precedence: bulk Subject: Risks Digest 19.00 (98), Volume 19 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest 25 September 1998 Volume 19 : Issue 00 (98) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 19 (1 April 1997 to 25 September 1998) (NOTE: This summary is archived in ftp file risks-19.00 at ftp.sri.com, and is also at http://catless.ncl.ac.uk/Risks/19.00.html.) ---------------------------------------------------------------------- Date: 23 Sep 1998 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to the automated list server, with first text line SUBSCRIBE or UNSUBSCRIBE [with option of E-mail address if not the same as FROM: on the same line]. INFO gets you this file. HELP gives instructions on using the Majordomo listserver in other ways, although not all are implemented for RISKS. CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, nonrepetitious, and without caveats on distribution. Diversity of content is welcome, but personal attacks are not. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses. Contributions will not be ACKed; the load is too great; if you feel neglected, send a follow-up message. **PLEASE** include your name & legitimate Internet FROM: address. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Particularly relevant contributions may be adapted for the RISKS sections of issues of ACM SIGSOFT Software Engineering Notes. * Submissions: By submitting an item that is accepted for publication in RISKS, the author grants permission for unlimited public distribution and redistribution in electronic or other form. * Reuse: Blanket permission is hereby granted for reuse of all materials in RISKS, under the following conditions. All redistributed items must include the Risks-Forum masthead line. All reuse must be accompanied by the following statement: Reused without explicit authorization under blanket permission granted for all Risks-Forum Digest materials. The author(s), the RISKS moderator, and the ACM have no connection with this reuse. As a courtesy, reusers of individual items (as opposed to forwardings of entire issues) should notify the authors, and should pay particular attention to any subsequent corrections. RISKS can also be read on the web at URL http://catless.ncl.ac.uk/Risks Individual issues can be accessed using a URL of the form http://catless.ncl.ac.uk/Risks/VL.IS.html [yes, VL = volume, IS= issue] (Please report any format errors to Lindsay.Marshall@newcastle.ac.uk) RISKS ARCHIVES: ftp://unix.sri.com/risks if your browser accepts URLs, or ftp unix.sri.comlogin anonymous[YourNetAddress] cd risks or cwd risks, depending on your particular FTP; Issue J of volume 20 is in that directory: "get risks-20.J". For issues of earlier volumes, "get I/risks-I.J" (where I=1 to 19, J always TWO digits) for Vol I Issue j. Vol I summaries in J=00, in both main directory and I subdirectory; "bye" I and J are dummy variables here. REMEMBER, Unix is case sensitive; file names are lower-case only. =CarriageReturn; FTP.SRI.COM = [128.18.30.66]; FTPs may differ; Unix prompts for username and a password. Search engines may find other mirrored sources, but those do not necessarily reflect occasional amendations. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS and illustrative.pdf PRIVACY DIGESTS: * The PRIVACY Forum is run by Lauren Weinstein. It includes a digest (which he moderates quite selectively), archive, and other features, such as PRIVACY Forum Radio interviews. It is somewhat akin to RISKS; it spans the full range of both technological and nontechnological privacy-related issues (with an emphasis on the former). For information regarding the PRIVACY Forum, please send the exact line: information privacy as the BODY of a message to "privacy-request@vortex.com"; you will receive a response from an automated listserv system. To submit contributions, send to "privacy@vortex.com". PRIVACY Forum materials, including archive access/searching, additional information, and all other facets, are available on the Web via: http://www.vortex.com * The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is run by Leonard P. Levine. It is gatewayed to the USENET newsgroup comp.society.privacy. It is a relatively open (i.e., less tightly moderated) forum, and was established to provide a forum for discussion on the effect of technology on privacy. All too often technology is way ahead of the law and society as it presents us with new devices and applications. Technology can enhance and detract from privacy. Submissions should go to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. ------------------------------ SUMMARY OF RISKS VOLUME 19 (1 April 1997 to 25 September 1998) (archived in ftp file risks-19.00) RISKS 19.01 1 April 1997 French computer systems found to be immune to Y2K problems (John O'Connor) The Year 2100 Problem: a simple solution (Martin Minow) Microsoft buys Sun (Mark Stalzer) Maybe we should start a "savoracle" e-mail address (Martin Minow) The risk of perceiving the usual as normal (Gene Wirchenko) Spry policy change causes e-mail denial (Michael Miora) Unsecure online banking (David Ross) AT&T Worldnet snafu/scam (Matt Holdrege) Free book because computers cannot lie (Mich Kabay) Re: Computer model blamed for $83 Million loss (Mark Stalzer) Re: RISKS of tracking packages (Matt Welsh) Correction for ``hard core bits'' reference (Paul Eggert) Re: all-ways green lights (Mark Brader, Steve Summit, Dik T. Winter) "Child Safety on the Internet" by Distefano (Rob Slade) RISKS 19.02 02 April 1997 Strange buzzing sound in computer mouse caused by solar wind (Martin Minow) CalTrain computer stolen -- rider alert (Adrian Brandt via Al Stangenberger) Another NT security flaw (PGN) Re: The Year 2100 Problem: a simple solution (Mark S. Fineman) Embedded Chips Suffer from Year 2000 Problem, Too (Edupage) Re: Greenwich Mean Time just changed by 1 hour (A. Grant) Daylight savings time (Andre Sintzoff) UPS Tracking System experience [name withheld by request] Meta-risks of browser flaws (Matthew D. Healy) Re: SSL Browser Vulnerability Discovered (Eric Rescorla) Vulnerable Web forms (Anup K. Ghosh) Re: Risks of automatic spam blockers (Dan Zerkle) Spam-proofed "From:" lines (Wayne Mesard) Re: UK Banks' clearing system problem (Jerry Leichter) Microsoft Typography: Bug or Feature? (Rodger Whitlock) COMPASS '97 conference agenda (Dolores Wallace) RISKS 19.03 3 April 1997 New Zealand Police system (Richard A. O'Keefe) RISKS of disconnecting without first connecting (Bryan O'Sullivan) Re: UK TTP licensing proposals (Michael Bacon, Ross Anderson) Another Y2K Problem for Banks (Bruce Horrocks) All-ways green lights ... it's all in the timing (Richard Cook) RISKS 19.04 4 April 1997 Moynihan Commission hooked on Penpal virus hoax (George Smith) Sheriff prefers jail-door computer malfunction to April Fool's joke (Darrell R. Pitzer) The ghost of the Pentium FDIV bug (Frank Solomon) War story on errors in library versions (John Paulson) Re: CalTrain computer stolen -- rider alert (Mike Lipsie + Al Stangenberger) Emergency! Crisis in the Cockpit, by Stanley Stewart (Robert Dorsett) Spam, the naming of parts (Dan Sheppard) But I don't LIKE spam... (John Oram) Re: Spam-proofed "From:" lines (Curt Sampson, Tim Pierce) Re: Risks of automatic spam blockers (C Matthew Curtin, Ted Wong, Harlan Rosenthal, Dan Franklin, J. DeBert) RISKS 19.05 7 April 1997 Social Insecurity (Simson L. Garfinkel) Identity Theft (PGN) More on the Guyana Telephone Scam (Dewi Daniels) Woman trapped in tanning bed (Michael Mahr) Time-change risks and DECnet (Ian Brogden) Follow-up on Joseph Jett (Rich Mintz) Re: Elections Canada and the Net (Mark Brader) Not a forgery! (Vivek Sadananda Pai) Re: The ghost of the Pentium FDIV bug (Allan Heydon) RISKS 19.06 10 April 1997 NY City electronic voting machines: $20 million wasted (Ed Ravin) YAAXF: Yet Another ActiveX Flaw (David Kennedy) RISKS of Mail Merge for Ontario Tories (Mich Kabay) RISK of power of two: 25.6 mm per inch! (Richard Black) BMW fixes transmission via dialup to car (Nick Zervas) Re: Generating randomness (Paul C. Kocher) Programs broken by daylight savings time switch? (Earl Truss) Re: DECnet time-change (Larry Kilgallen, Jerry Leichter) Re: Greenwich Mean Time just changed by 1 hour (Jeff Uphoff) Re: Y2K: revenge of originality (Charlie Shub) Blue Cross automated SSN update system (Jeremy Epstein) SSA Web/PEBES and Cross-Matching (John M. Willis) Re: Social Insecurity (Richard Hollands) PEBES "security" even weaker than described (D.V. Henkel-Wallace) Re: Meta-risks of browser flaws (Rob Bailey) Re: Not a forgery! spamming (Vivek Sadananda Pai, Simson L. Garfinkel) RISKS 19.07 14 April 1997 Swedish Narcotics Police Demand Telephone Card Database (Martin Minow) AOL Mail Latency (Dave Kennedy) Parkers pass out uncompliments (Michael O'Donnell) Old RISK: ``Computers are never wrong.'' (Joe Carlet) Risks of user migration (Al Donaldson) UK and Y2K: $50 billion (PGN) UK MoD and Y2K: 100 million pounds to reboot missiles (Geraint Price) GMT and Win95 (Michael Bacon) Computer kiosks (Bob Frankston) "Crack-A-Mac" contest results (Martin Minow) Magic-number reuse (Paul Brebner) Air collision RISK from increased accuracy (John Brooks) Re: RISKS of Mail Merge for Ontario Tories (Mark Brader) Re: Blue Cross automated SSN update (Harlan Rosenthal) Fun with export/import controls (Steve Gibbons) On the naming of names (Danny House) Telecommunications & Democracy: Historic Citizens' Report (Richard Sclove) RISKS 19.08 15 April 1997 Bizarre case of techno-harassment (PGN) Fake "PGP CRACKED" message lures users into trap (Derek Ziglar) When BC: really means CC: in e-mail (David Kennedy) The risk of a personalized act of kindness (Sam Lepore) New Trolling Scam on MSN (David Kennedy) IVHS vehicles and safety assumptions (Rich Mintz) Re: Parkers pass out (Simson L. Garfinkel) Re: Computers are usually right! (Bob Morrell) Y2K scenarios: a call for a vote (Bob Morrell) More on GMT vs BST: RS6000 (David Alexander) Re: GMT, BST, and "current civil time" (John Styles, Martin Minow) Re: Standard to Daylight and back (Sergio Gelato) Risks of not using Ridiculously Priced Technology (Sara Thigpen) Re: RISKS of Mail Merge for Ontario Tories (Tim Kuehn) RISKS 19.09 17 April 1997 Why Bre-X crashed the Toronto Stock Exchange (Dave Wortman) "Big Glitch Hits MSN E-mail" (PGN) "Heading off emergencies in large electric grids" (IEEE Spectrum via PGN) "My Hairiest Bug War Stories" (CACM via PGN) The risks of not using your own security measures [name withheld by request] Daylight savings change problem (Steve Doig) Using GPS as your time standard (Bernard Lyons) Re: Fake "PGP CRACKED" message lures users into trap (Fred Cohen) Re: DES Challenge risks (Thomas Koenig) Re: Social Security--the other side (Carey Tyler Schug) Re: YAAXF: Yet Another ActiveX Flaw (Russ Cooper) They fixed one! 11-digit dialing in San Diego (Mark Seecof) Re: Risks of Mail Merge for Ontario NDP (Mark Connolly) Daylight Time and UTC (Maggie Iaquinto) Re: More on GMT vs BST: RS6000 (Andrew Yeomans) Re: GMT, BST, UTC and all (Ian Miller, Bernard Lyons, Ian Stephens) "Network Security" by Kaufman/Perlman/Speciner (Rob Slade) RISKS 19.10 22 April 1997 Paperclip stopped trains in Finland (Jari M=E4kel=E4) 2 jets in near-miss approaching LAX; pilot blames autopilot (PGN) Re: Air collision risk from increased accuracy (Mike Rogers) Privacy Legislation (Edupage) Re: cyberstalker: house invasion a hoax (Ron Pfeifle) Re: cyberstalker: RISKS of assuming "high-tech" (Mich Kabay) Re: Hairiest Bug Stories (Steve Sapovits) Y2K and PARSLEY: Upgrade woes (Pete Mellor) Re: GMT and UTC (Martin Minow) Year-2000 Cost Estimates Rise (Edupage) Re: RISKS screwups on time changes (Michael Bacon) Re: IVHS vehicles and safety assumptions (Alan M. Hoffman, Mich Kabay) Law Review Article on Spam (Martin Minow) Re: Risks of automatic spam blockers (Dimitri Vulis) Re: "Crack A Mac" contest (Martin Minow) Addendum to DES Challenge RISKS (Thomas Koenig) Re: 11-digit dialing (Lauren Weinstein) RISKS 19.11 28 April 1997 Java security flaw (Dirk Balfanz/Drew Dean/Edward Felten/Dan Wallach) Mad Cows: Trust the computer (Charlie Lane) Chicken Little, where are you when we need you? (A. Padgett Peterson) Poltergeist beds (Mich Kabay) Microsoft redefines comic strips! (Marc Salverson) Computer Contributes to 747 Tail Scrape (Mike Rogers) Death by Equifax (Chuck Jerian) Re: Hairiest Bug Stories (Henry G. Baker) When software vendors drop products (Mark Seecof) Re: Elevators vs stairs: the risks of distrust (Geert Jan van Oldenborgh) Re: Air-collision risk due to improved --i.e., GPS-- accuracy (Hal Lewis) Re: IVHS: fly-by-wire risks (David Alexander) Risks of what everyone "knows" (A. Padgett Peterson) Re: IVHS vehicles and safety assumptions (Kevin Clifton) Re: Cyberstalker: house invasion a hoax (Michael Shiplett) YOMDSTCS: Yet One More DST-Change Story (Varda Reisner Bruhin) Crypto '97: Information and Registration (Bruce Schneier) RISKS 19.12 2 May 1997 Internet routing black hole (PGN) California child-support deadbeat database flawed (PGN) Levi Strauss personnel data stolen (PGN) Risks of credit fraud and identity theft, and PEBES (PGN) James Sanders' Book on TWA 800 (Peter Wayner) [name corrected in archive] I see a new idea for 1-900 service: prescriptions by modem (Rob Bailey) Motorola may take legal action over health claims (Mich Kabay) Re: Reuters techie brings down trading (PGN) A Labour-ious spelling-checker story (Finn Poschmann) A spell-binding RISK (Mike Lee) On the naming of names (Adrian Robson) Risks of electronic thesauri (Steve Schafer) Re: More on GMT vs BST: RS6000 (Dave Sparks) Re: YOMDSTCS: Yet One More DST-Change Story (Steve Work) RISKS 19.13 9 May 1997 Time-Bomb Ticks In No-Name Pentium Motherboards (Mich Kabay) Cyber Promotions slammed, spammed, and dammed (PGN) Power system loss, despite multiple redundancy at London Telehouse (Tim Sheen) No more fingers in the dike: big flood gates (Geert Jan van Oldenborgh) Netscape News reader risk (Lindsay F. Marshall) Bug in Netscape shows whose C compiler they use (Paul Robinson) Is E-Mail Safe? (John Mainwaring) Norwegian surveillance camera (Martin Minow) Year 2068 problem (Adam Shostack) Dept of stupid statistics: Internet fraud (Richard Schroeppel) Social benefits of comp.risks (Harold Asmis) Keypunching data leaks (David Kennedy) Re: A Labour-ious spelling-checker story (Paul Andrew Solomon Ward) Swedish Phreaker Fined (David Kennedy) Re: James Sander's Book on TWA 800 (Marty Ryba, Fred Ballard, Clark Merrill, Pete Mellor, Mark Stalzer) RISKS 19.14 14 May 1997 Russian nuclear warheads armed by computer malfunction (Matt Welsh) All your eggs in one basket! Telehouse power and UK Net outage (Azeem Azhar) Yet another web page hacked: Swedish meat balled up (Martin Minow) Judge throws out 2 out of 3 DEC keyboard verdicts (Edupage) Kansas Sex-Offender Database seriously flawed (Robert Davis) Internet Explorer runs arbitrary code: MIME type overridden (Mark Fisher) GAO report says Pentagon overpaid contractors by $$millions (Fred Ballard) Risks of Ignoring Scale (Fred Ballard) Unsecure Databases (Steve Branam) A definitive clarification of time measurement (John Laverty via Peter B. Ladkin) Y2K fixed? But what about the month? (Phillip G. Felker) DES challenge news (Thomas Koenig) MD5 weakness and possible consequences (Thomas Koenig) RISKS 19.15 15 May 1997 Pentium II math flaw (John Sheehy) Re: Time-Bomb Ticks In No-Name Pentium... (Henry G. Baker, Joan L Brewer) Re: US Navy response to USS Vincennes airliner shootdown (Jonathan Thornburg) Re: Power system loss, despite multiple redundancy (Ray Todd Stevens) Re: No more fingers in the dike: big flood gates (Nick Brown, Amos Shapir) Re: Swedish Phreaker (Kurt Fredriksson) ACM lacks $50 (Bertrand Meyer) Signature scam? (John Elsbury) Dialing someone who became `road kill' on the Information Superhighway (Paul Robinson) RISKS of subscribing yourself to an e-mail database service (Steve Andre') Choosing and protecting your password: NOT! (Mike Wilson) Re: Year 2069 problem (Hallam-Baker) Workshop on safety-critical systems standards (Victoria Stavridou) FMICS2 Programme and Call for Participation (Diego Latella) RiskWorld (Mary Bryant) RISKS 19.16 17 May 1997 Power outage crashes 1529 Bank of America ATMs (Mathew Lodge) Poorly debugged new software results in $98,000 mistake (Tim Rushing) More high-tech driver's license systems stolen (Gary Grossoehme) On-line brokerage-trading passwords in plaintext (Cliff Helsel) Security of Social Security Administration Database (John Pescatore) Re: MD5 weakness and possible consequences (Wayne Mesard, Geoffrey Leeming) The Year 65536 bug bites early! (Joshua M Bieber) Re: ~2K (Bob Frankston, Peter B. Ladkin) newmediagroup.com headers were forged in junk e-mailing; retaliation against my public anti-SPAM activities (Jim Youll) Re: ACM lacks $50 -- or not... (James K. Huggins, Fred Cohen) "Electronic Democracy" by Browning (Rob Slade) RISKS 19.17 21 May 1997 RISKS of Key-Recovery Encryption (Matt Blaze) Sun exploits loophole in crypto ban (PGN, Michael C. Taylor) Election