Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 22.00 (22.99), Volume 22 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest 27 October 2003 Volume 22 : Issue 00 (99) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 22 (1 April 2002 to 27 October 2003) (NOTE: This summary is archived in ftp file risks-22.00 at ftp.sri.com, cd risks, and is also at http://catless.ncl.ac.uk/Risks/22.00.html.) ---------------------------------------------------------------------- Date: 29 Mar 2002 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, send e-mail requests to with one-line body subscribe [OR unsubscribe] which requires your ANSWERing confirmation to majordomo@CSL.sri.com . If Majordomo balks when you send your "accept", please forward to risks. [If E-mail address differs from FROM: subscribe "other-address " ; this requires PGN's intervention -- but hinders spamming subscriptions, etc.] Lower-case only in address may get around a confirmation match glitch. INFO [for unabridged version of RISKS information] There seems to be an occasional glitch in the confirmation process, in which case send mail to RISKS with a suitable SUBJECT and we'll do it manually. .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 21" for volume 21] http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. Lindsay Marshall has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r http://the.wiretapped.net/security/info/textfiles/risks-digest/ . http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/ ==> PGN's comprehensive historical Illustrative Risks summary of one liners: http://www.csl.sri.com/illustrative.html for browsing, http://www.csl.sri.com/illustrative.pdf or .ps for printing ------------------------------ Subject: SUMMARY OF RISKS VOLUME 22 (1 April 2002 to ...) (archived in ftp file risks-22.00) RISKS 22.01 Monday 1 April 2002 ATF Takes Responsibility for Federal Software Policy Enforcement (ATFS Director) REVIEW: "Hacking for Dummies", Bill Murray III/Gene Spafford (Rob Slade) Computers to Cars (PGN) Surprise Settlement Evenly Splits Microsoft (Gene Spafford) Big security leak in Internet sexshop (Paul van Keep) Web site leaks customers address, offers extra discounts (Ron Gut) Hackers find new way to bilk eBay users (Monty Solomon) BT is publishing confidential ex-directory telephone numbers (Clive Jones) Risks of using anti-spam blacklists (Eric Murray) The smart highway (Raphael Lewis via Monty Solomon) E-mail subscriptions, windows 2000 patches and photocopiers (Alistair McDonald) Re: Out with pilots, in with pibots (Robert Woodhead) RISKS 22.02 Thursday 4 April 2002 Announcing Immunix SnackGuard (Crispin Cowan) Just because it's funny doesn't mean it isn't real (Donald A. Norman) Re: Computers to Cars (David Harmon) April Foolishness (PGN) Real News on April 1st/KaZaA "leech" network (Nicholas C. Weaver) IRS Form W-9095" -- that is NOT ISSUED by the Gov't (Jean Dugger) When is fail-safe not fail-safe? (Phil Rose) Barclays BACS payment system failure (Lindsay Marshall) Gillette's Mach3 creates sales bonanza for thieves (Monty Solomon) Yahoo Groups spam alert (John David Galt) Yahoo users fume over "spam" switch (Monty Solomon) Re: UK ATC failure (Martyn Thomas) Re: Software "glitch" changes the colour of the universe (Douglas Siebert) Re: Loosing It's Grammer Skill's (Bruce Wampler) Re: The RISK of ignoring permission letters (Edward Reid) REVIEW: "Computer Forensics", Warren G. Kruse II/Jay G. Heiser (Rob Slade) Black Hat CFP (Jack Holleran) RISKS 22.03 Monday 15 April 2002 Bank merger in Japan causes numerous problems (Jeremy Epstein) Online banking system failure in a big way (Ishikawa) Computer crime way up, says FBI (NewsScan) Can you trust a "trusted traveler"? (NewsScan) SMS, Net voting to be used in local UK elections in May (Anura Samara) Patient overflow avoided: P1M, not Y2K (David Shaw) More UK air traffic control failures (Mich Kabay) Interface simplification (Devon McCormick) Re: Just because it's funny doesn't mean it isn't real (Michael Walsh, Achim Nolcken Lohse) Re: When is fail-safe not fail-safe? (Anthony W. Youngman) Is your e-mail watching you? (Stefanie Olsen via Monty Solomon) The Risks of using the wrong address (Dan Birchall) Re: Yahoo Groups spam alert (Jim Horning) Ray Bradbury's Fahrenheit 451, revisited (Marc Rotenberg) REVIEW: "Hacker's Challenge", Mike Schiffman (Rob Slade) RISKS 22.04 Monday 22 April 2002 Y2K: The malady lingers on (Frank Carey) Nanny-Cam may leave a home exposed (John Schwartz via Dave Farber) Wireless used for water supplies (John R. McPherson) More Web voting - UK local elections May 2002 (R M Crorie) Security flaw in Microsoft Office for Mac (Robert Lemos via Monty Solomon) One-fourth of Mellon financial's I.T. work moved to India (NewsScan) This is scary (Ted Lee) Another April Fool's risk (Geoffrey Brent) Citibank Visa woes (Bill Brykczynski) Cracking for a fee (PGN) CASPR Anti-virus Management and Protection discussion group (Rob Slade) Re: Computers to Cars, warning lights (Walter Underwood) REVIEW: "Handbook of Computer Crime Investigation", Eoghan Casey (Rob Slade) Conference on security information disclosure (Edward W. Felten) DSN 2002 Registration and Advance Program (Anup Ghosh) 23RD ISODARCO SUMMER COURSE - Call for application (Diego Latella) RISKS 22.05 Sunday 5 May 2002 "Don't Touch That Dial--Or You're Under Arrest!" (Lauren Weinstein) Re: "Don't Touch That Dial--Or You're Under Arrest!" (Dan Gillmor) Vivendi suspects electronic vote fraud (NewsScan) Lost password' delays Mali vote count (PGN) Online voting in UK (Toby Gottfried) How to rig an election (*The Economist* via Mohammad Al-Ubaydli) Seattle City light billing disputes (Jason Axley) Risks of differing Unices (Theo Markettos) CIA warns of Chinese plans for cyber-attacks on U.S. (Mike Hogsett) Smart inventory control overshoot (Paul Breed) California DMV online data base (Bruce Stein) A new risk to computers worldwide: W32/KLEZ.H" in MS Outlook (John Schwartz via John F. McMullen) How not to warn about viruses (Rob Slade) IE 6 Privacy features open users to attack (Monty Solomon) Midwest Express Web site security (Midwest Express) Robot cameras 'will predict crimes before they happen' (Merlyn Kline) Re: Online banking system failure in a big way (Ishikawa) Re: Nanny-Cam may leave a home exposed (Marc Roessler) RISKS 22.06 Wednesday 8 May 2002 Unprepared for cyberattacks? (NewsScan) Ashcroft wants stiffer penalties for identity theft (NewsScan) The Console Buffer Knows... (Mark Bergman) Salespionage (Rob Slade) GNU in Not Unix (Dimitri Maziuk) More on Clez (Rob Slade) Moderated mailing lists and virus scanners (Matthew Byng-Maddick) CLUTS: Composable Low-assurance UnTrusted Systems (Ben Laurie) NRC report on porn (Herb Lin) ACM invitation (Lillian Israel) RISKS 22.07 Saturday 18 May 2002 Apple Computer's hidden spam filtering (Derek K. Miller) Apple: break your new PC with a copy-protected CD, it's not our fault (Charles Arthur via Dave Farber) Shipping the Big Iron: a computer-related risk! (Mike Hogsett) UK govt wants to make "e-filing" compulsory for taxes (David Cantrell) Verisign doesn't encrypt credit-card info (Daniel Norton) Making a list, checking it never (Adam Shostack) Re: The Console Buffer Knows... (Dick Mills) Re: GNU is not UNIX (Theodore Ts'o, Dimitri Maziuk) More on Klez (Bob Morrell, Paul Mech) RISKS 22.08 Wednesday 22 May 2002 SPAM-demon-ium overload countermeasure (PGN) AT&T's e-mail filter filters AT&T's e-mail (NewsScan) Air-traffic control software reliability (Peter B. Ladkin) Disk crash destroys law-enforcement mug shots in Michigan (Thomas Insel) WashDC database crash linked to a death by a falling tree (Przemek Klosowski) Fun with fingerprint readers (Bruce Schneier via Monty Solomon) "Medication errors could be eliminated ..." (Dr. David Alan Gilbert) Copy Protected CDs -- risk of selling marker pens (Doug Sojourner) Re: Apple: break your new PC with a copy-protected CD ... (Bill Bumgarner) FBI does not care about standards, nor getting that information (Peter Ha*kanson) 2 unsolved telephone mysteries - software faults? (Andrew Goodman-Jones) Candy machine punishes the quick-thinking (Fredric L. Rice) Compaq issues refunds for one-cent PCs (Tudor Bosman) Re: Your bash has Alzheimer's (Bob Bramwell) REVIEW: "CISSP Exam Cram", Mandy Andress (Rob Slade) RISKS 22.09 Thursday 23 May 2002 Re: S-P-A-M-demonium (PGN, Kevin) Computer failure grounds over 300 flights in minutes (Chris Brady) Air-traffic controllers can't read the new screens (Chris Brady) Paper: How to own the Internet in your spare time (Nicholas C. Weaver) Credit-card data from wireless registers (Jim Laurenson) Ford Motor Credit office baffled by theft (Dave Hansen) Vending Machines - Poor Programming (T.J. Griesenbrock) RISKS of providing smart-alecky false information (Daniel P. B. Smith) Phony 'soldier' needs your help giving him your money (NewsScan) Re: Fun with fingerprint readers (Arnt Gulbrandsen) Re: 2 unsolved telephone mysteries (Stanislav Meduna, Chris Barnabo) Re: Copy-Protected CDs (Jan Ingvoldstad, Sean A Dunn, Russ Perry Jr, Martin Ward) Re: More on Klez (Joseph Brennan) REVIEW: "Cyber Forensics", Albert J. Marcella/Robert S. Greenfield (Rob Slade) RISKS 22.10 Monday 27 May 2002 US Navy suffers domain hijacking (Geoffrey Brent) California personnel files were breached for 265,000 workers (Monty Solomon) Face recognition kit fails in Fla airport (Thomas C Greene via Dave Farber) Dutch city implanting chips to monitor tree health (Sander Tekelenburg) Risks of quoting command language in e-mail (Mich Kabay) Glitch leads to huge airfare bargains (Jason Axley) Re: Copy-Protected CDs (Alan J Rosenthal) Re: Apple copy-protected CD (Benjamin Robinson) Re: Ford Motor Credit office baffled by theft (Greg Searle) Re: Vending Machines - Poor Programming (Ryan O'Connell) Re: Candy machine punishes the quick-thinking (Alan P) Re: S-P-A-M-demonium (Klaus Johannes Rusch) Re: SpamAssassin + Vipul's Razor (Karsten M. Self) Re: 5am call (Gavin Treadgold) More on Klez (Simson L. Garfinkel, Jonathan Kamens) Klez and mail loops (Martin Pool) REVIEW: "CISSP All-in-One Certification Exam Guide", Shon Harris (Rob Slade) RISKS 22.11 Thursday 6 Jun 2002 Impact of inadequate software testing on US economy (Rick Kuhn) "Truncation error" found in GPS code on Int'l Space Station (George White) FBI's Carnivore hampered anti-terror probe (Marc Rotenberg) Sex, Truth and Videotaping (Gary Marx) Kursk submarine: to test or not to test ...? (Ken Knowlton) Deja vu: Stockholm power outage hits high-tech companies (Ulf Lindqvist) Inadvisable instructions from Sun on StarOffice 5.2 (John Sullivan) Confirming cricket score reason for delay (R. Jagannathan) Students provide bulk of tech support in schools (NewsScan) More on typos and homographs (Martin Wheatman) Please ignore the anti-shoplifting device! (Mario Hendricks) Re: The Klez Effect (Paul van Keep, Greg