precendence: bulk
Subject: Risks Digest 20.00 (99), Volume 20 summary
REPLY-TO:
[email protected]
RISKS-LIST: RISKS-FORUM Digest 13 August 2000 Volume 20 : Issue 00 (99)
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
SUMMARY OF RISKS VOLUME 20 (1 October 1998 to 31 July 2000)
(NOTE: This summary is archived in ftp file risks-20.00 at ftp.sri.com,
cd risks, and is also at
http://catless.ncl.ac.uk/Risks/20.00.html.)
----------------------------------------------------------------------
Date: 13 Dec 1999 (LAST-MODIFIED)
From:
[email protected]
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. Alternatively, via majordomo,
SEND DIRECT E-MAIL REQUESTS to <
[email protected]> with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
INFO [for unabridged version of RISKS information]
.MIL users should contact <
[email protected]> (Dennis Rears).
.UK users should contact <
[email protected]>.
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info
The full info file will appear now and then in future issues. *** All
contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to
[email protected] with meaningful SUBJECT: line.
=> ARCHIVES are available:
ftp://ftp.sri.com/risks or
ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
[volume-summary issues are in risks-*.00]
[back volumes have their own subdirectories, e.g., "cd 19" for volume 19]
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue].
http://the.wiretapped.net/security/textfiles/risks-digest/ .
==> PostScript copy of PGN's comprehensive historical summary of one liners:
illustrative.PS at ftp.sri.com/risks .
------------------------------
Subject: SUMMARY OF RISKS VOLUME 20 (1 October 1998 to 31 July 2000)
(archived in ftp file risks-20.00)
RISKS 20.01 Thursday 1 October 1998
Computer collapse wipes out British Social Security records (PGN)
Calling All Traffic Lights in Dublin! (Fiachra O Marcaigh)
Y2K "fix" causes Dublin traffic jams (Mich Kabay)
Natural gas plant explosion in Victoria, Australia (Martin Gleeson)
Malaise in Malaysia hits satellite uplink (Mich Kabay)
Bank of Montreal card functions paralyzed by bug (Mark Brader)
Bad power strip knocks out Net service (Andrew Brandt)
"Cyberdeath' raises privacy issue (Scott Peterson)
How to bypass those pesky firewalls (Mark Jackson)
Hacking, Irish-Style (Fiachra O Marcaigh)
Re: X-rated net suit (Rishiyur S. Nikhil)
Re: Sexy risks of searching for MP3 (John Mee, Don Byrd)
Y2K risk in Netscape cookies (J Seymour)
Re: "Windows NT Security" (Russ Cooper, Joe Thompson)
Enquiry re: problems at universities (Pete Mellor)
REVIEW: "Decrypted Secrets", F. L. Bauer (Rob Slade)
RISKS 20.02 Saturday 3 October 1998
Risks of Upgrades: Florida fingerprint system (Charles P Schultz)
Bank error delays 50,000 Ontario social assistance payments (Mark Brader)
More --possibly unpublished-- banking/credit card failures (Luc Bauwens)
Attack on blood databases was simulated (Dorothy Denning)
JavaScript Flaw in Netscape (Edupage)
Not all outages are bugs: taxi credit (George Michaelson)
Y2K police planning (Alex Klaus)
Re: Win NT C2 Certification (pchallin)
Education and other undesirable numbers (David Collier-Brown)
Less sinister reason for Disney link in porn site (Andrew Klossner)
Re: Sexy risks of searching for MP3 (Michael Smith)
Re: Y2K risk in Netscape cookies (Jay Ball)
Re: How to bypass those pesky firewalls (Brad Ackerman, Phillip C. Reed,
Chris DeLashmutt)
Information Security Educators Mailing List (Fred Cohen)
RISKS 20.03 Tuesday 13 October 1998
Computerized gas-pump cheat (Conrad Heiney)
Trojan Horse infests 15,000 Internet chat users (Monty Solomon)
Computer glitch trips up Dow Jones industrial average (Cliff Sojourner)
IE4 and its "magical" features (Chenxi Wang)
Unreliable reception of e-mailed WP documents (Daniel P. B. Smith)
Microsoft web site denies access based upon Windows regional settings
(Eric Ulevik)
Risks of installing Microsoft's Media Player (Wade Ripkowski via James Love)
Insidious SQL interpreter bug messes up files (David Tonhofer)
Netscape Netcenter password hint (Dan Pritts)
Radio clock blows daylight savings (Ian Macky)
The risks of "keep it simple" [Martin D Kealey)
Finland: Fraud with copied banking cards (Kimmo Ketolainen)
Offensive information warfare deemed offensive? (PGN)
Hackers stay a step ahead of China's cyber-police (PGN)
LA 911 outage...backup worked! (Thomas Maufer)
Some good Y2K news: whisky will be on tap for Hogmanay 1999 (Declan McCullagh)
Military preparations to mobilize for Y2K (Declan McCullagh)
Void where prohibited by date (Rob Slade)
RISKS 20.04 Wednesday 21 October 1998
The risks of elbows on the French futures exchange (Steve Bellovin)
Electromagnetic interference on defense systems (PGN)
Wrong result in German Bundestag elections due to FAX machine
(Harald Kucharek)
Emissions software glitch fails hundreds of older cars in Atlanta (J Quinby)
Another wild bank saga, from England (PGN)
AOL bytes the dest (PGN)
SRI voice-mail woes (PGN)
Re: Risks of installing Microsoft's Media Player (Michael F. Hogsett)
Software dictates names (Ruth Milner)
REVIEW: "Personal Encryption Clearly Explained", Pete Loshin (Rob Slade)
Dependable Computing for Critical Applications: CFP (Chuck Weinstock)
RISKS 20.05 Friday 6 November 1998
Labor has premature delivery (R Romine)
ABC News posts election results before the election! (Martin Minow)
Salt Lake ATC center radar blackout affects 200 planes (Richard Schroeppel)
AT&T Loses over 400 T3s (Sean_Sosik-Hamor)
NYSE stock market crash -- well, the other kind! (Declan McCullagh)
Microsoft execs worry about free software movement (Edupage)
Microsoft and the Halloween Documents (PGN)
Computer keeps 100 pounds per week from pensioners (Peter Leeson)
Stores' shoplifting gates can set off pacemakers, defibrillator (Keith Rhodes)
Swedish train-ticket reservation system down (Ulf Lindqvist)
SAS airline timetables: Internet 1, Hardcopy 0 (Martin Minow)
New Swedish law makes most of the Internet illegal (Jacob Palme)
Stanford e-mail system passwords stolen (Monty Solomon)
Rats take a byte out of Ugandan exam computers (ejm)
Grave error! (Dave Stringer-Calvert)
Re: SRI voice-mail woes (Peter Kaiser)
Re: Another wild bank saga (PGN)
Jon Postel (PGN)
REVIEW: "Democracy and Technology", Richard E. Sclove (Rob Slade)
REVIEW: "Windows NT Server 4 Security Handbook", Hadfield/Hatter/Bixler
(Rob Slade)
Promoting Formal Methods (Dilia E. Rodriguez)
FMICS4 1st CFP (Diego Latella)
SAFECOMP 99 - CFP (Pasquini)
RISKS 20.06 Thursday 12 October 1998
Risk Management is Where the Money Is (Dan Geer)
RISKS 20.07 Saturday 14 November 1998
Lovesick cod overload submarine sonar equipment (Christoph Conrad)
O'Hare's radar malfunctioning (Doneel Edelson)
Dallas-FortWorth ARTS air-traffic control upgrade backed out (PGN)
NASAA spam investors by mistake (Mich Kabay)
Interference risks on cruise missiles (Gordon Lennox)
Talking elevator with off-by-one error? (George Michaelson)
3Com Security Advisory: We built in back doors, so you're at risk!
(John Gilmore)
Re: Unreliable reception of e-mailed WP documents (Garth Anderson)
Re: LA 911 Outage (John Sheckler)
Business jet trips/privacy (Daniel P.B. Smith)
Corrections on recent issues (PGN)
GPS internal clock problem (Bob Nicholson)
Dumbing down English speech (Bertrand Meyer)
REVIEW: "Cyberspace and the Law", Edward A. Cavazos/Gavino Morin (Rob Slade)
REVIEW: "E-Commerce Security", Anup K. Ghosh (Rob Slade)
System Safety Society Conference -- Call for Papers (Dixon Jack)
RISKS 20.08 Sunday 15 November 1998
Sweden recommends banning mobile telephones on ships (Heinrich Hetzel
via Robert Hettinga)
*Very* hairy bug in Excel 4.0 and Excel 98... (Lindsay Marshall)
Identity theft defeated by victim's wife (Jim Griffith)
Electronic Commerce: The Future of Fraud (Bruce Schneier)
Password capturing (Bill Carton)
REVIEW: "Virus Alert of the Day",
[email protected] (Rob Slade)
REVIEW: "VirusHelp", Henri Delger (Rob Slade)
RISKS 20.09 Friday 27 November 1998
German stock exchange bond futures goof (Chris Brand)
Palo Alto 911 system crash (PGN)
Security risks delay online registration system (Chenxi Wang)
Internet speech is "on the record" (Martin Minow)
Organized mail theft in Seattle (Jon Becker)
Risks of being ostentatious when embezzling (Mich Kabay)
New Zealand: Pledge on destroyed net sites (Mich Kabay)
Frames security hole (Lindsay Marshall)
Internet Explorer 4.01 Son of Curatango cut-and-paste flaw (PGN)
100-year-old woman "too old to vote" (Michael Zastre)
Naming Swedish Names on the Internet (Martin Minow)
REVIEW: "Cryptography and Network Security", William Stallings (Rob Slade)
REVIEW: "Java Cryptography", Jonathan Knudsen (Rob Slade)
DCCA-7 preliminary program (Mike Reiter)
RISKS 20.10 Thursday 3 December 1998
Dulles radar fails for half-hour (Doneel Edelson)
Pilots: Runway crossings a safety hazard (Doneel Edelson)
DoD falsified Y2K data but has "good feeling" about future (Edupage)
Virginia library removes software filters (Edupage)
How the rest of the world views Americans (Declan McCullagh)
False 911 calls traced to spliced cabling (Bryan O'Sullivan)
Immigration process on hold due to fingerprint data format (Deepak N)
Interesting bug in SecurID software (Drew Dean)
V-Mail -- or Virus Mail? (Jason Stokes)
PalmPilots voiding car locks in Europe (Brig C. McCoy)
Sony infrared controllers lock up certain Macintosh systems (Fred Condo)
IR-outfitted Macs and Sony remote controls (T Byfield)
Paranoia or Parannoyance? (Al Christians)
Y2K inflation risk (Marion Moon)
Risks of Internet keywords (Erann Gat)
Re: Internet speech is "on the record" (Silas S. Brown, Scott E. Preece)
Re: 100-year-old woman "too old to vote" (Bob Heuman)
Re: REVIEW: "Java Cryptography", Jonathan Knudsen (Fred Long)
FEmSys99: Call for Participation/Program (Axel Poigne)
RISKS 20.11 Tuesday 8 December 1998
San Francisco power outage delays this issue (PGN)
How a FUSE caused a hospital to disconnect from the Power Grid
(Joan L. Grove Brewer)
FAA investigating near-collision of passenger jets off Long Island
(Richard Schroeppel)
Y2K panic could be as disruptive as computer problems (Declan McCullagh)
NRC ERDS TMI risk? (Lloyd Wood)
MS Outlook's calendar shifts with time zone (Greg Marriott)
Shanghai entrepreneur tried in China (Edupage)
Typo causes wild stock fluctuations for wrong company (Lee Somerman)
Wassenaar Arrangement signed (Seth David Schoen)
