Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 23.00 (23.97), Volume 23 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest 3 August 2005 Volume 23 : Issue 00 (97) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 23 (7 November 2003 to 3 August 2005) (NOTE: This summary is archived in ftp file risks-23.00 at ftp.sri.com, cd risks, and is also at http://catless.ncl.ac.uk/Risks/23.00.html.) ---------------------------------------------------------------------- Date: 29 Dec 2004 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Mailman can let you subscribe directly: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request@csl.sri.com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. INFO [for unabridged version of RISKS information] .UK users should contact . => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from The full info file may appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks [subdirectory i for earlier volume i] redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: for browsing, or .ps for printing ------------------------------ RISKS 23.00 Subject: SUMMARY OF RISKS VOLUME 23 (November 2003 to ...) (archived in ftp file risks-23.00) RISKS 23.01 Friday 7 November 2003 Credit agencies sending our files abroad (David Lazarus via Paul Saffo) Crypto screwup: Sensitive Israeli missile test inadvertently broadcast (Craig S. Bell) A new risk for electronic voting (Jeremy Epstein) California Halts E-Vote Certification (Kim Zetter via Monty Solomon) Touch screen voting -- like Web site maintenance? (William Nico) Irish Labour Party urges suspension of e-voting until flaws addressed (Patrick O'Beirne) E-ZPass, UPS, and Newark Airport (Susan Landau) Microsoft puts a price on the heads of virus writers (NewsScan) Microsoft patches their patched patches (Robert Bruce Thompson via Dave Farber) Remember those jokes about "if AT&T built cars?" (Daniel P.B. Smith) Duh! an electronic signature! (Geoff Kuenning) Paying employees is not rocket science (Paul Robinson) Another victim of the d__n bad-word filter! (Adam Abrams) REVIEW: "High Integrity Software", John Barnes (Rob Slade) RISKS 23.02 Wednesday 12 November 2003 Eurofighter Typhoon brake fault (Peter B. Ladkin) Computers in cars: "When you add complexity you add risks" (NewsScan) Mail-order price-listing typo cost company over $2 million (Chiaki Ishikawa) New election to be held due to technical glitch (Kim Alexander) Vanishing votes; wireless security experts (Rebecca Mercuri) Fairfax County electronic voting: the saga continues (Jeremy Epstein) Thwarted Linux backdoor (Douglas W. Jones) Talk of wiretaps rattles Hollywood (Bernard Weinraub via Monty Solomon) Update: Fun with stolen credit-card numbers (Jonathan Kamens) Re: SPARK Ada in "High Integrity Software" (Peter B. Ladkin) Re: goto in Slade's review of "High Integrity Software" (Martin Cohen, Andrew Dalke) Marcus Ranum: The Myth of Homeland Security (PGN) REVIEW: "The GSEC Prep Guide", Mike Chapple (Rob Slade) RISKS 23.03 Friday 14 November 2003 Whirled-Wide Web (Bertrand Meyer) TAB operator error in punter's favour (David Shaw) Astonishing electronic voting "glitch" (Steve Summit) The computer is ALWAYS right (Charles Lamb) Re: California halts e-vote certification (David E. Ross) More on Diebold installing uncertified software in California (PGN) Re: A new risk for electronic voting (Steven M. Bellovin) Report raises more questions about voting machines (EPIC) Belkin: Another protocol-violation-to-sell-products risk (Tim Bradshaw) New definition of "Fish 'N Chips" (Jim Schindler) Minnesota CriMNet shutdown (Steven Hauser) FBI's reach into records is set to grow (Monty Solomon) High-tech microscopes expose Americans' private lives (Monty Solomon) A heavily used RISKY website: France Telecom (Peter Kaiser) Holes found in online job search privacy (Brian Berstein via Monty Solomon) Security patching: a story from the trenches (Rex Black) Bank scam with spaces in trick URL (Mark Brader) Computers in cars: "When you add complexity you add risks" (Richard I Cook) RISKS 23.04 Friday 28 November 2003 Sony to recall 550,000 CD Walkman battery packs (Monty Solomon) Amber Alert, Coming to the Inbox Nearest You (Rebecca Mercuri) Southern drawls thwart voice recognition for police (Ken) California to require voting machine receipts and stricter auditing (Steve Bellovin) E-Votes must leave a voter-verified paper audit trail (PGN) Diebold ATMs hit by Nachi worm (Steve Summit) Proposed reason for electronic voting mess (John Bechtel) Re: Astonishing electronic voting "glitch" (Martin Ward) Whois bug at www.tucows.com (Tony Toews) Man arrested wardriving child porn (Walter Roberson) Old Nigerian scam nets $400,000 (Arthur J. Byrnes) In-Security clearance (Name withheld by request) Human Error Leads to AT&T's Anti-Spam Gaffe (Ryan Naraine via Fuzzy Gorilla) Books of Interest: End of the World; Human Factor (Mike Smith) REVIEW: "Practical Cryptography", Bruce Schneier/Niels Ferguson (Rob Slade) REVIEW: "Wireless Security Essentials", Russell Dean Vines (Rob Slade) Re: SANS, GSEC, and Chapple book review (Rob Slade) RISKS 23.05 Wedesday 3 December 2003 Two loose screws killed Disneyland rider (PGN) US railroad uses Wi-Fi to run 'driverless' trains (Lars Kongshem) Nuclear plan shut down by lightning strike (Fuzzy Gorilla) Tanker Truck Shutdown Via Satellite (Fuzzy Gorilla) Microsoft Windows, Auto Edition (Andrew Whitby) What Bill Gates Says About Security (from InformIT) (Dawn Cohen) Another large gas bill (Amos Shapir) UK MoD scraps 130-million-pound computer project (Fuzzy Gorilla) How Much Is Privacy Worth? (Monty Solomon) Government e-mails apparently sent to hairdresser (Neil Youngman) 'Master' and 'slave' computer labels unacceptable, LA officials say (Henry Baker) Security subtleties (identity withheld by request) Man trapped for hours by payphone (Mark Brader) Debian security breach and forensic analysis (Gerrit Muller) Re: Security patching: a story from the trenches (Walter Dnes) Dangerous looking e-mail from quickbooks (Kyle York) Re: In-Security clearance (Peter H. Coffin) Re: Amber Alert, Coming to the Inbox Nearest You (Timothy Knox) Re: Cehck tihs out! (Rodney Hoffman) ANNOUNCE: New mailing list for secure application development, SC-L (Kenneth R. van Wyk) RISKS 23.06 Tuesday 9 December 2003 Electronic car doors trap man in Australian flood, nearly drown him (Tony Healy) New official self-service litigation system available in England/Wales (Tony Ford) Software paraphrases sentences (Justine Roberts) The Eight Fallacies of Distributed Computing (Peter Deutsch via Roger Z) Human Factor? (Dave Brunberg) This number's ready for prime time (NewsScan) Re: Another large gas bill (Tom Hayhurst) Big money on the line, but no source code... (D G Rossiter) Nevada to apply slot-machine security to e-voting hardware? (David Brunberg) Re: Diebold ATMs hit by Nachi worm (Russ Cooper, Elinor Mills Abreu via Lillie Coney) Voter-verified breadcrumb trail? (Dave Brunberg, PGN) Voting machines (William Ehrich) Re: "In-Security clearance" (Eric Dobbs) Re: Real purpose behind In-Security clearance program (Daniel Suthers) Nigerian scams (Ted Lemon) The Internet and the right to communicate (Monty Solomon) The Structure of an Accident (William Langewiesche via Monty Solomon) REVIEW: "Linux Security Cookbook", Barrett/Silverman/Byrnes (Rob Slade) RISKS 23.07 Thursday 18 December 2003 Remote-controlled trains (Bill Tolle) Over-reliance on PowerPoint leads to simplistic thinking (NewsScan) Japan's Mars probe goes off course (PGN) Risk of a test message: Heated Training Session (Patrick Lincoln) Voter information up for grabs (NewsScan) Voting machine maker dinged (Lillie Coney) Convicted felons worked for electronic voting companies (Susan Marie Weber) Re: Diebold ATMs hit by Nachi worm (Drew Dean) Re: Why have electronic voting machines at all? (Russ Cooper) Proper understanding of "The Human Factor" (Don Norman) April Fool's e-mail freed detained kidnapper (Lillie Coney) This number's ready for prime time (Mark Brader) Correction for RISKS-23.06 (Trevor Zacks) Free lunch? Or double-or-nothing? (Rob Slade) REVIEW: "Effective Security Management", Charles A. Sennewald (Rob Slade) RISKS 23.08 Monday 22 December 2003 Railroad accident results from deactivated crossing gates (PGN) Chats led to Acxiom hacker bust (Kevin Poulsen via Monty Solomon) Moderation and Immoderation (PGN) Re: Tragedy of the Commons (Douglas W. Jones) Re: Proper Understanding of the Human Factor (Peter B. Ladkin) Poor writing is the problem, not PowerPoint (Simson L. Garfinkel) Why have electronic voting machines at all? (Finn Poschmann, Sander Tekelenburg) CFP: CyberCrime and Digital Law Enforcement Conference, Mar 2004 (Michel E. Kabay) RISKS 23.09 Tuesday 23 December 2003 Rotorouted New Year's greeting? (PGN) Loss of bus braking due to nearby illegally modified transceivers (Chiaki Ishikawa) "Openness" in Government (Identity withheld by request) GuineTel seeks ways of clamping down on scam fraud (Patrick O'Beirne) AOL now filtering based on whether they like embedded URLs (Stever Robbins) Guilt by technology (Dawn Cohen) Murphy's Law (Mark Brader) Important article on origins of Murphy's Law (Doug Mink) Re: Railroad accident results from deactivated crossing gates (Geoff Kuenning) Re: Proper understanding of "The Human Factor" (Merlyn Kline) Poor writing is the problem, not PowerPoint (Paul A.S. Ward) Re: Diebold ATMs & Nachi worm; you ain't seen nuttin' yet! (Richard I Cook) Re: Diebold ATMs hit by Nachi worm (Tim Panton) Re: Voter information up for grabs (David E. Ross) Re: Online issue of civil claims (Robin Crorie) RISKS 23.10 Tuesday 30 December 2003 Cybercrime more than doubled in 2003 (NewsScan) Reliability of network vulnerability testing is decreasing (Charles Preston) Biometrics: 'Not your father's fingerprints' win out (NewsScan) Pointless "security" (Huge) To Err is Human: Building a Safer Health System (Marc Auslander) VoteHere reports computer break-in (Fredric L. Rice) Re: Voter information up for grabs (Kelly Bert Manning) Re: Why have electronic voting machines at all? (Peter Williams) Electronic voting: social aspects (Andrew o' Baoill) Re: Over-reliance on PowerPoint (Ron Bean) Re: Poor writing is the problem, not PowerPoint (Julian Thomas) An economic argument against PowerPoint (Carson Harding) Re: Railroad accident (John Hines, John A. Stewart, Ed Ravin, Chris Smith, Matthew Delaney, David Cantrell) Re: Loss of bus braking due to nearby illegally modified transceivers (Huge) RISKS 23.11 Tuesday 6 January 2004 Bank of England falls victim as e-mail scams rise by 400% (Keith A Rhodes) Get ready for SPIM (NewsScan) Israeli government suspends purchases of Microsoft software (NewsScan) Input data error on tag transfer causes driver's arrest (Stanley A. Klein) Forget your bank balance? It's available on the Internet (Monty Solomon) Inadvertent use of wireless network (Ben Rosengart) Car-monitoring service allows you to be your own Big Brother (Monty Solomon) Secret ballots the Tel-Aviv University way... (Yaron Davidson) Electronic voting: computer reliability aspects (Bob Axtell) Re: Why have electronic voting machines at all? (Mark Newton) Re: Loss of bus braking due to nearby illegally modified transceivers (Kenji Rikitake) REVIEW: "Disaster Recovery Planning", Jon William Toigo (Rob Slade) RISKS 23.12 Monday 12 January 2004 U.S. FAA warns of EFIS system fault (Peter B. Ladkin) B747-400 Electronic flight displays rendered inoperative (Peter B. Ladkin) Happy 2**30'th birthday, time_t! Now go patch Pro/ENGINEER (Paul Eggert) Danish PM's private communications disclosed by MS Word (Theodor Norup) Anti-spam law enacted -- so what's all this junk in my in-box? (NewsScan) Want chips with that burger? (Jim Schindler) Suing the customers (Joyce Scrivner) Burger King wireless risk (Robert Franchi) AP accidentally distributes celebrity phone numbers (Robert Franchi) 'Unfixable' Word password hole exposed (Brett McCarron) VoteHere there and everywhere (Rebecca Mercuri) More voting snafus in Palm Beach and Broward Counties (Alan Fullilove) Correction re: Australian Voting (Eric Ulevik) Re: Electronic car doors trap man (Ian Mitchell) The dangers of PGN-ing (Simon Hogg) COMPSAC 2004 Call for Contributions (Yuen Tak Yu) EUSPRIG CFP July 2004 Klagenfurt (Patrick O'Beirne) RISKS 23.13 Friday 16 January 2004 Is the F-35 fighter jet is too reliant on foreign software (Lillie Coney) Some rental cars keep tabs on drivers (Dewayne Hendricks via IP) Israeli Post Office