)
  Security hole in Netscape (NewsScan)
  The Pentagon worries that spies can see its computer screens 
    (Gregory F. March)
  Online gambler goes to prison (NewsScan)
  County blew $38 million on canceled payroll system! (Joan Brewer)
  Delays in the new UK Air traffic control system (Ursula Martin)
  Microsoft vulnerabilities, publicity, and virus-based fixes (Bruce Schneier)
  REVIEW: "NT 4 Network Security", Strebe/Perkins/Moncur (Rob Slade)
RISKS 21.02  Saturday 26 August 2000
  Hoaxes: When will they learn? (Dave Farber)
  NY State's running out of fingerprint IDs (Danny Burstein)
  Mobile phone malware on i-mode in Japan (Kevin Connolly)
  Firepower via Web interface (Anatole Shaw)
  Sydney Airport baggage system fails for second time in five days 
    (Stellios Keskinidis)
  Airline E-Ticket risks (Paul Wallich)
  Risks on public transit: mechanical and human failures in Toronto 
    (Stephen van Egmond)
  Bangkok robot security guard (Torrey Hoffman)
  Professor stole 40 student SSNs and IDs to get credit cards (Joan L. Brewer)
  Kaiser Permanente medical e-mails go astray (Sheri Alpert)
  Wake up, your TV is talking to your bracelet (NewsScan)
  SSL Server Security Survey (Monty Solomon)
  *The Globe and Mail* Web site exposing search-engine log file
    (Esteban Gutierrez-Moguel)
  Blocked e-mail and Web sites (PGN)
  Major security hole in new online organizer service (Paul van Keep)
  Hackers breach Firewall-1 (PGN)
  GAO says EPA's computer security is "riddled" with weaknesses 
    (Declan McCullagh)
  Bruce Schneier's Secrets and Lies (PGN)
  Software Risk Management Conference ISACC (Gary McGraw)
RISKS 21.03  Monday 28 August 2000
  New security vulnerability: 13-year-old 'r00ts' popular polynomial
    (Leonard Richardson)
  Pretty Good Bug found in Windows versions of PGP (Declan McCullagh)
  Two cables (Doneel Edelson)
  Four of the 13 root servers used by Network Solutions (Dave Farber)
  Court says FBI has been given too much wiretap power (NewsScan)
  "Free" e-mail accounts and passwords exposed for a month (Peter Kaiser)
  Hotmail blows it badly? (Jay R. Ashworth)
  Possible Y2K bug strikes UK Egg Bank (Ralph Corderoy)
  More risks of filtering software (David Goddard)
  Risks of Eurdora 4.x (David Sedlock)
  "Verify your age with a credit card": more than $188M fraud (Lenny Foner)
  Re: Airline E-tickets (Adam Shostack)
  Re: Hoaxes: when will they ever learn (Eric Murray)
  Re: SSL Server Security Survey (Sean Eric Fagan)
  Re: mechanical and human failures in Toronto (Mark Brader)
RISKS 21.04  Monday 11 September 2000
  Identity theft (PGN)
  Government computers at risk (NewsScan)
  Satellite system outage hits Associated Press (Keith A Rhodes)
  Puerto Rican capital without power (Doneel Edelson)
  New Pentium III chip recalled (NewsScan)
  CSX crew spots problem signal, averts collision (Chuck Weinstock)
  F-117 stealth fighter in near-miss with UAL jet (PGN)
  Fake air controllers alert in UK (Joe McCauley)
  Swissair 111, TWA 800, and Electromagnetic Interference (Fred Ballard)
  D.01: off by x100 stock prices (Bob Blakley)
  Western Union Web site hacked (Keith A Rhodes)
  FBI arrests Emulex hoax suspect in Calif. (NewsScan)
  Glitch at Amazon.com exposes e-mail addresses (Keith A Rhodes)
  Windows NT/2000 "Lock Computer" allows palm sync (Avi Rubin)
  1,000 system updates??? (Scott Rainey)
  Risks of partially updated Web pages (Daniel P.B. Smith)
  Re: Major security hole ... (Chris Adams, Michael Loftis)
  Re: Your TV is talking to your bracelet (George Weaver)
  PFIR statement on government interception of Internet data (Lauren Weinstein)
  REVIEW: "Big Book of IPsec RFCs", Pete Loshin (Rob Slade)
  2001 IEEE Security and Privacy Symposium (Jon Millen)
RISKS 21.05  Wednesday 20 September 2000
  Qualcomm CEO's laptop vanishes, containing corporate secrets (NewsScan, 
    David Lesher)
  Computers shut down aircraft engines in flight (Mike Beims)
  Russian troops block power shutoff (Doneel Edelson)
  OPEC site hacked (Mike Hogsett)
  Navy carrier to run Win 2000 (Mike Ellims)
  Re: Windows NT/2000 palm sync (Avi Rubin)
  Re: Identity theft (Carl Ellison)
  Re: D.01: Off by x100 (Terry Carroll)
  Re: New Pentium III chip recalled: typo (Gideon Yuval)
  Risks of using HTML Mail and HTTP proxy "censorware" together (Dan Birchall)
  Concorde crash report (Peter Kaiser)
  Computerized air-conditioning risks (Pere Camps)
  ``Netspionage'' is the real security threat on the Net (NewsScan)
  Hackers offered $10,000 bait (NewsScan)
  A subtle fencepost error in real life (Andrew Koenig)
  New credit-card solution? (Joshua M Bieber)
  Reconstructing Privacy - Conference Announcement (Gene N Haldeman)