"A very interesting development": export exemptions for free software
(Seth David Schoen)
Electronic Vote Rigging? Shurely shome mishtake... (Malcolm Pack)
Spamming to Spy (Dick Mills)
Re: Dulles radar fails for half-hour (Steve Peterson)
Re: the Internet has {no|perfect} memory (Mike Perry)
A risk --or at least a highly undesirable use-- of JavaScript (Joe Thompson)
Faulty failure modes (Mike Ellims)
Re: Root login on SecureID server (Jay R. Ashworth)
Author response to Slade review of Democracy & Technology (Richard Sclove)
RISKS 20.12 Wednesday 9 December 1998
San Francisco power outage and Y2K (Cathy Horiuchi)
Air-traffic control comments (Paul Cox)
TCAS stories - 1 good, 1 bad (David Wittenberg)
Security risks of laptops in airline cockpits (Jim Wolper)
NW Frequent Flyer Miles subject to fraud (Sandy Antunes in PRIVACY Forum)
Another monster water bill (Brian Clapper)
Trusting non-redundant info about your RAID system (G.J. Dekker)
Export exemptions (Padgett Peterson)
Re: MS Outlook's calendar shifts with time zone (Stuart Lamble,
Clive D.W. Feather)
Re: Spamming to Spy (Kevin Connolly)
Re: A risk ... of JavaScript (Steven M. Bellovin, Mathew)
Interesting effect of PG&E power outage (Greg Marriott)
RISKS 20.13 Thursday 24 December 1998
Near-miss at LaGuardia Airport, NYC (Dave Weingart)
Runaway train on Capitol Hill (Thomas A. Russ)
Another fibre-optic cable cut (Bob Blanchard)
British Government admits Y2K missile problem (Phil Pennock)
2,000 Texans get false overdraft notes in Y2K test (Bill Bauriedel)
Wassenaar Agreement exempts 'public domain' software (Martin Hamilton)
Other infrared security crocks (Paul Wexelblat)
Re: PalmPilots voiding car locks in Europe (Philip Koopman)
E-LIFE'S RISKS? I.R.S. E-FILE! (Andrew Greene)
Should pilots trust TCAS? (Andres Zellweger)
Airlines databases lock in increases better then refunds (Peter)
Re: Frequent Flyer miles accessible (Peter)
Y2K expansion (Jerry Leichter)
Intelligent virus invades NT servers (Edupage Editors)
Unexpected date behavior in Windows 95 (Daniel Weber)
Microsoft Trojan Horse (Frank Markus)
Quark XPress, hates Unix scripts! (Ben Sherman)
Password hint risks (Alexander V. Konstantinou)
Risks in incorrect warnings and alerts (Flint Pellett)
CFP: 1999 National Information Systems Security Conference (Ed Borodkin)
RISKS 20.14 Sunday 3 January 1999
Car computer directs couple into river (PGN)
Swedish passport system struck by 99 (Ulf Lindqvist)
Swedish Giroguide also hit by 99 (Martin Minow)
Excel bug (Tom Rowe)
Chinese sentence hackers to death (John Knight)
Student can criticize school on web site, judge says (Declan McCullagh)
Hackers have fun with Furby (Robert Raisch via Dave Farber)
Now you see it, now you don't (Jerry Leichter)
Y1999: Risk of re-using data fields for error signaling (Daniel A. Graifer)
99-Year retrospective health insurance - or Y2K problem (Fraser McHarg)
San Francisco power outage and the risks of signs (Eric Leif)
Page-layout program hazards (Jordin Kare)
Some new things to try at all.net (Fred Cohen)
RISKS 20.15 Sunday 10 January 1999
UAL clock wraparound (John Rushby)
Risks of old documentation (Richard C. Wolber)
Cell-phone surprise (Craig DeForest)
Excel CALL function (Padgett Peterson)
Phone service outage when computers stolen (Peter Kaiser)
Y2K hits Singapore and Swedish taxi meters (Keith A Rhodes)
The Windows April Fools 2001 Bug (from Richard Smith via Lloyd Wood)
Editors also mitigate page-layout program hazards (Glen Turner)
Re: Now you see it, now you don't (Jerry Leichter, Mike Williams)
Call for Proposals - CFP99 (Marc Rotenberg)
RISKS 20.16 Friday 15 January 1999
Another premature data release (PGN)
NSA says Furby is a national security risk (Bruce Martin)
Man crashes car as 50 pagers ring simultaneously (Geoffrey Leeming)
16-yr-old Irish girl's crypto system (PGN)
Over-reliance on technology (Pat Place)
The risks of a first failure (Bertrand Meyer)
If at first you don't succeed, breaking-in's no crime in Norway (Edupage)
Viruses and Rocket Science (Henry Spencer via Tom Evans)
Smurf denial-of-service attack on OZEMAIL (Mich Kabay)
Y2K in Swiss hospitals (Debora Weber-Wulff)
1 Apr 2001 flaw in Windows (PGN)
Quicken 1999 bug (James S. Vera)
A good Y2K bug (Lenny Foner)
Utilities and Y2K: not to worry (Ken Knowlton)
Y2K testing tools (Craig Raskin)
Java Security (Gary McGraw)
REVIEW: "Maximum Security", Anonymous (Rob Slade)
REVIEW: "Year 2000 in a Nutshell", Norman Shakespeare (Rob Slade)
RISKS 20.17 Weds 20 January 1999
Remarkable French announcement on crypto policy (Enzo Michelangeli and
John Young via Steve Bellovin from cryptography newsgroup)
Deep Crack cracks RSA's DES challenge in less than one day (PGN)
The RISKS of Web links (Daniel R. Tobias)
Virginia online sex offender database (Joe Thompson)
China solves the Millennium bug (Pete Mellor)
Computer crash blew up radio listener's request messages (Kenji Rikitake)
REVIEW: "Stopping Spam", Alan Schwartz/Simson Garfinkel (Rob Slade)
RISKS 20.18 Friday 29 January 1999
"When Doctors Make Mistakes" (Matt Blaze)
Celler beware? Cell-phone blockade (Sheri Alpert)
Distributed.Net & EFF Put Final Nail in DES Coffin (John Gilmore)
Trojan horse planted in TCP wrapper (PGN)
Internet vandals strike USIA Web site (Edupage)
Digital photos from drivers' licenses (Dan Gould)
Linux users want their money back from Microsoft (Edupage)
Y2K update turns city into deadbeat (Debora Weber-Wulff)
Programming errors (Fred Gilham)
Re: ... French announcement on crypto policy (Olivier MJ Crepin-Leblond)
Re: "Page-layout program hazards" & "Over-reliance on technology" (Don Byrd)
Hotmail Web e-mail risk (Daniel P. Stasinski via others)
Major security breach in Canadian consumer-tracking database (Wei-Yuen Tan)
USENIX Security Symposium Call; Papers due March 9 (Jennifer Radtke)
REVIEW: "Bad Software", Cem Kaner/David Pels (Rob Slade)
RISKS 20.19 Monday 1 February 1999
Complete ATC power failure in the U.S. Northwest (Paul Cox)
NYC 911 crash (David Lesher)
New attack on PGP keys with a Word Macro (Fred Cohen)
Intel's Pentium III Processor ID (Bruce Schneier)
Risks of successful security software (Nick Brown)
About the most bizarre Microsoft message yet (Fred Cohen)
Risks of using Windows95 as an embedded system (Steven J. Greenwald)
Government computer withholds benefit from British widows (Pete Mellor)
Re: not a Hotmail Web e-mail risk (John R Levine)
REVIEW: "The Transparent Society", David Brin (Rob Slade)
CFP: New Security Paradigms Workshop 1999 (Mary Ellen Zurko)
SEPG '99: 11th Software Engineering Process Group Conference (Carol Biesecker)
RISKS 20.20 Wednesday 10 January 1999
Spanish bank buy lots of shares because of Euro problems (David Mediavilla)
E-Trade computers crash again -- and again (Edupage)
Copier quota exceeded (Philip Koopman)
Risks of Furbies: NSA was right! (Pete Mellor)
State of the states in Y2K readiness (Edupage)
The NT Blue Screen of Death (Bruce Wampler)
The risks of "standard" software? (Rob Slade)
You are still in France (Adam Shostack)
It gets weirder every day... (Fred Cohen)
The risks of shopping at Amazon (Ross Anderson)
Re: Risks of successful security software (Pete Mellor)
Re: Government computer withholds benefits ... (Pete Mellor)
FMICS4 call for papers (Diego Latella)
REVIEW: "Mercury Rising", Douglas Pearson Ryne (Rob Slade)
RISKS 20.21 Friday 12 February 1999
Memo on Y2K (via Dave Stringer-Calvert)
Y2K "fix" dates traffic offenses to 2097 (Christopher Neufeld)
Computer fraud as another kind of Y2K risk? (Bruce Martin)
Judge moves to ban sale of self-help legal software in Texas (Doneel Edelson)
Risks of using power wiring for data traffic (Dan Pritts)
Hacking Web/FTP Servers (Ian Cargill)
CERT Advisory CA-99.03 - FTP-Buffer-Overflows (CERT)
Dangers of being the lowest price (Eytan Adar)
"Secure" fax (Steve Bellovin)
Our New Time Machine (Michael F. Hogsett)
Re: The NT Blue Screen of Death (Michael F. Hogsett)
Re: The risks of "standard" software? (Michael F. Hogsett)
Re: Programming Errors (Thomas J Gilg)
REVIEW: "Fighting Computer Crime", Donn B. Parker (Rob Slade)
REVIEW: "Intrusion Detection", Terry Escamilla (Rob Slade)
SEPG `99 - 11th Software Engineering Process Group (SEPG) Conference
(Carol Biesecker)
RISKS 20.22 Saturday 20 February 1999
Process-table attack (Simson L. Garfinkel)
Store Baelt Bridge not Y2K safe (Debora Weber-Wulff)
More risks of "training" on live systems (Dave Stringer-Calvert)
A franglais booboo (Vicky Larmour)
Cellphone risks in flight again? (Chuck Weinstock)
Re: "Page-layout program hazards" and... (Mark Brader)
Re: Programming Errors (Thomas J Gilg)
The risks of on-off switches? (Elliott Potter)
Re: Hacking Web/FTP Servers (Andy Goldstein, Rob Slade, Nigel Rantor)
Re: Computer fraud as another kind of Y2K risk? (Chuck Karish,
Dorothy Denning, Win Treese)
8th USENIX Security Symposium: papers due March 9 (Jennifer Radtke)
RISKS 20.23 Monday 1 March 1999
Intruders commandeer UK military satellite (PGN)
Software snafu slowed key data during Iraq raid (Paul Walczak)
Schwab Squab Swabbed (PGN)
Errant police computer wakes hundreds of Texans (Keith A Rhodes)
Mobile phones cause memory loss (Martin Minow)
Doctors to perform surgery over next-generation Internet (Keith A Rhodes)
Digital broadcasting could hit cardiac monitoring gear
(Andrew Robert Mitchell)
Computer system results in errors in patient medical records (Doneel Edelson)
Pentium III serial number is soft-switchable after all (PGN)
Limiting liability for Y2K breakdowns (Edupage)
CIA predicts serious Y2K problems around the globe (Keith A Rhodes)
Y2K Test Fine Test Data Causes Problem (Barry Frankel via Dave Farber)
Self-inflicted single point of failure (Malcolm Pack)
Rhode Islander sentenced for hacking (PGN)
Profiling (Andrew Koenig)
Re: Store Baelt Bridge not Y2K safe (Mark Brader, Chris Bagge)
Computers, Freedom, and Privacy, 6-8 April 1999, Washington, DC
(Dave Banisar)
IEEE Security and Privacy Symposium, 9-12 May 1999 (Jon Millen)
USENIX Workshop on Smartcard Technology, 10-11 May 1999 (Jennifer Radtke)
'99 USENIX Technical Conference, 6-11 June, Monterey CA (Jennifer Radtke)
FastAbstracts at FTCS29, 15-18 Jun 1999 (Chuck Weinstock)
RISKS 20.24 Thursday 11 March 1999
Risks of testing a nuclear power plant for Y2K compliance (Robert Brill)
ATC Equipment test almost causes landing collision in Australia (Pat Dirks)
win9x instability? (Norman Choe)
Outlook Express Date: parsing (Kenneth C. Dyke)
Fonte des neiges (Bertrand Meyer)
