precendence: bulk Subject: Risks Digest 20.00 (99), Volume 20 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest 13 August 2000 Volume 20 : Issue 00 (99) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 20 (1 October 1998 to 31 July 2000) (NOTE: This summary is archived in ftp file risks-20.00 at ftp.sri.com, cd risks, and is also at http://catless.ncl.ac.uk/Risks/20.00.html.) ---------------------------------------------------------------------- Date: 13 Dec 1999 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 19" for volume 19] http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. http://the.wiretapped.net/security/textfiles/risks-digest/ . ==> PostScript copy of PGN's comprehensive historical summary of one liners: illustrative.PS at ftp.sri.com/risks . ------------------------------ Subject: SUMMARY OF RISKS VOLUME 20 (1 October 1998 to 31 July 2000) (archived in ftp file risks-20.00) RISKS 20.01 Thursday 1 October 1998 Computer collapse wipes out British Social Security records (PGN) Calling All Traffic Lights in Dublin! (Fiachra O Marcaigh) Y2K "fix" causes Dublin traffic jams (Mich Kabay) Natural gas plant explosion in Victoria, Australia (Martin Gleeson) Malaise in Malaysia hits satellite uplink (Mich Kabay) Bank of Montreal card functions paralyzed by bug (Mark Brader) Bad power strip knocks out Net service (Andrew Brandt) "Cyberdeath' raises privacy issue (Scott Peterson) How to bypass those pesky firewalls (Mark Jackson) Hacking, Irish-Style (Fiachra O Marcaigh) Re: X-rated net suit (Rishiyur S. Nikhil) Re: Sexy risks of searching for MP3 (John Mee, Don Byrd) Y2K risk in Netscape cookies (J Seymour) Re: "Windows NT Security" (Russ Cooper, Joe Thompson) Enquiry re: problems at universities (Pete Mellor) REVIEW: "Decrypted Secrets", F. L. Bauer (Rob Slade) RISKS 20.02 Saturday 3 October 1998 Risks of Upgrades: Florida fingerprint system (Charles P Schultz) Bank error delays 50,000 Ontario social assistance payments (Mark Brader) More --possibly unpublished-- banking/credit card failures (Luc Bauwens) Attack on blood databases was simulated (Dorothy Denning) JavaScript Flaw in Netscape (Edupage) Not all outages are bugs: taxi credit (George Michaelson) Y2K police planning (Alex Klaus) Re: Win NT C2 Certification (pchallin) Education and other undesirable numbers (David Collier-Brown) Less sinister reason for Disney link in porn site (Andrew Klossner) Re: Sexy risks of searching for MP3 (Michael Smith) Re: Y2K risk in Netscape cookies (Jay Ball) Re: How to bypass those pesky firewalls (Brad Ackerman, Phillip C. Reed, Chris DeLashmutt) Information Security Educators Mailing List (Fred Cohen) RISKS 20.03 Tuesday 13 October 1998 Computerized gas-pump cheat (Conrad Heiney) Trojan Horse infests 15,000 Internet chat users (Monty Solomon) Computer glitch trips up Dow Jones industrial average (Cliff Sojourner) IE4 and its "magical" features (Chenxi Wang) Unreliable reception of e-mailed WP documents (Daniel P. B. Smith) Microsoft web site denies access based upon Windows regional settings (Eric Ulevik) Risks of installing Microsoft's Media Player (Wade Ripkowski via James Love) Insidious SQL interpreter bug messes up files (David Tonhofer) Netscape Netcenter password hint (Dan Pritts) Radio clock blows daylight savings (Ian Macky) The risks of "keep it simple" [Martin D Kealey) Finland: Fraud with copied banking cards (Kimmo Ketolainen) Offensive information warfare deemed offensive? (PGN) Hackers stay a step ahead of China's cyber-police (PGN) LA 911 outage...backup worked! (Thomas Maufer) Some good Y2K news: whisky will be on tap for Hogmanay 1999 (Declan McCullagh) Military preparations to mobilize for Y2K (Declan McCullagh) Void where prohibited by date (Rob Slade) RISKS 20.04 Wednesday 21 October 1998 The risks of elbows on the French futures exchange (Steve Bellovin) Electromagnetic interference on defense systems (PGN) Wrong result in German Bundestag elections due to FAX machine (Harald Kucharek) Emissions software glitch fails hundreds of older cars in Atlanta (J Quinby) Another wild bank saga, from England (PGN) AOL bytes the dest (PGN) SRI voice-mail woes (PGN) Re: Risks of installing Microsoft's Media Player (Michael F. Hogsett) Software dictates names (Ruth Milner) REVIEW: "Personal Encryption Clearly Explained", Pete Loshin (Rob Slade) Dependable Computing for Critical Applications: CFP (Chuck Weinstock) RISKS 20.05 Friday 6 November 1998 Labor has premature delivery (R Romine) ABC News posts election results before the election! (Martin Minow) Salt Lake ATC center radar blackout affects 200 planes (Richard Schroeppel) AT&T Loses over 400 T3s (Sean_Sosik-Hamor) NYSE stock market crash -- well, the other kind! (Declan McCullagh) Microsoft execs worry about free software movement (Edupage) Microsoft and the Halloween Documents (PGN) Computer keeps 100 pounds per week from pensioners (Peter Leeson) Stores' shoplifting gates can set off pacemakers, defibrillator (Keith Rhodes) Swedish train-ticket reservation system down (Ulf Lindqvist) SAS airline timetables: Internet 1, Hardcopy 0 (Martin Minow) New Swedish law makes most of the Internet illegal (Jacob Palme) Stanford e-mail system passwords stolen (Monty Solomon) Rats take a byte out of Ugandan exam computers (ejm) Grave error! (Dave Stringer-Calvert) Re: SRI voice-mail woes (Peter Kaiser) Re: Another wild bank saga (PGN) Jon Postel (PGN) REVIEW: "Democracy and Technology", Richard E. Sclove (Rob Slade) REVIEW: "Windows NT Server 4 Security Handbook", Hadfield/Hatter/Bixler (Rob Slade) Promoting Formal Methods (Dilia E. Rodriguez) FMICS4 1st CFP (Diego Latella) SAFECOMP 99 - CFP (Pasquini) RISKS 20.06 Thursday 12 October 1998 Risk Management is