precedence: bulk
Subject: Risks Digest 21.00 (), Volume 21 summary
REPLY-TO:
[email protected]
RISKS-LIST: RISKS-FORUM Digest Volume 21 : Issue 00 ()
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
SUMMARY OF RISKS VOLUME 21 (15 August 2000 -- )
(NOTE: This summary is archived in ftp file risks-21.00 at ftp.sri.com,
cd risks, and is also at
http://catless.ncl.ac.uk/Risks/21.00.html.)
----------------------------------------------------------------------
Date: 13 Dec 1999 (LAST-MODIFIED)
From:
[email protected]
Subject: Abridged info on RISKS (comp.risks)
The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. Alternatively, via majordomo,
SEND DIRECT E-MAIL REQUESTS to <
[email protected]> with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
INFO [for unabridged version of RISKS information]
.MIL users should contact <
[email protected]> (Dennis Rears).
.UK users should contact <
[email protected]>.
=> The INFO file (submissions, default disclaimers, archive sites,
copyright policy, PRIVACY digests, etc.) is also obtainable from
http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info
The full info file will appear now and then in future issues. *** All
contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to
[email protected] with meaningful SUBJECT: line.
=> ARCHIVES are available:
ftp://ftp.sri.com/risks or
ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
[volume-summary issues are in risks-*.00]
[back volumes have their own subdirectories, e.g., "cd 19" for volume 19]
http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue].
http://the.wiretapped.net/security/textfiles/risks-digest/ .
==> PostScript copy of PGN's comprehensive historical summary of one liners:
illustrative.PS at ftp.sri.com/risks .
------------------------------
Subject: SUMMARY OF RISKS VOLUME 21 (15 August 2000 to ...)
(archived in ftp file risks-21.00)
RISKS-21.01 Tuesday 15 August 2000
Russian nuclear sub trapped on bottom of Barents Sea (Keith A Rhodes)
Risks of train doors: Sydney (Simon Carter)
Admissions mixup leaves Northeastern University struggling
(Daniel P.B. Smith)
Not so smart weapons in Kosovo (Lord Wodehouse)
Private phone records on Web (Kevin L. Poulsen)
Barclays Internet-banking security-glitch following software upgrade
(Pete Morgan-Lucas)
Security hole in Netscape (NewsScan)
The Pentagon worries that spies can see its computer screens
(Gregory F. March)
Online gambler goes to prison (NewsScan)
County blew $38 million on canceled payroll system! (Joan Brewer)
Delays in the new UK Air traffic control system (Ursula Martin)
Microsoft vulnerabilities, publicity, and virus-based fixes (Bruce Schneier)
REVIEW: "NT 4 Network Security", Strebe/Perkins/Moncur (Rob Slade)
RISKS 21.02 Saturday 26 August 2000
Hoaxes: When will they learn? (Dave Farber)
NY State's running out of fingerprint IDs (Danny Burstein)
Mobile phone malware on i-mode in Japan (Kevin Connolly)
Firepower via Web interface (Anatole Shaw)
Sydney Airport baggage system fails for second time in five days
(Stellios Keskinidis)
Airline E-Ticket risks (Paul Wallich)
Risks on public transit: mechanical and human failures in Toronto
(Stephen van Egmond)
Bangkok robot security guard (Torrey Hoffman)
Professor stole 40 student SSNs and IDs to get credit cards (Joan L. Brewer)
Kaiser Permanente medical e-mails go astray (Sheri Alpert)
Wake up, your TV is talking to your bracelet (NewsScan)
SSL Server Security Survey (Monty Solomon)
*The Globe and Mail* Web site exposing search-engine log file
(Esteban Gutierrez-Moguel)
Blocked e-mail and Web sites (PGN)
