Subject: RISKS DIGEST 18.00 (97)
REPLY-TO: [email protected]

RISKS-LIST: RISKS-FORUM Digest  31 March 1997  Volume 18 : Issue 00 (97)

       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
  ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

 Contents:
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
SUMMARY OF RISKS VOLUME 18 (4 April 1996 to 31 March 1997)
 (NOTE: This issue is archived in ftp file risks-18.00 , whereas
 the issues of volume 18 reside in subdirectory 18/risks-18.* .)

----------------------------------------------------------------------

Date: 22 August 1996 (LAST-MODIFIED)
From: [email protected]
Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.

The RISKS Forum is a moderated digest.  Its USENET equivalent is comp.risks.
Undigestifiers are available throughout the Internet, but not from RISKS.

SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you.  BITNET folks may use their
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS.  U.S.
users on .mil or .gov domains should contact <[email protected]>
(Dennis Rears <[email protected]>).  UK subscribers please contact
<[email protected]>.  Local redistribution services are
provided at many other sites as well.  Check FIRST with your local system or
netnews wizards.  If that does not work, THEN please send requests to
the newly automated <[email protected]>, with first text line
  SUBSCRIBE or UNSUBSCRIBE
[with option of E-mail address if not the same as FROM: on the same line].
  INFO
gets you this file.
  HELP
gives instructions on using the Majordomo listserver in other ways,
although not all are yet implemented for RISKS.

CONTRIBUTIONS: to [email protected], with appropriate, substantive Subject:
line, otherwise they may be ignored.  Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, nonrepetitious, and without caveats
on distribution.

Diversity of content is welcome, but not personal attacks.  PLEASE DO
NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses.  Contributions will not be
ACKed; the load is too great; if you feel neglected, send a follow-up message.
**PLEASE** include your name & legitimate Internet FROM: address,
especially from .UUCP and .BITNET folks.  Anonymized mail is not accepted.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Particularly relevant contributions may be adapted for the RISKS sections
of issues of ACM SIGSOFT Software Engineering Notes or SIGSAC Review.

* Submissions:  By submitting an item that is accepted for publication
in RISKS, the author grants permission for unlimited public distribution
and redistribution in electronic or other form.

* Reuse:  Blanket permission is hereby granted for reuse of all materials
in RISKS, under the following conditions.  All redistributed items must
include the Risks-Forum masthead line.  All reuse must be accompanied by
the following statement:
    Reused without explicit authorization under blanket permission
    granted for all Risks-Forum Digest materials.  The author(s), the
    RISKS moderator, and the ACM have no connection with this reuse.
As a courtesy, reusers of individual items (as opposed to forwardings of
entire issues) should notify the authors, and should pay particular
attention to any subsequent corrections.

RISKS can also be read on the web at URL http://catless.ncl.ac.uk/Risks
  Individual issues can be accessed using a URL of the form
  http://catless.ncl.ac.uk/Risks/VL.IS.html   [yes, VL = volume, IS= issue]
    (Please report any format errors to [email protected])

RISKS ARCHIVES:  ftp://unix.sri.com/risks  if your browser accepts URLs, or
  ftp unix.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>
  cd risks<CR> or cwd risks<CR>, depending on your particular FTP;
Issue J of volume 19 is in that directory: "get risks-19.J<CR>".  For issues
of earlier volumes, "get I/risks-I.J<CR>" (where I=1 to 18, J always TWO
digits) for Vol I Issue j.  Vol I summaries in J=00, in both main directory
and I subdirectory; "bye<CR>"  I and J are dummy variables here.  REMEMBER,
Unix is case sensitive; file names are lower-case only.  <CR>=CarriageReturn;
FTP.SRI.COM = [128.18.30.66]; FTPs may differ; Unix prompts for username and
password.  Also ftp [email protected].  WAIS repository exists at
server.wais.com [192.216.46.98], with DB=RISK (E-mail [email protected] for info)
  or visit the web wais URL http://www.wais.com/ .
Management Analytics Searcher Services (1st item) under http://all.net:8080/
also contains RISKS search services, courtesy of Fred Cohen.  Use wisely.

The ftp.sri.com site risks directory also contains the most recent PostScript
copy of PGN's comprehensive historical summary of one liners:
  get illustrative.PS

PRIVACY DIGESTS:

* The PRIVACY Forum is run by Lauren Weinstein, with some support from the
 ACM Committee on Computers and Public Policy.  He manages it as a rather
 selectively moderated digest, somewhat akin to RISKS; it spans the full
 range of both technological and non-technological privacy-related issues
 (with an emphasis on the former).  For information regarding the PRIVACY
 Forum, please send the exact line:

    information privacy

 as the first text in the BODY of a message to:

    [email protected]

 You will receive a response from an automated listserv system.  To submit
 contributions, send to "[email protected]".

 Information and materials relating to the PRIVACY Forum may also be
 obtained from the PRIVACY Forum Archive via ftp to "ftp.vortex.com",
 gopher at "gopher.vortex.com", and World Wide Web via:
 "http://www.vortex.com".  Full keyword searching of the PRIVACY
 Forum Archive is available through the World Wide Web access address.

* The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is
 run by Leonard P. Levine.  It is gatewayed to the USENET newsgroup
 comp.society.privacy.  It is a relatively open (i.e., less tightly moderated)
 forum, and was established to provide a forum for discussion on the
 effect of technology on privacy.  All too often technology is way ahead of
 the law and society as it presents us with new devices and applications.
 Technology can enhance and detract from privacy.  Submissions should go to
 [email protected] and administrative requests to
 [email protected].

------------------------------

SUMMARY OF RISKS VOLUME 18 (4 April 1996 to 31 March 1996)
 (archived in ftp file risks-18.00)