Searle) Re: Klez and mail loops (A. Harry Williams) More on Klez (Hal Lewis) RISKS 22.12 Monday 10 June 2002 Is there a law that says you have to watch commercials? (NewsScan) Dim STARS (Peter B. Ladkin) Questions about new STARS air-traffic computer system (Ian Macky) COTS versus Bespoke ATC Systems (Peter B. Ladkin, Nancy Leveson) Re: Swanwick (Peter B. Ladkin) *NY Times* new zero-security password system (Martin Ward) Tracking subway users by electronic fare card (Ngiam Shih Tung) Kazaa users inadvertently share their private files (Nathan Good) Web glitch exposed Fidelity accounts (Monty Solomon) Hacker threat posed by Excel spreadsheets (Patrick O'Beirne) Re: More on typos and homographs (Martin Wheatman, Scott Nicol) RISKS 22.13 Thursday 27 June 2002 Secret American spy photos broadcast unencrypted over satellite TV (Duncan Campbell via Tim Finin via Dave Farber) Software problem kills soldiers in training incident (Steve Bellovin) Safety and human factors in ATC (via Hayley Davison and Nancy Leveson) Car repair shops often can't crack diagnostic code (Monty Solomon) Qui audit ipsos auditors? (Rob Slade) Tools gauging blood pressure raise questions (Monty Solomon) Microsoft's secret plan to secure the PC (Monty Solomon) Risks to your privacy from using MSN Messenger 4.6? (Michael Weiner) Microsoft sent Nimda worm to developers (Mike Hogsett) Microsoft's Allchin: API disclosure may endanger U.S. (Brien Webb) Identity theft site (Conrad Heiney) Randomly generated 4-letter words in sendmail queue-ids (Earle Ake) New virus can infect picture files (NewsScan) Norwegian history database password lost and retrieved (Lillie Coney) Calculators vs. handheld computers (NewsScan) England halts distribution of bad money (Monty Solomon) E-mail address parsing (William Colburn) Risks subscription problem (Ethan Benatan) Re: NERC + token ring (T Panton) Re: US Navy suffers domain hijacking (Jay R. Ashworth) Re: Please ignore the anti-shoplifting device! (Scott Peterson) REVIEW: "Developing Trust", Matt Curtin (Rob Slade) RISKS 22.14 Tuesday 9 July 2002 DCS/SCADA Security (Eytan Adar) Fishermen rescued after dam malfunction (Thomas Dzubin) China bans toxic American computer junk (Mich Kabay) A Microsoft Medley in RISKS-22.13 (Peter da Silva) Windows Media Player security update EULA gives MS permission to keep you from using "other software" on your computer (Bill Tolle) Re: E-mail address parsing (George Roussos) MI5 hates encryption so much, they don't use it! (Ben Laurie) More on The Telecom Crash of 2002 (Joe Pistritto via Dave Farber) Security in General - wireless - simplicity (M Simon) FORTH (M Simon) 11th USENIX Security Symposium (Alex Walker) REVIEW: "Decrypted Secrets", F. L. Bauer (Rob Slade) RISKS 22.15 Sunday 14 July 2002 Listen to TCAS, not the controller! (Monty Solomon) Biometric programs "more ... toys than of serious security measures" (Yves Bellefeuille) Brazilian Internet theft (Tom Van Vleck) Pretty Poor Privacy from Network Associates (NewsScan) FreeBSD Scalper worm, a bad precedent... (Nicholas C. Weaver) Software bugs cost the US 40bn a year (Pete Mellor) Free Prozac in the junk mail draws a lawsuit (Monty Solomon) Cringely on Palladium (Pete Mellor) More on Palladium (Pete Mellor) EULA (Monty Solomon) Windows Media Player security update EULA (Pedt Scragg) Re: Randomly generated 4-letter words in sendmail ... (Bill Gunshannon) Re: US Navy suffers domain hijacking (Bill Stewart, Conor O'Neill) Re: E-mail address parsing (Tony Finch) Re: FORTH (Jonathan) REVIEW: "Digital Signatures", Mohan Atreya et al. (Rob Slade) RISKS 22.16 Sunday 21 July 2002 U.S. House approves life sentences for crackers (NewsScan) Expert says Palm Beach's new voting machines have problems (PGN) Palm Beach voters at it again (Dan Scherer) 'Face testing' at Logan is found lacking (Monty Solomon) Japanese service links ATMs to cell phones (Mich Kabay) Yahoo admits changing e-mail text to block hackers (Monty Solomon) IIS Mail exploit (Matthew Byng-Maddick) E-mail content filtering may kill the medium (Derek K. Miller) "You may not have received this e-mail" (Monty Solomon) Forensic programming course outline (Rob Slade) Re: EULA (Derek J. Balling) REVIEW: "The Hacker Diaries", Dan Verton (Rob Slade) REVIEW: "Hacker Attack", Richard Mansfield (Rob Slade) RISKS 22.17 Wednesday 24 July 2002 Warning system failed during fatal tornado (Robert Crump) Wrong number costs Gateway $3.6 million (NewsScan) WebTV virus dials 911 (Monty Solomon) Explanation of Voter-Verified Ballot Systems (Rebecca Mercuri) Auditing of voting machines (Daniel Boyd) Royalty fees may be the death of Internet radio (NewsScan) SSH Protocol Weakness Advisory (Monty Solomon) Uselessness of "Dirty word" filters (Danny Lawrence) E-mail content filtering may kill the medium (Pascal Bourguignon, Max TenEyck Woodbury) Yahoo! *fixes* e-mail as security measure (Robert Gezelter) Re: Crackers -- aka hackers -- providing useful information (Fred Gilham) Doonesbury, Allen Hutchinson on 802.11 networks and security (Declan McCullagh) Monty Solomon Setuid Demystified, Chen/Wagner/Dean 11th USENIX Security Symposium (Alex Walker) REVIEW: "Writing Information Security Policies", Scott Barman (Rob Slade) RISKS 22.18 Saturday 27 July 2002 Gridlock as 800 London traffic lights seize (Adrian Lightly) Nasdaq glitch hits stocks starting with 'M' or 'N' (Joan Lee Brewer) Princeton admissions office caught breaking into Yale computers (Steve Klein) Warchalking the Networks (Chris Leeson) Handspring hands out names and springs out numbers (Monty Solomon) Risks from cyberterrorism (NewsScan) American style cyber warfare: what are the risks? (Hendrik) No more JPEGs - ISO to withdraw image standard (Monty Solomon) Reinventing read-only disks (Jeremy Epstein) Possible day-of-week error - Zeller (John Stockton) Finger-printing children in schools, without parental involvement (Peter Houppermans) Apple OSX and iDisk and Mail.app (Randal L. Schwartz) Re: Listen to TCAS, not the controller! (Bob Morrell) Re: E-mail content filtering ... (Anthony W. Youngman, Nick Brown, Marc Horowitz, Robert Woodhead) Re: Uselessness of "Dirty word" filters (J.D. Abolins, Danny Lawrence) news@sei interactive--Second quarter 2002 issue available (Hollen Barmer) RISKS 22.19 Monday 19 August 2002 Name filtering affects police officer (Fuzzy Gorilla) Massive ATM fraud after security problems due to Sept 11 (Tom Van Vleck) A universal Turin machine? (PGN) Win32 API utterly and irredeemably broken (Monty Solomon) Microsoft EULA asks for root rights -- again (Monty Solomon) FTC Stamps Microsoft's Passport (Monty Solomon) Keystone SpamKops (Edward W. Felten) Re: Listen to TCAS, not the controller (Peter B. Ladkin) An automation-related AIRPROX incident (Peter B. Ladkin) RISKS 22.20 Thursday 22 August 2002 "Homeland Insecurity" (Monty Solomon) Home overvalued by $200 million affects tax recovery (Fuzzy Gorilla) 103-year-old man told to bring parents for eye test (Arthur Goldstein) Alleged ID thief arrested in NYC (Monty Solomon) Your packets know the way to San Jose. (Malcolm Purvis) Emergency call-center power-supply woes (Dave Stringer-Calvert) YASST: Yet Another Silly Spam Trick (Rob Slade) Re: E-mail content filtering ... (Joe Stoy) E-mail *envelope* filters blocking NDN and DSN (MAtteo HCE Valsasna) Content based e-mail filtering -- timely example (Betsy Schwartz) Klez + html login = no security (Leonard Erickson) Klez: The Virus That Won't Die (Monty Solomon) The left hand of the government asketh ... (Rob Slade) Re: Apple OSX and iDisk and Mail.app (Dave) REVIEW: "Computers and Ethics in the Cyberage", Hester/Ford (Rob Slade) SAFECOMP 2002 & ECCE-11 (Massimo Felici) RISKS 22.21 Tuesday 27 August 2002 VeriSign error teaches lawyer a lesson (Max) Automation increases anxiety -- with cause (Fuzzy Gorilla) Big Brother hiding inside cars' airbags (Monty Solomon) Keystone SpamCop summary and response (Edward W. Felten) SpamAssassin killed off RISKS-22.20 (Danny Burstein) Re: "Homeland Insecurity" (Stephen Fairfax) Re: Your packets know the way to San Jose (Barry Margolin, Steve Wildstrom, Gene Wirchenko, R.G. Newbury) Re: YASST: Yet Another Silly Spam Trick (Tai) Re: Klez: The Virus That Won't Die (Excimer, Scott Peterson) REVIEW: "Access Denied", Cathy Cronkhite/Jack McCullough (Rob Slade) RISKS 22.22 Friday 30 August 2002 Real risks of cyberterrorism? (Chris Norloff) Rookie's mistake melted down $500,000 transformer (Scott Wlaschin) Police dispatch disrupted by broken lightbulb (Gene Berkowitz) Sabotage in a few clicks: NDS vs. Canal Plus (Max) Tough EU privacy rules influence U.S. Web practices (NewsScan) Big Brother hiding inside cars' airbags - tells fibs (Bernd Felsche) FEC OK's SMS spam without saying who paid for it (Hal Murray) Website Security Flaw Costs ZD (Monty Solomon) Transport worker ID in works; privacy rights, funding at issue (Monty Solomon) The EUR-RVSM safety case is flawed (Peter B. Ladkin) Bogus Probabilistic Risk Assessments (Peter B. Ladkin) Japanese phones vulnerable to hackers? (Monty Solomon) Microsoft warns of Office and IE risks (PGN) Computer expert says he can break Microsoft security (Monty Solomon) A better approach to spam (John Pettitt) Re: Keystone SpamCop summary and response (Crispin Cowan) Parody and copyright (Terry Carroll) Re: American style cyber warfare ... (Peter Hanecak) RISKS 22.23 Friday 6 September 2002 Appeals court overturns own Web site ruling (Monty Solomon) Citibank e-mailing raises privacy concern (Monty Solomon) Greek government bans electronic games (Phil Pareas via Max) Background checks are more important than education (Adam Shostack) EDIS bulletin on power outages (Dave Stringer-Calvert) Infrastructure risks and Cyberterrorism (Fred Cohen) Re: Homeland Insecurity (Stephen Fairfax) Excellent quote about wireless security (Al Rizutto) Re: Warchalking the Networks (Michael Cook) MS02-050: Certificate validation flaw could enable identity spoofing (Monty Solomon) RISKS 22.24 Wednesday 11 September 2002 Florida Primary 2002: Back to the Future (Rebecca Mercuri) Nurses refuse to wear locator devices (Duane Thompson) Computer-Assisted Passenger Screening System defeated (Max) The Underground Web (Monty Solomon) Missed phone connections (Robert Kuttner via Monty Solomon) Microsoft says Win 2000 hacking outbreak subsides (PGN) Greek court finds Government ban on electronic games unconstitutional (Giorgos Epitidios) The pinnacle of chutzpah in spam filtering (Przemek Klosowski) REVIEW: "Computer Forensics and Privacy", Michael A. Caloyannides (Rob Slade) RISKS 22.25 Monday 23 September 2002 Elections In America - Assume Crooks Are In Control (Lynn Landes via Rebecca Mercuri) Re: Florida Primary 2002: Back to the Future (Bob Morrell) Georgia Secretary of State response to Mercuri (Chris Riggall via Donald R. Calabro Jr.) Election idiocy crosses state lines (Mark Richards) Retrospective Karger/Schell paper on Multics Security