Risks of voice-recognition software (Chris Leeson)
Rogue spelling checker at work (Andrew Koenig)
Glitch opens jail cell doors (David Kennedy)
Super Hornet (PGN)
Italian hospitalized for hallucinations after Net surfing spree (Lloyd Wood)
Damning critique of WIPO Internet domain name proposal (Lance J. Hoffman)
Bringing Y2K fears to a new high -- or low (Michael P. Gerlek)
Regular break-ins at the Pentagon? (Martin Ward)
Re: Remote surgery (Declan O'Kane)
More on-line trauma (JJSantos)
Re: Lack of Anonymity in Microsoft Word (Yvo Desmedt)
Re: Write-protectable hard-drives (Richard Schroeppel)
Networking'99--NetAdmins & SysAdmins Share Solutions (enotify)
Workshop on Countering Cyber-Terrorism (Clifford Neuman)
PDPTA'99 on Fault Tolerance and Reconfiguration in Distributed Systems
(Pradip Srimani)
FMICS4 (Diego Latella)
RISKS 20.25 Saturday 20 March 1999
Risks of upgrades involving e-mail (PGN)
Satellite outage cuts news service (Edelson Doneel)
Great moments in e-mail history (Lloyd Wood)
Power outage leaves hospitals in the dark (Dave Weingart)
3 patients die when Russian hospital omits utility payments (Keith A Rhodes)
Erasable "cash" (Alpha Lau)
Windows Registration Wizard may violate European Privacy Laws (Martin Minow)
MS Word98 privacy issues (Chiaki Ishikawa)
Y2K is the least of it (Bob Frankston)
Sri Lankan Banks to close on 31 Dec 1999 for Y2K tests (Matthew Todd)
Coming to terms with "bytes" (Edupage)
Signs of the times (Stuart Lynne)
Treating names as abbreviations (Nick Atty)
Banks warn public about Y2K scam (Elliot Silver)
H-1 California DOL system crash! Help! (Anthony Nudelman via Jason Steffler)
Re: As we approach April Fool's Day ... (Jonathan de Boyne Pollard)
They threatened, and apparently they have followed through ... (Fred Cohen)
REVIEW: "Time Based Security", Winn Schwartau, 1999 (Rob Slade)
CFP: ISOC Year 2000 Network & Distr. System Security (David M. Balenson)
RISKS 20.26 Thursday 1 April 1999
The Y9Z Problem (Mark Thorson)
Yet another Y2K debacle (Jon Loux)
Vatican announces all computer systems ready for new millennium (Matthew Todd)
Y10K opportunity (Matthew Todd)
Torvalds, SlashDot, and Stallman (Martin Minow)
Melissa and RISKS (PGN)
Melissa macro virus (Rob Slade)
Melissa and monoculture (Nick Leverton)
Melissa and GUIDs (Ronan Waide)
Melissa + meme = future disaster (Bear Giles)
RISKS 20.27 Thursday 1 April 1999
RFC2550 - Y10K and Beyond
RISKS 20.28 Thursday 1 April 1999
Professor wants Y2K jokes banned on the Net (Edupage Editors)
Daylight Savings Time cutover (Dave Stringer-Calvert)
Y2K: Help for the Weary Programmer (Martin Minow)
IE5 Risk (Lorne Beaton)
The old Ethernet traffic jam in new form (Rob Slade)
More e-mail risks (Silas S. Brown)
Human input error on year causes $49-million error (Frank Carey)
Baby death due to software-controlled air bag deactivation? (Stefan Leue)
Hyperlinks, free accounts, and fraud (Mike Bell)
Melissa beyond denials of service (David Lesher)
Melissa macro virus author tracking (Joe Thompson)
Y2K alert! (Rebecca Mercuri)
Apple Y2K (Dave Stringer-Calvert)
Re: Bringing Y2K fears to a new high -- or low (Gillian Richards)
Re: Great moments in e-mail history? (Jerome H Saltzer, Tom Van Vleck,
Jerome H Saltzer)
Laughter causes loop with voice-recognition software (Don Mackie)
Unusable backup power (Tim Kuehn)
"kibibyte" is still ambiguous (D.V. Henkel-Wallace)
Announcement - The Software Engineering Symposium '99 (Carol Biesecker)
RISKS 20.29 Friday 2 April 1999
Attack of the Tuxissa Virus (Anonymous)
Computer crash creates nonpersons in Zurich (Bruce Walker)
tcpd warning (Kragen Sitaker)
Saving files on shared computers (Bertrand Meyer)
Self-opening car windows ... (Jeremy Folkes)
Swedish telephone outage (Danny Kohn)
Electricity over Internet (Lionel Cons)
In the summertime, when your VCR screws up (Michael Bacon)
Brain-dead PacBell automated payment promise system (Michael D. Crawford)
Re: Unusable backup power (Terry Harris)
Origins of PC / Mac Virus Vulnerability (Mich Kabay)
Re: More e-mail risks (Michael H Buselli)
Re: Apple Y2K (Art Delano)
REVIEW: "Information Warfare and Security", Dorothy Denning (Rob Slade)
RISKS 20.30 Friday 16 April 1999
Fake web page cause 20% stock surge and then retreat (Avi Rubin)
Glitch causes 4 billion euro overdraft (Monty Solomon)
Raytheon probes e-mail moles (Keith A Rhodes)
Security is still a human problem (Jeremy Epstein)
Y10K: not just for April Fools (Tom Swiss)
The Risk of 1 Apr (David Frank)
RISKS April Foolery, Melissa, security, and frequencies of RISKS (PGN)
GPS setup error affects dredging in California (W.T. Shymanski)
Potential RADHAZ (Paul Walczak)
Space character in number causes silent Excel miscalculation (Ben Bederson)
Security Hole in Java 2 (Gary McGraw)
Re: Vancouver Hospital (Doneel Edelson)
Microsoft reschedules Memorial Day (Benjamin B. Bederson)
Risk of not backing up PGP Key Ring files (Herman D. Knoble)
Responses to Melissa (Chuck Karish)
Risks of "Melissa passed this way" (Charles Arthur)
Melissa and poor security model of Word Macros (Scott M Keir)
Mainframe virus (Henry Schaffer)
Millennialism in the Western Hemisphere (Richard Landes)
RISKS 20.31 Sunday 18 April 1999
BART ghost train snarls morning commute (PGN)
EMI from USS Carl Vinson opens garage doors in Hobart (Norbert Thumb)
ASerbic cyberattacks and counterattacks (PGN)
Fake ATM front panel copies cards and PINs (Ulf Lindqvist)
Overzealous applications (Ian Cargill)
Outlook '98 not Y4.501K Compatible (Eric Zago)
favicon.ico (Robert David Graham)
Leap year 2000 and C (Mark Brader)
Risks of April foolery (Pete Mellor)
GUIDs and Melissa (Robert David Graham)
Phone company says keep your PIN on your calling card (David Graf)
Re: Mainframe viruses (Julian Thomas)
E-mail and communications history (Dennis Ritchie)
REVIEW: "Hacker Proof", Lars Klander (Rob Slade)
RISKS 20.32 Tuesday 20 April 1999
Airbus Autopilot Failure? (Chuck Weinstock)
Another old-fashioned bug comes back to byte (Jeremy Epstein)
Risks of running a PKI (Steve Bellovin)
New paper on Simulating Cyber Attacks, Defenses, and Consequences (Fred Cohen)
Re: Ghost trains (Peter Campbell Smith)
Re: GUIDs and Melissa (David M. Chess, JDean, Nick Brown, Russ Cooper)
Re: Mainframe viruses (David M. Chess, Otto Stolz)
Re: Microsoft reschedules Memorial Day (Bernard Sufrin)
Re: Overzealous applications (Mark Brader)
Re: Overzealous criticism (Peter da Silva)
Calendar problem with old Calvin and Hobbes comics strips (Michael Cook)
AT&T PINs (e)
Ameritech calling card ready to use! (Nathan Brindle)
High-Integrity System Specification and Design book (Jonathan Bowen)
RISKS 20.33 Saturday 24 April 1999
Expert warns of safety glitch in shopping carts (Keith A Rhodes)
The CIH virus will strike Monday, April 26! (Satomi Hamamoto)
eBayla virus (Jeff E. Kinzli via Dave Farber)
Use a cable modem, go to jail (Lenny Foner)
Risks of over-helpful software (Jim Horning)
More on running a PKI (Steven M. Bellovin)
CompuServe responds to password-solicitation fraud (Mich Kabay)
"In order to make it easier for you" (T Bruce Tober)
Melissa, GUIDs, and VicodinES (Richard M. Smith)
Re: GUIDs and Melissa (Jiri Baum)
REVIEW: "Y2K Risk Management", Goldberg/Davis/Pegalis (Rob Slade)
RISKS 20.34 Weds 28 April 1999
Virus infects computers worldwide (Edupage)
A genuine sighting of a virus -- for once (Nick Brown)
Sex aid give holiday flight a shaky start (Frank Markus)
A Supreme Indecency (Monty Solomon)
Bar says e-mail OK for transmissions (Monty Solomon)
You'd think they'd know better... (T Bruce Tober)
A man charged with counterfeiting bank ATM cards (Chiaki Ishikawa)
What's DejaNews up to? (Richard M. Smith)
Dodgy automatic address book resolution (Samuel Liddicott)
Re: GUIDs and Melissa (Russ Cooper)
REVIEW: "Great Misadventures", Peggy Saari (Rob Slade)
Open Source Software at 1999 USENIX Annual Conference (Jennifer Radtke)
RISKS 20.35 Friday 30 April 1999
On-line banking customers off-line for the week (PGN)
Court labels unwanted e-mails "trespassing" (NewsScan)
13-year-old makes $3M in bids on eBay (Doneel Edelson)
File-conversion errors between Word and WordPerfect (Gordon Foreman)
Re: The Bloatware Debate (RA Downes)
Flash BIOS risks (Jonathan Levine)
Re: What's DejaNews up to? (Col. G.L. Sicherman)
RISKS of the net's success... (Matt Curtin)
IWC Watch Company site publishing visitors e-mail addresses (Derek Ziglar)
Risks of misaddressed mail (Joe Thompson)
REVIEW: "The Y2K Survival Guide", Bruce F. Webster (Rob Slade)
Advanced Workshop: USENIX Smartcard Technology, May 10-11, Chicago
(Jennifer Radtke)
CFP, 1st European Anti-Malware Conference (Jaroslav Blaha)
RISKS 20.36 Saturday 1 May 1999
Seagulls speak English: Aldershot (John Haseler)
Yet another satellite hits the dust (Joan L. Grove Brewer)
Titan 4B places military satellite in improper orbit (PGN)
No Bell Tolls for thee (Jeremy Ardley)
Risks of "smart" MS Internet apps (Andrew Shieh)
Re: Dodgy automatic address book resolution (Larry Pryluck)
MS-Outlook 98 risk of mislaying messages in Outlook today (Jahn Rentmeister)
Bloatware and the Windows API (Diomidis Spinellis)
Re: The Bloatware Debate (Henry Baker)
Bloatware and Nightlight Saving (R.A. Downes)
Update on DejaNews click-through monitoring (Richard M. Smith)
Re: WC Watch Company site ... (David B. Horvath)
Re: Risks of misaddressed mail (Frederick M Avolio)
REVIEW: "A Guide to Virtual Private Networks", Martin W. Murhamm (Rob Slade)
CONF: 12th Software Quality Week (Software Research)
RISKS 20.37 Tuesday 4 May 1999
Revisiting the USS Yorktown dead in the water (Mike Martin)
Netfill scams 900,000 credit cards (PGN)
Australian Securities & Investment Commission's April Foolery
(Pauline van Winsen)
Re: Bloatware Debate (RA Downes, Jonathan Goldberg, Henry Baker, RA Downes)
Interesting results with MapQuest (Matthew Delaney)
New risk of ITAR? (David Lesher)
Risks of "Discovery" hounds (Russ Cooper)
Outdated address books (Robert David Graham)
Israeli scientist reports discovery of advance in code breaking (Edupage)
Re: CIH virus (Matthew Todd)
Re: MS-Outlook 98 risk of mislaying messages in Outlook today (Jedediah Grant)
Smart Card Forum Privacy Symposium, 20 May 1999 (Donna Farmer)
RISKS 20.38 Friday 7 May 1999
Sixth satellite launch failure in less than nine months (PGN)
Israeli scientist reports discovery of advance in code breaking
(Bruce Schneier)
Bernstein Decision Upheld (Lauren Gelman)