RISKS 18.01  5 April 1996
 Sixth Computers, Freedom and Privacy (Shabbir J. Safdar)
 A Wiretap Incident in New Orleans (Shabbir J. Safdar)
 Computer Error Costs MCI $Millions (Scott Lucero)
 Teen Accused of Hacking (David M Kennedy)
 Only Americans can contact the AT&T operator (Tom Gardner)
 Re: Wrong approach to Java security (Frank Stuart)
 Re: Risks of rewritable BIOSes (Jeremy J Epstein)
 Re: "This is not a bug" messages: MacsBug (David A. Lyons)
 Re: The Queen's Speech (Allan Engelhardt)
 Re: Notes on e-mail: Use of diaeresis (Dan Hicks, Daan Sandee)
 On the meaning of "email" (Clive Feather)
 Browser return e-mail addresses (Walter Roberson)
RISKS 18.02  9 April 1996
 The weakest link: Social (In)security Administration (Sean Reifschneider)
 ``Jail Gives Hackers a Lesson in Reality'' (PGN)
 Australian Insurance Company and Database (Andrew Waugh)
 De facto Daylight Savings (Matt Welsh)
 Re: Teen Accused of Hacking (William Ehrich)
 Microsoft Exchange helpfully misdirects e-mail (John Hoffmann)
 Re: Notes on e-mail: Use diaeresis (Tim Pierce, Otto Stolz)
 CompuServe's "secure login protocol": two steps forward, one back
   (Heinz-Bernd Eggenstein)
 IBMMAIL e-mail address woes (Erik Naggum)
 Re: X-Confirm-Reading-To: Pegasus woes on mailing lists... (Peter Yamamoto)
 The risks of .forward (Christophe Beauregard)
 Re: Wrong approach to Java security (Andrew Berman)
 Re: Risks of rewritable BIOSes (Jeremy J Epstein, Nicholas C. Weaver)
 Re: Computers, Freedom and Privacy '96 (Shabbir J. Safdar)
RISKS 18.03  10 April 1996
 Intel shutdown by power company software bug (Bruce E. Wampler)
 Daylight Savings Time problem (Bruce E. Wampler)
 Re: De facto Daylight Savings (Dik T. Winter)
 Don't go it alone -- the Risks of poor design decisions (Russ Broomell)
 Warning! My [...] let me [dangerous/confidence-breaking act] (Rob Bailey)
 Signing binaries (Bennet Yee)
 Re: Jury Duty (D.C. Sessions)
 Secure authentication falling back to insecure (Tim Kolar)
 Re: Notes on e-mail: Use diaeresis (Jim Rees)
 Re: Microsoft Exchange helpfully misdirects e-mail (Anthony Atkielski,
     Steve Sapovits)
 COMPASS '96 Advance Program (Connie Heitmeyer)
 The Second USENIX Workshop on Electronic Commerce: cfp (Bennet Yee)
RISKS 18.04  15 April 1996
 OS/2 Warp TCP/IP misfeature (Pete Bentley)
 Data entry omission extends prisoner's sentence (James K. Huggins)
 Has the net reached a critical size? (Frederick Roeber)
 Single names and identification (Colin Eric Johnson)
 The joys of FAX machines (Drew Dean)
 Real "Natural" language design isn't easy either (Peter Van Eynde)
 Another Daylight Saving Time problem: Netscape 2.* reload
   (John F. Whitehead, Prentiss Riddle)
 Another Daylight Savings Time risk: billing (Lorne Beaton)
 Abuse of statistics about computer crime (Dan Barrett)
 Phone-sex users on web index accidentally [Name withheld by request]
 Re: The weakest link (Paul Robinson)
 Re: X-Confirm-Reading-To: Pegasus woes ... (David Woolley, Peter Yamamoto)
 Re: A note on e-mail (David Milun, Jiri Baum)
RISKS 18.05  18 April 1996
 NYPD phone system cracked (Fernando Pereira)
 Judge: Computer encryption codes ruled protected speech (Jay J. Kahn)
 Euthanasia via computer (Pete Grooby)
 Internal Revenue Service browser (Dave Del Torto)
 Capitalizing on the Millennium (Steve Summit)
 Consumer risks on the Internet (Mike Wyman)
 Re: The joys of FAX [and other] machines (Greg Gomberg)
 Re: Daylight Savings Time problem: Netscape 2.* (Mark Phaedrus)
 Re: OS/2 TCP/IP security (Lionel B. Dyck)
 Re: Microsoft Exchange e-mail aliases etc. (Chris Koenigsberg)
 More Microsoft Viruses (Edupage)
 Demise of the Web Predicted (Edupage)
 Web Called "Ultimate Act of Intellectual Colonialism" (Edupage)
 The RISKS of College Admissions (Maddi Sojourner)
 IEEE Symposium on Security and Privacy 1996 (Dale M. Johnson)
 Safety Critical Systems Vacation School Announcement (Mike Brown)
RISKS 18.06  23 April 1996
 Java security/privacy bug (Daniel Abplanalp and Stephan Goldstein)
 Swedish court fines parents for son's overly long name (Li Gong)
 Baltimore Throws the Book at Criminals (Peter Wayner)
 AMD5K86 Floating-Point Division Algorithm (J Strother Moore)
 MCI recommending bad security practices (Chad Ray McDaniel)
 Sometimes, stratum 1 time isn't so good (Dave Hsu)
 Filename bug in Windows 95 (Vsevolod Ilyushchenko)
 Web page e-mail addresses Risky (Ray Normandeau)
 Re: Web Called "Ultimate Act of Intellectual Colonialism" (Vadim Antonov,
     A. E. Siegman)
 Re: Euthanasia via computer (Paul Menon)
 Yes, there are new Word Macro viruses, no, this isn't one of them (Rob Slade)
 888 Risks (Russ Broomell)
 Databases without SSNs and UIDs? (Robert Ellis Smith)
RISKS 18.07  25 April 1996
 Former Oracle worker charged with perjury: bogus e-mail (PGN)
 A reminder about letter bombs in MSW6.0 [name withheld by request]
 AOL censors British town's name! (Clive Feather, Rob Kling)
 Re: Swedish court fines parents for son's overly long name (Viiveke F?k,
     Gunnar Pettersson)
 Computers and Social Unrest (Carl Wittnebert)
 When the Clock Strikes 2000 (Edupage)
 Re: MCI recommending bad security practices (Peter Scott)
 Society and the Future of Computing '96, 16-19 Jun 1996, Snowbird, UT
     (Jeffrey Johnson)
 CERT (sm) Advisory CA-96.09, Vulnerability in rpc.statd (CERT)
RISKS 18.08  29 April 1996
 Another way to run native code from Java applets (David Hopwood)
 The T-43A Accident in Dubrovnik (Peter Ladkin)
 FAA drops navigation system contract (Fred Ballard)
 The RISK of attributing error to malice (Paul R. Potts)
 Need to censor AOL's name! (Jack Campin)
 Re: AOL censors town's name! (Flavian Wallis, Greg Gomberg, Philip Overy)
 The "finger" command and "Paul Hilfinger" (Jim Horning)
 Re: Swedish and French names (Bertrand Meyer)
 Re: MCI recommending bad security practices (Andy Piper)
 Re: Former Oracle worker ... bogus e-mail (Mike Marler, J.R.Valverde (jr),
     John C. Rivard, Simona Nass, Steve Kilbane)
 Coordination and Administration of the Internet: workshop CFP (Tim Leshan)
RISKS 18.09  1 May 1996
 Breaking Java security restrictions with Javascript (Stephen Anderson)
 More on Java security (Peter Hughes)
 Cambridge University systems hacked! (David Alexander)
 File permissions 705 (Mordechai T. Abzug)
 Libel writ served by e-mail (Andrew Martin)
 X-Image-URL e-mail header line (Andrew Dalke)
 Internal e-mail addresses don't work (John Gilliver)
 File your tax return on the Web! (Jakob Schiotz)
 Australian court emulates Swedes (Ashley Robertson)
 Re: Warning! My [...] let me [act] (Geoffrey Cooper)
 Correction: The RISK of attributing error to malice (Paul R. Potts)
 Re: The RISK of attributing error to malice (Randal L. Schwartz)
 Odds of an accident for the Challenger (Michael Perelman)
 Children on the Internet: A Forum, Chicago, 18 May 1996 (David E. Sorkin)
RISKS 18.10  7 May 1996
 The Cali and Puerto Plata B757 Crashes (Peter Ladkin)
 Telephone accounting (Warrick Jackes)
 DOs and DON'Ts: A Perversity of Owner's Manuals (Ken Knowlton)
 30% of the births in California (Bob Frankston)
 "Survey Finds Computers Under Siege" (Peter G. Neumann)
 RISKS posting leads to e-mail attack! (Martyn Thomas)
 Denial of service made easy.... (David Lesher)
 ACLU Post-Trial Brief on the Web Site (Ann Beeson)
 Re: Cambridge University systems hacked! (Stephen Early)
 Re: AOL censors British town's name! (Peter Miller)
 Re: Odds of an accident for the Challenger (Gareth McCaughan,
     Pete Mellor, Paul Green, Dani Eder)
RISKS 18.11  13 May 1996
 Massive failure of Washington DC traffic lights (Jeremy J Epstein)
 Computer Error in phone bills (Mike Schwartz)
 Reactivating Windows95 Screen Savers (Mich Kabay)
 Re: AOL censors British town's name! (Xcott Craver, Dave Horsfall)
 Re: Odds of an accident for the Challenger (Hal Lewis, Jordin T. Kare)
 Internet in danger (Patrick Robin via Gordon Peterson, Bill Frantz,
     and Martin Minow)
RISKS 18.12  15 May 1996
 Software piracy (PGN)
 "Call Girls" web site [Name withheld by request]
 Morphing Character 217 in Macintosh Geneva Font (Paul Robinson)
 The risk of adding protection (Ray Todd Stevens)
 Troubleshooting ValuJet after the crash (Phillip C. Reed)
 Re: Internet in danger (Jim Carroll, Kevin Stock)
 Re: Odds of an accident for the Challenger (Michael Wild, John W. Cobb)
 Discussion Drafts of Medical Records Privacy Legislation (James Love)
 The SEI Software Engineering Symposium (Carol Biesecker)
RISKS 18.13  17 May 1996
 Netscape 2.02 RISK (Ed Felten, for Tom Cargill, Dirk Balfanz, Drew Dean,
   himself, and Dan Wallach)
 Garfinkel/Spafford, Practical UNIX and Internet Security, 2nd ed. (PGN)
 Static hypertext links to dynamic data (John Light)
 Notebook theft (Denis Parslow)
 Post-divorce wage gap statistic turns out to be computer error (Mike Coleman)
 France ISP issues (Simson L. Garfinkel)
 WWW "Bandwidth Exceeded" signals (Simon Higgs)
 Re: Software piracy (Li Gong, [-Alias], Simon Arthur)
 Re: Troubleshooting ValuJet after the crash (James L. Coffey)
 Re: Morphing Character 217 in Macintosh Geneva Font (Eric Fischer)
 Re: "Call Girls" web site (Mike Rose)
RISKS 18.14  22 May 1996
 The National Research Council Study of National Cryptography Policy
   (Herb Lin)
 Largest Computer Error in US Banking History: US$763.9 BILLION?
     (Dave Tarabar, David Kennedy)
 Credit Lyonnais Fire (Boyd Roberts)
 Gov't computer break-in in Australia (David Kennedy)
 Computers facilitate foolishness (Mark Seecof)
 Another Netscape Bug US$1K (David Kennedy)
 Screensaviour? (Matthew P Wiener)
 The risks of calling 800 numbers? (Rob Slade)
 12am: noon or midnight? (Ken Knowlton)
 The `pound' sign (Donald Mackie)
 Prompt bus sign (Donald Mackie)
 Addendum to my tirade on bad numbers (Bob Frankston)
 When your last name's also a first name ... (Scott Alastair)
 Number cruncher derides numbers (Bertrand Meyer)
 Call for Participation - SEI Conference on Risk Management (Carol Biesecker)
RISKS 18.15  24 May 1996
 U.S. National Research Council Study of National Cryptography Policy
     (Herb Lin)
 TILT! Counterfeit pachinko cards send $588M down the chute (Peter Wayner)