Major security hole in new online organizer service (Paul van Keep)
Hackers breach Firewall-1 (PGN)
GAO says EPA's computer security is "riddled" with weaknesses
(Declan McCullagh)
Bruce Schneier's Secrets and Lies (PGN)
Software Risk Management Conference ISACC (Gary McGraw)
RISKS 21.03 Monday 28 August 2000
New security vulnerability: 13-year-old 'r00ts' popular polynomial
(Leonard Richardson)
Pretty Good Bug found in Windows versions of PGP (Declan McCullagh)
Two cables (Doneel Edelson)
Four of the 13 root servers used by Network Solutions (Dave Farber)
Court says FBI has been given too much wiretap power (NewsScan)
"Free" e-mail accounts and passwords exposed for a month (Peter Kaiser)
Hotmail blows it badly? (Jay R. Ashworth)
Possible Y2K bug strikes UK Egg Bank (Ralph Corderoy)
More risks of filtering software (David Goddard)
Risks of Eurdora 4.x (David Sedlock)
"Verify your age with a credit card": more than $188M fraud (Lenny Foner)
Re: Airline E-tickets (Adam Shostack)
Re: Hoaxes: when will they ever learn (Eric Murray)
Re: SSL Server Security Survey (Sean Eric Fagan)
Re: mechanical and human failures in Toronto (Mark Brader)
RISKS 21.04 Monday 11 September 2000
Identity theft (PGN)
Government computers at risk (NewsScan)
Satellite system outage hits Associated Press (Keith A Rhodes)
Puerto Rican capital without power (Doneel Edelson)
New Pentium III chip recalled (NewsScan)
CSX crew spots problem signal, averts collision (Chuck Weinstock)
F-117 stealth fighter in near-miss with UAL jet (PGN)
Fake air controllers alert in UK (Joe McCauley)
Swissair 111, TWA 800, and Electromagnetic Interference (Fred Ballard)
D.01: off by x100 stock prices (Bob Blakley)
Western Union Web site hacked (Keith A Rhodes)
FBI arrests Emulex hoax suspect in Calif. (NewsScan)
Glitch at Amazon.com exposes e-mail addresses (Keith A Rhodes)
Windows NT/2000 "Lock Computer" allows palm sync (Avi Rubin)
1,000 system updates??? (Scott Rainey)
Risks of partially updated Web pages (Daniel P.B. Smith)
Re: Major security hole ... (Chris Adams, Michael Loftis)
Re: Your TV is talking to your bracelet (George Weaver)
PFIR statement on government interception of Internet data (Lauren Weinstein)
REVIEW: "Big Book of IPsec RFCs", Pete Loshin (Rob Slade)
2001 IEEE Security and Privacy Symposium (Jon Millen)
RISKS 21.05 Wednesday 20 September 2000
Qualcomm CEO's laptop vanishes, containing corporate secrets (NewsScan,
David Lesher)
Computers shut down aircraft engines in flight (Mike Beims)
Russian troops block power shutoff (Doneel Edelson)
OPEC site hacked (Mike Hogsett)
Navy carrier to run Win 2000 (Mike Ellims)
Re: Windows NT/2000 palm sync (Avi Rubin)
Re: Identity theft (Carl Ellison)
Re: D.01: Off by x100 (Terry Carroll)
Re: New Pentium III chip recalled: typo (Gideon Yuval)
Risks of using HTML Mail and HTTP proxy "censorware" together (Dan Birchall)
Concorde crash report (Peter Kaiser)
Computerized air-conditioning risks (Pere Camps)
``Netspionage'' is the real security threat on the Net (NewsScan)
Hackers offered $10,000 bait (NewsScan)
A subtle fencepost error in real life (Andrew Koenig)
New credit-card solution? (Joshua M Bieber)
Reconstructing Privacy - Conference Announcement (Gene N Haldeman)
RISKS 21.06 Monday 25 September 2000
Australian online voting scores: no oohs 'n Oz? (Garry Allen)
Youthful toothful (PGN)
Concorde Problem Visibility (Peter B. Ladkin)
Re: Concorde crash report (Zygo Blaxell)
Ostrich Farming? (Pat St-Arnaud)
Pentagon security gate goof, again (PGN)
U.Wisconsin alters photo to add "diversity" to student body (PGN)
Why software fails (Mike Lewis)