Export controls lose appeal (Adam Shostack)
Computer glitches foul up flights at Chicago airports (Keith A Rhodes)
Star Wars tchatchkis bring down eBay server (PGN)
Oops! Intel "accidentally" sues potential partner (Lenny Foner)
New Coke machine goes wireless and cashless (Mark Gregory)
New area code creates accidental phone forwarding risk (Philip Koopman)
Re: Bloatware Debate (Dick Mills)
E-mail address not optional? (David Keegan)
Security/privacy hole in Chase Online Banking (Daniel Norton)
"The Vortex Daily Reality Report and Unreality Trivia Quiz" (Lauren Weinstein)
RISKS 20.39 Friday 14 May 1999
Hacker competition opens in Singapore with $10,000 prize (Keith A Rhodes)
Faulty software doomed Titan 4B Milstar launch (Keith A Rhodes)
MI6 Agents 'outed' by Web (Randy Holcomb)
41-year-old died while NYC's 911 system was down (Monty Solomon)
``Human error'' posts budget PR on the web prematurely (George Michaelson)
Computer woes set back opening for Tulsa's jail (Jo Oerhlein)
C compilers vs editors: WYSI NOT ALWAYS WYG (Daniel A. Graifer)
Risks of upgrading a UNIX system (Wolfgang Moeller)
Any Bell Atlantic customer can be spuriously Opted Out from CALL54
(Douglas A. Brothers)
SurfWatch filters out plugandpray.com and minow.org (Martin Minow)
MS AutoRoute Express 2000 (Pete Mellor)
Another talking lift bug (George Michaelson)
On-line account access (Leo Sokolskiy)
Wrong e-mail address (Bruce Wampler)
Risks of 3-letter user IDs for free e-mail accounts (Dan Yurman)
RISKS 20.40 Tuesday 18 May 1999
Nuclear plant Y2K: High risk-readiness or high-risk readiness? (Mike Perry)
Biometric risks (Dan Wallach)
Singaporean ISP scans users' PCs (Andrew Brydon)
ATMs gobble up cash cards (John Colville)
Web browsers, URL collisions, and all that... (Zygo Blaxell)
False Viruses (Thomas Gilg)
HotMail is no Early Bird: happy99.exe (Malcolm Pack)
Virus cleaner corrupts e-mail database (Diomidis Spinellis)
MIME-Messages: quoted-printable chars in URLs (Christoph Conrad)
New-fangled petrol pumps (Ian Chard)
Re: C compilers vs editors: WYSI NOT ALWAYS WYG (Roy O. Wright)
Re: Wrong e-mail address (Andrew J Klossner)
Re: Risks of 3-letter user IDs (Thayne Forbes)
Dimwitted naughty-word filtering lives... (Daniel Rutter)
REVIEW: "Removing the Spam", Geoff Mulligan (Rob Slade)
RISKS 20.41 Sunday 23 May 1999
Re: Biometric risks (Dan Wallach, Fred Herr, Dan Wallach reponding to
James L. Cambier, Paul Lewis Gittins)
Costly fight about party software (Debora Weber-Wulff)
Embedded NT ... (Jeremy Epstein)
Vulnerability in Windows SSL server and common browsers (Chris Cowley)
Buggier than thou ... Wiretapping (Mike Williams)
Y1.K9 (Mark Brader)
JAVA language definition (Craig DeForest)
Documentation for vapor (Seth Gordon)
Risks of aliasing webservers (Tim Panton)
May you live in interesting times, or What excites bankers (Mark Brader)
REVIEW: "Digital Democracy", Cynthia J. Alexander/Leslie A. Pal (Rob Slade)
RISKS 20.42 Tuesday 25 May 1999
Breakdown leaves swimmers in the cold (Paul Oldham)
Professional hazard in lightning monitoring (Amos Shapir)
Airport radar comes under scrutiny (Doneel Edelson)
Hospital delivery robot blocks exit from elevator (Lyle Gray)
Y2K testing on weather images (Amos Shapir)
German government criticizes own style in Word documents (Debora Weber-Wulff)
Summary of biometric responses (Dan Wallach)
Re: Biometrics (Dave Upton)
Eye swear, it was working yesterday! (Adam Shostack)
Addressing phenomenon: Once a Canadian, ... (Mich Kabay)
Security vulnerability in Netscape (Lindsay Marshall)
Emperor Hirohito's death causes SW problems (Stuart Woodward)
Re: JAVA language definition (Jim Thompson, Robin Landis)
Microsoft "fixes" the MS Office macro virus vulnerability (Paul Walker)
Embedded NT... in case you don't have enough to worry about already
(Gregor Ronald)
REVIEW: "Microsoft Windows NT 4.0 Security, Audit, and Control" (Rob Slade)
RISKS 20.43 Friday 4 June 1999
A THAAD Day in Black Rock (PGN)
Ghost bridge (Meine van der Meulen)
Y2K Test Knocks Out Fiji's Telecommunications (Doneel Edelson)
Hackers take down FBI and Senate Internet sites ... (Keith A Rhodes)
Crackers do for gov't what critical infrastructure report couldn't
(John Gilmore)
Errors in the Cox report on Chinese nuclear spying (PGN)
Hoax takes down country's phone networks (Lloyd Wood)
Symbols silently slip south: it's not Greek to pdf (Bryan O'Sullivan)
John Denver and interfaces (Lindsay Marshall)
Smart Identity Card to debut in Malaysia (Anonymous)
Late-night movie viewing and computerized ticket sales (Steve Fenwick)
Senator Hatch - Trademark (Alan Barclay)
BUGTRAQ may be banned in Australia (Peter Jeremy via Seth David Schoen)
Re: Microsoft "fixes" the MS Office ... vulnerability (David Mediavilla)
We don't care, we don't have to, we're the phone company! (John Pettitt)
Firewall risks (Robert David Graham)
Re: Allaire defects are nobody's fault? (Adam Shostack)
A Problem with Biometrics (Andrew J Klossner)
Re: Biometric risks (Ron Ruble)
California will sell confidential wage data (PGN)
Privacy Digests (PGN)
RISKS 20.44 Tuesday 15 June 1999
GPS kills 8 in air (Lloyd Wood)
W32/ExploreZip.worm "virus" and user interfaces (Steven M. Bellovin)
CERT Advisory CA-99.06 - New information regarding ExploreZip (CERT)
Downloading Y2K fixes to Internet Explorer leads to clock problem (Paul Karger)
ActiveX Security Revisited (Steve Loughran)
Unwanted wildcard match (Nick Brown)
Bank sued over client data sale (Monty Solomon)
UAL -- the UnFriendly Cybersky? (David Lesher)
RISKS 20.45 Thursday 17 June 1999
eBay embarrassed by crash of system and plunge of stock (NewsScan)
Risks of e-mail borne viruses, worms, and Trojan horses (Bruce Schneier)
Not trusting virus scans (Paul Hoffman)
Risks of virus detectors blocking RISKS! (MAILsweeper)
Supremes uphold law barring indecent speech online (NewsScan)
Trouble for DoubleClick (Monty Solomon)
Human error called culprit in 3 rocket launch failures (Lindsay Marshall)
More troubles with PDF (Joe McCauley)
Re: A THAAD Day in Black Rock (Danny Cohen)
Re: GPS and collision risks (Peter B. Ladkin)
GPS and collision risks in marine navigation (Chris Bruce or Bruce Chris?)
Re: Risks - Depending on a *.xxx convention for file types (Rumy Driver)
More on "Unwanted wildcard match" (Nick Brown)
REVIEW: "Corporate Espionage", Ira Winkler (Rob Slade)
RISKS 20.46 Saturday 19 June 1999
NASA discloses space station blunder (SigmaXi ScienceInTheNews)
Y2K test sends sewage flowing in Los Angeles (Henry Baker)
Resetting the A320 computer (Diomidis Spinellis)
Intuit/Quicken Force Users to Internet & MS Internet Explorer (Lauren Weinstein)
MS Word not as helpful as it thinks (Bill Shymanski)
YANTBOF: yet another NT buffer overrun flaw (Epstein Jeremy)
New ATM hazard (Aahz Maruch)
Yet another ATM scam (Mike Williams)
The cell phone that wouldn't stay OFF (Michael Heilman)
Another case of credit-card 'security' (David Alexander)
Maldesigned computer system slows background checks (Kragen Sitaker)
Factoid paranoia (Mike Giroux)
Risks of keywords in CSV files (Rex Black)
REVIEW: "Intrusion Detection", Edward G. Amoroso (Rob Slade)
RISKS 20.47 Saturday 10 July 1999
Electronics startup transient kills spacecraft (Craig DeForest)
NASA discloses space station blunder (Wayne Mesard)
Space Station AOL hack (Marc Passy)
Busy phone lines block stay of execution (Joe Thompson)
E-mail writer arrested for starting panic (Matthew Todd)
Garciaparricide in All-Star balloting? (PGN)
Custodiet ipsos custodes? Not without permission! (Adam Shostack)
Singapore exchange blames outage on network failure (Paul Walker)
eBay outage traced to failure to upgrade (Steve Klein)
Australian virtual reality kanga-rues the day (Lindsay Marshall)
Faulty vending machines block emergency calls in Australia (Mark Nottingham)
Brazilian telephone network chaos (Matthew Todd)
Spell-checker run amok? Shandling-->Changeling (Jim Griffith)
REVIEW: "Computer Security", Dieter Gollmann (Rob Slade)
REVIEW: "Securing Java", Gary McGraw/Edward W. Felten (Rob Slade)
RISKS 20.48 Thursday 15 July 1999
London Underground sequence rollover (Lloyd Wood)
Software disaster leaves new Australian submarine unfit (Quentin David Jones)
Computer glitch causes severe train delays in Melbourne (Stuart Lamble)
Medical paper retracted following discovery of programming error (John Doyle)
Life-threatening flaw in implantable cardioverter-defibrillator (John Doyle)
Potentially life-threatening medical equipment failure (John Doyle)
Toyota smog-warning computer suit (Taz Daughtrey)
Financial Engines: Should I jump off the bridge or live it up? (Susan Gerhart)
Cancelling errors, serendipity in avoiding risks, and Kepler (Henry Baker)
Traffic signals going all-green (Jeff and Glenn Grigg)
Privacy statement risk, quoted without comment (Andrew Koenig)
Re: Garciaparricide in All-Star balloting? (David Cassell)
Re: Space Station AOL hack (Leonard Erickson)
Re: Electronics startup transient kills spacecraft (Fernando Pereira)
Re: E-mail writer arrested for starting panic (Cameron Hayne, J.D. Abolins,
John O'Connor)
Webmail is not the same as anonymous e-mail (Scott A Crosby)
RISKS 20.49 Wednesday 21 July 1999
Intercom hang-up caused 1997 train collision (Mark Brader)
Computer-based patient monitor problems: improvements still needed (John Doyle)
Statistical errors in medicine (John Doyle)
Centaur/Milstar Software Error (Peter B. Ladkin)
Small problem escalates into major disruption (Doug Moore)
Computer startup circuits (M. Simon)
Netcom partial e-mail outage (Keith A Rhodes)
junkfilter vs. xxx.lanl.gov (Thomas Roessler)
"Bright Light" POP-based spam filtering: a bad idea (Lauren Weinstein)
E-mail attachments and local names (Avi Rubin)
Ab van Poortvliet: Risks, Disasters, and Management (PGN)
REVIEW: "The Mythical Man-Month", Frederick P. Brooks Jr. (Rob Slade)
RISKS 20.50 Tuesday 27 July 1999
One year in jail for not turning off cell phone (PGN)
Communications blackout in Morocco (David Mediavilla)
Phone outage in Plano (John P Mcgraw)
Double your treasure, double your fun... (Daniel P. B. Smith)
ActiveX security concerns continue (Richard M. Smith)
DoD password management (Identity withheld by request)
Misplaced priorities with electronic hospital records (John Doyle)
Clinical disruptions following loss of telephone service (John Doyle)
Re: Anaesthetists' equipment (Daniel Paul Sheppard)
Re: Computer startup circuits (M. Simon)
RISKS 20.51 Monday 2 August 1999
