Subject: RISKS DIGEST 17.00 (97) REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest 1 April 1996 Volume 17 : Issue 00 (97) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 17 (27 March 1995 to 1 April 1996) (archived in ftp file risks-17.00) ---------------------------------------------------------------------- Date: 1 April 1996 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to (which is not yet automated). SUBJECT: SUBSCRIBE or UNSUBSCRIBE; text line (UN)SUBscribe RISKS [address to which RISKS is sent] or INFO, which returns the risks.info file. CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, nonrepetitious, and without caveats on distribution. By submitting an item that is accepted for publication in RISKS, the author grants permission for unlimited noncommercial public distribution and redistribution in electronic and print form. Diversity of content is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses. Contributions will not be ACKed; the load is too great; if you feel neglected, send a follow-up message. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Particularly relevant contributions may be adapted for the RISKS sections of issues of ACM SIGSOFT Software Engineering Notes or SIGSAC Review. * Submissions: By submitting an item that is accepted for publication in RISKS, the author grants permission for unlimited public distribution and redistribution in electronic or other form. * Reuse: Blanket permission is hereby granted for reuse of all materials in RISKS, under the following conditions. All redistributed items must include the Risks-Forum masthead line. All reuse must be accompanied by the following statement: Reused without explicit authorization under blanket permission granted for all Risks-Forum Digest materials. The author(s), the RISKS moderator, and the ACM have no connection with this reuse. As a courtesy, reusers of individual items (as opposed to forwardings of entire issues) should notify the authors, and should pay particular attention to any subsequent corrections. RISKS ARCHIVES: "ftp unix.sri.comlogin anonymous[YourNetAddress] cd risks or cwd risks, depending on your particular FTP. Issue J of volume 18 is in that directory: "get risks-18.J". For issues of earlier volumes, "get I/risks-I.J" (where I=1 to 17, J always TWO digits) for Vol I Issue j. Vol I summaries in J=00, in both main directory and I subdirectory; "bye" I and J are dummy variables here. REMEMBER, Unix is case sensitive; file names are lower-case only. =CarriageReturn; FTP.SRI.COM = [128.18.30.66]; FTPs may differ; Unix prompts for username and password. Also ftp bitftp@pucc.Princeton.EDU. WAIS repository exists at server.wais.com [192.216.46.98], with DB=RISK (E-mail info@wais.com for info) or visit the web wais URL http://www.wais.com/ . Management Analytics Searcher Services (1st item) under http://all.net:8080/ also contains RISKS search services, courtesy of Fred Cohen. Use wisely. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS PRIVACY DIGESTS: * The PRIVACY Forum is run by Lauren Weinstein, with some support from the ACM Committee on Computers and Public Policy. He manages it as a rather selectively moderated digest, somewhat akin to RISKS; it spans the full range of both technological and non-technological privacy-related issues (with an emphasis on the former). For information regarding the PRIVACY Forum, please send the exact line: information privacy as the first text in the BODY of a message to: privacy-request@vortex.com You will receive a response from an automated listserv system. To submit contributions, send to "privacy@vortex.com". Information and materials relating to the PRIVACY Forum may also be obtained from the PRIVACY Forum Archive via ftp to "ftp.vortex.com", gopher at "gopher.vortex.com", and World Wide Web via: "http://www.vortex.com". Full keyword searching of the PRIVACY Forum Archive is available through the World Wide Web access address. * The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is run by Leonard P. Levine. It is gatewayed to the USENET newsgroup comp.society.privacy. It is a relatively open (i.e., less tightly moderated) forum, and was established to provide a forum for discussion on the effect of technology on privacy. All too often technology is way ahead of the law and society as it presents us with new devices and applications. Technology can enhance and detract from privacy. Submissions should go to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. ------------------------------ SUMMARY OF RISKS VOLUME 17 (27 March 1995 to 1 April 1996) (archived in ftp file risks-17.00) RISKS 17.01 27 March 1995 Intuit's Macintax security lapse... (Bruce R Koball, Joe Morris) Patent searchers frustrated by computer index errors (John Gray) Sun's "Hot Java" will execute its code on your browser (Joe Smith) Beakman's World on CBS covers bugs (Thomas E. Janzen) A slight change in flight plan (Ric Forrester via Dave Horsfall) Europe open border - serious bug in procedure (Thomas Tonino) RISKS of non-standard interfaces (medical) (Richard I. Cook) More risks of non-standard medical interfaces (Steve Allen) Risks of doing date arithmetic *with* floating point (Geoff Kuenning) YAOGMV (Yet Another Overhyped Government/Media Virus) (Rob Slade) RISKS 17.02 30 March 1995 Re: Internet cybergambling (via PGN) Denial of Service Attacks, Jack Jaunters, and the Cool Site of the Day (Jerry Bakin) More on German Train Problems (Debora Weber-Wulff) Computer Crackers Sentenced (Edupage) Self-Censorship of NetPorn (Peter Wayner) RISKS of Green PCs and Disk Caches (Todd W Burgess) "thin, thin, thin computer candy shell" (Peter da Silva) Re: Risks of doing date arithmetic (Bob Frankston) More date/time problems (VAX) (Lord Wodehouse) RISKS of non-standard interfaces (Richard Schroeppel) RISKS 17.03 4 April 1995 Chunnel has ghost trains (Lord Wodehouse) Overzealous clock correction? (Robert Rhode) Israelis cough at the name of "Kaf" (Edward P Ravin) A Tale of Two Organs... (Matthew D. Healy) Mysteries of the Mind psychological SW advertisement (Rodney D. Van Meter) Police cop it from computer (Jon Hunt) Japanese transcription (was Re: Patent searchers) (Rodney D. Van Meter) OSHA Ergonomics draft (Jim Horning) Software safety, new handbook, standards (Archibald McKinlay via Jim Horning) Andersen Law Suit Report (Bernard Robertson-Dunn via Jim Horning) Complexity (was RISKS of non-standard interfaces) (Bob English) Re: More on German Train Problems (Branam) Is there a RISK in misremembering SF novels? (Peter da Silva) Re: Self-Censorship of NetPorn (Jerry Leichter) RISKS 17.04 6 April 1995 Thoughts on SATAN, Michelangelo and Crack (Tom Perrine) A possible "solution" to Internet SATAN: Handcuffs () Make a Call, Turn Off the Power (Mike Winkelman) Boeing 777 has dainty feet (Nathan Myers) Risks of HCI designed by non-typist (Pete Mellor) Endless loops in Voice Mail (Dick Mills) Computer will control Nick Ingram's execution (Mike Wilson) "Airport Vending Machine Sells Computer Programs" (Barry Jaspan) Computer Security's an Oxymoron (Edupage) Re: Complexity (Stephen L Nicoud) RISK of webpage rating system (Joan Combs Durso) Chunnel as a Theme Park (Re: Ghost trains) (A. Padgett Peterson) Insecurity over ATM security (Jon Green) Safeware: System Safety and Computers (Nancy Leveson) InfoWarCon '95, First Call for Papers (Winn Schwartau) RISKS 17.05 7 April 1995 The risks of flying pigs (Jose Reynaldo Setti) Same Old Song: More calendar problems (Chuck Weinstock) The Risks of believing in Lawyers (jacky mallett) Re: More on German Train Problems (Donald Mullis) Re: RISKS of non-standard interfaces (Matthias Urlichs) Photo ATMs (Harold Asmis) Re: Errors in patent databases (Jerry Leichter) Risks of tightly-packed telephone-number space (Jeff Grigg) RISKS of Digital Analogy [SATAN] (Bart Massey) SATAN, burglaries, and handcuffs (Matt Bishop) RISKS 17.06 18 April 1995 Computer crash freezes train traffic (David P. Schneider) RISKS of patrol-car computers (Glenn Story) Man arrested via stock-control systems (Timothy Panton) Barcode provides picture of burglar (Sean Burns) FDA orders recall of blood bank software (Paul Szabo) Installing Old Software on New Systems (Bruce E. Wampler) The state of software engineering (Jerry Leichter) About the recent Sun "CWS" mailstorm (Mark Graff via David Lesher) New risks in private digital cash (Wayne Gerdes) Overnight Privacy RISKS... (Peter Wayner) Fry-by-wire? Or just the currents of progress? (Ed Ravin) Re: "The Satan Bugs" () Risks of Library Catalog Keywords (John McHugh) Re: Searching for a book in a database (Erik Kraft) Re: Errors in patent