 Security by accident (Douglas W. Jones)
 A few little UK vignettes ... (Les Hatton)
 The Power of Alta Vista (Rachel Polanskis)
 Senate Hearing #1 on Information Security: GAO Report issued (David Kennedy,
   Ted Lee, Alan Tignanelli)
 Frequently used German passwords (Martin Virtel)
 The risks of calling 800 numbers? (Bob Blakley III)
 Re: pornography on net: real risk? (Bob Morrell)
 Re: Non-universal names for symbols (Angus Duggan)
 Society and the Future of Computing Update (Rick Light)
RISKS 18.16  1 June 1996
 Xerox machine caused nuclear power plant emergency halt (Magnus Ihse)
 NY Air Route Traffic Control Center computer failure (Peter Ladkin)
 US Charges Man Planned to Kill 4,000 Travelers (PGN)
 Assumptions about assumptions at 12 (Ken Knowlton)
 Re: TILT! Counterfeit pachinko cards ... (Chiaki Ishikawa)
 Timing out e-mail -- "kidsciencenet" spam (Laurence Brothers)
 Access to psychiatric records (Bob Frankston)
 Smartcards and medical data standards (Peter Bray)
 Re: Largest Computer Error in US Banking History? (Louis Koziarz)
 Risks of Statistics in RISKS-18.13 (Frank Fay)
RISKS 18.17  4 June 1996
 MARTA train jumps track (Stephen Cohoon)
 Taipei subway computer crash (Calton)
 New book by Peter Wayner on crypto and steganography (hide and seek) (PGN)
 Report Opposes Administration's Cryptography Plans (Edupage)
 New form of harassment; third-party paging (Joe Smith)
 Cyber-terrorists blackmail banks and financial institutions (The Dodger)
 "Secret lie-detector test from a distance" (Daniel P. B. Smith)
 MIME bites equations (Geoff Kuenning)
 Loopy Mail (Kevin Rainier)
 RISKS of insufficient concept design (Andrew Pam)
 Election "Glitch" in Cape Town (David Kennedy)
 Roundoff error on Detroit Edison bills (Jim Rees)
RISKS 18.18  6 June 1996
 L-vis Lives in Virtual TV (PGN)
 Another Java attack (David Hopwood, Marianne Mueller)
 FORTRAN and heat exchangers (Thomas Koenig)
 Ariane 5 failure (Ralphe Neill, John Rushby, David Wood)
 Ariane Explosion - Positive Aspects (Richard Butlin)
 RAL loses satellite cluster to Ariane Five (Philip Overy)
 Accidental shooting down of F-15 revisited (Chiaki Ishikawa)
 College Paper Sued Over Quote (Paul W. Wisneskey)
 Pornography and throughput? (Andrew Koenig)
 Re: Cyber-terrorists blackmail banks and financial institutions
   [Identity withheld by request]
 Fourth ACM Conference on Computer and Communications Security (M.K. Reiter)
RISKS 18.19  10 June 1996
 Janet Reno Wants Protection from Cybercrime (Edupage)
 Martinair B767 Aircraft suffers EFIS failure (Peter Ladkin)
 HTTP cookie privacy risk (Howard Goldstein)
 Autodeletion (Bradley K. Sherman)
 RISKs of dumb string searches (Gianfranco Boggio-Togna)
 Matra made software for Ariane 5 AND Taipei subway system (Frank Rieger)
 Re: The European Space Agency's little problem (James Brady, Marc Horowitz)
 Re: L-Vis Lives (Matt Ackeret)
 Virtual image tinkering, a positive side? (Mike Gardiner)
 Digital unreality (Harold Asmis)
 Re: College Paper Sued Over Quote (Nevin Liber)
 Confusing cost with worth (Mike Albaugh)
 1-week course on Internet Security, 29 Jul-2 Aug, at Stanford (Arthur Keller)
 Formal Methods Europe Conference: Call for Papers (Cliff B Jones)
RISKS 18.20  12 June 1996
 Federal Court KOs CDA (Marc Rotenberg)
 The computer is always right - again (Richard S. MacDonald)
 The Risks of *Zero Hour* by Joe Finder (Peter Wayner)
 Re: L-vis Lives in Virtual TV (Barry L Gingrich, Eamonn McManus)
 Digital photographic forgeries: nothing's ever new! (Scott Alastair)
 Re: Digital unreality (Jason Eisner, Lauren Weinstein)
 F-15 revisited again (David Damerell)
 Ariane-5 failures (Bertrand Meyer, David Wadsworth)
 RISKs of bogus FAQs (Tom Lane)
 CFP: 1997 Symposium on Network and Distributed System Security (Matt Bishop)
 Re: HTTP cookie privacy risk (Kenneth Albanowski, Rob Streno,
     Scott Hazen Mueller)
RISKS 18.21  17 June 1996
 Whitehouse Namechecks Glitch (David Kennedy)
 UK government announces proposals for encryption on networks (Steve Kilbane)
 Korea's Internet War (David Kennedy)
 Health Risk from Dusty Computer Displays (Martin Minow)
 Botched trademark search (George C. Kaplan)
 "Child Molester Database" on the Web (Dave Brown)
 Magellan 3000 GPS is `waterproof'? (Boyd Roberts)
 Rounding errors and grammar checkers (Gabor Megyesi)
 Re: Digital unreality (Lauren Weinstein, Luis Fernandes)
 Re: Ariane-5 failures (Lauren Weinstein)
 Physical barriers in the cockpit (Karl W. Reinsch)
 French police raid leading ISPs (Jean-Bernard Condat)
RISKS 18.22  18 June 1996
 Minor real-world spelling-checker story (Mark Seecof)
 About the American Hyphen Society (Bob Masson via others)
 Mike's TV is kind of funny... (Michael F. O'Connor via Richard Cook)
 Click *here* to lower the fuel rods (Chris Rebholz via others)
 More AOL censorship ["And it reaches new lows..."](Barry Shein via K.Bostic)
 Software products certification (Stephane Geyres)
 Warning!!!  Cellular Cloning (Veronica)
 Re: Magellan 2000/3000 GPS nightmare (Boyd Roberts)
 "Piece of Plastic" Used to Detect Drugs (Jerry Marco)
 Re: "Child Molester Database" on the Web (Bear Giles, Thomas Insel)
 Re: Physical barriers in the cockpit (Chiaki Ishikawa)
 Some Info on Space Flight (Derek Lyons)
 Re: Ariane 5 (Erling Kristiansen)
 Re: The European Space Agency's little problem (Prevelakis Vassilis)
RISKS 18.23  24 June 1996
 The Great Netcom Crash..... (David Lesher)
 Microsoft, AOL, and AT&T also have netwoes (PGN)
 Pachinko in the armor? (PGN)
 DoD and IRS tax systems (Richard L. Wexelblat)
 Unexpected risks of usability features (Steve Loughran)
 Espionage Suit (David Kennedy)
 Pointless PINs (Mark Seecof)
 Re: Click *here* to lower the fuel rods (Nancy Leveson)
 Urban Legends? (William Petrick, Charles Waite)
 Re: More AOL censorship (Edward Reid, Ray Everett-Church via Mike Epstein)
 Re: Spelling-checker war stories (Andrew Koenig, Kevin Haw)
 Static, dust, and other risks (Rob Slade)
 Re: Health Risk from Dusty Computer Displays (Terje Mathisen)
 Re: "Piece of Plastic" Used to Detect Drugs (Douglas W. Jones)
RISKS 18.24  2 July 1996
 Workmen strike at CERN (Al Smith)
 Ariane 5 Crash due to Faulty Software? (Andy Fuller)
 c4i-pro The Millennium comes early to GPS (Joe Gwinn via Tom Briggum ...)
 Police Computer Stolen (David Kennedy)
 Automatically generated typos in online Sydney Morning Herald (Tom McDermott)
 Grammar checkers (John Colville)
 The computer is always right - again (Hugh J.E. Davies)
 Metro Machiniste leaves train for coffee (Boyd Roberts)
 Blackmailing financial institutes - a real life story (Frank Rieger)
 Re: DoD and IRS tax systems (Dennis G. Rears, Scott A. Renner, Carl Minie)
 Digital Precipice: What the computer trade hides from their customers
   (Kirsten Raach on Markus Gaulke's book)
RISKS 18.25  12 July 1996
 Western U.S. power blackout (PGN)
 Recent west-coast power outage and thoughts on the power grid
   (Nicholas C. Weaver)
 Massive cell-phone identifier interception (PGN)
 56-Bit Encryption Is Vulnerable, Says Zimmermann (Edupage)
 John Munden is acquitted at last! (Ross Anderson)
 Risks of Computers In Automobiles (George Beuselinck)
 Re: DoD and IRS tax systems (Todd B SanMillan)
 "Microsoft apologizes for *offensive* thesaurus errors" (PGN)
 Microsoft mail, bane of mailing list software (Joe A. Dellinger)
 Re: More AOL censorship (MarkAYoung)
RISKS 18.26  19 July 1996
 ``Primary Colors'' and computer evidence (Peter G. Neumann)
 The increasing complexity of everyday life (Don Norman, PGN)
 "Computer Buff Raids Marks & Spencer Security Secrets" (David Kennedy)
 ICEE voice-mail breakin (Thomas Insel)
 NSA response to key-length report (Matt Blaze and Whit Diffie)
 Re: 56-Bit Encryption Is Vulnerable, Says Zimmermann (Dave Tweten,
     A. Padgett Peterson)
 New ATMs considered harmful (Carl Resnikoff)
 Safety-Critical Computer Systems, by Neil Storey
RISKS 18.27  23 July 1996
 Problems with Olympic Information System (Edupage)
 Re: *Primary Colors* and Joe Klein (Joel Garreau)
 Ariane 5 failure: specification and design flaws (Pat Lincoln)
 Remote software changes are here (David Cassel)
 *The Logic of Failure*, Dietrich Doerner (PGN)
 Addendum to the complexity of everyday life (Don Norman)
 Re: The increasing complexity of everyday life (John Pescatore)
 Re: Western power outages (PGN, Jonathan Corbet, Tracy Pettit)
 Re: 56-Bit Encryption Is Vulnerable (Barton C. Massey, Steven Bellovin)
 Centre for Software Reliability: Design for Protecting the User (Pete Mellor)
RISKS 18.28  26 July 1996
 Johannesburg Stock Exchange Computer Fails, Again (Scott Hazelhurst)
 Static Klingons and Dynamic Cash (Peter Wayner)
 Sweden will not set limits for electric and magnetic fields (Martin Minow)
 Cleaning person inadvertently kills patients (Archie Russel via
     Michael D. Crawford)
 DMV security code breached at hospital in New Haven (Ed Fischer)
 Risks of Using VISA Cash in Atlanta (Heather Hinton)
 More on computer systems and the Olympic Games (Jose Reynaldo A. Setti)
 Esoteric Encryption Risks (Russ Broomell)
 More on the Ariane-5 Disaster (Jan-Peter Munk)
 Re: Western power outages (Mark Stalzer, Paul Green)
 Re: the complexity of everyday life (Scot E. Wilcoxon, Bryan O'Sullivan)
RISKS 18.29  31 July 1996
 Another Ruling Against Communications Decency Act (Edupage)
 Bringing Design to Software, Terry Winograd (PGN)
 Where Wizards Stay Up Late, Katie Hafner and Matthew Lyon (PGN)
 Crisis management, National Research Council report (PGN)
 Clinton Anti-Terrorism Plans Called Threat to Civil Liberties (Edupage)
 Olympic bomb warning call (Steven Bellovin)
 System Testing Begins When System Is Tested (Keith Farkas)
 More on: Problems with Olympic Information System (Tom Rowe)
 Y2K hits divorcing couples in the UK (Mike Hanafin)
 Safety vs. money, always a problem (Geoff Kuenning)
 Risks of electronic credit card operations (Robert Schwanke)
 Computers Causing Power Outages (D.C. Sessions)
 Re: Mark Stalzer and Western Outages (Phil Hammons)
 Re: Western power outages: Errata for RISKS-18.28 (Paul Green)