Critical Infrastructure Protection: Japanese toilets (Carl Landwehr)
"Heat wave" (Steve Summit)
Risks of on-line auctions: eBay scam (PGN)
Conversion service for viewable formats (Lindsay Marshall)
2nd-class invitation in Outlook (Thomas Gilg)
Re: Computer-based patient monitor problems (William Hutchens)
Re: One year in jail: Fear in the skies (Bob Frankston)
Re: ActiveX security (Peter da Silva, Adam Shostack)
Are you sure your host isn't being mail-blocked? (Thomas Roessler)
More on small problem escalates into major disruption (Doug Moore)
New version of an old scam (Mike Ellims)
Equivalence of logical and physical behavior... (James S Dukelow Jr)
Re: Cancelling errors, serendipity in avoiding risks, and Kepler
(Jim Thompson, Felix Tilley)
Go FORTH and Multiply (Patrick E Kane)
Announcing Dependability.org (Chuck Weinstock)
REVIEW: "Internet Security with Windows NT", Mark Joseph Edwards (Rob Slade)
The Software Engineering Symposium '99 (Carol Biesecker)
RISKS 20.52 Thursday 5 August 1999
Can You Trust AT&T Wireless PCS Text Messaging? (Lauren Weinstein)
EverQuest devours players' lives (Mich Kabay)
Microsoft Word footnote problems irks federal appeals court (Declan McCullagh)
Perceived medical risk must often substitute for actual risk (John Doyle)
Open-source anesthesia software article in Salon (Martin Minow)
Re: IMRSS and Open Mail Relay Scanning (Lauren Weinstein)
Re: Japanese toilets (Chiaki Ishikawa, Brian Randell, Colin Sutton)
Risks of RISKS (Brian T. Schellenberger)
eBay's response to the eBay scam (Ray Randolph)
Re: Go FORTH and Multiply (Leo Wong)
Re: Heat wave (David Wittenberg)
RISKS 20.53 Tuesday 10 August 1999
Cell Phones Become Instant Bugs! (Lauren Weinstein)
Cell phone sends jet off-course (David Clark)
Sharing files via Yahoo (Morten Welinder)
Executive Order on Unlawful Conduct on the Internet (Bill Clinton via PGN)
California's "shameful reputation"! (PGN)
NCIC 2000 Begins Operations (Jack N. Fenner)
Complexity and Safety in Medical Electronics (Dr D John Doyle)
Re: Go FORTH (M. Simon)
E-Trade and long passwords (Mark Harrison)
Security sites vandalized (NewsScan)
SPAM causes major ISP crash (Peter Leeson)
Re: PCS, IMRSS, Mobile phones in airplanes (Peter Houppermans)
Cell phones and aviation electronics (Glenn Carroll)
REVIEW: "Kerberos: A Network Authentication System", Brian Tung (Rob Slade)
UPCOMING EVENT- USENIX Security Symposium, 23-26 Aug 1999 in DC (Moun Chau)
RISKS 20.54 Sunday 15 August 1999
MCI WorldCom frame-relay network problems (PGN)
"Spy Who Messaged Me" -- now playing at Microsoft! (NewsScan)
High-flying hijinks: canine passenger sinks teeth into plane (Paul Costalas)
Risks of the modern train (Ben Hutchings)
Car won't start if payments are delinquent (Daniel P. B. Smith)
Salary payment diskettes intercepted and manipulated (Peter Fokker)
Risks of Internet Explorer 5 (Lloyd Wood)
Refrigerator gasket frozen out (Ted Lee)
Y2K upgrade went 'horribly wrong', admits utility giant (Doneel Edelson)
Government: Lessening risks through encryption (Alan DeKok)
Having private services such as voicemail on shared phones (David Crooke)
Re: NCIC 2000 (Stephen Fairfax)
Computers, Freedom, and Privacy: CFP for CFP (Bruce R Koball)
RISKS 20.55 Friday 27 August 1999
New Microsoft Java flaw (Edward W. Felten)
Internet Explorer cannot read www.microsoft.com (Keith Edmunds)
Tokyo traffic chaos in GPS date rollover (Mike Martin)
GPS rollover hits yacht (Justin Mason)
9/9/99 (Lindsay Marshall)
Y2K in China (David Cowhig via Donald B. Wagner)
Downtown Chicago hit by electrical blackout (Doneel Edelson)
Power coming back on causes UPS to lose power (Ray Todd Stevens)
Numeric pager sending alpha messages (Ray Todd Stevens)
Ohio town law against cell phones while driving (Jim Griffith)
Justice seeks wider access to computer data (NewsScan)
Inadvertent nameserver cache poisoning (Rich Lafferty)
Purchase circles and insider information (Joseph A. Dellinger)
Can Linux survive software patents? (Martin Minow)
Canadian spy secrets leak on Web (David Kennedy)
Auto-Fix feature for Dell PCs (Henry Robertson)
Re: Car won't start if payments are delinquent (Keith Edmunds)
gnu touch has an unusual sense of time (B. Elijah Griffin)
Security check powers up computer (Edward Holden)
Re: NCIC 2000 (Otto Stolz)
USENIX Annual Conference 2000, Announcement and Call For Papers (Moun Chau)
USENIX Security Symposium 2000, Announcement and Call for Papers (Moun Chau)
RISKS 20.56 Friday 3 September 1999
Online gambling software flaw (Matthew Schmid)
Test page for dangerous ActiveX controls (Richard M. Smith)
Intuit strikes again (Gary Cattarin)
Danish UPS (Finn Jensen in rec.humor.funny)
Tandy bug? (Lindsay Marshall)
E*Trade and the Dow Jones (Theodore Y. Ts'o)
U.S. top-secret messages go astray (Andrew Johnson)
UPenn bug report (Rebecca Mercuri)
Local company stung by Y2K bug (Doneel Edelson)
Smart Card Forum annual meeting (Donna Farmer)
RISKS 20.57 Wednesday 15 September 1999
Leaving a field blank wipes out 13.2 billion pounds UK (David Parkinson)
Dumb computers & the instantaneous nature of e-business (David Parkinson)
Smile for the US Secret Service (Monty Solomon)
NOAA predicts early winter (Bill Seurer)
The real story on Centaur/Milstar (Peter B. Ladkin)
If it quacks on 1/1/2000, it must be a Y2K duck (Win Treese)
Food expiry date misreading risks (John Stockton)
Army dumps NT, moves to Mac (Martin Minow)
New Hotmail breach reported (Keith A Rhodes)
New ICQ Trojan (CJNN via Patrick O'Beirne)
Macro viruses and Word'97's built-in macro detector/disabler (Gisle Hannemyr)
Microsoft Installs US Spy Agency with Windows (Andrew D. Fernandes)
Commentary on Back Orifice (Bruce Schneier)
CPSR Conference: The Internet Gold Rush of '99 (Susan Evoy)
RISKS 20.58 Friday 17 September 1999
The Microsoft/NSA Crypto Brouhaha (Dan Wallach)
Hurricane Floyd stops trains in Michigan (Ed Ravin)
USA Today weather page - no reasonability check (Bob Dainauski)
Date failure on weather.com (Eric Remy)
Emergency Alert System interrupts Hurricane Announcement, and crashes ()
Hacker attack on NASDAQ, AMEX, and others (Keith A Rhodes)
Hacker admits attacks on NATO, USIA Web pages (Doneel Edelson)
Indonesian Year 2000 plans (Fraser McHarg)
Yet another date-related problem (Geoff Kuenning)
Smart Dust (Steve Holzworth)
Re: The real story on Centaur/Milstar (Rick Carter)
Terrorist bombing botched due to timing error... (Joan L. Grove Brewer)
NSI blows it again---is there no lower bound to their idiocy? (Lenny Foner)
HTML on Win Desktop (Robert Graham)
E-commerce stupidity (Michael Taylor)
Re: Refrigerator gasket frozen out (Henry Spencer)
Risks of old RISKS (Ochran Industries)
RISKS 20.59 Thursday 23 September 1999
Mars Climate Observer failure (PGN)
UK rail disaster inquiry: driver had his feet up! (Bernard Lyons)
AT&T nationwide cellphone service goes down, 3000 miles from Floyd
(John Gilmore)
India and Pakistan in Web war (Martin Minow)
Sweet Y2K angle (Sara Thigpen)
1 Oct 1999 as a Y2K problem date? (David Wittenberg)
Re: The real story on Centaur/Milstar (Marc Passy)
Re: Macro viruses and Word'97's built-in macro detector/disabler
(David Chess)
Massive hole in NSI web-based e-mail (dotcomnow)
An easy 'out' for dotcomnow.com accounts (Art Delano)
More data on the NSI spam: acct names and how to change passwords
(Lenny Foner)
Final bit of info re NSI spam (Lenny Foner)
Re: NSI blows it again (Brian Clapper)
Re: 22nd National Information Systems Security Conference (Ed Borodkin)
15th ACSAC Advance Program (Vince L. Reed)
RISKS 20.60 Monday 27 September 1999
Ikonos launched successfully
Computer problems foul up the Washington Metro system (Steven M. Bellovin)
Faulty aircraft collision avoidance system RISKS causing collision
(Mike Martin)
Net users "page-jacked" by pornographers (NewsScan)
Wonder when automatic toll-taker transponders will be cracked? (Jim Warren)
You don't even need a computer ... (Rob Slade)
Re: UK rail disaster (Clive Page)
9/9/99? (Joseph A. Dellinger)
The Microsoft/NSA Crypto Brouhaha (mp)
my.Yahoo.com bug/risk... (Matt Anderson)
Risk of being removed from a spam list! (Marc Salverson)
Mars Lander reprogramming
Re: Loss of Mars Climate Orbiter (Lord Wodehouse)
Re: Mars Pathfinder a failure? (Steve VanDevender)
Re: Mars Pathfinder (Ben Hines)
Re: Mars Climate Observer (Harlan Rosenthal)
RISKS 20.61 Friday 1 October 1999
English or Metric - why Mars Climate Orbiter was lost! (Lord Wodehouse)
Japanese Nuclear accident: a case study of bad design (Chiaki Ishikawa)
Massive Fiber Cut Pauses East-West Traffic (David Farber)
FBI warns some Y2K fixes may be suspect (NewsScan)
Misreading and nuclear war -- or not (Simon Hogg)
Internet Explorer 5.0 flaws (Steve Wildstrom)
Elliptic curve 97-bit challenge broken (Dorothy Denning)
Intuit "Shuts Down" Privacy Site After PRIVACY Forum Query (Lauren Weinstein)
Henry Petroski, books, and risks of technology (PGN)
Linux banned after Samba misconfigation blocks NT authentication
(B. W. Fitzpatrick)
Cyber-Speak (Ira J Rimson)
RISKS 20.62 Tuesday 12 October 1999
Serious security flaw in Microsoft Java (Edward W. Felten)
Latest British train collision (PGN)
TCAS unit flaw (Steve Bellovin)
Glitch switches Nevada 911 calls to San Diego CHP (Carl Maniscalco)
Supercomputer lost to fire, weather predictions reduced (Andrew Klossner)
Calif government computers fail, cars impounded, ... (Declan McCullagh)
Re: Massive fiber cut (Doneel Edelson)
ICD's save ISS: *not*! (Erann Gat)
Floyd/EDS (William Addams Reitwiesner)
Re: Internet Explorer 5.0 flaws (Dan Wallach)
GPS rollover *did* cause DoD Problems (Peter B. Ladkin)
NT Stung Again by Y2K Bug (Paul Walczak)
Iraq decides to wait and see on Y2K oil disruption (Keith A Rhodes)
FBI warns some Y2K fixes may be suspect (Jonathan de Boyne Pollard)
"Self-destructing e-mail" (Brad Arkin)
Re: Linux banned (Mark Brader)
Where do you want to be *mis*directed today? (Mark Brader)
Maybe Microsoft owns stock in Canada? (Mark Brader)
Risks of screen saver messages (Nick Brown)
RISKS 20.63 Saturday 16 October 1999
Rome railway station shutdown (Peter B. Ladkin)
Washington DC Metrorail to Replace Relay System (George Beuselinck)
Aircraft computer redundancy and airline safety (Julian Olson)
Y2K creates "horseless carriages" (Jim Griffith)
INS Irony (Paul Robinson)
Re: Signal 109 near Ladbroke (Robert Evans)
Re: Mars Climate Orbiter units confusion (Clive Page)
Extra information in Word documents (Steven M. Bellovin)