databases (Mark Lomas) RISKS 17.07 20 April 1995 New Massachusetts password law invoked on hospital technician (PGN) Less than robust wiring designs (Tim Kolar) Fugue-by-Wire!? (James G Henderson) 11 B-boards dismantled in Montreal (Mich Kabay) Re: Installing old software ... (Ted Wong) Re: RISKS of patrol-car computers (Joe Chew, Matt Raffel) "Friendly" user interfaces (Re: Searching ...) (C. Titus Brown) Re: Searching for a book in a database (Jerry Leichter) Risks of online documentation (Prentiss Riddle) Risks of online catalogs (Doug Shapter) Computer-controlled electrocution (David Karr) 4th Conference on Software Risk (Lorrie Orndoff) RISKS 17.08 24 April 1995 Patched software threatens $26b federal retirement fund (Ed Borodkin) Church Cordless Phone Abused (Mich Kabay) Hollywood and Hackers (Mich Kabay) FTC Warns Of High-Tech Swindles (Mich Kabay) Floating-Point Time (Robert J Horn) Re: Barcode provides picture of burglar (Elizabeth D. Zwicky) Defamation by E-mail (David Dixon) Digital libraries and the great library at Alexandria (George McKee) Police use of "EMP" weapons? (Laurence R. Brothers) Parachute Automatic Activation Devices (Barry Brumitt) RISK of using MIME quoted-printable encoding (Hans Mulder) Extension of Registration for Security and Privacy (Catherine A. Meadows) Mathematics of Dependable Systems (Victoria Stavridou) RISKS 17.09 26 April 1995 Incorrect phone tracing lands Bostonian in jail (Michael J Zehr) Risks of discontinuous speech (Daniel P. B. Smith) Portable phone ban in British hospitals (David Wadsworth) EMPathic Traffic (Peter Wayner) Use of Lottery Security System to assist in fraud (Mike Wilmot-Dear) "Outrage! of the Month" by National Taxpayers Union Foundation (Stan Niles) Re: Risks of Keyword Systems (Mark Fisher) Re: Floating-Point Time (Robert J Horn, PGN, Geoff Kuenning) Re: 11 B-boards dismantled in Montreal (JdeBP) Re: Digital libraries (Andrew Kass) Re: Risks of Library Catalog Keywords (Patricio Poblete) The risk of being ashamed of the uses made of your work (John Lupien) RISKS 17.10 30 April 1995 Metromover inner loop back on line (Charles P Schultz) Radar-detector messages & cop-car computers (Mark Seecof) AOHell (Simson L. Garfinkel) Terrorism and telecommuting (Tim Kolar) CyberWinter: A Forecast (Richard K. Moore) Privacy directory (Simson L. Garfinkel) Re: Lotus Notes authentication protocol challenged (Charlie Kaufman) Re: Floating-Point Time (David Cline, Bill Hopkins) Re: Digital libraries (Shannon Nelson, Michael D. Sullivan) Clipper paper available for anon FTP (Michael Froomkin) Advanced Surveillance, Call for Papers (Dave Banisar) RISKS 17.11 4 May 1995 Finnish Executives Jailed for Software Piracy (Edupage) Cellular phones and Pacemakers: a RISKY Combination (Peter M. Weiss via Duane Thompson) The Road Watches You: 'Smart' highway systems may know too much (Simson L. Garfinkel) Using a car alarm to steal a car (Kevin Purcell) Final Program for COMPASS '95 (John Rushby) Safety through Quality Conference, 23-25 Oct, Cape Canaveral, Florida ``Cybercritical'' (Cliff Stoll's new book) (Edupage) Re: Portable phone interference in hospitals (Derek Hill) Re: CyberWinter: A Forecast (Arthur A Mcgiven) Re: "Outrage! of the Month" (Jeff Grigg) Year 2000? Don't forget 1752! (Matthew D. Healy) Re: Floating-point time (Andrew D. Fernandes, Peter Ludemann, Phil Brady) Re: Radar-detector messages & cop-car computers (F. Barry Mulligan, Mark Seecof, Richard Soderberg) RISKS 17.12 13 May 1995 Software Piracy (Edupage) Risks of trusting authority... (Peter da Silva) Mercedes-E marketing spreads virus (Klaus Brunnstein) Nautilus foils wiretaps (Simson L. Garfinkel) Microsoft "Bob" passwords (Jeremy Epstein) Internet Addiction (Ivan Goldberg) More on CNID (Marc Rotenberg) The Risks of trying to teach someone that doesn't want to learn (David P. Miller) Cellular disturbances (Torsten Lif) GPS Risks (Mark Moore) GPS landing systems (Neil Youngman) Problems with wrong assumptions about date conversion (Paul Eggert) Re: Year 2000? Don't forget 1752! (Tom Wicklund) ASIS articles Webbed (Frederick B. Cohen) RISKS 17.13 18 May 1995 "Double your fun" (CA lottery woes) (Bruce Findlay) AOL Used For Sting by Miami TV Station (David Tarabar) Marketing use of medical DB (Mark Seecof) Safeware: System Safety and Computers, Nancy Leveson (PGN) Computers, Ethics, & Social Values, Johnson and Nissenbaum (PGN) Building in Big Brother: The Cryptographic Policy Debate (Lance Hoffman) Microsoft plans corporate espionage (Chris Norloff) RISKS in Microsoft's Windows95 () Re: "Bob" passwords (Brian T. Schellenberger) 30 February 1712 (Tapani Tarvainen) Re: Intuit's Macintax security lapse... (Don Faatz) Re: "Nautilus foils wiretaps" (M. Vincent) Re: Cellular disturbances (David Woolley, Frederick Roeber) Re: Internet Addiction (Shawn Mamros, Rob Cunningham) RISKS 17.14 19 May 1995 Automated Loan Applications (Rick Russell) Positive-Ion Dangers: Computers and stress / depression (Dan S) The Risks of random PINs (Bill Fenner) Denial of Service attack at AOL (Ben Blout) Computer-controlled lock failure in hotel (Rick Simpson) Same scam, new venue (Bob Frankston) Name matching, again... (Bob Frankston) Nielsen, others to rate Internet, related RISKS (Mark Seecof) Integrity of archived data, standards for media retirement (Patrick Casey) Re: Year 2000? Don't forget 1752! (Melvin Klassen) Date and time and MS-DOS (Erling Kristiansen) RISKS in Microsoft's Windows95 (Steve Loughran) Microsoft plans corporate espionage (Raymond Chen) SAFECOMP 95 (Martyn Dowell) RISKS 17.15 28 May 1995 Prodigy Held Liable (Dave Banisar) Stuyvesant High School Hackers (Mich Kabay) J. Schwartz on Decency and Democracy (Mich Kabay) Defamation by BBS (Mich Kabay) Defying pitfalls of a cashless society (Brian Randell) Flightdeck automation problems (Kenneth Funk) A slightly more global look at time and date issues (Robert J Horn) "Calling the Ahperator"(William Newman) Denial of Service attack on ISP (Simon Lyall) Drug-Addicted Geniuses Built Cyberspace (Daniel Frankowski) Re: Positive-Ion Dangers: Computers and stress / depression (Lindsay F. Marshall, Jonathan I. Kamens) RISKS 17.16 2 June 1995 New Yorker Article on Potential Building Collapse: The 59-Story Crisis (Andy Huber) ``Woodpeckers could delay shuttle'' Ariane-5 test aborted Military (hi-res) GPS to be opened up? (Cris Pedregal Martin) Bogus PKZIP 3.00 Trojan horse (Sidney Markowitz) British man convicted as malicious virus writer (George Smith) Internet Security -- Oxymoron or Actual Fact? (Edupage) Pay-Phone Price Gouging (Mich Kabay) Cellular Roaming broken (Bob Frankston) Re: Microsoft plans corporate espionage (ASaunders) MS SMS product, others pose risks (Mark Seecof) Re: Prodigy held liable (Bob Morrell) Re: "Nautilus foils wiretaps" (Adam Back) Re: Ahperader (Paul Andrew Olson) Re: Negative Ions (Winn Schwartau) RISKS 17.17 7 June 1995 Placing the blame, Part N+1: New York City subway crash (PGN) Former IRS employee indicted (PGN) The Internet is a Dangerous Place (Mycal Johnson) Telecom records non-privacy at Ameritech (Lauren Weinstein) *California Lawyer*, June 1995 (Martin Minow) Copyright infringed via WWW? (Gregor Ronald) User-friendly E-mail systems () Re: Ariane-5 test aborted (Erling Kristiansen) Re: Drug Addicted Geniuses Built Cyberspace (Carlton Hogan) Re: New Yorker Article on The 59-Story Crisis (Bob Frankston) Compuserve addresses and a sparse name-space (Erik Corry) Europe - Central Air Traffic Control (Mike James) Re: The standard notion of a `field' (Peter Ladkin, Rob Horn) Telematic Sculpture 4 (T.S.4) Privacy Digests (PGN) RISKS 17.18 15 June 1995 Flash: Netflashing unflashionable [Exon ...] Another TCAS incident (Stephen L Nicoud) Re: Europe - Central Air Traffic Control (Jim Wolper) Sun's "talk" program (Steve Kilbane) Multo ante natus eram (Bernard S. Greenberg via Donna Woodka) U.K. Lottery Computers Hit by Gremlins (Mich Kabay) ``Fatal Defect: Chasing Killer Computer Bugs'' by Ivars Peterson (PGN) "Computer error" not a basis for suppressing evidence (Curt Karnow) Gambling on the Internet (Samuel Edward Greenfield) Re: "Nautilus foils wiretaps" (D.J. Bernstein) The risk of not caring about Prodigy (Bob Morrell) Flawed instructions for anonymous mail (Tony Harminc) Absurd New Zealand copyright violations (Bruce Johnson, J. Wilson, Chuck Karish, Mike Hocker) One Week Course on Internet Security, July 24-28, at Stanford (Arthur Keller) People, Networks and Communication... an invitation (Robert Mathews) RISKS 17.19 19 June 1995 Summer Slowdown for RISKS (PGN) Bank computer develops costly crush on Fiona (Peter Ilieve) The Royal Majesty (Bob