Where the Money Is (Dan Geer) RISKS 20.07 Saturday 14 November 1998 Lovesick cod overload submarine sonar equipment (Christoph Conrad) O'Hare's radar malfunctioning (Doneel Edelson) Dallas-FortWorth ARTS air-traffic control upgrade backed out (PGN) NASAA spam investors by mistake (Mich Kabay) Interference risks on cruise missiles (Gordon Lennox) Talking elevator with off-by-one error? (George Michaelson) 3Com Security Advisory: We built in back doors, so you're at risk! (John Gilmore) Re: Unreliable reception of e-mailed WP documents (Garth Anderson) Re: LA 911 Outage (John Sheckler) Business jet trips/privacy (Daniel P.B. Smith) Corrections on recent issues (PGN) GPS internal clock problem (Bob Nicholson) Dumbing down English speech (Bertrand Meyer) REVIEW: "Cyberspace and the Law", Edward A. Cavazos/Gavino Morin (Rob Slade) REVIEW: "E-Commerce Security", Anup K. Ghosh (Rob Slade) System Safety Society Conference -- Call for Papers (Dixon Jack) RISKS 20.08 Sunday 15 November 1998 Sweden recommends banning mobile telephones on ships (Heinrich Hetzel via Robert Hettinga) *Very* hairy bug in Excel 4.0 and Excel 98... (Lindsay Marshall) Identity theft defeated by victim's wife (Jim Griffith) Electronic Commerce: The Future of Fraud (Bruce Schneier) Password capturing (Bill Carton) REVIEW: "Virus Alert of the Day", virus-alert@optimator.win.net (Rob Slade) REVIEW: "VirusHelp", Henri Delger (Rob Slade) RISKS 20.09 Friday 27 November 1998 German stock exchange bond futures goof (Chris Brand) Palo Alto 911 system crash (PGN) Security risks delay online registration system (Chenxi Wang) Internet speech is "on the record" (Martin Minow) Organized mail theft in Seattle (Jon Becker) Risks of being ostentatious when embezzling (Mich Kabay) New Zealand: Pledge on destroyed net sites (Mich Kabay) Frames security hole (Lindsay Marshall) Internet Explorer 4.01 Son of Curatango cut-and-paste flaw (PGN) 100-year-old woman "too old to vote" (Michael Zastre) Naming Swedish Names on the Internet (Martin Minow) REVIEW: "Cryptography and Network Security", William Stallings (Rob Slade) REVIEW: "Java Cryptography", Jonathan Knudsen (Rob Slade) DCCA-7 preliminary program (Mike Reiter) RISKS 20.10 Thursday 3 December 1998 Dulles radar fails for half-hour (Doneel Edelson) Pilots: Runway crossings a safety hazard (Doneel Edelson) DoD falsified Y2K data but has "good feeling" about future (Edupage) Virginia library removes software filters (Edupage) How the rest of the world views Americans (Declan McCullagh) False 911 calls traced to spliced cabling (Bryan O'Sullivan) Immigration process on hold due to fingerprint data format (Deepak N) Interesting bug in SecurID software (Drew Dean) V-Mail -- or Virus Mail? (Jason Stokes) PalmPilots voiding car locks in Europe (Brig C. McCoy) Sony infrared controllers lock up certain Macintosh systems (Fred Condo) IR-outfitted Macs and Sony remote controls (T Byfield) Paranoia or Parannoyance? (Al Christians) Y2K inflation risk (Marion Moon) Risks of Internet keywords (Erann Gat) Re: Internet speech is "on the record" (Silas S. Brown, Scott E. Preece) Re: 100-year-old woman "too old to vote" (Bob Heuman) Re: REVIEW: "Java Cryptography", Jonathan Knudsen (Fred Long) FEmSys99: Call for Participation/Program (Axel Poigne) RISKS 20.11 Tuesday 8 December 1998 San Francisco power outage delays this issue (PGN) How a FUSE caused a hospital to disconnect from the Power Grid (Joan L. Grove Brewer) FAA investigating near-collision of passenger jets off Long Island (Richard Schroeppel) Y2K panic could be as disruptive as computer problems (Declan McCullagh) NRC ERDS TMI risk? (Lloyd Wood) MS Outlook's calendar shifts with time zone (Greg Marriott) Shanghai entrepreneur tried in China (Edupage) Typo causes wild stock fluctuations for wrong company (Lee Somerman) Wassenaar Arrangement signed (Seth David Schoen) "A very interesting development": export exemptions for free software (Seth David Schoen) Electronic Vote Rigging? Shurely shome mishtake... (Malcolm Pack) Spamming to Spy (Dick Mills) Re: Dulles radar fails for half-hour (Steve Peterson) Re: the Internet has {no|perfect} memory (Mike Perry) A risk --or at least a highly undesirable use-- of JavaScript (Joe Thompson) Faulty failure modes (Mike Ellims) Re: Root login on SecureID server (Jay R. Ashworth) Author response to Slade review of Democracy & Technology (Richard Sclove) RISKS 20.12 Wednesday 9 December 1998 San Francisco power outage and Y2K (Cathy Horiuchi) Air-traffic control comments (Paul Cox) TCAS stories - 1 good, 1 bad (David Wittenberg) Security risks of laptops in airline cockpits (Jim Wolper) NW Frequent Flyer Miles subject to fraud (Sandy Antunes in PRIVACY Forum) Another monster water bill (Brian Clapper) Trusting non-redundant info about your RAID system (G.J. Dekker) Export exemptions (Padgett Peterson) Re: MS Outlook's calendar shifts with time zone (Stuart Lamble, Clive D.W. Feather) Re: Spamming to Spy (Kevin Connolly) Re: A risk ... of JavaScript (Steven M. Bellovin, Mathew) Interesting effect of PG&E power outage (Greg Marriott) RISKS 20.13 Thursday 24 December 1998 Near-miss at LaGuardia Airport, NYC (Dave Weingart) Runaway train on Capitol Hill (Thomas A. Russ) Another fibre-optic cable cut (Bob Blanchard) British Government admits Y2K missile problem (Phil Pennock) 2,000 Texans get false overdraft notes in Y2K test (Bill Bauriedel) Wassenaar Agreement exempts 'public domain' software (Martin Hamilton) Other infrared security crocks (Paul Wexelblat) Re: PalmPilots voiding car locks in Europe (Philip Koopman) E-LIFE'S RISKS? I.R.S. E-FILE! (Andrew Greene) Should pilots trust TCAS? (Andres Zellweger) Airlines databases lock in increases better then