Cyberwarfare: The Business Opportunity (Monty Solomon)
Millennium Bugs? (Rick Downes)
You can't get where you want to go today (J Fieber)
Odd synchronicity in items in RISKS-20.62 (Chris Smith)
Re: Cyber-Speak (Martin Minow)
Bell Atlantic forgets: exchanges are not unique between area codes
(Jonathan I. Kamens)
Yet another case of credit-card 'security' (E. Lange)
CFP: FTCS-30 & DCCA-8 Int'l Conf on Dependable Systems and Networks
(Philip Koopman)
RISKS 20.64 Thursday 4 November 1999
Yet another cracked stooopid crypto scheme... (Frank Stevenson via Lenny Foner)
A Risk of disk caching (Erling Kristiansen)
Single-Sourcing at the FAA (Eriks A Ziemelis)
Re: Aircraft computer redundancy, airline safety (Paul Wallich)
Re: Y2K creates "horseless carriages" (Ted Doty)
Cornell University Revisits Spring 1900 (James Byers)
Bush campaign site hacked (Avi Rubin)
IP blocking (Lindsay Marshall)
INS Irony Explained (Paul Robinson)
Fibers Cut in Massachusetts (Rich)
Typing fast, and a fast computer are not necessarily good! (Vicky Larmour)
Printers are too smart to handle "dumb" jobs (Leonard Erickson)
Complexity in operating systems and programming languages (Diomidis Spinellis)
Re: DC Metro Relays (David Lesher)
BlackICE Defender Security woes (tlb)
10-day deactivation warning from Network Solutions takes 13 days
(Stuart Woodward)
40 vs. 128 bit browsers (Jeremy Epstein)
New Australian RISKS Archive (WestyX)
Call for papers, Malicious Information Technology (Jeffrey Voas)
RISKS 20.65 Sunday 21 November 1999
Nasdaq software failure (Keith A Rhodes)
Netscape's cookie-preserving behavior (Crispin Cowan)
Announcing - PFIR: "People For Internet Responsibility" (Lauren Weinstein)
Businesses could owe millions for popular Year 2000 bug fix (Keith A Rhodes)
Japan rail ticket system crash due to 11/11/11 11:11 (Dave Fossett,
Hiroshi Naito)
Computer prompts increase errors? (Ursula Martin)
Re: Y2K creates "horseless carriages" (Adam Elman)
Possible risks in not examining end-user license agreements? (Anthony Garcia)
Microsoft Y2K liability (Lloyd Wood)
Risks of Office 2000 (Lloyd Wood)
Re: Sarah Flannery (Jean-Jacques Quisquater)
Slashes in spreadsheets (Kent Quirk)
DVD crypto was intended to be weak (M Seecof)
Amazon password change requests poorly authenticated (Andrew R. Thomas-Cramer)
Who protects me from the protectors? (David Mediavilla)
Risks of advertisements in software (Bill Royds)
Workshop on Freedom and Privacy By Design (Lorrie Cranor)
RISKS 20.66 Weds 1 December 1999
ATM User Trapped for 9 Hours (Jack Burke)
Dell loses five days' production time to FunLove Virus (Mich Kabay)
Risk of portable signs (Geoff Speare)
Irish telephone network outage brings Y2K fears (Dermot Casey)
Firestation fire blamed on Y2K computer fix (Kevin Whelan)
Halifax suspends net share dealing over security flaw (Nigel Cole)
Hacker links Staples to online rival Office Depot (Mich Kabay)
Risks of "anonymous" e-mail accounts (Bruce Schneier)
Sticky fingers with e-mail (Peter Wayner)
Privacy breach + plaintext passwords + denial of service (David Mediavilla)
Netscape 4.7 Danger: "Active" Newsgroup Messages (John David Galt)
Expanding, Embracing, Devouring: IE 5.0 Task Scheduler Elevates (RA Downes)
No bounds checking in Microsoft RTF controls (RA Downes)
More on DVD encryption cracked (Bruce Schneier)
Computer virus tears through companies (Dave Farber)
RISKS 20.67 Tuesday 7 December 1999
Crack in GSM cell-phone encryption scheme (NewsScan)
Medical errors kill tens of thousands annually, panel says (Keith A Rhodes)
Modern fire-alarm systems (Steven M. Bellovin)
Why Computers are Insecure (Bruce Schneier)
Jail for possessing a debugger? More on DVD encryption cracked
(Daniel A. Graifer)
Quicken cannot roll back transactions, and even lacks an Undo feature
(Tom Welsh)
Microsoft Works not saving spreadsheets (Shez)
Inadvertent attachments with MS Outlook 98 (Jon Freivald)
Counterfeit Japanese coins and resulting risk... (John F. Opie)
Coppermine bug stops PC shipments (Sam Kasseman)
Jane's article on cyberterrorism hype (Martin Minow)
Stock performance charts (Jeremy Epstein)
Railtrack timetable server has Y2K problems? (Christopher St.John)
Worm.Mypic: Will Y2K provide cover for worm/viruses? (Mich Kabay)
Y2K compliance (Identity withheld)
Re: Irish telephone network outage brings Y2K fears (Henry Spencer)
Risks of US-Euro date conversion (Ben Hines)
Re: Mars climate orbiter (Michael Detambel)
Re: Sarah Flannery (Timothy A. McDaniel)
RISKS 20.68 Tuesday 14 December 1999
RST discovers defective crypto in Netscape mail password saver (Gary McGraw)
Canada Post has "electronic post" on line (Alan DeKok)
Sanity.com: buy now, pay never (David Shaw)
A Tale of Two Web Sites: Calling it secure doesn't make it so (Steven J. Zeil)
IDs in color copies and prints: confirmed (Lauren Weinstein)
BBC Censorship! (Peter McWilliams via Lindsay Marshall)
Melissa perpetrator faces five years in prison (NewsScan)
Oh, no! Y2K virus competitions (Ross Stewart via Peter de Jager)
Re: No bounds checking in Microsoft RTF controls (meeroh)
Slashes in spreadsheets (Christopher Warnock, David Empson)
Risk of APC Power Chute (Geoffrey Coram)
Risks of e-mail monitoring (Thomas Roessler)
Re: Counterfeit Japanese coins and resulting risk... (Henry Spencer)
Re: Ladbroke Grove (Mark Brader)
USENIX Security Symposium 2000 - A Call for Papers (Moun Chau)
Call for Papers - Safecomp 2000 (Gemma Windt-Krose)
RISKS 20.69 Thursday 16 December 1999
Biryukov and Shamir cryptanalysis of A5/1 GSM privacy algorithm (Matt Blaze)
Debit-card fraud in Canada (Steven M. Bellovin)
Croydon Tramlink: those signalling problems in full (Clive D.W. Feather)
Computer technology at the end of the 20th century (David Sedlock)
On the Internet nobody knows your five identities (NewsScan)
More CERT Advisories on buffer overflows (PGN)
Re: No bounds checking in Microsoft RTF controls (R A Downes, Mark Brader)
Macros in RTF files (Tom Hill)
Y2K-related viruses (PGN)
Power-out in Y2K test (Debora Weber-Wulff)
Risks of Y2K overreaction (Steven Huang)
Top 10 Risks search queries (Lindsay Marshall)
Go to jail - go directly to jail ... (Martyn Thomas)
According to Alta Vista, everything is for sale... (Daniel P. B. Smith)
Quicken's no-undo interface design (Timothy Prodin)
Risks of webbed e-mail and cookies (Lloyd Wood)
Windows98 censoring word processing apps (Eric Wagoner)
Re: Crack in GSM cell-phone encryption scheme (Boyd Roberts)
Re: DVD encryption (Brad Ackerman)
Re: Why computers are insecure (Durwin Sharp)
*Absent* source code now available (Avi Rubin)
CFP, 23rd National Information Systems Security Conference (Ed Borodkin)
RISKS 20.70 Sunday 19 December 1999
ResearchIndex: a digital library of computer science papers (Ursula Martin)
Where do you want to go today ? And... when exactly ? (Nick Brown)
Another appalling Web security story (Nick Brown)
Risks of US-Euro date conversion (Terje Mathisen)
Re: Melissa perpetrator faces five years in prison (Russ Cooper)
Y2K fear vs. Common sense (identity withheld)
Browsers should only display what is requested? (Dick Shelton)
Netscape and the risk of two accounts (Steven J. Greenwald)
RST discovers defective crypto in Netscape mail (Zygo Blaxell,
Raymond Michiels, Michael Kohne, Gary McGraw, John Viega, Dan Foster)
RISKS 20.71 Friday 31 December 1999
First real Y2K clock problem... (Peter da Silva)
Whoops! Aukland Awkward Awk! (John Wharton via Dave Farber)
Game Over at end of millennium... (John Elsbury via Dave Farber)
Credit-card machines in U.K. confused by Y2K (NewsScan)
Y2K claims early victims (John Locke-Wheaton via Dave Farber)
Pentagon Y2K preparations (Dave Stringer-Calvert)
Oakland CA 911 (John Wharton via Dave Farber)
Two possibly unaddressed Y2K problems (Brett Glass via Dave Farber)
Low-tech Y2K failure (Earl Truss)
Risks of expiring digital certificates in older Web browsers (David Tarabar)
Shirley you can't mean this date is bad! (Conrad Heiney)
The risks of last minute Y2K patches (Matt Blaze)
Re: Y2K fear vs. Common sense (Scott Nicol, Eric Roesinger)
Abolishing leap-seconds (Rob Seaman)
Is the connection secure or isn't it? (Don Byrd)
Privacy broken by Sanity.com (John McLean)
Still another appalling web security story (Identity withheld)
RISKS 20.72 Sunday 2 January 2000
Y2K early reports (PGN)
Pentagon satellite intelligence system Y2K failure (PGN)
Re: Y2K (Derek Tam)
Re: Y2K goofs (matt)
Y2K risks comment (Rebecca Mercuri)
Y2K kills Toronto bus information service (Mark Brader)
Y2K warning software is wrong! (Jeremy Epstein)
Re: Y2K fear vs. Common sense (John Palkovic, William Ehrich)
RISKS 20.73 Monday 3 January 2000
Palm Springs airport radarless for almost two weeks (PGN)
Y2K fix cost? (Don Cleghorn)
New Year's Eve 11pm news repeated hourly in NZ: 99 > 00 (Callum McKenzie)
Nokia phone not Y2K compliant? (Jari Takkala)
Effects of Y2K on mobile and telephone networks (Jari Takkala)
Year 97,98,99,100 (Robert Rathbone)
Y2K Filemaker Pro (Mary Shafer)
Word Perfect 5.1 and medical transcription ALL over (Don Taylor)
X-10 controller not Y2K-ok (Andrew M Greene)
Timely updates and Y2K nuclear-plant glitches (Doneel Edelson)
Disregard those OS Upgrade error messages; they're OK! (Michael Cook)
Interesting Win95 Y2K bug? (Roger Galliett)
Risks in poor library design (Ben Elliston)
Unix98 localtime (John J. Francini)
Re: Giga-byte Javascript Y2K (Kai Birger Nielsen, Andrew Fleisher)
Javascript considered harmful (Martin Minow)
Microsoft MSIE Y2K Insanity (Andrew D. Fernandes)
California DMV Y2K snafu (Cliff Sojourner)
Y2K FTP problem (Amos Shapir)
Y2K funny computer error in Talking Clock (Bruce Stein)
Y2K compliant? Not possible! (Fred Cohen)
Re: Time left until Y2K (Daniel Norton, Matthew Byng-Maddick)
RISKS 20.74 Sunday 9 January 2000
Y2K multiple billings (PGN)
100 years overdue (PGN)
Sprint PCS network problems on 1 Jan 2000 (Chenxi Wang)
MKS Toolkit Y2K glitch (Ray McCormack)
Y2K archives (Lindsay Marshall, Keith Rhodes)
Pete de Jaeger bit by Y2K (Debora Weber-Wulff)
Northwest Airlines may have leaked credit-card numbers (Jeremy Epstein)
Risks of assuming a friendly radio environment (Fernando C Pereira)
Re: Just found my first Y2K bug! (Dana Carpender)
NTSB website has Y2K test data mixed in with real data (John Clarke)
Bogus message in live service for Quicken (Stephen Page)
Re: Microsoft MSIE Y2K Insanity: The last word? (Andrew D. Fernandes)
Teenage computer vandal sentenced to year in jail (NewsScan)