Evaluation (Steve Summit) RISKS 22.26 Wednesday 25 September 2002 Press Releases MIT vs Mercuri (Rebecca Mercuri) Cost cutting endangers hospital power (Rich Brown) South Wales train leaves without driver (Fuzzy Gorilla) Greek government doesn't quite ban electronic games (Bruce Anderson) Yet another intrusive Web site (Michael Ortega-Binderberger) Air passenger jailed for using mobile (George Roussos) Re: Microsoft says Win 2000 hacking outbreak subsides (Mike Patnode) Re: The pinnacle of chutzpah in spam filtering (Peter Corlett) Re: Retrospective Karger/Schell paper on Multics Security Evaluation (Paul Karger) REVIEW: "Pearl Harbor Dot Com", Winn Schwartau (Rob Slade) RISKS 22.27 Saturday 28 September 2002 Risky Auckland harbour bridge lane signals (Nickee Sanders) Dewie the Turtle comes out for computer security (NewsScan) Re: Real risks of cyberterrorism? (Ralf Bendrath) Probability Risk Assessments/Homeland Insecurity (Peter B. Ladkin) Paper ballots, no panacea (Andy Neff) Leeches for Sale (Rebecca Mercuri) RISKS 22.28 Monday 7 October 2002 Payroll fail-safes "didn't work" (J. Lasser) Bear Stearns' bare sterns: erroneous order (David Lesher) Raders of the Last Quark (Identity withheld by request) Too fast fingers, or bad shortcut design? (Pertti Huuskonen) Rep. Boucher --finally-- introduces bill to rescind part of DMCA (Declan McCullagh) Defense Information System Agency leaves shopping list online (PGN) Quantum cryptography for secure global communications (NewsScan) Busboy pleads guilty to ID theft (Monty Solomon) "Trojan horse" music? (Matthew Anderson) Court will welcome e-mailed explanations of traffic tickets (Dave Stringer-Calvert) Dewie the Turtle == Bert the Turtle (Jason T. Miller) Address change blocked by online entry validation (George N. White III) Batteries: More electronic voting risks? (anon123) Re: Electronic voting methods (David Hedley) Re: Paper ballots, no panacea (David F. Skoll, Jan C. Vorbrüggen) Re: Butterfly ballots (George Russell) RISKS 22.29 Wednesday 9 October 2002 Police close fake online bank (Dave Stringer-Calvert) Risks of automatic Windows updates, and HIPAA legality (Allan Engelhardt) Weak encryption kills wolves (Urban Fredriksson) Microsoft says 1% of bugs cause half of all software errors(Henry Baker) BugBear steals lead from klez in virus prevalence (Security Wire Digest) No-fly blacklist snares political activists (Tim Meehan) Phone system could have your number (Mark White via Dave Farber) Prediction: e-mail will become double-trouble in 3 years (NewsScan) Gender: Unknown -- the risks of perception (Chris Leeson) Re: Too fast fingers, or bad shortcut design? (Greg Searle) Re: Address change blocked by online entry validation (Chris Smith) Re: Butterfly ballots and other election stuff (David Olsen, Leonard Erickson) REVIEW: "Information Security Management", Gurpreet Dhillon (Rob Slade) 2003 IEEE Symposium on Security and Privacy, Call for Papers (Steve Bellovin) RISKS 22.30 Tuesday 15 October 2002 $34M fails to fix DC payroll computers (David L. Matthews) Man dies after playing computer games non-stop (Mike Hogsett) My dishplayer and my digital phone don't play well together (William Colburn) Pac*Bell menu (Dave Stringer-Calvert) The democratic principle and "client-side" denial-of-service (Andrés Silva) Hazards of online translation and plagiarism (George Mannes) Lying 'Lie Detectors' (William Safire via Monty Solomon) Risk of chaining substitutions (Mich Kabay) Nigerian use of technology in elections (Fuzzy Gorilla) Re: Butterfly ballots and electronic counting (George Russell, Toby Gottfried, anon123, Tony Finch, David Damerell, Scott Nicol) Re: Weak encryption kills wolves (Ulf Lindqvist, Erling Kristiansen) REVIEW: "Information Warfare", Michael Erbschloe (Rob Slade) DIMACS Workshop on Software Security (Gary McGraw) RISKS 22.31 Monday 21 October 2002 E-ZPass Users in New Jersey Will Get Replacement Devices (Monty Solomon) The high risk of low security: element 118 (Wendell Cochran) Password complexity -- not just for computers anymore (Seth Arnold) GPS: Keeping Cons Out of Jail (Monty Solomon) How mobile phones let spies see our every move (Monty Solomon) Airline Security (Morten Welinder) GAO: Commercial Satellite Security Should Be More Fully Addressed (Monty Solomon) UCSD bans WinNT/2K -- will it do any good? (Jeremy Epstein) Outlook knows best! (Jim Bauman) Microsoft Skins a Knee on the Astroturf (Monty Solomon) Bogus Yahoo e-mail picks up credit-card numbers (Tom Van Vleck) A new twist to Bugbear (Paul Edwards) How we run elections in the UK (Richard Pennington) Re: Risks of automatic Windows updates, and HIPAA legality (Chuck Karish, Greg Searle, Douglas Siebert) Re: Pac*Bell menu (Crispin Cowan) Re: Hazards of online translation and plagiarism (Bob Schuchman) Re: Weak encryption kills wolves (Phil Smith III) Peter L. Bernstein, Against the Gods: The Remarkable Story of Risk (PGN) REVIEW: "Hacking Exposed", Stuart McClure/Joel Scambray/George Kurtz (Rob Slade) REVIEW: "Have You Locked the Castle Gate", Brian Shea (Rob Slade) RISKS 22.32 Wednesday 23 October 2002 Hacker attack targets root servers (NewsScan) Memo reveals FBI national security wiretap violations (Marc Rotenberg) Math in the cockpit: yet another units conversion risk (George N. White III) Navy searching for missing computers (Bradley Wood) FDA approves implantable ID chip (NewsScan) Family receives enormous deposit in error (Ulf Lindqvist) Bugbear hugs? (Justin Macfarlane) Privacy Journal Ranking of States (Robert Ellis Smith) IE flaws leave systems vulnerable (Monty Solomon) Re: The high risk of low security: element 118 (Mike Hogsett, Stephen Poley) Re: UCSD bans WinNT/2K -- NO, it is UCSB (Tom Perrine) Re: UCSB bans WinNT/2K -- will it do any good (Alistair McDonald) Re: password complexity ... (Jeremy Ardley, Martyn Thomas, Merlyn Kline, Miro Jurisic, Jordin Kare) REVIEW: "Secure XML", Donald E. Eastlake/Kitty Niles (Rob Slade) REVIEW: "Hack Proofing Your Identity in the Information Age", Teri Bidwell (Rob Slade) RISKS 22.33 Friday 1 November 2002 Home isn't where the security is (NewsScan) Autotote programmer hacks winning Pick Six bets (Lillie Coney) iVotronic voting machines lose 294 early votes (Tom Adams) Voting machines postpone the end of Brazil's daylight saving time (Nik Clayton) Software failure informs eavesdropped phone users (Markus Kuhn) Decimal glitch spurs hotel overbill (Fuzzy Gorilla) Possible role of simulator scenario in AA crash (Cathy Horiuchi) Re: Slide rules in the cockpit (Eric Remy) FDA permits use of ID chips in humans (Roger Clarke) REVIEW: "Managing Information Security Risks", Alberts/Dorofee (Rob Slade) REVIEW: "EW 101: A First Course in Electronic Warfare", David Adamy (Rob Slade) REVIEW: "Disaster and Recovery Planning", Joseph F. Gustin (Rob Slade) CFP, Security and Control of IT in Society: SCITS III (Rob Slade) RISKS 22.34 Monday 4 November 2002 Prior Florida voting woes spawn pre-election frenzy (Charles P Schultz) Election counting conclusions (Paul D. Smith) Risks of dual-boot systems (Paul Schreiber) Windows daylight saving and file time-stamp (Chris Jakeman) Microsoft court ruling leaked early through security blunder (Keith Rhodes) Exam software -- does it get a passing grade? (David Lesher) $3,200 tuition listed on bill as 'Taco Bell' (Fuzzy Gorilla) Turnpike commuters play "Where's the Fast Lane?" (Monty Solomon) BBC News: Fake bank website cons victims (Chris Leeson) GAO: Government Agencies Adhering To Privacy Laws (Monty Solomon) REVIEW: "Ethical Issues of Information Systems", Ali Salehnia (Rob Slade) REVIEW: "Computer Security Handbook", Seymour Bosworth/M.E. Kabay (Rob Slade) CARDIS '02: 5th Smart Card Research/Advanced Application Conference (Alex Walker) Formal Methods Europe 2003 cfp (Diego Latella) RISKS 22.35 Tuesday 5 November 2002 Online job listing an ID theft scam (Monty Solomon) Want a driver's license? How about an ID card instead? (Mark Richards) The FBI Has Bugged Our Public Libraries (Bill Olds via Forno and Farber) What if they held an election and the pundits had nothing to say? (NewsScan) Vote-by-mail in Oregon (Andrew Morton) Software leaves encryption keys, passwords lying around in memory (Peter Gutmann via Monty Solomon) Risks of non-obvious user interfaces (Harry Erwin) Why Telemarketing Is Evil (Neil McManus via Monty Solomon) Re: BBC News: Fake bank website cons victims (Hal Murray) Re: Windows daylight saving and file time-stamp (Graham Mainwaring) Re: Risks of dual-boot systems (Scott Nicol, Tony Finch, Colin Andrew Percival, Nick Rothwell, David Crooke) Wireless networking and security: CERIAS/Accenture roundtable (Gene Spafford) REVIEW: "Internet Security Dictionary", Vir V. Phoha (Rob Slade) Digital System Design DSD 2003 cfp (Henry Selvaraj) RISKS 22.36 Thursday 7 November 2002 CNN needs some fact-checkers on electronic-election article (Rebecca Mercuri) The 2002 general election (PGN) Dominant lottery vendor cracked (Conrad Heiney) Winning lottery tickets can be determined before purchase (Jeremy Epstein) Robot malpractice? (Paul Saffo) Computer problem caused fatal pipeline rupture (Paul Hirose) Opera confused about hemispheres (David Skillicorn) Set your clock to 1984 (Toby Gottfried) Scoping out the future (NewsScan) 'British' spelling (Michael Bacon) NSF Trusted Computing Program (Carl E. Landwehr) REVIEW: "The Total CISSP Exam Prep Book", Peltier/Howard (Rob Slade) REVIEW: "Information Security", Donald L. Pipkin (Rob Slade) RISKS 22.37 Saturday 9 November 2002 Lynn Landes' analysis of the 2002 Elections (PGN) Quote on election integrity (Susan Marie Weber) Georgia election memory-card problem (Lillie Coney) Unsupervised biometric scanners more toys than serious security measures (c't via Markus Kuhn) U.S. Navy sites spring security leaks (Lillie Coney) Internet home banking unsafe (Erling Kristiansen) Driver killed in "computer-controlled" AirTrain (Daniel Norton) Man banned from driving after trusting in-car computer (Matthew Bloch) Small things add up (Bill Lamb) Re: 'British' spelling (Christopher Allen) Re: What if ... the pundits had nothing ... (Edward Reid) REVIEW: "Information Assurance", Joseph G. Boyce/Dan W. Jennings (Rob Slade) RISKS 22.38 Wednesday 13 November 2002 Wireless keyboard (Mike Hogsett) Server crash leaves students unable to register (Max Power) Colleges urged not to monitor peer-to-peer sharing (NewsScan) Re: Hartford Public Library Net Browsing - Bugged or Not? (George Mannes) More on the Autotote scam (PGN) Joke not so funny anymore (Toby Gottfried) Chip glitch hands victory to wrong candidate (PGN) Glitches indeed! (Rebecca Mercuri) VoteWatch (Steven Hertzberg) Election integrity in general (PGN) Re: Lynn Landes's analysis of the 2002 Elections (PGN, Rebecca Mercuri) Re: Zogby poll failures (Henry Baker) REVIEW: "Manager's Guide to Contingency Planning for Disasters", Kenneth N. Myers (Rob Slade) REVIEW: "High Technology