refunds (Peter) Re: Frequent Flyer miles accessible (Peter) Y2K expansion (Jerry Leichter) Intelligent virus invades NT servers (Edupage Editors) Unexpected date behavior in Windows 95 (Daniel Weber) Microsoft Trojan Horse (Frank Markus) Quark XPress, hates Unix scripts! (Ben Sherman) Password hint risks (Alexander V. Konstantinou) Risks in incorrect warnings and alerts (Flint Pellett) CFP: 1999 National Information Systems Security Conference (Ed Borodkin) RISKS 20.14 Sunday 3 January 1999 Car computer directs couple into river (PGN) Swedish passport system struck by 99 (Ulf Lindqvist) Swedish Giroguide also hit by 99 (Martin Minow) Excel bug (Tom Rowe) Chinese sentence hackers to death (John Knight) Student can criticize school on web site, judge says (Declan McCullagh) Hackers have fun with Furby (Robert Raisch via Dave Farber) Now you see it, now you don't (Jerry Leichter) Y1999: Risk of re-using data fields for error signaling (Daniel A. Graifer) 99-Year retrospective health insurance - or Y2K problem (Fraser McHarg) San Francisco power outage and the risks of signs (Eric Leif) Page-layout program hazards (Jordin Kare) Some new things to try at all.net (Fred Cohen) RISKS 20.15 Sunday 10 January 1999 UAL clock wraparound (John Rushby) Risks of old documentation (Richard C. Wolber) Cell-phone surprise (Craig DeForest) Excel CALL function (Padgett Peterson) Phone service outage when computers stolen (Peter Kaiser) Y2K hits Singapore and Swedish taxi meters (Keith A Rhodes) The Windows April Fools 2001 Bug (from Richard Smith via Lloyd Wood) Editors also mitigate page-layout program hazards (Glen Turner) Re: Now you see it, now you don't (Jerry Leichter, Mike Williams) Call for Proposals - CFP99 (Marc Rotenberg) RISKS 20.16 Friday 15 January 1999 Another premature data release (PGN) NSA says Furby is a national security risk (Bruce Martin) Man crashes car as 50 pagers ring simultaneously (Geoffrey Leeming) 16-yr-old Irish girl's crypto system (PGN) Over-reliance on technology (Pat Place) The risks of a first failure (Bertrand Meyer) If at first you don't succeed, breaking-in's no crime in Norway (Edupage) Viruses and Rocket Science (Henry Spencer via Tom Evans) Smurf denial-of-service attack on OZEMAIL (Mich Kabay) Y2K in Swiss hospitals (Debora Weber-Wulff) 1 Apr 2001 flaw in Windows (PGN) Quicken 1999 bug (James S. Vera) A good Y2K bug (Lenny Foner) Utilities and Y2K: not to worry (Ken Knowlton) Y2K testing tools (Craig Raskin) Java Security (Gary McGraw) REVIEW: "Maximum Security", Anonymous (Rob Slade) REVIEW: "Year 2000 in a Nutshell", Norman Shakespeare (Rob Slade) RISKS 20.17 Weds 20 January 1999 Remarkable French announcement on crypto policy (Enzo Michelangeli and John Young via Steve Bellovin from cryptography newsgroup) Deep Crack cracks RSA's DES challenge in less than one day (PGN) The RISKS of Web links (Daniel R. Tobias) Virginia online sex offender database (Joe Thompson) China solves the Millennium bug (Pete Mellor) Computer crash blew up radio listener's request messages (Kenji Rikitake) REVIEW: "Stopping Spam", Alan Schwartz/Simson Garfinkel (Rob Slade) RISKS 20.18 Friday 29 January 1999 "When Doctors Make Mistakes" (Matt Blaze) Celler beware? Cell-phone blockade (Sheri Alpert) Distributed.Net & EFF Put Final Nail in DES Coffin (John Gilmore) Trojan horse planted in TCP wrapper (PGN) Internet vandals strike USIA Web site (Edupage) Digital photos from drivers' licenses (Dan Gould) Linux users want their money back from Microsoft (Edupage) Y2K update turns city into deadbeat (Debora Weber-Wulff) Programming errors (Fred Gilham) Re: ... French announcement on crypto policy (Olivier MJ Crepin-Leblond) Re: "Page-layout program hazards" & "Over-reliance on technology" (Don Byrd) Hotmail Web e-mail risk (Daniel P. Stasinski via others) Major security breach in Canadian consumer-tracking database (Wei-Yuen Tan) USENIX Security Symposium Call; Papers due March 9 (Jennifer Radtke) REVIEW: "Bad Software", Cem Kaner/David Pels (Rob Slade) RISKS 20.19 Monday 1 February 1999 Complete ATC power failure in the U.S. Northwest (Paul Cox) NYC 911 crash (David Lesher) New attack on PGP keys with a Word Macro (Fred Cohen) Intel's Pentium III Processor ID (Bruce Schneier) Risks of successful security software (Nick Brown) About the most bizarre Microsoft message yet (Fred Cohen) Risks of using Windows95 as an embedded system (Steven J. Greenwald) Government computer withholds benefit from British widows (Pete Mellor) Re: not a Hotmail Web e-mail risk (John R Levine) REVIEW: "The Transparent Society", David Brin (Rob Slade) CFP: New Security Paradigms Workshop 1999 (Mary Ellen Zurko) SEPG '99: 11th Software Engineering Process Group Conference (Carol Biesecker) RISKS 20.20 Wednesday 10 January 1999 Spanish bank buy lots of shares because of Euro problems (David Mediavilla) E-Trade computers crash again -- and again (Edupage) Copier quota exceeded (Philip Koopman) Risks of Furbies: NSA was right! (Pete Mellor) State of the states in Y2K readiness (Edupage) The NT Blue Screen of Death (Bruce Wampler) The risks of "standard" software? (Rob Slade) You are still in France (Adam Shostack) It gets weirder every day... (Fred Cohen) The risks of shopping at Amazon (Ross Anderson) Re: Risks of successful security software (Pete Mellor) Re: Government computer withholds benefits ... (Pete Mellor) FMICS4 call for papers (Diego Latella) REVIEW: "Mercury Rising", Douglas Pearson Ryne (Rob Slade) RISKS 20.21 Friday 12 February 1999 Memo on Y2K (via Dave Stringer-Calvert) Y2K "fix" dates traffic offenses to 2097 (Christopher Neufeld) Computer fraud as another kind of Y2K risk? (Bruce Martin) Judge moves to ban sale of self-help legal software in