Reporting in a NaNy State (Mark Brader) Risks of paying attention to uncontrolled e-voting (Ashley Craddock via Mich Kabay) Another Computer Bug: Ants in the Machine (Mich Kabay) Information-Hiding Workshop (Ross Anderson) Re: newmediagroup.com headers were forged ... (Arnt Gulbrandsen) Taking redundancy too literally (Bruce Horrocks) Frequency standards (Hal Lewis) Clock synchronization and relativity (Andrew J Klossner) Re: ~2K (William Lewis, Hal Lewis, Mark Stalzer, Greg Smith, Bob Frankston) RISKS 19.18 22 May 1997 Software problems with new-generation air-traffic control center (Peter B. Ladkin) On-line change of postal address (Peter Scott) Petrol bowser fun and games (Stuart Lamble) Anti-spam bill introduced in U.S. House (Jim Griffith) Anti-spam bill introduced in U.S. Senate (Lance J. Hoffman) E-mail disaster: inadvertent use of a mailing list (Don Byrd) DEC's OpenVMS has Y2K problem on 19 May 97: UNIX compatibility (Smith and O'Halloran plus Tim Shoppa) Risks of key recovery - and likely ineffectiveness (Clive Page) Security risks from active usenet articles (Steve Atkins) Java security architectures/testing methodology/flaws (Emin Gun Sirer) Abortion.com suspends poll (Mich Kabay) Re: Power system loss, despite multiple redundancy (Al) Re: Fire ants and computers (James H. Haynes) Re: Clock synchronization and relativity (Wayne Hayes) Double Positives (Barry Jaspan) Re: Time-Bomb Ticks in No-Name Pentium ... (William Hacker) Risks of out of context information (Richard Brodie) RISKS 19.19 29 May 1997 FBI sting nabs man trying to sell 100,000 credit-card data items (PGN) Computer fraud in subscribing to telephone service? (Thomas Brazil) Oklahoma bombing trial transcripts (Henry G. Baker) Area-code switcheroo (Gary McGraw) How Secure Is AT&T's WorldNet Security? (Brian S. McWilliams) Eavesdropping tools used by drug barons (Peter Wayner) AltaVista stores username/password for shopping malls (Fredrik Pihl) Re: On-line brokerage-trading passwords in plaintext (Hal Lewis) Risks of lying on return address of spam (Mich Kabay) Anti-spam bill introduced in U.S. Senate (Abigail) Re: E-mail disaster: inadvertent use of a mailing list (Dorothy Denning, Joe Carlet) Re: JVM verification (Li Gong) General relativity vs special relativity (Steven M. Schweda) Re: Fire ants and computers (Simson L. Garfinkel, Vexxallarius Venturi) Re: On-line change of postal address (G. Allen Morris III, Evan McLain) Final version of "Risks of Key Recovery" available (Matt Blaze) RISKS 19.20 31 May 1997 Spam and yeggs? Brake fast, or be devoured! (PGN) KGB infiltrates MI5 on the hotline (Mich Kabay) Privacy and car navigational systems (DonNorman) Prison guards leak sensitive computer data (David Kennedy) Runaway train-ticket vending machine (Tim Pietzcker) Lost Pond: Jurassic Duck (Mich Kabay) Risks of caring for an electronic pet (Mich Kabay) Florida "Computer Gang" Members Arrested (David Kennedy) Grappling with the risks of ATMs and heavy machinery (John Oram) Re: How Secure Is AT&T's WorldNet Security? (Steve Bellovin) Microsoft and Privacy ("cooler" via Mich Kabay) [added para in archive copy] Re: Computer fraud in subscribing to telephone service? (Geoff Kuenning) Re: Postal Service change of address (Lauren Weinstein) Re: General relativity vs special relativity (Frederick G.M. Roeber) Call for Papers -- IFIP WG 11.3 Working Conf on Database Security (Sushil Jajodia) RISKS 19.21 5 June 1997 Programmed Tunnel-Digging Robot (Robert J. Sandler) Cashless not crashless (David Hood) Revenge spam hits antispammer (Beth Arnold) Anti-spam missile misfires... (Reuben G. Torrey and Richard Karash) Big Brother strikes again... Netcheck New Zealand (Bruce J. Fitzsimons) When is 0 not 0? The wonderful world of the Web (Clarke Christopher Turrall) Java has a similar problem to the 2000-year problem (Quinton Jansen via Lindsay F. Marshall) Attack on California's electric power infrastructure (Betty G.O'Hearn) Indictments for Computer Chip Theft (Edupage) Commands without timeout (Nick Brown) Re: Computer fraud in subscribing ...? (Kevin McCullen) Re: newmediagroup.com headers were forged ... (Barry Brown) Re: Florida "Computer Gang" Members Arrested (Mich Kabay) Uniform password method (Ken Knowlton) Re: Microsoft and Privacy (Marnix Arnold) Re: Time-zone bug in Canadian election (Mark Brader) Re: Lost Pond: Jurassic Duck (Michael Handler) Re: Senate anti-spam bill (Ray Everett-Church) More dangers of e-mail to the wrong users (Aviel Rubin) RISKS 19.22 12 June 1997 Washington D.C. air traffic slowed (PGN) Poorly designed train signal nearly causes crash (Martin Minow) Computer glitch slows trains (Jeremy Epstein) Cut cockpit wiring found on airliner (Matt Welsh) Company blackmails Netscape for details of browser bug (Jim Griffith) Censorship from half way around the world (Jeremy Freeman) Smith Barney customers become momentary millionaires (Jim Griffith) Texas Drivers in the Privacy Pothole (Lauren Weinstein) Largest Database Companies to Restrict Use of Personal Data (Edupage) Risks of being a spammer (Jim Griffith) Major corporation's misconfigured FTP server (John P. Wilson) 3001: Improving A Classic (Scot E. Wilcoxon) Geez Pleez Sloueez (Mark E. Ingram via Peter Ladkin) Re: When is 0 not 0? The wonderful world of the Web (Mathew Lodge, David Jones) IFIP WG 11.3 Working Conference - August 11-13, 1997 (David Spooner) CFP: 1998 Symposium on Network and Distributed System Security (Matt Bishop) CFP: The Impact of the Internet on Communications Policy (Nora O'Neil) RISKS 19.23 26 June 1997 U.S. Supreme Court rules on Communications Decency Act (PGN) RSA's DES challenge achieved (PGN) McCain-Kerrey Secure Public Networks Act (PGN) Revised Internet Regulation in