precedence: bulk Subject: Risks Digest 19.00 (98), Volume 19 summary REPLY-TO: RISKS-LIST: RISKS-FORUM Digest 25 September 1998 Volume 19 : Issue 00 (98) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 19 (1 April 1997 to 25 September 1998) (NOTE: This summary is archived in ftp file risks-19.00 at, and is also at ---------------------------------------------------------------------- Date: 23 Sep 1998 (LAST-MODIFIED) From: Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to the automated list server, with first text line SUBSCRIBE or UNSUBSCRIBE [with option of E-mail address if not the same as FROM: on the same line]. INFO gets you this file. HELP gives instructions on using the Majordomo listserver in other ways, although not all are implemented for RISKS. CONTRIBUTIONS: to, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, nonrepetitious, and without caveats on distribution. Diversity of content is welcome, but personal attacks are not. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses. Contributions will not be ACKed; the load is too great; if you feel neglected, send a follow-up message. **PLEASE** include your name & legitimate Internet FROM: address. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Particularly relevant contributions may be adapted for the RISKS sections of issues of ACM SIGSOFT Software Engineering Notes. * Submissions: By submitting an item that is accepted for publication in RISKS, the author grants permission for unlimited public distribution and redistribution in electronic or other form. * Reuse: Blanket permission is hereby granted for reuse of all materials in RISKS, under the following conditions. All redistributed items must include the Risks-Forum masthead line. All reuse must be accompanied by the following statement: Reused without explicit authorization under blanket permission granted for all Risks-Forum Digest materials. The author(s), the RISKS moderator, and the ACM have no connection with this reuse. As a courtesy, reusers of individual items (as opposed to forwardings of entire issues) should notify the authors, and should pay particular attention to any subsequent corrections. RISKS can also be read on the web at URL Individual issues can be accessed using a URL of the form [yes, VL = volume, IS= issue] (Please report any format errors to RISKS ARCHIVES: if your browser accepts URLs, or ftp unix.sri.comlogin anonymous[YourNetAddress] cd risks or cwd risks, depending on your particular FTP; Issue J of volume 20 is in that directory: "get risks-20.J". For issues of earlier volumes, "get I/risks-I.J" (where I=1 to 19, J always TWO digits) for Vol I Issue j. Vol I summaries in J=00, in both main directory and I subdirectory; "bye" I and J are dummy variables here. REMEMBER, Unix is case sensitive; file names are lower-case only. =CarriageReturn; FTP.SRI.COM = []; FTPs may differ; Unix prompts for username and a password. Search engines may find other mirrored sources, but those do not necessarily reflect occasional amendations. The site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS and illustrative.pdf PRIVACY DIGESTS: * The PRIVACY Forum is run by Lauren Weinstein. It includes a digest (which he moderates quite selectively), archive, and other features, such as PRIVACY Forum Radio interviews. It is somewhat akin to RISKS; it spans the full range of both technological and nontechnological privacy-related issues (with an emphasis on the former). For information regarding the PRIVACY Forum, please send the exact line: information privacy as the BODY of a message to ""; you will receive a response from an automated listserv system. To submit contributions, send to "". PRIVACY Forum materials, including archive access/searching, additional information, and all other facets, are available on the Web via: * The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is run by Leonard P. Levine. It is gatewayed to the USENET newsgroup comp.society.privacy. It is a relatively open (i.e., less tightly moderated) forum, and was established to provide a forum for discussion on the effect of technology on privacy. All too often technology is way ahead of the law and society as it presents us with new devices and applications. Technology can enhance and detract from privacy. Submissions should go to and administrative requests to ------------------------------ SUMMARY OF RISKS VOLUME 19 (1 April 1997 to 25 September 1998) (archived in ftp file risks-19.00) RISKS 19.01 1 April 1997 French computer systems found to be immune to Y2K problems (John O'Connor) The Year 2100 Problem: a simple solution (Martin Minow) Microsoft buys Sun (Mark Stalzer) Maybe we should start a "savoracle" e-mail address (Martin Minow) The risk of perceiving the usual as normal (Gene Wirchenko) Spry policy change causes e-mail denial (Michael Miora) Unsecure online banking (David Ross) AT&T Worldnet snafu/scam (Matt Holdrege) Free book because computers cannot lie (Mich Kabay) Re: Computer model blamed for $83 Million loss (Mark Stalzer) Re: RISKS of tracking packages (Matt Welsh) Correction for ``hard core bits'' reference (Paul Eggert) Re: all-ways green lights (Mark Brader, Steve Summit, Dik T. Winter) "Child Safety on the Internet" by Distefano (Rob Slade) RISKS 19.02 02 April 1997 Strange buzzing sound in computer mouse caused by solar wind (Martin Minow) CalTrain computer stolen -- rider alert (Adrian Brandt via Al Stangenberger) Another NT security flaw (PGN) Re: The Year 2100 Problem: a simple solution (Mark S. Fineman) Embedded Chips Suffer from Year 2000 Problem, Too (Edupage) Re: Greenwich Mean Time just changed by 1 hour (A. Grant) Daylight savings time (Andre Sintzoff) UPS Tracking System experience [name withheld by request] Meta-risks of browser flaws (Matthew D. Healy) Re: SSL Browser Vulnerability Discovered (Eric Rescorla) Vulnerable Web forms (Anup K. Ghosh) Re: Risks of automatic spam blockers (Dan Zerkle) Spam-proofed "From:" lines (Wayne Mesard) Re: UK Banks' clearing system problem (Jerry Leichter) Microsoft Typography: Bug or Feature? (Rodger Whitlock) COMPASS '97 conference agenda (Dolores Wallace) RISKS 19.03 3 April 1997 New Zealand Police system (Richard A. O'Keefe) RISKS of disconnecting without first connecting (Bryan O'Sullivan) Re: UK TTP licensing proposals (Michael Bacon, Ross Anderson) Another Y2K Problem for Banks (Bruce Horrocks) All-ways green lights ... it's all in the timing (Richard Cook) RISKS 19.04 4 April 1997 Moynihan Commission hooked on Penpal virus hoax (George Smith) Sheriff prefers jail-door computer malfunction to April Fool's joke (Darrell R. Pitzer) The ghost of the Pentium FDIV bug (Frank Solomon) War story on errors in library versions (John Paulson) Re: CalTrain computer stolen -- rider alert (Mike Lipsie + Al Stangenberger) Emergency! Crisis in the Cockpit, by Stanley Stewart (Robert Dorsett) Spam, the naming of parts (Dan Sheppard) But I don't LIKE spam... (John Oram) Re: Spam-proofed "From:" lines (Curt Sampson, Tim Pierce) Re: Risks of automatic spam blockers (C Matthew Curtin, Ted Wong, Harlan Rosenthal, Dan Franklin, J. DeBert) RISKS 19.05 7 April 1997 Social Insecurity (Simson L. Garfinkel) Identity Theft (PGN) More on the Guyana Telephone Scam (Dewi Daniels) Woman trapped in tanning bed (Michael Mahr) Time-change risks and DECnet (Ian Brogden) Follow-up on Joseph Jett (Rich Mintz) Re: Elections Canada and the Net (Mark Brader) Not a forgery! (Vivek Sadananda Pai) Re: The ghost of the Pentium FDIV bug (Allan Heydon) RISKS 19.06 10 April 1997 NY City electronic voting machines: $20 million wasted (Ed Ravin) YAAXF: Yet Another ActiveX Flaw (David Kennedy) RISKS of Mail Merge for Ontario Tories (Mich Kabay) RISK of power of two: 25.6 mm per inch! (Richard Black) BMW fixes transmission via dialup to car (Nick Zervas) Re: Generating randomness (Paul C. Kocher) Programs broken by daylight savings time switch? (Earl Truss) Re: DECnet time-change (Larry Kilgallen, Jerry Leichter) Re: Greenwich Mean Time just changed by 1 hour (Jeff Uphoff) Re: Y2K: revenge of originality (Charlie Shub) Blue Cross automated SSN update system (Jeremy Epstein) SSA Web/PEBES and Cross-Matching (John M. Willis) Re: Social Insecurity (Richard Hollands) PEBES "security" even weaker than described (D.V. Henkel-Wallace) Re: Meta-risks of browser flaws (Rob Bailey) Re: Not a forgery! spamming (Vivek Sadananda Pai, Simson L. Garfinkel) RISKS 19.07 14 April 1997 Swedish Narcotics Police Demand Telephone Card Database (Martin Minow) AOL Mail Latency (Dave Kennedy) Parkers pass out uncompliments (Michael O'Donnell) Old RISK: ``Computers are never wrong.'' (Joe Carlet) Risks of user migration (Al Donaldson) UK and Y2K: $50 billion (PGN) UK MoD and Y2K: 100 million pounds to reboot missiles (Geraint Price) GMT and Win95 (Michael Bacon) Computer kiosks (Bob Frankston) "Crack-A-Mac" contest results (Martin Minow) Magic-number reuse (Paul Brebner) Air collision RISK from increased accuracy (John Brooks) Re: RISKS of Mail Merge for Ontario Tories (Mark Brader) Re: Blue Cross automated SSN update (Harlan Rosenthal) Fun with export/import controls (Steve Gibbons) On the naming of names (Danny House) Telecommunications & Democracy: Historic Citizens' Report (Richard Sclove) RISKS 19.08 15 April 1997 Bizarre case of techno-harassment (PGN) Fake "PGP CRACKED" message lures users into trap (Derek Ziglar) When BC: really means CC: in e-mail (David Kennedy) The risk of a personalized act of kindness (Sam Lepore) New Trolling Scam on MSN (David Kennedy) IVHS vehicles and safety assumptions (Rich Mintz) Re: Parkers pass out (Simson L. Garfinkel) Re: Computers are usually right! (Bob Morrell) Y2K scenarios: a call for a vote (Bob Morrell) More on GMT vs BST: RS6000 (David Alexander) Re: GMT, BST, and "current civil time" (John Styles, Martin Minow) Re: Standard to Daylight and back (Sergio Gelato) Risks of not using Ridiculously Priced Technology (Sara Thigpen) Re: RISKS of Mail Merge for Ontario Tories (Tim Kuehn) RISKS 19.09 17 April 1997 Why Bre-X crashed the Toronto Stock Exchange (Dave Wortman) "Big Glitch Hits MSN E-mail" (PGN) "Heading off emergencies in large electric grids" (IEEE Spectrum via PGN) "My Hairiest Bug War Stories" (CACM via PGN) The risks of not using your own security measures [name withheld by request] Daylight savings change problem (Steve Doig) Using GPS as your time standard (Bernard Lyons) Re: Fake "PGP CRACKED" message lures users into trap (Fred Cohen) Re: DES Challenge risks (Thomas Koenig) Re: Social Security--the other side (Carey Tyler Schug) Re: YAAXF: Yet Another ActiveX Flaw (Russ Cooper) They fixed one! 11-digit dialing in San Diego (Mark Seecof) Re: Risks of Mail Merge for Ontario NDP (Mark Connolly) Daylight Time and UTC (Maggie Iaquinto) Re: More on GMT vs BST: RS6000 (Andrew Yeomans) Re: GMT, BST, UTC and all (Ian Miller, Bernard Lyons, Ian Stephens) "Network Security" by Kaufman/Perlman/Speciner (Rob Slade) RISKS 19.10 22 April 1997 Paperclip stopped trains in Finland (Jari M=E4kel=E4) 2 jets in near-miss approaching LAX; pilot blames autopilot (PGN) Re: Air collision risk from increased accuracy (Mike Rogers) Privacy Legislation (Edupage) Re: cyberstalker: house invasion a hoax (Ron Pfeifle) Re: cyberstalker: RISKS of assuming "high-tech" (Mich Kabay) Re: Hairiest Bug Stories (Steve Sapovits) Y2K and PARSLEY: Upgrade woes (Pete Mellor) Re: GMT and UTC (Martin Minow) Year-2000 Cost Estimates Rise (Edupage) Re: RISKS screwups on time changes (Michael Bacon) Re: IVHS vehicles and safety assumptions (Alan M. Hoffman, Mich Kabay) Law Review Article on Spam (Martin Minow) Re: Risks of automatic spam blockers (Dimitri Vulis) Re: "Crack A Mac" contest (Martin Minow) Addendum to DES Challenge RISKS (Thomas Koenig) Re: 11-digit dialing (Lauren Weinstein) RISKS 19.11 28 April 1997 Java security flaw (Dirk Balfanz/Drew Dean/Edward Felten/Dan Wallach) Mad Cows: Trust the computer (Charlie Lane) Chicken Little, where are you when we need you? (A. Padgett Peterson) Poltergeist beds (Mich Kabay) Microsoft redefines comic strips! (Marc Salverson) Computer Contributes to 747 Tail Scrape (Mike Rogers) Death by Equifax (Chuck Jerian) Re: Hairiest Bug Stories (Henry G. Baker) When software vendors drop products (Mark Seecof) Re: Elevators vs stairs: the risks of distrust (Geert Jan van Oldenborgh) Re: Air-collision risk due to improved --i.e., GPS-- accuracy (Hal Lewis) Re: IVHS: fly-by-wire risks (David Alexander) Risks of what everyone "knows" (A. Padgett Peterson) Re: IVHS vehicles and safety assumptions (Kevin Clifton) Re: Cyberstalker: house invasion a hoax (Michael Shiplett) YOMDSTCS: Yet One More DST-Change Story (Varda Reisner Bruhin) Crypto '97: Information and Registration (Bruce Schneier) RISKS 19.12 2 May 1997 Internet routing black hole (PGN) California child-support deadbeat database flawed (PGN) Levi Strauss personnel data stolen (PGN) Risks of credit fraud and identity theft, and PEBES (PGN) James Sanders' Book on TWA 800 (Peter Wayner) [name corrected in archive] I see a new idea for 1-900 service: prescriptions by modem (Rob Bailey) Motorola may take legal action over health claims (Mich Kabay) Re: Reuters techie brings down trading (PGN) A Labour-ious spelling-checker story (Finn Poschmann) A spell-binding RISK (Mike Lee) On the naming of names (Adrian Robson) Risks of electronic thesauri (Steve Schafer) Re: More on GMT vs BST: RS6000 (Dave Sparks) Re: YOMDSTCS: Yet One More DST-Change Story (Steve Work) RISKS 19.13 9 May 1997 Time-Bomb Ticks In No-Name Pentium Motherboards (Mich Kabay) Cyber Promotions slammed, spammed, and dammed (PGN) Power system loss, despite multiple redundancy at London Telehouse (Tim Sheen) No more fingers in the dike: big flood gates (Geert Jan van Oldenborgh) Netscape News reader risk (Lindsay F. Marshall) Bug in Netscape shows whose C compiler they use (Paul Robinson) Is E-Mail Safe? (John Mainwaring) Norwegian surveillance camera (Martin Minow) Year 2068 problem (Adam Shostack) Dept of stupid statistics: Internet fraud (Richard Schroeppel) Social benefits of comp.risks (Harold Asmis) Keypunching data leaks (David Kennedy) Re: A Labour-ious spelling-checker story (Paul Andrew Solomon Ward) Swedish Phreaker Fined (David Kennedy) Re: James Sander's Book on TWA 800 (Marty Ryba, Fred Ballard, Clark Merrill, Pete Mellor, Mark Stalzer) RISKS 19.14 14 May 1997 Russian nuclear warheads armed by computer malfunction (Matt Welsh) All your eggs in one basket! Telehouse power and UK Net outage (Azeem Azhar) Yet another web page hacked: Swedish meat balled up (Martin Minow) Judge throws out 2 out of 3 DEC keyboard verdicts (Edupage) Kansas Sex-Offender Database seriously flawed (Robert Davis) Internet Explorer runs arbitrary code: MIME type overridden (Mark Fisher) GAO report says Pentagon overpaid contractors by $$millions (Fred Ballard) Risks of Ignoring Scale (Fred Ballard) Unsecure Databases (Steve Branam) A definitive clarification of time measurement (John Laverty via Peter B. Ladkin) Y2K fixed? But what about the month? (Phillip G. Felker) DES challenge news (Thomas Koenig) MD5 weakness and possible consequences (Thomas Koenig) RISKS 19.15 15 May 1997 Pentium II math flaw (John Sheehy) Re: Time-Bomb Ticks In No-Name Pentium... (Henry G. Baker, Joan