Subject: RISKS DIGEST 17.00 (97) REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest 1 April 1996 Volume 17 : Issue 00 (97) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 17 (27 March 1995 to 1 April 1996) (archived in ftp file risks-17.00) ---------------------------------------------------------------------- Date: 1 April 1996 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to (which is not yet automated). SUBJECT: SUBSCRIBE or UNSUBSCRIBE; text line (UN)SUBscribe RISKS [address to which RISKS is sent] or INFO, which returns the risks.info file. CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, nonrepetitious, and without caveats on distribution. By submitting an item that is accepted for publication in RISKS, the author grants permission for unlimited noncommercial public distribution and redistribution in electronic and print form. Diversity of content is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses. Contributions will not be ACKed; the load is too great; if you feel neglected, send a follow-up message. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Particularly relevant contributions may be adapted for the RISKS sections of issues of ACM SIGSOFT Software Engineering Notes or SIGSAC Review. * Submissions: By submitting an item that is accepted for publication in RISKS, the author grants permission for unlimited public distribution and redistribution in electronic or other form. * Reuse: Blanket permission is hereby granted for reuse of all materials in RISKS, under the following conditions. All redistributed items must include the Risks-Forum masthead line. All reuse must be accompanied by the following statement: Reused without explicit authorization under blanket permission granted for all Risks-Forum Digest materials. The author(s), the RISKS moderator, and the ACM have no connection with this reuse. As a courtesy, reusers of individual items (as opposed to forwardings of entire issues) should notify the authors, and should pay particular attention to any subsequent corrections. RISKS ARCHIVES: "ftp unix.sri.comlogin anonymous[YourNetAddress] cd risks or cwd risks, depending on your particular FTP. Issue J of volume 18 is in that directory: "get risks-18.J". For issues of earlier volumes, "get I/risks-I.J" (where I=1 to 17, J always TWO digits) for Vol I Issue j. Vol I summaries in J=00, in both main directory and I subdirectory; "bye" I and J are dummy variables here. REMEMBER, Unix is case sensitive; file names are lower-case only. =CarriageReturn; FTP.SRI.COM = [128.18.30.66]; FTPs may differ; Unix prompts for username and password. Also ftp bitftp@pucc.Princeton.EDU. WAIS repository exists at server.wais.com [192.216.46.98], with DB=RISK (E-mail info@wais.com for info) or visit the web wais URL http://www.wais.com/ . Management Analytics Searcher Services (1st item) under http://all.net:8080/ also contains RISKS search services, courtesy of Fred Cohen. Use wisely. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS PRIVACY DIGESTS: * The PRIVACY Forum is run by Lauren Weinstein, with some support from the ACM Committee on Computers and Public Policy. He manages it as a rather selectively moderated digest, somewhat akin to RISKS; it spans the full range of both technological and non-technological privacy-related issues (with an emphasis on the former). For information regarding the PRIVACY Forum, please send the exact line: information privacy as the first text in the BODY of a message to: privacy-request@vortex.com You will receive a response from an automated listserv system. To submit contributions, send to "privacy@vortex.com". Information and materials relating to the PRIVACY Forum may also be obtained from the PRIVACY Forum Archive via ftp to "ftp.vortex.com", gopher at "gopher.vortex.com", and World Wide Web via: "http://www.vortex.com". Full keyword searching of the PRIVACY Forum Archive is available through the World Wide Web access address. * The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is run by Leonard P. Levine. It is gatewayed to the USENET newsgroup comp.society.privacy. It is a relatively open (i.e., less tightly moderated) forum, and was established to provide a forum for discussion on the effect of technology on privacy. All too often technology is way ahead of the law and society as it presents us with new devices and applications. Technology can enhance and detract from privacy. Submissions should go to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. ------------------------------ SUMMARY OF RISKS VOLUME 17 (27 March 1995 to 1 April 1996) (archived in ftp file risks-17.00) RISKS 17.01 27 March 1995 Intuit's Macintax security lapse... (Bruce R Koball, Joe Morris) Patent