Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 21.00 (), Volume 21 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest 29 March 2002 Volume 21 : Issue 00 (99) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 21 (15 August 2000 to 29 March 2002) (NOTE: This summary is archived in ftp file risks-21.00 at ftp.sri.com, cd risks, and is also at http://catless.ncl.ac.uk/Risks/21.00.html.) ---------------------------------------------------------------------- Date: 13 Dec 1999 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 19" for volume 19] http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. http://the.wiretapped.net/security/textfiles/risks-digest/ . ==> PostScript copy of PGN's comprehensive historical summary of one liners: illustrative.PS at ftp.sri.com/risks . ------------------------------ Subject: SUMMARY OF RISKS VOLUME 21 (15 August 2000 to 29 March 2002) (archived in ftp file risks-21.00) RISKS-21.01 Tuesday 15 August 2000 Russian nuclear sub trapped on bottom of Barents Sea (Keith A Rhodes) Risks of train doors: Sydney (Simon Carter) Admissions mixup leaves Northeastern University struggling (Daniel P.B. Smith) Not so smart weapons in Kosovo (Lord Wodehouse) Private phone records on Web (Kevin L. Poulsen) Barclays Internet-banking security-glitch following software upgrade (Pete Morgan-Lucas) Security hole in Netscape (NewsScan) The Pentagon worries that spies can see its computer screens (Gregory F. March) Online gambler goes to prison (NewsScan) County blew $38 million on canceled payroll system! (Joan Brewer) Delays in the new UK Air traffic control system (Ursula Martin) Microsoft vulnerabilities, publicity, and virus-based fixes (Bruce Schneier) REVIEW: "NT 4 Network Security", Strebe/Perkins/Moncur (Rob Slade) RISKS 21.02 Saturday 26 August 2000 Hoaxes: When will they learn? (Dave Farber) NY State's running out of fingerprint IDs (Danny Burstein) Mobile phone malware on i-mode in Japan (Kevin Connolly) Firepower via Web interface (Anatole Shaw) Sydney Airport baggage system fails for second time in five days (Stellios Keskinidis) Airline E-Ticket risks (Paul Wallich) Risks on public transit: mechanical and human failures in Toronto (Stephen van Egmond) Bangkok robot security guard (Torrey Hoffman) Professor stole 40 student SSNs and IDs to get credit cards (Joan L. Brewer) Kaiser Permanente medical e-mails go astray (Sheri Alpert) Wake up, your TV is talking to your bracelet (NewsScan) SSL Server Security Survey (Monty Solomon) *The Globe and Mail* Web site exposing search-engine log file (Esteban Gutierrez-Moguel) Blocked e-mail and Web sites (PGN) Major security hole in new online organizer service (Paul van Keep) Hackers breach Firewall-1 (PGN) GAO says EPA's computer security is "riddled" with weaknesses (Declan McCullagh) Bruce Schneier's Secrets and Lies (PGN) Software Risk Management Conference ISACC (Gary McGraw) RISKS 21.03 Monday 28 August 2000 New security vulnerability: 13-year-old 'r00ts' popular polynomial (Leonard Richardson) Pretty Good Bug found in Windows versions of PGP (Declan McCullagh) Two cables (Doneel Edelson) Four of the 13 root servers used by Network Solutions (Dave Farber) Court says FBI has been given too much wiretap power (NewsScan) "Free" e-mail accounts and passwords exposed for a month (Peter Kaiser) Hotmail blows it badly? (Jay R. Ashworth) Possible Y2K bug strikes UK Egg Bank (Ralph Corderoy) More risks of filtering software (David Goddard) Risks of Eurdora 4.x (David Sedlock) "Verify your age with a credit card": more than $188M fraud (Lenny Foner) Re: Airline E-tickets (Adam Shostack) Re: Hoaxes: when will they ever learn (Eric Murray) Re: SSL Server Security Survey (Sean Eric Fagan) Re: mechanical and human failures in Toronto (Mark Brader) RISKS 21.04 Monday 11 September 2000 Identity theft (PGN) Government computers at risk (NewsScan) Satellite system outage hits Associated Press (Keith A Rhodes) Puerto Rican capital without power (Doneel Edelson) New Pentium III chip recalled (NewsScan) CSX crew spots problem signal, averts collision (Chuck Weinstock) F-117 stealth fighter in near-miss with UAL jet (PGN) Fake air controllers alert in UK (Joe McCauley) Swissair 111, TWA 800, and Electromagnetic Interference (Fred Ballard) D.01: off by x100 stock prices (Bob Blakley) Western Union Web site hacked (Keith A Rhodes) FBI arrests Emulex hoax suspect in Calif. (NewsScan) Glitch at Amazon.com exposes e-mail addresses (Keith A Rhodes) Windows NT/2000 "Lock Computer" allows palm sync (Avi Rubin) 1,000 system updates??? (Scott Rainey) Risks of partially updated Web pages (Daniel P.B. Smith) Re: Major security hole ... (Chris Adams, Michael Loftis) Re: Your TV is talking to your bracelet (George Weaver) PFIR statement on government interception of Internet data (Lauren Weinstein) REVIEW: "Big Book of IPsec RFCs", Pete Loshin (Rob Slade) 2001 IEEE Security and Privacy Symposium (Jon Millen) RISKS 21.05 Wednesday 20 September 2000 Qualcomm CEO's laptop vanishes, containing corporate secrets (NewsScan, David Lesher) Computers shut down aircraft engines in flight (Mike Beims) Russian troops block power shutoff (Doneel Edelson) OPEC site hacked (Mike Hogsett) Navy carrier to run Win 2000 (Mike Ellims) Re: Windows NT/2000 palm sync (Avi Rubin) Re: Identity theft (Carl Ellison) Re: D.01: Off by x100 (Terry Carroll) Re: New Pentium III chip recalled: typo (Gideon Yuval) Risks of using HTML Mail and HTTP proxy "censorware" together (Dan Birchall) Concorde crash report (Peter Kaiser) Computerized air-conditioning risks (Pere Camps) ``Netspionage'' is the real security threat on the Net (NewsScan) Hackers offered $10,000 bait (NewsScan) A subtle fencepost error in real life (Andrew Koenig) New credit-card solution? (Joshua M Bieber) Reconstructing Privacy - Conference Announcement (Gene N Haldeman) RISKS 21.06 Monday 25 September 2000 Australian online voting scores: no oohs 'n Oz? (Garry Allen) Youthful toothful (PGN) Concorde Problem Visibility (Peter B. Ladkin) Re: Concorde crash report (Zygo Blaxell) Ostrich Farming? (Pat St-Arnaud) Pentagon security gate goof, again (PGN) U.Wisconsin alters photo to add "diversity" to student body (PGN) Why software fails (Mike Lewis) Filtering, censorship, silence: Who owns the language? (Richard Schroeppel) Re: Decimalization and Ford Stock Splits (Timothy Prodin) Re: Identity theft (Martin Minow) Re: Qualcomm CEO's laptop vanishes (Camillo Sars) Re: Risks of using HTML Mail and HTTP proxy "censorware" together (J.D. Abolins) Artificial Intelligence strikes again (Rodger Whitlock) SBC Calling Card PIN (Conrad Heiney) RISKS 21.07 Saturday 30 September 2000 California DMV fosters identity theft? (PGN) Single points of failure and backup plans (William P.N. Smith) Control of Olympics news coverage (NewsScan) Tighter security poses a security threat (Ray Randolph) Cochise County election computer errors (Nicky L. Sizemore) The risk of identity theft (Amrith Kumar) De Fault is in Default (Charlie Shub) Re: AI strikes again (Perry Bowker, Zygo Blaxell) REVIEW: "CyberShock", Winn Schwartau (Rob Slade) RISKS 21.08 Wednesday 11 October 2000 50 million adults at risk for 'net illiteracy' (NewsScan) China announces new rules for Internet content (NewsScan) Italian police stop digital bank robbery (Meine van der Meulen) Computer-related sewage release into Massachusetts Bay (Jonathan Drummey) ISP whacks game fan with $24,000 bandwidth fine (Doneel Edelson) I've been dropped from a life-time membership (Leonard X. Finegold) Carnivore review team information leaked (PGN) What Bloatware is Not (Rick Downes) EMI, TWA 800 and Swissair 111 (Peter B. Ladkin) ABC newsradio network blocked during Olympics (Phillip Musumeci) The need for functioning IT environments (Thomas Roessler) Re: Why software fails (Jurek Kirakowski) Intel hasn't learned... (Steve Bellovin) Test Practitioner Syllabus: 17 Oct deadline for comments (Dorothy Graham) REVIEW: "Storming Heaven", Kyle Mills (Rob Slade) RISKS 21.09 Friday 3 November 2000 Air-traffic control woes (PGN) Aviation near-crashes in Kathmandu (Phil Carmody) Typo + "strange glitch" = private files world-readable (Michael Froomkin) Risks of an `uninterruptible power supply' (Ross Anderson) How to upset your customers (John Pettitt) Did I *really* request my password in plaintext? (Matt Stupple) Over capacity @Home (Dave Isaacs) Minister racks up $50,000 phone bill (Fergus Henderson) EZ-Pass discovers risk of sending URLs instead of actual text (Danny Burstein) Yet another daylight savings time problem... (Gordon Henderson) I'm falling back, and I can't get up. (Richard Glover) Worm risk multiplier (Jeremy) Re: Carnivore review team information leaked (Rob Warnock) Re: AI strikes again (Chris Meadows, Marcos) Re: U. Wisc altered photographs: They're not the only ones (Fredric L. Rice) Re: 50 million adults at risk for `net illiteracy' (K Parker) CFP: Risk Assessment & Policy Assoc. International Conference (John M. Gleason) RISKS 21.10 Tuesday 7 November 2000 Pennsylvania county wins $1M for faulty computer voting machines (David Banisar) Thoughts on computers in voting (Douglas W. Jones) Security of electronic voting in public elections (Avi Rubin) Saturn made a bad assumption in my engine (William Colburn) I crashed because my phone was ringing (Scott Gregory) Unplanned roll in NASA's X-38 (James H. Paul) *Lack* of barcode causes train to trap passengers (Jeff Stieglitz) No security in Internet-connectable laboratory instrument controller (Stephen D. Holland) Risk of using 'meaningful' file names (Charles Bryant) Re: Typo+"strange glitch"=private files world-readable (Steve Summit) REVIEW: "Virus Proof", Phil Schmauder (Rob Slade) RISKS 21.11 Wednesday 8 November 2000 Did a human factors problem affect the U.S. presidential election? (Steve Bellovin) More on Florida in this and previous elections (PGN) E-voting as a panacea for Florida count? (Jeremy Epstein) CNN: E-voting could have prevented U.S. election chaos (Evan McLain) "REALITY RESET": "Hacking the Vote" (Lauren Weinstein) Web sites report exit poll results before networks do (NewsScan) Political dirty tricks, cyber-style (NewsScan) Vote auction Web site moves operations overseas (NewsScan) UK air-traffic control problems (PGN) Indianapolis FAA route center running on generators for a week (Nathan Brindle) Raccoon power outage over the weekend (Dan