L Brewer) Re: US Navy response to USS Vincennes airliner shootdown (Jonathan Thornburg) Re: Power system loss, despite multiple redundancy (Ray Todd Stevens) Re: No more fingers in the dike: big flood gates (Nick Brown, Amos Shapir) Re: Swedish Phreaker (Kurt Fredriksson) ACM lacks $50 (Bertrand Meyer) Signature scam? (John Elsbury) Dialing someone who became `road kill' on the Information Superhighway (Paul Robinson) RISKS of subscribing yourself to an e-mail database service (Steve Andre') Choosing and protecting your password: NOT! (Mike Wilson) Re: Year 2069 problem (Hallam-Baker) Workshop on safety-critical systems standards (Victoria Stavridou) FMICS2 Programme and Call for Participation (Diego Latella) RiskWorld (Mary Bryant) RISKS 19.16 17 May 1997 Power outage crashes 1529 Bank of America ATMs (Mathew Lodge) Poorly debugged new software results in $98,000 mistake (Tim Rushing) More high-tech driver's license systems stolen (Gary Grossoehme) On-line brokerage-trading passwords in plaintext (Cliff Helsel) Security of Social Security Administration Database (John Pescatore) Re: MD5 weakness and possible consequences (Wayne Mesard, Geoffrey Leeming) The Year 65536 bug bites early! (Joshua M Bieber) Re: ~2K (Bob Frankston, Peter B. Ladkin) headers were forged in junk e-mailing; retaliation against my public anti-SPAM activities (Jim Youll) Re: ACM lacks $50 -- or not... (James K. Huggins, Fred Cohen) "Electronic Democracy" by Browning (Rob Slade) RISKS 19.17 21 May 1997 RISKS of Key-Recovery Encryption (Matt Blaze) Sun exploits loophole in crypto ban (PGN, Michael C. Taylor) Election Reporting in a NaNy State (Mark Brader) Risks of paying attention to uncontrolled e-voting (Ashley Craddock via Mich Kabay) Another Computer Bug: Ants in the Machine (Mich Kabay) Information-Hiding Workshop (Ross Anderson) Re: headers were forged ... (Arnt Gulbrandsen) Taking redundancy too literally (Bruce Horrocks) Frequency standards (Hal Lewis) Clock synchronization and relativity (Andrew J Klossner) Re: ~2K (William Lewis, Hal Lewis, Mark Stalzer, Greg Smith, Bob Frankston) RISKS 19.18 22 May 1997 Software problems with new-generation air-traffic control center (Peter B. Ladkin) On-line change of postal address (Peter Scott) Petrol bowser fun and games (Stuart Lamble) Anti-spam bill introduced in U.S. House (Jim Griffith) Anti-spam bill introduced in U.S. Senate (Lance J. Hoffman) E-mail disaster: inadvertent use of a mailing list (Don Byrd) DEC's OpenVMS has Y2K problem on 19 May 97: UNIX compatibility (Smith and O'Halloran plus Tim Shoppa) Risks of key recovery - and likely ineffectiveness (Clive Page) Security risks from active usenet articles (Steve Atkins) Java security architectures/testing methodology/flaws (Emin Gun Sirer) suspends poll (Mich Kabay) Re: Power system loss, despite multiple redundancy (Al) Re: Fire ants and computers (James H. Haynes) Re: Clock synchronization and relativity (Wayne Hayes) Double Positives (Barry Jaspan) Re: Time-Bomb Ticks in No-Name Pentium ... (William Hacker) Risks of out of context information (Richard Brodie) RISKS 19.19 29 May 1997 FBI sting nabs man trying to sell 100,000 credit-card data items (PGN) Computer fraud in subscribing to telephone service? (Thomas Brazil) Oklahoma bombing trial transcripts (Henry G. Baker) Area-code switcheroo (Gary McGraw) How Secure Is AT&T's WorldNet Security? (Brian S. McWilliams) Eavesdropping tools used by drug barons (Peter Wayner) AltaVista stores username/password for shopping malls (Fredrik Pihl) Re: On-line brokerage-trading passwords in plaintext (Hal Lewis) Risks of lying on return address of spam (Mich Kabay) Anti-spam bill introduced in U.S. Senate (Abigail) Re: E-mail disaster: inadvertent use of a mailing list (Dorothy Denning, Joe Carlet) Re: JVM verification (Li Gong) General relativity vs special relativity (Steven M. Schweda) Re: Fire ants and computers (Simson L. Garfinkel, Vexxallarius Venturi) Re: On-line change of postal address (G. Allen Morris III, Evan McLain) Final version of "Risks of Key Recovery" available (Matt Blaze) RISKS 19.20 31 May 1997 Spam and yeggs? Brake fast, or be devoured! (PGN) KGB infiltrates MI5 on the hotline (Mich Kabay) Privacy and car navigational systems (DonNorman) Prison guards leak sensitive computer data (David Kennedy) Runaway train-ticket vending machine (Tim Pietzcker) Lost Pond: Jurassic Duck (Mich Kabay) Risks of caring for an electronic pet (Mich Kabay) Florida "Computer Gang" Members Arrested (David Kennedy) Grappling with the risks of ATMs and heavy machinery (John Oram) Re: How Secure Is AT&T's WorldNet Security? (Steve Bellovin) Microsoft and Privacy ("cooler" via Mich Kabay) [added para in archive copy] Re: Computer fraud in subscribing to telephone service? (Geoff Kuenning) Re: Postal Service change of address (Lauren Weinstein) Re: General relativity vs special relativity (Frederick G.M. Roeber) Call for Papers -- IFIP WG 11.3 Working Conf on Database Security (Sushil Jajodia) RISKS 19.21 5 June 1997 Programmed Tunnel-Digging Robot (Robert J. Sandler) Cashless not crashless (David Hood) Revenge spam hits antispammer (Beth Arnold) Anti-spam missile misfires... (Reuben G. Torrey and Richard Karash) Big Brother strikes again... Netcheck New Zealand (Bruce J. Fitzsimons) When is 0 not 0? The wonderful world of the Web (Clarke Christopher Turrall) Java has a similar problem to the 2000-year problem (Quinton Jansen via Lindsay F. Marshall) Attack on California's electric power infrastructure (Betty G.O'Hearn) Indictments for Computer Chip Theft (Edupage) Commands without timeout (Nick Brown) Re: Computer fraud in subscribing ...? (Kevin McCullen) Re: headers were forged ... (Barry Brown) Re: Florida "Computer Gang" Members Arrested (Mich Kabay) Uniform password method (Ken Knowlton) Re: Microsoft and Privacy (Marnix Arnold) Re: Time-zone bug in Canadian election (Mark Brader) Re: Lost Pond: Jurassic Duck (Michael Handler) Re: Senate anti-spam bill (Ray Everett-Church) More dangers of e-mail to the wrong users (Aviel Rubin) RISKS 19.22 12 June 1997 Washington D.C. air traffic slowed (PGN) Poorly designed train signal nearly causes crash (Martin Minow) Computer glitch slows trains (Jeremy Epstein) Cut cockpit wiring found on airliner (Matt Welsh) Company blackmails Netscape for details of browser bug (Jim Griffith) Censorship from half way around the world (Jeremy Freeman) Smith Barney customers become momentary millionaires (Jim Griffith) Texas Drivers in the Privacy Pothole (Lauren Weinstein) Largest Database Companies to Restrict Use of Personal Data (Edupage) Risks of being a spammer (Jim Griffith) Major corporation's misconfigured FTP server (John P. Wilson) 3001: Improving A Classic (Scot E. Wilcoxon) Geez Pleez Sloueez (Mark E. Ingram via Peter Ladkin) Re: When is 0 not 0? The wonderful world of the Web (Mathew Lodge, David Jones) IFIP WG 11.3 Working Conference - August 11-13, 1997 (David Spooner) CFP: 1998 Symposium on Network and Distributed System Security (Matt Bishop) CFP: The Impact of the Internet on Communications Policy (Nora O'Neil) RISKS 19.23 26 June 1997 U.S. Supreme Court rules on Communications Decency Act (PGN) RSA's DES challenge achieved (PGN) McCain-Kerrey Secure Public Networks Act (PGN) Revised Internet Regulation in China Announced (Li Gong) "Hackers" get into Ramsay case computer (Jonathan Corbet) Backhoe-attack cable thief disables phone service in Russia (Betty G.O'Hearn) Malfunction Causes Motor Melee (Scott Lucero) 1998-1999 Leonids may damage satellites (Jonathan Nash) Unix path risks -- well-known, but still amusing (Michael Patrick Jackson via Alan