Filtering, censorship, silence: Who owns the language? (Richard Schroeppel)
Re: Decimalization and Ford Stock Splits (Timothy Prodin)
Re: Identity theft (Martin Minow)
Re: Qualcomm CEO's laptop vanishes (Camillo Sars)
Re: Risks of using HTML Mail and HTTP proxy "censorware" together
(J.D. Abolins)
Artificial Intelligence strikes again (Rodger Whitlock)
SBC Calling Card PIN (Conrad Heiney)
RISKS 21.07 Saturday 30 September 2000
California DMV fosters identity theft? (PGN)
Single points of failure and backup plans (William P.N. Smith)
Control of Olympics news coverage (NewsScan)
Tighter security poses a security threat (Ray Randolph)
Cochise County election computer errors (Nicky L. Sizemore)
The risk of identity theft (Amrith Kumar)
De Fault is in Default (Charlie Shub)
Re: AI strikes again (Perry Bowker, Zygo Blaxell)
REVIEW: "CyberShock", Winn Schwartau (Rob Slade)
RISKS 21.08 Wednesday 11 October 2000
50 million adults at risk for 'net illiteracy' (NewsScan)
China announces new rules for Internet content (NewsScan)
Italian police stop digital bank robbery (Meine van der Meulen)
Computer-related sewage release into Massachusetts Bay (Jonathan Drummey)
ISP whacks game fan with $24,000 bandwidth fine (Doneel Edelson)
I've been dropped from a life-time membership (Leonard X. Finegold)
Carnivore review team information leaked (PGN)
What Bloatware is Not (Rick Downes)
EMI, TWA 800 and Swissair 111 (Peter B. Ladkin)
ABC newsradio network blocked during Olympics (Phillip Musumeci)
The need for functioning IT environments (Thomas Roessler)
Re: Why software fails (Jurek Kirakowski)
Intel hasn't learned... (Steve Bellovin)
Test Practitioner Syllabus: 17 Oct deadline for comments (Dorothy Graham)
REVIEW: "Storming Heaven", Kyle Mills (Rob Slade)
RISKS 21.09 Friday 3 November 2000
Air-traffic control woes (PGN)
Aviation near-crashes in Kathmandu (Phil Carmody)
Typo + "strange glitch" = private files world-readable (Michael Froomkin)
Risks of an `uninterruptible power supply' (Ross Anderson)
How to upset your customers (John Pettitt)
Did I *really* request my password in plaintext? (Matt Stupple)
Over capacity @Home (Dave Isaacs)
Minister racks up $50,000 phone bill (Fergus Henderson)
EZ-Pass discovers risk of sending URLs instead of actual text
(Danny Burstein)
Yet another daylight savings time problem... (Gordon Henderson)
I'm falling back, and I can't get up. (Richard Glover)
Worm risk multiplier (Jeremy)
Re: Carnivore review team information leaked (Rob Warnock)
Re: AI strikes again (Chris Meadows, Marcos)
Re: U. Wisc altered photographs: They're not the only ones (Fredric L. Rice)
Re: 50 million adults at risk for `net illiteracy' (K Parker)
CFP: Risk Assessment & Policy Assoc. International Conference
(John M. Gleason)
RISKS 21.10 Tuesday 7 November 2000
Pennsylvania county wins $1M for faulty computer voting machines
(David Banisar)
Thoughts on computers in voting (Douglas W. Jones)
Security of electronic voting in public elections (Avi Rubin)
Saturn made a bad assumption in my engine (William Colburn)
I crashed because my phone was ringing (Scott Gregory)
Unplanned roll in NASA's X-38 (James H. Paul)
*Lack* of barcode causes train to trap passengers (Jeff Stieglitz)
No security in Internet-connectable laboratory instrument controller
(Stephen D. Holland)
Risk of using 'meaningful' file names (Charles Bryant)
Re: Typo+"strange glitch"=private files world-readable (Steve Summit)
REVIEW: "Virus Proof", Phil Schmauder (Rob Slade)
RISKS 21.11 Wednesday 8 November 2000
Did a human factors problem affect the U.S. presidential election?