searchers frustrated by computer index errors (John Gray) Sun's "Hot Java" will execute its code on your browser (Joe Smith) Beakman's World on CBS covers bugs (Thomas E. Janzen) A slight change in flight plan (Ric Forrester via Dave Horsfall) Europe open border - serious bug in procedure (Thomas Tonino) RISKS of non-standard interfaces (medical) (Richard I. Cook) More risks of non-standard medical interfaces (Steve Allen) Risks of doing date arithmetic *with* floating point (Geoff Kuenning) YAOGMV (Yet Another Overhyped Government/Media Virus) (Rob Slade) RISKS 17.02 30 March 1995 Re: Internet cybergambling (via PGN) Denial of Service Attacks, Jack Jaunters, and the Cool Site of the Day (Jerry Bakin) More on German Train Problems (Debora Weber-Wulff) Computer Crackers Sentenced (Edupage) Self-Censorship of NetPorn (Peter Wayner) RISKS of Green PCs and Disk Caches (Todd W Burgess) "thin, thin, thin computer candy shell" (Peter da Silva) Re: Risks of doing date arithmetic (Bob Frankston) More date/time problems (VAX) (Lord Wodehouse) RISKS of non-standard interfaces (Richard Schroeppel) RISKS 17.03 4 April 1995 Chunnel has ghost trains (Lord Wodehouse) Overzealous clock correction? (Robert Rhode) Israelis cough at the name of "Kaf" (Edward P Ravin) A Tale of Two Organs... (Matthew D. Healy) Mysteries of the Mind psychological SW advertisement (Rodney D. Van Meter) Police cop it from computer (Jon Hunt) Japanese transcription (was Re: Patent searchers) (Rodney D. Van Meter) OSHA Ergonomics draft (Jim Horning) Software safety, new handbook, standards (Archibald McKinlay via Jim Horning) Andersen Law Suit Report (Bernard Robertson-Dunn via Jim Horning) Complexity (was RISKS of non-standard interfaces) (Bob English) Re: More on German Train Problems (Branam) Is there a RISK in misremembering SF novels? (Peter da Silva) Re: Self-Censorship of NetPorn (Jerry Leichter) RISKS 17.04 6 April 1995 Thoughts on SATAN, Michelangelo and Crack (Tom Perrine) A possible "solution" to Internet SATAN: Handcuffs () Make a Call, Turn Off the Power (Mike Winkelman) Boeing 777 has dainty feet (Nathan Myers) Risks of HCI designed by non-typist (Pete Mellor) Endless loops in Voice Mail (Dick Mills) Computer will control Nick Ingram's execution (Mike Wilson) "Airport Vending Machine Sells Computer Programs" (Barry Jaspan) Computer Security's an Oxymoron (Edupage) Re: Complexity (Stephen L Nicoud) RISK of webpage rating system (Joan Combs Durso) Chunnel as a Theme Park (Re: Ghost trains) (A. Padgett Peterson) Insecurity over ATM security (Jon Green) Safeware: System Safety and Computers (Nancy Leveson) InfoWarCon '95, First Call for Papers (Winn Schwartau) RISKS 17.05 7 April 1995 The risks of flying pigs (Jose Reynaldo Setti) Same Old Song: More calendar problems (Chuck Weinstock) The Risks of believing in Lawyers (jacky mallett) Re: More on German Train Problems (Donald Mullis) Re: RISKS of non-standard interfaces (Matthias Urlichs) Photo ATMs (Harold Asmis) Re: Errors in patent databases (Jerry Leichter) Risks of tightly-packed telephone-number space (Jeff Grigg) RISKS of Digital Analogy [SATAN] (Bart Massey) SATAN, burglaries, and handcuffs (Matt Bishop) RISKS 17.06 18 April 1995 Computer crash freezes train traffic (David P. Schneider) RISKS of patrol-car computers (Glenn Story) Man arrested via stock-control systems (Timothy Panton) Barcode provides picture of burglar (Sean Burns) FDA orders recall of blood bank software (Paul Szabo) Installing Old Software on New Systems (Bruce E. Wampler) The state of software engineering (Jerry Leichter) About the recent Sun "CWS" mailstorm (Mark Graff via David Lesher) New risks in private digital cash (Wayne Gerdes) Overnight Privacy RISKS... (Peter Wayner) Fry-by-wire? Or just the currents of progress? (Ed Ravin) Re: "The Satan Bugs" () Risks of Library Catalog Keywords (John McHugh) Re: Searching for a book in a database (Erik Kraft) Re: Errors in patent databases (Mark Lomas) RISKS 17.07 20 April 1995 New Massachusetts password law invoked on hospital technician (PGN) Less than robust wiring designs (Tim Kolar) Fugue-by-Wire!? (James G Henderson) 11 B-boards dismantled in Montreal (Mich Kabay) Re: Installing old software ... (Ted Wong) Re: RISKS of patrol-car computers (Joe Chew, Matt Raffel) "Friendly" user interfaces (Re: Searching ...) (C. Titus Brown) Re: Searching for a book in a database (Jerry Leichter) Risks of online documentation (Prentiss Riddle) Risks of online catalogs (Doug Shapter) Computer-controlled electrocution (David Karr) 4th Conference on Software Risk (Lorrie Orndoff) RISKS 17.08 24 April 1995 Patched software threatens $26b federal retirement fund (Ed Borodkin) Church Cordless Phone Abused (Mich