Wexelblat) Microsoft Web site Interrupted by cracker (Edupage) MS Outlook sends e-mail on Ctrl-Enter when editing with Word (Michael Passer) Malepropylene Microdictus (Stephen Speicher) Re: Software Problems with new UK ATC Center (Andres Zellweger) Old risks, new villains... when will they learn? (Quinn Yost) 7-Eleven Big Brother (Mich Kabay) UK Government proposes ID numbers for 4-year-olds (Gary Barnes) Chip Theft by Home Invasion (David Kennedy) Re: Company blackmails Netscape for details of browser bug (Dorothy Denning) Netscape vs. Cabocomm (Andy Waldis) "Secret Power" claims to expose secret international spying networks (Betty G.O'Hearn) RISKS 19.24 16 July 1997 Errors in California's Megan's Law sex offender CD ROM (Karen Coyle) Website on Spreadsheet Research (Ray Panko) "*sex" County sites blocked (Frank Carey) Jon-Benet Ramsay case "hackers" unmasked: dead battery (Bear R Giles) Credit-card numbers stolen from the Web (Drew Dean) Lewis satellite downlink jammed by car alarm (George Michaelson) Aircraft and Passenger Electronics; FMS Nav Data (Peter B. Ladkin) Mid-air collisions (Hal Lewis) Faulty lavatory smoke detector lawsuit (Frank Carey) High-technology toll road six months late in Ontario (George Swan) "DA computer chief almost loses all to clever sabotage" (James H. Haynes) Re: MD5 weakness and possible consequences (Bear R Giles) DEC Alpha Bug?!? (Gregory F. March) Manual compositing of reuters news on yahoo cocks up (George Michaelson) Calendars (Andrew R Koenig) Follow-up to backhoe attack on cable (Cliff Krieger) Anti-spam technology (Simson L. Garfinkel) List of known macro viruses (Klaus Brunnstein) Web Security & Commerce, Garfinkel with Spafford (PGN) 7th USENIX Security Symposium, Call for Papers (Avi Rubin) RISKS 19.25 18 July 1997 Partial failure of Internet root nameservers (Daniel Pouzzner) Norwich Union to make e-mail libel payout (Jonathan Bowen) Phone industry wants FCC's help against FBI's wiretap plans (Edupage) Voice-controlled MS WORD (Edupage) Medical computer crashes (Tom Van Vleck) New York State information-systems learning standards (Frederick W. Wheeler) Regulatory Improvement Act requires risk assessments (Mary Bryant) Unique definition of "proof of correctness" (Daniel P.B. Smith) Vigilante fallout from the Megan's Law CD-ROM (Joel G) Re: Website on Spreadsheet Research (John R. Levine) DEC Alpha Bug, final resolution (Gregory F. March) Security risks from active usenet articles (Jonathan de Boyne Pollard) Re: Faulty lavatory smoke detector lawsuit (PGN) DA Computer Chief Almost loses Job:" follow-up report (Curtis Karnow) Anti-spam redux (Simson L. Garfinkel) comp.risks was spammed last night (PGN) The truth about Usenet's Psychic Spammers! (Greg Corteville) "25 Steps to Safe Computing" by Sellers (Rob Slade) RISKS 19.26 26 July 1997 Satellite transmission snafu leads to diplomatic incident (Nick Brown) Ghost account nets $169K embezzlement (PGN) 401(k) off-by-one errors () AOL customer phone-number availability (PGN) General Mills & AOL in sleazy partnership: Chex Quest CD-ROM game (Bruce N. Baker) Risks of relying on text search (Derek Lee Beatty) Risks of URL completion (John Pettitt) Computer jargon enters mainstream, is hit by truck (Mark Durst) The dangers of Explorer-ation (Roger Barnett) Win 95 TCP/IP Hole (Alex Klaus) Re: MD5 weakness and possible consequences (Paul C. Kocher) Re: Voice-controlled MS WORD (Tai, Christopher Kline) Re: Medical computer crashes (Jonathan de Boyne Pollard) Y2K: a different solution (Driss) Re: DEC Alpha Bug, final resolution (David Chase) Re: The truth about Usenet's Psychic Spammers! (H.Shrikumar, hymie) RISKS 19.27 1 August 1997 45,000 GSM phones recalled for software upgrade (Veliddin Eran Sezgin) 24 more California DMV clerks fired in fraudulent license scheme (PGN) Another phony-fax get-out-of-jail scheme (PGN) Offshore Internet gambling taking *off* (PGN) Strong Capital sues alleged hacker-spammers (Mich Kabay) Risks of ordering airline tickets online (Craig Macbride) What to do about software patents () Re: AOL customer phone-number availability (Bill Seurer) Political vs Technical Errors in CA Megan's Law CD ROM (Ed Wright) Re: The dangers of Explorer-ation (Steve Loughran) Re: DEC Alpha Bug: Intel x86 FPU Diagnostics (Steven Healey) Re: DEC Alpha Bug, final resolution (Daniel A. Graifer, David R Brooks) Re: General Mills, AOL, Chex Quest (Steve Lumos, Doug Linder, Padgett Peterson) Re: Y2K: a different solution (Robert J. Sandler, Dave Weingart) CfP: Y2K in Health Informatics Journal (M.F. Smith) "CyberLaw: The Law of the Internet" by Rosenoer (Rob Slade) RISKS 19.28 7 August 1997 USENET gateway flaw plus immoderation in bypassing moderation (RISKS) Name collision lands robbery victim in jail (PGN) IRS erroneously send out 90,000 tax warnings Hong Kong slip reveals press info (David Kennedy) Four-star general upset with privacy invasion (Glen Roberts) On-line court information system raises access questions (Brian Schimpf) Internet access to criminal records info (Nancy Talner) Is Microsoft distributing viruses? (Gerhard Duennebeil) Bill would make software copying a felony (Edupage) Chicago flooded with counterfeit bills (David Kennedy) Ctrl-Alt-Del (Paul VanDyke) Clean Sweep wasn't quite soon enough (Jim Horning) Electronic airline ticketing (Jordin Kare) E-mail readers and snooping (Bryan C. Hains) Re: What to do about software patents (Anthony E. Siegman, Ray Todd Stevens) Urban legends, in this case a true one: General Mills/AOL (Brad Elmore) RISKS 19.29 11 August 1997 Software error may have contributed to Guam crash (Steve Bellovin) Plane crashes into power lines near Los Angeles (PGN) Explosion causes Internet blackout in New England (Edupage) Vonneguten Morgen, Mary Schmich! Internet hoax (PGN) Bank robbery *wanted* poster based on image of wrong person (PGN) No Surfing on the Senate Floor (Edupage via R Spainhower) Yet Another Java Flaw-this time with MSIE? (Randy Holcomb) System malfunction implicated in need for death-penalty review (Webb Bryan) German Telekom's latest phone feature (Wilhelm Mueller) GPS: Exactly - and I do mean EXACTLY! where were you? (Sam Lepore) Y2K lawsuits begin (Jim Huggins) Airline travelers with duplicate names (Chuck Charlton) Re: Clean Sweep wasn't quite soon enough (Steve Branam) More on license forgeries (Mark Laubach via Dave Farber) Re: What to do about software patents (Dan Hicks) Re: Ctrl+Alt+Del (Dave Porter, Jered J Floyd, Bryan Costin, Roland Giersig) RISKS 19.30 15 August 1997 QuickTax 97 miscalculates self-assessment dues (Tim Sheen) Improve your site security over the Web: *not* (Aaron Binns via Gary McGraw) Deadly defaults in the Communicator 4.01 (Anup K. Ghosh) Privacy vs. criminals (Otto Stolz) Re: Bill would make software copying a felony (Keith Graham) Effects of an earlier power failure in Perth (Jeremy Ardley) Re: Plane crashes into power lines near Los Angeles (Henry G. Baker) Re: More on license forgeries (Mike Alexander) Re: Explosion causes Internet blackout in New England (Andy Struble) Earlier GPS synchronization problem (James M. Dodmead) Re: GSM pins you down (Jay R. Ashworth, Dag Oien, Bob Morrell) Risks of (Jim Baker) RISKS 19.31 19 August 1997 Quag-Mir: Mere-ly more challenges to overcome? (PGN) Mir-ed in Troubles (Fred Baube) e-mail spam equivalent to computer cracking? (Fred Gilham) A risk of not preventing spam relay (Dennis Glatting) Credit reports misdirected (Steven Bellovin) "Crack a Mac" server cracked (Martin Minow) SET risk (Jerome Svigals) Bell Canada: The Computer is Always Right (Steve Keppel-Jones) Machines make nuisance phonecalls (Lloyd Wood) Push