Frankston) For DOS/Windows users: Trojan Alert- PKZ300B.EXE (Patrick Weeks via Fred Gilham) Re: The New York subway crash (Mark Stalzer) Re: 59-Story Crisis: The Risks of Unions (Chuck Weinstock) Internet gambling (Andrew Koenig) The media & risks (Justin Wells) CFP: ISOC Symposium on Network & Distributed System Security (Clifford Neuman) Re: Multo ante natus eram (Mike Alexander, Mike Crawford) Prodigy paranoid reaches Tasmania? (Richard Murnane) Re: not caring about Prodigy (Jim Hill, Bob Morrell, Jim Hill) RISKS 17.20 26 July 1995 Woman electrocuted using hotel card-key (Karl W. Reinsch) My Grammar is a Dame? (PGN from The New Yorker) Pushbutton ignition code blamed for NY City bus theft (George Mannes) New Pittsburgh Jail (Alan Tignanelli) Bell Atlantic Goofs (Mich Kabay) Risks of misreporting risks? (Jeremy Epstein) No laughing matter: hospital database misuse (Jan Joris Vereijken) Automated performance reviews (Geoff Kuenning) Runaway E-Mail (Mich Kabay) Two Short-Courses on Software Engineering (Dave Parnas) ISOC Symposium on Network and Distributed System Security (Clifford Neuman) RISKS 17.21 31 July 1995 NYT No-Op-Ed Air Traffic Snafu, VOA's Paul Francuch in Chicago (Danny Burstein) Radar Falls Short of Promise (Charles P. Schultz) Air-force pilots sleep on job? (Mike Crawford) Bad cop abuses access to personal computer data (David Jones) Warning on Using Win95 (J Breyer via Paul Saffo via Li Gong) Re: Woman electrocuted using hotel card-key (William Kucharski and Dan Hoey) Risks of Surgery by Microbot (Mich Kabay) Re: Internet gambling (Dr. Dimitri Vulis, Andy Isaacson) Good news for a change (Nancy Leveson) But to REALLY screw up takes a computer... (Edward Rice) UK hacker reference (Steve Bellovin) RISKS 17.22 1 August 1995 10th anniversary of RISKS (Peter J. Denning) "The Net" (Andrew Marc Greene) Ten years still too soon to tell (Raymond Turney) Which risks to fight first? (Raymond Turney) Where do we go from here? -- A Sermon for the Converted (Karl W. Reinsch) Limits to Software Reliability (Dick Mills) Software Development (Dave Schneider) R&D on the dependability of human-computer interfaces (Jack Goldberg and Roy Maxion) RISKS 17.23 3 Aug 1995 Volume 17 : Issue 23 Minneapolis homeless burn out US West Internet connection (Joyce K Scrivner) A Monkey Wrench in Ford's Floppy Promotion (Edupage, Padgett Peterson) Total surveillance on the highway (Phil Agre) Computerized prognoses for critically ill hospital patients (Lauren Wiener) Watch-ing the detectives (Mark Eckenwiler) Intel-Hacking Conviction (Mich Kabay) Re: Tenth Anniversary Issue (Mark Seecof, Dave Parnas) Re: Limits to Software Reliability (Pat Place, D. King) Call for Papers - 1996 IEEE Security and Privacy Symposium (John McHugh) SEI Symposium: 1995 Software Engineering Symposium (Purvis Jackson) RISKS 17.24 10 August 1995 Air-Traffic Control Woes (PGN) False zero reading possible on voltmeter (Mark Brader) An unusual off-by-one error (Mark Brader) Emulating failures (Raymond Turney) Cellular-phone stuff (Martin Cohen) Kane v. McDonnell Douglas (Susan Kinney via Dan Stone) Australia next to ban PGP (Ross Anderson via Dave Farber and Lance J. Hoffman) Re: Dave Parnas on Tenth Anniversary Issue (Paul Green) Re: Warning on Using Win95 (Brad Silverberg) RISKS-17.25 11 August 1995 "Computer" gets exam results wrong: Rounding error (Donald Mackie) The Royal Majesty revisited (Bob Frankston) Re: An unusual off-by-one error (William R. Ward) Re: Total surveillance on the highway (Steve Branam) Re: False zero reading possible on voltmeter (Keith Gershon via Mark Brader) Re: Warning on Using Win95 (Nandakumar Sankaran and Mike Goldsman) Re: Oakland ATC Problem (Joel Runes and Paul M. Karagianis, Peter Ladkin, Tracy Pettit) Re: Australia next to ban PGP (Simson L. Garfinkel) Re: Australia next to ban (good crypto) (A. Padgett Peterson) IMA conference on the Mathematics of Dependable Systems: Program (Victoria Stavridou) RISKS 17.26 15 August 1995 Motorola cell-phone software bug: accidental denials of service (PGN) Australian Navy rejects Windows 95 (Dave Horsfall) Air-traffic control power struggles continue (PGN) Re: Oakland ATC Problem (Barry Margolin) Re: Oakland Center Airspace (Andres Zellweger) "National" Crypto Policy (Bill Murray) Northwest Airlines spit me out (Daniel Frankowski) Insisting on explanations for failures (Jonathan I. Kamens) "The Trouble With Computers" by Landauer (Rob Slade) Re: R&D on User Interfaces (Brenton Hoff) Re: Birthday issue of risks (Frederick B. Cohen) Re: "The Net" (D.J. Bernstein) RISKS 17.27 18 August 1995 Netscape transaction security breached in 8 days by 1 person (Lewis McCarthy) Netscape security (Peter Shank) NIST crypto announcement on export controls and key escrow (Anne Shepherd) Intel Warns of Marred Motherboards (Edupage) The traffic light does NOT think (Torsten Ihle) Stale accounts and lifestreams (Martin Ewing) Re: Insisting on explanations for failures (Paul C. Kocher) The MSN is Hacker Heavan (Mike Wyman via Andy Chesterton) Windows 95 Registration Wizard confusion (Elliott) Re: Air-traffic control power struggles continue (Sergio Gelato) What is reality anyway? Re: Which risks to fight first? (Peter da Silva) Re: Ten years still too soon to tell (Mark Brader) Privacy Digests RISKS 17.28 21 August 1995 Russian Hackers (PGN and Christopher Klaus) ATC glitches, continued (PGN) Medicare leak through FOIA analysis and 9 digit ZIP (Quentin Fennessy) Disabling technology? (Geoffrey S Knauth) "Safeware: Systems Safety and Computers" by Leveson (Rob Slade, Nancy Leveson) Re: Insisting on explanations (Julian Thomas) Re: Intel Warns of Marred Motherboards (Dave Porter) Re: Intel-Hacking Conviction (Steve Pacenka) Re: Stale accounts and lifestreams (Paul E. Black) Re: Netscape security (Harlan Rosenthal, Nevin Liber, Phil Koopman, Bernard Gunther) Re: "The Net" and "555-xxx" IP numbers (Zygo Blaxell, Matthias Urlichs, Colin Plumb) RISKS 17.29 25 August 1995 Australia and Encryption Policy (Dorothy Denning) Cash Registers Crashed at Midnight (Jerome Whittle) Like an executioner's axe, on the A8 autoroute (Pete Kaiser) Australian "intelligent" road experiment (Harley Mackenzie) Do I live in California or Israel? (Jonathan Kamens) Newsletter recommendation: The Jarvis Report (Charles M. Preston) Re: The traffic light does NOT think (John Carr) Re: RZ1000 chip problem: where to find more info (Stan Brown) Re: Nine-digit zip and personal privacy (John Levine) FLUKE DMM Operational Safety Notice (D. Teninty) Re: Netscape Security (Thomas Peters, Nathan Myers, Bill Sommerfeld, Tye McQueen) RISKS 17.30 28 August 1995 Re: Australia's proposed crypto policy (Ross Anderson) Risks of automatic newspaper publishing (Jeremy J Epstein) Database for Deadbeat Dads (Simson L. Garfinkel) Two-Way HOV Lane (Chuck Weinstock) To Bus or Not to Bus (John Deas) Phone-mail woes (Bob Frankston) Re: The traffic light does NOT think (Rich Lethin) RISKS 17.31 29 August 1995 US White House Hacked? (David Kennedy and Mich Kabay) REVIEW: Computer Crime: A Crimefighter's Handbook (R. Joseph Loughry) Warning on MSN Icons (Edupage) Information on Winword virus (PC/Mac) (Paul Ducklin) Taunting the lions [more on the year 2000] (Bear Giles) Re: Risks of automatic newspaper publishing (Bear Giles, Mark Seecof) Re: Dumpster diving on the Information Superhighway (Peter da Silva) RISKS 17.32 6 September 1995 Mispelcorekters (Thiomir Glowatzky via Martin Virtel) Bogus check for $95,093.35 deposited and retained! (Alan Wexelblat) Voting by Phone in the Netherlands (Alex van Es via Clive D.W. Feather) Automated bridge risk (Erkka Sutinen) Another "Units" crash... (David Lesher) Mass Pike Electronic Toll Collection Update (Rich Lethin) MS-Word "Find File" feature scales poorly with MAE/NFS (Jeff Anderson-Lee) 10 Arguments Against Commercial Key Escrow (CKE) (Marc Rotenberg) Pittsburgh HOV Follow-up (Chuck Weinstock) White house "hack" (Martin Virtel) US White House Hacked? sendmail or SMTP? (Matt Bishop) Re: newspaper risks (Dan Gillmor) RISKS 17.33 8 September 1995 Virtual reality damages vestibular-ocular reflex? (Daniel P. B. Smith) Sony satellite dishes REMOTELY reprogrammable? (Robert L Krawitz) Password cracking 'improves' security (Duncan Booth) Total data loss (T H Pineapple) Viruses Plague Microsoft Programs (Edupage) Word Macro virus, platform crossing, and VBA (Rob Slade) Re: Two Way HOV Lane (Bill Hefley) "Computers Ethics and Social Values" by Johnson/Nissenbaum (Rob Slade) Cybersobriety/new book: Democracy & Technology (R.E. Sclove) Software Assessment: Reliability, Safety, Testability (Friedman and Voas) Network Security '95, final program information (SANS'95) RISKS 17.34 12 September 1995 Open letter to Geoff Greiveldinger, DoJ [key escrowed, export] (Carl Ellison) Santa Cruz High gives me all-time low school spirit (Zane Bock via Michael D. Crawford) Abandoned oil tank phone harasses MA woman for 6 months (Stephen McCallister) Man Upset with Computer, Falls Through Window (Matthew Hunt) Another Phony ATM (David Kennedy) Initiative for better Usenet discussions (Bertrand Meyer) "Building Internet Firewalls" by Chapman/Zwicky (Rob Slade) Re: Voting by Phone in the Netherlands (Robert I. Eachus) 'Tis too a virus! (Rob Slade, A. Padgett Peterson, Kenneth Albanowski) Re: $95000 withdrawn from bank (W. F. Linke) Re: Self-disabling software (Bruce Limber) Re: Password cracking 'improves' security (Bob Blakley III, Douglas W. Jones, Bear Giles) RISKS 17.35 15 September 1995 Air Traffic Control Computers Down in Chicago (Scott Lucero) 911 call-box scams in California (PGN) Is it possible to live without risks? (Paul Robinson) At some schools, Windows 95 gets an 'F' (Simson L. Garfinkel) French card tricks (Roger MacNicol via others) WWW access monitored (Moss-Jusefowytsch OEG) SSNs for E-mail addresses! (James W. O'Toole Jr.) NIST Crypto Workshop Web Page (Lance J Hoffman) Compuserve Mailer Risks (Barak Pearlmutter) Phone-call logging (Thomas Tonino) Re: Initiative for better Usenet discussions (Fred Gilham) Re: Netscape security (Timothy Hunt) Microsoft, viruses, and installation disks (Andrew J Klossner) Yet Another Bank Error (Philip H. Smith III) Re: Bogus check for $95,000 (Brian Hoffman, Jonathan Kamens, Matthias Urlichs) RISKS 17.36 26 September 1995 [incorrectly marked 27 September] The latest maths bug in a Microsoft product (Ian Mason) Security Flaw Found in Netscape (Edupage) Third Netscape weakness found (PGN) German telephone cards cracked (Klaus Brunnstein) British Telecom replaces payphone software (Phil Payne) London Underground gets hacked (Clive D.W. Feather) Another punched-card saga (Terry Ireland) Hottest New Computer (F. Barry Mulligan) Cardiff Software Shipped Teleforms 4.0 with self-destruct timebomb (Lubetkin) European Governments Agree to Ban Strong Crypto (Ross Anderson) Searching via the catless RISKS Web Pages (Lindsay F. Marshall) Yet another airport tower outage (Alan Tignanelli [2]) Re: SSNs for E-mail addresses! (Dave Parnas) Re: Abandoned oil tank phones... (Sean Reifschneider) Don't believe everything you read (hacking Citibank ATMs) (John Pettitt) CitiBank overdraft protection (John Pettitt) Call-box scams in California (Kevin Maguire) RISKS 17.37 28 September 1995 SpaceCom technician disables pagers massively (PGN) Fault-Tolerant Computer System Survives Heat Wave (Paul Green) Vote by mail (David Olsen) Re: The latest maths bug in a Microsoft product (David M. Palmer) Re: Identifying Numbers and E-mail (Michael L.W. Jones) Re: Abandoned oil tank phones... (Scott Drown) Call for Industry Papers on Information Technology Security Policy Process (Charles Brownstein) CERT Summary CS-95:02 (CERT Advisory) RISKS 17.38 8 October 1995 Fly NorthWest Airlines to unknown destinations (Peter Ladkin) Text substitution in a fax program (Henry Troup) More 2000 date problems: Court computers in countdown to chaos (Peter Ilieve) Dutch phone books not available (Thomas Tonino) Citizen Intercepts 911 Calls; Helps Police (Steve Bauer) Billing problem and consequences (Hiranmay Ghosh) Polymorphism can apply to email.... (Espen Andersen) Airliner crashes (Charles Smith via Dave Ketchum) Re: STRATUS success story: an old Univac episode (William Johnson) Re: The latest maths bug in a Microsoft product (Jim Coffey) Re: European Encryption control proposal? (David Swarbrick) RISKS 17.39 16 October 1995 Ambulance Dispatch System (Rohan Baxter) Presidential Black Hawk Crash (Craig J. Coley) The Johnson Bug - IBM (Jason Fleischer) How to derail a train (Bob Frankston) Basic Flaws in Internet Security (David Wittenberg) Pinging the vacuum tubes (Paul Wernick) Risks in Java (Prentiss Riddle) Effective use of the Internet (Richard Sexton) Risk of visiting wrong place on the Web (Marc Rotenberg) Another example of poor use of databases (Mathew) Analysis of Human Factors and Outages (John Mainwaring) RSI Risk/Editor Correlation (Become a statistic!) (Rudi Cilibrasi) Re: Microsoft Excel 1.40737488355328 (Francois Grieu, Marv Schaefer, Joe Birsa, John Lane) RISKS 17.40 19 October 1995 San Francisco 911 system *still* not working (PGN) FAA Dallas-FortWorth ATC system outage (PGN) Re: Fly NorthWest Airlines to unknown destinations (Peter Ladkin) A new twist (or shimmy) on video E-mail (Espen Andersen) Re: Risks in Java (Caveh Jalali, Geoff Mulligan) Re: The Johnson Bug (Tracy Pettit) Re: Microsoft Excel 1.40737488355328 (Ralph D. Clifford, Kenneth Albanowski) Re: Risk of visiting wrong place on the Web (Ted Wong) Re: Pinging the vacuum tubes (Sean Reifschneider, Mike Wilson, Paul Ferguson) UH-60 and EMI (Howard Etkind) Re: Presidential Black Hawk Crash (Mark Stalzer, George C. Kaplan, Bruce Taylor) Relevance of recent RISKS postings (helicopters, trains) (Rick Simpson) Re: Another example of poor use of databases (Mark Brader and Bernard Lyons) Risk of not knowing what something goes wrong (Martin Cohen) Several topics from RISKS-17.39 (Frederick B. Cohen) Re: Basic Flaws in Internet Security (Jonathan Kamens) RISKS 17.41 24 October 1995 "Crimestoppers" and bank-clock coincidence (Sarah Holland) A Curious Mac User (Mike Crawford) "core" files (Ross Oliver) RISKS of assuming "Flaws In Internet Security" (A. Padgett Peterson) U.S. Army to use software to control and direct artillery fire (David Graf) Lots of copies, but why? (Lord Wodehouse) RISKS of believing the newspaper's twist (or shimmy) (Sidney Markowitz) Getting your clearance on the net [Name withheld] Guess what happened at the Pittsburgh Airport? (Alan Tignanelli) More air-traffic control woes: Las Vegas (E.H. Emerson) FLASH * Marketry Dumps Marketing Plan (Marc Rotenberg) Re: Risk of not knowing [when] something goes wrong (Ken Calvert) Re: Northwest Spit Me Out (Daniel Frankowski) Re: How to derail a train (Leonard Erickson) Re: The Johnson Bug (David A. Curry) Re: Determining the health of disk drives (Martin Minow) Re: Risks in Java and Beyond Java (Charles J. Wertz) NSA Museum on Web (Adrian John Howard) Minitrack on Risks in End User Computing (Ray Panko) RISKS 17.42 25 October 1995 Near-miss Russian atomic sub blow-up (Chen Drori) DejaNews [Deja vu all over again] (Simson L. Garfinkel) The UPS and downs of SCSI disks and embedded interpreters (Peter da Silva) Comments on AFATDS artillery control software (Eric Remy) Risks of digital video (Craig DeForest) Marketry Redux (Simson L. Garfinkel) Re: Presidential Black Hawk helicopter crash [Name withheld, JdeBP) NCSA FireWallCon '96 (Mich Kabay) Privacy Digests (PGN) RISKS 17.43 31 October 1995 New air quality monitoring technology (Steve Bellovin) Sydney airport control and future computer networks (Wade Bowmer) Traffic Signaling Problems in Chicago Train/Bus Crash (Dan Hartung) Safe Languages (Michael Quinlan) Mr.Bill Gates: MS software essentially bug-free (Klaus Brunnstein) SMTP chicken and the social contract (Bear Giles) What the large print giveth, the small print taketh away. (Padgett Peterson) HotJava 1.0 alpha 3 security issues (Drew Dean) Re: Risks in Java and Beyond Java (Wade Bowmer) Re: "core" files (Jeffrey Mogul) RISKS 17.44 8 November 1995 Flock of birds jams FAA radar (Andy Goldstein) Airport Hacker (Neil Harding) Melbourne Airport RF Interference (Paul Menon) Nagoya crash lawsuit for 25.7 B yen (Stephen L Nicoud) Message of day may have revealed encrypted user passwords (David English) Risk of built-in eavesdropping features (Martin Virtel) Risks of putting off until tomorrow, PBX division (Max Stern) FBI Requests Much Larger Wiretapping Capability (Educom) Bill Gates vs. the Germans (Alonzo Gariepy) Re: Bill Gates: MS software essentially bug-free (Li Gong) Re: Gates interview (Klaus Brunnstein) Re: Traffic Signaling Problems in Chicago Train/Bus Crash (Michael J. Zehr) Submarine Nuclear Power (James Lyons) Error in Digital video (DeForest, RISKS-17.42) (Lawrence H Smith) Re: SMTP chicken and the social contract (Fergus Henderson) Re: "core" files (Fergus Henderson) RISKS 17.45 13 November 1995 Risks of your moderator being off-line (PGN) Ice Cause of X-31 Crash (Andy Fuller) RSA Wants License for Digital Signature Technology (Educom) Espionage charges dropped against Kevin Poulson (Educom) Demon Internet: A "demon"? (Mike Ellims) Re: Traffic Signaling Problems in Chicago Train/Bus Crash (Clive D.W. Feather) Re: Making Railroad Crossings Safe (Paul Green) Re: Writing solid code (Derek Lee Beatty) Another surname-extraction bug (John Gilliver) Faster computers will never make security safer! (Jacob Palme) Regarding Java security (Marianne Mueller) RISKS 17.46 20 November 1995 Village telephones cut due to "computer error" (Gordon Frank) Software failure in credit-card system authentication (Adrian Howard) Robotic justice? (George C. Kaplan) Robotic justice hoax! (George C. Kaplan) Software Pirate Nabbed in L.A. [Captain Blood] (Edupage) AOL Alerts Users to "Trojan Horse" (Edupage) A well-managed risk (Andrew Koenig) The little math error (1 in 1000) (Paul Bissex) Compendium of Commercial Fly-By-Wire Problems (Peter Ladkin) X-31 crash follow up (Martin Gomez and Andy Fuller via Steven Weller) Encryption vs. cryptanalysis difficulty scaling (Steve Witham) Faster computers *will* make security safer! (Adam=aba) Re: Writing solid code (Barton C. Massey, Peter da Silva, Roger E. Wolff) RISKS 17.47 21 November 1995 Outsmarted by a Smart Spreadsheet (Ray Panko) Yet another data validation problem (Mark Lomas) Risks of not communicating with customers (Bill Dietrich) Internet "open window" for thieves (John P. Mello Jr.) Re: The Johnson Bug - IBM (Tom Zmudzinski) Re: Robotic justice hoax! (Tom Zmudzinski, Sean Matthews, Max Hadley) Re: Cryptography vs. cryptanalysis difficulty (Bob Blakley III) Re: A well-managed risk (Jerome Whittle, Jonathan Corbet) Assertions are not all alike; C++ exceptions; Microsoft bugs (Larry West) Follow-up on X-31 crash (Andy Fuller) The X-31 Kieling over (Peter Ladkin) Software Documentation and Inspection -- a course (Dave Parnas) RISKS 17.48 28 November 1995 Programming Error "issues" shares (Martyn Thomas) NEW should never abort! (David Chase) Resistance to intelligent traffic (Phil Agre) Can you have enough backups? (M.Cushman) Bank doors trap boy (Stuart A Yeates) Luggage lockers (Steve Kilbane) Re: Solid code (RISKS-17.45) and solid buildings (17.16) (Steve Branam) Re: Writing solid code (Marcus Marr, David Phillip Oster, Edward Reid, Thomas Lawrence) RISKS 17.49 29 November 1995 Spelling Correctors Self-Applied? Not in Microsoft Word (PGN) Another Oakland airport radar outage (PGN) "Black Baron" gets 18-month sentence for virus activities (PGN) Denial-of-service attack (James Burns) New software that is just too clever (Jeffrey D. Sherman) Alarm and alarm-silencing risks in medical equipment (John R. Strohm) Re: Can you have enough backups? (Pete Mellor) Re: A well-managed risk (Tom Zmudzinski) Is chip theft high-tech crime? (Harlan Rosenthal) Network Security Moves to Front Burner (Edupage) CERT Summary CS-95:03 (CERT Advisory) 11th ACSAC Advanced Program (Vince L. Reed) AMAST'96 Call for Systems Demonstrations (Pippo Scollo) RISKS 17.50 2 December 1995 Montgomery County, PA, experience with new voting machines (Leonard Finegold) Sex, Lies and Backup Disks (Peter Wayner) French civil servants paid twice (Pierre Lescanne) Risk of gradual failure (Stuart Staniford-Chen) AT&T Code Policies. Hmmmm... (Pete McVay) More on alarms and alarm silencing (Cliff Sojourner) Re: risks in medical equipment (Bill Harvey) Re: Is chip theft high-tech crime? (Jacob Kornerup) Error Checking ('NEW should never abort!' and 'Writing solid code') (Randy Gellens) More Microsoft Word Spelling RISKS (Eli Goldberg) Re: Spelling Correctors (Alek O. Komarnitsky) Re: Apple spellchecker (David Silbey) Re: Spell-checking (Martin Minow) Re: Spelling Correctors Self-Applied? Not in Microsoft Word (E Foley) Re: Another Oakland airport radar outage (Risks from the Future?) (PGN) RISKS 17.51 4 December 1995 Costs of 1999->2000 date fix (James K. Huggins) CD-ROM that hoses your hard drive (Stanton McCandlish) Re: Sex, Lies and Backup Disks (Tom Wicklund) How's your spell? (Peter Ladkin) Re: Spelling Correctors (Edward Reid) New software that is just too clever (Malcolm Farmer) Ambiguous abbreviation: what does "NCSA" mean? (Jonathan Thornburg) Industrial espionage 0.5% (David Lifton) Re: risks in medical equipment (Pete Mellor, Bridget Moorman, Erik Hollnagel, Jay Harrell, Kenneth Albanowski, Steve Branam, Robert J Horn, Rochelle Grober) RISKS 17.52 7 December 1995 Bidirectional text processing (Amos Shapir) Java warnings (i.e., everything under the sun...) (John Oram) Dartmouth Time Sharing System: Beware the Ides of March (Warren Montgomery) Loopholes in pharmacy database? (Brian D. Oberquell) Excel Version 7 scary risks (Andrew Goodman-Jones) Test it as it will be used (Flint Pellett) Re: Getting your clearance on the net (David M Kennedy) Data Erasure (Lindsay F. Marshall) New Book: Civilizing Cyberspace (Gary Chapman) Microsoft grammar checker (Daniel P. B. Smith) Re: Ambiguous abbreviations (David Eddy) Re: Costs of 1999->2000 date fix: FIX (Mark Jackson) Re: What do we call the 2000s? (Aaron L Dickey via Mark Brader) Re: Luggage lockers (Edward Rice) Watergate and erasure (Lawrence Kestenbaum) Program Announcement - ISOC 1996 Symp. Netw. & Distr. Sys. Security (David M. Balenson) RISKS 17.53 11 December 1995 Announce: Timing cryptanalysis of RSA, DH, DSS (Paul C. Kocher) Spectrum Insanity (Lauren Weinstein) Risks of automated library circulation systems (Richard I. Cook) "Computer Crime: A Crimefighter's Handbook", Icove/Seger/VonStorch (Rob Slade) Denial of service attack: sabotaged electrical panel (Jon Mellott) Re: False Alarms in Digital Systems (Todd W Burgess) Re: Alarm and alarm-silencing risks in medical equipment (Rob Seaman) Re: Alarm and alarm-silencing risks (Bob Schuchman) InfoWarCon (Europe) '96 (Winn Schwartau) RISKS 17.54 15 December 1995 16-year-old boy cracks university computer security Another sign spoof (Joshua Levy) Software Keeps Trains on Track (Eleanor Wynn) Classified Disks Lost--Court Martial (David M Kennedy) Invaders in Eastern Washington [more squirrels] (David Burlingame) See you in the funny pages (Don Alvarez) Risks of grammar checkers (Bruce Wampler) Anonymity (Winn Schwartau) Technology risks: an old but familiar tale (Victor Yodaiken) Better than French card tricks: Australian Customs Shuffle (Karl Reed) Pick a personality type, any personality type ... (Rob Slade) Just Say No to Censorship (Audrie Krause) COMMITTEE SLAPS THE NET -- AGAIN (Craig A. Johnson via Stanton McCandlish) Re: False Alarms in Digital Systems (Mark Lomas, John R. Sowden) "The Underground Guide to Computer Security" by Alexander (Rob Slade) RISKS 17.55 18 December 1995 NY Stock Exchange halted for one hour this morning (PGN) Laser Shows and Aircraft (Chuck Weinstock) Electronic food stamps failure (Jeremy J Epstein) Medical diagnosis by computer (Gretchen Herbkersman) Timing cryptanalysis and its hardware analog (Michael Kaelbling) Invitation to the CFP'96 Technology Fair (Simson L. Garfinkel) "netfuture" announcement (Steve Talbott) Taxing data (George Janczyn) Re: Something funny about the funny pages item (Sidney Markowitz) Re: Anonymity (Steve Bellovin) Re: Classified Disks Lost--Court Martial (Andy Ashworth, Peter Horsburgh, Robin Kenny) CERT Advisory CA-95:18 - Widespread Attacks (CERT) RISKS 17.56 19 December 1995 Navy hacked by Air Force (Darrell D. E. Long) Japanese breeder-reactor incident (Chiaki Ishikawa) Re: Montgomery County, PA, voting machines (Gary Greenhalgh) Definitions for hardware/software relibility engineering (Meine van der Meulen via K. van de Wetering) Medical Diagnosis by Computer (amplification) (Gretchen Herbkersman) Pay online, release your SSN (Robert Mayo) Indelible words (Brian Hawthorne) Re: Another Sign Spoof (Don Root, Coleman) Re: a well-managed risk (Andrew Koenig) RISKS 17.57 21 December 1995 Problems with computerized "translation" (Jesper Holck) German Windows 95 dishonors write-protection (Arslan Broemme) German service providers must maintain covert customer databases? (Wilhelm Mueller) The cellular-phone encryption debate in Israel (Jonathan Kamens) Domain Registration RISK? () Risks of Checking Accounts (Gary M. Watson) Re: Naval Battleship takeover - I don't think so. (InfoWar moderator) Re: Indelible words (Andrew Marc Greene) Re: Medical diagnosis by computer (Bob Morrell) Re: Definitions for hardware/software reliability ... (Pete Mellor) Pilot-in-command authority (Re: a well-managed risk) (Andrew Koenig) RISKS 17.58 22 December 1995 I've been Framed by Gondolas! (Paul Menon) Texas Instruments e-mail snafu... (Bruce R Koball) My name is mud! [alta vista] (Piers Thompson)) Re: Indelible words [alta vista] (Bill Hawthorne) Problems when PC BIOS is held in flash RAM (Martin Portman) Re: Domain Registration RISK? () Write protection is in *hardware* (Rob Slade) Re: German service providers must maintain covert