Texas (Doneel Edelson) Risks of using power wiring for data traffic (Dan Pritts) Hacking Web/FTP Servers (Ian Cargill) CERT Advisory CA-99.03 - FTP-Buffer-Overflows (CERT) Dangers of being the lowest price (Eytan Adar) "Secure" fax (Steve Bellovin) Our New Time Machine (Michael F. Hogsett) Re: The NT Blue Screen of Death (Michael F. Hogsett) Re: The risks of "standard" software? (Michael F. Hogsett) Re: Programming Errors (Thomas J Gilg) REVIEW: "Fighting Computer Crime", Donn B. Parker (Rob Slade) REVIEW: "Intrusion Detection", Terry Escamilla (Rob Slade) SEPG `99 - 11th Software Engineering Process Group (SEPG) Conference (Carol Biesecker) RISKS 20.22 Saturday 20 February 1999 Process-table attack (Simson L. Garfinkel) Store Baelt Bridge not Y2K safe (Debora Weber-Wulff) More risks of "training" on live systems (Dave Stringer-Calvert) A franglais booboo (Vicky Larmour) Cellphone risks in flight again? (Chuck Weinstock) Re: "Page-layout program hazards" and... (Mark Brader) Re: Programming Errors (Thomas J Gilg) The risks of on-off switches? (Elliott Potter) Re: Hacking Web/FTP Servers (Andy Goldstein, Rob Slade, Nigel Rantor) Re: Computer fraud as another kind of Y2K risk? (Chuck Karish, Dorothy Denning, Win Treese) 8th USENIX Security Symposium: papers due March 9 (Jennifer Radtke) RISKS 20.23 Monday 1 March 1999 Intruders commandeer UK military satellite (PGN) Software snafu slowed key data during Iraq raid (Paul Walczak) Schwab Squab Swabbed (PGN) Errant police computer wakes hundreds of Texans (Keith A Rhodes) Mobile phones cause memory loss (Martin Minow) Doctors to perform surgery over next-generation Internet (Keith A Rhodes) Digital broadcasting could hit cardiac monitoring gear (Andrew Robert Mitchell) Computer system results in errors in patient medical records (Doneel Edelson) Pentium III serial number is soft-switchable after all (PGN) Limiting liability for Y2K breakdowns (Edupage) CIA predicts serious Y2K problems around the globe (Keith A Rhodes) Y2K Test Fine Test Data Causes Problem (Barry Frankel via Dave Farber) Self-inflicted single point of failure (Malcolm Pack) Rhode Islander sentenced for hacking (PGN) Profiling (Andrew Koenig) Re: Store Baelt Bridge not Y2K safe (Mark Brader, Chris Bagge) Computers, Freedom, and Privacy, 6-8 April 1999, Washington, DC (Dave Banisar) IEEE Security and Privacy Symposium, 9-12 May 1999 (Jon Millen) USENIX Workshop on Smartcard Technology, 10-11 May 1999 (Jennifer Radtke) '99 USENIX Technical Conference, 6-11 June, Monterey CA (Jennifer Radtke) FastAbstracts at FTCS29, 15-18 Jun 1999 (Chuck Weinstock) RISKS 20.24 Thursday 11 March 1999 Risks of testing a nuclear power plant for Y2K compliance (Robert Brill) ATC Equipment test almost causes landing collision in Australia (Pat Dirks) win9x instability? (Norman Choe) Outlook Express Date: parsing (Kenneth C. Dyke) Fonte des neiges (Bertrand Meyer) Risks of voice-recognition software (Chris Leeson) Rogue spelling checker at work (Andrew Koenig) Glitch opens jail cell doors (David Kennedy) Super Hornet (PGN) Italian hospitalized for hallucinations after Net surfing spree (Lloyd Wood) Damning critique of WIPO Internet domain name proposal (Lance J. Hoffman) Bringing Y2K fears to a new high -- or low (Michael P. Gerlek) Regular break-ins at the Pentagon? (Martin Ward) Re: Remote surgery (Declan O'Kane) More on-line trauma (JJSantos) Re: Lack of Anonymity in Microsoft Word (Yvo Desmedt) Re: Write-protectable hard-drives (Richard Schroeppel) Networking'99--NetAdmins & SysAdmins Share Solutions (enotify) Workshop on Countering Cyber-Terrorism (Clifford Neuman) PDPTA'99 on Fault Tolerance and Reconfiguration in Distributed Systems (Pradip Srimani) FMICS4 (Diego Latella) RISKS 20.25 Saturday 20 March 1999 Risks of upgrades involving e-mail (PGN) Satellite outage cuts news service (Edelson Doneel) Great moments in e-mail history (Lloyd Wood) Power outage leaves hospitals in the dark (Dave Weingart) 3 patients die when Russian hospital omits utility payments (Keith A Rhodes) Erasable "cash" (Alpha Lau) Windows Registration Wizard may violate European Privacy Laws (Martin Minow) MS Word98 privacy issues (Chiaki Ishikawa) Y2K is the least of it (Bob Frankston) Sri Lankan Banks to close on 31 Dec 1999 for Y2K tests (Matthew Todd) Coming to terms with "bytes" (Edupage) Signs of the times (Stuart Lynne) Treating names as abbreviations (Nick Atty) Banks warn public about Y2K scam (Elliot Silver) H-1 California DOL system crash! Help! (Anthony Nudelman via Jason Steffler) Re: As we approach April Fool's Day ... (Jonathan de Boyne Pollard) They threatened, and apparently they have followed through ... (Fred Cohen) REVIEW: "Time Based Security", Winn Schwartau, 1999 (Rob Slade) CFP: ISOC Year 2000 Network & Distr. System Security (David M. Balenson) RISKS 20.26 Thursday 1 April 1999 The Y9Z Problem (Mark Thorson) Yet another Y2K debacle (Jon Loux) Vatican announces all computer systems ready for new millennium (Matthew Todd) Y10K opportunity (Matthew Todd) Torvalds, SlashDot, and Stallman (Martin Minow) Melissa and RISKS (PGN) Melissa macro virus (Rob Slade) Melissa and monoculture (Nick Leverton) Melissa and GUIDs (Ronan Waide) Melissa + meme = future disaster (Bear Giles) RISKS 20.27 Thursday 1 April 1999 RFC2550 - Y10K and Beyond RISKS 20.28 Thursday 1 April 1999 Professor wants Y2K jokes banned on the Net (Edupage Editors) Daylight Savings Time cutover (Dave Stringer-Calvert) Y2K: Help for the Weary Programmer (Martin Minow) IE5 Risk (Lorne Beaton) The old Ethernet traffic jam in new form (Rob Slade) More e-mail risks (Silas S. Brown) Human input error on year causes $49-million error (Frank Carey) Baby death due to software-controlled