Ellis) Researchers able to defeat digital music security measures (NewsScan) Verisign and MS authenticode (Carl Byington) Microsoft Web site vandalized (NewsScan) The latest in anti-spam technology (Greg Compestine) Re: EMI, etc. (Pete Mellor) 2001 USENIX Annual Technical Conference - Call For Papers (Andrea Galleni) RISKS 21.12 Saturday 11 November 2000 Sanity in the Election Process (Lauren Weinstein and Peter Neumann) Statement by Don A. Dillman on Palm Beach County Florida Ballot (Rob Kling) Florida vote counts (PGN) The end of the Multics era (PGN) Excessive bounce activity and lost messages (PGN) RISKS 21.13 Sunday 3 December 2000 Perspective on election processes (PGN) A better election process? (Dave Stringer-Calvert) Australian Internet cable severed (Dave Farber) CIA secret chat room investigated (PGN) McAfee VirusScan update crashes Windows (PGN) Ticking time bomb in buffer overflow (Jonathan Hayward) Re: The end of the Multics era (Tom Van Vleck) I am glad about the quality of my driver's license photo (Joel Garry) Re: Engine cutouts (Paul Nowak) REVIEW: "Practical Firewalls", Terry William Ogletree (Rob Slade) RISKS 21.14 Tuesday 12 December 2000 Internet and Electronic Voting (PGN Rebecca Mercuri Lauren Weinstein) Re: Perspective on election processes (Ben Laurie) Arizona Motor Vehicle counterfeiting rings (Paul Nowak) Seattle Hospital Hacked (Lauren Gelman) A new Chinook inquiry? (Mike Ellims) Another Osprey crash (PGN) Space Station risks (Ben Hines) comp.risks considered harmful -- by some (Thomas Roessler) REVIEW: "Hack Proofing Your Network", Ryan Russell et al. (Rob Slade) RISKS 21.15 Weds 20 December 2000 Wells Fargo computer network outage (PGN) ATM network for voting: a non-starter (David Jefferson) Re: Voting by machine (Fred Cohen) Alaska Airlines flight 261 (Jim Horning) NY State DMV canceling auto registrations (Danny Burstein) Another DMV Break-in, in Oregon (PGN) Healthcare data bank contains inaccurate and flawed information (Mike Beims) Germany to rely on on-board diagnostics for vehicle emission checks (Bernd Felsche) High reliability (Adam Shostack) Electrocution leads to more deaths (Martin Minow) Spam as a denial of service attack? (Steve Bellovin) Re: Seattle Hospital Hacked (Lynda Ellis) Computers, Freedom, and Privacy CFP2001 Call for Participation (HIIP) RISKS 21.16 Tuesday 26 December 2000 Power cut blocks emergency calls (Stuart Lamble) Important message from egghead.com CEO (Egghead.com) Security advisories becoming less open? (Chris Adams) Another tidbit about the new Microsoft advisory format (Richard M. Smith via Brian) Making something look hacked when it isn't (Richard J. Barbalace) The risk of a seldom-used URL syntax (Rob Warnock) Intelligence risks of e-mail auto-responses (Dan Birchall) Re: Voting by machine (Tony Finch) Re: ATM network for voting: a non-starter (Jeremy Epstein, Barry Margolin, Bill Stewart) Re: High Reliability (Matt Jaffe) Re: Another DMV Break-in, in Oregon (Simson L. Garfinkel) Re: Seattle Hospital Hacked (Todd Wallack, Kevin L. Poulsen, Jonathan Thornburg) RISKS 21.17 Tuesday 26 December 2000 Martin Minow (PGN) Australian Ansett B767 fleet grounded due to maintenance breaches (Mike Martin) Interference forces RAF to abandon ILS (David Kennedy) Risks of automatic firmware upgrades (Marc Roessler) IBM and Intel push copy protection into ordinary disk drives (John Gilmore) CERT's ActiveX security report (Richard M. Smith) Privacy/quality risks in Quicken Online Billing (Clay Jackson) Credit report lists ex-spouse's address (Beth Roberts) Wanna know my salary ? (John C Haselsberger) Re: Spam as a denial of service attack? (Steve Wildstrom) Armageddon scenario near-miss (Scott Rainey) RISKS 21.18 Thursday 4 January 2001 Revenge of Y2K, Norwegian trains halted 31 Dec 2000 (Jan L) 7-Eleven unable to process credit cards since 1 Jan 2001 (Steve Hutto) Y2K+1 bug in Sharp Organizer? (Philip Berman) Power cut hits hundreds of millions in India (Edelson Doneel) Repeated computer outages for Swedish bank (Ulf Lindqvist) Telephone outage caused by water-main break (Glenn C. Lasher Jr.) Computer blamed for Russian rocket crash (Peter Neumann) Chinook: key facts ignored by those who want to clear pilots (John O'Connor) CIOs: "What, Me Worry?" (NewsScan) Automatic firmware upgrades in home electronics (Andrew Klossner) Hackers hack science exam (Winn Schwartau) Re: Seattle Hospital Hacked (Daniel Theunissen) Re: IBM and Intel push copy protection ... (Patrick P Gelsinger) Re: IMPORTANT MESSAGE FROM EGGHEAD.COM CEO (Gary Lawrence Murphy) Re: The risk of a seldom-used URL syntax (Crispin Cowan) The top 10 privacy stories of 2000 (Richard M. Smith) Stefan Brands: PKI, digital certificates, and privacy (PGN) Submission Deadline for USENIX Security Symposium, 1 Feb 2001 (Monica Ortiz) Call For Papers - RAID'2001 (Giovanni Vigna) RISKS 21.19 Tuesday 9 January 2001 Security at UK nuclear power stations (Brian Randell) Re: Revenge of Y2K, Norwegian trains halted 31 Dec 2000 (Bob Dubery) Motorola flex non-non-non-leap year (Dan Jacobson) Millennium error in Postscript calendar (Eric Lindsay) Two satellite failures (Peter B. Ladkin) Teen intercepts MD's pages, makes medical orders (Terry Carroll) Dutch Railways to introduce electronic access/ID card (Marcus de Geus) Risks of "upgrades" and network-centric applications (Jay R. Ashworth) Re: Chinook (Phil Payne, Ryan O'Connell) Re: CIOs: "What, Me Worry?" (Mark Hull-Richter) Re: Egghead.com (Jonathan Kamens, Mark Hull-Richter) Re: Y2K+1 bug in Sharp Organizer (Philip Berman, Jonathan Kamens) Re: IBM and Intel push copy protection (David Collier-Brown) Security white paper (Gene Spafford) RISKS 21.20 Saturday 13 January 2001 Dell, Unisys and Microsoft -- DUMvoting 1.0! (Gene N Haldeman) San Francisco Airport radar phantom flights (PGN) Cell phone in luggage alarms avionics (David Kennedy) Testimony before the U.S. Civil Rights Commission (Douglas W. Jones) No human finger will actually pull a trigger... (Daniel P. B. Smith) Swiss debit-card system broke down (Andre Oppermann) Subject: Re: The Chinook Crash (Peter B. Ladkin, Mike Beims) Armchair Chinook RISKS analysis is misplaced (Nathan K. Pemberton) Since when is Northern Ireland considered a war zone? (Chris Warwick) Oregon Jurors summoned for 1901 (Aydin Edguer) Y2K bug in Millennium clock (Mike Palmer) Re: 54 weeks in a year? ('o-Dzin Tridral, Paul van Keep) RISKS 21.21 Thursday 25 January 2001 RISKS moved to new mail server and list server program (Mike Hogsett) Look ahead + Cache == oops (Lindsay Marshall) QP -> UL? (Mark Brader) Osprey: A Spree? Us pray? (PGN) Travelocity exposes customer information (Monty Solomon) Network Solutions exposes e-mail addresses (Name withheld by request) Microsoft websites blacked out -- but what happened? (Declan McCullagh) 401k mixup (Jeremy Epstein) Risks of owning a cute domain name (Griffith) Interesting Web risk (Lindsay F. Marshall) Re: Organiser Bugs (Peter B. Ladkin) Two-billion-dollar theft (S Harris) Another Y2K+1 glitch -- sorta (George C. Kaplan) Re: Millennium error, or "something like that" (Amos Shafir) Re: 54 weeks in a year? (Espen Andersen, Bob Dubery, Markus Kuhn, Stan Sieler) RISKS 21.22 Friday 26 January 2001 Software crash hits Canadian grocery chain (Aaron PooF Matthews) Aircraft had near-miss in Finland (Michael Walsh) UK Trials of GPS controlled car speeds (Steve Loughran) Theft of vehicle leads to robbery at home (D. Joseph Creighton) Bank robber nabbed by GPS (Roger H. Goun) B of A Visa Y2K glitch? (Ethan McKinney) Risks of shortcuts in user interfaces (Austin Donnelly) Cross-site scripting still a threat (Michael Sims) HotMail blocking users from e-mailing Peacefire (Bennett Haselton) Network vandal attacks Microsoft sites (NewsScan) Hacker indicted for network vandalism (NewsScan) Sex-offender Web sites are insecure (Monty Solomon) Remote disabling of satellite TV receiver smart cards (Jeremy Epstein) Shoppers seize unauthorized discounts at Macys.com (Monty Solomon) Re: Palm Pilot Security (Mitch James via Dave Stringer-Calvert) Clone phones with help from AT&T (Nikita Borisov) Re: Chinook (Lloyd Wood, Ken Garlington) Expanding on an urban legend (Danny Burstein) Re: "Security holes protect your equipment from theft" (Daniel P. B. Smith) Re: Risks of mail auto-reply (Jerrold Leichter) Hotmail declines to accept new users with reserved words in last names (Robert Rossa) ACM1 Message for RISKS Subscribers (Lillian Israel) RISKS 21.23 Tuesday 30 January 2001 Satellite strike blows away DirectTV pirates (PGN) Senators critical of videogame violence (NewsScan) Could someone die from spam/relay rape? (Sanner) Hackers hit U.S., U.K., Australian government sites (Keith A Rhodes) Risks of pharmacy computer systems (Isaac Hollander) Receipts for Voting Machines (Douglas W. Jones) Flight data recorder in your car's airbag (David Collier-Brown) Re: Aircraft had near-miss in Finland (Michael Walsh) Re: The Chinook Crash (Simon Pickin) Re: Organiser Bugs (Tyler, Mike Cepek) Re: Risks of owning a cute domain name (Terry Carroll) Seeing Y2K bugs everywhere (Andrew Klossner) Re: 54 weeks in a year? (Lawrence K. Chen, Nick Brown)) Re: UK Trials of GPS controlled car speeds (Derek Ziglar, Brian Clapper, Andres Zellweger, Harlan Rosenthal, Peter Houppermans) Symposium on Requirements Engineering for Information Security (Gene Spafford) RISKS 21.24 Thursday 15 February 2001 Calligraphy, computers, and Chinese culture (NewsScan) Lost pet fees cost Toronto $700,000 (Perry Bowker) Network Solutions Sells Out -- Domain Info For Sale to Marketers (Lauren Weinstein) Hacker defends his vandalism, blames the victims (NewsScan) AnnaKournikova worm (rcooper) It's the wolf! It's the wolf! (David G. Bell) Osprey crash involved "software fault" (Peter B. Ladkin) Privacy on New Zealand golf Web site (Gavin Treadgold) Risks of outsourcing: you can bank on it! (Cris Pedregal Martin) Microsoft Hotfix undoes previous good (Graham Bell) SiteGuest.com: Unauthorized e-mail address capture whilst browsing (Stewart C. Russell) The very friendly skies of United? (Steve Bellovin) Risks inside my Jan 2001 American Express bill (Thomas Maufer) Domain name mismatch family feud (James Ryan) RISKS of anticipating computer problems (Eric Nickell) Satellite strike blows away DirectTV pirates (Serguei Patchkovskii) RISKS 21.25 Wednesday 21 February 2001 Millennium bug in travel agent