technology in the office (Ken Burchill) Unusual computer system denial of service: water (Mark Forsyth) Czech Intelligence Computer Stolen (Pete Mellor) Unsolved Mysteries covers identity theft! (Denis Parslow) The Door Is Open! (Glen Roberts) Insurance company billing error (Paul Green) Re: Ctrl-Alt-Del (Li Gong, Morris Maynard) RISKS 19.32 20 August 1997 Channel Tunnel Closed (Boyd Roberts) "Neverlost"? Think again! (Martin Minow) Can Y2K problems be cured by executive fiat? (Matt Wartell) Re: SET risk (Phillip M. Hallam-Baker) Re: Plane crashes into power lines near Los Angeles (Bob Ratner) Re: Ctrl-Alt-Del and Wordmail (Jay R. Ashworth) Door entry has surprising failure modes (Nathan Sidwell) Unprovoked threatening spam from Samsung's Lawyers (Sean Matthews) Re: e-mail spam equivalent to computer cracking? (Martin Gleeson, George C. Kaplan, Mark) Re: A risk of not preventing spam relay (Keith Lynch, John Line) Re: No Surfing on the Senate Floor (Alan M. Hoffman, Doug Mitchell, Charles Tompkins, Dave Kristol) RISKS 19.33 22 August 1997 Public loo guilty of making nuisance calls (Nick Rothwell) Risks, Reliability, Regulation, and Infrastructures (Willis H. Ware) Communications lines, redundancy and diversity (Marion F. Moon) The risks of no long-term planning (David Mortman) Re: SET risks (Jacob Sterling) Re: Unprovoked threatening spam from Samsung's Lawyers (Sean Eric Fagan, Phillip M. Hallam-Baker) SPAM-L -- the SPAM Fighters' List (Pete Weiss) Mir problem corrections (Dennis Newkirk) Re: Risks of dummy addresses (Elizabeth Zwicky, Stephen Sprunk) Re: No Surfing on the Senate Floor (William B. Henry) RISKS 19.34 26 August 1997 AOL users hit by e-mail scam and Trojan horse URL (PGN) Network Solutions goof bumps NASDAQ off the Internet (Will Rodger) Computer malfunction floods Boulder garages and basements (S.J. Hutto) Carlos Salgado Jr. pleads guilty (PGN) Tobacco Deal Could Set Precedent for Would-be Net Censors (Edupage) Spelling checker not up on U.S. Marines (Julie Bird via Mike Linksvayer) countersues Barnes & Noble (Edupage) Florida to Automate Traffic Citations (Geoff Kuenning) Cockpit data wiped by RF interference? (Imran via Matt Clauson) The Auditor Might Notice Your Bad Data (Scot E. Wilcoxon) Netscape Communicator 4.02 and 4.01a allow disclosure of passwords (Andre L. Dos Santos) Mac/Unix security e-mail exchange (Martin Minow) Direct action to "sting" the junk e-mailers -- RISKy? (Max Stern) Re: USC 47:227 (Mich Kabay) Re: Software copying a felony (James L. Peterson) Re: Risks, Reliability, Regulation, Infrastructures (Henry G. Baker) Re: SET Risks (Jerome Svigals) Re: Stiction (Frank Hausman) A book on computers and the law by Curtis Karnow (PGN) "Trapped in the Net" by Gene I. Rochlin (Hans-Juergen Schneider) RISKS 19.35 29 August 1997 Prosecution for pager interceptions (Steven Bellovin) Spy phones trace cheating husbands -- and employees (Mathew) Book burning on the Web: AOL and columnist sued (Mark Rebuck) Federal Web Sites Lack Privacy Safeguards (Edupage) Hacking Risks, Paying for tracking you down (Robert J. Perillo) Tcl 8.0 Y2K Risk (Lloyd Wood) Photocopier codes (Marcus L. Rowland) Oracle web server on Unix and passwords (Dawn Myfanwy Cohen) Relying on systems maintenance taking place in another time zone (Olivier MJ Crepin-Leblond) Re: Spelling-checker risks (Dave Katz) Mangled characters in text ("ET") Re: SET Risks (Tony Lewis, Martin Poole) Intentional analysis, re: SET Risks (Charlie Lane) Re: USC 47:227 (Duane Thompson) Re: Public loo guilty of making nuisance calls (Aaron M. Renn) Re: Tobacco Deal Could Set Precedent for Would-be Net Censors (David T.S. Fraser) Risks of believing the obvious, though impossible (Sam Lepore, PGN, Sam) ICDCS-18 call for papers (Diego Latella) RISKS 19.36 3 September 1997 Korean Air Accident in Guam in retrospect (Peter B. Ladkin) Tamagotcha! (Mich Kabay) Autodialing retaliation (Tom Dowdy) Re: "semper fidelis" (Daniel P. B. Smith) Re: Hacking Risks, paying for tracking you down (Steven Bellovin) Re: USC 47:227 (John R. Levine, Keith Calvert Ivey) Re: SET Risks (Mark Baker) Re: Direct action to "sting" the junk e-mailers (Miranda Mowbray) Re: Cockpit data wiped by RF interference? (Ian Cargill, John Pettitt) Re: Solar storm warnings (Barry Margolin) Re: Risks of believing the obvious, though impossible (Mark Brader) Re: Tcl 8.0 Y2K Risk (Ethan L. Miller, Lloyd Wood, Jeff Anderson-Lee) RISKS 19.37 8 September 1997 !!! FBI wants to ban the Bible and smiley faces !!! (Ron Rivest) Nielsen snafu hurts cable network's ratings (George Mannes) SSA to Restore Online Web Service (Marc Rotenberg) Password unsecurity in cc:Mail release 8 (Carl Byington) Re: SOHO gives 1 hour advance warning to Solar storms (John W. Cobb) Runaways (Lindsay F. Marshall) Re: KAL801 and GPWS (John Kohl) Re: Cockpit data wiped by RF interference? (Chris Norloff) Java date range correction (Rodney Ryan) Re: Tcl 8.0 Y2K Risk (Carlie J. Coats, Jr., Bill Gunshannon) Re: Y2K and C (Harlan Rosenthal) Re: Tamagotcha! (Markus Aichholzer, Kenneth M. Sternberg, Doris Beers) @LARGE, by David H. Freedman and Charles C. Mann (PGN) RISKS 19.38 17 September 1997 Walking Away From the Medicare Computer Project (Edupage) Dyslexic Telephone Switch causes billing errors (Robert J. Perillo) Barranquilla airport smells a rat (Mich Kabay) GCCS Military Software fails Year 2000 Test (Paul Robinson) Leaked memo on Mondex hacks embarasses bank (Paul Gillingwater) Illinois being sued to keep information public (Anthony Stuckey) Hewlett-Packard glitch spews spam (Gary Grossoehme) New --faster-- Macs broke old code (John Paulson) Personal info gone astray (Ken Knowlton) GM car acceleration due to EMI (Don Rosenberg) Re: SOHO gives 1 hour advance warning to Solar storms (Bob Schuchman) Re: KAL801 and GPWS (Peter B. Ladkin) Re: FBI wants to ban the Bible ... (Merlyn Kline, Dick Mills, Matt Millar, Martin Gleeson) Re: @LARGE -- Spaf quote (Len Spyker) Java Date Problems (Howard Melman) Risks of bad assumptions: octal numbers (Matt Toschlog) Long is 4 bytes? Not any more... (Peter da Silva) Re: Y2K and C (Steve Sapovits) 1998 IEEE Symposium on Security and Privacy (Mike Reiter) RISKS 19.39 22 September 1997 Eagle (the President) and the Eagle Beagle: pager intercepts (David Wagner) MFS Communications switch fails, with widespread effects (Steven Bellovin) AT&T database glitch caused '800' phone service outage (Robert J. Perillo) SSN used in "killing" victim electronically (Mich Kabay) Falsified reports -- human behavior: an ultimate risk (Chiaki Ishikawa) UK: Mobile-phone radiation causes short-term memory loss (Mich Kabay) Microsoft, PBS team up on interactive Barney Show (Edupage) Re: MS, PBS, Evil Dummies and Hungry Dolls (Mich Kabay) Quicken Quagmire (Lauren Weinstein) Re: FBI wants to ban the Bible ... (Ellen Spertus, Xcott Craver, Kenneth Albanowski) Re: @LARGE -- Spaf quote (J Chapman Flack, Andy Sparrow) RISKS 19.40 1 October 1997 "Computer error" affects A-level results (Pete Mellor) Microsoft: Redefining a problem out of existence (Pete Mellor) AOL may introduce ads on private e-mail (Nick Rothwell) Health Care System, Manitoba (Mike Jeays) Re: EAGLE DEPART|ANDREWS (Daniel Lance Herrick) ATM Withdrawal? (Colin Perkel) Electronic Pearl Harbor: Risks of dubious infowar analogies (Eli Jackson) Possible breakthrough in NP-completeness (Jonathan Seth Hayward) No network, no demo (Martin Minow) Internet sting identifies 1,500 suspected child pornographers (Neil Youngman) 7-bit vs 8-bit incompatibilities (Martin Minow) Data aggregation -- a Risk (David Parkinson) Re: AT&T 800... (Peter Capek) Mad Bus Disease (Geert Jan