 Re: Cleaning person inadvertently kills patients (Prabhakar Ragde,
     Geoff Kuenning, Steve Kilbane)
 Ariane 5 failure - due to register overflow (Hans-Martin Adorf)
 Findings of the Ariane 501 inquiry board (Kristiansen)
RISKS DIGEST 18.30  8 August 1996
 America Off-Line (PGN)
 AOL outage: risks of scaling inappropriately (Joel M Snyder)
 Trains fail to trigger computerized crossing gates (Mark Brader)
 The Crash Detectives: USAir Flight 427 (Jonathan Harr in the *New Yorker*)
 A bug in the zipcode-catalog (Martin Minow)
 Occam's Razor debunked (David Bruce via Peter M. Weiss)
 International Hacking Incident (Andrew Blyth)
 New system blamed for missed payments (David Kennedy)
 Kirk Enterprises: What's in a name? (Andrew Koenig)
 The increasing complexity of everyday life (Rshek)
 Department of Motor Vehicle records available On-Line (Rich Ellermeier)
 "Anonymous" phone tips and Calling Number Identification (Michael Cook)
 Re: Where Wizards Stay Up Late (Danny Cohen)
 Re: IBM's Olympic Systems (Dave Wortman)
 Re: Computers causing power outages (Paul Peters)
RISKS 18.31  9 August 1996
 "Buffer overload" crashes network bridge (Jeff Anderson-Lee)
 Re: America Offline (David Kennedy, David Cassel)
 Re: AOL outage: risks of scaling inappropriately (Jeff Hayward)
 Re: Kirk Enterprises: What's in a name? (Jeffrey Mogul)
 Novel: Slow River (Steve Kilbane)
 Re: The increasing complexity of everyday life (Barry L. Brumitt)
 Re: Department of Motor Vehicle records (Lauren Weinstein, Steven Bellovin,
     C. Titus Brown, A.E. Siegman, Kevin Johnsrude)
RISKS 18.32  13 August 1996
 Java security update (Ed Felten)
 More Power to us?  "It couldn't possibly happen again" department (PGN)
 Another London train crash; well, it's not supposed to happen! (PGN)
 Fire alarms on Boeing 777 triggered by fruit/frog cargo (PGN)
 Electromagnetic pulses to stop car chases? (Peter Wayner)
 GPS Receiver Explodes (David Kennedy)
 Bread-riots and circuses (Brian O'Connell)
 The risks of apathy in telephone callers (Christopher Kline)
 CyberRisk '96 Conference, Call for Participation (Mich Kabay)
 Re: Computers causing power outages (Paul Hughett)
 Re: "Anonymous" phone tips and CNID (Jeffrey Mattox)
 Re: Department of Motor Vehicle records (Steve Sapovits, Benedikt Stockebrand)
 Re: America Offline (James K. Huggins, Matthias Urlichs)
RISKS 18.33  14 August 1996
 Fault-tolerant software for escaping "upgrade hell" (Vladimir Z. Nuri)
 RISKy cars coming! (Greg Dolkas)
 128-bit Netscape registration (Alan Arndt via via Jim Horning)
 Operator error or system design fault in Atlanta 911? (Philip Rose)
 The 1994 A300-600 Nagoya accident - final report (Peter Ladkin)
 Re: America Offline (Pete Mellor)
 Re: Computers causing power outages (Robert I. Eachus)
RISKS 18.34  16 August 1996
 California DMV records NOT secure (Mark Seecof)
 Re: London train crash: update (Scott Alastair, Jim Reid)
 Re: 128-bit Netscape registration (Bernard Peek)
 Re: Fault-tolerant software, "upgrade hell" (Kurt Fredriksson, Wayne Hayes,
     Valdis Kletnieks, Vladimir Z. Nuri)
 Re: Electromagnetic pulses to stop car chases? (Michael Brady)
 Re: Western Power Outage (Steve Forrette)
 Re: America Offline (Valdis Kletnieks, Lowell Gilbert)
 Re: Bread-riots and circuses (Hal Lockhart)
RISKS 18.35  19 August 1996
 Justice's Web Site Is Infiltrated (Edupage)
 "Vandalized" nuclear controls - Florida (Howard Goldstein)
 The risk of plagiarism with Websites (Roy Dictus)
 Names of punctuation as a risk (Jeremy J Epstein)
 Inability to "take it apart and see how it works" (Daniel P. B. Smith)
 Reliance on e-mail in an emergency (Ramon L. Tate)
 The Atlanta 911 transcript (PGN)
 Buggy metaphors (William Ehrich)
 How telcos upgrade switches (R. Spainhower)
 Rebooting vs. 7x24 Operations (Jeremy Leader)
 Re: Upgrade Hell (Henry G. Baker)
 Measuring time-to-fix (David Holland)
 Alternatives to Social Security Numbers (Robert Ellis Smith)
 Re: Department of Motor Vehicle records (Jan Vorbrueggen)
 Re: California DMV records NOT secure (A.E. Siegman)
RISKS 18.36  21 August 1996
 Internet Explorer Security Problem (Ed Felten)
 Computer Testing of Nuclear Weapons (Frank C. Ferguson)
 Swiss address risks of holding referenda by Internet (PGN)
 Risks of remote-controlled fireplaces (Jeffrey Mattox)
 Re: Escaping software upgrade hell (Vladimir Z. Nuri)
 Re: London Train Crash (Roger Hird, Clive D.W. Feather, Martin Poole)
 "Authentication Systems for Secure Networks" by Oppliger (Rob Slade)
RISKS 18.37  22 August 1996
 Karpov versus the world via Internet (PGN)
 SSN problem hits a Congressman (Stanton McCandlish)
 Easy answer on porno? (Tim Barmann via Dave Farber and Stanton McCandlish)
 Rich folks embrace digital privacy and anonymous markets  (Peter Wayner)
 Re: Internet Explorer security problem (Thomas Reardon)
 Inability to tinker not confined to hardware (Scott Alastair)
 Re: Computer testing of nuclear weapons (Robert Herndon, Mark Stalzer,
     Barry Jaspan, Frank C. Ferguson)
 Measuring software time to repair (Stu Savory)
 Long-running systems (Martyn Thomas)
 Call for Participation: SEI Conference on Risk Management (Carol Biesecker)
RISKS 18.38  26 August 1996
 More on the American Airlines Cali crash (PGN)
 DarkStar UAV crash from software change - cost, $39M (David Wheeler)
 Electric meter halts mail/news server (Kolja Waschk)
 Denial of service attack brings down Netcom listservers (Sidney Markowitz)
 DNS failure [from Matthew Dillon] (Steven Weller)
 Re: SSN problem hits a Congressman (Craig Neth)
 Microsoft's warning (Mike Walsh)
 Microsoft's patch (Ed Felten)
 Why Java, Bash, Explorer, and other bugs keep hurting us (Fred Cohen)
 Too much integration (Nick Brown)
 Re: Computer testing of nuclear weapons (Frank C. Ferguson, Jake Donham,
     Mike McKinlay)
 Year 2000 Bites the Budget (Frank Christensen)
 Re: London train crash (Clive D.W. Feather)
 Re: "Inability to tinker not confined..." (Tom Zmudzinski)
 Once more Murphy's Law (Jim Horning)
 Dependable Computing for Critical Applications, Final Call for Papers
   (Catherine A. Meadows)
RISKS 18.39  30 August 1996
 Qualcomm Satellite Tracking System creates regulatory risk (Steve Grabhorn)
 911 and voicemail (Carl Jester)
 Caching in web proxy gateways and content negotiation (Klaus Johannes Rusch)
 Java passwd changer? (Ken Bass)
 Risks of lowered expectations of stability (Daniel P. B. Smith)
 When the muzak goes quiet: risks of exception strategies (Nick Brown)
 Tunnel vision of Computer Society CD-ROM (Geoff Kuenning)
 US Army troubled by viruses in Bosnia (George Smith)
 Re: Denial of service ... Netcom listservers (Methvin Dave, Brent Chapman)
 Update on GPS Explosion (Bob Potter via David Kennedy)
 Karpov Wins Online Chess Match (Edupage)
 DIMACS Workshop on Network Threats (Wanglai Li)
RISKS 18.40  3 September 1996
 Accidental missile launch: color-code mixup (Ken Wood)
 About 3 weeks with network problems...!!! (Isaias Callejas)
 A funny thing happened on the way to the bank... (Andy Piper)
 Changing credit-card address (Gene M. Stover)
 Back-country technology (Andrew Duane)
 FedEx monitoring of cellular phonecall locations (Bernard Glassman)
 Re: "More power to us" (Ralph Barone)
 Algol passwd changer? (Marianne Mueller)
 Risks of multiple HTTP standards (Pete Bentley)
 Re: Tunnel vision of Computer Society CD-ROM (Geoff Kuenning,
     Theodore Y. Ts'o, Timothy R Prodin)
 Re: Exploding GPS (RISKS-18.39) (Matt Fichtenbaum)
 Re: Karpov v. the Internet" game (Dick Mills, Pete Mellor)
 19th Information Systems Security Conference (Jack Holleran)
 Information Security Conference - Cleveland (Robert Terry)
RISKS 18.41  5 September 1996
 China screens out Internet "Spiritual Pollution" (Edupage)
 AOL curbs incoming spams (PGN)
 AOL denial of service (Joe J. Birsa)
 Warning on the use of GPS (Jim Easton)
 More re: "More power to you" (Ralph Barone)
 The unstoppable computer: PLURIBUS (Pete Kaiser)
 Computers asked to identify suspicious baggage (Edupage)
 Government database correlations (Bear Giles)
 Hidden file info that you do not know about (Kirk McElhearn)
 Windows 95 passwords (Bear Giles)
 Re: Quadro tracker (Bear Giles)
 Accidental shooting down of F15 plane revisited (Chiaki Ishikawa)
 Re: Denial of service ... Netcom listservers (Greg Lindahl)
 Re: Back-country technology (Roger F Connolly)
 Re: FedEx monitoring of cellular...locations (Steve Holzworth,
     Gene M. Stover, Tony Lima)
 7th Computers, Freedom, and Privacy (Bruce R Koball)
RISKS 18.42  10 September 1996
 Failure-mode risks revealed by Hurricane Fran (Dave Schulman)
 Missile passes American Airlines Flight 1170 over Wallops Island (John Maddaus)
 Re: Accidental shooting down of F15 plane revisited (Dick Mills)
 Your BASIC electrocution -- "rats!", he said (Tim Steele)
 Black-hole web forms (Prentiss Riddle)
 RISK: Dangerous core dumps (Abigail)
 Y2K - Yet another risk (John Elsbury)
 Re: AOL curbs incoming spams (Brian Clapper, Bear Giles, Bear Giles)
 Re: AOL denial of service (Peter M. Weiss)
 Re: Netcom denial of service (Keith Moore)
 Re: Windows95 Passwords (Stewart Nolan)
 Microsoft VC++ property pages guaranteed to crash first time (Mark Mullin)
 1998 USENIX Security Conference, announcement/call for papers (Aviel Rubin)
RISKS 18.43  11 September 1996
 IRS drops Internet tax filing plan (PGN)
 RISKS of newspaper publishing (Rachelle Heller via Lance Hoffman,
   John Schwartz)
 Safety of real-time systems (PC versus SPS) (Andreas Huennebeck)
 Re: Accidental shootdown of F15 plane revisited (Robert Dorsett)
 Lexis-Nexis personal information database (Larry Hunter from Privacy Forum)
 Nebraska Automobile Title/Registration Records (Paul W Schleck)
 Re: RISK: Dangerous core dumps (James Bonfield)
 Re: Locating the position of cellular phones (Peter Campbell Smith)
 Re: AOL curbs incoming spams (Fred K Herr)
 AOL spamming case and direct e-mail in general (Lance J. Hoffman)
RISKS 18.44  12 September 1996
 GAO criticizes White House database controls (PGN)
 Galileo Glitch (Peter Ladkin)
 Recent KAL 007 discussion (Peter Ladkin)
 Keeping Your Mouth Open: re: F-15 shootdown (Peter Ladkin)