Crime Investigator's Handbook", Gerald L. Kovacich/William C. Boni (Rob Slade) RISKS 22.39 Saturday 23 November 2002 More on the Breeders Cup Pick-6 fix (Danny Lawrence) Crackers steal 52,000 university passwords (Monty Solomon) Slashdot suggests X-Box gamezone open to DoS (George Michaelson) Laptop injures lap (Gene Spafford) "AccuVote" comes to Boston -- argh! (Jonathan Kamens) NSF FastLane promotes excessive sharing? (Lee Rudolph) Interesting new spammer trick (Jonathan Kamens) Bad assumption in automated toll collection (Andrew Goodman-Jones) REVIEW: "Security Engineering", Ross Anderson (Rob Slade) REVIEW: "Network Intrusion Detection", Northcutt/Novak/McLachlan (Rob Slade) RISKS 22.40 Tuesday 26 November 2002 Massive identity theft ring broken up (PGN) Identity thieves strike eBay (Monty Solomon) eBay sends plaintext password changes (Brian R. Neumann) More on the Breeders Cup Pick-6 fix (PGN) Windows quietly deletes Unix files (Doug McIlroy) Patch slip-up raises security questions (Robert Lemos via Monty Solomon) RIAA orders US Navy to surrender (Tim Finin via Dave Farber) Re: Computer problem caused fatal pipeline rupture (Pekka Pihlajasaari) Re: Readability of ATC displays at the London Area Control Centre (Peter B. Ladkin) UK Publishes Security Requirements for e-Voting (Ian Cuddy) Re: UK Publishes Security Requirements for e-Voting (Rebecca Mercuri) REVIEW: "The Privacy Papers", Rebecca Herold (Rob Slade) REVIEW: "Security, ID Systems and Locks", Joel Konicek/Karen Little (Rob Slade) RISKS 22.41 Thursday 5 December 2002 Understanding the Windows 2000 EAL4 Evaluation (Jonathan S. Shapiro) L.A. woman gets prison in counterfeit software ring (Monty Solomon) NSF Fastlane Exposes PINs (Geoff Kuenning) UK Government under digital attack: security breaches revealed (Ian Cuddy) Internet eBay auction scam (NewsScan) Re: eBay sends plaintext password changes (George C. Kaplan) Re: Patch slip-up raises security questions (Fred Cohen) REVIEW: "XML Security", Blake Dournaee (Rob Slade) REVIEW: "A Guide to Business Continuity Planning", James C. Barnes (Rob Slade) CFP: Workshop on Investigation & Reporting of Incidents & Accidents (C. Michael Holloway) RISKS 22.42 Wednesday 11 December 2002 A little bit of anti-porn filtering can go a long way (NewsScan) Ironic filtering (Ray Dillinger in rec.humor.funny via Dawn Cohen) Impostor eBay site set up to steal credit info (NewsScan) Feds raid Ptech looking for al Qaeda link (PGN) Web Surfers: What could they be thinking? (NewsScan) UK police offer anonymity to cybercrime victims (PGN) Anti-worm "throttling" (Rob Slade) More on dangers of spelling correctors (Gene Spafford) Your empty mailbox is full (Peter Kaiser) Re: Windows 2000 EAL4 Evaluation (Rick Smith) REVIEW: "VPNs: A Beginner's Guide", John Mairs (Rob Slade) REVIEW: "IPSec: Securing VPNs", Carlton Davis (Rob Slade) RISKS 22.43 Monday 16 December 2002 Bad circuit crashed $150 million jet at Woomera (George Michaelson) Senate closes accidental anonymizer (Dave Stringer-Calvert) More on identity thieves strike eBay, whose policies make it worse (Elana) Australian ruling is raising worries (Monty Solomon) Moore's Law hits a leak (NewsScan) Paypal scam? (Dawn Cohen) Internet spam mogul can't take what he dishes out (Purkasz) Tower reports customer information "leak" (B Crook) Perils in switching to Yahoo (David Lazarus via Monty Solomon) Community security education contacts (Rob Slade) U.S. Army Research Office Calls For Odortype Detection Proposals (PGN) Re: Anti-worm "throttling" (Jeremy Epstein) The risks of RISKS (Donald A. Norman) REVIEW: "The Art of Deception", Kevin D. Mitnick/William L. Simon (Rob Slade) REVIEW: "Secured Computing", Carl F. Endorf (Rob Slade) RISKS 22.44 Sunday 29 December 2002 Accidental alert spooks Vermont Yankee neighbors (Robin Wheeler) Pioneer 10 still alive, 30 years later (PGN) More UK air-traffic woes (Ursula Martin) Russian firm cleared in U.S. copyright case (NewsScan) DEA data thief sentenced to 27 months (PGN) Computer programmer faces U.S. fraud charge in virus attack (Monty Solomon) O Big Brother, where art thou? -- everywhere (NewsScan) The Total Information Awareness program is a RISK! (Edward G. Nilges) Old mechanical voting machines also break, but have audit trails (Danny Burstein) Electronic vote machines open to tampering - report (Derek Harnett) Is a cleared check really like money in the bank? (Sidney Markowitz) Baffling ATM behavior (Bill Bumgarner) Re: Crackers steal 52,000 university passwords (Harald Hanche-Olsen) Why you should read Mitnick's book: The risks of seeing the trees and not the forest (Don Norman) Surgical tool left in woman's stomach for 4 months (Keith Rhodes) RISKS 22.45 Wednesday 1 January 2003 Hard-coded calendar dates (Dave Stringer-Calvert) Somebody stole backup tapes containing citizen's private information (Ishikawa) Poor encryption: Transportation Security Administration (M Taylor) Browser incompatibilities cost business (Geoff Kuenning) No such thing as "knowing that a check has cleared?" (Daniel P.B. Smith) Re: O Big Brother, where art thou? (Edward G. Nilges) Re: Why you should read or should not read... (Fred Cohen) REVIEW: "Software Engineering", Ian Sommerville (Rob Slade) REVIEW: "Trusted Computing Platforms", Siani Pearson (Rob Slade) RISKS 22.46 Friday 3 January 2003 H&R Block employees suspected of identity theft against 27 customers (Monty Solomon) Half-million people victimized by stolen hard-drives (Monty Solomon) Woman shot by former classmate who stalked her by Internet (Monty Solomon) Man allegedly stalks ex-girlfriend with help of GPS (George Mannes) Credit agencies provide information on your relations under DPA (Tim Storer) PGP.COM cannot handle sales to some US residents (Michel E. Kabay) /Trivial/ Risks of Technical Arrogance (melandrob searle) Oregon proposing taxing in-state car mileage via GPS (Mike Hogsett) Re: Total Information Awareness / O Big Brother (Fredric L. Rice) Re: Computer programmer faces U.S. fraud charge (Bob Morrell) Re: Surgical tool left in woman's stomach for 4 months (John Sullivan) Caller ID untrustworthy (Mathew Lodge) REVIEW: "Protect Your Digital Privacy", Glee Harrah Cady/Pat McGregor (Rob Slade) REVIEW: "Privacy Defended", Gary Bahadur/William Chan/Chris Weber (Rob Slade) RISKS 22.47 Monday 6 January 2003 Bruce Schneier: Counterattack and vigilantism (Monty Solomon) Risks of diverse identification documents (Markus Kuhn) Over 160,000 join Massachusetts list to block telemarketers (Monty Solomon) Automakers block crash data-recorder standards (Monty Solomon) Re: O Big Brother, where are thou? (Jerrold Leichter) Re: Caller ID untrustworthy (Danny Burstein, Jerrold Leichter) REVIEW: "Minimizing Enterprise Risk", Corinne Gregory (Rob Slade) REVIEW: "Enterprise Information Security", Peter Gregory (Rob Slade) REVIEW: "Enterprise Security", David Leon Clark (Rob Slade) RISKS 22.48 Thursday 9 January 2003 'DVD Jon' acquitted by Norwegian court (NewsScan) Supreme Court backs off on DVD descrambling code (NewsScan) Edge conditions and date-rollover bugs (identity withheld by request) Turing Tests for spam (Chris Leeson) S*X.COM ruling could open floodgates on registry lawsuits (NewsScan) Lost header in text of RISKS-22.47 (PGN) Re: Man allegedly stalks ex-girlfriend with help of GPS (Alpha Lau) Wrong CLID woes (Richard Snider) Re: /Trivial/ Risks of Technical Arrogance (Bill Bumgarner) Re: O Big Brother, where are thou? (David Martin, Edward Nilges) TIA: Groove is simply a collaboration tool (Stever Robbins) Re: TIA, surveillance, and Tolkien (Noah Shachtman via Monty Solomon) REVIEW: "Building Linux Virtual Private Networks", Kolesnikov/Hatch (Rob Slade) REVIEW: "Know Your Enemy", Honeynet Project (Rob Slade) RISKS 22.49 Wednesday 15 January 2003 Computer sabotage against Venezuela oil? (David Wagner) Brace for onslaught of new viruses (NewsScan) Y2K+3 bug in Networker (William D. Colburn) Smut hits 'Army Newswatch' (Monty Solomon) How to vote for your favorite California quarter design (Fred Cohen) Hong Kong gym pulls plug on camera cell phones (Monty Solomon) Amazon not checking for sensible values (Jeremy Epstein) Google Search cached a password protected page? (Colin Sutton) Misuse of HTML comments causes missed comments (Alexander Dupuy) Biometric lunch lady (Richard Akerman) Re: PGP.COM cannot handle sales to some US residents (Stephan Somogyi) REVIEW: "CISSP for Dummies", Lawrence Miller/Peter Gregory (Rob Slade) REVIEW: "Information Security Policies, Procedures, and Standards", Thomas R. Peltier (Rob Slade) RISKS 22.50 Saturday 18 January 2003 ACLU sees a growing 'surveillance monster' (NewsScan) Michelin to embed electronic ID tags in tires (Monty Solomon) Junked hard drives yield lots of personal data (NewsScan) Girl suffers burns after laptop explodes (Monty Solomon) Cash machine error goes unchecked (Tim Storer) Exchange/Outlook being "helpful" (Pete Carah) Equifax "security" (Yakov Shkolnikov) Lexmark DMCA lawsuit temporary restraining order (Monty Solomon) DMCA vs. The Garage Door Opener (Fred von Lohmann via Declan McCullagh) Re: Sophos "more viruses" warning: grain of saakolt? (Denis Haskin) REVIEW: "Building Secure Software", John Viega/Gary McGraw (Rob Slade) REVIEW: "Network Security", Charlie Kaufman/Radia Perlman/Mike Speciner (Rob Slade) REVIEW: "Web Security, Privacy and Commerce", Garfinkel/Spafford (Rob Slade) RISKS 22.51 Sunday 26 January 2003 Keep it secret, stupid! (Matt Blaze) DoD offering admin privileges on .mil Web sites (Thomas C Greene via Fuzzy Gorilla) A. Guadamuz: Trouble with Prime Numbers: DeCSS, DVD, ... (Monty Solomon) Drunk driver hack (David Wj Stringer-Calvert) TurboTax 'activation' annoys users (Monty Solomon) Spam continues to increase (Monty Solomon) Canadian Centre for Identity Theft? (Richard Akerman) NASTAR web site provides personal skier information to anyone (Robert H'obbes' Zakon) Re: Hard-coded calendar dates (John Sullivan) REVIEW: "Internet Cryptography", Richard E. Smith (Rob Slade) REVIEW: "Cryptography Decrypted", H. X. Mel/Doris Baker (Rob Slade) RISKS 22.52 Monday 27 January 2003 Special notice to certain .MIL/.GOV subscribers (PGN) Identity thefts doubled last year (NewsScan) Crooks harvest bank details from Net kiosk (Fuzzy Gorilla) Planned obsolescence of current games (Cody Boisclair) Computer virus writer gets two years in prison (NewsScan) SQL Slammer worm slows Net, grounds S.Korean surfers (Monty Solomon) Bank of America ATMs hit by Slammer worm (Fuzzy Gorilla) SQL Slammer: Are Admins really to blame? (Chris Leeson) The worm turned back: Slammer damage contained (NewsScan) 'Slammer' Feared to Strike Again (Monty Solomon) SQL Slammer in Canada (M Taylor) MS SQL Server worm info (Monty Solomon) Re: Keep it secret, stupid! (anonymous, Fred Cohen) Matt Blaze is a Hero (Robert Ellis Smith) Re: Trouble with Prime Numbers: DeCSS, DVD, ... (Bill Bumgarner) REVIEW: "Auditing Information