air bag deactivation? (Stefan Leue) Hyperlinks, free accounts, and fraud (Mike Bell) Melissa beyond denials of service (David Lesher) Melissa macro virus author tracking (Joe Thompson) Y2K alert! (Rebecca Mercuri) Apple Y2K (Dave Stringer-Calvert) Re: Bringing Y2K fears to a new high -- or low (Gillian Richards) Re: Great moments in e-mail history? (Jerome H Saltzer, Tom Van Vleck, Jerome H Saltzer) Laughter causes loop with voice-recognition software (Don Mackie) Unusable backup power (Tim Kuehn) "kibibyte" is still ambiguous (D.V. Henkel-Wallace) Announcement - The Software Engineering Symposium '99 (Carol Biesecker) RISKS 20.29 Friday 2 April 1999 Attack of the Tuxissa Virus (Anonymous) Computer crash creates nonpersons in Zurich (Bruce Walker) tcpd warning (Kragen Sitaker) Saving files on shared computers (Bertrand Meyer) Self-opening car windows ... (Jeremy Folkes) Swedish telephone outage (Danny Kohn) Electricity over Internet (Lionel Cons) In the summertime, when your VCR screws up (Michael Bacon) Brain-dead PacBell automated payment promise system (Michael D. Crawford) Re: Unusable backup power (Terry Harris) Origins of PC / Mac Virus Vulnerability (Mich Kabay) Re: More e-mail risks (Michael H Buselli) Re: Apple Y2K (Art Delano) REVIEW: "Information Warfare and Security", Dorothy Denning (Rob Slade) RISKS 20.30 Friday 16 April 1999 Fake web page cause 20% stock surge and then retreat (Avi Rubin) Glitch causes 4 billion euro overdraft (Monty Solomon) Raytheon probes e-mail moles (Keith A Rhodes) Security is still a human problem (Jeremy Epstein) Y10K: not just for April Fools (Tom Swiss) The Risk of 1 Apr (David Frank) RISKS April Foolery, Melissa, security, and frequencies of RISKS (PGN) GPS setup error affects dredging in California (W.T. Shymanski) Potential RADHAZ (Paul Walczak) Space character in number causes silent Excel miscalculation (Ben Bederson) Security Hole in Java 2 (Gary McGraw) Re: Vancouver Hospital (Doneel Edelson) Microsoft reschedules Memorial Day (Benjamin B. Bederson) Risk of not backing up PGP Key Ring files (Herman D. Knoble) Responses to Melissa (Chuck Karish) Risks of "Melissa passed this way" (Charles Arthur) Melissa and poor security model of Word Macros (Scott M Keir) Mainframe virus (Henry Schaffer) Millennialism in the Western Hemisphere (Richard Landes) RISKS 20.31 Sunday 18 April 1999 BART ghost train snarls morning commute (PGN) EMI from USS Carl Vinson opens garage doors in Hobart (Norbert Thumb) ASerbic cyberattacks and counterattacks (PGN) Fake ATM front panel copies cards and PINs (Ulf Lindqvist) Overzealous applications (Ian Cargill) Outlook '98 not Y4.501K Compatible (Eric Zago) favicon.ico (Robert David Graham) Leap year 2000 and C (Mark Brader) Risks of April foolery (Pete Mellor) GUIDs and Melissa (Robert David Graham) Phone company says keep your PIN on your calling card (David Graf) Re: Mainframe viruses (Julian Thomas) E-mail and communications history (Dennis Ritchie) REVIEW: "Hacker Proof", Lars Klander (Rob Slade) RISKS 20.32 Tuesday 20 April 1999 Airbus Autopilot Failure? (Chuck Weinstock) Another old-fashioned bug comes back to byte (Jeremy Epstein) Risks of running a PKI (Steve Bellovin) New paper on Simulating Cyber Attacks, Defenses, and Consequences (Fred Cohen) Re: Ghost trains (Peter Campbell Smith) Re: GUIDs and Melissa (David M. Chess, JDean, Nick Brown, Russ Cooper) Re: Mainframe viruses (David M. Chess, Otto Stolz) Re: Microsoft reschedules Memorial Day (Bernard Sufrin) Re: Overzealous applications (Mark Brader) Re: Overzealous criticism (Peter da Silva) Calendar problem with old Calvin and Hobbes comics strips (Michael Cook) AT&T PINs (e) Ameritech calling card ready to use! (Nathan Brindle) High-Integrity System Specification and Design book (Jonathan Bowen) RISKS 20.33 Saturday 24 April 1999 Expert warns of safety glitch in shopping carts (Keith A Rhodes) The CIH virus will strike Monday, April 26! (Satomi Hamamoto) eBayla virus (Jeff E. Kinzli via Dave Farber) Use a cable modem, go to jail (Lenny Foner) Risks of over-helpful software (Jim Horning) More on running a PKI (Steven M. Bellovin) CompuServe responds to password-solicitation fraud (Mich Kabay) "In order to make it easier for you" (T Bruce Tober) Melissa, GUIDs, and VicodinES (Richard M. Smith) Re: GUIDs and Melissa (Jiri Baum) REVIEW: "Y2K Risk Management", Goldberg/Davis/Pegalis (Rob Slade) RISKS 20.34 Weds 28 April 1999 Virus infects computers worldwide (Edupage) A genuine sighting of a virus -- for once (Nick Brown) Sex aid give holiday flight a shaky start (Frank Markus) A Supreme Indecency (Monty Solomon) Bar says e-mail OK for transmissions (Monty Solomon) You'd think they'd know better... (T Bruce Tober) A man charged with counterfeiting bank ATM cards (Chiaki Ishikawa) What's DejaNews up to? (Richard M. Smith) Dodgy automatic address book resolution (Samuel Liddicott) Re: GUIDs and Melissa (Russ Cooper) REVIEW: "Great Misadventures", Peggy Saari (Rob Slade) Open Source Software at 1999 USENIX Annual Conference (Jennifer Radtke) RISKS 20.35 Friday 30 April 1999 On-line banking customers off-line for the week (PGN) Court labels unwanted e-mails "trespassing" (NewsScan) 13-year-old makes $3M in bids on eBay (Doneel Edelson) File-conversion errors between Word and WordPerfect (Gordon Foreman) Re: The Bloatware Debate (RA Downes) Flash BIOS risks (Jonathan Levine) Re: What's DejaNews up to? (Col. G.L. Sicherman) RISKS of the net's success... (Matt Curtin) IWC Watch Company site publishing visitors e-mail addresses (Derek Ziglar) Risks of misaddressed mail (Joe Thompson) REVIEW: "The Y2K Survival Guide", Bruce F. Webster (Rob Slade) Advanced Workshop: USENIX Smartcard Technology, May 10-11, Chicago (Jennifer Radtke) CFP, 1st European Anti-Malware Conference (Jaroslav Blaha) RISKS 20.36 Saturday 1 May 1999 Seagulls speak English: Aldershot (John Haseler) Yet another satellite hits the dust (Joan L. Grove Brewer) Titan 4B places military satellite in improper orbit (PGN) No Bell Tolls for thee (Jeremy Ardley) Risks of "smart" MS Internet apps (Andrew Shieh) Re: Dodgy automatic address book resolution (Larry Pryluck) MS-Outlook 98 risk of mislaying messages in Outlook today (Jahn Rentmeister) Bloatware and the Windows API (Diomidis Spinellis) Re: The Bloatware Debate (Henry Baker) Bloatware and Nightlight Saving (R.A. Downes) Update on DejaNews click-through monitoring (Richard M. Smith) Re: WC Watch Company site ... (David B. Horvath) Re: Risks of misaddressed mail (Frederick M Avolio) REVIEW: "A Guide to Virtual Private Networks", Martin W. Murhamm (Rob Slade) CONF: 12th Software Quality Week (Software Research) RISKS 20.37 Tuesday 4 May 1999 Revisiting the USS Yorktown dead in the water (Mike Martin) Netfill scams 900,000 credit cards (PGN) Australian Securities & Investment Commission's April Foolery (Pauline van Winsen) Re: Bloatware Debate (RA Downes, Jonathan Goldberg, Henry Baker, RA Downes) Interesting results with MapQuest (Matthew Delaney) New risk of ITAR? (David Lesher) Risks of "Discovery" hounds (Russ Cooper) Outdated address books (Robert David Graham) Israeli scientist reports discovery of advance in code breaking (Edupage) Re: CIH virus (Matthew Todd) Re: MS-Outlook 98 risk of mislaying messages in Outlook today (Jedediah Grant) Smart Card Forum Privacy Symposium, 20 May 1999 (Donna Farmer) RISKS 20.38 Friday 7 May 1999 Sixth satellite launch failure in less than nine months (PGN) Israeli scientist reports discovery of advance in code breaking (Bruce Schneier) Bernstein Decision Upheld (Lauren Gelman) Export controls lose appeal (Adam Shostack) Computer glitches foul up flights at Chicago airports (Keith A Rhodes) Star Wars tchatchkis bring down eBay server (PGN) Oops! Intel "accidentally" sues potential partner (Lenny Foner) New Coke machine goes wireless and cashless (Mark Gregory) New area code creates accidental phone forwarding risk (Philip Koopman) Re: Bloatware Debate (Dick Mills) E-mail address not optional? (David Keegan) Security/privacy hole in Chase Online Banking (Daniel Norton) "The Vortex Daily Reality Report and Unreality Trivia Quiz" (Lauren Weinstein) RISKS 20.39 Friday 14 May 1999 Hacker competition opens in Singapore with $10,000 prize (Keith A Rhodes) Faulty software doomed Titan 4B Milstar launch (Keith A Rhodes) MI6 Agents 'outed' by Web (Randy Holcomb) 41-year-old died while NYC's 911 system was down (Monty Solomon) ``Human error'' posts budget PR on the web prematurely (George Michaelson) Computer woes set back opening for Tulsa's jail (Jo Oerhlein) C compilers vs editors: WYSI NOT ALWAYS WYG (Daniel A. Graifer) Risks of upgrading a UNIX system (Wolfgang Moeller) Any Bell Atlantic customer can be spuriously Opted Out from CALL54 (Douglas A. Brothers) SurfWatch filters out plugandpray.com and minow.org (Martin Minow) MS AutoRoute Express 2000 (Pete Mellor) Another talking lift bug (George Michaelson) On-line account access (Leo Sokolskiy) Wrong e-mail address (Bruce Wampler) Risks of 3-letter user IDs for free e-mail accounts (Dan Yurman) RISKS 20.40 Tuesday 18 May 1999 Nuclear plant Y2K: High risk-readiness or high-risk readiness? (Mike Perry) Biometric risks (Dan Wallach) Singaporean ISP scans users' PCs (Andrew Brydon) ATMs gobble up cash cards (John Colville) Web browsers, URL collisions, and all that... (Zygo Blaxell) False Viruses (Thomas Gilg) HotMail is no Early Bird: happy99.exe (Malcolm Pack) Virus cleaner corrupts e-mail database (Diomidis Spinellis) MIME-Messages: quoted-printable chars in URLs (Christoph Conrad) New-fangled petrol pumps (Ian Chard) Re: C compilers vs editors: WYSI NOT ALWAYS WYG (Roy O. Wright) Re: Wrong e-mail address (Andrew J Klossner) Re: Risks of 3-letter user IDs (Thayne Forbes) Dimwitted naughty-word filtering lives... (Daniel Rutter) REVIEW: "Removing the Spam", Geoff Mulligan (Rob Slade) RISKS 20.41 Sunday 23 May 1999 Re: Biometric risks (Dan Wallach, Fred Herr, Dan Wallach reponding to James L. Cambier, Paul Lewis Gittins) Costly fight about party software (Debora Weber-Wulff) Embedded NT ... (Jeremy Epstein) Vulnerability in Windows SSL server and common browsers (Chris Cowley) Buggier than thou ... Wiretapping (Mike Williams) Y1.K9 (Mark Brader) JAVA language definition (Craig DeForest) Documentation for vapor (Seth Gordon) Risks of aliasing webservers (Tim Panton) May you live in interesting times, or What excites bankers (Mark Brader) REVIEW: "Digital Democracy", Cynthia J. Alexander/Leslie A. Pal (Rob Slade) RISKS 20.42 Tuesday 25 May 1999 Breakdown leaves swimmers in the cold (Paul Oldham) Professional hazard in lightning monitoring (Amos Shapir) Airport radar comes under scrutiny (Doneel Edelson) Hospital delivery robot blocks exit from elevator (Lyle Gray) Y2K testing on weather images (Amos Shapir) German government criticizes own style in Word documents (Debora Weber-Wulff) Summary of biometric responses (Dan Wallach) Re: Biometrics (Dave Upton) Eye swear, it was working yesterday! (Adam Shostack) Addressing phenomenon: Once a Canadian, ... (Mich Kabay) Security vulnerability in Netscape (Lindsay Marshall) Emperor Hirohito's death causes SW problems (Stuart Woodward) Re: JAVA language definition (Jim Thompson, Robin Landis) Microsoft "fixes" the MS Office macro virus vulnerability (Paul Walker) Embedded NT... in case you don't have enough to worry about already (Gregor Ronald) REVIEW: "Microsoft Windows NT 4.0 Security, Audit, and