customer databases? (Otto Stolz) Correction to previous posting re: IW attack on Navy by AF (iw@all.net) Re: Navy Battleship takeover (Jim Haynes, John Oram, RSR Madison, Mark Stalzer, Bob Brewin) Re: Risks of checking accounts (Geoff Kuenning) RISKS 17.59 2 January 1996 A glitch in time shaves NIST (Ivars Peterson) Inside Microsoft is a floating crap game? (Peter J. Denning) Nearest-match alphabetic metrics (Henry G. Baker) Maine Yankee alleged to have deliberately run bad simulations (Daniel Smith) Bavarian Police Censors CompuServe (Klaus Brunnstein) 1st Net Wiretap (& CompuServe too) (David Kennedy) System modifications in grocery store (Michael Zehr) Dynamic IP mistakes (Bill Bereza) LoadDog - a risk reducer? (Julian Assange) Re: Timing cryptanalysis of RSA, DH, DSS (Saso Tomazic) TI e-mail snafu explained... (Bruce R Koball) Re: Colonels, bugs and spellcheckers (Jake Livni) Re: Robotic justice hoax! (Pete Mellor) RISKS 17.60 5 January 1996 Spy Viruses (Edupage) German Telecom Software forgets holiday (Debora Weber-Wulff) Re: Timing cryptanalysis of RSA, DH, DSS (Paul C. Kocher with an interspersed note from Jonathan Epstein) Risks of installed bases (was: Timing Cryptanalysis) (Barry Jaspan) IP mistakes and stealing network traffic (John F. Whitehead) Re: X-31 crash follow up (Pete Mellor) Computer Security Gathering (Hank Wolfe) "Physical Attack On Hard Disk Drives" [Anonymized contributor] Re: Floating-Point Numbers (Wade Bowmer) Giving CMU the finger... (Peter da Silva) Re: Nearest-match alphabetic metrics (Kerry Buckley) Gasoline Pump Receipt Risks (Charles P. Schultz) RISKS 17.61 8 January 1996 Snowbound workers overload Nynex lines (Dave Tarabar) Denver Airport baggage misdelivery prompts shutdown (Robert Charette) Estimate of the effects of export controls on U.S. companies (PGN) The Citibank hack, continued (David Kennedy) How They Nailed "The Engineer" (Mark Thorson) DPA: Crime on the Net (Mich Kabay) CompuServe's Can of Worms (Edupage) The risks of using obscenities (Daniel Hicks) Metaphorplay on Compuservile (Henry Baker) Re: Bavarian Police Censors CompuServe (David G. Bell, Russell Stewart) CompuServe Overreaction (Klaus Brunnstein) Re: Problems when PC BIOS is held in flash RAM (Sean Reifschneider) Door-unlocked indicator increases risks? (John Light) RISKS 17.62 10 January 1996 E-Mail-Tap Nets Criminals (Edupage) Pacific Northwest air-traffic outage (Mich Kabay) Sting-Re: "ghoti"? Microsoft continues to mislead public about Windows security bugs (Rich Graves) Configuration files may travel (Kurt Tekolste) Re: Brunnstein / Compuserve / Germany (Martin Virtel) Attacking CompuServe Subscribers (Mich Kabay, Henry G. Baker) Re: Floating Point Number formats (Phillip C. Reed) Reliable development methodology (Andrew Robson) New Security Paradigms '96 -- Call for papers (Yvo Desmedt) RISKS 17.63 11 January 1996 Justice Dept announces no prosecution of Phil Zimmermann (Stanton McCandlish) Human error cuts power at air-traffic control center (Sean Reifschneider) Misinterpreting technology -- Australian auto-autotolls (Kevin Lentin) Re: A glitch in time shaves NIST (Rob Huey) Tutorial on Internet Security for System and Network Administrators (Ed DeHart) WinWord `Concept Virus' revisited (Tim Parker) Re: Attacking Compuserve Subscribers (A. Padgett Peterson) CompuServe's Motives Questioned (Edupage) Re: CompuServe Overreaction (Sean A Dunn, Ben) Re: Metaphorplay on Compuservile (Bear Giles) CIS censorship--The Whole Story (Michael Kunze via Monty Solomon) RISKS 17.64 16 January 1996 "Realty Listing Debacle: Glitches disable new online system" (Jeffrey Mogul) Risks of automated software generation (Victor Yodaiken) Close Call at JFK Airport (Scott Lucero) Huge Windows 95 security hole!!!! (Olcay Cirit) Galileo enters safe mode (Martin Minow) Little Brother is watching you... (Henry G. Baker) Risks of "secure" documents containing executed code (Henry J. Cobb) "The Computer User's Survival Guide" by Stigliani (Rob Slade) Re: A glitch in time shaves NIST (Andrew Kowalczyk) Fraud by manipulated cash dispensers in Germany (Michael Fehr) Re: Robert Anton Wilson (Joseph N. Hall) RISKS 17.65 22 January 1996 Stolen computers from the U.N. (Brian Mulvaney) Hey, your mailing list is sending me viruses! (Jon Callas) Cryo-risks (Charles P. Schultz) Spugs, BellWeckers & Chin'95... (T H Pineapple) Cost to crack Netscape security falls from $10,000 to $584 (David Golombek via Lance J. Hoffman) Japanese fighter plane shot down another plane (Chiaki Ishikawa) Re: Galileo fault protection software (Kevin Maguire) Re: X-31 crash follow up (Roy Wright) Call Signs are unambiguous [Delta 153] (Peter Ladkin) "Year 2000" conference (Mark Seecof) [Spammed "Learning Machine" item removed from archive copy] US export regulations (Wilhelm Mueller) RISKS of personalized Windows mail readers (A. Padgett Peterson) Time glitch clarification (Ivars Peterson) Reminder, ISOC 1996 Symp. Netw. & Distr. Sys. Security (Christopher Klaus) RISKS 17.66 23 January 1996 Homebanking NonSecurity demo (Klaus Brunnstein) Security hole in SSH 1.2.0 (RISKs of being "too careful"?) (Barry Jaspan) Re: Floating Point Numbers (Wade Bowmer [2]) Re: RISKS of stolen UN computers (Dave Scott) Cost to crack Netscape Security falls... (A. Padgett Peterson) Re: Single computer breaks 40-bit RC4 in under 8 days (Gary Weimer) Re: Japanese fighter plane shot down another plane (Mickey McInnis) Re: cryo-risks (Lindsay F. Marshall) Robots going crazy (Bertrand Meyer) Re: Hey, your mailing list is sending me viruses! (Alan K. Jackson, Joe A. Dellinger) Re: AOL E-mail crashes (Doug Bostrom) E-mail spamming risk (Dan Zerkle) "Learning Machines" and "Learning People" (PGN) "Learning machine" spam (Martin Kealey) RISKS 17.67 25 January 1996 Risks of military technology in civilian life? (Howard Chalkley) Unintended missile launches (Mary Shafer) Turning off virus protection? (Dave Wagner) WebCard Visa: It's everywhere you (don't) want to be? (Doug Claar) I won't tell if you won't... (Ed Ravin) New Book on Cyberculture (Gary Chapman) "Civilizing Cyberspace" by Miller (Rob Slade) Dangers of Ambiguous Headlines (Matt Welsh) Warning on Thefts of Laptops (Tom Zmudzinski) Re: Single computer breaks 40-bit RC4 in under 8 days (Paul C. Kocher) Re: Cost to crack Netscape Security falls... (Peter Curran) Re: Security hole in SSH 1.2.0 (Mike Alexander) Dirty word filters: Sidewinder (Henry G. Baker) Re: Antispamming technology (Cancelmoose, Jay Prince, Rob Slade) Re: Hey, your mailing list is sending me viruses! (Phil Hammons, Joe A. Dellinger, Mitch Wagner) RISKS 17.68 30 January 1996 Extremely undesirable errors (Jordin Kare) 20 bits, 40 bits, 60 bits, $10 (A. Padgett Peterson) Re: Cost to crack Netscape Security falls... (Larry Kilgallen, Peter Kaiser, Peter Curran) Simulation vs. Live Action (Japanese plane incident) (John Bredehoft) Re: Unintended missile launches (Thomas L Martin, Robin Kenny) Re: Security hole in SSH 1.2.0 (Bear R Giles, Mike Alexander) Re: WebCard Visa: It's everywhere you (don't) want to be? (Li Gong) Computer Control and Human Error (Kletz+Chung+Broomfield+Shen-Orr) (C. Shen-Orr) Re: "Learning Machines" and "Learning People" (Michael J Zehr) Legacy security holes (Ted Russ) RISKS 17.69 7 February 1996 REPORT: Minimal Key Lengths for Symmetric Ciphers (Matt Blaze) RISKS (and lack thereof) of typing credit-card numbers (Olin Sibert) Over the air: More cellular-phone risks (Bob Frankston) Subway Difficulties (Mark Neely) Re: Unintended Missile Launches (Pete McVay) IEEE Symposium on Security and Privacy (Dale M. Johnson) RISKS 17.70 8 February 1996 Train operators get permission to use manual backup (Tom Comeau) Electronic Medical Records and Images (Jay Brown) Risks of web robots (Joe A. Dellinger) Air Traffic Control Dependability (Jim Wolper) So many RISKS, where do you start? (Steve Doig) CFP : Dependable Computing for Critical Applications (Catherine A. Meadows) RISKS 17.71 13 February 1996 The measurement of risk: community measures vs scientific measures (Dave Shaw) Those fun-loving guys at LANL.GOV (Simson L. Garfinkel) More on WWW-Robot false hits... (Debora Weber-Wulff) Re: Risks of web robots (Cameron Simpson) Re: RISKS (...) of typing credit-card numbers (Olin Sibert, Mark Fisher) Subject: Leahy to introduce bill to repeal CDA! (Stanton McCandlish) Foreign `replies' cause anxiety (Timothy Mowchanuk) Correction: Train operators get permission to use manual backup (Jonathan Kamens) Re: Electronic Medical Records and Images (David Coburn, Allan Noordvyk, Tom Olin) RISKS 17.72 14 February 1996 The CDA: Has It Fallen? Can It Get Up? (Stanton McCandlish) REVIEW: "Digital Money" by Lynch/Lundquist (Rob Slade) Re: RISKS (...) of typing credit-card numbers (Olin Sibert) Re: The measurement of risk (Pete Mellor, Martin Minow, Robert Walking-Owl) RISKS 17.73 14 February 1996 Wildcard inconsistencies in Windows 95 (Lawrence D'Oliveiro) Lack of Common Sense is Biggest Risk Of All (B. Gunderson) More Web risks (David Gadbois) Possible future risk of virtual reality (Martin Cohen) Risks of your system clock being off? (J. Eric Townsend) Time signals from TV stations (Clay Jackson) Turn of the century (Lars-Henrik Eriksson) Reverting to default PINs (Rebecca Walpole) Medical Prescription Dispensing Robot (Sudhakaran Ram) Spelling Checkers...