Systems", Mario Piattini (Rob Slade) REVIEW: "Internet and Intranet Security Management", Lech Janczewski (Rob Slade) RISKS 22.53 Thursday 30 January 2003 Berliner S-Bahn has computer trouble again (Debora Weber-Wulff) Too much computing could give you a blood clot (NewsScan) Microsoft, heal thyself! (NewsScan) Slammer (PGN) Interaction between SQL Slammer & furnaces (Jeremy Epstein) Hacker insurance (NewsScan) Pete Lindstrom's parametric worm warning (Jeremy Epstein) 12 U.Maryland students accused of high-tech cheating (Monty Solomon) QUALCOMM Qsec-800 Secure CDMA phone (Monty Solomon) Satellite system seen as a key life saver (Monty Solomon) REVIEW: "Absolute PC Security and Privacy", Michael Miller (Rob Slade) REVIEW: "Information Security Best Practices", George L. Stefanek (Rob Slade) RISKS 22.54 Thursday 6 February 2003 Risks of all-electronic voting systems (David L. Dill) NASA cultural failures on STS-107 (Andrew Main) Some very last Columbia data possibly rejected as "corrupted" (Eric De Mund) Washington Monthly's 1980 critique of the space shuttle (Mike Godwin) Astronauts may have the most dangerous job (Derek K. Miller) All AA flights down due to computer crash (Keith Marzullo) Air Canada "Jazz" airline grounded by computer glitch (Derek K. Miller) 19 charged in identity theft that netted $7 million in tax refunds (Benjamin Weiser via Monty Solomon) Old data systems a health-care burden (Beth Healy via Monty Solomon) Monty Solomon Feds pull suspicious AONN.gov site (Declan McCullagh via Monty Solomon) Spam filtering stops the democratic process... (David Wj Stringer-Calvert) SPAM from Microsoft (PGN) MS: Upgrade! HP: Don't upgrade! (Peter Kaiser) Caida analysis of the Sapphire worm (Colleen Shannon) Re: Trouble with Prime Numbers: DeCSS, DVD, ... (Bob Langford) REVIEW: "Cybercrime: Vandalizing the Information Society", Furnell (Rob Slade) Subject: REVIEW: "Cyberlaw: National and International Perspectives", Girasa (Rob Slade) RISKS 22.55 Wednesday 12 February 2003 Helsinki Health Department computer system down (Jesus Climent) Hospital computer changes patient status from discharged to deceased (Steven Tepper) Medical records: Turning lemons into lemonade or doublespeak? (Richard Cook) Surplus computer in Kentucky held 'deleted' AIDS files (NewsScan) TETRA radios pose some risk to hospital equipment (Martyn Thomas) Boston artery errors cost over $1 billion (Monty Solomon) TurboTax -- more security problems (Jim Garrison) Stupid Security competition (Simon Davies) Gambling on mobile devices? You bet! (Monty Solomon) Senator Hagel of Nebraska ran his state's voting machines (Steven Hauser) Judge suspends Washington State phone privacy (Monty Solomon) BC Student reprograms ID card, steals thousands (Steve Summit) Theft of disk drive at ISM Canada (Bruce Hamilton) Feds charge 17 with stealing satellite TV signals (Monty Solomon) Ex-hacker Mitnick's site vandalized (PGN) The non-paperless electronic office (Dick Mills) Password complexity (Jacob Palme) REVIEW: "PC Fear Factor", Alan Luber (Rob Slade) REVIEW: "Mastering Network Security", Chris Brenton/Cameron Hunt (Rob Slade) RISKS 22.56 Tuesday 18 February 2003 Identity theft evidently based on spoofing AOL (Mike Hogsett) Credit-card hacking (David Wj Stringer-Calvert) 11-year-old boy charged with felony for computer tampering (David R. Throop) eBay Sting (D. Joseph Creighton) Edsger Dijkstra quote on Computer Science (Stan Mazor) MacOS 10.2.4 update & httpd.conf replacement (Lawrence Brenninkmeyer) Risks of Doing Homework (Rebecca Mercuri) Re: Hospital claims 8,500 people expired (Fredric L. Rice) Re: Artery errors cost over $1 billion (Jamie McCarthy) Re: Password complexity (Nick Brown) Questions Frequently Asked About Rob Slade's Innumerable Book Reviews (Rob Slade) REVIEW: "Honeypots: Tracking Hackers", Lance Spitzner (Rob Slade) RISKS 22.57 Weds 19 February 2003 Playing Russian Roulette with traffic lights (Dan Foster) Scuba diving computer recall (Tom Race) Gambling on systems accountability (Irena Szrek) University software development fiasco (Identity withheld by request) Re: Identity theft evidently based on spoofing AOL (Identity withheld) REVIEW: "Mike Meyers' Certification Passport CISSP", Shon Harris (Rob Slade) REVIEW: "CISSP Training Guide", Roberta Bragg (Rob Slade) REVIEW: "Advanced CISSP Prep Guide: Exam Q & A", Krutz/Vines (Rob Slade) REVIEW: "The CISSP Prep Guide Gold Edition", Krutz/Vines (Rob Slade) RISKS 22.58 Friday 21 February 2003 Surgeons transplant mismatched organs (Steve Klein) Health threat from computer use (Pete Mellor) INFOSEC issues reach out to elevators (Russ Cage) A $55,000 Net scam warning (Monty Solomon) FTD.com hole leaks personal information (Fuzzy Gorilla) ATM vulnerabilities and citibank's gag attempt (Ross Anderson) Microsoft steamed over Hotmail spam (NewsScan) Deadly input validation? (Chris Adams) Fire risks (Tony Jones) "E-lip" telemarketing phone systems (Al Meers) Web site product serial number validation (Nik Smith) Two-digit year field strikes again (Fuzzy Gorilla) Too much tech can kill you (Jesus Climent) Lawyers say hackers are getting bum rap (NewsScan) Re: Playing Russian Roulette with traffic lights (Nicholas Weaver) The fourth solution... (Peter da Silva) REVIEW: "Mike Meyers' Security+ Certification Passport", Trevor Kay (Rob Slade) RISKS 22.59 Wednesday 26 February 2003 Star Wars exempt from OVERSIGHT, REPORTING, AND TESTING requirements? (PGN) "Bugsplat"--collateral damage simulator (Daniel P.B. Smith) Scientology critic fined for undeclared file (Mark Thorson) eBay: Big Brother is watching you, and documenting (Monty Solomon) Telepathy used to defend voting systems? (Rebecca Mercuri) Voting machine engineer sues, alleges machine design flaws (Susan Marie Weber) Latest spam scam (Jim Griffith) Nigerian slain over e-mail scam (John F. McMullen) Spain - Vodafone sees its network crash after maintenance (Henry Baker) An unexpected bill (Geoffrey Brent) Re: Surgeons transplant mismatched organs (K P) Re: Deadly input validation? (Ed Ravin) REVIEW: "Building Secure Wireless Networks with 802.11", Khan/Khwaja (Rob Slade) RISKS 22.60 Monday 3 March 2003 Reversed 2002 election results in Alabama still unexplained (PGN) Computer error grounds Japanese flights (Eric De Mund) Japanese bullet trains still don't have dead-man switches (Joyce Scrivner) Electronically controlled failure of operating table (Patrik Reali) 50,000 court records erased (David Kipping) Fake job listings on Net fostering identity theft (PGN) *Big* Red faces at Cornell over e-mail error (PGN) How to spam a closed mailing list (Andrew Lynch) New telemarketing tool makes caller ID fakery easy (Mathew) Lexmark wins injunction in DMCA case (David Becker via Monty Solomon) BSA Accuses OpenOffice ftp sites of piracy (Michael Weishaar) FCW: Group issues final biometrics report (PGN) Someone protecting patient data well (Richard A. O'Keefe) Error: Scientology critic fined for undeclared file (Roger Gonnet) REVIEW: "WiFi Security", Stewart S. Miller (Rob Slade) RISKS 22.61 Thursday 6 March 2003 Slight change in RISKS e-mail procedure (RISKS List Owner) Computer error means 2.3-trillion-pound electricity bill (Fuzzy Gorilla) Computer error halts fuel payments (Fuzzy Gorilla) Indiana University Center's computers breached by hacker (Sheri Alpert) Risks of using Tax IDs for other things (Peter Wayner) 28 Krispy Kreme customers each charged over $84,000 (Fuzzy Gorilla) Visa moves to improve customers' privacy (PGN) Credit-card fraud (Thomas Kristmar) Credit company's customer list leaked to an underground gang (Chiaki Ishikawa) 16M Yen stolen from sniffed bank passwords at Internet Cafe (Chiaki Ishikawa) Wrongly jailed woman blames system (Fuzzy Gorilla) Re: Reversed 2002 election results in Alabama still unexplained (Dale Pennington, PGN) Re: Computer error grounds Japanese flights (Chiaki Ishikawa) Re: BSA Accuses OpenOffice ftp sites of piracy (Fritz Whittington) New IEEE Security and Privacy magazine (Gary McGraw) REVIEW: "Security in Computing", Charles Pfleeger/Shari Pfleeger (Rob Slade) RISKS 22.62 Monday 10 March 2003 Identity mixup: NZ teacher identified as prostitute (Ruth Berry via Max Power) The darkest side of ID theft (Bob Sullivan via Monty Solomon) Wrong man arrested after identity theft (Neil Youngman) Microsoft speaks, site goes dark (Joe Wilcox via Monty Solomon) Computer crashes threaten hospital operations (Monty Solomon) Toronto public health computer accidentally erases records (Chris Smith) Inappropriate HMI on medical device (Erling Kristiansen) Security firm shuttered by sabotage (Andrew Colley via Keith Rhodes) Sendmail flaw tests Homeland Security (Robert Lemos via Monty Solomon) Hackers access University of Texas database (Mike Swaim) You might just be a hacker if... (Andrew Orlowski via Tim Finin) Kevin Poulsen: Windows root kits a stealthy threat (Monty Solomon) FirstUSA/BankOne sends login ID & PW as clear text (Ric Cohen) Nigerian scams continue to thrive (Monty Solomon) Traffic lights don't work in the snow (Bob Copeland) Re: Computer error means 2.3-trillion-pound electricity bill (Michael Bacon) Re: Someone protecting patient data well (Edwin Culver) Re: BSA Accuses OpenOffice ftp sites of piracy (Fuzzy Gorilla) Re: Visa moves to improve customers' privacy (Brett Glass, Margie Wylie) New article on critical infrastructure risks (Fred Cohen) RISKS 22.63 Wednesday 12 March 2003 Education and the National Strategy to Secure Cyberspace (Rob Slade) IEEE Symposium on Security and Privacy (Lee Badger) RISKS 22.64 Tuesday 18 March 2003 Apparently uncommanded rudder movement injures cruise passengers (Steve Peterson) Jeppesen GPS navigation database corruption (Mickey Coggins) California outage causes prescription mix-up (Richard Cook) Glitch let gamblers beat machines (M Taylor) Haywire ATM spits out extra cash (Fuzzy Gorilla) Beware the spelling checker (NewsScan) David J. Aronson" Recent worms punish bad passwords Profile of a virus writer (NewsScan) Search engines making sensitive information easy to locate (Richard Moore) Benetton clothes to include tracking chip (Monty Solomon) CASPIAN calls for immediate worldwide boycott of Benetton (Monty Solomon) Federated network identity (Brian Seborg) Re: Computer crashes threaten hospital operations (Jonathan Kamens) Re: Monster electricity bill (Don Gingrich) Human protocol failure (Dawn Cohen) The Workshop on Rapid Malcode: WORM (Robert K. Cunningham) RISKS 22.65 Friday 28 March 2003 Autotote betting scam sentencing (PGN) Patriot software again a concern? (James Paul) Surveillance Nation (Monty Solomon) U.S. lifts FBI criminal database checks (Peets) Text message disables Siemens mobile phones (Derek K. Miller) Wireless mushrooms (Brian H. Seborg) Failure of aircraft electronic displays at a critical moment (Peter B. Ladkin) A320 incident partly due to computer failure (Peter B. Ladkin) Paper is good (David Magda) FTC's