van Oldenborgh) Re: FBI wants to ban the Bible ... (Daniel J. Theunissen, Paul Fenimore) C's data types; was: Re: Y2K and C (Vivek Sadananda Pai) Re: New --faster-- Macs broke old code (Randy Witlicki) RISKS 19.41 17 October 1997 New York air traffic slowed by Construction effluvia (PGN) Union Pacific rolling (?) stock (Daniel P. B. Smith) Indian satellite failure (Scott Lucero) Paris police computer spares Corsican motorists (Gianfranco Boggio-Togna) Another way to exploit local classes in Java (Andre L. Dos Santos) Risks of installing Internet Explorer 4.0 (Bryan O'Sullivan) Cold weather impairs fiber performance (Stig) Stink-Bombed Computers (Stuart L. Anderson) US West and 911: Silence Is OK (Scot E. Wilcoxon) The risks of license servers (Dan Wallach) Risk of not updating web pages (John Oliver) Re: Possible breakthrough in NP-completeness (Mark Stalzer, Michael A. Schatz via Gary McGraw) Microsoft euphemisms (Matt Welsh) Re: AOL may introduce ads on private e-mail (Matt Welsh) Re: FBI wants to ban the Bible: steganography (Brian Clapper) Re: FBI wants to ban the Bible: Linear A/B (Stephen Crane, Mike Williams) The Electronic Privacy Papers: A new book by Schneier/Banisar (Bruce Schneier) RISKS 19.42 24 October 1997 San Francisco blackout (PGN) Modern cars (Phil Scott via Adam Cobb and Paul Saffo) Screen saver dogs DoD's Common Operating Environment (John Long) The risk of "zero defects" (Peter Kaiser) When taking a guess isn't so smart (Dominic J. Hulewicz) Risks of Civic Virtue (Peter Wayner) Risks of debit cards for merchants (Benoit Lavigne) Re: Another way to exploit local classes in Java (Li Gong) Re: Internet sting identifies 1,500 suspected child pornographers (Mike Perry) Re: Paris police computer spares Corsican motorists (Clive D.W. Feather) 911 silence similar to former Lexus problem (Ari Rapkin) Costs and benefits of war-dialing (Mich Kabay) Problems with ACM e-mail forwarding service (David Sedlock) Re: IE4, Netscape, and font anti-aliasing (Bryan O'Sullivan) NCSA CyberRisk 97 Conference (Mich Kabay) RISKS 19.43 29 October 1997 RC5-56 cracked (David McNett) Stansfield Turner's new book includes near-war risk (PGN) Stock market roller coasters (PGN) Bug costs US$3.8 million (David Kennedy) US DoD Break-in Statistic (David Kennedy) Victim Ordered to Surrender Computer and Passwords (David Kennedy) More on California's deadbeat dads' database (PGN) More on Union Pacific congestion (PGN) Security flaw in Rogers Cable's "Wave" (Hendrik) Gerber net hoax (David Kennedy) Smart VCRs & daylight savings time (Josef K) Daylight savings brings down ATM network (Laszlo Herczeg) Risks of daylight savings (Jim Griffith) Windows 95 & daylight savings time (Dale K. Brearcliffe) NT Screen Savers Considered Dangerous Also (Bill Elswick) Re: Modern cars (Stefan Lindstrom) RISKS predicted the San Francisco blackout! (Ken Hayman) CFP Computer Security Foundations Workshop CSFW11 (Simon Foley) RISKS 19.44 1 November 1997 AOL strikes again! (PGN) Pac*Bell Internet cites sabotage for blockade Another computer-miscontrolled jail (Scot Wilcoxon) Web sites open companies to computer fraud risk (Stevan Milunovic) Girl dies after storm cuts power (Matt Welsh) Stock-market overloads (Steve Bellovin) Re: NY Stock Exchange system "glitches" this week (Frank Carey) Re: NASDAQ (N Bender) Rat Dog column reports new web/e-mail scam (Barry L Gingrich) Re: End of daylight-saving time (Andy Marchant-Shapiro) Internet Besieged, edited by Denning and Denning (PGN) RISKS 19.45 11 November 1997 The "au pair" murder case and the Internet (Steve Bellovin, Thomas Dzubin) Law enforcement databases and the Internet (Steve Bellovin) AOL out again on Monday (Ed Fischer) Hijacked surfers get credits and refunds (Stevan Milunovic) New Pentium flaw (Chuck Weinstock, Torsten Hilbrich, Steven O. Siegfried) Recent Pentium opcode bug like Monoclonal Agriculture (Cary B. O'Brien) Phone company lets anyone change lines (Ray Todd Stevens) The RISKS of the multi-functional chipcard (Geert Jan van Oldenborgh) Technology and Privacy: The New Landscape, Agre and Rotenberg, eds. (PGN) RISKS 19.46 17 November 1997 Aviation: COTS ist zum Kotzen? Part I (Peter B. Ladkin) College web surveys hazardous to your server's health (Adam Elman) Thanksgiving in Microsoft Outlook 97: check your calendar (Martin Minow) Hackers break into Macedonian Foreign Ministry phones (Steven Slatem) First Y2K spam (Lloyd Wood) Fake flowers cost $19K: Nowak de-flowered? (Bear R Giles) Identity problem: Jim != James (Michael Zehr) Internet Explorer 4 buffer-overflow security bug fixed (Stevan Milunovic) Synergy between IE4 bug and Intel flaw (Per Hammer via Jonathan Levine) Fix for the new Pentium flaw (PGN) Workaround for the new Pentium flaw (John R Levine) Re: New Pentium flaw (Fred Gilham, Nicholas C. Weaver, Marco S Hyman, Steven O Siegfried, Jon Strayer, Pekka Pietik{inen, someguy) Netscape security curiosity (Jeff DelPapa) USENIX Security Symposium (Cynthia Deno) RISKS 19.47 26 November 1997 California's Deadbeat Dads Database (PGN) Forbes blames sabotage on hacker (Stevan Milunovic) With autopilots, who needs a dog to keep an eye on the pilot? (Robert Dorsett) Hacking cost businesses $800 million worldwide (Stevan Milunovic) Encryption of electronic mail in the European Community (Mike Ellims) Y2K and canned-goods expiration dates (Fernando Pereira) Ottawa firm registers "Y2K" as trademark (Yves Bellefeuille) Perils of grammar checkers (Azeem Azhar) Re: Major security flaw in CyberCash 2.1.2 (Steve Crocker) Another AOL meltdown (Ed Fischer) Problems with AOL (Simson L. Garfinkel) Risks of changed URLs (Arthur Flatau) Risks of blind acceptance (David Lesher) Re: Outlook for Thanksgiving (Guy J Sherr, Chris Adams) "Halting the Hacker" by Pipkin (Rob Slade) Re: Workaround for the new Pentium flaw (Roland Roberts) Pentium halting -- who needs DEBUG? (David G. Bell) Re: New Pentium flaw (Leonard Erickson, Robert Stanley, Nick Rothwell) Re: Pentium Fix? (Pekka Pietik{inen) RISKS 19.48 5 December 1997 Risks in a public database (David Lesher) Risks of bundling in Microsoft Internet Explorer (Bear Giles) Point-of-sale data diddling in Quebec (Mich Kabay) Lufthansa combats mobile phone Risk (Jim Griffith) GSM hack -- operator flunks the challenge (Ross Anderson) Bug threatens Net software: land.c (Stevan Milunovic) Kuji Walks (David Kennedy) Date-based random numbers and Y2K (Alan Hamilton) Re: Y2K and canned-goods expiration dates (Mark Brader) Ontario removes privacy controls on education (David Collier-Brown) Re: SET security (Jerome Svigals) shut down by custodian (Jitendra Padhye) Damage from powerline surges (David R Brooks) Web cache risks (Bjorn Borud) Perils of grammar checkers redux (Azeem Azhar) URL for paper on European encryption policy (Mike Ellims) RISKS 19.49 9 December 1997 What really happened on Mars Rover Pathfinder (Mike Jones) Potential software nightmare for International Space Station (Philip N. Gross) Mail from Microsoft Network Rejected by America Online (Edupage) Beware of HTML Mail (Tom Brazil, Navindra Umanee) Microsoft, CNET, BUGTRAQ and the 'land' attack (Geoffrey King) The ATM Debit Card Switcheroo (Lauren Weinstein) Reminder on Privacy Digests RISKS 19.50 14 December 1997 Programmable defibrillator bug (Steve Bellovin) Vandal posts ransom note on Yahoo (Edupage) Computerized test failure (Steve Bellovin) Insanely insulting spelling checker (Martin Bonner) On Weak RSA-keys produced from Pretty Good Privacy (Jean-Jacques Quisquater) Retraction on weak RSA-keys produced from PGP (Jean-Jacques Quisquater) Computer crash impacts Washington DC Metro (Epstein Family) Risks