Control" (Rob Slade) RISKS 20.43 Friday 4 June 1999 A THAAD Day in Black Rock (PGN) Ghost bridge (Meine van der Meulen) Y2K Test Knocks Out Fiji's Telecommunications (Doneel Edelson) Hackers take down FBI and Senate Internet sites ... (Keith A Rhodes) Crackers do for gov't what critical infrastructure report couldn't (John Gilmore) Errors in the Cox report on Chinese nuclear spying (PGN) Hoax takes down country's phone networks (Lloyd Wood) Symbols silently slip south: it's not Greek to pdf (Bryan O'Sullivan) John Denver and interfaces (Lindsay Marshall) Smart Identity Card to debut in Malaysia (Anonymous) Late-night movie viewing and computerized ticket sales (Steve Fenwick) Senator Hatch - Trademark (Alan Barclay) BUGTRAQ may be banned in Australia (Peter Jeremy via Seth David Schoen) Re: Microsoft "fixes" the MS Office ... vulnerability (David Mediavilla) We don't care, we don't have to, we're the phone company! (John Pettitt) Firewall risks (Robert David Graham) Re: Allaire defects are nobody's fault? (Adam Shostack) A Problem with Biometrics (Andrew J Klossner) Re: Biometric risks (Ron Ruble) California will sell confidential wage data (PGN) Privacy Digests (PGN) RISKS 20.44 Tuesday 15 June 1999 GPS kills 8 in air (Lloyd Wood) W32/ExploreZip.worm "virus" and user interfaces (Steven M. Bellovin) CERT Advisory CA-99.06 - New information regarding ExploreZip (CERT) Downloading Y2K fixes to Internet Explorer leads to clock problem (Paul Karger) ActiveX Security Revisited (Steve Loughran) Unwanted wildcard match (Nick Brown) Bank sued over client data sale (Monty Solomon) UAL -- the UnFriendly Cybersky? (David Lesher) RISKS 20.45 Thursday 17 June 1999 eBay embarrassed by crash of system and plunge of stock (NewsScan) Risks of e-mail borne viruses, worms, and Trojan horses (Bruce Schneier) Not trusting virus scans (Paul Hoffman) Risks of virus detectors blocking RISKS! (MAILsweeper) Supremes uphold law barring indecent speech online (NewsScan) Trouble for DoubleClick (Monty Solomon) Human error called culprit in 3 rocket launch failures (Lindsay Marshall) More troubles with PDF (Joe McCauley) Re: A THAAD Day in Black Rock (Danny Cohen) Re: GPS and collision risks (Peter B. Ladkin) GPS and collision risks in marine navigation (Chris Bruce or Bruce Chris?) Re: Risks - Depending on a *.xxx convention for file types (Rumy Driver) More on "Unwanted wildcard match" (Nick Brown) REVIEW: "Corporate Espionage", Ira Winkler (Rob Slade) RISKS 20.46 Saturday 19 June 1999 NASA discloses space station blunder (SigmaXi ScienceInTheNews) Y2K test sends sewage flowing in Los Angeles (Henry Baker) Resetting the A320 computer (Diomidis Spinellis) Intuit/Quicken Force Users to Internet & MS Internet Explorer (Lauren Weinstein) MS Word not as helpful as it thinks (Bill Shymanski) YANTBOF: yet another NT buffer overrun flaw (Epstein Jeremy) New ATM hazard (Aahz Maruch) Yet another ATM scam (Mike Williams) The cell phone that wouldn't stay OFF (Michael Heilman) Another case of credit-card 'security' (David Alexander) Maldesigned computer system slows background checks (Kragen Sitaker) Factoid paranoia (Mike Giroux) Risks of keywords in CSV files (Rex Black) REVIEW: "Intrusion Detection", Edward G. Amoroso (Rob Slade) RISKS 20.47 Saturday 10 July 1999 Electronics startup transient kills spacecraft (Craig DeForest) NASA discloses space station blunder (Wayne Mesard) Space Station AOL hack (Marc Passy) Busy phone lines block stay of execution (Joe Thompson) E-mail writer arrested for starting panic (Matthew Todd) Garciaparricide in All-Star balloting? (PGN) Custodiet ipsos custodes? Not without permission! (Adam Shostack) Singapore exchange blames outage on network failure (Paul Walker) eBay outage traced to failure to upgrade (Steve Klein) Australian virtual reality kanga-rues the day (Lindsay Marshall) Faulty vending machines block emergency calls in Australia (Mark Nottingham) Brazilian telephone network chaos (Matthew Todd) Spell-checker run amok? Shandling-->Changeling (Jim Griffith) REVIEW: "Computer Security", Dieter Gollmann (Rob Slade) REVIEW: "Securing Java", Gary McGraw/Edward W. Felten (Rob Slade) RISKS 20.48 Thursday 15 July 1999 London Underground sequence rollover (Lloyd Wood) Software disaster leaves new Australian submarine unfit (Quentin David Jones) Computer glitch causes severe train delays in Melbourne (Stuart Lamble) Medical paper retracted following discovery of programming error (John Doyle) Life-threatening flaw in implantable cardioverter-defibrillator (John Doyle) Potentially life-threatening medical equipment failure (John Doyle) Toyota smog-warning computer suit (Taz Daughtrey) Financial Engines: Should I jump off the bridge or live it up? (Susan Gerhart) Cancelling errors, serendipity in avoiding risks, and Kepler (Henry Baker) Traffic signals going all-green (Jeff and Glenn Grigg) Privacy statement risk, quoted without comment (Andrew Koenig) Re: Garciaparricide in All-Star balloting? (David Cassell) Re: Space Station AOL hack (Leonard Erickson) Re: Electronics startup transient kills spacecraft (Fernando Pereira) Re: E-mail writer arrested for starting panic (Cameron Hayne, J.D. Abolins, John O'Connor) Webmail is not the same as anonymous e-mail (Scott A Crosby) RISKS 20.49 Wednesday 21 July 1999 Intercom hang-up caused 1997 train collision (Mark Brader) Computer-based patient monitor problems: improvements still needed (John Doyle) Statistical errors in medicine (John Doyle) Centaur/Milstar Software Error (Peter B. Ladkin) Small problem escalates into major disruption (Doug Moore) Computer startup circuits (M. Simon) Netcom partial e-mail outage (Keith A Rhodes) junkfilter vs. xxx.lanl.gov (Thomas Roessler) "Bright