National Telemarketing "Do Not Call" Web Site to Launch 1 Jul (CDT Info) Transient Microsoft Passport security vulnerability (James Van Bokkelen) Re: Traffic lights don't work in the snow (Ryan O'Connell) Re: Beware the spelling checker (Crispin Cowan) RISKS 22.66 Tuesday 1 April 2003 The Security Flag in the IPv4 Header (Steve Bellovin) The Angelic Bit vs the Evil Bit (Drew Dean) Alternative electronic recycling (PGN) 'Reverse production' system recycles all (NewsScan) Use a Firewall, Go to Jail (Ed Felten via Monty Solomon) Re: Use a Firewall, Go to Jail (Steven M. Bellovin) State Super-DMCA too true (William Allen Simpson) Voting machine article in *The Washington Post* by Dan Keating (James Paul) Internet vs. the recording industry (NewsScan) To unlock safe... please endanger your financial future (Jack Burke) Re: Friendly fire (Hugo Tyson) Aircraft software maintenance (Martyn Thomas) Risks in reading RISKS links (Doug Sibley) Re: Beware the spelling checker (Bodo Moeller) RISKS 22.67 Friday 4 April 2003 Rice cooker reprograms pacemaker? (Mark Batten-Carew) eBay reacts to charges against its Paypal operation (NewsScan) Pennsylvania won't identify sites blocked for child porn (Ted Bridis via Monty Solomon) The Googlewashing of our language (Alpha Lau) Is your television watching you? (Phillip Swann via Monty Solomon) Website hoax on killer virus triggers Hong Kong panic (Monty Solomon) Ellison predicts major shakeout in Silicon Valley (NewsScan) Music piracy violations: $150K a song (NewsScan) Streaming video: a patent on porn (Monty Solomon) Laws make crypto and untraceable E-mail illegal? (Douglas W. Jones) The reality behind these laws (Fred Cohen) State Super-DCMAs will be suicidal (David Harmon) Draft legislation on using crypto (Anick Jesdanun via Dave Farber to PGN) Re: Draft legislation on using crypto (David P. Reed) Patriot software again a concern? (Robert I. Eachus) Friendly Fire and the Perils of Statistical Reasoning (Thomas A. Russ) Re: Friendly fire (Anthony Youngman) NCIC: "Death by Oops?" (Lauren Weinstein) POW Social Security numbers revealed (Paul Hirose) Cell phones & 911 service (Jeremy Epstein) Possibly-wrong expectations about bouncing e-mail (Mark T.B. Carroll) RISKS 22.68 Saturday 12 April 2003 IBM's DB2 blamed for Danish banking crisis (Fuzzy Gorilla) Man Gets $12,000 Electric Bill (Fuzzy Gorilla) Missile-defense test failure linked to a single chip (Fuzzy Gorilla) Millennium trains taken off the tracks (John Colville) Stupid Security Awards for 2003 (Simon Davies) Radio stations unable to play copy protected CDs (Jeffrey Sunseri) Net fraud complaints triple in 2002 (Keith Rhodes) Credit-card theft (sergioch) Re: Friendly Fire (Peter B. Ladkin, Rod Van Meter, David Guaspari) Re: The reality behind these laws (Stanislav Shalunov) Re: POW Social Security numbers revealed (Jaanus Kase, Crispin Cowan) RISKS 22.69 Tuesday 15 April 2003 NSW forced to hand count poll result (Chris Maltby) Web Site for posting local election results crashes after virus attack (Monty Solomon) UK Demon ISP suffers three-fold power loss (Walter Roberson) Nevada hospital system hack traced to Russia (Monty Solomon) Automated denial-of-service attack using the U.S. Post Office (Bruce Schneier via Monty Solomon) Risks posed by online systems for college and graduate admissions (Matt Hiller) Paypal Meets the Patriot Act (Solveig Singleton via Hanah Metchis) Risks of *not* being lost (David Lesher) Nova Scotia police track suspect with GPS (M Taylor) "Quick Deposit" systems (Gervase Markham) Double-barrelled surname costs disabled mother (Nigel Metheringham) New,comprehensive Federal rules on privacy of medical information (Jack Goldberg) 75+ organizations urge FBI NCIC database accuracy (Marc Rotenberg) Re: POW Social Security numbers revealed (Crispin Cowan) Re: The reality behind these laws (Bill Gunshannon) Re: Millennium trains taken off the tracks (Bob Frankston) Re: Friendly Fire (Peter B. Ladkin, Allan Goodall) Changing Domain Registration info without verification (risks@Orwellian.Org) RISKS 22.70 Sunday 20 April 2003 Turtle triggers search and rescue effort (Jim Griffith) Rules let marketers see patient data (Monty Solomon) Airline boarding pass algorithm flaw (Mark Kantrowitz) CNN glitch reveals premature obits (NewsScan) NASCAR fan faces prison time for flooding Fox with angry e-mails (Monty Solomon) Careless use of Web templates (Colin Andrew Percival) Misusing emergency capabilities (Kevin C Stevens) Cyberstalking on the rise (NewsScan) Online harassment: bogus e-mail incites retribution (Monty Solomon) Qmail-ldap discloses Bcc recipients (John Pettitt) Sony to recall 20,000 more Vaio PCs due to glitch (Monty Solomon) Y2K bug alive and working for Macdonalds (Richard A. O'Keefe) Re: POW Social Security numbers revealed (Markus Kuhn) Re: Millennium trains taken off the tracks (Ben Low) Re: "Quick Deposit" systems (Brian Campbell) Re: Friendly Fire (Mark Brader) Correction on fratricide item (Peter B. Ladkin) Re: Traffic lights don't work in the snow (Ed Ravin) Web site wants me to change my proxy? I don't think so... (Sean Sosik-Hamor) Workshop on Wireless Security WiSe 2003 CFP (Adrian Perrig) RISKS 22.71 Saturday 3 May 2003 OpenBSD release protects against buffer-overflow attacks (SANS via Monty Solomon) Prescription error (Monty Solomon) Spelling checker renames Amritsar to AmriCzar (David J. Aronson) Kellogg's American Airlines online sweepstakes swept away (PGN) Pilots fail exams (Jill Treu) Inside Cisco's eavesdropping apparatus (Declan McCullagh via Monty Solomon) Internet fraud complaints triple (NewsScan) Bogus Internet domain-name renewal offers (Network Solutions via PGN) Spammers use viruses to hijack computers (NewsScan) Breastfeeding mothers, avoid Continental (Meng Weng Wong via Dave Farber) Re: NCIC database accuracy requirements (John Beattie) Re: Friendly Fire (Jan C. Vorbrueggen) REVIEW: "Firewalls and Internet Security", Cheswick/Bellovin/Rubin (Rob Slade) REVIEW: "Inside the Security Mind", Kevin Day (Rob Slade) RISKS 22.72 Saturday 10 May 2003 Software bug sent Soyuz off course (Tom Van Vleck) Microsoft admits Passport was vulnerable (Monty Solomon) E-mail hoax at University of Maryland (Paul Kafasis) Pair held in plot to steal thousands of identities (Monty Solomon) "Jeff Jackboot" -- more spelling-checker follies? (Daniel P. B. Smith) Misquoting Google (Monty Solomon) T-Mobile Hotspot uses SSN for passphrase (Conrad Heiney) Making it harder for prying eyes (Monty Solomon) Re: Friendly Fire (Matt Jaffe) Re: Patriots and Friendly Fire (Peter B. Ladkin) Re: OpenBSD release protects against buffer-overflow attacks (Jeremy Ardley) Re: Pilots fail exams (Don Lindsay, Vince Mulhollon, Toby Gottfried) RISKS 22.73 Tuesday 20 May 2003 Time synchronization error leads to mistaken arrests (Timothy J. Miller) U.S. cracks down on Internet fraud (NewsScan) Intel says Itanium 2 error can crash servers (Monty Solomon) MS Windows crash traps Thai politician in car (Robert J. Berger via Dave Farber) Internet worm disguised as e-mail from Microsoft (Monty Solomon) Microsoft toilet project wasn't hoax (NewsScan) The Exterminator (Monty Solomon) Immature air-traffic controllers? (Carl Fink) The Great Capacitor Scare of 2003 (Jay R. Ashworth) Los Altos Vault & Safe Deposit Co. (Drew Dean) Risk of automatic type conversion (Dave Brunberg) Earthlink awarded $16M in spamages (NewsScan) Potential Chilling Effect: IEEE publications and DMCA (Sean Smith) Re: OpenBSD release protects against buffer-overflow attacks (Mike Albaugh) Re: more spelling-checker follies? (Bill Hopkins, Bill Stewart) REVIEW: "802.11 Security", Bruce Potter/Bob Fleck (Rob Slade) REVIEW: "Mobile VPN", Alex Shneyderman/Alessio Casati (Rob Slade) RISKS 22.74 Wednesday 28 May 2003 Soyuz landing problem caused by software? (Steve Bellovin) The "no-fly" list (Steve Bellovin) Scientific American article "Self-Repairing Computers" (Charles Lamb) Microsoft Pulls XP Update (Dave Aronson) Modern Computers, Unsafe at any speed? (Len Spyker) Privacy advocates doubt Pentagon promises on spying (NewsScan) 'Kingpin' cracker arrested in Thailand (NewsScan) Ex-student fined more than $500,000 for stock fraud on Net (NewsScan) Safe-cracking via telephone (Lee Hasiuk) Re: OpenBSD ... protects against buffer-overflow ... (Crispin Cowan, Dag-Erling Smorgrav) Comment on BMW/MSFT failure reported in Risks 22.73 (John Opie) Spam's cure could be worse than the disease (NewsScan) Spam limiting (Harry Hochheiser) Re: more spelling-checker follies? (Anna Shefl) REVIEW: "Protected Internet, Intranet, and Virtual Private Networks", Alexander Moldovyan et al. (Rob Slade) Survivable and Self-Regenerative Systems: workshop (Doug Maughan) RISKS 22.75 Friday 30 May 2003 Algeria earthquake cuts Internet connectivity of major Greek ISP (Diomidis Spinellis) Diving computer flaw allegedly covered up (Craig S. Bell) "Computer glitch" causes false dam failure warning (Rich Mintz) ISP resets password to an easily guessed one (Dawn Cohen) Ballot scanning problems in New York City (Doug Kellner) Sensitive data on Web sites reflects lack of security awareness (Rick Weiss) Re: OpenBSD ... protects against buffer-overflow (Paul Karger) Re: Modern Computers, Unsafe at any speed? (Bill Stewart) Re: BMW/MSFT failure reported (Geoff Kuenning) No call list preventing 911 notifications (Robert Franchi) University of Calgary going to teach virus writing (Klaus Brunnstein) REVIEW: "Hack Attacks Testing", John Chirillo (Rob Slade) RISKS 22.76 Friday 13 June 2003 Challenge to 'challenge-response' users: Be Careful! (NewsScan) Phantom voting in Israeli Knesset (Ed Ravin) Student hacks school, erases class files (PGN) Canadian firearm registration system overwhelmed by traffic (swabsox via Declan McCullagh) Sea King Helicopter crash - fire control system deployment failure (Stuart Lynne) Computer glitch causes traffic lights malfunction (Teemu Leppänen) Risks of trusting CORRECT dive computers and tables (Daniel P.B. Smith) Electric utility direct-debit fiasco (Jonathan Kamens) Incremental insecurity (Paul Wexelblat) Re: ATM time sync (David Lesher) Re: University of Calgary to teach virus writing (Nicholas Weaver, Dan Bornstein) Denial of Service via Algorithmic Complexity Attacks: Crosby-Wallach (Monty Solomon) REVIEW: "Mission Critical Security Planner", Eric Greenberg (Rob Slade) RISKS 22.77 Wednesday 18 June 2003 Cyberterrorists in the U.S. Senate (Curt Sampson) Digital mobile phones can phreak pacemakers (George Michaelson) United Airlines to offer e-mail on domestic flights (NewsScan) $24-million spreadsheet "boo-boo" (Jonathan Levine) Crash loses names of Canadian firearms registrants (Derek K. Miller) Scotland Yard outage chaos (Dave Austin) eBay fraud (John Reinke) Tiny tracking chips surface in retail use (Monty Solomon) Smart cellphone would spend your money (Steve Holzworth) Virginia grievance system online - with a slight