of new Motorola system (Matthew Healy) Re: Potential software nightmare for ISS [name withheld] Mars Pathfinder priority inversion (Bob Rahe) Automated translation from AltaVista (Seth David Schoen) Re: Beware of HTML Mail (Martin Minow) Software Fault Injection (Gary McGraw) 7th USENIX Security Symposium - Conference Program (Jackson Dodd) RISKS 19.51 19 December 1997 Brief KC power outage triggers national air-traffic snarl (PGN) Public-key crypto history vs cryptohistory (Steve Bellovin) Chinook helicopter engine software (Mike Ellims) AltaVista calls Esperanto communist (Philip Brewer) Privacy problems with patient data in hospitals, by Simson Garfinkel (via Fr. Stevan Bauman) Risk of seizure-inducing video (Bruce Martin) Re: Potential software nightmare for ISS (Bruce Stephens, name withheld) Satanic Risks? (Lindsay F. Marshall) "Concurrent Programming" by Fred B. Schneider (PGN) RISKS 19.52 24 December 1997 The Swedes discover Lotus Notes has key escrow! (Win Treese) Strong crypto code for authentication published online (John Gilmore) New Internet law attacks non-profit pirating (Edupage) Electric deregulation grid-lock (PGN) Has Microsoft already infected itself? (Nick Brown) Beware of diploma mills on the Net (Edupage) Risks of modern PABXs and digital phones (Nick Brown) Hackers attack game site (Stevan Milunovic) Adjust your defibrillator today! (Gary McGraw) Mobil Speedpass (Philip Koopman) Tufte and Information Density (Jeff Gruszynski) Re: KC power outage (William Hugh Murray) RISKS 19.53 6 January 1998 Sun Valley ski area forgets to back up (David Kipping) Debit-card program cancelled because of fraud (Steve Bellovin) Japanese bank records stolen (Steve Bellovin) Easter Eggs in Commercial Software (Larry Werring) Pharmacy computer keys on names, mixing confidential records (anonymized) MCImail spam blocker adds to woes (Michael M. Krieger) Spammers blackmail AOL (Stephan Somogyi) Sending the wrong message with flowers (Bear Giles) Re: What really happened on Mars Rover Pathfinder (Ken Tindell, Fred Schneider) Re: Adjust your defibrillator (Richard Cook) Re: Has Microsoft already infected itself? (David M. Chess, Eric Cholet) ERCIM-FMICS 3 - Call for papers (Diego Latella) RISKS 19.54 10 January 1998 China Imposes New Controls on Internet Access (Edupage) Risks of too-friendly browsers (Russell Aminzade) British Prisoners to Fix Y2K Problem (Winn Schwartau) GPS Jamming (Marcus L. Rowland) Microsoft(TM) Car (Mark C. Langston) Re: What really happened on Mars? by Glenn Reeves (Mike Jones) Re: Priority Inversion and early Unix (Greg Rose) System and Software Safety in Critical Systems - survey (Jonathan Bowen) Formal methods in industrial critical systems, call for papers (Diego Latella) RISKS 19.55 19 January 1998 Navy discharge case based on illegally gained AOL data? (David Sobel via PGN) "Dirty Secrets" of chip industry (Edupage) Maine Emergency Broadcast System lost power (Jason Yanowitz) Yet another risk of *not* trusting the technology (Rob Slade) TCAS near-miss (Steve Bellovin) Scares in the air blamed in hand-held gadgets (Ben Low) Design flaw in Microsoft Word? (Nick Brown) ActiveX controls -- You just can't say no! (Richard M. Smith) Risks of anti-spam measures (Nick Brown) A thought on backup and recovery after Y2K (PGN) Re: Easter Eggs in Commercial Software (Larry Werring) USENIX SECURITY SYMPOSIUM reminder (Cynthia Deno) Quality Week '98, Download Call for Participation RISKS 19.56 22 January 1998 CyberSitter to the rescue (Ross Johnson via Glen McCready) More on the Navy/AOL case (Declan McCullagh) Student expelled for writing hacking article (Declan McCullagh) Risks of Enhanced Ground Proximity Warning System (Jim Wolper) Risk of renaming a Windows 95 computer on a network (Mike Gore) Priority Inversion and early Unix (Jerry Leichter) PDP-11 Y2K leap-year-day bug (T Bruce Tober) Bad advice on Y2K (Bob Frankston) German bank offers reward for hacker info (Matt Welsh) "Technology and Privacy: The New Landscape" (Rob Slade) RISKS 19.57 26 January 1998 Air Force thinks push-pull technology too risky (Edupage) Risks of Transit Automation (Dave Pierson) OSS Risks, Bell Atlantic forgets AT&T charges in phone bill (Robert Perillo) robots.txt: ``Here is what I am not telling you.'' (Bertrand Meyer) Each step makes sense, but the result is broken (Cliff Sojourner) Y2K correction at IRS threatens 1,000 taxpayers (Mich Kabay) Y2K bug may lead to lawsuits (John Mainwaring) Y2K affects miniature enthusiasts (Lee Ann Rucker) Risks of making assumptions on education (Joe Thompson) Possible Netscape source code risks (John Wilson) Filing for divorce on the Internet (Steven M. Bellovin) Re: CyberSitter to the rescue (Nick Brown, Leonard Erickson) GPS position accuracy and EGPWS (Ron Crandall) CERT Advisory CA-98.02: Vulnerabilities in CDE (CERT) Re: Software Engineering Code of Ethics (Don Gotterbarn) RISKS 19.58 30 January 1998 Man jailed because of computer glitch (Bear Giles) False identification of child support deadbeats (Epstein Family) Y2K bug at major bank? (Andrew Walduck) Dangerous handling of null variables in programs (Mike Jeays) Internet Explorer flaw (Joseph Bergin) Location tracing service of handy phones starts in Tokyo (Kenji Rikitake) EuroParl Rpt on NSA, Trade, & Crypto Controls (Vin McLellan) Crash of A-320, Strasbourg (Alexandre Siniakov) Re: TCAS near-miss (Nancy Leveson) Re: robots.txt (Bertrand Meyer) 4-Letter words, Re: CyberSitter (Devon McCormick) Re: Possible Netscape source code risks (Dale Martin) RISKS 19.59 13 February 1998 Prisoner released due to program design flaw (Richard Fahey) California legislation proposed to limit Y2K liability (Terry Carroll) Report on ATC Outages (Peter B. Ladkin) Markus Kuhn and Ross Anderson's Soft Tempest (Martin Minow) High-tech car AA call-outs (Pete Mellor) Re: Crash of A-320, Strasbourg (Pete Mellor) Re: robots.txt (Bertrand Meyer) Re: Dangerous handling of null variables (Anthony W. Youngman) Re: Netscape, Fortify & the NSA (Vin McLellan, Ian Goldberg) Privacy on the Line, Diffie and Landau (Martin Minow) REMINDER: ISOC 1998 Network and Distributed Security Symposium (Dave Balenson) RISKS 19.60 27 February 1998 CyberAttack on the Pentagon (PGN) Former Director of the NSA says "no" to key escrow (PGN) Year 2100 compliance? (Tsutomu Shimomura) COMPAQ usability problem (Pete Mellor) Shuttle conversation; April already? (PGN) First Cybersex Pregnancy (Anthony E. Scandora Jr.) A little accidental porn-in-the-morn (PGN) DES-II-1 challenge cracked (David McNett) Re: Markus Kuhn and Ross Anderson's Soft Tempest (Lloyd Wood) Risk: Massive NT Outage due to Registry corruption (Mike Andrews) Airport Big Brother Blocks Buggies (Marcus J. Ranum) Dennings' "Internet Besieged: Countering Cyberspace Scofflaws" (Rob Slade) RISKS 19.61 3 March 1998 Auckland city center shut down due to lack of power (Peter Gutmann) Cybotage Risks, Information Warfare-Defense, CyberWar (Robert J. Perillo) Re: CyberAttack on the Pentagon (William Hugh Murray, Fred Cohen) Another way to take down the mail system (Rob Slade) DES-II-1 correction (Billy Harris) Vladimir Levin sentenced for Citibank Y2K Problem Hits Graveyards (Dave Graf) Re: Year 2100 compliance? (Leonard Erickson, Terje Mathisen) COMPAQ usability problem (Edward Chernoff et al.) Reminder on Privacy Digests RISKS 19.62 9 March 1998 New HDTV signal shuts down Baylor heart monitors (John P McGraw) The anti-crypto rhetoric ratchets up (Carl Ellison) Atlantic Monthly article on "The Lessons of ValueJet 592" (Andrew Patrick) RISKS of reverse telephone lookup systems (Matt Welsh) Re: CyberAttack on the Pentagon (Mike