break-in (Gadi Evron) Online poll rigging (Keith C. Ivey) Students' data on Web, and NYU. on defensive (Monty Solomon) Bruce Schneier on Orange Alert in Salon (Cory Doctorow via IP) Some .mil and .gov subscribers of Risks Spammed (Dennis G Rears) Errant weather alert (David Kennedy) Moscow ML fails because of time overflow bug (Paul E. Black) Re: Happy 2**30'th birthday, time_t! (Alistair McDonald, Ed Ravin, Massimo Dal Zotto) Re: The dangers of PGN-ing (Peter Riocreux, Huge) E-mail scam attacks AT*T Worldnet (John Reinke) PayPal spoofing (Jacob Palme) Announcement: Third Bieleschweig Workshop (Peter B. Ladkin) RISKS 23.14 Tuesday 27 January 2004 Spirit Rover humbled by classic programming error (Robert Woodhead) New virus infects PCs, whacks SCO (Monty Solomon) Panel reports DoD SERVE System fatally flawed - bureaucrats in denial (Scott Miller) Roadside camera claims car going 406 mph (greep) The risks of naming (Ross Anderson) "Outsourced and Out of Control" (Lauren Weinstein) Pun-intended definitions (PGN) UK data protection laws and the Law of Unintended Consequences (Richard Pennington) Lie-detector glasses, 90% accurate? (Steve Holzworth) DHS protects vendors of anti-terrorism technologies from liability (Jay Wylie) Privacy & security threats in one (Jeremy Epstein) Rob Slade's review of Marcus Ranum's *The Myth of Homeland Security* (Marcus J. Ranum) Proceedings on ... Engineering Principles of System Security ... (Daniel P. Faigin) RISKS 23.15 Monday 2 February 2004 E-mail activity: VaVaVoom MyDoom! (PGN) Risks of virus scanners (Steve Bellovin) AP blames virus transmission on users (Kevin Dalley) US-CERT warns of worm, forgets to mention operating system (Kevin Dalley) More controversy over SERVE Internet voting project (Dan Keating via Lillie Coney) Finally! The Nigerian e-mail scammers caught (NewsScan) Re: Spirit Rover humbled (Paul Czyzewski, Mark Brader, Dan Riley) Re: UK data protection laws and ... Unintended Consequences (Richard Pennington, Dave Harris, Mark Brader) Google targeted by pranksters (Monty Solomon) On paypal and eBay scams (John Sinteur) Postbank spoofing (Talmon) Disciplinary action for teaching someone to use the address bar? (Neil Youngman) REVIEW: "The Hanged Man's Song", John Sandford/John Camp (Rob Slade) REVIEW: "Defense and Detection Strategies Against Internet Worms", Nazario (Rob Slade) RISKS 23.16 Tuesday 3 February 2004 Security holes at DMVs nationwide lead to ID theft and safety concerns (Monty Solomon) Defeating phishing scams (Andrew Rose) A nasty Phishing attempt (Avishai Wool) Another wireless risk (Chris Meadows) Hotel reservation system easily confused (Richard S. Russell) Browsers, online forms, rendering and opt-in marketing (Alistair McDonald) Drunk unlocks police car with own key (Max) Re: Happy 2**30'th birthday, time_t! (Steve Summit) Re: Suing the customers (Paul Robinson) Re: Lie-detector glasses, 90% accurate? (Ron Bean, Peter B. Ladkin) REVIEW: "Biometrics", Woodward/Orlans/Higgins (Rob Slade) RISKS 23.17 Tuesday 3 February 2004 How to Hack an Election (Hendrik) UK: Vital e-crime evidence often destroyed (Iain Thomson via Keith A Rhodes) Security Holes at DMVs Nationwide Lead to ID Theft and Safety Concerns (Monty Solomon) Porn viewers work for hackers (Robin Burke) January clearance sale (Scott Nicol) Re: Spirit Rover humbled (Jim Griffith) A scary thing (Erann Gat) Phishing and a new IE security patch (Sidney Markowitz) MyDoom and SCO (Steve Wildstrom) RISKS actually gets *relatively little* MyDoom Traffic (Chris Smith) Re: Risks of virus scanners (Paul Tomblin, Alan J Rosenthal) Re: The risks of naming (Robert de Bath) Re: Drunk unlocks police car with own key (D. Joseph Creighton, David Hollman) "Loss of Identity" theft (Terry A. Ward) REVIEW: "Kerberos: The Definitive Guide", Jason Garman (Rob Slade) RISKS 23.18 Thursday 12 February 2004 Software bug contributed to blackout (Kevin L. Poulsen) *WashPost* registration expired, newsroom hampered (Bill Hopkins) GM will recall some Chevrolet Corvettes (Monty Solomon) Police face sack in ongoing privacy incidents (NewsScan) Three degrees of outsourcing leads to data disclosure (Ed Ravin) Privatization vs privacy (Friedrich Knauss) TiVo watchers uneasy after post-Super Bowl reports (Monty Solomon) Cable modem hackers conquer the co-ax (Kevin Poulsen via Monty Solomon) Electronic copyrights (Jim Griffith) Opposition to SPF (Ian Jackson) Actually, SPF makes things worse (Markus Fleck-Graffe) Re: Drunk unlocks police car with own key (Crispin Cowan) Microsoft warns of widespread Windows flaw (Robert Lemos via Monty Solomon) 'Mydoom' Creators Start Up 'Doomjuice' (Matti Huuhtanen via Monty Solomon) Re: MyDoom and SCO (Scott Miller) Don't rely on Social Security Numbers -- AGAIN! (Robert Ellis Smith) Re: UK data protection laws ... Unintended Consequences (R M Crorie) An interesting spam-filter risk (Geoff Kuenning) NSF: Science of Design (Sol J. Greenspan via Gene Spafford) RISKS 23.19 Wednesday 18 February 2004 Mississippi voids November 2003 e-vote election for errors (Steve Corrick) Canadian medical tests give reversed results (Danny Burstein) 911 mistake: Wisconsin rescuers go to wrong town; victim dies (David LaRue) Interesting device to steal ATM accounts (Mabry Tyson) Officials Say Mob Stole $200 Million Using Phone Bills (William K Rashbaum via Monty Solomon) Amazon reviewers identified -- as the authors! (NewsScan) Alleged Trojan horse in Israeli anti-ballistic missile system (Gadi Evron) GAO Report Warns of Airline Security Shortcomings (Lillie Coney) GE says blackout bug patched (Kevin L. Poulsen) Strategic planning for VeriSign restart of "Site Finder" (Lauren Weinstein) FTC warning about private no-spam registry (NewsScan) TiVo's privacy policy (Terence Eden) Re: Privatization vs privacy (Aaron) Challenge/Response spam blocking (Thomas Harrington) Social Security number as identity: not secure (Carl Fink) Re: Spirit Rover humbled (Timothy Prodin) Sputnik & garage door openers (Kyle York) Re: SPF and its critics (Lawrence Kestenbaum) Exploiting software (Gary McGraw) RISKS 23.20 Wednesday 25 February 2004 King/Drew patient monitors shut off following 2 deaths (Sheri Alpert) Bug in Windows-operated toilet system (Wendy M. Grossman) Physical security of electronic