(more) (Sudhakaran Ram) RISKS of efficient netiquette enforcement? (Tim Kolar) Re: The measurement of risk (Michael J Zehr, Clark Savage Turner) Re: Homebanking NonSecurity demo (Sebastian Garbe) IMC Resolving E-mail Security Complexity workshop (Dave Crocker) Reliability Symposium (T Totev) Call for Papers -- Journal of Technology Law & Policy (lazooli) RISKS 17.74 15 February 1996 China requires registration of Internet access (Li Gong) GM Plans to Plug Cadillacs into Communication System (Mark Anthony Beadles) Boza virus: knee-jerk media response more hazardous to wallet (George Smith) At-work Web browsing? (Sean Reifschneider) Federal Court enjoins CDA provision (Marc Rotenberg from EPIC Alert 3.04) Correction to CDA article (Stanton McCandlish) A simple solution to the CDA risk (Russ Broomell) Seatbelts and the CDA, history repeats? (A. Padgett Peterson) Re: Wildcard inconsistencies in Windows 95 (George C. Kaplan) 100% not spent on hospitals by a long way (Philip Overy) Re: Lack of Common Sense is Biggest Risk of All (George C. Kaplan) Re: Possible future risk of virtual reality (Michael Brady, Mark Meuer, Barton C. Massey, Brad Davis) RISKS 17.75 16 February 1996 Computer unmasks Anonymous? (Peter Wayner) ITAR Amended to Allow Personal Use Exemption (Dorothy Denning) New Intuit software problems (PGN) User failure or user-interface failure? [extra 0 in bid] (Dave Hsu) Spreading the Word (Edupage) Help! No File-> Save Option on Menu (Russell Schulz) Re: CDA interpretation: transmitting vs receiving (Tom Ohlendorf) Re: Wildcards (Hugh J.E. Davies, Wei-Yuen Tan, Otto Stolz, Alun Jones, Peter Curran, Matthew Delaney, Matt Bishop, Pete Kaiser) Re: Possible future risk of virtual reality (Doug Shapter, Jan Vorbrueggen, David Wood, Rob Streno) RISKS 17.76 17 February 1996 Train collision - Maryland (David Lesher) Risks of using Microsoft Word (Thomas Gebe) Win95 screen savers - Security Bug? (Matthew Delaney) Re: Virtual Reality dangers (Paul Zrepachol) ETHICOMP96 (Centre for Computing and Social Responsibility) CDA interpretation: transmitting vs receiving (Stanton McCandlish) Deleting Files in Win95 (Matt Armstrong) Wildcard inconsistencies in Windows 95 (Lawrence D'Oliveiro) Re: Wildcards (Michael Smith, Peter Curran, Matt Welsh) Re: RISKS of typing credit-card numbers (Nathaniel Borenstein, Olin Sibert) RISKS 17.77 20 February 1996 Re: Maryland train collision (Steve Bellovin) Garbage truck worker wipes out telephone service (Andrew J Klossner) Using better words to discuss WWW (Mark Seecof) Acrobat quietly 'censors' text in missing TrueType fonts (Henry Baker) Java security problems (Drew Dean) Passwords and the Media (Eriks Ziemelis) Non-standard use of ";" in file names (John Cigas) Re: Risks of MS Word (Nicholas C. Weaver) Re: Computer unmasks Anonymous? (Erann Gat) Re: The Measurement of Risk (Arthur Byrnes) Libel and censorship issues: misc.transport.air-industry (Brian A. Reynolds) RISKS 17.78 20 February 1996 Possible future risk of virtual reality (Garth Kidd) Credit-Card Scare Tactics [Simson Garfinkel] (Edupage) Risks of not thinking before you submit (Brian Lynch) Risks of having a name (David Crowe) Unix screen-based programs and cursor keys (Ian Chard) Re: Tax Software (Matthew D. Healy) Re: Libel and censorship issues (Steve Bellovin) Re: Risks of using Microsoft Word (David Paulsen, Dan Wing, John J. Males, Alun Jones) Re: Wildcards (Peter T. Breuer, Gene Wirchenko, Jim Thompson, Sean A Dunn, Martin Minow, Steve Kilbane, David Vu, Martin Kealey, Mario M. Butter [2]) RISKS 17.79 23 February 1996 Deep Blue - Deep Trouble (Erik Hollnagel) Dangerous C Syntax (Alasdair Rawsthorne) A future risk pays an early visit... (David Lesher) Another early year-2000 problem (Bill via Jim Sims) Netscape Navigator 2.0 exposes user's browsing history (John Robert LoVerso) Re: Java security (Marianne Mueller) For A Good Time, Type www.whitehouse.gov !! (Dave Tarabar) Risks of Contributing to Risks (Tom Comeau) Security of NASA command workstations (Kevin Maguire) Hidden information in files (John Gilliver) Re: Filenames (Was: Re: Wildcards) ("enh") Re: Wildcards on Mac (Li Gong) Re: Wildcards: IBM Windows ftp (John Haseler) Re: Wildcards: dos is consistent, unix isn't (Morten Welinder) Risk of any special character ("Rolf") RISKS 17.80 27 February 1996 100 kept in Philadelphia jail after case disposition (Bob Witanek) SurfWatch vs. NYNEX (David B. Slifka) CFP: IEEE Software Special Issue on Risk Management (Tom DeMarco) Re: The Risks of Sleeping Dogs (Peter Ladkin) Risks of year-2000 precautions (Mark Brader) Real `bug' in Alpha VAX (Chaim Seymour) Re: Li Gong's posting on Mac file deletion (Martin Minow) Re: Java security (Drew Dean) Re: Risks of Contributing to Risks (Derek Lyons) Re: Publishing and the Web (H. Koenig) Nerd processing (Pete Mellor) Windows 3.11 Data Loss Problem (Dave Robinson) WordPerfect Replaces text you wrote with its own (John Haseler) Empty Word Doc Space (J Grant) Re: Risks of using Microsoft Word (Rich Mulligan) More RISKS of Using Microsoft Word (Mark Thorson) RISKS 17.81 29 February 1996 Risks of Leap Years and Dumb Digital Watches (Mark Brader) Year 2000 problems, what about Feb 29??? (Earle F. Ake) Happy Leap-Birthday! (Peter G. Neumann) Faulty program gets one person shot, one roughed up (Tom Ritchford) Rude bus stops / silent radios / unofficial broadcasts (Philip Overy) Keyboard RISK [accidental deletion] (Eric Roode) Trademarks in Cyberspace [such as newton.com] (Simson L. Garfinkel) Electronic Banking conditions (Paul van Keep) Re: Libel and censorship issues (Edwin Wiles) Re: Indecent domain names (Chris Purdom) Re: NYNEX Web and Web Robots (Russ Broomell) Re: NYNEX and SurfWatch (Ann Duvall, David B. Slifka) Re: Risks of year-2000 precautions (Amos Shapir, Dick Mills, RSRMadison) RISKS 17.82 1 March 1996 Dominican Republic 757 crash (PGN) Software backdoor on the news (John Liptak) Re: Happy Leap-Birthday! (PGN) A major OS leap year glitch (Warren R Carithers) Arizona lottery blottery on 29 Jan 1996 (Jot Powers) Leap-day not insurable (Alan Hamilton) Time Bomb Still Ticking For Year 2000 (Edupage via Monty Solomon) Japanese credit cards and the year 2000 (Chiaki Ishikawa) Re: Year 2000 banking disasters (Steve Elliott) Re: Risks of year-2000 precautions (Barry Mulligan) Positive feedback and the law of averages (John Light) Re: Risks of year-2000 precautions (L. P. Levine) Year-2000 question on defensive software tools (Gretchen Herbkersman) Incorrect ATM menus (Jimmy Aitken) Online Cyberlaw Workshop (Dick Moores) RISKS 17.83 4 March 1996 Spamming spoof floods autoresponder@WhiteHouse (PGN) ``Racist hacker shuts down Internet provider'' (PGN) Yes, folks, 2000 *is* a leap year! (Dale Robinson) Medical equipment failure - 29 Feb 1996 (David Alexander) Risks of Leap Years: NY City Taxi and Limo screwup (Mark Eckenwiler) 29 Feb 1996 errors in Excel (Tom Dickens) WIN95 Daylight saving (Steve Elliott) Two telephone services recognising tone dialing (Ian Chard) Java/JavaScript security breaches (Jack Decker) Flaw Found in Kerberos Security System (Edupage via Michael J. Chinni) Another Intel chip flaw (PGN) Intel "does it again" with Orion? [name withheld] Java security bug (applets can load native methods) (David Hopwood) PKZip Virus Alert (Mike Hammoud via T Bruce Tober) Falling computer equipment (Ross Anderson) Legal Aspects of Computer Crime mailing list (Martin Minow) RISKS of public speaking (William Richard Russell) Typos in RISKS-17.82 (PGN) RISKS 17.84 5 March 1996 Information on the B757 Birgen Air Accident (Peter Ladkin) Spamming, filtering, S/N, Gresham's Law and the net (Richard Cook) Interesting bug in Netscape (Art Delano) Re: Java (E. Larry Lidz) CERT Advisory CA-96.05 - Java (CERT) Telephone exchange "collapses" following bombing (Jake Livni) More on Excel and leap days (Geoffrey Cooper, Carl Hauser) Re: Daylight Savings Time (Edward R Anderson) Re: WIN95 Daylight saving (Steve Elliott, David Morgan) Re: Another