Kabay) Hollywood and Hackers (Mich Kabay) FTC Warns Of High-Tech Swindles (Mich Kabay) Floating-Point Time (Robert J Horn) Re: Barcode provides picture of burglar (Elizabeth D. Zwicky) Defamation by E-mail (David Dixon) Digital libraries and the great library at Alexandria (George McKee) Police use of "EMP" weapons? (Laurence R. Brothers) Parachute Automatic Activation Devices (Barry Brumitt) RISK of using MIME quoted-printable encoding (Hans Mulder) Extension of Registration for Security and Privacy (Catherine A. Meadows) Mathematics of Dependable Systems (Victoria Stavridou) RISKS 17.09 26 April 1995 Incorrect phone tracing lands Bostonian in jail (Michael J Zehr) Risks of discontinuous speech (Daniel P. B. Smith) Portable phone ban in British hospitals (David Wadsworth) EMPathic Traffic (Peter Wayner) Use of Lottery Security System to assist in fraud (Mike Wilmot-Dear) "Outrage! of the Month" by National Taxpayers Union Foundation (Stan Niles) Re: Risks of Keyword Systems (Mark Fisher) Re: Floating-Point Time (Robert J Horn, PGN, Geoff Kuenning) Re: 11 B-boards dismantled in Montreal (JdeBP) Re: Digital libraries (Andrew Kass) Re: Risks of Library Catalog Keywords (Patricio Poblete) The risk of being ashamed of the uses made of your work (John Lupien) RISKS 17.10 30 April 1995 Metromover inner loop back on line (Charles P Schultz) Radar-detector messages & cop-car computers (Mark Seecof) AOHell (Simson L. Garfinkel) Terrorism and telecommuting (Tim Kolar) CyberWinter: A Forecast (Richard K. Moore) Privacy directory (Simson L. Garfinkel) Re: Lotus Notes authentication protocol challenged (Charlie Kaufman) Re: Floating-Point Time (David Cline, Bill Hopkins) Re: Digital libraries (Shannon Nelson, Michael D. Sullivan) Clipper paper available for anon FTP (Michael Froomkin) Advanced Surveillance, Call for Papers (Dave Banisar) RISKS 17.11 4 May 1995 Finnish Executives Jailed for Software Piracy (Edupage) Cellular phones and Pacemakers: a RISKY Combination (Peter M. Weiss via Duane Thompson) The Road Watches You: 'Smart' highway systems may know too much (Simson L. Garfinkel) Using a car alarm to steal a car (Kevin Purcell) Final Program for COMPASS '95 (John Rushby) Safety through Quality Conference, 23-25 Oct, Cape Canaveral, Florida ``Cybercritical'' (Cliff Stoll's new book) (Edupage) Re: Portable phone interference in hospitals (Derek Hill) Re: CyberWinter: A Forecast (Arthur A Mcgiven) Re: "Outrage! of the Month" (Jeff Grigg) Year 2000? Don't forget 1752! (Matthew D. Healy) Re: Floating-point time (Andrew D. Fernandes, Peter Ludemann, Phil Brady) Re: Radar-detector messages & cop-car computers (F. Barry Mulligan, Mark Seecof, Richard Soderberg) RISKS 17.12 13 May 1995 Software Piracy (Edupage) Risks of trusting authority... (Peter da Silva) Mercedes-E marketing spreads virus (Klaus Brunnstein) Nautilus foils wiretaps (Simson L. Garfinkel) Microsoft "Bob" passwords (Jeremy Epstein) Internet Addiction (Ivan Goldberg) More on CNID (Marc Rotenberg) The Risks of trying to teach someone that doesn't want to learn (David P. Miller) Cellular disturbances (Torsten Lif) GPS Risks (Mark Moore) GPS landing systems (Neil Youngman) Problems with wrong assumptions about date conversion (Paul Eggert) Re: Year 2000? Don't forget 1752! (Tom Wicklund) ASIS articles Webbed (Frederick B. Cohen) RISKS 17.13 18 May 1995 "Double your fun" (CA lottery woes) (Bruce Findlay) AOL Used For Sting by Miami TV Station (David Tarabar) Marketing use of medical DB (Mark Seecof) Safeware: System Safety and Computers, Nancy Leveson (PGN) Computers, Ethics, & Social Values, Johnson and Nissenbaum (PGN) Building in Big Brother: The Cryptographic Policy Debate (Lance Hoffman) Microsoft plans corporate espionage (Chris Norloff) RISKS in Microsoft's Windows95 () Re: "Bob" passwords (Brian T. Schellenberger) 30 February 1712 (Tapani Tarvainen) Re: Intuit's Macintax security lapse... (Don Faatz) Re: "Nautilus foils wiretaps" (M. Vincent) Re: Cellular disturbances (David Woolley, Frederick Roeber) Re: Internet Addiction (Shawn Mamros, Rob Cunningham) RISKS 17.14 19 May 1995 Automated Loan Applications (Rick Russell) Positive-Ion Dangers: Computers and stress / depression (Dan S) The Risks of random PINs (Bill Fenner) Denial of Service attack at AOL (Ben Blout) Computer-controlled lock failure in hotel (Rick Simpson) Same scam, new venue (Bob Frankston) Name matching, again... (Bob Frankston) Nielsen, others to rate Internet, related RISKS (Mark Seecof) Integrity of archived data, standards for media retirement (Patrick Casey) Re: Year 2000? Don't forget 1752! (Melvin Klassen) Date and time and MS-DOS (Erling Kristiansen) RISKS in Microsoft's Windows95 (Steve Loughran) Microsoft plans corporate espion