China Announced (Li Gong) "Hackers" get into Ramsay case computer (Jonathan Corbet) Backhoe-attack cable thief disables phone service in Russia (Betty G.O'Hearn) Malfunction Causes Motor Melee (Scott Lucero) 1998-1999 Leonids may damage satellites (Jonathan Nash) Unix path risks -- well-known, but still amusing (Michael Patrick Jackson via Alan Wexelblat) Microsoft Web site Interrupted by cracker (Edupage) MS Outlook sends e-mail on Ctrl-Enter when editing with Word (Michael Passer) Malepropylene Microdictus (Stephen Speicher) Re: Software Problems with new UK ATC Center (Andres Zellweger) Old risks, new villains... when will they learn? (Quinn Yost) 7-Eleven Big Brother (Mich Kabay) UK Government proposes ID numbers for 4-year-olds (Gary Barnes) Chip Theft by Home Invasion (David Kennedy) Re: Company blackmails Netscape for details of browser bug (Dorothy Denning) Netscape vs. Cabocomm (Andy Waldis) "Secret Power" claims to expose secret international spying networks (Betty G.O'Hearn) RISKS 19.24 16 July 1997 Errors in California's Megan's Law sex offender CD ROM (Karen Coyle) Website on Spreadsheet Research (Ray Panko) "*sex" County sites blocked (Frank Carey) Jon-Benet Ramsay case "hackers" unmasked: dead battery (Bear R Giles) Credit-card numbers stolen from the Web (Drew Dean) Lewis satellite downlink jammed by car alarm (George Michaelson) Aircraft and Passenger Electronics; FMS Nav Data (Peter B. Ladkin) Mid-air collisions (Hal Lewis) Faulty lavatory smoke detector lawsuit (Frank Carey) High-technology toll road six months late in Ontario (George Swan) "DA computer chief almost loses all to clever sabotage" (James H. Haynes) Re: MD5 weakness and possible consequences (Bear R Giles) DEC Alpha Bug?!? (Gregory F. March) Manual compositing of reuters news on yahoo cocks up (George Michaelson) Calendars (Andrew R Koenig) Follow-up to backhoe attack on cable (Cliff Krieger) Anti-spam technology (Simson L. Garfinkel) List of known macro viruses (Klaus Brunnstein) Web Security & Commerce, Garfinkel with Spafford (PGN) 7th USENIX Security Symposium, Call for Papers (Avi Rubin) RISKS 19.25 18 July 1997 Partial failure of Internet root nameservers (Daniel Pouzzner) Norwich Union to make e-mail libel payout (Jonathan Bowen) Phone industry wants FCC's help against FBI's wiretap plans (Edupage) Voice-controlled MS WORD (Edupage) Medical computer crashes (Tom Van Vleck) New York State information-systems learning standards (Frederick W. Wheeler) Regulatory Improvement Act requires risk assessments (Mary Bryant) Unique definition of "proof of correctness" (Daniel P.B. Smith) Vigilante fallout from the Megan's Law CD-ROM (Joel G) Re: Website on Spreadsheet Research (John R. Levine) DEC Alpha Bug, final resolution (Gregory F. March) Security risks from active usenet articles (Jonathan de Boyne Pollard) Re: Faulty lavatory smoke detector lawsuit (PGN) DA Computer Chief Almost loses Job:" follow-up report (Curtis Karnow) Anti-spam redux (Simson L. Garfinkel) comp.risks was spammed last night (PGN) The truth about Usenet's Psychic Spammers! (Greg Corteville) "25 Steps to Safe Computing" by Sellers (Rob Slade) RISKS 19.26 26 July 1997 Satellite transmission snafu leads to diplomatic incident (Nick Brown) Ghost account nets $169K embezzlement (PGN) 401(k) off-by-one errors () AOL customer phone-number availability (PGN) General Mills & AOL in sleazy partnership: Chex Quest CD-ROM game (Bruce N. Baker) Risks of relying on text search (Derek Lee Beatty) Risks of URL completion (John Pettitt) Computer jargon enters mainstream, is hit by truck (Mark Durst) The dangers of Explorer-ation (Roger Barnett) Win 95 TCP/IP Hole (Alex Klaus) Re: MD5 weakness and possible consequences (Paul C. Kocher) Re: Voice-controlled MS WORD (Tai, Christopher Kline) Re: Medical computer crashes (Jonathan de Boyne Pollard) Y2K: a different solution (Driss) Re: DEC Alpha Bug, final resolution (David Chase) Re: The truth about Usenet's Psychic Spammers! (H.Shrikumar, hymie) RISKS 19.27 1 August 1997 45,000 GSM phones recalled for software upgrade (Veliddin Eran Sezgin) 24 more California DMV clerks fired in fraudulent license scheme (PGN) Another phony-fax get-out-of-jail scheme (PGN) Offshore Internet gambling taking *off* (PGN) Strong Capital sues alleged hacker-spammers (Mich Kabay) Risks of ordering airline tickets online (Craig Macbride) What to do about software patents () Re: AOL customer phone-number availability (Bill Seurer) Political vs Technical Errors in CA Megan's Law CD ROM (Ed Wright) Re: The dangers of Explorer-ation (Steve Loughran) Re: DEC Alpha Bug: Intel x86 FPU Diagnostics (Steven Healey) Re: DEC Alpha Bug, final resolution (Daniel A. Graifer, David R Brooks) Re: General Mills, AOL, Chex Quest (Steve Lumos, Doug Linder, Padgett Peterson) Re: Y2K: a different solution (Robert J. Sandler, Dave Weingart) CfP: Y2K in Health Informatics Journal (M.F. Smith) "CyberLaw: The Law of the Internet" by Rosenoer (Rob Slade) RISKS 19.28 7 August 1997 USENET gateway flaw plus immoderation in bypassing moderation (RISKS) Name collision lands robbery victim in jail (PGN) IRS erroneously send out 90,000 tax warnings Hong Kong slip reveals press info (David Kennedy) Four-star general upset with privacy invasion (Glen Roberts) On-line court information system raises access questions (Brian Schimpf) Internet access to criminal records info (Nancy Talner) Is Microsoft distributing viruses? (Gerhard Duennebeil) Bill would make software copying a felony (Edupage) Chicago flooded with counterfeit bills (David Kennedy) Ctrl-Alt-Del (Paul VanDyke) Clean Sweep wasn't quite soon enough (Jim Horning) Electronic airline ticketing (Jordin Kare) E-mail readers and snooping (Bryan C. Hains) Re: What to do about software patents (Anthony E. Siegman, Ray Todd Stevens) Urban legends, in this case a true one: General Mills/AOL (Brad Elmore) RISKS 19.29 11 August 1997 Software error may have contributed to Guam crash (Steve Bellovin) Plane crashes into power lines near Los Angeles (PGN) Explosion causes Internet blackout in New England (Edupage) Vonneguten Morgen, Mary Schmich! Internet hoax (PGN) Bank robbery *wanted* poster based on image of wrong person (PGN) No Surfing on the Senate Floor (Edupage via R Spainhower) Yet Another Java Flaw-this time with MSIE? (Randy Holcomb) System malfunction implicated in need for death-penalty review (Webb Bryan) German Telekom's latest phone feature (Wilhelm Mueller) GPS: Exactly - and I do mean EXACTLY! where were you? (Sam Lepore) Y2K lawsuits begin (Jim Huggins) Airline travelers with duplicate names (Chuck Charlton) Re: Clean Sweep wasn't quite soon enough (Steve Branam) More on license forgeries (Mark Laubach via Dave Farber) Re: What to do about software patents (Dan Hicks) Re: Ctrl+Alt+Del (Dave Porter, Jered J Floyd, Bryan Costin, Roland Giersig) RISKS 19.30 15 August 1997 QuickTax 97 miscalculates self-assessment dues (Tim Sheen) Improve your site security over the Web: *not* (Aaron Binns via Gary McGraw) Deadly defaults in the Communicator 4.01 (Anup K. Ghosh) Privacy vs. criminals (Otto Stolz) Re: Bill would make software copying a felony (Keith Graham) Effects of an earlier power failure in Perth (Jeremy Ardley) Re: Plane crashes into power lines near Los Angeles (Henry G. Baker) Re: More on license forgeries (Mike Alexander) Re: Explosion causes Internet blackout in New England (Andy Struble) Earlier GPS synchronization problem (James M. Dodmead) Re: GSM pins you down (Jay R. Ashworth, Dag Oien, Bob Morrell) Risks of www.onsale.com? (Jim Baker) RISKS 19.31 19 August 1997 Quag-Mir: Mere-ly more challenges to overcome? (PGN) Mir-ed in Troubles (Fred Baube) e-mail spam equivalent to computer cracking? (Fred Gilham) A risk of not preventing spam relay (Dennis Glatting) Credit reports misdirected (Steven Bellovin) "Crack a Mac" server cracked (Martin Minow) SET risk (Jerome Svigals) Bell Canada: The Computer is Always Right (Steve Keppel-Jones) Machines make nuisance phonecalls (Lloyd Wood) Push technology in the office (Ken Burchill) Unusual computer system denial of service: water (Mark Forsyth) Czech Intelligence Computer Stolen (Pete Mellor) Unsolved Mysteries covers identity theft! (Denis Parslow) The Door Is Open! (Glen Roberts) Insurance company billing error (Paul Green) Re: Ctrl-Alt-Del (Li Gong, Morris Maynard) RISKS 19.32 20 August 1997 Channel Tunnel Closed (Boyd Roberts) "Neverlost"? Think again! (Martin Minow) Can Y2K problems be cured by executive fiat? (Matt Wartell) Re: SET risk (Phillip M. Hallam-Baker) Re: Plane crashes into power lines near Los Angeles (Bob Ratner) Re: Ctrl-Alt-Del and Wordmail (Jay R. Ashworth) Door entry has surprising failure modes (Nathan Sidwell) Unprovoked threatening spam from Samsung's Lawyers (Sean Matthews) Re: e-mail spam equivalent to computer cracking? (Martin Gleeson, George C. Kaplan, Mark) Re: A risk of not preventing spam relay (Keith Lynch, John Line) Re: No Surfing on the Senate Floor (Alan M. Hoffman, Doug Mitchell, Charles Tompkins, Dave Kristol) RISKS 19.33 22 August 1997 Public loo guilty of making nuisance calls (Nick Rothwell) Risks, Reliability, Regulation, and Infrastructures (Willis H. Ware) Communications lines, redundancy and diversity (Marion F. Moon) The risks of no long-term planning (David Mortman) Re: SET risks (Jacob Sterling) Re: Unprovoked threatening spam from Samsung's Lawyers (Sean Eric Fagan, Phillip M. Hallam-Baker) SPAM-L -- the SPAM Fighters' List (Pete Weiss) Mir problem corrections (Dennis Newkirk) Re: Risks of dummy addresses (Elizabeth Zwicky, Stephen Sprunk) Re: No Surfing on the Senate Floor (William B. Henry) RISKS 19.34 26 August 1997 AOL users hit by e-mail scam and Trojan horse URL (PGN) Network Solutions goof bumps NASDAQ off the Internet (Will Rodger) Computer malfunction floods Boulder garages and basements (S.J. Hutto) Carlos Salgado Jr. pleads guilty (PGN) Tobacco Deal Could Set Precedent for Would-be Net Censors (Edupage) Spelling checker not up on U.S. Marines (Julie Bird via Mike Linksvayer) Amazon.com countersues Barnes & Noble (Edupage) Florida to Automate Traffic Citations (Geoff Kuenning) Cockpit data wiped by RF interference? (Imran via Matt Clauson) The Auditor Might Notice Your Bad Data (Scot E. Wilcoxon) Netscape Communicator 4.02 and 4.01a allow disclosure of passwords (Andre L. Dos Santos) Mac/Unix security e-mail exchange (Martin Minow) Direct action to "sting" the junk e-mailers -- RISKy? (Max Stern) Re: USC 47:227 (Mich Kabay) Re: Software copying a felony (James L. Peterson) Re: Risks, Reliability, Regulation, Infrastructures (Henry G. Baker) Re: SET Risks (Jerome Svigals) Re: Stiction (Frank Hausman) A book on computers and the law by Curtis Karnow (PGN) "Trapped in the Net" by Gene I. Rochlin (Hans-Juergen Schneider) RISKS 19.35 29 August 1997 Prosecution for pager interceptions (Steven Bellovin) Spy phones trace cheating husbands -- and employees (Mathew) Book burning on the Web: AOL and columnist sued (Mark Rebuck) Federal Web Sites Lack Privacy Safeguards (Edupage) Hacking Risks, Paying for tracking you down (Robert J. Perillo) Tcl 8.0 Y2K Risk (Lloyd Wood) Photocopier codes (Marcus L. Rowland) Oracle web server on Unix and passwords (Dawn Myfanwy Cohen) Relying on systems maintenance taking place in another time zone (Olivier MJ Crepin-Leblond) Re: Spelling-checker risks (Dave Katz) Mangled characters in text ("ET") Re: SET Risks (Tony Lewis, Martin Poole) Intentional