(Steve Bellovin)
More on Florida in this and previous elections (PGN)
E-voting as a panacea for Florida count? (Jeremy Epstein)
CNN: E-voting could have prevented U.S. election chaos (Evan McLain)
"REALITY RESET": "Hacking the Vote" (Lauren Weinstein)
Web sites report exit poll results before networks do (NewsScan)
Political dirty tricks, cyber-style (NewsScan)
Vote auction Web site moves operations overseas (NewsScan)
UK air-traffic control problems (PGN)
Indianapolis FAA route center running on generators for a week
(Nathan Brindle)
Raccoon power outage over the weekend (Dan Ellis)
Researchers able to defeat digital music security measures (NewsScan)
Verisign and MS authenticode (Carl Byington)
Microsoft Web site vandalized (NewsScan)
The latest in anti-spam technology (Greg Compestine)
Re: EMI, etc. (Pete Mellor)
2001 USENIX Annual Technical Conference - Call For Papers (Andrea Galleni)
RISKS 21.12 Saturday 11 November 2000
Sanity in the Election Process (Lauren Weinstein and Peter Neumann)
Statement by Don A. Dillman on Palm Beach County Florida Ballot (Rob Kling)
Florida vote counts (PGN)
The end of the Multics era (PGN)
Excessive bounce activity and lost messages (PGN)
RISKS 21.13 Sunday 3 December 2000
Perspective on election processes (PGN)
A better election process? (Dave Stringer-Calvert)
Australian Internet cable severed (Dave Farber)
CIA secret chat room investigated (PGN)
McAfee VirusScan update crashes Windows (PGN)
Ticking time bomb in buffer overflow (Jonathan Hayward)
Re: The end of the Multics era (Tom Van Vleck)
I am glad about the quality of my driver's license photo (Joel Garry)
Re: Engine cutouts (Paul Nowak)
REVIEW: "Practical Firewalls", Terry William Ogletree (Rob Slade)
RISKS 21.14 Tuesday 12 December 2000
Internet and Electronic Voting (PGN Rebecca Mercuri Lauren Weinstein)
Re: Perspective on election processes (Ben Laurie)
Arizona Motor Vehicle counterfeiting rings (Paul Nowak)
Seattle Hospital Hacked (Lauren Gelman)
A new Chinook inquiry? (Mike Ellims)
Another Osprey crash (PGN)
Space Station risks (Ben Hines)
comp.risks considered harmful -- by some (Thomas Roessler)
REVIEW: "Hack Proofing Your Network", Ryan Russell et al. (Rob Slade)
RISKS 21.15 Weds 20 December 2000
Wells Fargo computer network outage (PGN)
ATM network for voting: a non-starter (David Jefferson)
Re: Voting by machine (Fred Cohen)
Alaska Airlines flight 261 (Jim Horning)
NY State DMV canceling auto registrations (Danny Burstein)
Another DMV Break-in, in Oregon (PGN)
Healthcare data bank contains inaccurate and flawed information (Mike Beims)
Germany to rely on on-board diagnostics for vehicle emission checks
(Bernd Felsche)
High reliability (Adam Shostack)
Electrocution leads to more deaths (Martin Minow)
Spam as a denial of service attack? (Steve Bellovin)
Re: Seattle Hospital Hacked (Lynda Ellis)
Computers, Freedom, and Privacy CFP2001 Call for Participation (HIIP)
RISKS 21.16 Tuesday 26 December 2000
Power cut blocks emergency calls (Stuart Lamble)
Important message from egghead.com CEO (Egghead.com)
Security advisories becoming less open? (Chris Adams)
Another tidbit about the new Microsoft advisory format (Richard M. Smith
via Brian)
Making something look hacked when it isn't (Richard J. Barbalace)
The risk of a seldom-used URL syntax (Rob Warnock)
Intelligence risks of e-mail auto-responses (Dan Birchall)
Re: Voting by machine (Tony Finch)
Re: ATM network for voting: a non-starter (Jeremy Epstein, Barry Margolin,
Bill Stewart)
Re: High Reliability (Matt Jaffe)
Re: Another DMV Break-in, in Oregon (Simson L. Garfinkel)
Re: Seattle Hospital Hacked (Todd Wallack, Kevin L. Poulsen,
Jonathan Thornburg)
RISKS 21.17 Tuesday 26 December 2000
Martin Minow (PGN)
Australian Ansett B767 fleet grounded due to maintenance breaches (Mike Martin)
Interference forces RAF to abandon ILS (David Kennedy)
Risks of automatic firmware upgrades (Marc Roessler)
IBM and Intel push copy protection into ordinary disk drives (John Gilmore)
CERT's ActiveX security report (Richard M. Smith)
Privacy/quality risks in Quicken Online Billing (Clay Jackson)
Credit report lists ex-spouse's address (Beth Roberts)
Wanna know my salary ? (John C Haselsberger)
Re: Spam as a denial of service attack? (Steve Wildstrom)
Armageddon scenario near-miss (Scott Rainey)
RISKS 21.18 Thursday 4 January 2001
Revenge of Y2K, Norwegian trains halted 31 Dec 2000 (Jan L)
7-Eleven unable to process credit cards since 1 Jan 2001 (Steve Hutto)
Y2K+1 bug in Sharp Organizer? (Philip Berman)
Power cut hits hundreds of millions in India (Edelson Doneel)
Repeated computer outages for Swedish bank (Ulf Lindqvist)
Telephone outage caused by water-main break (Glenn C. Lasher Jr.)