Perry) NAB accidentally spams its membership list (Ed Fischer) Update on Windows NT denial-of-service attacks (Matt Welsh) Re: Auckland power outage recovery risks (R.J. Burkhart) Newspaper spelling checker forgets Europe (Scott Ruthfield) Re: Year 2100 compliance? (Jonathan de Boyne Pollard) The Deception ToolKit (Fred Cohen) 5th ACM Conference on Computer and Communications Security final CFP (Gene Tsudik) Formal Methods for Industrial Critical Systems, CFP (Diego Latella) Telecommunications Policy Research Conference 98, CFP (Juan F. Riveros) RISKS 19.63 13 March 1998 Cell Phones Can Interfere with Auto Systems (Edupage) Remote viewing (Colin Rafferty) Three Army Web sites hacked (SINS) Windows NT 4 corrupting filespace and deleting directories (Silas S. Brown) Federal Prosecutors Indict Internet Gambling Operators (Edupage) Browser site autoexpansion strikes again (Tim Kolar) V-Chip: details, details (wb8foz) TV censors (PGN) For want of a hyphen, you get porn (James Willing) Re: Newspaper spelling checker forgets Europe (Mark Stalzer) Boise's city e-mail subject to FOIA (Doneel Edelson) Radar blip lost Air Force One (Doneel Edelson) Re: The anti-crypto rhetoric ratchets up (Scott R. Traurig) Re: COMPAQ usability problem (Pete Mellor) Re: Atlantic Monthly, "The Lessons of ValueJet 592" (E Florack) Re: The cost of deception (Richard Snider) ACM Policy '98 Conference Announcement (Policy 98 Info) New Security Paradigms Workshop, Call For Papers (Mary Ellen Zurko) Software Certification Conference: Call for Participation (Chuck Howell) RISKS 19.64 1 April 1998 Funding for a new software paradigm (Douglas Moran) Quantum computer cracks crypto keys quickly (Andrew) The Computer Anti-Defamation Law (PGN) Y2K: British Government moves to save civilisation as we know it (Nick Brown) Y2K and The Aviation Industry (Mike Ellims) Worried about Y2K? Now there's D10K! (Edupage) It's British Summer Time again... (Nick Rothwell) Crossing that bridge to the Year-2000 problem (Edupage) Microsoft EXCEL date error (yeeting) Gore congratulates 71-year-old senator on birth of twins (Aydin Edguer) Ron Rivest's nonencryptive Chaffing and Winnowing (Mich Kabay) EMI and TWA 800 (original author unknown) Phone scam alert: Social Engineering 101 (PGN) 9GB Cornell University Spam (James Byers) CFP, Research in Intrusion Detection (Phillip A. Porras) RISKS 19.65 2 April 1998 Problem in wintertime/summertime switching in Germany (Nikolaus Bernhardt) Y2K in China (Don Wagner) April First, a bad day for high tech in Holland (Paul van Keep) Hackers Exploiting Over 100 Holes In Windows NT (Shake Communications) Pull rip cord (Andrew Gabriel) Painful spell-checker mistake in WordPerfect (Jeroen Bruintjes) Risks of unfortunate product names (Roger Strong via Jim Griffith) Inaccurate study quoting, Re: anti-crypto rhetoric (Robert J. Perillo) RC5-64 Project can change laws on encryption technology (RC5 Team) Re: Funding for a new software paradigm (Fred Cohen) Re: DJ10K (Frank Markus) Re: Rivest's chaffing concept (Stacy Friedman) Re: EMI and TWA 800 (Piers Thompson) "Computers, Ethics and Society", Ermann/Williams/Schauf (Rob Slade) RISKS 19.66 9 April 1998 Stanford business school hit by [Windows] computer 'disaster' (PGN) More Windows Magic (Bob Frankston) LA county pension fiasco (Richard Schroeppel) AOL Stock Charts Posted Erroneously Due To "Malfunction" (Irvin Jay Levy) STOVEACT - Oops, Wrong Number... Gridlock! (Jeremy Leader) Re: EMI and TWA800 (Peter B. Ladkin) Re: Phone scam alert: Social Engineering 101 (PGN) Rice University spammed too! (Scott Ruthfield) Re: Funding for a new software paradigm (Nick Rothwell, Fred Cohen, Erann Gat) "Web Security: A Step-by-Step Reference Guide", Lincoln D. Stein (Rob Slade) ICDCS-18 cfp (Teruo Higashino) RISKS 19.67 14 April 1998 Cypherpunks break GSM digital cell phone encryption (Declan McCullagh) More on GSM crack ... (Declan McCullagh) AT&T frame-relay network down (Doug Montalbano, Leslie Howard) Starbucks flames out (Mark Richards) Critical mass or critical mess? (John Fleck) NASA Finds Problems In EOSDIS Flight Operations Software Development (Ron Baalke) L.A. County pension fund $1.2 billion shy (Steve Bellovin) Ruminations on MS security (A. Padgett Peterson) AOL Long Distance electronic billing (Steve Klein) 'Inverse Y2K'? (Streaky_Bacon) Daylight Savings Time disaster (Henry Spencer) UK considers universal CV database (Wendy Grossman) Lexis-Nexis archives don't match print versions (Jorn Barger) Tamagotchi revisited: Driver saves virtual pet, kills cyclist (Fred Ballard) House Cat Kills Power to Dhaka Commercial District (Zachary Tumin) Inaccurate study quoting (Fred Cohen) Map maker sued in Dubrovnik T-43A crash (Matt Welsh) RISKS 19.68 16 April 1998 Commerce Secretary calls U.S. encryption policy a failure (Edupage) IRS to spend $1 billion to fix Y2K problems (Declan McCullagh) Only 1/3 of popular Microsoft apps are Y2K compliant (Chris Stamper via Declan McCullagh) Y2K and the eagle talon (Josh Rivel via Dug Song) Gas station owners forbid use of mobile phones ... (Steven Slatem) Tacoma, WA 911 computer problems (Jonathan Clemens) Comvor: Hamburg police computer system (Martin Virtel) Risks of being a pioneer: KL International Airport (John Lim) AT&T network failure takes a toll on commerce (Edupage) AT&T frame relay network effects (Brian McMahon) HP200 data integrity woes (Fred Cohen) Webmaster's copyright risks (Mario Profaca) Re: Cypherpunks break GSM digital cell phone encryption (Stewart Fist) CFP: Dependable Computing for Critical Applications 7 (Chuck Weinstock) RISKS 19.69 22 April 1998 Pentagon to take stronger computer security measures (Edupage) Hackers claim major U.S. defense system cracked (PGN) Risks of placing too much trust in large site operators (Drew Hamilton) Report on new En Route Centre NERC for UK ATC (Pete Mellor) Internet Jurisdiction (Rob Bailey) Euro changeover tougher than Y2K? (David Wittenberg) Re: Only 1/3 of popular Microsoft apps are Y2K compliant (Michael Levi, Mark Stalzer) Y2K on the road (Evan McLain) Re: Y2K and the eagle talon (Paul Thompson) GSM Alliance Clarifies False & Misleading Reports of Cloning (Geoff Goodfellow) Re: Mobile phones in gas stations (Michael Bacon) Re: HP200 data integrity woes (Morten Norman) Risk: Going to jail innocently over a speeding ticket (Steven Murphy) Reminder on Privacy Digests (PGN) RISKS 19.70 28 April 1998 A new kind of "sin attack"? (Keith Bostic) Pentagon break-ins and the release of classified information (Fred Cohen) Yes, Virginia, no classified information is ever leaked... (Identity withheld) Bill Gates' demo of Windows 98 (PGN) Software clandestinely uploading names and e-mail addresses (Valentin Pepelea) The problems of no human verification (Iain "Kaos" Holmes) Re: For want of a hyphen, you get porn (Identity withheld) Shoulder-Surfing Automated (Mark Brader) Re: Worried about Y2K? Now there's D10K! (Gregory Bond) "Experimenting" with the net's generosity and gullibility (George Swan) Re: 1/3 of Microsoft apps Y2K compliant (Li Gong) REVIEW: "Beyond Calculation", Peter J. Denning/Robert M. Metcalf (Rob Slade) RISKS 19.71 1 May 1998 Washington Metro Stops Payments on Troubled Computer (D. Scott Lucero) Euro phone network collapse: France'98 Cup tickets (Cris Pedregal Martin) A case of GPS jamming by a computer-test failure (Peter B. Ladkin) Software clandestinely uploading: Intuit TurboTax? (Mike Williams) British ATMs authenticate with iris-scanning (Tim Pierce) Re: A new kind of "sin attack" (Reuben G. Torrey) Re: Yes, Virginia, no classified information is leaked... (Michael Hogsett) Outrunning Bears (Adam Shos