problem (Jeremy Epstein) Sign someone up to be an organ donor! (Giles Todd) Continental Airlines check-in computer foul-up (Steve Bellovin) Downloading data can turn your computer into a server (greep) Re: U of Calgary to teach virus writing (Crispin Cowan) Computer bugs and believing reliable sources (Mark Brader) Re: Slade's Review of Mission Critical Security Planner (Eric Greenberg) RISKS 22.78 Saturday 28 June 2003 Cancer therapy missed tumor sites (John Colville) Fear of flying? You just might be a terrorist! (Dawn Cohen) How Hulk Crushed the Online Pirate (P.J. Huffstutter via Monty Solomon) E-Mail Swindle Uses False Report About a Swindle (Hafner-Flynn via Monty) New bill injects FBI into P2P battle (David Becker via Monty Solomon) RFID Chips Are Here (Scott Granneman via Monty Solomon) Cell-phone tracking (David Lesher) Student arrested for allegedly derailing election (John Reinke) ISP's DHCP servers infiltrated (Tom Van Vleck) Wireless gives poorer nations chance to catch up ... (NewsScan) Big sites hoard links (Monty Solomon) Crossing Dateline a navigational risk (John Elsbury) More erroneous arrests over erroneous ATM clocks (David Lesher) Re: Soyuz landing problem caused by software? (Peter B. Ladkin) Virgin Mobile makes the oldest mistake in the book (Jay R. Ashworth) PayPal fraud, and the importance of grammar (Geoffrey Brent) When spam filters go bad (Laura Miller via Monty Solomon) New State Laws on Privacy (Robert Ellis Smith) Monty Solomon Secure Coding Principles and Practices, Graff/van Wyk (Monty Solomon) RISKS 22.79 Tuesday 8 July 2003 The risks of assuming things: German payrolls (Debora Weber-Wulff) Radar operator's joke leads to fighter intercept (Ian Chard) "Soft walls" will keep hijacked planes at bay (Chris Meadows, Craig DeForest) Error in E-Mini Dow Futures creates havoc at CBOT, CME (Conrad Heiney) $180 Million for Piracy Conspiracy (Monty Solomon) Computer failure brings Hong Kong passenger to Melbourne (David Goll) Dead-pregnant-men software failure (Ed Ravin) Johnson Calls ATM Arrest Error 'Intolerable' (Keith A Rhodes) RFID Site Security Gaffe Uncovered by Consumer Group (Monty Solomon) Web site turns tables on government officials (Monty Solomon) FTC Increases Focus on Privacy (Bob Tedeschi via Monty Solomon) Web vandalism alert (NewsScan) Re: Cell-phone tracking (Thor Lancelot Simon) Microsoft Word "bytes" Tony Blair in the butt (Richard M. Smith) Dangers of MS Word, yet again (David Magda) New variant on the PayPal scam (Dawn Cohen) Re: Phantom voting in Israeli Knesset (Jonathan Kamens) Watch out for auto-dialing on cellphones (Danny Burstein) Glitches hit FTC 'do-not-call' list (Monty Solomon) Do not do not call? (Dawn Cohen) Risk of appropriating technology you don't understand (Doug Sojourner) About Do-Not-Call ListsMark Siegel (Mark Siegel) Re: New State Laws on Privacy (Don Colton) RISKS 22.80 Wednesday 16 July 2003 Helios loss (Peter B. Ladkin) Error In e-mini Dow Futures creates havoc at CBOT, CME (Conrad Heiney) A Virginia law aids identity theft victims (Michael D. Shear via Monty Solomon) David Nelson and CAPPS II? (Rob Slade) Man charged in e-mail stalking of anchor (Rick Jervis via Monty Solomon) Has your PC been hijacked to spread pornography? (NewsScan) Remotely disabling PCs as an anti-theft measure (Nick Brown) Walk-By Hacking (Erik Sherman via Monty Solomon) Secure eBay password changes (Scott Ehrlich) Adobe Acrobat and PDF security: no improvements for 2 years (Monty Solomon) Bank advises ActiveX is a security product (Charles Williams) "Complex" security -- what hope mere mortals? (Ben Low) New Kind of Snooping Arrives at the Office (Marci Alboher Nusbaum via Monty Solomon) Canada and the FTC Do Not Call list (Tony Harminc) Washing machine does the right thing after power outage (Erik Klavon) Sony recalling some Vaio laptops for shock risk (Monty Solomon) Re: "Soft walls" = dangerous avionics? (Thomas Wicklund, Robert Woodhead) Re: RFID Site Security Gaffe ... (Crispin Cowan) Re: The risks of assuming things: German payrolls (Josef Janko) REVIEW: "Computer and Intrusion Forensics", George Mohay et al. (Rob Slade) RISKS 22.81 Sunday 20 July 2003 Reassembly of shredded documents (Richard M. Smith) SEVIS foreign students database (Thomas Dzubin) IPv6 addresses too big to fit? (Joe Loughry) Italian naming problem (Darryl Luff) GPS-piloted tractors? (Conrad Heiney) Health Commissioner's anonymised case reports not so anonymous (Don Mackie) Privacy rights under threat by lawmakers (Dan Gillmor via Monty Solomon) Carjacker tracked and bugged by Tele-Aid operator (Jonathan Epstein) Samsung Electronics bans camera phones from key factories (Ferdinand John Reinke) Software helps police draw crime links (Gareth Cook via Monty Solomon) AOL blocking e-mail from other ISPs (David E. Ross) Lack of Abbey National telephone banking security (Adam Laurie) HighGroup Listing of SSN's (Alice K. Whitfield) Why are spammers backing spam-control laws? (NewsScan) California court rules against Intel in spam case (Elinor Mills Abreu via Monty Solomon) Re: Virginia Identity Theft Passport (John Sinteur) Re: David Nelson and CAPPS II? (Arthur Flatau) Re: Error In e-mini Dow Futures creates havoc (Stewart C. Russell) Re: Washing machine does the right thing after power outage (Kurt Thams) Re: The nuking of RFID chips (Kevin G. Rhoads) Formal Methods 2003 - Call for Participation and Programme Details (Diego Latella) RISKS 22.82 Sunday 27 July 2003 Serious flaws in electronic voting systems (NewsScan) South Africa bank Internet spyware and fraud (Heinz M. Kabutz) Stealing passwords from Kinko's (John F. Whitehead) New method cracks passwords in seconds (NewsScan) Bypassing the safeguards (Mark Lutton) Limit to stupidity? Credit card scam uses rather nasty flaw. (Gillian Brent) Biometrics technology: not yet ready for primetime (NewsScan) Spammers who don't read RISKS (Diamond) Adieu to 'e-mail'? (NewsScan) E-mail harvesting and re-use as a new virus vector? (Jim Garrison) Identity theft: a crime that pays? (NewsScan) Cross *words*? (Mark Brader) Presidential "doublespeak" ... (Jim Bauman) Owner of stolen 'sex.com' can sue VeriSign (Monty Solomon) Another risk of decency filters (J. Lasser) SCO wants licensing fees from corporate Linux users (Monty Solomon) Microsoft rediscovers MultiLevel Security (Jeremy Epstein) Re: Powergenitalia (Eliah Grabbet) Re: Error in E-Mini Dow Futures creates havoc at CBOT, CME (Greg Compestine) Re: GPS-piloted tractors? (Kent Borg) Re: GPS-piloted tractors? Hell yes! Que Stephen King! (Fredric L. Rice) RISKS 22.83 Thursday 7 August 2003 Software violates stock ownership limits (Bill Hopkins) Photoshop file contains more than the visible images (Nick Brown) Virginia Identity Theft Passport (James Moyer) Hand-held devices easy to hack (Monty Solomon) What Time Is It? (Conrad Heiney) Pentagon's online trading market plan draws fire (NewsScan) New online futures market bets on next White House scandal (NewsScan) Voting tech problems galore in Mississippi (Cathy Hayden via Kim Alexander) Electronic voting - once again... (M Baumeister) Why e-voting is a non-starter: Risks with e-voting (Bill Thompson via Chris Leeson) Hospital records stuck in memory stick (Brett McCarron) Re: Domain names (Jay R. Ashworth, Sidney Markowitz, Paul Schreiber) Tech exodus: 500,000 U.S. jobs moving overseas (NewsScan) PFIR Forums Adds "Voting Systems" Discussion Group (Lauren Weinstein) REVIEW: "A Guide to Forensic Testimony", Fred Smith/Rebecca Bace (Rob Slade) RISKS 22.84 Monday 11 August 2003 Identity Crisis, article by Robert O'Harrow Jr. (PGN) Man proves he was victimized by network vandals (NewsScan) Dutch price index wrong due to software error (Erling Kristiansen) Worker deletes herself out of job (M Taylor) UCITA support fading fast (NewsScan) Judge throws out RIAA subpoenas (NewsScan) Who profits from spam? Surprise! (Bob Sullivan via Monty Solomon) Ticketmaster privacy policy slammed (Paul Festa via Monty Solomon) Hacker gets Acxiom customer information (Caryn Rousseau via Monty Solomon) Acxiom's FTP Server compromised by /now former/ client (Randy Holcomb) Software patching gets automated (William Jackson via Lillie Coney) How many Windows crashes occur in a year? (John Dvorak via Monty Solomon) Company's error sends customers to Massachusetts adult phone line (Monty Solomon) University library catalogue + security (Richard A. O'Keefe) GenCon Registration Woes Blamed on Computer Network (Allan Goodall) Re: Metadata in Photoshop files (Sidney Markowitz) Re: New online futures market bets on next White House scandal (Stephen R. Holmes) Re: Software violates stock ownership limits (John R. Levine) RISKS 22.85 Friday 15 August 2003 Niagara-Mohawk power grid overload causes major outages Pilot fixes faulty jet (Chuck Weinstock) ATM scam netted $620,000 Australian (John Colville) Credit-card theft spam (Drew Dean) New worm targets Microsoft security site (NewsScan) Blaster worm analysis (Monty Solomon) CERT Advisory CA-2003-20 W32/Blaster worm (Monty Solomon) DCOM worm analysis report: W32.Blaster.Worm (Dave Ahmad) FBI enters investigation of Blaster (NewsScan) Re: Software patching gets automated (Fuzzy Gorilla) Hidden risks: location dependence (Fuzzy Gorilla) Another variant on deceptive URLs (Geoffrey Brent) Risks of globally filtering mail to IT and security staff (Aryeh Goretsky) Denver school information system on the Internet (Dave Brunberg) Biloxi schools have cameras in classrooms, pictures on Internet (Carl G. Alphonce) Beyond Fear, Bruce Schneier (PGN) CFP: RFID Privacy and Security Workshop @ MIT (Simson L. Garfinkel) RISKS 22.86 Sunday 17 August 2003 Of course, it couldn't happen again! (PGN) The Road to Vulnerability (Patrick Lincoln) "Blackouts and Bush's Buddies" (Lauren Weinstein) Internet stays light during blackout (NewsScan) Re: Power-grid overload (Declan A Rieb, Edward Reid, Jonathan Kamens) msblast and the power failure? (William Ehrich) Flaw seen in patch by Microsoft (Monty Solomon) Blaster Worm vulnerability (Michael Smith) Bug downs New Zealand pay phones (Fuzzy Gorilla) Free Software Foundation hacked (Patrick Lincoln) Nasdaq reports incorrect pricing (Fuzzy Gorilla) Legit website or nefarious scam? (Matt Anderson) easynet.nl is causing serious e-mail disruption (Jim Garrison) Re: Another variant on deceptive URLs (John Stockton) Re: Identity Crisis and *The Washington Post* (Rob Slade) bardcode (Jamie Zawinski) RISKS 22.87 Thursday 21 August 2003 Nasty elevator death at Houston hospital Missing full-stop halts NZX trading (Gavin Treadgold) Safe! until the 22st century? (Wendell Cochran) Of course, it couldn't happen again!