voting terminals (Tobin Fricke) Chipmakers race to plug the buffer overflow problem (NewsScan) Buffer overflows and Multics? (Tom Van Vleck) An old filtering problem, but worth repeating (Drew Dean) Anti-captcha technique (Lindsay Marshall) Further misdirected on-line trip planning (Mark Brader) Conspiracy Theory: mortgage scams (NewsScan) Osama Bin Laden is not on the no-fly list? (Peter Wayner) MS Java Virtual Machine issue (Ferdinand John Reinke) Garage-door openings by aircraft (John Slimick, Kevin G. Rhoads) Re: Garage-door openers (Peter B. Ladkin) Re: Garage-door openers by Sputnik (Steve Bellovin) Re: Drunk unlocks police car with own key (Adam Laurie) RISKS 23.21 Thursday 26 February 2004 Bar codes for your health (NewsScan) *Computer Weekly*'s campaign against government incompetence (Pete Mellor) Malicious IT design in support of the cold war (Sam Garst) Flaws threaten VoIP networks (Lillie Coney) Fixed-length fields strike again (Robert Israel) Toll Collect doesn't (Peter B. Ladkin) SPF and SRS (Ben Rosengart) Re: Risks of SPF (Peter da Silva) Re: SPF and its critics (Dimitri Maziuk) Theft of Client Information at Israeli Bank's "Information Fortress" (Gadi Evron) Re: Interesting device to steal ATM accounts (Gadi Evron) RISKS 23.22 Monday 1 March 2004 Stolen heart monitor (Nigel Metheringham) Keeping online games honest (NewsScan) 4.6-million DSL subscribers' data leaked in Japan? (via Dave Farber) E-mail robbery, the easy way (Ralf Ertzinger) Solving e-mail problems economically (Peter B. Ladkin) Laptop security (Gadi Evron) "Where did it print?" 1990 version (Daniel P. B. Smith) Buffer overflows and Burroughs/Unisys (Keith Gobeski, Michael LeVine) MS Java Virtual machine (Curtis Karnow) Garage-Door openers; Rapid disassembly of PCS phones (Charles Jackson) Re: Garage-door openers (Michael Kent) Re: Garage-door openings by aircraft (Scott Peterson) Further misdirected on-line trip planning (Bob Heuman) Amtrak Website routing (Richard S. Russell) REVIEW: "Developing Secure Distributed Systems with CORBA", Lang/Schreiner (Rob Slade) RISKS 23.23 Tuesday 2 March 2004 July 2002 air collision revisited (Paul Cox) FBI employee snoops through confidential police databases (Declan McCullagh) Data Protection and an increasingly paranoid world (Matthew Byng-Maddick) When entries aren't screened (Gillian M Brent) Re: Malicious IT design in support of the cold war (Henry Baker, Diomidis Spinellis) MS self-inflicted DDoS (Doug Sojourner) Re: MS Java Virtual Machine issue (Jonathan de Boyne Pollard) Re: SPF and its critics (Greg Bacon) SPF is harmful. Adopt it. (Jonathan de Boyne Pollard) RISKS 23.24 Wednesday 3 March 2004 Risks of Leap Years and Dumb Digital Watches, quadrennial posting (Mark Brader) GAO's latest evaluation of DOD software development practice (James Paul) Trouble with Mars rover Spirit (Erling Kristiansen) RFID tags in new US notes explode when you try to microwave them (Michael Borek) State looks at false bills from AT&T (Peter Howe via Monty Solomon) California e-voting: did programmers even try it? (Joel Garry) Anti-Spam Solutions and Security, Neal Krawetz (Monty Solomon) Legal Mercedes driver jailed for 18 months (Stefan Lesser) Re: Stolen heart monitor (Dave Brunberg) Re: Buffer overflows and VMS (Stanley F. Quayle) Re: Buffer overflows and Burroughs/Unisys (Bill Hopkins) Re: A320 Incident (Peter B. Ladkin) RISKS 23.25 Thursday 4 March 2004 Leap Year Strikes Again (Chuck Weinstock) Pssst, wanna buy a spambotnet? (Rob Slade) July 2002 air collision revisited (Michael Bacon) Damaging consequences of response to password-protected viruses (Vassilis Prevelakis) Spring '04 Sun Outage Notification (starband via Mich Kabay) SPAM Countermeasures (Scott MacQuarrie) Re: RFID tags in new US notes explode when you try to microwave them (Michael Borek responding to Paul Schleck) And Another E-Voting Problem (David Bolduc via Dave Farber's IP) Moseley Braun paper (Peter Zelchenko) Avi Rubin on e-voting after yesterday's primary (Dave Brunberg) Denial of service in criminal justice (Dick Mills) REVIEW: "Hiding in Plain Sight", Eric Cole (Rob Slade) RISKS 23.26 Monday 8 March 2004 U.S. Senate security shenanigans (Kristina Herrndobler via James Bauman) PFIR Conference Announcement: "Preventing the Internet Meltdown" (PFIR) Yet another worm masquerades as Microsoft update (NewsScan) The price of e-mail is constant vigilance (Rob Slade) Firms look to limit liability for online security breaches (Jonathan Krim via Monty Solomon) Smartcards weren't so smart after all, says Target (NewsScan) BBC reports card cloning scam (John Sawyer) An interesting airplane user interface (David Magda) Re: Legal Mercedes driver jailed for 18 months (David Gillett) Extended Call for Papers: Voting, Elections, and Technology (Micah Altman) RISKS 23.27 Tuesday 16 March 2004 DARPA robot race is a bust (NewsScan) Re: DARPA robot race (PGN) Can Software Kill? (Debbie Gage and John McCormick via Dan Scherer) P2P legal defense by separation of content and key? (Brent J. Nordquist) PPI delayed by "computer problems" (Bill Hopkins) Microsoft Word reveals document's author -- again (George W. Harris) Lost e-votes could flip Napa County race (PGN) California voters turned away (PGN) Googling Up Passwords, Scott Granneman excerpt (Monty Solomon) SSL is being severely stressed by phishing expeditions (Alistair McDonald) When is a decimal point not a decimal point? (Darryl Smith) Merger Mania (Mike Albaugh) New twist to social engineering in virus transmission (John Sawyer) Re: An interesting airplane user interface (A.M. Passy) People are not as conservative as some think! (Jonathan de Boyne Pollard) Re: Buffer overflows (Mike Albaugh) 2004 IEEE Symposium on Security and Privacy (Steve Tate) RISKS 23.28 Thursday 18 March 2004 House Panel Slams Federal IT Security (PGN) JFK AirTrain passengers end up at storage yard instead of airport (Tom Lambert) Connecticut automobile emissions tests faulty (Danny Burstein) Diebold Opteva 520 ATM crashes exposing Windows XP Inside! (Scott A. Hissam) The RISKS of Risk Analysis (Michael Bednarek) Anti-spam lawsuit complaints (Monty Solomon) Self adjusting firewalls in Longhorn (Neil Youngman) Death of UK skydiver in Australia (Anthony Youngman) "Special Skills draft" (Geoffrey