system (Debora Weber-Wulff) Again: German government plans extensive surveillance (Stefan Kelm) Are free ISPs free? Juno says users must donate processor time (Lenny Foner) The old ones are the best ones: Hidden info in MS Word documents (Paul Henry) Modem misdialing seemingly at random (Chiaki Ishikawa) On paper-size standards (Andrew Klossner) More on the Friendly Skies of United (Steve Bellovin) Re: Risks inside my Jan 2001 American Express Bill (Paul Green) Re: SiteGuest unauthorized address capture (Jean-Jacques Quisquater) Re: Organiser Bugs (Dennis Parslow, Peter B. Ladkin) Re: It's the wolf! It's the wolf! (Martin Jost, Andrew Jackson) When will they EVER learn? (Geoff Kuenning) REVIEW: "Building Internet Firewalls", Zwicky/Cooper (Rob Slade) RISKS 21.26 Monday 5 March 2001 Smart bombs miss again (Lord Wodehouse) Air gaps (Bruce Schneier) Bibliofind exposes lots of credit card data they shouldn't have had (Lenny Foner) TurboTax potential overstatement of gross income (Richard Mason) Risks of buggy cell phone networks (Kragen) SETI@Home felled by a Single Point of Failure (Malcolm Pack) Passwords don't protect Palm data, security firm warns (Yves Bellefeuille) Risks of laptop anti-theft devices (Tony Yip) Where does NAVSTAR say we are, again? (James Paul) Beware assumptions about keyboard layouts... (Perry Pederson) Re: On paper-size standards (Gideon Sheps) REVIEW: "Tangled Web", Richard Power (Rob Slade) RISKS 21.27 Thursday 15 March 2001 Stockholm power outage hits high-tech companies (Ulf Lindqvist) New USB Army 'Land Warrior' tech connects the next cybertoys (Bob Frankston) In Japan, do trains check for drivers? (Joyce K Scrivner) UCITA implements DoS and DDoS Vulnerabilities (Warren Pearce) Moon-landing-hoax hoax (Dave Stringer-Calvert) Mistaking list for scalar context brings cops (Jamie McCarthy) Fairfax, VA Police records public (Dan Graifer) Risks of would-be copper thieves (Gregory Soo) Yahoo! Mail translates attachments (Bob Frankston) More on Bibliofind (Lenny Foner) Re: Air Gaps (M.S. Jaffe) Re: Smart bombs miss again (Dave Aronson, Randy Davis) Re: NAVSTAR (PGN) Re: SETI@Home felled by a single point of failure (George C. Kaplan, Mary Schafrik) Re: When will they EVER learn? (Gideon Sheps) Re: Palm passwords aren't... (Peter Houppermans) Don't risk missing the Parnas Symposium at ICSE 2001! (David Weiss) RISKS 21.28 Tuesday 20 March 2001 Arsta train crash might have been caused by a safety-critical error (Anton Setzer) Lax security found in IRS electronic filing system (Dave Stringer-Calvert) Dow Jones Industrial Average reported at 0.20 (Lindsay F. Marshall) More on the importance of safeguarding private crypto keys (David Kennedy) Risks of self-induced false alarms (Graystreak) Using automation software without accounting for possible scenarios (Tony Yip) Another "secure" e-book seems unlikely (Moz) The risks of accidentally becoming a customer for life (Jim Youll) NSF study: "Internet Voting is no 'Magic Ballot'" (Terry Carroll) On-line elections (Sarr Blumson) Smart Bombs - Old Story (Bruce E. Wampler) Re: Smart bombs miss again (Richard Schroeppel, Christophe Augier, Pekka Pihlajasaari, Michael Nelson, Bill Stewart, Wm. Randolph Franklin) RISKS 21.29 Friday 23 March 2001 Identity theft: Forbes-ing a head? Indiana University penetration raises fears of identity theft (Keith A Rhodes) Serious new CA Drivers License ID RISK (Peter V. Cornell) Faulty radar prompts FAA inspections and remediations (Keith A Rhodes) Bogus Microsoft Corporation digital certificates from Verisign (Jeff Savit) Your PGP E-Hancock can be forged (Monty Solomon) Czech PGP flaw tech details (David Kennedy) Politically correct: DoE is slow to warn of computer virus (David Farber) Nokia cell phone trivially easy to unlock (Eric Hanchrow) Hacker sentenced to hacking (Jeremy Epstein) Government, school sites link to porn (Dave Stringer-Calvert) Yahoo! Mail translates attachments (Matt Curtin) Re: Air gaps (Fred Cohen) Re: MIT/Caltech voting study (Paul Terwilliger) German armed forces ban MS software, citing NSA snooping (Pete McVay) MS Word: Ohm, SaveAs Watt (Kevin Rolph) Workshop CfP: Security and Privacy in Digital Rights Management 2001 (Tomas Sander) RISKS 21.30 Monday 26 March 2001 Electronic tax filing problems blamed on 'user error' (PGN) Cyber surfers caught by fishing nets (Tin Tin) RISKS of rodent teeth (Gregory Soo) Identity Theft -- a personal experience (name withheld) Re: California Drivers License as ID for banks (John McCalpin) Re: "Internet Voting is no 'Magic Ballot'" (Douglas W. Jones) Verisign certificates problem (Roy Sinclair) When security is based on trust (Michael Sinz) Re: Aasta train crash ... safety-critical error (Tor-Einar Jarnbjo, Dave Aronson) IEEE *Software* Special Issue on Building Software Securely (Anup Ghosh) RISKS 21.31 Sunday 1 April 2001 Windows 2000 source code (Mark Thorson) Foot-and-mouth virus propagation (PGN) Upcoming time-change risks (Alan Wexelblat) More self-inflicted defense difficulties (PGN) Classification of the Three Mile Island accident (Andrew Raybould) Re: German armed forces ban MS software (Ralf Bendrath) What they can do with your SSN (Ian Macky) Re: Serious new California drivers license ID risk (Tom Goltz, John Noble) Book: Security Engineering, Ross Anderson (PGN) Invitation to the First "PFIR Future of the Internet Workshop" (Lauren Weinstein) RISKS 21.32 Monday 2 April 2001 Future Mac Viruses? (PC Rescue) The cost of Windows virus (Joaquim Baptista) Risks of auto-updating software (Alan Wexelblat) Dutch police fight cell theft with text 'bombs' (Thomas Dzubin) Cellphone text bombs (Conrad Heiney) Approved posts to large listservs (Paul Hessels) MSN "upgrade" creates long-distance calling (Steve Holzworth) Re: Hidden info on MS Word documents (Joaquim Baptista) Hidden highway robbery within Terms of Use contracts? (Michael Sinz) EoExchange shuts down services without warning, customer data lost (Derek Ziglar) Re: "Internet Voting is no 'Magic Ballot'" (Jay R. Ashworth, Jurek Kirakowski) Re: Bogus Microsoft Corporation digital certificates (Peter da Silva, WBH) Re: Verisign certificates problem (Camillo Sars) Re: Aasta train crash (Dag-Erling Smorgrav) Re: Serious new CA Drivers License ID RISK (Jim Horning, John Rickenbrode) RISKS-21.33 Sunday 8 April 2001 Software direct cause of December 2000 Osprey crash (Peter B. Ladkin) Computer cords used in escape from police custody (Ulf Lindqvist) WRQ/Reflection and DST (Marc W. Mengel) Dutch government report on privacy (Peter Fokker) Proposed "open" development of voter data standards launched (David Marston) Re: MS Word: Ohm, SaveAs Watt (Markus Peuhkuri) Re: Windows 2000 source code (Dave Aronson) Re: April Fools items (Ursula Martin) Re: When security is based on trust (Ken Cox) What's in you server room? (Audun Arnesen Nordal) Re: tax returns (Wendy Grossman, Paul Ward) Re: identity theft (Chris Viles) RISKS 21.34 Wednesday 11 April 2001 MIT'S cathedral of learning: online and free (NewsScan) Modern Times, II (jhaynes) Careful with that e-mail! (Lord Wodehouse) Risks of appearing in rec.humor.funny (Jim Griffith) Re: Risks of auto-updating software (L. P. Levine) More on Yahoo mail's anti-virus attachment translation (Kirrily Skud Robert) Re: Bogus Microsoft Corporation digital certificates (Nick Brown) Summertime blues (Lord Wodehouse) Re: Upcoming time-change risks (Derek Ziglar) Another Silly Date Problem (Peter B. Ladkin) Re: Dutch police fight cell theft ... (Zygo Blaxell, Christian Bartsch) Re: Cellphone text 'bombs' (Peter Chuck) Re: Future Mac Viruses? (Craig S. Cottingham, Paul Hessels) Re: "Internet Voting is no 'Magic Ballot'" (Julian White, Jay R. Ashworth) Bathtub Burnout (Rebecca Mercuri) Auto-updating and ReplayTV (Alan Wexelblat) RISKS 21.35 Monday 23 April 2001 Reliance on Automation "Top Risk" (Peter B. Ladkin) Kew Public Records Office data input problem (Pete Mellor) Never rely entirely on technology... (Peter Houppermans) You've Got Mail ... From The Admissions Office! (David Tarabar) Server 54, Where Are You? (Jack Burke) Hi-tech toilet swallows woman (Gareth Randell) Denial of Tax Service (Rebecca Mercuri) E-mail address ID theft (A.E. Brain) Sabotaged phone lines + stolen credit cards = safety in theft (Simon Carter) Security flaw found in Alcatel's high-speed modems (Monty Solomon) Alcatel admits more than they meant to (Mike Bristow) Web-enabled air conditioners (Alpha Lau) Risks of sorting time alphabetically (Marcos H. Woehrmann) Using Palm VII's to give traffic tickets (Ian Jordan) More on UCITA (Warren Pearce) Re: Aasta Train Crash (Magne Mandt, Merlyn Kline) Re: Risks of Hidden highway robbery ... (Will Fletcher) Viewers lament incredible shrinking Ultimate TV (Monty Solomon) Do prescription records stay private when pharmacy stores are sold? (Monty Solomon) New flashlight sees through doors as well as windows (Monty Solomon) Windows patchwork (Jay Levitt) REVIEW: "Securing Windows NT/2000 Servers for the Internet", Norberg (Rob Slade) RISKS 21.36 Wednesday 25 April 2001 Computer system crash stalls D.C. Metro (PGN) UPS Shutdown (Kent Borg) Trial by CCTV (M Taylor) Risks of fabricating funny data (Bill Hopkins) Foreign Flimflam (Keith A Rhodes) Wireless Spam (NewsScan) Slack goes when California DMV gains access to SSA database (Elizabeth Weise) U.S. Government cyberdefense lacking (Dave Stringer-Calvert) Errors in AFFX GeneChip Database (Gregory Soo) 35,000-pound hacking challenge cracked (Jay Anantharaman) Microsoft's wonderful solution for Outlook security (Dave Stringer-Calvert) Re: Amtrak 'Sharing' Information With D.E.A. (John Noble) Re: Aasta train crash (Dag-Erling Smorgrav) Re: V-22: Titanium properties (Edwin M. Culver) Bathtub Burnout (Jan Verbrueggen) Re: Hidden highway robbery within ... contracts? (Norman Gray) Risks of using filtering proxies (Marc Roessler) Power safety (Marcus L. Rowland) First Workshop on Information Security System Rating and Ranking (Jack Holleran) RISKS 21.37 Thursday 3 May 2001 Microsoft Is Set to Be Top Foe of Free Code (David Farber) DMCA: It's Like ... an Analogy Fest! (Monty Solomon) Recording industry threatens researcher with lawsuit (NewsScan) Hack attacks from China? (NewsScan) Space Station software problems predicted four years ago (Philip Gross) Incompatibility shuts down Xerox corporate network (Nelson H. F. Beebe) Destia shuts down service (Doneel