 Removal from Lexis' Ptrax database (Betsy P)
 Encryption's debate-chilling effect on universities? (Lance J. Hoffman)
 Re: Hidden file info that you do not know about (Edward Reid)
 Fax machines that tell too much (Christopher J. Bell)
 Unsolicted e-mail == unsolicited faxes ? (Edward N Kittlitz)
 "Free Speech" == "Free Speech" ? (Barry Jaspan)
 Re: AOL curbs incoming spams (Stanton McCandlish, David Allen, Dave Porter)
 Re: RISK: Dangerous core dumps (Matthew Hunt)
 Update 3 on GPS battery explosion (David Kennedy)
RISKS 18.45  13 Sep 1996
 Cracker Attack Paralyzes PANIX (Edupage)
 Re: PANIX SYN denial-of-service attack (Simona Nass)
 100,000 DM offer to hack GSM phones (Klaus Brunnstein)
 Linguistic RISKS (Aahz)
 Civilian GPS navigation errors (Jim Easton)
 Ariane 5 report in Aviation Week (Alan Frisbie)
 Re: Accidental shootdown of F15 plane revisited (Dick Mills)
 Re: Discussing aircraft accidents (Clive D.W. Feather, Mark Jackson)
 Re: Windows 95 passwords (Jack Rochester)
 Re: Passwords in files (James W. Birdsall)
 Re: Fax machines that tell too much (Robert Sargent, Keiji Kanazawa)
 Re: Unsolicited Unsolitude (Mark Eckenwiler)
 Simple solution to AOL's legal woes (Andrew Marc Greene)
 Sometimes junk e-mail is already a fax, legally speaking (Dan Franklin)
 Re: Removal from Lexis' Ptrax database (Jim Walters)
RISKS 18.46  16 September 1996
 Maryland Lottery Computer Glitch (Scott Lucero)
 Spider Minus Dog Equals Death (David Kennedy)
 Virus pushes actress over the edge.  No Backup? (Donald Mackie)
 Minnesota disconnected from the world for 12 hours (Theodore M.P. Lee)
 VeriSign's policy statement (Drew Dean)
 Airliner interference from a COMPAQ mouse, revisited (Mark Brader)
 Re: Accidental shootdown of F-15 plane revisited (Robert Dorsett)
 AT&T -- Lessons forgotten (Bob Fieldhouse)
 Word for Windows risks, continued (Jeremy J Epstein)
 Re: Microsoft VC++ property pages guaranteed to crash first time (John Vert,
     Mark Mullin)
 Re: Windows 95 passwords (Dirk Frankston)
 Re: AOL curbs incoming spams (Bernard Peek)
 More thoughts on junk mail (aahz)
 Re: Sometimes junk e-mail is already a fax (Mark Eckenwiler)
RISKS 18.47  19 September 1996
 Electromagnetic interference, medical-device risks, and airplanes (PGN)
 Lexis' P-Trak vs ptrax (Emma Pease)
 Re: Minnesota disconnected from the world (Theodore M.P. Lee, Jeremie Kass)
 Re: Microsoft VC++ property pages guaranteed to crash (Boyd Roberts)
 More ATM risks (Rory Chisholm)
 411 needs 911 (Kent Quirk)
 Bringing Home the Anonymous Bacon (Peter Wayner)
 Risks of not including appropriate manual overrides (William Hutchens)
 Re:  Failure-mode risks revealed by Hurricane Fran (Steve Holzworth)
 Ariane 5 report, available on line (Richard J. Fateman)
 ETHICOMP96 MADRID 6-8 November 1996 (Centre for Computing and
   Social Responsibility)
RISKS 18.48  23 September 1996
 An unlosable casino game (Kristiansen)
 When is -32768 != -32767-1 ? (Bear R Giles)
 RISKS of temporary change-of-addresses  (Simson L. Garfinkel)
 AIDS list compromised (Winn Schwartau)
 "PRIVACY Forum Radio", Lexis-Nexis "P-TRAK" Interview/Update (Lauren Weinstein)
 Detailed Update Regarding Lexis-Nexis "P-TRAK" Database (Lauren Weinstein)
 Even more ATM Risks (James Robertson)
 SYN Floods, IP Spoofing, and what to do about it (Fred Cohen)
 More on portable electronics/airplanes (Peter Ladkin)
RISKS 18.49  25 September 1996
 Minnesota State Senate candidate photo "mistake"? (PGN)
 CIA disconnects home page after being hacked (PGN)
 Cracker Bill Passes Senate (Edupage)
 AOL Resumes Junk E-Mail Block, Settles Class Action Suit (Edupage)
 Massachusetts welfare fraud investigators fired: tax-record misuse
     (Saul Tannenbaum)
 Heart monitor software (Jim Garrison)
 Automated toll collection test fails (George C. Kaplan)
 Warning! NT 4.0 utility wipes system configuration (Alan Wexelblat)
 Re: An unlosable casino game (Hal Lockhart)
 FTC gets involved in P-trax debate (Bear R Giles)
 Re: Lexis-Nexis P-Trak (Robert Ellis Smith)
 Re: Cracker Attack Paralyzes PANIX (Stephen Tihor)
 The RISKS of using "personal" info in authentication (Roger Moar)
 More ATM Risks (Roger Altena)
 Re: When is -32768 != -32767-1 ? (Bear Giles, Sidney Markowitz,
     Peter Jeremy, Mark Brader, Henry G. Baker, Erling Kristiansen)
 FWISC96 San Jose, CA (Mich Kabay)
RISKS 18.50  3 October 1996
 E-mail scam from "Global Communications" (PGN)
 Vanity E-Mail Bugs College Administrators (Edupage via Dave Farber)
 Rhode Island "Disgruntled employee" arrested for "e-mail virus" (Lee Rudolph)
 ACLU Files Suit Against Georgia Internet Law (Edupage)
 Clinton Okays Encryption Plan with Key Recovery System (Edupage)
 Bellcore Warns Smart Cards Are Vulnerable (Edupage)
 More side-effects from the Palo Alto power outage (PGN)
 The new UK air traffic control system (Brian Randell)
 Re: RISKS of temporary change-of-addresses (William K McFadden)
 Two recent occurrences: ATM, change of postal address (Philip H. Smith)
 Re: Postal change-of-address on-line (PGN)
 Watch your return address (Erann Gat)
 Queensland Police put Wanted Poster on the Web (Boyd Roberts)
 Getting scarier all the time (Erann Gat)
 Heart monitoring software (Bill Ragland, Tim Pietzcker, Steve Kilbane)
 More on Java security: see JavaSoft Forum (Marianne Mueller)
 Computerization and Controversy: Value Conflicts and Social Choices (PGN)
 Watch your return address (Erann Gat)
 Spring Forward, Fall Back -- but not just yet (Martin Minow)
 Airliner interference from a COMPAQ mouse, revisited (Paul Oldham)
 Advance Bank offers Internet Banking (Boyd Roberts)
 CFP Workshop on Formal Methods for Industrial Critical Systems (Diego Latella)
RISKS 18.51  9 October 1996
 $850 Million Social Security Problem (Scott Lucero)
 "ATMs chew up 400 bank cards" (Daniel P. B. Smith)
 Crisps (chips), football (soccer) & the web (Geert Jan van Oldenborgh)
 A Premature Comment on the Aeroperu Flight 603 B757 accident (Peter Ladkin)
 You think this database anonymizes entries? (Identity withheld by request)
 Re: RISKS of temporary change-of-addresses (Leonard Erickson)
 Another mail-forwarding problem (Adrian Howard)
 Risks of deferred ISDN charges (Bob Frankston)
 Re: Queensland Police put Wanted Poster on the Web (Mark Eckenwiler)
 Mailing list/vacation/autoresponder (Daniel P. B. Smith)
 Re: USPS Mail Forwarding (Frank Caggiano, Jonathan I. Kamens)
 Re: politics and safety (Steven Philipson)
 Communications Unleashed - CPSR conference program (Susan Evoy)
RISKS 18.52  12 October 1996
 Rats take down Stanford power and Silicon Valley Internet service (PGN)
 Punch-card ballots overturn primary election result (Dave Tarabar)
 Pyramid schemes on the Internet (PGN)
 Smartcard security and tampering vulnerabilities (Ross Anderson)
 Are Laptops Risky at 30,000 Feet? (Edupage)
 "Practical UNIX and Internet Security" by Garfinkel/Spafford (Rob Slade)
 Novell and CC:Mail risk (John Colucci)
 Maybe your secure Mac isn't as secure as you think (Carl Maniscalco)
 Accidental denial-of-service to subscriber [email protected] (Nick Rothwell)
 ZIP Code Causes Misaddressing of Packages (Frank Markus)
 ``Return to sender'' (Dik Winter)
 Re: Another mail-forwarding problem (Tony Lima)
 A Postmature Date on A Premature Comment (Peter Ladkin)
 CFP Computer Security Foundations Workshop 10 (Simon N. Foley)
RISKS 18.53  17 October 1996
 Stolen computer contains ophthalmology certification exam (PGN)
 Computers miss $1.2M in ATM withdrawals (Jack Fenner)
 Microsoft AGAIN distributes Macro Virus (Klaus Brunnstein)
 Re: Rats take down Stanford and Silicon Valley Internet (Arthur P. Smith)
 Health Info Database Misused (Duane Fickeisen)
 Risks of not understanding the system (John Stewart)
 RISKS of just having a name! (Nick Brown)
 Telephone Switch Cutover Problem (Paul J. Mech)
 Re: Maybe your secure Mac isn't as secure ... (Jon Callas)
 Re: Another Mail-Forwarding (Tony Lima)
 Risks of not including manual overrides: not a computer risk! (Jerry Leichter)
 The Year-2000 Crisis: a possible resource (PGN)
 Announcement: Year-2000 Software Crisis Conference (Hawkins Dale)
RISKS 18.54  21 October 1996
 A new attack on DES (Adi Shamir)
 "Key Recovery" Replaces "Key Escrow" in Encryption Plan (Edupage)
 Apology/Explanation for BBN-Planet outage (John Hight)
 Snail causes Liechtenstein's cable TV system to fail (Henning Holtschneider)
 Re: Rats take down Stanford ... (William Hugh Murray)
 Re: Computers miss $1.2M in ATM withdrawals (William Hugh Murray)
 Re: Health Info Database Misused (William Hugh Murray)
 People Security versus Computer Security (Li Gong)
RISKS 18.55  30 October 1996
 S-Bahn stopped by new switching software (Debora Weber-Wulff)
 Privacy: Bring back ticker-tape for the next N.Y. parade (Bruce R Koball)
 Child Pornography Hoax (Edupage)
 Risks of taking porno spam at face value (Pete Mellor)
 Beating the GRE: What time zone are you in? (from Manny via Dave Farber)
 Leonard Levine and Computer Privacy Digest (Peter G. Neumann)
 A new use of a new crypto attack (Jean-Jacques Quisquater)
 Re: A new attack on DES (Tony Lauck, Walt Farrell)
 Characterization of Research (William Hugh Murray)
 Re: $850 Million Social Security Problem (Mark Brader)
 Re: Franklin National Bank (R Ken Brown)
 Re: When is -32768 != -32767-1 ? (Mark Brader)
 Wasted redundancy (Ian Brogden)
RISKS 18.56  31 October 1996
 The next stage of Differential Fault Analysis (Adi Shamir)
 AOL Bans All Mail from 53 "Junk Mail" Domains (Edupage)
 "Fall back, free parking; spring forward, pay more" (Bear Giles)
 Cruise Missile software bugs (Kofi Crentsil)
 Tote Board Crash at Breeder's Cup (Tony Harminc)
 ATM problems in Canada (Richard Akerman)
 Re: Beating the GRE: What time zone are you in? (Li Gong, Bear Giles)
 More Personal Information Databases (Lauren Weinstein)
 Where Wizards Stay up Late: Book Review (Tom Perrine)
RISKS 18.57  5 November 1996
 Cutting off husband's cybersex leads to assault (Mich Kabay)
 ``Software explosion rattles car makers'' (Daniel P. B. Smith)
 No power ==> no-see windows (Mich Kabay)
 Lawyers eager for millennium cases (stayton)