Brent) Risks of automated pedophilia detection (Nick Brown) Latest e-mail worms use password trick to foil filters (NewsScan) CORRECTION to "SSL is being severely stressed by phishing expeditions" (Alistair McDonald) Re: SSL is being severely stressed by phishing (Isaac Morland, Nelson Minar) Re: When is a decimal point not a decimal point? (John Carlyle-Clarke, Nick FitzGerald) Throwing out the baby with the bathwater: Crypto sigs (Tim Panton) RISKS 23.29 Thursday 1 April 2004 Coincidental Risks -- related to electronic voting systems (Jim Horning) Toyota music-playing robot and possible spinoffs (PGN) April Foolproof: AT&T Alerts Consumers About the Latest Scams (Monty Solomon) Network Solutions' "A Sucker Born Every Minute" Domain Service (Lauren Weinstein) Fraudulent request for bank info (Ken Knowlton) Bridge construction mismatch (Ken Knowlton) Shuttle speed-brake gears installed backwards (Anthony Youngman) Pontiac leap-year bug (Tom Van Vleck) Online student election flaws (James Prescott) Utility employees rig customer survey (Monty Solomon) AOL unveils spam-victim sweepstakes (NewsScan) Wrong number leads to woman's arrest (Monty Solomon) Risks of confusing LAN and WAN rules (Leonard Erickson) Web site devoted to Word documents with unintended strikeouts (Henry Baker) Risks of discarded receipts (Tim Aidley) Exploiting Software: How to Break Code, Hoglund/McGraw (PGN) RISKS 23.30 Monday 5 April 2004 GM recalls Cadillac SRX (Monty Solomon) Firetruck steers itself into tree (Caleb Hess) 800,000 cards overcharged at Wal-Mart stores (Monty Solomon) News24's not-very-restrictive access restrictions (Cody Boisclair) Time records often altered, job experts say (Bob Schuchman) 4.6-million DSL subscribers' data leaked in Japan? (Chiaki Ishikawa) Pilot study of cybercrime against businesses (Michel Kabay) Risks of broadband upgrades (Jeremy Epstein) Too Many Pips! (Andrew Watkins) Fighting back at spam, viruses, etc.? (Neil Youngman) Risks of malicious code in MIDI instruments/robots (Kenji Rikitake) Net hoaxes snare fools all year (Monty Solomon) Re: Bridge construction mismatch (Stephen Poley, Darryl Smith) Re: AT&T Alerts Consumers About the Latest Scams (Pekka Pihlajasaari) Netsky.P and iframe src=??cid variant (Rob Slade) Latest Citibank scam... (Cody Boisclair) Who's in charge of the e-mail virus war, and are we losing? (Steve Summit) Re: Buffer overflows and Burroughs/Unisys (Crispin Cowan) RISKS 23.31 Friday 9 April 2004 Chinooks again (Neil Youngman) Blackout computer failure analysis (Stephen Cohoon) Malware, auto-reply, and non-native languages (Drew Dean) Risks in Google's New "Gmail" Service (Lauren Weinstein) Risks in Network Solutions' domain information masking (Lauren Weinstein) Seeing the Light might just *not* show the right contamination (Bob Heuman) Re: Buffer overflows (Jon A. Solworth) Re: iAPX 432 (Robert I. Eachus) Re: 4.6-million DSL subscribers' data leaked in Japan? (Curt Sampson) Re: News24's not-very-restrictive access restrictions (Curt Sampson) Yet another version of the Beagle social engineering (John Sawyer) REVIEW: "Cybersquatters Beware", Chantelle MacDonald Newhook (Rob Slade) RISKS 23.32 Thursday 15 April 2004 Republicans walk out of Federal hearing on voting machines (Lynn Landes) USB "square" plugs (Henry Baker) Re: Who's in charge of the e-mail virus war ... (Steve Summit) Radar guns, again (Adam Shostack) Wireless hacking (NewsScan) Citibank data compromised without using it? (Art Mellor) Re: Chinooks again (Peter B. Ladkin) REVIEW: "Ethics and Technology", Herman T. Tavani (Rob Slade) RISKS 23.33 Saturday 24 April 2004 University supercomputers attacked by vandals (NewsScan) Risk of automatic updates (Geert Jan van Oldenborgh) Runaway car from hell (Ken Knowlton) Unfortunate MTA behavior (Drew Dean) User interface anecdote, ATMs and voting machines (David Crooke) Global Domination (Lauren Weinstein) Former anti-piracy 'bag man' turns on DirecTV (Monty Solomon) Expecting browser-side code to implement security (Derek Ziglar) MiniDV Firewire connectors (Ron Erwin) Risks of tax-preparation software (Toby Douglass) Re: Cancer treatments and radiation detectors (Rob Slade) Squeezing the pips until they squeak (Andrew Yeomans) Re: Radar guns, again (Derek Ziglar, Sean Sosik-Hamor, Arthur T) Web Sites ignore the law, think it applies only to Federal Government (Bob Heuman) RISKS 23.34 Wednesday 28 April 2004 EFF Pioneer Awards for 2004 Fire trucks collide (Russ Perry Jr) Innocent Brits labelled as crooks (Fuzzy Gorilla) UK firms face weekly attacks (Graeme Wearden via Keith A Rhodes) Quizzed upon sending e-mail (Dan Jacobson) Aussie banking group scales up against 'phishing' (Keith A Rhodes) Sans-serif font hides phishy text (Andrew Collier) Risks of tax-preparation software (Paul D. Smith) Automated Copyright Notice System (Steve Klein) Automotive "black box" data used in trial (Fuzzy Gorilla) Earthlink SpamBlocker (Paul Wexelblat) Re: Unfortunate MTA behavior (Drew Dean) Boy trapped in public bathroom (Fuzzy Gorilla) Re: Runaway car from Hell (Bernard W Joseph, Carl Fink) REVIEW: "Network Security Essentials", William Stallings (Rob Slade) RISKS 23.35 Tuesday 4 May 2004 Computer glitch grounds Atlanta flights (Fredric Rice) TurboTax electronic filing option fails to send AMT Form 6251 (Richard Mason) California bans e-vote machines (Kim Zetter via Monty Solomon) Ireland scraps electronic voting plans (Brent M.P. Beleskey) Sydney trains disrupted by software glitch (John Colville) Self-referential Patriot Act suppression of law suit (PGN) Millions of lost revenue from faulty speed cameras (Bertrand Meyer) Sasser worm is latest threat (NewsScan) Antivirus software prolongs viral life (Geoff Kuenning) Sasser eyed over train outage (NewsScan) New identity-theft scam (Geoff Kuenning) Gas explosion creates confidential litter (Sarah Hollins) Hybrid vehicles may be hazardous to rescuers' health (Joe Thompson) TCP, BGP, DoS, and BS (Rob Slade) Florida sues AT&T for billing errors (Frank Carey) Re: Traffic Signal Controllers (Jay R. Ashworth) FREEDOM 2.0, Washington, DC, 20-22 May 2004 (EPIC) REVIEW: "Non-Repudiation in Electronic Commerce", Jianying Zhou (Rob Slade) RISKS 23.36 Friday 7 May 2004 Computer glitch gives out free gasoline (Jack