Edelson) Mobile phones to prevent car theft? (Yerry Felix) CNN censors profane Webby nominee (Jim Griffith) Another problem with the DNS (Bob Frankston) MS security updates infected with virus (Dave Stringer-Calvert) Microsoft error message (Jean-Jacques Quisquater) Using calendar reminder service to remember anniversary of sad event (Elinsky) Risks of Net-connected appliances (Robert J. Woodhead) Re: MSN "upgrade" creates long distance calling (Steve Holzworth) The follow-on to James Bamford's *Puzzle Palace* (David Farber) Definitions for Hardware and Software Safety Engineers (Meine van der Meulen) RISKS 21.38 Wednesday 9 May 2001 Partial Causal Analysis of the December 2000 Osprey Accident (Peter B. Ladkin) Lucent workers charged with selling secrets to Chinese (NewsScan) Citibank's meaningless privacy notice (Vassilis Prevelakis) Fox... hen house... (Hendrik) Bluetooth risks airline safety? (Tom Worthington) RISKS 21.39 Friday 11 May 2001 U.S. Air Force blasts Outlook security patch (Yves Bellefeuille) Univ. Virginia prof uses computer to catch cheaters (Richard Kaszeta) Potential timestamp overflow on 9 Sep 2001 (Don Stokes) Excel-lent leaks (Christophe Augier) Foolish wireless network access policies and spam engines (Thor Lancelot Simon) Cops say teen concocted radio calls (Steve Hutto) The RISKS spam crossover has finally taken place! (RISKS) DMV screws up on licenses (PGN) To drive or to avoid identity theft: mutually exclusive? (Brett Glass) Re: Recording industry threatens researcher (Douglas W. Jones) 16th Annual Software Engineering Symposium 2001 (Carol Biesecker) RISKS 21.40 Sunday 13 May 2001 Word file turns into two disjoint texts (Clive Page) Check everyone's Vodafone voicemail (Andrew Goodman-Jones) Car 54, where are you? (David Lesher) Euro risks, part 1 (Paul van Keep) Euro risks, part 2 (Paul van Keep) Thieves R Us (Mike Godwin via Dave Farber) Re: Citibank's meaningless privacy notice (Zygo Blaxell) Re: Using calendar reminder service ... (Nikita Borisov) Re: MSN "upgrade" creates long distance calling (Bob Frankston) Risks of not monitoring field-deployed systems (John Connor) Re: UPS Shutdown (Diomidis Spinellis, Chris Smith) RISKS 21.41 Wednesday 23 May 2001 A Hard Left-Cruise Ship's Autopilot blamed for sharp turns (Kelly Bert Manning) Another backhoe reminder (Bernd Felsche) New Bell Canada service: free calls (Dave Isaacs) The Faith-Based Missile Defense (What's New via David Farber) Time to bury proposed software law (Dan Gillmor via Monty Solomon) NZ Electoral Web Site (Richard A. O'Keefe) Osprey, cont'd (Peter B. Ladkin) Our software is *never* wrong (Erann Gat) Risks in scuba equipment (Carl Page) More on that college network/spam (Danny Burstein) Apple Powerbook 'bomb' shuts Burbank airport (Monty Solomon) Re: Space Station software problems predicted four years ago (Bob Frankston) The new Taiwan $1000 bill got the globe backwards (Dan Jacobson) Police frequencies and fake calls (William Colburn) Power safety (Marcus L. Rowland) Ship to Internet (Donn Parker) 2002 ACM Symposium on Applied Computing: SAC '2002 (Cliff Jones) RISKS 21.42 Friday 25 May 2001 Thought-provoking book on software: David Parnas (Jim Horning) Software Engineering, Dijkstra, and Hippocrates (Michael L. Cook) Lost train (Debora Weber-Wulff) Aimster vs. the recording industry (NewsScan) Converting Pi to binary: DON'T DO IT! (Keith F. Lynch via Russ Perry Jr.) ``The Wind Done Gone'' ban done gone -- with abandon, gone (PGN) FBI arrests dozens for Internet fraud (NewsScan) What they know or don't know about you! (Monty Solomon) EU considers retaining *all* telecom traffic (Dave Weingart) CERT subjected to "just another attack" (NewsScan) Great DoS attack for cell phones (Robert Moskowitz) Office XP modifies what you type: Peter Deegan in Woodyswatch (via Jonathan Arnold) Weatherbug (James Garrison) 37% of programs used in business are pirated (NewsScan) RISKS 21.43 Tuesday 29 May 2001 Xcel Energy wants to close Denver call center (William Kucharski) Topeka KS water treatment outage (Jerry James) WA public schools switching to risky new system? (Phil Kos) The World Bank meets on the Internet (Andres Silva) Eurocops want seven-year retention of all phone, Net traffic (Hawkins Dale) McDonald's testing cashless payments (NewsScan) Re: The Faith-Based Missile Defense (Brian Clapper) Re: Parnas's book on software (John Graley) Bugless = utopia (Andrew Fleisher) Another fear of Risks (Bob Frankston) Re: Word file turns into two disjoint texts (Jeanne Sheldon) REVIEW: "Demystifying the IPsec Puzzle", Sheila Frankel (Rob Slade) RISKS 21.44 Monday 4 June 2001 House Science Committee hearings on voting systems (Douglas W. Jones) Swimming-pool changing cubicles (Alan Barclay) Insurer considers Microsoft NT high-risk (Oleg Broytmann) UK Government Gateway blocks non-MS browsers (Chatan Mistry) The risks of clueless marketing (Greg Searle) Computer-generated mail -- too easy to fake? (David G. Bell) Forgery attempt -- risk of identity theft (David Lesher) Sex-offender database risks (RISKS) Crash leaves disabled riders stranded (Jeremy Epstein) BT upgrade: The best laid plans... (John Sullivan) Re: Software Engineering, Dijkstra, and Hippocrates (Scot Wilcoxon, Richard I Cook) Re: EU considers retaining *all* telecom traffic (Michael Weiner) Re: NZ Electoral Web Site (Richard A. O'Keefe) Re: Another Backhoe Reminder (Arthur Marsh) Re: WeatherBug and Gator (David Crooke) Re: 37% of programs used in business are pirated (Jurek Kirakowski, Merlyn Kline) More SMS SPAM (Simon Waters) Re: Lost train (Mark Brader) RISKS 21.45 Wednesday 6 June 2001 Ed Felten and researchers sue RIAA, DoJ over right to publish (Declan McCullagh) Billboard error message (Phil Agre) California bill prohibits online gambling (Jim Griffith) Dutch government to act against virtual child pornography (Marcus de Geus) Payday delayed by one day in Belgium (Kris Carlier) Mobile phones to manage truancy - and other free publicity (Nick Brown) Inevitability of risks (Mick Topping) Re: The Faith-Based Missile Defense (S. Alexander Jacobson) Re: Eurocops want seven-year retention of all phone, Net traffic (Morten Norman) Re: Our software is *never* wrong (Scott E. Preece) WSJ/Word change tracking/"MS Tool Lifts Veil on Spin" (Daniel P. B. Smith) Re: Word file turns into two disjoint texts (Lloyd Wood) Steve Gibson: Windows XP Vulnerable; Big ISPs just don't care (Chris Meadows) Re: Office XP modifies what you type (Bear Giles, LShaping) Re: "Hacker Insurance" charges higher rates for Windows systems! (Elana) Re: UK Government Gateway blocks non-MS browsers (David G. Bell) 10th USENIX Security Symposium (Tiffany Peoples) Announcement - 16th Annual Software Engineering Symposium 2001 (Carol Biesecker) RISKS 21.46 Tuesday 12 June 2001 Another NY Stock Exchange outage (PGN) California power grid hacked (PGN) PC parrot drives firemen crazy (Merlyn Kline) Computer reports unreported wreck (Chris Norloff) U.K. plans mandatory IP indoctrination for children (Cluebot via Declan McCullagh) Re: Billboard error message (Robert Meineke, Rick Prelinger, John Dallman) Re: Risks of clueless marketing (Jamie McCarthy) Re: Steve Gibson: Windows XP Vulnerable; Big ISPs just don't care (Mike Nuss) Re: Steve Gibson's report and Windows XP "Vulnerabilities" (David Crooke) They're at it again: Internet Explorer Smart Tags in WinXP (Stef Maruch) Re: Office XP modifies what you type (Andy Newman, Jay Jennings) Microsoft, 'Mitigating Factors' and Public Relations (Jackson Ratcliffe) Broken shopping carts (Steve Loughran) How to avoid Internet interruption at AAS meeting (Clive Page) There's no such thing as software `piracy' (Fred Gilham) Re: Another fear of Risks (James K. Huggins) Re: McDonald's testing cashless payments (Jeffrey Jonas, John R Levine) Credit where it isn't due (William Paul Fiefer) RISKS 21.47 Wednesday 13 June 2001 Computer train trauma (Lord Wodehouse) Elevator emergency override drowns woman (Daniel Norton) ATM network center flooded (Daniel Norton) Supreme Court ruling on thermal-imaging scanners (PGN) And you thought Keith Lynch was kidding! (PGN) DoD declares unclassified hard drives no longer need be destroyed (PGN) Risks of URL-forwarding services (Justin Mason) New technology for sneaky advertising (Greg Searle) ScanMail's "sophisticated" filtering blocks PRIVACY Forum Digest (Lauren Weinstein) Risks of heuristics and marketers (Dan Birchall) Re: Dutch government to act against virtual child pornography (George Dinwiddie) Security notice for recent EarthBrowser purchasers (Matt Giger via Ben Laurie) Excel date munging: what a difference --four years and-- a day makes (Tom Walker) Dead men produce no documentation (Kirt Dankmyer) REVIEW: "Inside Internet Security", Jeff Crume (Rob Slade) RISKS 21.48 Monday 18 June 2001 Unexpected network congestion: remote consequences of Seti@Home (Steve Loughran) Site puts private cell calls on Web (Bruce Hamilton) European Commission "Net-security" site invaded by hackers (Declan McCullagh) Formula 1's string of control-system failures (Stellios Keskinidis) A320 Incident (Peter B. Ladkin) Re: Computer train trauma (Philip Nasadowski) Lincolnshire University offers first course on rail disasters (Tom Van Vleck) NYSE: "Throw up your hands and reboot" (Chris Norloff) Re: Billboard error messages (David M Chess) Response to LWN's statement about Linux security costs (Kevin Postlewaite via Gerrit Muller) Windows XP adds its own links (George C. Kaplan) Re: Office XP modifies what you type (Andy Newman, Gerard A. Joseph) Re: Steve Gibson's and Windows XP (Chris Dodd) Re: The risks of clueless marketing (Tony Martin-Jones) Re: And you thought Keith Lynch was kidding! (Phil Carmody, Paul Ward, Ken Knowlton) On the deceptiveness of pop-under ads (ocschwar) RISKS-21.49 Monday 18 June 2001 Passive radar? Removing the cloak of invisibility (What's New via Dave Farber) Therac Returns: Data-entry errors kill five patients in Panama (Allan Noordvyk) WashingtonPost.com real estate database (Nick Laflamme) ebates.com installs Java program on users computer (Bill Tolle) Risks of peer-to-peer in the office (Alpha Lau) PCs used as cash registers (Nick Brown) Software "worm" searches your computer for pornography (NewsScan) Conflicting sensors placed on different parts of the line (Robert Gordon) New world disorder? (Mike Coleman) Security vulnerability databases (Uwe Ohse) Yet another e-commerce error (Leonard Erickson) Re: PC parrot: telephone bird vs. real phone ring (Dan Jacobson) Re: Banning virtual forms of entertainment ((Gerard A. Joseph) Re: Formula 1's string of ... failures (Bob Dubery, Chris Kantarjiev) The magic, fast-food, wand (Rob Slade) QWE2001: Call for Papers and Presentations (SR/Institute) RISKS 21.50 Thursday 12 July 2001 Microsoft bug causing serious nuclear risk? (Dudi Feuer, Michael D. Levi, John Lowry) Fiji has to relive Y2K? (James Paul) Intruder crashes United Arab Emirates' only ISP (Dave Stringer-Calvert) $480,000,000 for sending 9 parcels (Mark Brader) Uncleared disk space and MSVC (David Winfrey) Berlin Bank shows sensitive information (Debora Weber-Wulff) Power outage means wheel chairs on the go (Ray Todd Stevens) Electoral fraud (Tony Finch) Risks in inept election fraud (knhaw) Yet another e-mail filter effect (Jurjen N.E. Bos) Re: Billboard error message (Ben Morphett, Markus Peuhkuri) REVIEW: "Fundamentals of Network Security", John E. Canavan (Rob Slade) 16th Annual Software Engineering Symposium 2001 (Carol Biesecker) RISKS 21.51 Monday 16 July 2001 CD-eating fungus amongus (Gary Stock) The computer is taking over the train (Hanan Cohen) Trains Ain't Planes, it's plain to see (Daniel P Dern) Eli Lilly e-mail snafu reveals identities of Prozac users (Jeremy Epstein, Allan Noordvyk) Brownouts take out computers in Livermore (Fred Cohen) Phoenix BIOS phones home? (Merlyn Kline) Hacked caller ID? (Alexandre Pechtchanski) Anatomy of an Internet scam (NewsScan) Who watches the watchdog? (Gary Barnes) Autoresponder goes haywire (Joshua M Bieber) Auto-banner ads (Mark Richards) Microsoft pulls controversial Smart-Tag feature (NewsScan) Yearly siren test ... (Marco Frissen) 4 to 6 *million* votes uncounted in 2000 election (PGN) US Voting Systems Standards - available for public comment (Thom Wysong) Re: Electoral fraud (David Hedley, Lindsay Marshall) Re: WashingtonPost.com real estate database (Tramm Hudson) Re: Uncleared disk space and MSVC (John Sullivan, Peter da Silva) Re: The risks of clueless marketing (Toby Riddell) 10th USENIX Security Symposium (Tiffany Peoples) RISKS 21.52 Tuesday 17 July 2001 Re: WashingtonPost.com real estate database (PGN) RISKS 21.53 Thursday 19 July 2001 Dashboard can fire water at sleepy drivers (John Arundel) Polarized sunglasses and car LCD displays don't mix (Henry Baker) Missile defense test radar glitch (PGN) Historical Risk: KORD, and N-1 Engine Failures (Ami Abraham Silberman) Software gives erroneous air navigation reading (Bill Hopkins) Even a fatal error can't kill it (Jim Haynes) Gaffe gives away minister's secrets (Paul Cornish) SSL encryption that isn't (Ron) FBI arrests Russian hacker visiting U.S. for alleged DMCA breach (Declan McCullagh) Savings Bank software upgrade goes awry (Jonathan Kamens) Risk when using "Cut and Paste" (Enrique G. Sauer) Re: The computer is taking over the train (Mark Lomas) Re: Unexpected network congestion: remote consequences of Seti@Home (Eric J. Korpela) Re: "It's public data, so why not a public database"? (Geoff Kuenning) RISKS 21.54 Monday 23 July 2001 Tunnel fire derails Internet service (NewsScan) Calendar software and departed employee (Lawrence Kestenbaum) U.S. Tax refund inspires Home Depot snail-mail spam (Dawn Cohen) Renewal of digital certificate impeded by secure passphrase (Philip Bragg) Security system update leads to insecurity (Bob Van Cleef) Did download failures increase Code Red's success? (Scott Renfro) "This e-mail doesn't contain any viruses" (Aaro J Koskinen) The risks of moving and identity theft (Harry Erwin) Concerns for identity theft are often unheeded (Monty Solomon) What a gas! (William Paul Fiefer) "Know Your Customer" USPS style (Alex Wexelblat) US Airways credit-card snafu (Jed Graef) Bad domain name? (Gene Wirchenko) Banking and Internet broadcast technologies (Daniel Chalef) Re: Polarized sunglasses and LCD frustration (Stephen A. Boyd) Re: Even a fatal error can't kill it (Phil Anderson) Re: SSL encryption that isn't (Jacob Ofir) MSN security upgrade forces new e-mail address (Ami A. Silberman) ISW-2001 - Call for Participation (Howard Lipson) RISKS 21.55 Tuesday 31 July 2001 Oxygen tank kills MRI exam subject (PGN) Software is called capable of copying any human voice (PGN) Software safeguards prevent Solar Sail from separation? (Stanislav Shalunov) Firefighter's phone lines disrupted because of a SMS hoax (Stanislav Meduna) New results on WEP (Adi Shamir via Matt Blaze) FBI hit with Sircam virus that distributes files on your HD (Declan McCullagh) Super-accurate atomic clock hates Sundays (Ken Knowlton) Risks of relationships online (Gary Stock) Apple DNS Entry hacked (Greg Searle) University of Pennsylvania cable cut (Rebecca Mercuri) Cell phones overload 911 in Denver (Richard J. Barbalace) Qwest Wireless erroneously overbills customers by thousands of dollars (Richard Kaszeta) Re: FBI arrests Russian hacker visiting U.S. for alleged DMCA breach (Bill McGonigle) More on the risk of moving and identity theft (Harry Erwin) REVIEW: Bruce Schneier, "Secrets and Lies: Digital Security in a Networked World (Rob Slade) RISKS 21.56 Thursday 2 August 2001 NASA data from 1970s lost due to "forgotten" file format (Aaron Dickey) Motorola Stock Drops 99.95%! (Daniel Norton) JDS Uniphase quarterly results hacked? NO! (Dave Isaacs) Freeware app to retrieve passwords from Internet Explorer (Lyle H. Gray) Totally Hip with spyware (Michael F. Maggard) Medical records via e-mail (William Colburn) AS IF: draft-ietf-dnsext-ad-is-secure-03.txt (John Gilmore) Microsoft's PGP keys don't verify (Brian McWilliams) Telling all to the police (Norm deCarteret) Identity theft (Jack Holleran) Risks of profanity filtering (Paul Bissex) Car-door lock remote control activates another car's alarm (Mark Brader) S-not-SL (Mike Albaugh) Re: MSN security upgrade forces new e-mail address (Robert J. Woodhead) No Appleplexy needed (Dave Stringer-Calvert) Re: Autoresponder goes haywire (Richard Johnson) Re: Erroneous air navigation reading (Mike James) Re: Polarized sunglasses and LCD frustration (Chris J Dixon) RISKS 21.57 Tuesday 7 August 2001 WEP insecurity (Avi Rubin) European Union strives for openness (Stephen A. Boyd) WinXP blocks some versions of some programs (B. Elijah Griffin) Cyanide for Code Red (Jeremy) I am virus generator? (Bob Frankston) AT&T Worldnet exposes all user passwords (Una Smith) Password changes -- SIGH! (Jim Horning) The risks of online order tracking (Darryl Smith) Mixing advertising and credit-card activation (Bob Green) Techs must report child pornography (Brien Webb) Re: Dutch government and virtual child pornography (Christian Reiser) Re: Super-accurate atomic clock hates Sundays (Phil Kos) What is your area code, really? (Andrew Koenig) Online advertising: Fraud, false positives and a novel DOS attack (John O'Connor) Re: Even a fatal error can't kill it (Terry Brugger, Joe Thompson, John M. Hayes) RISKS 21.58 Thursday 9 August 2001 Half of Norway's banks offline for a week: erroneous keystroke (Nicolai Langfeldt) Danish police break "Safeguard" encryption program in tax case (Bo Elkjaer and Jay D. Dyson via Declan McCullagh) E-Divorce banned in Singapore (Dave Stringer-Calvert) Omron uses GPS to catch a car thief (Monty Solomon) Corrupt Michigan cops abuse police database to stalk, harass (Ed Walker via Declan McCullagh) OT: rot13, practical uses of (Joe Manfre) GA scholarship info exposed (Rachel Slatkin) DoCoMo and thttpd: i-mode DDoS attack! (Jef Poskanzer via Dug Song) Low-grade cryptography (Gene Wirchenko) Automated traffic-camera system has flaws (Dave Kinswa) Risks of the Passport Single Signon Protocol (Monty Solomon) Hotmail catches Code Red (Brian McWilliams via Dave Farber) Toll Road Transponders used to steal food at McDonald's (Arthur Kimes) More Adobe plastering (Peter Wayner) Re: WinXP blocks some versions of some programs (Michael Loftis) Workshop on Trustworthy Elections (David Chaum) REVIEW: "Computer Security Handbook", Hutt/Bosworth/Hoyt (Rob Slade) RISKS 21.59 Friday 10 August 2001 Volume 21 : Issue 59 Laser eye surgery (Henry Baker) "You Can't Hide Those Lying Eyes in Tampa" (Adam Shostack) The Internet park bench (Richard Jay Solomon via Dave Farber) PDF backward compatibility failures (Marc Auslander) A lucrative fiasco (Brian Randell) Risks of automatic verification (Geoff Kuenning) Possibility of a Warhol Worm: Complete infection in 15 minutes! (Nicholas C. Weaver) Adobe clarification on spyware article (Gunar Penikis) Danish police: Safeguard Easy not broken; passwords were weak (Bo Elkjaer) Re: OT: rot13, practical uses of (Rich Wales) Re: Georgia scholarship info exposed (Phil Kos) Re: Freeware app to retrieve passwords from Internet Explorer (Marc Roessler) Mutual authentication - not! (Michael Bacon) Re: What is your area code, really? ((Declan McCullagh) Is your phone bill private? Think again... (Ted Lee) Re: Firefighter's phone lines disrupted ... SMS hoax (Stanislav Meduna) Caller ID "hack" not a hack at all (William Kucharski) ANI is NOT Caller ID (Danny Burstein) DoCoMo thttpd is not all.net thttpd (Fred Cohen) RISKS 21.60 Friday 17 August 2001 Heart-device recalls (PGN) Runway incursions (Andres Zellweger) Cingular wireless goes down in heat wave (PGN) Swisscom Mobile breaks down for 10 hours (Andre Oppermann) Marines face charges in Osprey records falsifications (PGN) Woman stalked by Michigan cop via police databases is murdered (Declan McCullagh) Video crypto standard cracked? (Monty Solomon) Free hotel reservations canceled (Steve Bellovin) Interstate car tags to be photographed and tracked (Steve Holzworth) Hacked caller ID? (Andrew Hilborne) Risks of letting MS not-so-Hotmail do your junk filtering... (Michael Loftis) GPS-guide in car going nuts? (Martin Schulze) The risks of not verifying e-mail addresses (Doug Winter) Re: Mixing advertising and credit-card activation (Sam Garst, Joel Garry) REVIEW: "The Internet Security Guidebook", Juanita Ellis/Timothy Speed (Rob Slade) Dependability and "Open Source" development (Cliff Jones) CFP2002: Call for Proposals (Lance J. Hoffman) RISKS 21.61 Friday 17 August 2001 Censorship in action: why I don't publish my HDCP results (Niels Ferguson) Florida relies on students, not experts (Adam Shostack) PDAs increasingly vulnerable to hackers (Monty Solomon) Welland Canal