analysis, re: SET Risks (Charlie Lane) Re: USC 47:227 (Duane Thompson) Re: Public loo guilty of making nuisance calls (Aaron M. Renn) Re: Tobacco Deal Could Set Precedent for Would-be Net Censors (David T.S. Fraser) Risks of believing the obvious, though impossible (Sam Lepore, PGN, Sam) ICDCS-18 call for papers (Diego Latella) RISKS 19.36 3 September 1997 Korean Air Accident in Guam in retrospect (Peter B. Ladkin) Tamagotcha! (Mich Kabay) Autodialing retaliation (Tom Dowdy) Re: "semper fidelis" (Daniel P. B. Smith) Re: Hacking Risks, paying for tracking you down (Steven Bellovin) Re: USC 47:227 (John R. Levine, Keith Calvert Ivey) Re: SET Risks (Mark Baker) Re: Direct action to "sting" the junk e-mailers (Miranda Mowbray) Re: Cockpit data wiped by RF interference? (Ian Cargill, John Pettitt) Re: Solar storm warnings (Barry Margolin) Re: Risks of believing the obvious, though impossible (Mark Brader) Re: Tcl 8.0 Y2K Risk (Ethan L. Miller, Lloyd Wood, Jeff Anderson-Lee) RISKS 19.37 8 September 1997 !!! FBI wants to ban the Bible and smiley faces !!! (Ron Rivest) Nielsen snafu hurts cable network's ratings (George Mannes) SSA to Restore Online Web Service (Marc Rotenberg) Password unsecurity in cc:Mail release 8 (Carl Byington) Re: SOHO gives 1 hour advance warning to Solar storms (John W. Cobb) Runaways (Lindsay F. Marshall) Re: KAL801 and GPWS (John Kohl) Re: Cockpit data wiped by RF interference? (Chris Norloff) Java date range correction (Rodney Ryan) Re: Tcl 8.0 Y2K Risk (Carlie J. Coats, Jr., Bill Gunshannon) Re: Y2K and C (Harlan Rosenthal) Re: Tamagotcha! (Markus Aichholzer, Kenneth M. Sternberg, Doris Beers) @LARGE, by David H. Freedman and Charles C. Mann (PGN) RISKS 19.38 17 September 1997 Walking Away From the Medicare Computer Project (Edupage) Dyslexic Telephone Switch causes billing errors (Robert J. Perillo) Barranquilla airport smells a rat (Mich Kabay) GCCS Military Software fails Year 2000 Test (Paul Robinson) Leaked memo on Mondex hacks embarasses bank (Paul Gillingwater) Illinois being sued to keep information public (Anthony Stuckey) Hewlett-Packard glitch spews spam (Gary Grossoehme) New --faster-- Macs broke old code (John Paulson) Personal info gone astray (Ken Knowlton) GM car acceleration due to EMI (Don Rosenberg) Re: SOHO gives 1 hour advance warning to Solar storms (Bob Schuchman) Re: KAL801 and GPWS (Peter B. Ladkin) Re: FBI wants to ban the Bible ... (Merlyn Kline, Dick Mills, Matt Millar, Martin Gleeson) Re: @LARGE -- Spaf quote (Len Spyker) Java Date Problems (Howard Melman) Risks of bad assumptions: octal numbers (Matt Toschlog) Long is 4 bytes? Not any more... (Peter da Silva) Re: Y2K and C (Steve Sapovits) 1998 IEEE Symposium on Security and Privacy (Mike Reiter) RISKS 19.39 22 September 1997 Eagle (the President) and the Eagle Beagle: pager intercepts (David Wagner) MFS Communications switch fails, with widespread effects (Steven Bellovin) AT&T database glitch caused '800' phone service outage (Robert J. Perillo) SSN used in "killing" victim electronically (Mich Kabay) Falsified reports -- human behavior: an ultimate risk (Chiaki Ishikawa) UK: Mobile-phone radiation causes short-term memory loss (Mich Kabay) Microsoft, PBS team up on interactive Barney Show (Edupage) Re: MS, PBS, Evil Dummies and Hungry Dolls (Mich Kabay) Quicken Quagmire (Lauren Weinstein) Re: FBI wants to ban the Bible ... (Ellen Spertus, Xcott Craver, Kenneth Albanowski) Re: @LARGE -- Spaf quote (J Chapman Flack, Andy Sparrow) RISKS 19.40 1 October 1997 "Computer error" affects A-level results (Pete Mellor) Microsoft: Redefining a problem out of existence (Pete Mellor) AOL may introduce ads on private e-mail (Nick Rothwell) Health Care System, Manitoba (Mike Jeays) Re: EAGLE DEPART|ANDREWS (Daniel Lance Herrick) ATM Withdrawal? (Colin Perkel) Electronic Pearl Harbor: Risks of dubious infowar analogies (Eli Jackson) Possible breakthrough in NP-completeness (Jonathan Seth Hayward) No network, no demo (Martin Minow) Internet sting identifies 1,500 suspected child pornographers (Neil Youngman) 7-bit vs 8-bit incompatibilities (Martin Minow) Data aggregation -- a Risk (David Parkinson) Re: AT&T 800... (Peter Capek) Mad Bus Disease (Geert Jan van Oldenborgh) Re: FBI wants to ban the Bible ... (Daniel J. Theunissen, Paul Fenimore) C's data types; was: Re: Y2K and C (Vivek Sadananda Pai) Re: New --faster-- Macs broke old code (Randy Witlicki) RISKS 19.41 17 October 1997 New York air traffic slowed by Construction effluvia (PGN) Union Pacific rolling (?) stock (Daniel P. B. Smith) Indian satellite failure (Scott Lucero) Paris police computer spares Corsican motorists (Gianfranco Boggio-Togna) Another way to exploit local classes in Java (Andre L. Dos Santos) Risks of installing Internet Explorer 4.0 (Bryan O'Sullivan) Cold weather impairs fiber performance (Stig) Stink-Bombed Computers (Stuart L. Anderson) US West and 911: Silence Is OK (Scot E. Wilcoxon) The risks of license servers (Dan Wallach) Risk of not updating web pages (John Oliver) Re: Possible breakthrough in NP-completeness (Mark Stalzer, Michael A. Schatz via Gary McGraw) Microsoft euphemisms (Matt Welsh) Re: AOL may introduce ads on private e-mail (Matt Welsh) Re: FBI wants to ban the Bible: steganography (Brian Clapper) Re: FBI wants to ban the Bible: Linear A/B (Stephen Crane, Mike Williams) The Electronic Privacy Papers: A new book by Schneier/Banisar (Bruce Schneier) RISKS 19.42 24 October 1997 San Francisco blackout (PGN) Modern cars (Phil Scott via Adam Cobb and Paul Saffo) Screen saver dogs DoD's Common Operating Environment (John Long) The risk of "zero defects" (Peter Kaiser) When taking a guess isn't so smart (Dominic J. Hulewicz) Risks of Civic Virtue (Peter Wayner) Risks of debit cards for merchants (Benoit Lavigne) Re: Another way to exploit local classes in Java (Li Gong) Re: Internet sting identifies 1,500 suspected child pornographers (Mike Perry) Re: Paris police computer spares Corsican motorists (Clive D.W. Feather) 911 silence similar to former Lexus problem (Ari Rapkin) Costs and benefits of war-dialing (Mich Kabay) Problems with ACM e-mail forwarding service (David Sedlock) Re: IE4, Netscape, and font anti-aliasing (Bryan O'Sullivan) NCSA CyberRisk 97 Conference (Mich Kabay) RISKS 19.43 29 October 1997 RC5-56 cracked (David McNett) Stansfield Turner's new book includes near-war risk (PGN) Stock market roller coasters (PGN) Bug costs US$3.8 million (David Kennedy) US DoD Break-in Statistic (David Kennedy) Victim Ordered to Surrender Computer and Passwords (David Kennedy) More on California's deadbeat dads' database (PGN) More on Union Pacific congestion (PGN) Security flaw in Rogers Cable's "Wave" (Hendrik) Gerber net hoax (David Kennedy) Smart VCRs & daylight savings time (Josef K) Daylight savings brings down ATM network (Laszlo Herczeg) Risks of daylight savings (Jim Griffith) Windows 95 & daylight savings time (Dale K. Brearcliffe) NT Screen Savers Considered Dangerous Also (Bill Elswick) Re: Modern cars (Stefan Lindstrom) RISKS predicted the San Francisco blackout! (Ken Hayman) CFP Computer Security Foundations Workshop CSFW11 (Simon Foley) RISKS 19.44 1 November 1997 AOL strikes again! (PGN) Pac*Bell Internet cites sabotage for blockade Another computer-miscontrolled jail (Scot Wilcoxon) Web sites open companies to computer fraud risk (Stevan Milunovic) Girl dies after storm cuts power (Matt Welsh) Stock-market overloads (Steve Bellovin) Re: NY Stock Exchange system "glitches" this week (Frank Carey) Re: NASDAQ (N Bender) Rat Dog column reports new web/e-mail scam (Barry L Gingrich) Re: End of daylight-saving time (Andy Marchant-Shapiro) Internet Besieged, edited by Denning and Denning (PGN) RISKS 19.45 11 November 1997 The "au pair" murder case and the Internet (Steve Bellovin, Thomas Dzubin) Law enforcement databases and the Internet (Steve Bellovin) AOL out again on Monday (Ed Fischer) Hijacked surfers get credits and refunds (Stevan Milunovic) New Pentium flaw (Chuck Weinstock, Torsten Hilbrich, Steven O. Siegfried) Recent Pentium opcode bug like Monoclonal Agriculture (Cary B. O'Brien) Phone company lets anyone change lines (Ray Todd Stevens) The RISKS of the multi-functional chipcard (Geert Jan van Oldenborgh) Technology and Privacy: The New Landscape, Agre and Rotenberg, eds. (PGN) RISKS 19.46 17 November 1997 Aviation: COTS ist zum Kotzen? Part I (Peter B. Ladkin) College web surveys hazardous to your server's health (Adam Elman) Thanksgiving in Microsoft Outlook 97: check your calendar (Martin Minow) Hackers break into Macedonian Foreign Ministry phones (Steven Slatem) First Y2K spam (Lloyd Wood) Fake flowers cost $19K: Nowak de-flowered? (Bear R Giles) Identity problem: Jim != James (Michael Zehr) Internet Explorer 4 buffer-overflow security bug fixed (Stevan Milunovic) Synergy between IE4 bug and Intel flaw (Per Hammer via Jonathan Levine) Fix for the new Pentium flaw (PGN) Workaround for the new Pentium flaw (John R Levine) Re: New Pentium flaw (Fred Gilham, Nicholas C. Weaver, Marco S Hyman, Steven O Siegfried, Jon Strayer, Pekka Pietik{inen, someguy) Netscape security curiosity (Jeff DelPapa) USENIX Security Symposium (Cynthia Deno) RISKS 19.47 26 November 1997 California's Deadbeat Dads Database (PGN) Forbes blames sabotage on hacker (Stevan Milunovic) With autopilots, who needs a dog to keep an eye on the pilot? (Robert Dorsett) Hacking cost businesses $800 million worldwide (Stevan Milunovic) Encryption of electronic mail in the European Community (Mike Ellims) Y2K and canned-goods expiration dates (Fernando Pereira) Ottawa firm registers "Y2K" as trademark (Yves Bellefeuille) Perils of grammar checkers (Azeem Azhar) Re: Major security flaw in CyberCash 2.1.2 (Steve Crocker) Another AOL meltdown (Ed Fischer) Problems with AOL (Simson L. Garfinkel) Risks of changed URLs (Arthur Flatau) Risks of blind acceptance (David Lesher) Re: Outlook for Thanksgiving (Guy J Sherr, Chris Adams) "Halting the Hacker" by Pipkin (Rob Slade) Re: Workaround for the new Pentium flaw (Roland Roberts) Pentium halting -- who needs DEBUG? (David G. Bell) Re: New Pentium flaw (Leonard Erickson, Robert Stanley, Nick Rothwell) Re: Pentium Fix? (Pekka Pietik{inen) RISKS 19.48 5 December 1997 Risks in a public database (David Lesher) Risks of bundling in Microsoft Internet Explorer (Bear Giles) Point-of-sale data diddling in Quebec (Mich Kabay) Lufthansa combats mobile phone Risk (Jim Griffith) GSM hack -- operator flunks the challenge (Ross Anderson) Bug threatens Net software: land.c (Stevan Milunovic) Kuji Walks (David Kennedy) Date-based random numbers and Y2K (Alan Hamilton) Re: Y2K and canned-goods expiration dates (Mark Brader) Ontario removes privacy controls on education (David Collier-Brown) Re: SET security (Jerome Svigals) nando.net shut down by custodian (Jitendra Padhye) Damage from powerline surges (David R Brooks) Web cache risks (Bjorn Borud) Perils of grammar checkers redux (Azeem Azhar) URL for paper on European encryption policy (Mike Ellims) RISKS 19.49 9 December 1997 What really happened on Mars Rover Pathfinder (Mike Jones) Potential software nightmare for International Space Station (Philip N. Gross) Mail from Microsoft Network Rejected by America Online (Edupage) Beware of HTML Mail (Tom Brazil, Navindra Umanee) Microsoft, CNET, BUGTRAQ and the 'land' attack (Geoffrey King) The ATM Debit Card Switcheroo (Lauren Weinstein) Reminder on Privacy Digests RISKS