Christensen) U.S. blunders with China, Iran keyword blacklist (Declan McCullagh) Risks of prisoner abuse vs. digital cameras (Lauren Weinstein) Auto-Blacklisting is a bad idea (Drew Dean) Re: Computer glitch grounds Atlanta flights (Tron Smith) Corrupted virus definition load blocks re-load (George Michaelson) Antivirus software prolongs viral life (Matthias Heiler) Challenge/response standards (Brent Laminack) Aus vs. Swiss speeding (Ivan Reid) Re: ... lost revenue from faulty speed cameras (Anthony Youngman, Michael Smith, Bertrand Meyer) MDT and a Fatal accident: a possibility? (Nick Lindsley) RISKS 23.37 Tuesday 18 May 2004 Las Vegas monorail delayed due to computer glitch (Chuck Weinstock) False Positive Risks (John Lettice via R.G. Newbury) 'Blue Screen of Death' on hotel TV screen (Henry Baker) New UK Driving Licence puts Identity at risk (Adam Laurie) Forrester speeds up timeline on white-collar offshoring (NewsScan) Researchers find WiFi flaw (NewsScan) Sasser creator turned in for the reward (NewsScan) German Toll-Collect announces another delay... (Debora Weber-Wulff) Listen to your CPU and break RSA? (Gadi Evron) Banks don't understand phishing social risks (Samuel Liddicott) Fines reimbursed, drivers reinstated; faulty speed camera (Bertrand Meyer) Re: Hybrid vehicles may be hazardous to rescuers' health (Stephen Fairfax) Re: Auto-Blacklisting is a bad idea (Kyler Laird) Formal Methods for Industrial Critical Systems CFP (Diego Latella) RISKS 23.38 Thursday 27 May 2004 Paris Airport collapse: Analogy collapses (Marshall D Abrams) FBI fingerprint screwup: Brandon Mayfield no longer a suspect (PGN) GAO looked at DoD and off-shored software (James Paul) So what's new with Pittsburgh Verizon DSL (David Farber) The lighter side of electronic voting (Jason T. Miller) Florida law bans deceptive subject lines in e-mail (NewsScan) Spam being rapidly outpaced by 'spim' (Nico Chart) Another method of password theft (James Renken) Window smashed, data lost (David Lazarus via Monty Solomon) Spamming the referrer logs (Diomidis Spinellis) And a Mac Sniffer in a Pear Tree ... (Paul Kedrosky via Dave Farber) Speed cameras: fines refunded, licenses restored (Stuart Lamble) Re: Radar Gun Follies (Chris Meadows) Re: New UK driving licence puts identity at risk (Chris Malme) Re: Challenge-response is a bad idea (Jonathan de Boyne Pollard) REVIEW: "Beyond Fear", Bruce Schneier (Rob Slade) RISKS 23.39 Friday 28 May 2004 Air Force radios jamming garage-door openers in FL Panhandle (Paul Wexelblat) Boa triggers blackout in Honduras (M. Barnabas Luntzel) Online satire reported as truth (Jean L. Palmer) *Reason Magazine* custom covers (Charles Shapiro) New GAO Report on Government Data Mining (Barry Steinhardt via Dave Farber) Coming Soon: A Cellphone Directory (Jube Shiver Jr. via Monty Solomon) Maryland governor signs tough anti-spam law (Andy Sullivan via Monty Solomon) The Fight Against Spam, Part 3 (F.J. de Kermadec via Monty Solomon) Now, two-thirds of all e-mail is spam (Bob Sullivan via Monty Solomon) Poor fallbacks on automated systems (Geoff Kuenning) Re: Ireland scraps electronic voting plans (Erling Kristiansen) 'Pirate Act' raises civil rights concerns (Declan McCullagh) Re: New UK driving licence puts identity at risk (John Sawyer) Crash data recorders in cars (Fuzzy Logic) Re: FBI fingerprint screwup (Scott Miller) Risks of believing in testing, Re: GAO report (Chris Jewell) Re: Another method of password theft (A J Stiles) Banks don't understand phishing social risks (Michael Bacon) REVIEW: "The Teeth of the Tiger", Tom Clancy (Rob Slade) RISKS 23.40 Thursday 3 June 2004 Problems due to misfiled fingerprints (PGN) Building the A380: Just Like Software (Rex Black) eVoting standards and testing (Rebecca Mercuri) Re: Risks of believing in testing (Ken Knowlton, Spencer Cheng) Users, learning from history, social engineering, planning (Gadi Evron) Detectives follow the money trail to tackle spam (NewsScan) Are passwords passe'? (NewsScan) Re: Boa triggers blackout in Honduras (Ralph Barone) The lighter side of electronic voting (Marcus L. Rowland) Re: New GAO Report on Government Data Mining (Robert I. Eachus) Data Mining: Federal Efforts Cover a Wide Range of Uses (Monty Solomon) Daft security questions (Ian Chard) RISKS 23.41 Thursday 3 June 2004 Computer breakdown in England affects air traffic (Debora Weber-Wulff) Privacy and Security Risks in Rampell's E-Mail Surveillance Service (Lauren Weinstein) France Telecom voice mail espionage (David F. Gallagher) USB risks (Gadi Evron) Whom do I tell? (Jerry James) An anatomy of a PGP Joe Job (Gadi Evron) Netgear/UWisc NTP mess (Hal Murray) Selling Web bugs (Neil Youngman) Re: Spam being rapidly outpaced by 'spim' (Gadi Evron) RISKS 23.42 Saturday 19 June 2004 Whose Data Is It, Anyway? (Matt Silberstein) E-mail needs a makeover (NewsScan) India's outsourcing business in trouble (NewsScan) Autorun considered evil (Peter da Silva) Stuck between the 2G and 3G networks (Henry Skoglund) Verity K2 is data mining? (Aahz) HTML Mail-readers (Mike Albaugh) Re: Risks of believing in testing (David Crocker, Peter B. Ladkin, Fred Cohen) Re: Daft security questions (Brian Reynolds, Lou Katz, Antonomasia) British ATC slowdown (Peter B. Ladkin) RISKS 23.43 Monday 28 June 2004 AOL worker sold customer list for spam, US charges (via Monty Solomon) Swedish social insurance computers disabled by virus (Peter Hĺkanson) Terror over Internet Protocol? (NewsScan) Canada's largest bank has "processing disruption" (Yves Bellefeuille) PFIR "Preventing the Internet Meltdown" Conference Info Online (Lauren Weinstein) Attacking the attackers: maybe not a good idea (NewsScan) Shocking laptop horror stories (Aahz) Hacker hits South Korean defense (NewsScan) /Not/ keeping security information up to date (TFB) Wyoming woman arrested on false federal charges (Dirk the Daring) Exploding vending machine emits phosgene gas (Cheryl Hoefelmeyer) Irresponsible traffic announcement (Steve Friedman) Who am I? (Erann Gat) Re: Autorun evil? (Thomas Wicklund) Risks of testing (Thomas Wicklund) Re: Whom do I tell? (Chris Brand) REVIEW: "Security Warrior", Cyrus Peikari/Anton Chuvakin (Rob Slade) RISKS 23.44 Saturday 3 July 2004 Acting Now to Prevent the Internet Meltdown (PGN) Court rules e-mail