Bridge runs into ship (Chris Smith) U.S. Web sites fall short of global privacy standards (NewsScan) DejaGoogle rides again (Dave Weingart) Risks to lose sleep over (Mike Knell) Re: AT&T Worldnet exposes all user passwords (Dylan Northrup, Mike Tuffs) Telephone "*" codes (Alan Miller) RISKS 21.62 Saturday 25 August 2001 Oklahoma whistleblower asked to accept felony conviction (Deborah Weisman) Follow-up on Oklahoma whistleblower (PGN) Wireless security vulnerabilities (PGN) AirSnort! (PGN) Kaiser Permanente (identity withheld by request) Air Force officer mails confidential information to all cadets (Jim Griffith) Re: Avoiding prosecution of the DMCA (David Petrou, Fred Cohen) Re: Why I don't publish my HDCP results (Bill Weitze, David Gillett) Re: rot13 (Mike Perry) Hack the vote? Not in Broward County! (James Paul) Re: Runway incursions (Bill Hopkins) Code Red 9? Code Crimson (Alistair McDonald) AT&T - the computer MUST be right! (Sharon Mech) Re: DejaGoogle rides again (Geoffrey Leeming) Re: Risks of automated junk/spam filters (AlphaLau) Yet another MS Hotmail risk (Kimmo) REVIEW: "SSL and TLS", Eric Rescorla (Rob Slade) Dependable Systems and Networks DSN-2002 Call for Contributions (Anup Ghosh) RISKS 21.63 Saturday 1 September 2001 The Heavens at War: NMD assessed (Pete Mellor) SDI chief says system may not be reliable (PGN) Federal tax returns missing in Pennsylvania (PGN) Hotmail hackable with one line of code (NewsScan) Even dead people use Microsoft software (Jeremy Epstein) More interesting MS certificates (Stuart Prescott) Directory service based on car license plate (Ulf Lindqvist) Re: Air Force office mails confidential information ... (Jay D. Dyson) RISKS 21.64 Saturday 1 September 2001 Temelin nuclear plant software problem (Pete Mellor) Blame the victim: vandalized Web sites may be liable for damages (NewsScan) More risks when driving (Martin Cohen) Risks of "pre-owned" computers (Nick Brown) Microsoft Reader e-books broken (David Farber) AOL silently dropping mail (Simon Waters) eBay fails to protect email addresses of users (Vassilis Prevelakis) Re: Avoiding prosecution of the DMCA (A J Stiles) Risks and madness on the BT Cellnet site (Mike Perry) Not such an equal opportunity (Bill Lamb) Re: Code Red 9? Code Crimson (Bob Frankston) Risks of outsourced check verification (Peter Simpson) Can't hold room, but can bill (Sandy Antunes) Caller ID vs. ANI confusion, again (William Kucharski) Re: Mixing advertising and credit-card activation (John Clarke) REVIEW: "Information Security Management Handbook", Tipton/Krause (Rob Slade) RISKS 21.65 Saturday 8 September 2001 More about Star Wars 2: "Letter from America" (Pete Mellor) The Heavens at War: NMD assessed (Leonard Erickson) Getting the Facts Out - Announcing "FACT SQUAD" (Lauren Weinstein) Citibank ATM network outage (Joshua L. Weinberg) France Telecom inadvertent disclosure blamed on "computer error" (Peter Campbell) Photo tickets dismissed in San Diego (Jim Griffith) Web filter considered harmful (Thomas Roessler) Early morning phone call angers citizens (Barry Hurwitz) New software lets managers search e-mail (Jonathan Leffler) Consumer Reports password policy risks (Bill Bumgarner) Norton Personal Firewall (Ben Laurie) Solar parking meters are a bad idea in wet Britain (David Mediavilla Ezquibela) Sacramento woman denied $2.8 million jackpot (Max) Accidental disclosure (Gene Spafford) Re: Air Force office mails confidential information (Maj. John Robinson) RISKS 21.66 Monday 17 September 2001 11 September 2001 in retrospect (PGN) RISKS 21.67 Monday 1 October 2001 Aftermath of 11 September 2001 (PGN) GAO reports on terrorism (Monty Solomon) Warding off cyberterrorist attacks (NewsScan) Hackers face life imprisonment under 'Anti-Terrorism' Act (Monty Solomon) Gartner "Nimda Worm shows you can't always patch fast enough" (Alistair McDonald) Hacker re-writes Yahoo! news stories (Gary Stock) YAHA: Yet Another Hotmail Attack (Alistair McDonald) Hackers and others win big in Net casino attacks (Ken Nitz) Creator of Kournikova virus gets 150 hours of community service (Abigail) "Good Samaritan" hacker pleads guilty to breaking and entering (Declan McCullagh) U.S. court shuts down deceptive Web sites (Jim Griffith) Report on vulnerabilities of GPS (Joseph Bergin) All public hospitals in Gothenburg Sweden Crippled by nimda (Peter Håkanson) Y2K flaw blamed for Down's Syndrome test errors (Les Weston) Re: Oxygen tank kills MRI exam subject (PGN) E-voting in Australia (Tony Jones) Australians voice anger over online spying (Monty Solomon) World Trade Center in RISKS (Jay R. Ashworth) We only reveal a few digits of your account number, don't worry (Dan Jacobson) X-ray machine risk (Asa Bour) Increasing RISKS of UPPER CASE (Stuart Prescott) 2002 USENIX Annual Technical Conference - Call for papers (Ann Tsai) RISKS 21.68 Monday 8 October 2001 Rocket plunges into Indian Ocean (PGN) New interest in network security (NewsScan) Another unitary transformation (Rodney Polkinghorne) AOPA's TurboMedicalsm eases medical application process (Richard Glover) Ham radios in the aftermath of 11 September 2001 (Richard Murnane) 11 Sep 2001: Risks of electronic surveillance (Gisle Hannemyr) Re: "The Risks Are Obvious" (Amos Shapir) Risks of bogus e-mail addresses "FROM: ObL" (Peter Wayner) Remote control of airliners (Steve Bellovin) Re: Oxygen tank kills MRI exam subject (Leonard X. Finegold) MS Front Page 2002 Licence Agreement (Alistair McDonald) Re: Creator of Kournikova virus gets 150 hours ... (Gene Berkowitz) Re: Hacker re-writes Yahoo! (Mark Hull-Richter) Trusted Computing, and Embedded and Hybrid Systems - new NSF programs (Wm Randolph Franklin) Computer Security Applications Conference + Advance Program (Jay Kahn) RISKS 21.69 Monday 15 October 2001 New class of wireless attacks (Gary McGraw) Reducing risks to hospital patients (Mike Martin) Ukraine missile apparently downs Russian airliner (Hanan Cohen) SirCam redux (Gavin Scott) A risk from Excel and Outlook (Will Middelaer) Outlook for Thanksgiving (Patrick Lincoln) Billion-seconds bug (Massimo Dal Zotto) Risks of undocumented 'standards' (Lloyd Wood) Re: Ham radios in the aftermath of 11 September 2001 (Todd Jonz, Mitch Collinsworth) Re: Remote control of airliners (Alan Wexelblat) Re: Sincerely yours, *Not* Osama bin Laden? (Nick Brown) Re: TurboMedical (Dick Karpinski) Public information campaign on privacy (Ben Hutchings) Re: Hackers and others win big in Net casino attacks (R.S. Heuman) REVIEW: "The CERT Guide to System and Network Security Practices", J.H. Allen (Rob Slade) RISKS 21.70 Friday 19 October 2001 "Glitch" assigns votes to wrong candidate (Tom Malaher) Pregnant chad revisited (Douglas W. Jones) Internet voting, revisited (Marcus de Geus) LA County voting machine status report (David Schneider) Stray bomb caused by typo (Tim Hollebeek) Jet engine starter motors (Ben Laurie) Your stolen Passport (Monty Solomon) Re: A Risk from Excel and Outlook (Martin Torzewski) Euro changeover (Douglas Long) Re: Outlook for Thanksgiving (Edward Reid, Conor O'Neill) Re: Risks of bogus e-mail addresses "FROM: ObL" (Sascha Mattke) Improper address-change validation (Leonard Erickson) Re: Ham radios in the aftermath of 11 Sep 2001 (Jack Decker) ACM Forum on Legal Regulation of Technology (Edward W. Felten) International Conference on COTS-Based Software Systems (Carol Biesecker) REVIEW: "Viruses Revealed", Robert M. Slade/David Harley/Urs Gattiker (Rob Slade) RISKS 21.71 Wednesday 24 October 2001 With Mars probe maneuver, NASA finally catches a brake (inthenews) DB and WWW on one machine in Australian election (Andrew Goodman-Jones) Web defacement and cyberattacks (Dave Stringer-Calvert) Hacker cracks Microsoft anti-piracy software (Monty Solomon) Are spammers getting sneakier? part 1 (Rob Slade) Are spammers getting sneakier? part 2 (Rob Slade) Redesi virus (Rob Slade) The British BSE crisis (Anthony W. Youngman) Pregnant chad revisited (Fred E. Ballard) Re: Stray bomb caused by typo (Dan Jacobson) Non-risk, re: Jet engine starter motors (Ben Laurie) Re: Euro changeover (Otto Stolz) Re: Improper address-change validation (Chuck Falconer) Cutting through hype, spin, and propaganda - "Fact Squad Radio" (Lauren Weinstein) Re: Ham radio and Morse Code (Scott K. Ellis, Skip La Fetra) RISKS 21.72 Tuesday 30 October 2001 TD Bank Canada system crash (Richard Akerman) ANOTHER SRI-wide Power Outage (PGN) ACT Election Electronic Voting (Josh Polette) Project Liberty (Jay R. Ashworth) Re: Are spammers getting sneakier? (Crispin Cowan) Re: Are spammers getting sneakier? - Yes, they are (Greg Searle) USPS correction (Ken) NSF Trusted Computing program (Carl E. Landwehr) REVIEW: "Malicious Mobile Code", Roger A. Grimes (Rob Slade) RISKS 21.73 Monday 5 November 2001 FAA Asleep at the Control Column? (Bill Duncan) Jilted boyfriend hacked into ex-girlfriend's Internet bank account (PGN) Kids' learning game site becomes porn site (PGN) Anonymous e-mailer convicted of cyberstalking (Declan McCullagh) Sony uses DMCA against Aibo Enthusiast's Site (Monty Solomon) RU-Blue? or RU-Yellow? (PGN) DeCSS is Speech (James S. Tyre via David Farber) Risks of concentrated power and the surveillance state (Peter Wayner) Risk of monoculture and exponential false AV positives (Devon McCormick) Fake ID anyone? (Tim Rushing) Bank assets disappear, convert customers into Euro-peons (Paul van Dijken) DoS attack on Mac OS9 (Erann Gat) Conference management software reveals "hidden" authors (Michael Ortega-Binderberger) Insecure promo from American Express (Cameron Simpson) Re: ACT Election Electronic Voting (Henry Grebler) Re: TD Bank Canada system crash (Przemek Skoskiewicz) Re: Stray bomb caused by typo (James R. Cottrell Jr.) Re: Int. Conf. on COTS-based Software Systems (Kearton Rees) RISKS 21.74 Sunday 11 November 2001 Programming error scrambles election results (Geoff Kuenning) Yet another Internet voting risk (Rebecca Mercuri) Election problems before the election in Virginia (Jeremy Epstein) Possible radiation therapy risk (Herbert Kanner) Risks of belief in identities (PGN) Stealing MS Passport's Wallet (Mike Hogsett) Security hole in cash machines (Andrew Brydon) UK: liberties fears over mobile-phone details (Monty Solomon) Dutch police 'bombard' stolen cell phones with SMS (Monty Solomon) Australian computer hacker jailed for two years (Peter Deighan) Even professional