 More risks in the supermarket; polymorphic buttons (Dan Ruderman)
 ATM Fraud in Israel - The Polish Gang (Jonathan Rosenne)
 IRS to send tax information to mortgage brokers by e-mail! (Erann Gat)
 Tracking Smart Cash (Edupage)
 Office 97, VBA 5.0, and macro viruses (Rob Slade)
 Re: Aeroperu (Peter G. Neumann)
 Re: Tote Board Crash at Breeder's Cup (Ben Morphett)
 Fault-induced crypto attacks and the RISKS of press releases (Paul C. Kocher)
 Re: A new attack on DES (Vadim Antonov)
 Unintentional Accesses (John R. LoVerso)
 Accidental Shootdown of the F-15, once again (Chiaki Ishikawa)
 -32768, hopefully for the last time (Kurt Fredriksson)
RISKS 18.58  6 November 1996
 1996 Melbourne Cup off-course betting fiasco (Harley Mackenzie)
 Fidelity Brokerage computer problems (George C. Kaplan)
 Bug in the network: a real spider (Nick Brown)
 Announcement - Warning to Crypto and Banking Communities (Ross Anderson
   via Bruce Schneider and Monty Solomon)
 Differential Fault Analysis: a possible defence? (David R Brooks)
 Ping o'Death from Windows 95 (Nick Brown)
 Re: Office 97, VBA 5.0, and macro viruses (Otto Stolz)
 Web search engines find connected components (David Skillicorn)
 Re: Tote Board Crash at Breeder's Cup (Larry Kilgallen, Ian Rogers,
     Henry G. Baker)
 Re: -32768 (Paul Eggert, Dik Winter)
RISKS 18.59  7 November 1996
 Intel product reaches directly into networked workstations (Jeff Mantei)
 Big Internet is Watching You (Martin Minow)
 Careful AeroPerusal (Peter Ladkin)
 Risks of using keyless coinlockers in Vienna (Stefan Sachs)
 Re: Fault-induced crypto attacks ... (Brian Randell)
 Why cryptography is harder than it looks (Bruce Schneier)
RISKS 18.60  8 November 1996
 Re: Why cryptography is harder than it looks (PGN)
 Back In Time (Peter Wayner)
 Risk of Earthquake Risk (Harold Asmis)
 Mobile Phone Mayhem! (Trevor Warwick)
 "NetLaw: Your Rights in the Online World" by Lance Rose (Rob Slade)
 The final version of the NRC crypto report is now available! (Herb Lin)
 Re: -32768 and strong typing (Jerry Leichter)
 Re: Arbitrary precision arithmetic (Robert I. Eachus)
 Re: Tote Board Crash at Breeder's Cup (Bear Giles, Mark Eichin)
 Re: S-Bahn stopped by new switching software (Bob Frankston)
 Call for papers: SafeComp'97 (Bob Fields)
RISKS 18.61  15 November 1996
 San Jose garbage billing system snafu (PGN)
 Revealing Software Glitch Bares Credit Card Info on the Web (Edupage)
 Good Java security doesn't imply good network security (David Martin)
 Making good ActiveX controls do bad things (Richard M. Smith)
 Invention by Design, Henry Petroski (PGN)
 Compile-time checking (Arthur Marsh)
 Eastern what time? (Mark Brader)
 Why Cryptography is Harder than it Looks (Bruce Schneier) [LONG]
 Risks in cryptography advertising  (Gene Berkowitz)
RISKS 18.62  20 November 1996
 Effects of the next cycle of solar interference (David L. Oppenheimer)
 Lock those electronic doors (Dave Farber)
 Risks of ActiveX (Simson L. Garfinkel)
 New tampering attacks on smartcards and security processors (Ross Anderson)
 Digital cash - just say no! Mondex/MasterCard (Nick Brown)
 Computer Theft, Low-Tech Style: Visa credit information (Edupage)
 The current score is: Y2K 1, Visa 0 (Ry Jones)
 Forwarded to X, remailed to Y, redirected to Z ... (Rob Slade)
 NT password is not much protection (comments on sci.crypt item)
 Large app stumbles JDK/JVM (Michael O'Donnell)
 Data correct, conclusion wrong (Flint Pellett)
 Cellular One locating cell calls (Sam Lepore)
 Re: Sometimes junk e-mail is already a fax, legally speaking (Phaedrus)
 Re: AOL Bans All Mail from 53 "Junk Mail" Domains (Chris Eason)
RISKS 18.63  26 November 1996
 Mars Probe crashes (Ben Morphett)
 Massive NY tax fraud (Mich Kabay)
 Complexity of the airplane pilot's interface (Mich Kabay)
 Bell Atlantic 411 outage (Rich Mintz)
 DIMACS Network Threats workshop, Rutgers, 4-6 December 1996 (Rebecca Wright)
 Year 2000 Problem Will Cause Lawsuits, Bankruptcies (Edupage)
 Y2K *Guardian* article on retroactive liability (Martin Minow)
 Danish government puts its own records on the Web, illegally (Ketil Perstrup)
 Badly placed hardware (Abigail)
 Digital footprints on the Internet (Martin Minow)
 "Disappearing Cryptography" by Peter Wayner (Rob Slade, Peter Wayner)
 Re: Effects of the next cycle of solar interference (McInnis)
 Risks of believing what you read: Re: Irish rock band (Stuart Woodward)
 The SEI Conference on Risk Management (Carol Biesecker)
RISKS 18.64  2 December 1996
 Amtrak ticket system breaks down (PGN)
 Bell Atlantic/Northern Telecom upgrade failure (Christopher Palermo)
 Shetland Islands newspaper hyperlink controversy (Lance Hoffman)
 RISKS of misidentified versions (John Pelan)
 Risks not limited to technology (Rich Mintz)
 Czech hackers allegedly rob banks (Mich Kabay)
 Data diddling in cockroach races (David Kennedy)
 Scary spelling correction (Geoff Kuenning)
 Web-based auto update of Microsoft's Java support (Tim Panton)
 E-mail solicitation on the rise (Scott C. Savett)
 ATMs zapped (Bruce Wampler)
 Radiation and crypto (Jean-Jacques Quisquater)
 Re: Smart cards and radiation (Jean-Jacques Quisquater)
 Workshop on Human Error and Systems Development (Nancy Leveson)
RISKS 18.65  9 December 1996
 Limits of automated newsgathering (Terry A. Ward)
 Crypto to protect ``bomb'' throwers (Peter Wayner)
 Another banking system hits the dust (John C. Bauer)
 Software hunts and kills Net viruses (Hans A. Rosbach)
 Don't touch this switch! (Rick Simpson)
 Blown Fuse Takes Out 911 System (Scott Lucero)
 Web content-substitution attack was a proxy-server fault (James Cameron)
 Risks of inappropriate encouragement (David M. Chess)
 Reuters computer tech brings down trading net (Steve L)
 Combatting cookies (Simson L. Garfinkel)
 MS-Access Runtime trashes WFW (Bob Price)
 Snowjob in selling computer books (Al Donaldson)
 "Computer errors cause several plane crashes" (Martin Minow)
 RISKS of frequent-flier long-distance promotions (Jonathan Clemens)
 Year 2000 and expiration dates (Robert Nicholson)
 Centralized computing (Darin Johnson)
 Re: Bell Atlantic 411 outage (Robert J. Perillo)
RISKS 18.66  12 December 1996
 Instant money (Debora Weber-Wulff)
 Digital Equipment Corp loses repetitive-strain injury suit (PGN)
 RISKS of using adobe acrobat reader under Unix (Peter T. Breuer)
 The risk of system administrators not understanding enough (Matt Barrie)
 Denver airport baggage system simulations (Luis Fernandes)
 A visit from the Goon Squad: computer evidence (Nick Brown)
 Discussion of `Computer errors' causes hernia (Peter Ladkin)
 re: "Plane crashes" -- corrections (Martin Minow)
 Re: Aviation Accident Rates (Peter Ladkin)
 Re: Don't touch this switch! (Bear Giles, Harlan Rosenthal)
 4th ACM Conference on Computer and Communications Security (Mike Reiter)
RISKS 18.67  13 December 1996
 Computer malfunction causes panic selling at Hong Kong stock exchange
     (Joel Chan)
 Washington State Unemployment Checks "Delayed" (Richard Berry)
 More on the complexity of software upgrades (Nancy Leveson)
 .pdf files -- RISKS of using Adobe Acrobat Reader (William Ehrich)
 Re: Combatting cookies (Bruce Schneier)
 Re: Amtrak ticket system breaks down (Robert Perillo)
 Re: Aviation Accident Rates (Mark Stalzer)
 Re: Don't touch this switch! (Darin Johnson)
 Re: A visit from the Goon Squad: computer evidence (Scott Gregory)
 CEPIS Statement: Security at risk due to encryption restrictions
     (Kai Rannenberg)
 The InterNIC: a case study in bad database management (Jonathan I. Kamens)
RISKS 18.68  16 December 1996
 California tax-form attacks: a new tax on businesses (PGN)
 Communications errors delay response to San Francisco fire (Brian Slesinsky)
 Power surges in Third World countries (Frank Conlon via Don Wagner)
 Re: repetitive strain injury suit (Joshua Goodman)
 November, 1996 CACM article on InfoWar Defense - highly critical (Fred Cohen)
 You can't rewrite history in Internet Explorer 3 (Tim Nott)
 *Java Security* by Gary McGraw and Edward W. Felten (PGN)
 When is an upgrade not an upgrade? (Ian Barker)
 Beware of Year2000 Sharks:  A Story for Non-Believers (Year2000InfoNet)
 Re: .pdf files, RISKS of using Adobe Acrobat Reader (Kenneth Albanowski,
     Gene Wirchenko)
 Re: Combatting cookies (Hal Lewis, Frank Stuart, Pete Kaiser)
 Women into Computing Conference 1997, last call for papers (Richard Nealon)
 Privacy Digests (PGN)
RISKS 18.69  19 December 1996
 Bright Field crash in New Orleans computer related (PGN)
 Bright Field: Risks of smart safety systems? (David Lesher)
 Major denial-of-service attack on WebCom in San Francisco bay area (PGN)
 Connecticut DPUC gets slammed (Daniel Pouzzner)
 U.S. program export controls ruled unconstitutional in No.California (PGN)
 German Cabinet Approves Internet Regulation (PGN)
 More savings we can count on our fingers... (Jeffrey Sorensen)
 URGENT! Major HOLE in NCSA httpd servers... (Matthew Healy)
 Warning! Security risks with ActiveX! (B Fiero)
 Re: November 1996 CACM article on InfoWar Defense (Geoff Kuenning)
 Re: Software hunts and kills Net viruses (Gregory B. Sorkin)
 First Workshop on Building and Using CORBAsec ORBs [urgent] (Richard Soley)
 New Security Paradigms '97, call for papers (Yvo Desmedt)
RISKS 18.70  20 December 1996
 BART software crash and system delays (PGN)
 Problems of "unforeseen" system aging (Nick Brown)
 LAPD Database Flaws in L.A. Weekly (Jeremy Leader)
 The Risks of Security (Robert J. Perillo)
 ATM gangsters (Andrew Weir)
 Justice Wants to scrutinize Parolee computer use (Pete O McVay)
 SATAN Survey (Christopher Klaus)
 PCs and configuration management (Jeremy J Epstein)
 Arrogance of Micro$loth Products - BEWARE! (Roland Giersig)
 Re: Cookies (Mark J Cox)
 More on the phf bug in NCSA httpd... (Matthew Healy)
 9th annual FIRST conference: Call for Papers (Stephen E. Hansen)
RISKS 18.71  23 December 1996
 Ghost 911 calls: software upgrade brings police (Timothy L. Kay)
 Re: Ghosts (PGN)
 Bright Field Accident in New Orleans (Michael Quinlan)
 ACTION ALERT: Stop the spread of personal information on the net (Jon Handler)