Intel chip flaw (Joseph Richardson) Yet another type of leap-year bug: restart risks (Otto Stolz) Re: 2000 IS A LEAP YEAR! (Dale Robinson) Re: Leap year arithmetic (Barry Jaspan, Jan Vorbrueggen, Gary Koerzendorfer, Brian T. Schellenberger, Wayne Hayes, Stephen Thorsett) RISKS 17.85 6 March 1996 Compromise Bills on Data Encryption (Edupage) Re: Spamming spoof floods autoresponder@WhiteHouse (Joel M Snyder, via Prentiss Riddle) More on Java applet loading (Li Gong) Re: Telephone exchange "collapses" following bombing (Lauren Weinstein, Dave Hinerman) Power, sensors, and alarms (Jim Hudson) My all-time favourite leap-year bug (Max Hadley) Leap years at Digital [FORWARD] (Lord Wodehouse) Leaping to conclusions (Sidney Markowitz) More on leap-year calculations (Gareth Husk) More on Excel and Lotus Dates (leap year 2000) (Frank Dougherty) Re: 29 Feb 1900 and Excel (Steve Loughran) Automated PC services (Matt Welsh) The risks of assuming you know a domain ownership... (Jot Powers) Re: PKZip Virus Alert (Dan Zerkle) RISKS 17.86 7 March 1996 Chase Manhattan computer glitch affects thousands Harvard Pilgrim HMO scheduling system creates chaos (Saul Tannenbaum) New web page and risks to personal information (Joseph Richardson) Protecting yourself against Java applets (Tad Taylor) More on Java applet loading (Lee Hasiuk, David Hopwood) Quoting from online Java tutorial [draft] (Li Gong) Another Java risk -- Theft of Service (Alan Miller) Re: Positive feedback and the law of averages (Harlan Rosenthal) Leap-years and leap-seconds (Joe A. Dellinger) Leap year and time-zone calculations (Steve Allen via Max Hadley) Re: Leap-year arithmetic (Amos Shapir) More on Excel and leap days (Roy Murphy) Re: bleep-year (Steven Tepper) Year 2000, COBOL, and real-time clocks (Martin Gregorie) RISKS 17.87 8 March 1996 Teen `convicted' by computer (Chris Jewell) Re: Java security bug and the Netscape cache (David Hopwood) Re: More on Java applet loading (Rogier Wolff) Quantum Leap and Macro Viruses (Fred Cohen) German transport ministry on BirgenAir incident (Klaus Brunnstein) CIA & NSA Run Remailers (Viktor Mayer-Schoenberger via Lisa Pease) Re: Telephone exchange "collapses" following bombing (Steve Summit, Stuart A. Yeates) Length of Day & Reservoirs (Scott Lucero) Re: Year 2000, COBOL, and real-time clocks (Matthias Urlichs) New Security Paradigms '96 -- Final Call for Papers (Yvo Desmedt) RISKS 17.88 11 March 1996 The risks of being unrelated twins (Tony Melius) Unluckiest lottery ``winner'' ever: risks of input errors (Christian Murphy) Rail safety controlled by satellite (David Kennedy) Yet another Trojan horse lurking in Netscape 2.0... (Jon Reeves) Netscape's too-lenient syntax checking (Henry G. Baker) Re: CIA & NSA run remailers (Raph Levien) Locking the key inside (Arthur Marsh) Backdoors, bugs, and Oracle [Identity withheld] Over 10,000 sites running nonsecure versions of NCSA web server (Mike Prettejohn) Re: Teen convicted on mismatched metadata (Jack Campin) Re: Teen convicted: a similar example (Joel Garry) Signs of Intelligent Life (Mark Thorson) Solving the year problem through 3979 [old style] (David desJardins) Causes of leap-year difficulties (Jeff Mantei) Re: bleep-year (F. Barry Mulligan, John Oram) Time, days, and water (Chris J. Phoenix) Year 2000 and Unix `struct tm' (Paul Eggert) RISKS 17.89 12 March 1996 Graduate Record Examination screwup (George Janczyn) "What's new" in web pages is not necessarily reliable (Mordechai T. Abzug) Digital Flight Control Systems help the U.S. Navy (Peter Ladkin) Re: CIA & NSA run remailers (Jim Thompson) Re: Rail safety controlled by satellite (Don Root) Re: bleep-year (Bear Giles) Re: UNIX struct tm (Keith Neufeld) Re: COBOL Dates (Owen Leibman) Re: Teen `convicted' by computer (Richard Cox, Phil Herring) Lotto computer errors (Tim Pietzcker) Risks of automatically publishing Risks newsletter to the Web! (Jennifer Hunt) Re: Netscape's too-lenient syntax checking (Jonathan Kamens, A. Padgett Peterson, Eric Tilton, Torrey McMahon) Re: Yet another Trojan horse in Netscape 2.0 (David Wood, Stanton McCandlish, Jon Reeves, John Mainwaring) RISKS 17.90 14 March 1996 Response from Strassmann/Marlow on remailers (via Dorothy Denning) University of California computerized retirement system flawed (PGN) PGP - the next level... (John Oram) Re: Possible future risk of virtual reality (Richard Cook) Re: Denormalising databases (Rob Bagnall) Hyphenation in names (Wei-Hwa Huang) Domain Name translation at ISP = Wrong Address (Bob Heuman) More e-mail address problems (PGN) Re: Risks of automatically publishing to the Web! (Li Gong) Netscape White pages "Who Where?" risks (Brian Kelley) How I lost my Y2K innocence (Cory Hamasaki) Re: Leap-years and leap-seconds (Mark Brader) Re: Calendar Act (Mark Brader) 1996 SEPG Conference [abridged] (Carol Biesecker) RISKS 17.91 19 March 1996 Hare Krsna chants trigger answering machine remote access (Dan Cross) Medical Device Recalls: Heart monitor (PGN) Jury-duty-pool selection-criteria risks (Varda Reisner Bruhin) FTC Targets Internet Fraud (Edupage) Iomega Stock Volatility Blamed on AOL Postings (Edupage) Risks of onboard flight manuals (Hank Nussbacher) Foreign CDA (Kurt Fredriksson) Risks of assuming all computers are PCs (Timothy Panton) PacBell ID Blocking [For California readers] (Henry Baker) Response from Strassmann/Marlow illustrates further risk (Benjamin Bokich) Flash Crowds (David M. Chess) Re: Netscape's syntax checking (Matt Welsh, Max TenEyck Woodbury) Internet Privacy and Security, Call for Papers (Joseph M. Reagle Jr.) InfoWarCon V 1996: Call For Papers (Winn Schwartau) RISKS 17.92 20 March 1996 Re: Backdoors, bugs, and Oracle (Mary Ann Davidson) Errors in W2s and other tax forms (David Emery) Music, nonstop! (Bruce Kingsbury) Stupid ftpd messages (Mark Rafn) Ironic risks on ATM story (Dave Barr) Risks of using an insecure browser, as discussed on RISKS (Doug Claar) Reminder: Computers, Freedom and Privacy '96, 27-30 March 1996 (Bruce R Koball) Re: jury duty (Steve Sapovits) Re: FTC Targets Internet Fraud (Paul Hoffman) More on Iomega stock volatility (Carl Wittnebert) Re: Hare Krsna chants trigger answering machine (Panero, Kevin Rainier) Call for Papers -- CSI 23rd Annual Conference (Patrice Rapalus) RISKS 17.93 24 March 1996 Java/Netscape security flaw (Ed Felten) DTMF falsing by human speech & music (Tim Shepard) More on list-bombing (Phil Agre) CIAC Notes 96-01: Java/JavaScript; search security (John M. Fisher) RISKS 17.94 25 March 1996 Technology "deterioration" (Lauren Weinstein) Someone may steal your life! (Ka-Ping Yee) The risks of misquoting/mispointing on the Web (Thomas H. Slone) The risks of too-smart printers (Dwight Brown) An uncertainty principle for risks (Dick Mills) Lemmings -- Re: Java/JavaScript woes (A. Padgett Peterson) Comments on Netscape, list-bombing, another attack (Fred Cohen) Re: More on list-bombing (A. Padgett Peterson, Frederick Roeber, Leonard Erickson) Free spam-cancelling shell scripts (Fred Cohen) Re: Jury duty (Shannon Nelson, Paul Franklin, Dorothy Klein) RISKS 17.95 1 April 1996 A note on E-mail, e-mail, and email (Peter G. Neumann) The Queen's Speech (Lindsay F. Marshall) Argentine Hacker (David Kennedy) The story of jjq (Jean-Jacques Quisquater) Sony TV remote controls affect Apple Performa 6300 (Daniel P.B. Smith) Computer-generated will rejected by court (George Richmond) Customer Billing Software Failure Leads to Firm's Demise (PGN) Wrong approach to Java security (Jacob Palme) Comments on subscriptions, uncertainty (D.J. Bernstein) Re: An uncertainty principle for risks (Richard Cook) Re: On-line vote-taker overwhelmed (Allan Noordvyk) RISKS 17.96 1 April 1996 END OF VOLUME 17: Summary issue available as RISKS-17.00 or .97 (PGN) Breakthrough in cryptographics: ROT n+1 new algorithm discovered (Peter Simons) Flash ROM virus (J.R.Valverde jr) "IRS computer project a four-billion-dollar fiasco" (Edupage via Prentiss Riddle) Eglitch in RISKS-17.95 (Peter Ladkin) Notes on e-mail: Use diaeresis (Jon Callas) BC Health Minister Bans sale of Prescribing Profiles to Drug Companies (Kelly Bert Manning) Re: An uncertainty principle for risks (Matthew S. Jaffe, Bob Blakley III) Re: Technology "deterioration" (Doug Sewell) IBM posts info on the Web about "Year 2000" problem (Paul Robinson) Persistence of links such as URLs (Johan Strandberg) ACM/IEEE Letter on Crypto (Dave Banisar) RISKS 17.97 1 April 1996 UPDATED INFO ON RISKS (usually summarized at the end of most issues) SUMMARY OF RISKS VOLUME 17 (27 March 1995 to 1 April 1996) ------------------------------ End of RISKS-FORUM Digest 17.00 (97) ************************