organizations forget about certificate expiration (Jeremy Epstein) Children's medical records released on the Web (Conrad Heiney) Glitch in iTunes Deletes Drives (Monty Solomon) Dates in Visual Basic (John Sullivan) Excel and non-decimal dots (magical via Mark Brader) Sweden's public radio reportedly bans SETI from office computers (Ulf Hedlund via Declan McCullagh) Random failures (Andrew Brydon) Re: Another SRI-wide Power Outage (Marcus L. Rowland) Re: Kids' learning game site becomes porn site (Daniel P. B. Smith, Ian Young, Paul Bowers) Re: DeCSS is Speech (Amos Shapir) Re: DoS attack on Mac OS9 (William Kucharski, Carl Maniscalco) RISKS 21.75 Monday 19 November 2001 Feds make record counterfeit software seizure (NewsScan) Google freely giving out your phone number and home address (Derek Ziglar) Researchers probe Net's 'dark address space' (Kevin Poulsen via Dewayne Hendricks and David Farber) A large risk of national ID cards (Adam Shostack) Re: Programming error scrambles election results (Hamish Marson, Phil Kos) Re: DoS attack on Mac OS9 (Erann Gat) IP: Announcing URIICA - For the Sake of Internet Users Everywhere (PGN) REVIEW: "Internet and Computer Ethics for Kids", Winn Schwartau (Rob Slade) RISKS 21.76 Tuesday 20 November 2001 Many Federal computers fail hacker test (PGN) 800 directory "assistance" redirecting calls (Brett Glass via Dave Farber) Paperless billing and opening a bank account (Ian Chard) Microsoft IE Javascript cookie disclosure vulnerability (Max) Metro Headline: "Windows hacked in hours" (Chris Leeson) Windows XP accounts by default are administrator, with no password (Jonathan Epstein) Toaster failures (Tom Hackett) Trick the user with Outlook XP and possibly others (Nathan Neulinger) Re: Dates in Visual Basic (Nick Brown) Re: Excel and non-decimal dots (Mark Brader) Porn spam being sent in my name (Nickee Sanders) Re: Kids' learning game site becomes porn site (Dan Fandrich, Malcolm Pack) Computers & bureaucracy help spread of foot & mouth disease (Charles Shapiro) Re: Another SRI-wide power outage (Kelly Bert Manning) REVIEW: "White Hat Security Arsenal", Aviel D. Rubin (Rob Slade) RISKS 21.77 Wednesday 21 November 2001 FBI targets suspects' PCs with spy virus (NewsScan) A tell-all that ZD would rather ignore (Declan McCullagh via Monty Solomon) Risks with automated counting of ballot papers: Australia (Chris Maltby) Evolution, Thermodynamics, and Software Bugs (William Colburn) Re: Programming error scrambles election results (Paul Terwilliger, Ralph Barone, Richard Stein, Edward Reid, Bob Dubery) Re: Researchers probe Net's 'dark address space' (Scott Peterson) Fun with automated car washes, or the importance of interface design (Aaron M. Ucko) Re: Feds make record counterfeit software seizure (Denis Haskin) Re: Glitch in iTunes Deletes Drives (Paul Ward, Geyser Admin) Re: Sweden's public radio reportedly bans SETI... (Nick Brown) Re: Telephone Area Code (Patrick O'Beirne) Re: Google freely giving out ... (Rebecca Wright) Re: DoS attack on Mac OS9 (David Cake) RISKS 21.78 Thursday 22 November 2001 Playboy says hacker stole customer info (Monty Solomon) Euro changeover risk (Carl Fink) The cure is only slightly worse than the disease... (Russell Stewart) My daughter is failing high school! (Jeremy Epstein) Network Solutions ad inadvertently names my domain (Fredric L. Rice) Another date risk (Leonard Erickson) Re: Researchers probe Net's 'dark address space' (Arthur Smith) Glitch in iTunes Deletes Drives (Dave Katz) Re: FBI targets suspects' PCs with spy virus (R.S. Heuman, Rob Slade) RISKS-21.77 was rejected by some filters (PGN) Re: Porn spam being sent in my name (Andrew Klossner) Re: Programming error ... (David Gillett) Re: Toaster failures (Marcus Didius Falco) The more things change (Mike Albaugh) Re: IP: 800 directory "assistance" redirecting calls (Rob Bailey, Clay Jackson) Re: National ID cards (Henry Baker) Re: Windows XP accounts by default are administrator with no password (Mark Wilkins) Let's get really paranoid about e-mail and spam... (Allan Hurst) RISKS 21.79 Tuesday 27 November 2001 Harry Potter related risks (Richard Akerman) Phone banking hiccups (Geoffrey Brent) Risks of the space character in Unix filenames (Diomidis Spinellis) FBI: home-grown terrorists (Scrounger) Misdirected criticism of Google (Chris Adams, Gary McGraw) Re: Mobile phone jamming (Markus Kuhn) Re: Stupid virus filters (Leonard Erickson) Re: Let's get really paranoid about e-mail and spam (Skip La Fetra) REVIEW: "The CISSP Study Guide", Ronald L. Krutz/Russell Dean Vines (Rob Slade) RISKS 21.80 Saturday 1 December 2001 Badtrans "worm" can capture keystrokes (NewsScan) Records stolen in Auckland (Richard A. O'Keefe) Calif info: Ask and you shall be removed ... but you've got to ask (NewsScan) "Light turnout" for election (G R Rhodes) The destruction of 7 WTC (Jacob Harris) Connecticut Attorney General website wants Microsoft browsers? (Ed Ravin) How to crash a phone by SMS (Monty Solomon) The Web Never Forgets (Monty Solomon) Risks of computer security education (David Friedman) Re: Let's get really paranoid about e-mail and spam (Walter Dnes, Jason Bennett) Re: Risks of the space in Unix filenames (David A. Moon, Richard A. O'Keefe) REVIEW: "Hackers Beware", Eric Cole (Rob Slade) RISKS 21.81 Friday 7 December 2001 Trader's error causes multi million-dollar loss (George C. Kaplan) Security hole at WorldCom left internal computer networks at risk (PGN) Judge ordered hack of Interior Department trust fund system (James H. Paul) NatWest bank turns debits into credits (Bob Buxton) Cops get speeding tickets from cameras (Monty Solomon) Gwinnett County GA keeps prison inmates list online (Nick Brown) "Late-night" Internet-porno-ban (Debora Weber-Wulff) Optimizations at kiosks can be costly (Seth Arnold) Grocery self-checkout risks (Scott Nicol) Swedish police reportedly doctor video evidence, admit it (Jerry via Declan McCullagh, Ulf Lindqvist) E-voting and international law (Lucas B. Kruijswijk) Re: "Light turnout" for election (Andrew Fleisher) Re: Connecticut AG website wants Microsoft ... (Roland Roberts, Nathan Sidwell) Re: PLEASE REMOVE me from the CAL database (RootsWeb HelpDesk) Re: REVIEW: "Hackers Beware", Eric Cole (Mark Brader) RISKS 21.82 Friday 14 December 2001 Cisco accountant's fraud (David Weitzel) "The Missile Defense Hoax" (Lauren Weinstein) Military intelligence at its best? (Terry Labach via Alan Wexelblat) Office XP, Windows XP may send sensitive documents to Microsoft (David Farber) MS Word XP "autocorrects" my name (Arnold Weissberg) P3P, IE6 and Legal Liability (Ben Wright) SMS phone crash exploit a risk for older Nokias (Monty Solomon) Identity theft without prior knowledge of social security number (Identity withheld by request) FBI may not appreciate the risks with Carnivore sniffing E-Mail (Fredric L. Rice) Number takes prime position (technews) Radio-synchronised alarm clocks (Jonathan D. Amery) Computer will drives 820 passengers at 68 mph (Daniel Norton) Re: "Late-night" Internet-porno-ban (Debora Weber-Wulff) Re: Risks of various characters in Unix filenames (Duncan MacGregor, Bennet S. Yee) NetSOL vs. PGP: Risks of a crypto company owning a registrar? (R. A. Hettinga) Swedish police reportedly doctor video evidence, admit it (Michael Walsh) Followup to: Savings Bank software upgrade goes awry (Jonathan Kamens) RISKS 21.83 Wednesday 26 December 2001 Error at Board of Studies (Pete Mellor) Wiretapping equipment compromised: FBI, CALEA (Michael E. Goldsby) Security problems in Microsoft and Oracle software (NewsScan) Latest Windows versions vulnerable to unusually serious attacks (Monty Solomon) Software glitch grounds new Nikon camera - Tech News - CNET.com (Craig Mautner) Secure in, insecure out (Jeremy Epstein) Assume no safety ... (Peter Houppermans) Re: Identity theft without prior knowledge of SSN (Brett Harmond) Mersenne prime exponent wrong (Ken Knowlton) Re: Computer will drive 820 passengers at 68 mph (Ian Entecott, Jonathan Thornburg, Curt Sampson, Jeff Jonas, Jacob Sparre Andersen, Anthony W. Youngman, Andrew Roberts, Jens Braband, Jerrold Leichter) RISKS 21.84 Saturday 5 January 2002 Peak time for Eurorisks (Paul van Keep) More Euro blues (Paul van Keep) ING bank debits wrong sum from accounts (Paul van Keep) Euro bank notes to embed RFID chips by 2005 (Ben Rosengart) TruTime's Happy New Year, 2022? (William Colburn) Airplane takes off without pilot (Steve Klein) Harvard admissions e-mail bounced by AOL's spam filters (Daniel P.B. Smith) Risk of rejecting change (Edward Reid) Security problems in Microsoft and Oracle software (NewsScan) "Buffer Overflow" security problems (Henry Baker, PGN) Sometimes high-tech isn't better... (Laura S. Tinnel) When a "secure site" isn't (Jeffrey Mogul) RISKS 21.85 Monday 7 January 2002 Yokoh Satellite loses control (Paul Saffo) More medical risks (Clay Jackson) Bogus dates for McAfee virus alerts (William Colburn) Re: Harvard admissions e-mail bounced by AOL's spam filters (Simon Waters, Danny Burstein, Gordon Zaft) Re: "Buffer Overflow" security problems (Nicholas C. Weaver, Dan Franklin, Kent Borg, Jerrold Leichter, Henry Baker) Re: Software glitch grounds new Nikon camera (Dave Gillett) REVIEW: "Incident Response", Kenneth R. van Wyk/Richard Forna (Rob Slade) RISKS 21.86 Thursday 10 January 2002 Credit-card cloners' $1B scam (Monty Solomon via David Farber) Mag-stripes on retail gift cards (Tim Christman) Luton schoolboy profits from Euro chaos (Clive Page) Another Euro surprise (Otto Stolz) A Web site about PC security asking to lower PC/browser security (Koos van den Hout) Other blunders on "secure" Web sites (Skip La Fetra) Re: Harvard admissions e-mail bounced by AOL spam filters (Fredric L. Rice) User Web habits tracked by some music-swapping programs (NewsScan) Kaiser Permanente exposes medical record numbers (J Debert) ATT ignores it's own privacy policy? (J Debert) Peoples Federal Savings Bank explains their interest calculations (Jonathan Kamens) Re: "Buffer Overflow" security problems (Stephen Steel) Re: "Buffer Overflow" security problems and PL/I (Kelly Bert Manning) Buffer overflows aren't the only issue (Rex Black) Separate I and D spaces (Mike Albaugh) RISKS 21.87 Saturday 19 January 2002 Exploding chips: Would you like to be fried with that? (Rob Slade) Hospital tells elderly men they're pregnant (Arthur Goldstein) Automated