eavesdropping okay (NewsScan) Fed. Court Rules No Privacy For E-Mail Passing Through ISP Servers (Lauren Weinstein) Florida Felon list is wrong, wrong, wrongity wrong (Danny Burstein) Israeli Police losses laptop with critical agents information (Gadi Evron) DC Metro discovers flag-day issues with changeover in payment systems (Joe Thompson) Coca-Cola Cans as Security Threat (Jack M Dominey) Pharmacists worry about drug vending units (Daniel P. B. Smith) RFID could cost 4 million jobs by 2007 (NewsScan) Barclays Bank of Zimbabwe suffers data theft (Bob Heuman) French authority forbids "DIDTHEYREADIT?" service (Bob Heuman from NewsScan) Web service maps tax codes to ID info (John) Re: Attacking the attackers: maybe not a good idea (Nick Brown, Curtis Karnow) REVIEW: "Exploiting Software", Greg Hoglund/Gary McGraw (Rob Slade) RISKS 23.45 Saturday 10 July 2004 $500 million and counting (Tom Gray) Keyless remotes to cars suddenly useless (Paul Saffo) Stolen: one-third of the world's software (NewsScan) Obstacles to Net phone service (NewsScan) Zinc whiskers (Craig S. Bell) Friends don't let friends use Microsoft Internet Explorer (Tom Van Vleck) Bev Harris crusades to expose e-voting flaws (Fredric L. Rice) E-voting concerns (NewsScan) Perils of Database Matching, Chapter 47,061 (Paul Wallich) Private-sector firm maintains dossiers in U.S. (David Marston) Re: Web ads threat to bank security (Rich Kulawiec) E-mail non-privacy is a good decision! (Craig DeForest) VoIP hacks gut Caller I.D. (Monty Solomon) Using google against google (Peter Parker) Re: Coca-Cola Cans as Security Threat (Nick Brown) REVIEW: "Network Security Jumpstart", Matthew Strebe (Rob Slade) RISKS 23.46 Thursday 29 July 2004 *Chicago Tribune* computer meltdown (J H Haynes) Balloon stuck over Baltimore, risk of automatic shutdowns (Dave Provine) NASA space station software repairs (James Paul) Laptops at the FleetCenter at risk of breaches, attack (Hiawatha Bray via Monty Solomon) Censorware deletes Japanese city (John S. Karabaic) Using Google against Google! (Peter Parker) Court Opens Door To Searches Without Warrants (Monty Solomon) Risks of ordinary GUI "pop-up" windows? (Daniel P. B. Smith) Windows XP SP2 Installation Failures () Should we trust them? (Bruce Sinclair via Dawn Cohen) Citibank 'sorry' for current account difficulties (Patrick O'Beirne) Citibank assists scammers (Keith Gregory) Cosmic ray hits Brussels election - really? (Dirk Fieldhouse) Florida faces vote chaos in 2004, Commission hears (Fredric L. Rice) Lost Record '02 Florida Vote Raises '04 Concern (Joe Shead) Counting error on SMS poll evicts wrong contestant from 'Big Brother' (George Michaelson) California Online Privacy Protection Act (Monty Solomon) iPod security (Paul Wexelblat) Re: E-mail nonprivacy (David Cantrell) Re: Keyless remotes to cars suddenly useless (Chuck Charlton) Re: "Stolen:" one-third of the world's software (Pascal J. Bourguignon) Update: DC Metro flag-day issues (Joe Thompson) REVIEW: "The Sundering", Walter Jon Williams (Rob Slade) RISKS 23.47 Monday 2 August 2004 Computer Failure Grounds and Delays Flights on 2 Airlines (Monty Solomon) E-voting critic issues challenge to hackers (PGN) VoIP -- Voyeurism over Internet Protocol? (NewsScan) Russian extortionists: each did his bit of work (NewsScan) The Mr Micawber Syndrome (Michael Bacon) Implementing Information Security: Risks vs. Cost (Gideon T. Rasmussen) Re: Cosmic ray hits Brussels election -- really? (Peter B. Ladkin, Dirk Fieldhouse, Sergio Gelato) REVIEW: "Official [ISC]^2 Guide to the CISSP Exam", Hansche et al. (Rob Slade) RISKS 23.48 Monday 9 August 2004 Kolwicz kicked out for submitting real election tests (via Susan Marie Weber) Image flaw pierces PC security (Keith A Rhodes) Windows Buffer Overflow Protection Programs: Not Much (Paul Robinson) Security Cavities Ail Bluetooth (Kim Zetter via Monty Solomon) Emoticon-interpreters create risks in instant messaging services (Dale Hawkins) First malicious program aims for handhelds (Keith A Rhodes) Two more Canadian Banks with computer software screwups (Bob Heuman) Top Australian banking sites vulnerable (NewsScan) Cable giants seek to dominate VoIP (NewsScan) Another airline outage (Jeremy Epstein) Two Million Scans Uncover 55 Million Instances of Spyware (Monty Solomon) Memory error paper (Laurent Guerby) Risks of automated calling systems (Jeremy Epstein) Internet voting in The Netherlands update (Joseph Kiniry) Re: The Mr Micawber Syndrome (Fernando Pereira) Re: Stolen: one-third of the world's software (Jurek Kirakowski) REVIEW: "Software Forensics", Robert M. Slade (Rob Slade) RISKS 23.49 Friday 13 August 2004 U.K.: Don't smile for your passport picture! (PGN) Gloria Estefan performance in Dallas canceled due to computer crash (Ben Moore) Airport Express crypto broken by DVD Jon (Cory Doctorow via Monty Solomon) Buffer Overflow in "I'm Away" feature of AOL Instant Messenger (Paul Robinson) Windows Buffer Overflow Protection Programs: Not Much (Paul Robinson) Obion County Tennessee vote counting problems (Jeremy Epstein) Drivers let Big Brother in to get a break (Kevin Maney via Monty Solomon) DidTheyReadIt operations and security concerns (Rob Slade) Risks of ordinary GUI "pop-up" windows? (Cody Boisclair) REVIEW: "Stealing the Network: How to Own a Continent", Ryan Russell (Rob Slade) RISKS 23.50 Thursday 26 August 2004 Sequoia's new paper audit trail voting systems (PGN) New Mexico votes lost in 2000 (Jeremy Epstein) Mac Year 2004 bug (Tom Van Vleck) Ford dumps Oracle system after four years of trouble (Lindsay Marshall) Don't get stuck in the dark: a year later (Jeff Jonas) U.S. air travel without government identification (Dan Wallach) U.S. military sites offer a quarter million Microsoft Word documents (Diomidis Spinellis) The GTS Katie - A risk of privatization or outsourcing (Joshua Newman) Fire engine startup risks (J.D. Baldwin via Gary G. Taylor) Google as back door for pay-per-view information (Sergei Lewis) Network vandals face prison sentences (NewsScan) "EXIT" signs too high (Henry Baker) Re: U.K.: Don't smile for your passport picture! (James Moyer, Michael Bednarek) Re: Airport Express crypto broken by DVD Jon (Marshall Clow) REVIEW: "Computer Security for the Home and Small Office", Thomas