Light" POP-based spam filtering: a bad idea (Lauren Weinstein) E-mail attachments and local names (Avi Rubin) Ab van Poortvliet: Risks, Disasters, and Management (PGN) REVIEW: "The Mythical Man-Month", Frederick P. Brooks Jr. (Rob Slade) RISKS 20.50 Tuesday 27 July 1999 One year in jail for not turning off cell phone (PGN) Communications blackout in Morocco (David Mediavilla) Phone outage in Plano (John P Mcgraw) Double your treasure, double your fun... (Daniel P. B. Smith) ActiveX security concerns continue (Richard M. Smith) DoD password management (Identity withheld by request) Misplaced priorities with electronic hospital records (John Doyle) Clinical disruptions following loss of telephone service (John Doyle) Re: Anaesthetists' equipment (Daniel Paul Sheppard) Re: Computer startup circuits (M. Simon) RISKS 20.51 Monday 2 August 1999 Critical Infrastructure Protection: Japanese toilets (Carl Landwehr) "Heat wave" (Steve Summit) Risks of on-line auctions: eBay scam (PGN) Conversion service for viewable formats (Lindsay Marshall) 2nd-class invitation in Outlook (Thomas Gilg) Re: Computer-based patient monitor problems (William Hutchens) Re: One year in jail: Fear in the skies (Bob Frankston) Re: ActiveX security (Peter da Silva, Adam Shostack) Are you sure your host isn't being mail-blocked? (Thomas Roessler) More on small problem escalates into major disruption (Doug Moore) New version of an old scam (Mike Ellims) Equivalence of logical and physical behavior... (James S Dukelow Jr) Re: Cancelling errors, serendipity in avoiding risks, and Kepler (Jim Thompson, Felix Tilley) Go FORTH and Multiply (Patrick E Kane) Announcing Dependability.org (Chuck Weinstock) REVIEW: "Internet Security with Windows NT", Mark Joseph Edwards (Rob Slade) The Software Engineering Symposium '99 (Carol Biesecker) RISKS 20.52 Thursday 5 August 1999 Can You Trust AT&T Wireless PCS Text Messaging? (Lauren Weinstein) EverQuest devours players' lives (Mich Kabay) Microsoft Word footnote problems irks federal appeals court (Declan McCullagh) Perceived medical risk must often substitute for actual risk (John Doyle) Open-source anesthesia software article in Salon (Martin Minow) Re: IMRSS and Open Mail Relay Scanning (Lauren Weinstein) Re: Japanese toilets (Chiaki Ishikawa, Brian Randell, Colin Sutton) Risks of RISKS (Brian T. Schellenberger) eBay's response to the eBay scam (Ray Randolph) Re: Go FORTH and Multiply (Leo Wong) Re: Heat wave (David Wittenberg) RISKS 20.53 Tuesday 10 August 1999 Cell Phones Become Instant Bugs! (Lauren Weinstein) Cell phone sends jet off-course (David Clark) Sharing files via Yahoo (Morten Welinder) Executive Order on Unlawful Conduct on the Internet (Bill Clinton via PGN) California's "shameful reputation"! (PGN) NCIC 2000 Begins Operations (Jack N. Fenner) Complexity and Safety in Medical Electronics (Dr D John Doyle) Re: Go FORTH (M. Simon) E-Trade and long passwords (Mark Harrison) Security sites vandalized (NewsScan) SPAM causes major ISP crash (Peter Leeson) Re: PCS, IMRSS, Mobile phones in airplanes (Peter Houppermans) Cell phones and aviation electronics (Glenn Carroll) REVIEW: "Kerberos: A Network Authentication System", Brian Tung (Rob Slade) UPCOMING EVENT- USENIX Security Symposium, 23-26 Aug 1999 in DC (Moun Chau) RISKS 20.54 Sunday 15 August 1999 MCI WorldCom frame-relay network problems (PGN) "Spy Who Messaged Me" -- now playing at Microsoft! (NewsScan) High-flying hijinks: canine passenger sinks teeth into plane (Paul Costalas) Risks of the modern train (Ben Hutchings) Car won't start if payments are delinquent (Daniel P. B. Smith) Salary payment diskettes intercepted and manipulated (Peter Fokker) Risks of Internet Explorer 5 (Lloyd Wood) Refrigerator gasket frozen out (Ted Lee) Y2K upgrade went 'horribly wrong', admits utility giant (Doneel Edelson) Government: Lessening risks through encryption (Alan DeKok) Having private services such as voicemail on shared phones (David Crooke) Re: NCIC 2000 (Stephen Fairfax) Computers, Freedom, and Privacy: CFP for CFP (Bruce R Koball) RISKS 20.55 Friday 27 August 1999 New Microsoft Java flaw (Edward W. Felten) Internet Explorer cannot read www.microsoft.com (Keith Edmunds) Tokyo traffic chaos in GPS date rollover (Mike Martin) GPS rollover hits yacht (Justin Mason) 9/9/99 (Lindsay Marshall) Y2K in China (David Cowhig via Donald B. Wagner) Downtown Chicago hit by electrical blackout (Doneel Edelson) Power coming back on causes UPS to lose power (Ray Todd Stevens) Numeric pager sending alpha messages (Ray Todd Stevens) Ohio town law against cell phones while driving (Jim Griffith) Justice seeks wider access to computer data (NewsScan) Inadvertent nameserver cache poisoning (Rich Lafferty) Purchase circles and insider information (Joseph A. Dellinger) Can Linux survive software patents? (Martin Minow) Canadian spy secrets leak on Web (David Kennedy) Auto-Fix feature for Dell PCs (Henry Robertson) Re: Car won't start if payments are delinquent (Keith Edmunds) gnu touch has an unusual sense of time (B. Elijah Griffin) Security check powers up computer (Edward Holden) Re: NCIC 2000 (Otto Stolz) USENIX Annual Conference 2000, Announcement and Call For Papers (Moun Chau) USENIX Security Symposium 2000, Announcement and Call for Papers (Moun Chau) RISKS 20.56 Friday 3 September 1999 Online gambling software flaw (Matthew Schmid) Test page for dangerous ActiveX controls (Richard M. Smith) Intuit strikes again (Gary Cattarin) Danish UPS (Finn Jensen in rec.humor.funny) Tandy bug? (Lindsay Marshall) E*Trade and the Dow Jones (Theodore Y. Ts'o) U.S. top-secret messages go astray (Andrew Johnson) UPenn bug report (Rebecca Mercuri) Local company stung by Y2K bug (Doneel Edelson) Smart