Computer blamed for Russian rocket crash (Peter Neumann)
Chinook: key facts ignored by those who want to clear pilots (John O'Connor)
CIOs: "What, Me Worry?" (NewsScan)
Automatic firmware upgrades in home electronics (Andrew Klossner)
Hackers hack science exam (Winn Schwartau)
Re: Seattle Hospital Hacked (Daniel Theunissen)
Re: IBM and Intel push copy protection ... (Patrick P Gelsinger)
Re: IMPORTANT MESSAGE FROM EGGHEAD.COM CEO (Gary Lawrence Murphy)
Re: The risk of a seldom-used URL syntax (Crispin Cowan)
The top 10 privacy stories of 2000 (Richard M. Smith)
Stefan Brands: PKI, digital certificates, and privacy (PGN)
Submission Deadline for USENIX Security Symposium, 1 Feb 2001 (Monica Ortiz)
Call For Papers - RAID'2001 (Giovanni Vigna)
RISKS 21.19 Tuesday 9 January 2001
Security at UK nuclear power stations (Brian Randell)
Re: Revenge of Y2K, Norwegian trains halted 31 Dec 2000 (Bob Dubery)
Motorola flex non-non-non-leap year (Dan Jacobson)
Millennium error in Postscript calendar (Eric Lindsay)
Two satellite failures (Peter B. Ladkin)
Teen intercepts MD's pages, makes medical orders (Terry Carroll)
Dutch Railways to introduce electronic access/ID card (Marcus de Geus)
Risks of "upgrades" and network-centric applications (Jay R. Ashworth)
Re: Chinook (Phil Payne, Ryan O'Connell)
Re: CIOs: "What, Me Worry?" (Mark Hull-Richter)
Re: Egghead.com (Jonathan Kamens, Mark Hull-Richter)
Re: Y2K+1 bug in Sharp Organizer (Philip Berman, Jonathan Kamens)
Re: IBM and Intel push copy protection (David Collier-Brown)
Security white paper (Gene Spafford)
RISKS 21.20 Saturday 13 January 2001
Dell, Unisys and Microsoft -- DUMvoting 1.0! (Gene N Haldeman)
San Francisco Airport radar phantom flights (PGN)
Cell phone in luggage alarms avionics (David Kennedy)
Testimony before the U.S. Civil Rights Commission (Douglas W. Jones)
No human finger will actually pull a trigger... (Daniel P. B. Smith)
Swiss debit-card system broke down (Andre Oppermann)
Subject: Re: The Chinook Crash (Peter B. Ladkin, Mike Beims)
Armchair Chinook RISKS analysis is misplaced (Nathan K. Pemberton)
Since when is Northern Ireland considered a war zone? (Chris Warwick)
Oregon Jurors summoned for 1901 (Aydin Edguer)
Y2K bug in Millennium clock (Mike Palmer)
Re: 54 weeks in a year? ('o-Dzin Tridral, Paul van Keep)