What has changed (Bertrand Meyer)
Network Associates WebShield -- Mail Content Alert ()
SSH: an ineffectual "feel-good" security measure (William Colburn)
Jail for possessing a debugger? More on DVD encryption cracked (Hamie Marson)
CFP: Workshop on Security and Privacy in E-Commerce (Anup K. Ghosh)
RISKS 20.75 Sunday 16 January 2000
More on Pentagon satellite data outage (PGN)
Credit-card data used for extortion (Steven M. Bellovin)
British Visa source-code compromised (Frank Markus)
Greek tax information system experiences black-out (Diomidis Spinellis)
Berlin Fire Department with Y2K Problem? (Debora Weber-Wulff)
Kremlin press office Y2K problems (Greg Lastowka via Declan McCullagh)
Re: Y2K99????? (Drew Davis via Mark Brader)
Sidekick98 Y2K bug squashed (Michael Froomkin)
Lookout Outlook! (Bruce Sterling)
Resume system creates "Profile" for you... without permission (Tom Malaher)
Woman ordered to pay back four pence (Alan Barclay)
More on RISKS-20.73 (Clive D.W. Feather)
RISKS 20.76 Sunday 23 January 2000
The Net enables a Farther Confessor Website (PGN)
U.S. National Archives loses 43K e-mail messages (Jeremy Epstein)
Rhode Island computer arrested innocents (David Mediavilla Ezquibela,
Mark Richards)
Hackers steal passwords, cause havoc (NewsScan)
Bug lists babies as aged 100 (Brian Randell)
Y2K and satellite orbit predictor software (Erling Kristiansen)
Y2K Problems with Flight Sim 2000 Professional Edition? (David H Smith)
U.S. removes most restrictions on encryption software (NewsScan)
Re: British Visa source-code compromised (G Bell)
Re: Woman ordered to pay back four pence (G Bell)
Re: Lookout Outlook! (Dan Franklin, Laura Stinson)
Here's an update to the simulated Kangaroos story (Walter and Paul Mallory
via Paul Green)
Computers, Freedom & Privacy 2000 Advance Program (PGN)
2000 IEEE Symposium on Security and Privacy (PGN)
RISKS 20.77 Saturday 29 January 2000
Report on identity theft (Mich Kabay)
Japanese Government Websites hacked (Ole J. Jacobsen)
Japanese department-store credit-card fraud (Chiaki Ishikawa)
Superbowl XXXIV Web-filtered: adult porn? (John Wharton)
Porn spammers getting cute (Jim Griffith)
Lessons of Y2K (Toby Gottfried)
Parisian programmer makes his own smartcard (NewsScan)
DVD lawyers make "trade secret" public (Declan McCullagh)
French spies listen in to British business phone calls (Declan McCullagh)
DoE password policy comic relief? (Mike Williams)
Re: U.S. removes most restrictions on encryption software (Kevin Mitchell)
Simson Garfinkel's *Database Nation* (Peter G. Neumann)
REVIEW: "Hackers: Crime in the Digital Sublime", Paul A. Taylor (Rob Slade)
REVIEW: "Implementing IPsec", Elizabeth Kaufman/Andrew Newman (Rob Slade)
RISKS 20.78 Sunday 6 February 2000
CIA Director Deutch and MLS (Jeremy Epstein)
CERT Advisory CA-2000-02 (CERT Advisory)
NSA system inoperative for four days (PGN)
Leak lets 64 get rich quick (David Shaw)
EFIS failure main suspect in Crossair crash (Peter B. Ladkin)
Terra spacecraft problems (Peter B. Ladkin)
Patients will be able to wear their hearts on the Internet (NewsScan)
Yahoo suit compares cookies to stalking (NewsScan)
China to require encryption information (NewsScan)
Study criticizes health sites for privacy intrusions (NewsScan)
AT&T Business Internet Service DNS major outage 28 Jan 2000 (Randy Holcomb)
More risks with MS Outlook (Jason Axley)
Who is at risk with this virus advertisement? (Bob Heuman)
Organisms do not adapt to their environment! (Bob Frankston)
*Fatal Words* (Bob Frankston)
abcnews.com manually updates copyright year (David Glicksberg)
People For Internet Responsibility issues and status report (Lauren Weinstein)
New Security Paradigms Workshop 2000: Call For Papers (Crispin Cowan)
RISKS 20.79 Tuesday 15 February 2000
Distributed denial-of-service attacks (PGN)
PFIR Statement on Recent Internet Denial of Service Attacks (Lauren Weinstein)
Risks of bouncing messages from closed e-mail lists (Mich Kabay)
My.MP3.com and the Beam-it protocol (Dan Wallach)
Re: Organisms don't adapt???? (Bob Blakley, Gordon Foreman)
More risks with MS Outlook (kclemson)
Review of "Database Nation" (Gene Spafford)
RISKS 20.80 Sunday 20 February 2000
EPA web site shut down (Rick Blum)
Online prankster distorts Clinton chat (NewsScan)
Computer glitch cancels 86 America West flights (George Dinwiddie)
Fire takes out Nottingham Phones (Dave Weingart)
Breach exposes H&R Block customers' tax records (George Dinwiddie)
Great West gives out too much personal info (Taylor Hutt)
YAIESB: Yet Another Internet Explorer Security Bug (Jeremy Epstein)
Re: Distributed denial-of-service attacks (Ken Cox)
Re: Win 2000 63,000 Bugs (Jim Allchin via Chris Smith)
REVIEW: "Virtual Private Networking", Bruce Perlmutter/Jonathan Zarkower
(Rob Slade)
CFP: Safety & Reliability of embedded Software Systems (Pete Mellor)
USENIX Annual Technical Conference, 2000 - Preliminary Program (Moun Chau)
Information Survivability Workshop ISW 2000 (Howard Lipson)
RISKS 20.81 Monday 21 February 2000
Announcement of the ITS4 software security scanner (John Viega)
Hacker posts phony press release (Doneel Edelson)
Risks of untrusted provenance (Mich Kabay)
Senate web site dies, Clinton stresses Net-reliability (Declan McCullagh)
Windows 2000 leaves new court records system unreliable (Michael S. Keller)
Revenge of Authenticode (Mark Seecof)
Re: Distributed denial-of-service attacks (Giles D. Malet, Paul Oldham,
William Colburn, Dick Mills)
Risks designed into the Internet (Charles J Wertz)
Michigan puts Doubleclick on notice (NewsScan)
Re: Microsoft responds (Tom Sheppard)
Even more on risks with MS Outlook (John L Meissen)
Two signatures (David E. Ross)
Amazon password change practice (Thomas Roessler)
Re: Risks of bouncing messages from closed e-mail lists (DeRobertis)
Re: Risks of policies not thought out properly (Rumy Driver)
Risks of mistaking a trademark for a generic word (Mich Kabay)
A really clever privacy policy (Martin Minow)
Re: Review of "Database Nation" (Dave Weingart)
RISKS 20.82 Monday 28 February 2000
U.S. government abandons Bernstein restrictions (Jeremy Epstein)
How to make friends, influence hackers, and build bugfree code Paris style
(Peter Wayner)
Someone making sense about e-commerce (Paul Robinson)
The Millennium Bug Revisited (R A Downes)
It was just a network board... (Debora Weber-Wulff)
Risks of National Weather Service tests (John O Long)
Re: Microsoft responds (R A Downes)
Re: Great West gives out too much personal info (Taylor Hutt, Bob Hofkin)
Imbalanced parentheses or angle brackets (W.T. Shymanski)
"Unstable" postal addresses (Joseph A. Dellinger)
REVIEW: "Security Technologies for the World Wide Web", Rolf Oppliger
(Rob Slade)
RISKS 20.83 Wednesday 8 March 2000
Gallup hacked (PGN)
Aum Shinri Kyo affiliate develops Japanese government software (PGN)
Computer releases prisoner (Bob Church)
Online broker blames outages on software maker (NewsScan)
Boeing loses space station parts (PGN)
Arizona primary is first binding election with Internet voting
(Sidney Markowitz)
New Zealand's INCIS Crime Information System (Richard A. O'Keefe)
Risks of Web information on heart attacks (PGN)
Census fiasco (Bob Frankston)
UK ISPs leave themselves open to potential abuse (Pedt Scragg)
Judge sends message to network vandals: "go to jail" (NewsScan)
The scary MSWord residue feature (Avi Rubin)
Re: "Unstable" postal addresses (Peter Corlett)
ADSL snooping (David)
Risks of Leap Years and Dumb Digital Watches, quadrennial posting (Mark Brader)
Leap-day 2000 (Chris Kuan)
Leap-day 2000: VCR (Bob Erkamp)
Leap-day 2000: Checkbook magazine (Jeremy Epstein)
Getting Jenni arrested (Keith Schon via sragsdale)
Privacy risks as mid-sized orgs decide that Web access is cool
(Daniel P.B. Smith)
RISKS 20.84 Saturday 18 March 2000
Report on hacker altering MIT grades: NOT! (Mark Lutton)
Radar glitch at Philadelphia's airport (PGN)
WAAS Software Problems (Peter B. Ladkin)
NASA report: Faster, cheaper is not better (PGN)
Sea Launch rocket drops satellite into Pacific Ocean (PGN)
Week-long outage after cable cut downs 11,000 phone lines (PGN)
Overdue Railtrack calls in the Army (Ursula Martin)
Hooked on I-sex (NewsScan)
Hackers sued by software-filtering company (NewsScan)
Y2K strikes again *R. Geoffrey Newbury)
Re: Arizona and Internet elections (Adam Shostack, Steve Wildstrom)
It was just a network board... (Wayne Mesard)
Risks of software configuration for filtering offensive language (George White)
Online gambling operator convicted (NewsScan)
The RISKS Of A Hyperactive Anti-Viral Immune System (Jon Seymour)
Risks of being a pushy high-tech headhunter (Michael D. Crawford)
Voicemail messages silently lost (Dick Karpinski)
Correction to privacy risks item (Daniel P. B. Smith)
Re: Web Information on heart attacks (Jeffrey Waters)
RISKS 20.85 Friday 24 March 2000
Northwest grounded for 3.5 hours after cable cut (Tim Dixon)
Patriot fails again (Lord Wodehouse)
Iridium insidium (PGN)
Leap-day banking ALERT! (Harlan Rosenthal)
Weather.com leaves visitors in the cold (Jay D. Dyson)
Cybercrime losses double to $10 billion (NewsScan)
Massive credit-card theft exposed (NewsScan)
Hacking credit cards is preposterously easy (Martin Minow)
Laptop Security (Steve Loughran)
Risks of Microsoft Passport (Avi Rubin)
Actor sues eBay for causing identity theft (Jim Griffith)
Re: MIT grade spreadsheet problem (Wm. Randolph Franklin)
There *still* ain't no such thing as a free lunch (Malcolm Pack)
Re: Hackers sued by software-filtering company (Bear Giles)
Re: Internet voting (Adam Shostack)
Report raises online privacy concerns (NewsScan)
TWA includes e-mail others' addresses in bulk mailing (RA Downes)
Re: Overdue Railtrack calls in the Army (Mark Nelson)
RISKS 20.86 Thursday 30 March 2000
More NASA woes in stress testing (PGN)
Re: Faster, cheaper *not* better (PGN)
More details on the Sea Launch failure (Steven Huang)
Stephen King eBook cracked (Re: Pack, RISKS-20.85)
California privacy legislation (Dan Gillmor)
Criminal records in North Carolina (Joe Thompson)
Judge issues injunction in software reverse-engineering case (NewsScan)
Re: Hackers sued by software-filtering company (PGN, Ross Oliver)
German ministry of family et al. and links to porn (Klaus Brunnstein)
Privacy problems with HTTP cache-control (Martin Pool)
Re: Northwest grounded for 3.5 hours after cable cut (Henry Spencer,
Bob Dubery)