 "Cryptography Policy and the Information Economy" draft available (Matt Blaze)
 Security vulnerability in CERN access protection (Christopher Fraser)
 Re: Emergency Key Recovery and Reconstruction (Adam Shostack, Bill Murray)
 Protean documents (Daniel P. B. Smith)
 Re: Problems of "unforeseen" system aging (Andrew Koenig, Paul E. Bennett)
 Re: PCs and configuration management (Henry G. Baker)
 Microsoft documents and Rosetta stones (Darrin B. Jewell)
 Re: Arrogance of Micro$loth Products (Bob Vaughan, Jonathan I. Kamens)
 Secure passwords on the web? Not at Microsoft! (Andrew Marc Greene)
RISKS 18.72  30 December 1996
 Ontario legal system going online (J. Kivi Shapiro)
 Do Not Attempt to use Airplane as Submarine? (Mark Brader)
 Re: Cleaning person inadvertently kills patients (Mark Brader)
 The risk of being clueless?  ClariNet Site Audit (Mike Stump)
 Beware - a new mail virus: PENPAL GREETINGS (Moshe Zviran)
 Computer billing brouhaha for data networks (Robert Perillo)
 Re: Microsoft documents and Rosetta stones (Henry G. Baker, Peter Bishop)
 Re: Arrogance of Micro$loth Products (Robin Sheppard)
 More Area Code Problems (Simson L. Garfinkel)
 Re: Ghost 911 calls: software upgrade brings police (Michael Fuller,
     Peter Campbell Smith, Wayne Hayes, Steve Branam)
 Re: Cookies (Marc Salverson)
RISKS 18.73  30 December 1996
 HOAX: PENPAL GREETINGS (Michael Kohne)
 China Strengthens Control Over Internet (Edupage)
 Re: Action Alert (David Wittenberg)
RISKS 18.74  7 January 1997
 U.S. Air Force webpage hacked (PGN)
 Grammy web page leaks nominees (B.J. Herbison)
 The Sky Is Falling (Jim Horning)
 Computer safety 25 years ago (Wayne Hayes)
 Leap-Year software bug gives "Million-dollar glitch" (Jim Towler)
 VISA fines banks with Y2K problems (Lloyd Wood)
 Y2K: Blessing in Disguise (Mark Brader)
 Another privacy bug in Netscape (Kevin McCurley)
 When connectors shouldn't meet (Lauren Weinstein)
 Dan Farmer releases real-time security survey (Betty G. O'Hearn)
 Let UPS publish your signature on the Net (Hall)
 Easy answers... (Steve Hand)
 April 1 considered harmful (William J. Evans)
 Re: Do Not Attempt to use Airplane as Submarine? (Sam Lepore)
 'Ghost Trains' evidence of safe design (Andrew Waugh)
 2nd FMICS Int. Workshop, Call for Papers (Diego Latella)
RISKS 18.75  10 January 1997
 Newt Gingrich's confidential teleconference compromised by cell phone
     (Bruce R Koball)
 Fired Contractor Arrested in Computer Sabotage (PGN)
 Babbage-Catch Dolls? (PGN)
 Web Spoofing Is No Joke (Edupage)
 Computer threatens 11000 car-owners in Finland (Toomas Tamm)
 Run For Your Lives! Beepers Go Berserk, Refuse to be Silenced
     (Norm deCarteret)
 Double bills from SNDSS hotel (PGN)
 Defense Science Board Task Force on Information Warfare -- Defense (A Blyth)
 InfoWar (a)--fraud & scavenging (Mich Kabay)
 Infowar (b): Misrepresentation on the Net (Mich Kabay)
 New US regs ban downloadable data-security software (Lucky Green)
 Y2K problems?  What about 1997 problems for Coast Guard? [identity withheld]
 British Telecom plan for Y2K noncompliance fines (Lloyd Wood)
 Re: VISA fines banks with Y2K problems (Lloyd Wood)
 Denied removal from a data collection service (Dennis Glatting)
 Internet Archive - copyright violations and future embarrassment (Tim Slagle)
 7th Conference on Computers, Freedom, and Privacy (Bruce R Koball)
RISKS 18.76  16 January 1997
 Taco Bell-issimo (Peter G. Neumann)
 Telstar 401 catastrophic failure (Lauren Weinstein)
 More on fired contractor arrested in computer sabotage (Cathy Horiuchi)
 Five-Million-Dollar Bug (David Kennedy)
 Redundant virtual circuits lead to single point of failure (Sidney Markowitz)
 Missing-characters file: Not the only ones with that problem (Mark Brader)
 Electronic airline ticketing (Robin Burke)
 More Y2K humor: Split the difference (Mark Brader)
 Re: April 1 considered harmful (Chuq Von Rospach)
 Problem with Insight's WWW mail (Christopher G. Holmes)
 Risks of miskeying e-mail addresses (Gerard A. Joseph)
 Congress and FBI aided Gingrich's cell-call snoops (Jim Warren)
 FBI Offers New Proposal for Digital Wiretaps (Edupage)
 Re: New US regs ban downloadable data-security software (David Holland)
 FreeWare WORD macro antivirus release: PC/MAC (Padgett Peterson)
 DIAC '97, Seattle 1-2 March 1997 (Susan Evoy)
RISKS 18.77  20 January 1997
 Playboy strikes again (PGN)
 Potential misery in Missouri: Taxes For Telephiles (Mike Coleman)
 Leaking WWW surfer interest profiles (Anders Andersson)
 Re: Handwritten signatures used for verification (Dave Finkelstein)
 Re: UPS use of handwritten signatures, Lauren Weinstein article (PGN)
 Blaming the safety people (Joshua Levy)
 The Millennium problem: another too-young case (David R. Vinograd)
 Y2036, Y2038, and the superiority of UNIX (D.J. Bernstein)
 Re: More Y2K humor: Split the difference (Tony Lauck)
 Re: More on fired contractor... (Carlie Coats)
 Re: Taco Bell-issimo (Vincent Weaver)
 IBMmail flame on -- albeit out of character (PGN)
 Re: Risks of miskeying e-mail addresses (Darin Johnson, Niall Murphy)
 Irrelevant risks of miskeying e-mail addresses (Lawrence H. Smith)
 Chuq spoofing Spaf, and the archives (Adam Shostack)
 Privacy Digests (PGN)
 The SEI Conference on Risk Management - Preliminary Program (Carol Biesecker)
RISKS 18.78  22 January 1997
 Shetland Times copyright suit (Brian Randell)
 Risks of letting NSA near your laws (security fixes embargoed) (John Gilmore)
 A320 Flight Control Computer Anomalies (Peter Ladkin)
 Lack of software testing in teaching & real world (Michael C Taylor)
 Apollo date bug coming soon (Jim Rees)
 Macintoshes and Y2K (Lloyd Wood)
 Date overflow risks (Arthur Schor)
 Y2036, Y2038, and the superiority of UNIX (Dan Hicks)
 Yahoo! promotes privacy -- well, at least they make an attempt (DaVe McComb)
 HTTP cookies still taste bad (Howard Goldstein)
 ad.doublelick.net -- URLs of doom (Andrew Molitor)
 Reliability of paper mail vs. E-mail (Jonathan I. Kamens)
 Caveat scriptor -- Risks of miskeying e-mail addresses (Mike Perry)
 Re: IBMmail problems (PGN, Jerry Ackels)
RISKS 18.79  28 January 1997
 Spamming Risks and Solutions (Simson L. Garfinkel)
 Risks of floor repair (Paul Bissex)
 Computer Glitch Gives Investors Instant Loss of Balance at Schwab
     (Norm deCarteret)
 Microsoft Office 97 Steals My Initials, MSOF (Michael S.O. Franz)
 Cosmic radiation can cause computer memory loss (Martin Minow)
 Re: Shetland Times copyright suit (Prabhakar Ragde, John Pelan)
 Re: Macintoshes and Y2K (Bear Giles, Jonathan Stott)
 Y2K on non-Unix/Microsoft systems (Steve McKinty)
 Re: Y2036, Y2038, and the superiority of UNIX (Frederick G.M. Roeber)
 URL filtering, Re: ad.doubleclick.net (Caveh Frank Jalali)
 Guilty by confusion? Domain names and IP addresses of net.abusers
     (Lars Wirzenius)
 Adios ads.doubleclick.net (John Hascall)
 Side benefit of proxies re cookies (Mark Seecof)
 Risks of communicating with the wrong person (James W. Birdsall)
 E-Mail Addressing Problems (Todd Burgess)
 Verifying Mail Addresses (David Fetrow)
 AOL software flaw (JMFBAH)
 4th ACM Conference on Computer and Communications Security (Mike Reiter)
RISKS 18.80  1 February 1997
 Berkeley student Ian Goldberg takes 3.5 hours to crack RC5 40-bit key
   (press release, via John van Heteren and Al Stangenberg)
 Non-Anglo Names Confound U.S. Social Security (Scott Lucero)
 Spelling checkers and inconsistent interfaces (Geoff Kuenning)
 Electronic Funds Transfer without stealing PIN/TAN (Debora Weber-Wulff)
 Corel warns about Word macro viruses (Yves Bellefeuille)
 RISKs of virtual patients (Nick BROWN)
 CSR hit by Year 2000 bug (Norman Fenton)
 Malicious Net Software Leads to Big Telephone Bills (Jeff Uphoff)
 Re: New US regs ban downloadable data-security software (Ian Goldberg)
 The Risk of Changing a Mailing List (Chris Meadows)
 MS Office steals my initials - Follow-up (Michael Franz)
 MCI as ISP, some security concerns... (Helen Stewart)
 "Moths to the Flame" by Rawlins (Rob Slade)
RISKS 18.81  6 February 1997
 The (f)e-mail of the PCs is more deadly than the bail (PGN)
 Difficulties in developing large systems: IRS, etc. (PGN)
 E-mail saboteurs confuse Columbian kidnapping negotiations (Miranda Mowbray)
 Dutch bank folly (Sape Mullender)
 Will-o'-the-w-ISP! More on AOL, Cyber Promotions (PGN)
 AOL: 45 minutes and Out -- w/glitch (David Kennedy)
 C++ Committee felled by Concept virus (Nathan Myers)
 Syntax completion - a bad thing? (Andrew Kelly)
 Re: Mike Schlier on memory loss by cosmic radiation (Martin Minow)
 Re: The *Shetland Times* Summary (John Pelan)
 Maryland Recycles Law On "Annoying" E-Mail (AOP Bulletin via David Farber)
 Re: Electronic Funds Transfer without stealing PIN/TAN (Dan Wallach,
     Lloyd Wood)
 Re: Student takes 3.5 hours to crack RC4 40-bit key (D. Dale Gulledge)
 Proposed satellite monitoring of car movements in Sweden (Feliks Kluzniak)
 Car radio "security" KeyCodes (Paddy Spencer)
RISKS 18.82  14 February 1997
 Does CNID really give you anonymity? (PGN)
 48-bit RC5 bites the dust (PGN)
 NASD loses records on 20,000 brokers (Stern)
 Risks of technical illustrations (Bear R Giles)
 NT Attacks (Christopher Klaus)
 Hostile ActiveX Control demonstrated (Klaus Brunnstein)
 More on the risks of ActiveX (Joe Meadows)
 Digital cameras may explode (Mark Seecof)
 Cell phones and car accidents (Edupage, 13 Feb 1997)
 Risk of IRS Outsourcing Processing (John Pescatore)
 Re: Will-o'-the-w-ISP! More on AOL, Cyber Promotions (Sean Eric Fagan)
 Re: Word virus/C++ committee (Andrew Koenig)
 Re: Y2K?  Y1990 strikes again! (Mark Brader)
RISKS 18.83  21 February 1997
 TCAS and the F-16 incidents (PGN)
 B777 autopilot/flight-director problems? (Peter Ladkin)
 Myths about digital signatures (Edward Felten)
 Suit Over Computer Use (David Kennedy)
 Bank Sued for Racist E-Mail (David Kennedy)
 Computer glitch mails out multiple driver's licenses (Dave Tarabar)
 Proprietary data formats and backcompatibility (Lloyd Wood)
 Web banking (Harold Asmis)
 Forgeries and Dejanews (Robert Ames)
 Judge Shuts Down Another Cyberporn Scam (Edupage)