Debit: "There's nothing we can do to stop it." (Carl Fink) Even unscientific elections get rigged (Jeremy Epstein) The risks of standards and validators (Lindsay Marshall) Buffer overflows and other stupidities (Earl Boebert) Windows update server glitch (Mike Hogsett) An outrageous violation of privacy (Fred Cohen) Risks of Internet Reconfigurable Logic (John Gilliver) Linked DMV databases and biometrics on driver's licenses (Ben Rosengart) Facial recognition technology doesn't work (Nick Brown) Honolulu speed camera risk: mainly human error (Dan Birchall) AOL Buddy-Hole fix has backdoor (Robert Andrews) Reinventing snake oil: compression (Jeremy Epstein) Re: Airplane takes off without pilot (Paul Nelson) Re: Software glitch grounds new Nikon camera (Nickee Sanders) Re: Kaiser Permanente exposes medical record numbers (Geoff Kuenning) Re: ING bank debits wrong sum from accounts (Paul van Keep) REVIEW: "Counter Hack", Ed Skoulis (Rob Slade) RISKS 21.88 Tuesday 22 January 2002 Bulgarian parliament against weight loss (Jonathan Larmour) Pope loves Internet, but wants "anti-depravity regulation" (Declan McCullagh) Unshredders (PGN) Newspaper archives (Roger Needham) Virginia county recalls student laptops (NewsScan) Software uncovers e-mail untruths (NewsScan) Georgia Tech anti-cheating software (Walter Roberson) Anthrax mail irradiation can affect electronic devices in postal mail (Thomas Dzubin) Health insurer computer changes delay payments... (Don Mackie) Excel cut-and-pasting behaviour (Geoffrey Brent) Lotus Notes silently losing data (Erling Kristiansen) Woman says telephone makes unsolicited calls (Carl Fink) Answering machine provides door entry code (Benjamin Elijah Griffin) Microsoft using predictable passwords for Passport? (Rodger Donaldson) Re: Other blunders (Brett) Re: Kaiser Permanente exposes medical record numbers (George C. Kaplan) Re: Bogus dates for McAfee virus alerts (David Blakey) Re: AOL's spam filters (Jay Levitt) Call for Participation Open Source Software Development Workshop (Cliff Jones) RISKS 21.89 Tuesday 29 January 2002 Wireless technology criticized for vulnerabilities (NewsScan) Wireless bypassing the firewall (Jeremy Epstein) Free airport wireless network, and spam launcher (Mike Hogsett) Consumer beware: Are you really there? (Rob Graham) Risks of deceptive characters in URLs: Gabrilovich/Gontmakher (PGN) Water line break closes 911 center & police department (Dave Bank) New official self-service litigation system available in England & Wales (Tony Ford) Royal chat session failed (Erling Kristiansen) Risks of bouncing e-mail (Nick Brown) Stupid defaults in database conversion (Paul Wallich) Spam prevention gone too far (Jonathan Kamens) BBC News: Iceland places trust in face-scanning (Chris Leeson) Brisbane ISP in court (Peter Deighan) RSA Conference e-mail has tracking bugs (Rex Sanders) Re: Buffer overflows and other stupidities (Earl Boebert) Re: Software uncovers e-mail untruths (Russ Perry Jr) Remote mobile phone configuration changes via SMS service (S. Llabres) REVIEW: "Algebraic Aspects of Cryptography", Neal Koblitz (Rob Slade) Infowar Con 2002, call for papers (Winn Schwartau) RISKS 21.90 Sunday 10 February 2002 Software bug blamed in radioactive spill (Adam Shostack) CT unemployment insurance folk mail out "off by one" letters (Danny Burstein) Adult content filter considers MSDN Flash as "Unwanted adult spam" (G.J. Dekker) HP annual report bitten by spelling software (Jim Griffith) Turning Macs on Thievery (Monty Solomon) Instructive story (Edward W. Felten) E-commerce website automatic response proves costly (Brian Ally) Automated upgrade means no statistics (Paul Roberts) Yet another Microsoft Outlook exploit (Bear Giles) Bug in MS Excel? (Alberto) Re: Excel cut-and-pasting behaviour (Peter Jeremy) UK to try remote voting (Merlyn Kline) Miami-Dade OKs touchscreen voting (David E. Price) Re: Even unscientific elections get rigged (Joe Thompson) Re: Woman says telephone makes unsolicited calls (William Kucharski) More Kaiser followup (Geoff Kuenning) Re: REVIEW: "CISSP Examination Textbooks", S. Rao Vallabhaneni (Rob Slade) RISKS 21.91 Weds 13 February 2002 Microsoft C++ feature against buffer overflows itself vulnerable (Gary McGraw) Hole found in Net security program (Bill Hopkins) Security flaw in Sony Vaio computers (Monty Solomon via Dave Farber) Computer controller crane goes wrong (Jeff Jonas) Election risks from lack of randomization (Keith Price) Search engines may give you the wrong e-mail address (Robert Marshall) Hotel Internet access (Christian Holz) "Secure" credit-card transactions with new Amstrad e-mailerplus (Merlyn Kline) Officer calls for refund of 'speeding' fines (Monty Solomon) Risks of the rise of PowerPoint (Andrew Main) Microsoft and English (Toby Gottfried) Re: Bulgarian parliament against weight loss (Valentin Razmov) Bill payer system silently changes payments (Phil Weiss) Social Security Numbers printed on tax envelopes (Steve Klein) Virus writers aren't playing fair (William Colburn) Re: Homograph risks (Merlyn Kline) Survey finds security lax at nonprofits (Audrie Krause) REVIEW: "Zimmerman's Algorithm", S. Andrew Swann (Rob Slade) RISKS 21.92 Weds 20 February 2002 Patriot misses again (Lord Wodehouse) Researchers claim to crack Wi-Fi security (Monty Solomon) When machine metadata fails, address humans (Diomidis Spinellis) Unwitting cell calls swamp 911 systems (Monty Solomon) Abuse of intercept capabilities: 'Tampa' affair (Geoffrey Brent) PayPal's tenuous situation (Jeff Jonas) Ice-skating judging solution (Ken Knowlton) Re: Miami-Dade OKs touchscreen voting (Alan Brain) An unlocked system can be compromised quickly (Greg Searle) Dangerous characters (Mark Lomas) Computerized assistance with non-standard punctuation (David Piper) Re: Homograph problems (Geoffrey Brent) What's a buffer overrun problem? (William P. N. Smith) Sorry, that number is now in service (Gene Spafford) Re: Officer calls for refund of 'speeding' fines (Henry Baker) Re: Social Security numbers on tax envelopes (Robert Ellis Smith) The Security Risks of Programs That Automatically Update (Scott Schram) New Security Conference - GOVSEC, Call for Presentations (Jack Holleran) RISKS 21.93 Tuesday 5 March 2002 Malfunction shuts down computer-controlled amusement park ride (Chuck Hardin) A$ 22,000 in fines for missing car-toll transponder (Peter Trei) Air Transat emergency landing (John Johnson) Nick Petreley: Identity theft (Anthony W. Youngman) Metro: Time runs out for Domesday discs (Chris Leeson) RISKS to computers from society (Arthur J. Byrnes) Corporate Web sites leave cold steely feeling (Dan Jacobson) Tunneling too close to the person you're trying to protect: SafeWeb (David Martin) Privacy risk in Netscape 6 (Sim IJskes) Electronic Voting in Ireland (Peter Thornton) Re: Miami-Dade OKs touchscreen voting (Les Barstow, Mark Nelson) Re: The homograph problem (Partha) Re: Dangerous Characters (Dick Botting, Darrell Fuhriman, Bill McGonigle) REVIEW: "Security Fundamentals for E-Commerce", Vesna Hassler (Rob Slade) RISKS 21.94 Monday 11 March 2002 Runaway remote-controlled coal train (PGN-ed from Dan Swinehart) LED lights can reveal computer data (NewsScan) Yet another case of a program changing your input (Vassili Prevelakis) Loosing It's Grammer Skill's (Greg Searle) .org.au, .gov.au, .edu.au domain hijacking through lax security (Grant Bayley) Amendment to add life prison terms for reckless hacking (Len Lattanzi) The computing battlefield (Jon P) Military palmtop will direct air strikes using WinCE (David Wagner) The next step in malicious spam (Joe Faber) The RISK of ignoring permission letters (Timothy Knox) Re: Air Transat Incident, Aug 24, 2001 (Peter B. Ladkin) Re: Malfunction shuts down ... amusement park ride (Stanislav Meduna) Re: PayPal's tenuous situation (Max) RISKS 21.95 Tuesday 12 March 2002 ATTBI / Eudora / SSL (Jock Gill via Dave Farber) 'Phantom Menace' typing is just a Microsoft speech feature (Dale Hawkins) Re: Yet another case of a program changing your input (Gene Wirchenko) Re: Air Force seeks better security from Microsoft (Tom Poe, Jei) Disclaimers (Michael Bacon) Re: Loosing It's Grammer Skill's (Michael Bacon, Klaus Brunnstein, Mike Albaugh, Merlyn Kline, Dave Williams) Re: The RISK of ignoring permission letters (Rob Slade, Greg Searle, George C. Kaplan, Michael Bacon) Re: Welland Canal Bridge runs into ship (Dave Gillett) Re: LED lights can reveal computer data (Nick Simicich, Peter B.) REVIEW: "Incident Response", Kevin Mandia/Chris Procise (Rob Slade) RISKS 21.96 Thursday 14 March 2002 Airbus A300 "BSD" Incident from 1997 (Peter B. Ladkin) Airbus A320 Cross-Wired Sidestick Incident (Peter B. Ladkin) Out with pilots, in with pibots (Erling Kristiansen) Risks of Unicode and WSIWYG (Len Spyker) Thousands seek Ladonian citizenship over the Internet (PGN) Risks of inadequate testing, yet again (Tony Lima) Hacking with a Pringles tube (Chris Leeson) Re: LED lights can reveal computer data (Tramm Hudson, Colin McEwen) Re: Loosing It's Grammer Skill's (Mike Albaugh) Re: Sorry, that number is now in service (Jay D. Dyson, Gene Spafford, Jay D. Dyson, James Graves, Gene Spafford) Re: Disclaimers (J F Hitches) RISKS 21.97 Wednesday 20 March 2002 Overcoming ICANN: Forging Better Paths for the Internet (PFIR) RISKS 21.98 Friday 29 March 2002 Friendly Fire deaths traced to dead battery (Jamie McCarthy, KNHaw) British Air Traffic Control system outage (Alistair McDonald) Clinton cartoon carries virus (NewsScan) Low-tech election risks: mice (Mike Martin) Black box or Pandora's box? (Monty Solomon) eBay identity theft (Scott Nicol) Software "glitch" changes the colour of the universe (Pete Mellor) Bioinformatics start-of-the-art (Richard A. O'Keefe) Windows XP disables own firewall (Scott Miller) Re: LED lights can reveal computer data (Anthony DeRobertis) Re: Disclaimers (Malcolm Cohen) Re: PayPal's tenuous situation (Ray Todd Stevens, Alun Jones) Re: The RISK of ignoring permission letters (Gene Spafford, Ray Blaak) Pearl Harbor Dot Com, by Winn Schwartau (PGN) REVIEW: "Authentication: From Passwords to Public Keys", R.E. Smith (Rob Slade) RISKS 21.99 and RISKS 21.00 29 March 2002 Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 21 (15 August 2000 to 29 March 2002) ------------------------------ End of RISKS-FORUM Digest 21.00 (99) ************************