Northwest Air fallout: MN backhoe affects FL hotel bookings! (William Smith)
Re: MIT grade spreadsheet problem (Allan Duncan, Tony Lima, John Pearson)
RISKS 20.87 Friday 28 April 2000
Explanation for long RISKS hiatus (PGN)
UCITA, the Uniform Computer Information Transactions Act (Bruce Schneier)
Canadian teen held in Web attacks (NewsScan)
Swedish 16-year-old arrested 3 hours after Web attack (Ulf Lindqvist)
Teenage hacker stole Gates' credit-card info (NewsScan)
Man indicted for vandalizing government computers (NewsScan)
Hackers penetrate Gazprom (Steve Bellovin)
Security experts discover rogue code in Microsoft software (NewsScan)
Encryption code protected by First Amendment (NewsScan)
Hackers crack code protecting King e-book (NewsScan)
U.S. IT job vacancies approach 1 million mark (NewsScan)
Patent Office revamps Web patent review (NewsScan)
Iridium flames out, literally (NewsScan)
Power failure disrupts National Airport (Andres Zellweger)
Software fault stops 76,000 customers receiving phone calls (John Kerr)
Squirrelcide at San Jose Airport (Dave Stringer-Calvert)
Best new Microsoft bug yet (Martin Minow)
Web server displays admin password on failures (Bill Janssen)
Hotmail wants to know... (Gillian Richards)
no, Virginia (Danny Burstein)
REVIEW: "The Social Life of Information", John Seely Brown/Paul Duguid
(Rob Slade)
FORMAL METHODS *ELSEwHeRE* --second CfP (Tommaso Bolognesi)
RISKS 20.88 Sunday 14 May 2000
Love Letter Worm, CERT Advisory CA-2000-04 (CERT)
Mainstream media get a clue about Microsoft security (Russ Cage)
Peacefire: Eudora "Stealth Attachment" Security Hole Discovered
(Bennett Haselton)
Netscape Navigator Improperly Validates SSL Sessions, CERT Advisory
CA-2000-05 (CERT)
FBI gun-check computer crashes (Declan McCullagh)
Risk: Selective denial of GPS signals (Mike Fisk)
Phone fault sparks sausage frenzy (Ian Simpson)
Network trashcan (Conrad Heiney)
Stupid appliance ideas (Lloyd Wood)
netzero: defenders of the free world? (Laurentiu Badea)
Re: Security experts discover rogue code in Microsoft software (Russ Cooper)
Re: Encryption code protected by First Amendment (Terry Carroll)
Re: Hotmail wants to know... (Jon Ribbens)
Re: No, Virginia (Mark Brader)
RISKS 20.89 Monday 29 May 2000
Top-secret stolen UK laptop recovered (Doneel Edelson)
Nuclear reactor shuts down in California (Linda Kaplan)
Venezuela cites computer glitch, postpones elections (Declan McCullagh)
NHL Web attack (Keith A Rhodes)
A rather risky device to end high-speed chases (Serguei Patchkovskii)
Media gullibility on laser gun to stop cars (John Pettitt)
Study shows mobile phones do interfere with avionics (Kevin Connolly)
Junk-mail filters: excerpted (Gary Cattarin)
Revision control (Mike Albaugh)
Outlook "security" patch (Dave Weingart)
VBS.NewLove.A false positives (Jeremy Epstein)
Risks of virus disinfection (Tom Hayhurst)
Widespread Web-Trojan alerts (Chris Adams)
CERT Advisory CA-2000-07 (CERT)
Misleading warning, failure of Netscape SSL server authentication (Kevin Fu)
I did not say that! wrt deja.com (Stephen Keeling)
Risky quotation (Zygo Blaxell)
RISKS 20.89x Monday 29 May 2000 [ARCHIVE COPY ONLY; NOT DISTRIBUTED]
Junk-mail filters: full version of excerpt in RISKS-20.89 (Gary Cattarin)
RISKS-20.90 Monday 5 June 2000
"Incompatible software" blamed for phone-book fiasco (PGN)
Remote control of your car via GM's OnStar (Armando Fox)
India plans to piggyback internet on railway control cables (R Bakowski)
Trash compactor kills shoplifter (Chris Meadows)
How not to distribute white papers (Avi Rubin)
1984 comes late to the UK (Martyn Thomas)
Social engineering in the real world (Bruce Schneier)
Computer Security: Will We Ever Learn? (Bruce Schneier)
Symantec's antiviral returns false positives on network.vbs (Richard Thieme)
Re: Junk-mail filters (Amos Shapir, Ron Bean, Ray Todd Stevens,
Markus Peuhkuri)
RISKS-20.91 Thursday 8 June 2000
White House admits over one year of VP's e-mail lost forever (Doneel Edelson)
Julia Roberts wins control of her net name (NewsScan)
Dot-Com nightmare -- domain-name hijacking (NewsScan)
Cyber pirates (NewsScan)
UPS kills power (Daniel Norton)
Ford Explorers recalled due to "lock-up" (Alex Wiebe)
Re: "Incompatible software" blamed for phone-book fiasco (Malcolm Pack,
Kevin Parker)
Bloat Dissections II (R.A. Downes)
Re: How not to distribute white papers (Ian Goldberg, Stanley Chow,
Paul Wallich)
Re: Trash Compactor (Bernard W. Joseph, Robert Alberti, Bob Dubery)
Re: India piggybacking on railway controls (Ramjee, Douglas W. Jones)
Bcc: filtering vs spam - almost risk-free (Charles Arthur, Bob Jewett,
Fredrik Staxaeng)
Re: Blocking e-mail on headers (William Colburn)
Y2K bug still manages to bite after five months (Paul van Keep)
RISKS 20.92 Friday 16 June 2000
Grade fixing (PGN)
Jury blames computers for Cali plane crash (Scott Lucero)
Black boxes, telemetry, and autopsy (Lord Wodehouse)
For want of $35, J.P. Morgan loses its Web site and e-mail (Keith A Rhodes)
Another example of systems that don't talk to each other (John Pettitt)
Bad background checks on Slashdot (Michael D. Crawford)
No password recovery on B2B WWW site (Dirk Bank)
JustBeFriends for macro virus control (Gary McGraw)
Re: Bloat Dissections II (Martin Ward, Graham Mainwaring, Edward Reid,
Nevin Liber)
Re: Indian Railway Fiber (Jay R. Ashworth, Chuck Charlton, Bart van Leeuwen,
James Ryan)
REVIEW: "Information Hiding Techniques for Steganography and
Digital Watermarking (Rob Slade)
Call For Participation - RAID 2000 (Herve Debar)
RISKS 20.93 Monday 3 July 2000
Collapse of UK air-traffic control computer (Ulf Lindqvist)
Sliced fiber-optic cable disrupts phone service in Northeast (Doneel Edelson)
State Department loses phone service (PGN)
Weld-done stake in phone lines (PGN)
Find security hole, get sued (Stanley Chow)
The low-down on the Berlin Fire Department Y2K-fiasco (Debora Weber-Wulff)
NATO creates computer virus that reveals its secrets (Monty Solomon)
Hacker endangers astronauts (Avi Rubin)
Burger King gives away CD-ROM with porn addresses (PGN)
Hotel phones that ID room occupants (Bertha)
Electronic signatures secure? (John P. Darrow, LucFrench)
*The NYT* site exposes CIA agents (Monty Solomon)
Re: UK Millennium Bridge instability (Tony Woolf, John Sullivan)
Microsoft software *can* damage your hardware! (Rob Slade)
Another Win95/DOS interaction (Jeremy Epstein)
Y2K-leapyear hangover, human error or other tomfoolery? (Ari Ollikainen)
Re: Network Solutions risks (Peter Sleggs)
Personal train warning (Marc Salverson)
RISKS 20.94 Friday 7 July 2000
Software upgrade cancels hundreds of train tickets (Ian Shorrocks)
Lottery coincidence reported by Infobeat caused by computer crash (Bob Heuman)
Total power outage at Sydney Airport leaves 20 planes circling (Mike Hogsett)
U.K. ATC System Failure (Andres Zellweger)
Re: Collapse of UK air-traffic control computer (Mark Richards)
Mix-up sends Spanish bank e-mail to Virginia BBoard (NewsScan)
17,000 bank details plucked from GST Site (Keith A Rhodes)
One more Y2K glitch, on countdown (Floyd Johnson)
Australian DST rules changed for Olympics (Mark Lutton)
Cyber-extortion (Doneel Edelson)
Hacker did *NOT* endanger shuttle astronauts (Jay D. Dyson)
Norton Antivirus 2000 defect on Win2000 Content (Jeremy Epstein)
Re: Microsoft software *can* damage your hardware! (Peter Van Eynde)
REVIEW: "Firewalls: A Complete Guide", Marcus Goncalves (Rob Slade)
CERIAS symposium (Gene Spafford)
The Software Engineering Symposium (Carol Biesecker)
Call for registration ESORICS and RAID 2000 (Frederic Cuppens)
RISKS 20.95 Wednesday 19 July 2000
Anti-spam legislation (NewsScan)
Google allows anonymous spam (Lloyd Wood)
British law would allow police to intercept e-mail (NewsScan)
Clinton administration plans on wire taps & encryption (NewsScan)
ID theft finally coming to the fore (PGN)
Mother's maiden name as security check (Bill Tolle)
Navy to use Windows 2000 on aircraft carriers (Nancy Leveson)
House rejects Internet gambling bill (NewsScan)
Italian crash exposes risks of online stock trading (Keith A Rhodes)
DC Metro can't label rerouted trains (Wm. Randolph Franklin)
Illinois man dies after utility cuts power (Bill Higgins)
Fox network misprograms time on US VCRs for a year (Michael D. Crawford)
Company lost domain name (Arthur J. Byrnes)
Royal Mail claims web orders encrypted when they aren't (Gary Barnes)
London Underground magnetic ticket bug (Boyd Roberts)
Man charged with breaking into NASA computers (Keith A Rhodes)
A self-referential risky accident (Michael L. Cook)
Re: Australian DST rules changed for Olympics (Fraser McHarg)
Re: Software upgrade cancels train tickets (Matt Fichtenbaum)
Re: UK Millennium Bridge instability (Charles Arthur)
Re: Another Win95/DOS interaction (Lloyd Wood)
RISKS 20.96 Sunday 23 July 2000
PFIR Statement on Internet Policies, Regulations, and Control
(Lauren Weinstein and Peter G. Neumann)
RISKS 20.97 Thursday 27 July 2000
House hearing on FBI's "Carnivore" (Alan Davidson)
Fake Paypal site collects user ids and passwords (Avi Rubin)
Followup on cause of SeaLaunch rocket failure (Kenneth Basye)
Outlook bug allows self-executing Trojan horses (Kevin Poulsen)
Powergen: More credit-card info exposed (Ursula Martin)
Civilian payroll problem (Stan Niles)
The Least Mail Online (Rob Slade)
AT&T exposes account info (John Chapin)
Re: Sliced fiber-optic cable ... (Mark Richards)
Re: London Underground magnetic ticket bug (Clive D.W. Feather)
Trust and Risk in Internet Commerce, Jean Camp (PGN)
9th USENIX Security Conference 2000 (Hali McGrath)
RISKS 20.98 Monday 31 July 2000
San Mateo health system upgrade is a downer (PGN)
Scientists spot Achilles' heel of the Internet (Dave Farber)
Booming computer firms are running out of power (Doneel Edelson)
Stephen King's not scared of trusting online readers (NewsScan)
The paperless benefits plan (Greg Compestine)
When what you see isn't what you get (Lloyd Wood)
Computer crash caused loss of cab schedule (Jacob Palme)
Re: Bloat Dissections II (Jonathan Guthrie)
Re: The Least Mail Online (Nick Andrew)
Re: London Underground magnetic ticket bug (Boyd Roberts, Clive Feather)
Re: AT&T exposes account info (Dima Maziuk)
Susan villages (Mark Brader)
RISKS 20.99 and RISKS 20.00 13 August 2000
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
SUMMARY OF RISKS VOLUME 20 (1 October 1998 to 31 July 2000)
------------------------------
End of RISKS-FORUM Digest 20.00 (99)
************************