 Who made the call in the Moldova porn scam? (Doug Claar)
 Virus mailed out on PhotoDisc CD-ROM (John C. Rivard)
 Y2K "problem" in virus? (Jim Griffith)
 Mobile code security mailing list (Edward Felten)
 ActiveX basic problem (Paul Robinson)
 MS on the CCC ActiveX virus (Tod Nielsen and Brad Silverberg via Lloyd Wood)
 Microsoft "defends" ActiveX (Travis Winfrey)
RISKS 18.84  21 February 1997
 Highly classified files copied by Croat teens? (PGN)
 Windows 95 will crash in 2038! (David Perrell via Chuck Wozniak)
 Year 2K and my VCR... (Nicholas C. Weaver)
 Downloading UPS-captured Signatures (Sharif Torpis)
 Re: Myths about digital signatures (Theodore Y. Ts'o)
 Re: MS on the CCC ActiveX virus (Fred Cohen, Steve Kilbane)
 ActiveX - a real world view (John Pettitt)
 ActiveX exploitation code in iX 3/97 (Thomas Koenig)
 Re: Bank Sued for Racist E-Mail (Jon Seymour)
 Re: Who made the call in the Moldova porn scam? (John Kohl, Marc Horowitz)
RISKS 18.85  4 March 1997
 Bremen hospital computer withdrawn (Debora Weber-Wulff)
 *Dallas Morning News* Web page on Timothy McVeigh (PGN)
 Password-Sharing Thwarts Web Revenues (Edupage)
 Tattooing SSNs on dogs to secure against dognapping? (Pat Sullivan)
 Worcester Poly student finds Internet Explorer flaw (PGN)
 Comments and corrections regarding Authenticode (Bob Atkinson)
 Not dead yet - I'm still 3 degrees! (Matthew M McNally)
RISKS 18.86  5 March 1997
 ActiveX security? TISK, TISK (Brent Laminack)
 Re: Comments and corrections on Authenticode (Li Gong, Jerry Leichter,
     David Hopwood, A. Padgett Peterson, Fergus Henderson, Glenn Chambers,
     Steve Kilbane, Kevin McCurley)
RISKS 18.87  6 March 1997
 ACM Kanellakis Award goes to public-key crypto creators (Peter G. Neumann)
 Risks of mouse-based interfaces (Jay Hersh via Phil Agre's RRE)
 Nevada May Ban Junk E-Mail (Edupage)
 "New" Java hole (Gary McGraw)
 Another view of what Bob Atkinson said on Authenticode (Christopher Rath)
 An alarm-system code feature (Robert Orenstein)
 SPAM generated from RISKS web site (Jim Thompson)
 Re: Risk of IRS Outsourcing Processing (Pete Kaiser)
 The number of the beast (Stu Savory)
 Re: Tattooing SSNs on dogs to secure against dognapping? (Brian A. Reynolds)
 Re: Not dead yet -- I'm still 3 degrees! (Bill Seurer)
 Re: Who made the call in the Moldova porn scam? (Aviel Rubin, Larry Kilgallen)
 AT&T "not responsible"? (Paul Colley)
 Fraudulent use of e-mail addresses (Andrej Panjkov)
 Re: Year 2K and my VCR: Dangers of Egg on Face (Nicholas C. Weaver)
RISKS 18.88  7 March 1997
 NASA: Another Website Bites the Dust (David Kennedy)
 Two More Microsoft Internet Explorer Bugs (David Kennedy)
 Another MacInTax "Glitch" (David Kennedy)
 Re: 12/99 problem (Clive D.W. Feather, Mark Brader)
 Computer glitch leads to police friendly fire (J.R.Valverde jr)
 Re: Mouse-based interfaces (Dean Esmay via Phil Agre)
 Trusting the software vendor (Matt Welsh)
 "Rich" computing versus security (Matt Welsh)
 Re: ActiveX security: The other side (Wayne K. Gerdes)
 Lab monitoring (Fritz Schneider)
 Risks of crying wolf (David Lesher)
 Moonlighting on safety-critical systems (Jonathan Bowen)
 The SEI Conference on Risk Management (Carol Biesecker)
 The Ethics of Electronic Information in the 21st Century (Les Pourciau)
RISKS 18.89  12 March 1997
 President's Commission on Critical Infrastructure Protection (PCCIP)
 Alberta Stock Exchange Shuts Down (Mich Kabay)
 Hot and cold running randomness (Dan Wing)
 Vietnam will censor Internet content (David Farber)
 More RISKS-relevant ACM awards (PGN)
 The Ariane 5 explosion: a software engineer's view (Robert L. Baber)
 Usability and Security re: Authenticode (Mary Ellen Zurko)
 CaptiveX/Authenticode (Henry G. Baker)
 Continual Risk/Benefit Analysis (Benedikt Stockebrand)
 Re: Trusting the software vendor (David Collier-Brown, Daniel Hicks)
 ActiveX Security for Dummies (Peter Gutmann)
 The real goal of Authenticode (Mark Seecof)
 CFP: DIMACS Workshop on Formal Verification of Security Protocols
     (Catherine A. Meadows)
RISKS 18.90  14 March 1997
 Trojan-horsing around with video tapes (John Janieri via PGN)
 Swedish Cracker Disrupts Florida 911 Systems (Edupage)
 AOL Says It Got Incorrect Stock Info From S&P (Edupage)
 News from the Land of Tamperproof Things (Peter Wayner)
 NCAA Gives FBI Info on Web Site Vandalism (Edupage)
 Dorothy Denning key-escrow/policy paper on-line (Mark Seecof, Dorothy Denning)
 Hardening Your Computing Assets: Defending Against HERF and EMP (Carlo Kopp
     via Winn Schwartau)
 Risks associated with upgrading to MS Office 97 (Lloyd Wood)
 Re: CaptiveX/Authenticode (Mark Bergman)
 Risks of random-number server (Dan Drake)
 Telephone Scam (Dewi Daniels)
 Re: Not dead yet -- I'm still 3 degrees! (David Fetrow)
 Re: The Ariane 5 explosion: software engineer's view (Kevin F. Quinn)
 Keith Rhodes: Y2K duns contractor for 97-year delinquency (Robin Sheppard)
 Y2K: the revenge of originality (Peter Vaneynde)
 Y2K & UNIX & Netscape, the end is HERE (Geoffrey Cooper)
 Y2K "problem" in virus? (Dean Matsen)
 InfoWarCon 7: Call for Papers (Betty G. O'Hearn)
RISKS 18.91  17 March 1997
 "Grounding of the Royal Majesty" (John Berg in searoom-l from Steve Schultz
     via Mike McLaughlin)
 Risks of losing your identity (CALPIRG item from PGN)
 Ignoring smart-card risks (David Randolph)
 Shockwave security hole exposes e-mail (Sidney Markowitz)
 Risks of online commerce (Paul O'Donnell)
 Experiences with a Year-2000 credit card (Robert Bowdidge)
 Re: Y2K: the revenge of originality (Amos Shapir)
 Risks of random-number servers (Eric Rescorla)
 Ariane 5 - a wry comment (C. Shen Orr)
 Re: Telephone Scam (Lou Fernandez, Dan Hicks, Stuart Woodward, Pete Kaiser,
     Jonathan I. Kamens)
RISKS 18.92  20 March 1997
 Flaw in Cell-Phone Encryption Identified; Design Process Blamed (PGN)
 The Illusion of Truth: Software Bugs as NewsBytes (Troy Heagy via
     Gary Grossoehme)
 Bring me the head of InterNIC (Elizabeth Hanes Perry)
 Bank cannot believe it made a mistake! (Glenn Story via PGN)
 Accident at a nuclear waste processing plant: keeping log info handy
     (Chiaki Ishikawa)
 Private information in Japanese Postal Service (Chiaki Ishikawa)
 Taking cookies without asking permission (Shlomo-Zalman Jessel)
 MS Internet Explorer for NT security hole (Mark Seecof)
 Re: Y2K: the revenge of originality (Pete Kaiser)
 Credit Cards and the year 2000 (Lauren Weinstein)
 Re: Telephone Scam (Bill Nugent, Jon S. Green)
 US FTC Workshop on Consumer Information Privacy (Denis McKeon)
 April 4 deadline of NSPW '97: Final Call for Papers (Yvo Desmedt)
RISKS 18.93  24 March 1997
 Splendour of the Seas not so Splendid (Mich Kabay)
 County Data Trouble (Dave Rand)
 Bill Would Outlaw Online Gambling (Edupage)
 Legal action against Internet provider affects customers (Klaus Johannes Rusch)
 Austria to disconnect from Internet on March 25 (Gary Beckmann)
 On looking before you leap? (Dick Mills)
 The Year 2000 Problem -- a new principle for Y2K tools (Thomas Reps)
 Retiring hardware after Y2K (Matt Welsh)
 Virtual Real-Estate (Tony Lima)
 "The Illusion of Truth" in action: apology to Simson Garfinkel (Troy Heagy)
 Net random-number server (Stefek Zaba)
 "Emergency" Web Access! (Robert J. Woodhead)
 Re: Telephone Scam (James Byers)
 Area code split and verification (Alan K. Jackson)
 Re: Risks of online commerce (Bob Frankston)
 1997 IEEE Symposium on Security and Privacy program (Mike Reiter)
RISKS 18.94  27 March 1997
 Crackers Obtained Gulf War Military Secrets (Edupage)
 Clinton Administration Pushing New Encryption Legislation (Edupage)
 Thieves steal license machines (Gary Grossoehme)
 Jail release: Just the Fax, Ma'am.  (David Kennedy)
 Traffic signals, red-runners & all-greens (J. DeBert)
 UK Banks clearing system salary payment problems (Lord Wodehouse)
 Sweden may offer constitutional protection to Internet publications
   (Martin Minow)
 Liability risk in Web Frames (David Kennedy)
 Hungary's State-Run ISP Compromised (David Kennedy)
 Warning to MSIE users (Andre Hallam)
 Risks of automatic spam blockers (Prentiss Riddle)
 Catastrophic Y2K risk (Joel Garry)
 Year 2000 costs -- they're large (Martin Minow)
 Re: Splendour of the Seas not so Splendid (Martin Ewing, Jeremy Anderson)
 Bad variable names in programs (Randy Holcomb)
 USENET control messages as worm transport (Steve Kilbane)
 Re: Bank cannot believe it made a mistake! (Mark Brukhartz)
 Re: Risks of random-number servers (Jeff Nelson, Przemek Klosowski)
RISKS 18.95  28 March 1997
 DTI proposals on key escrow (Ross Anderson)
 RISKS of analogy:  Elections Canada and the Net (Mich Kabay)
 SSL Browser Vulnerability Discovered (David Kennedy)
 JavaScript attack through MIME attachments (Ted Wong)
 Generating randomness (Paul C. Kocher)
 Computers in California Senate (Keith Price)
 DC traffic-light sychronization problem (David Pipes)
 Re: all-ways green lights (Robert Miller via J. DeBert, Sean Ercanbrack,
     Barak Pearlmutter)
 God, the sweepstakes winner (Kevin A. Hogan)
 Re: Crackers Obtained Gulf War Military Secrets (Fred Cohen)
 Re: Y2K: revenge of originality (Harlan Rosenthal)
 Y2K costs (Richard Schroeppel)
RISKS 18.96  31 March 1997
 END OF VOLUME 18 (Peter G. Neumann)
 Computer model blamed for $83 Million loss (George C. Kaplan)
 Greenwich Mean Time just changed by one hour (Scot E. Wilcoxon)
 GPS glider pilot confused (Philip Overy)
 Unsecure online banking (David Ross)
 Printing with different resolutions in MS Word 7.0 (Thiemo Sammern)
 Re: Crackers Obtained Gulf War Military Secrets (Gene Schultz)
 Millennium Bug: latest sighting (Pete Mellor)
 Re: More Y2K Cost Estimations (James Byers, Martin Minow)
 Re: Risks Associated with the Year 2000 Problem (Jack K. Horner)
 Y2K: the revenge of originality / reserved words in Cobol (Henry G. Baker)
 Re: Retiring hardware after Y2K (Barry Brown)
 Y2K risks and Cobol (Jason D Lampert)
 The unique risks related to Y2K (Peter Wild)

------------------------------

End of RISKS-FORUM Digest 18.00 (97)
************************

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.