/The Road to Vulnerability (H.L.Hausen) Tampa Police disband face-recognition software (PGN) Botched 911 call led to man's death (Ben Moore) Blackout: definitely not terrorists! (Martin Ward) Robert X. Cringely on India, outsourcing, and IT productivity (PGN) Lots of railroad traffic affected by so-big (Danny Burstein) Increase in bounces from forgeries due to virus (PGN) Sobig.F (Rob Slade) Sobig side effects (Jim Griffith) Firewall reject rates (Mike Hogsett) "Good" Worm Fixes Infected Computers (Jim Schindler) Send PIF files in ZIP attachment to avoid virus detectors? (Olivier Dagenais) Do-Not-Spam list effort will be futile (NewsScan) The Risks of Miniaturisation (Gene Wirchenko) Update on NZ payphone failures (Don Mackie) Out of context numbers: It wasn't quite THAT bad... (Andrew Greene) RISKS 22.88 Wednesday 27 August 2003 California accepts completely unverified updates (Geoff Kuenning) BlackBerry reveals sensitive Morgan Stanley data (Mark Feit) Cingular wants me to pay negative balance (Ulf Lindqvist) 'Entrepreneur' a trademarked word, court rules (Christine Van Dusen via Monty Solomon) Slammer worm hits system within Davis-Besse nuclear power plant (Fuzzy Gorilla) Sobig affects Amtrak trains, Air Canada (Marty Leisner) Some observations on e-mail phenomenology (Peter B. Ladkin) Update on Sobig stage 2 (Rob Slade) Thank you for [...] (Rob Slade) Organized crime behind Sobig mess? (NewsScan) Re: Send PIF files in ZIP attachment to avoid virus detectors? (Robert de Bath) Re: Pilot fixes faulty jet (Peter B. Ladkin) Satellite photo of Eastern North America during blackout (John Oram) 2004 IEEE Symposium on Security and Privacy, Call for Papers (David Wagner) RISKS 22.89 Tuesday 2 September 2003 Chips that can self-destruct (Kenneth Ng) Diebold voting machines (John Paulson) A new approach to roller coasters (Henry Baker) Battling the threat of data extinction (NewsScan) Man steals tracking device, which tracks him down (PGN) Careful typography in the CAIB report (Craig DeForest) EchoStar sued for `No-Call List' breach (Monty Solomon) Bahrain's proposed smart ID cards (George Mannes) 802.11: When Is 54 Not Equal to 54? (Matthew Gast via Monty Solomon) EarthLink sues to stop Alabama and Vancouver spammers (Monty Solomon) Can't catch it? A virus can still hurt you. (Richard A. O'Keefe) Hackers cut off SCO Web site (Richard Forno via Dave Farber) More theories about Sobig vandal's motivation (NewsScan) Re: Sobig affects Amtrak trains, Air Canada (Scott Nicol) Re: "Good" worm fixes infected computers (Neil Youngman) More on the Davis-Besse worm attack (Martyn Thomas) Re: Satellite photo of Eastern North America during blackout (Dan Pritts) Re: Nasty elevator death at Houston hospital (Paul D. Walker, Richard H Miller) Re: Pilot fixes faulty jet (Daniel Lance Herrick) RISKS 22.90 Monday 8 September 2003 Men steal computers in high-security facility in Australia (David Landgren, Craig S. Bell) Handicapped's gas pedal on left side of car leads to 3 injuries (Kurt Thams) Blackout of mobile phone service in greater Frankfurt (Juergen Fenn) Nuclear powerplants may not have firewalls!! (Marty Leisner) Computer failures led to NE US blackout (Jeremy Epstein) Trade group tells DHS don't use MS (PGN) Curtailing online education in the name of homeland security (Jaeger/Burnett via Monty Solomon) Secrecy and the Patriot Act (Amy Goldstein) Identity Theft Victimizes Millions, Costs Billions (Jennifer 8. Lee via Monty Solomon Victims of identity theft and account theft (NewsScan) California gets new privacy law (NewsScan) ICANN takes hits from lawmakers (NewsScan) The benefits and risks of robot surgery (Juergen Fenn) WhereWare (Eric W. Pfeiffer via Monty Solomon) Covert virus channels? (Rob Slade) The dangers of remote start on a car with manual transmission (Jason Lunz) Testing by Chimp? I think it too risky (Bob Heuman) RISKS 22.91 Thursday 18 September 2003 VeriSign's Site Finder profits from typos (NewsScan) VeriSign change to .com/.net behavior (Matt Larson via Monty Solomon) VeriSign DNS change broke my HP printer (John Leyden via Lindsay Marshall) London blackout caused by incorrect relay fitting (Phil Thornley) Lockheed Martin accident with satellite (Gerrit Muller, Craig S. Bell) E-Voting Audit Ready for Public (Kim Zetter via Monty Solomon) Instant message: you're under arrest (NewsScan) Yahoo requests ATM card pin nos.!! (Chris J. Brady) Utterly amazing spam/scam? (Drew Dean) How to Steal $65 Billion: Why Identity Theft is a Growth Industry (Robert X. Cringely via Dave Farber) Dave Barry column results in denials of service to telemarketers (Max) Cehck tihs out! (Jim Schindler) Call for papers: IWIA 2004 (Stephen D.B. Wolthusen) REVIEW: "Desktop Witness", Michael A. Caloyannides (Rob Slade) RISKS 22.92 Monday 6 October 2003 Near-disaster on a French commuter train (Alexandre Kampouris) Nuclear reactor guard asleep on the job (Ken Knowlton) Houston 911 System prone to crashes (Mark H. Johnson) Continental Airlines takes back free miles (Frank) Overlooked security risk: the telephone (NewsScan) Parking chaos in York (David Wj Stringer-Calvert) Torvalds: geeky kids need dates (NewsScan) Computer blamed for bad pictures shown to Mexico's first lady (Mark Lutton) Spam Abounds (Peter G. Neumann) Fighting spam: raise the bridge or lower the water? (NewsScan) VeriSign agrees to suspend Site Finder service (NewsScan) Purveyor of unencrypted service insists it's secure (Alice Silverberg) Another case of electronic vote-tampering? (Farhad Manjoo via Monty Solomon) AntiVirus autoresponders (Rob Slade) REVIEW: "Intrusion Signatures and Analysis", Stephen Northcutt et al. (Rob Slade) Rebuttal of review of my book by Rob Slade (Michael Caloyannides) RISKS 22.93 Tuesday 7 October 2003 Walter Cronkite: The New Inquisition (CMessall via Dave Farber) Re: Spam abounds (PGN) California spammin' (NewsScan) Worm FAQ (Stuart Staniford) Jury convicts man in DMCA case (Paul Festa via Monty Solomon) Broward considers dumping $17 million in touch voting machines (Kim Alexander) Diebold voting machines in Volusia County FL (Brent M.P. Beleskey) Identity Denial really exists (Roger Clarke) Difficulties with Census Bureau income data among wealthiest (George Mannes) Fun with stolen credit-card numbers (Jonathan Kamens) Credit cards as ID (Ben Laurie) REVIEW: "Intrusion Detection with Snort", Jack Koziol (Rob Slade) RISKS 22.94 Thursday 9 October 2003 Analysis of California recall data confirms voting system doubts (Rebecca Mercuri via PGN) Faulty wiring led to windshield cracks in 3 Boeing 777s (Monty Solomon) The Earth's not slowing down fast enough to suit Motorola (Paul Eggert) German toll system unusable (Debora Weber-Wulff) School district sued over WLAN planning (Monty Solomon) Risk of trusting computer-free security? (George Mannes) Telephone evidence vs. armed robbers (Roger Willcocks) New CD antipiracy mechanism disabled by shift key (Joshua Levy) Re: Parking chaos in York (Chris Barnabo) Re: A new approach to roller coasters (Lars-Henrik Eriksson) Franklin security/liberty quote (Duke Robillard) Re: Fun with stolen credit-card numbers (Dimitri Maziuk) Re: Unencrypted credit-card submission forms (Ben Scott) Getting over that fishbowl feeling: harvested data (Rick Smith) RISKS 22.95 Friday 10 October 2003 New breed of 'spackers' eludes antispammers (NewsScan) OCLC ILL System's rolls over 130th time... (Brig C. McCoy) SunnComm: DCMA strikes again (Peter Houppermans) SunnComm won't sue Princeton student over "shift key" paper (Declan McCullagh) Microsoft to fix Windows -- again (Gene Lambson) Winning the security trifecta (Jeremy Epstein) Something's fishy with Diebold in California (Craig DeForest) Data transfer Excel-COBOL loses voter data (Patrick O'Beirne) The shape of elections to come in England (C. Cartledge) Risks of living in New Mexico (Kent Hartfield) Re: Unencrypted credit-card submission forms (Jeffrey W. Baker) Re: Hidden risks: location dependence (Mark Brader) Re: Identity Denial really exists (Paul Wallich) Re: Too much spam filtering (John Bechtel) Observed sudden 1400-fold increase in W32/Swen infected e-mails (Jon Seymour) Re: Difficulties with Census Bureau income data (Tony Lima) Re: Getting over that fishbowl feeling (Identity withheld) RISKS 22.96 Saturday 18 October 2003 Building cleared after computers blow (Graham Smith) Car navigation system led tourist into supermarket (Michael Borek) The Joy of Good Design (NewsScan) Top 10 data disasters (NewsScan) Billboard slip adds to humiliation for Chicago Cubs (Bill Higgins) The Future of Surveillance (Bruce Schneier) Hacker charged with securities fraud (NewsScan) More on the California recall election (Rebecca Mercuri) Re: Something Fishy about Diebold (Doug Sojourner) Re: Continental taking back mistaken transactions (Phil Reed) Re: Satellite photo of Eastern North America during blackout (Mark Brader) Deadlock in Licensing Agreement, Dell Dumped (Mark Brader) 'Lover Spy' software (Geoffrey Brent) Re: Unencrypted credit-card submission forms (Bill McGonigle) Re: Benjamin Franklin (Jay R. Ashworth) Re: W32/Swen: And I thought I had it bad... (Jon Seymour) RISKS 22.97 Thursday 23 October 2003 Computers may be bad for your health (NewsScan) Recent London power outage (Peter Amey) Justice Department e-censorship error (Kevin Poulsen via jones-gill) RISKS Offshore: A tough lesson on medical privacy (David Lazarus via Scott Miller) "Victoria's Secret Reaches a Data Privacy Settlement" (Drew Dean) First DEWEY DEFEATS TRUMAN, and now YANKEES LOSE! (Mark Brader) Discover cancels 60,000 accounts (Charlie Shub) Nokia and mobile-phone battery explosions (Monty Solomon) Teen rides Trojan Horse defense (Keith Rhodes) Feds admit error in hacking conviction (Robert Lemos via ikanal) Digital signatures: When will they learn? (Jeremy Epstein) Senate votes to can spam (NewsScan) Re: Difficulties with Census Bureau income data (Patrick J. Kobly) Re: Fun with stolen credit-card numbers (Dimitri Maziuk) Re: And I thought I had it bad... (Anthony W Youngman) Re: The Joy of Good Design (Debora Weber-Wulff) RISKS 22.98 Monday 27 October 2003 Internet fraud update (NewsScan) Casino barcode forgery (Steve Dunbar) Air Traffic Control vulnerable to fire! (Paul Cox) South Carolina DMV software glitch costs Sumter County $164,000 (Frank Carey) New risk of leaving devices OFF (Walter Roberson) Mississippi liquor stores and restaurants risk going dry (Ben Moore) RFID friend and foe, with a note on biometric passports (Markus Kuhn) Amazon's new 'search inside the book' feature (NewsScan) Amazon's new text search service (Drew Dean) Google Stumbles? (Monty Solomon) Unwanted e-mail turns into a "chain of stupidity" (William Colburn) Re: Recent London power outage (Martin Ward) Re: First DEWEY DEFEATS TRUMAN, and now YANKEES LOSE! (Amos Shapir) Yet Another eBay-Spoofing Scam (David Graham) Self-inflicted phishing (Andrew Yeomans) SNAFU at the bank (Walter Regan) Re: Top 10 data disasters (Merlyn Kline) RISKS 22.99 and RISKS 22.00 27 October 2003 Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 22 (1 April 2002 to 27 October 2003) ------------------------------ End of RISKS-FORUM Digest 22.00 (99) ************************