C. Greene (Rob Slade) RISKS 23.51 Tuesday 31 August 2004 NASA Spirit nearly done in by DOS (Hank Nussbacher) Sum of a Glitch (Bev Harris via David Chessler and Dave Farber's IP) The case of the screaming telephone (Debora Weber-Wulff) The toll collection hassle in Germany (Debora Weber-Wulff) Website offers CNID falsification service (Kevin Poulsen via Monty Solomon) Rick Broadhead's Dear Valued Customer (Amit Asaravala via Monty Solomon) Canvas expiration 'bug': *not* a Mac OS issue (Matt Gough via Bob Grant) Accounting software number issues (Darryl Smith) Another animal-caused power interruption (Geoffrey Brent) Privacy concern over Australian e-mail law (NewsScan) Lack of sanity checking in Web shopping cart software (Richard Kaszeta) Correction to New Mexico, Florida, Bush & Gore (Jeremy Epstein) REVIEW: "Know Your Enemy", Honeynet Project (Rob Slade) RISKS 23.52 Thursday 9 September 2004 Shutting the train door before the commuter has bolted? (Michael Bacon) Illinois Secretary of State computer outage (J H Haynes) Overcomputerization enlightenment (Joseph A. Dellinger) More ID theft, via laptop (David Lesher) Missouri vote-by-fax (PGN) E-voting in Nevada (NewsScan) Diebold GEMS central tabulator contains a stunning security hole (Bev Harris via EEkid) Using a paper trail to verify electronic voting machine results (Diomidis Spinellis) Election verification in Venezuela (Peter B. Ladkin) ATMs offer too much information (Brendan Kehoe) Risk of using open forums for disaster recovery (Espen Andersen) Re: NASA Spirit nearly done in by DOS (Gene S. Berkowitz) REVIEW: "Security Assessment", Greg Miles et al. (Rob Slade) RISKS 23.53 Thursday 16 September 2004 Two human errors silenced Los Angeles area airports (Ben Moore, Keith Price, Kent Borg) Korean Airport subject to hackers, viruses, worms, etc. (Bob Heuman) Homeland Security Science&Technology BAA and Industry Day (Douglas Maughan) Registration 'nightmare' at UMass (Monty Solomon) Robert Heinlein Does it Again! Re: e-voting (Paul Robinson) E-Voting in Nevada (NewsScan) Electronic voting in Canada (Richard Akerman) Maryland rules against opponents of e-voting machines (NewsScan) Washington State primary and voting machines (Paul A Below) Order of names on electronic ballot (James Meade) Re: Shutting the train door before the commuter has bolted (Nick Brown) Wired: Pentagon revives memory project (Joe Shead) Re: More ID theft, via laptop (F. Barry Mulligan) Updating the Screaming Telephone (Debora Weber-Wulff) Re: German TollCollect System (Debora Weber-Wulff) Re: German unemployment system (Debora Weber-Wulff) Re: U.S. air travel without government identification (Kathy Gill) RISKS 23.54 Saturday 25 September 2004 Stupidsecurity (Richard Forno via Dave Farber) Tests show cell phones don't disrupt navigation systems (NewsScan) Railroad signal failure (Chuck Weinstock) Breach Security, Inc. offers just that (Olin Sibert) E-Vote Fears Soar in Swing States (wired.com via Monty Solomon) Some times, new ideas are not good ideas (David Lesher) Internet attacks jump significantly this year (NewsScan) Don't worry about security holes ... (George Michaelson) Re: LA ATC Failure (Paul Cox) Re: 49.7 day "overloaded with data" in Los Angeles (John Dallman) Nose-steered mouse (James Garrison) Java programs at risk from decompilers (Fiachra O'Marcaigh) REVIEW: "Systems Reliability and Failure Prevention", Herbert Hecht (Rob Slade) RISKS 23.55 Thursday 30 September 2004 Federal Judge Strikes Down Part of PATRIOT Act (CDT via Monty Solomon) Nationwide Radio Shack outage (George Coulouris) Georgia's computer systems down for 16 hours (Bob Harbort) Voter-verified paper trails vs. Internet voting (Lauren Weinstein) Swiss tout success of Internet-voting test (NewsScan) Dutch Internet elections (Erling Kristiansen) Gov. Schwarzenegger signs CA paper trail bill into law (Kim Alexander) JPEG/GDIplus vulnerability (Rob Slade) Realtime keyword voice recognition... not just for the NSA anymore (Danny Burstein) Software that knows your every move (Burt Helm via Monty Solomon) The risks of zero feedback (Ian Chard) Free ISPs safe? (Dan Jacobson) Fraud e-mail detector risks (Danny Lawrence) Re: Java programs at risk from decompilers (Steve VanDevender) RISKS 23.56 Tuesday 12 October 2004 VP Cheney shoots himself in the foot, URL-wise (Jim Griffith) Sabotage-induced power outage in Wisconsin (Sami Saydjari) Virus disables Colorado DMV for nearly a week (Brad Hill) Navy battle software unsafe (PGN) Runaway Renault risks (Alistair McDonald) Fire engine startup risks (Stephen Fairfax) Customs and Excise electronic returns (Ben Laurie) Power company sent too high voltage to customers (Jacob Palme) Terror alert from a "honey-pot"? (Bob Harbort) Glitch opens access to kids' records (Colleen Jenkins via Monty Solomon) Social security breach on Utah State University campus (Bob Heuman) Outsource firm sues in India (Karl Schoenberger via Monty Solomon) Internet voting (Martyn Thomas) Spam that asks you to delete it (Geoff Kuenning) Not all buffer overflow exploits are necessarily bad (Paul Robinson) Say goodbye to broken links (NewsScan) RISKS 23.57 Monday 25 October 2004 Nonexistent URL in comic strip leads to pornocopia (Conrad Heiney) Fictional, but far too plausible (Paul Robinson) Critical infrastructure cybersecurity risks (PGN) South Korea vulnerable to cyber attacks from North (NewsScan) Maryland Motor Vehicle Admin disabled (Pete Carah) Cybersecurity largely ignored by individual users (NewsScan) Tourist concerns: war, terrorism, computer problems (David Magda) TV emits international distress signal (Mike Hogsett) Is Windows up to snuff for running our world? (Richard M. Smith) Of mice, snakes, and wiring (Brian Clapper) Descent from privacy: a 'slippery slope' (NewsScan) A LAME PHISHING ATTEMPT: Please confirm your account (F.J. Reinke) Do vendors read their own security policies? (Vassilis Prevelakis) World Bank Technology Risk Checklist (Gideon T. Rasmussen) What the world needs is more lawyer-bots (NewsScan) Pre-election hanky-panky in Ohio (PGN) Re: Internet voting (Ray Todd Stevens) RISKS 23.58 Thursday 4 November 2004 Some thoughts on the 2004 U.S. election process (PGN) Touchscreen voting spawns glitches (NewsScan) Preferential voting software breaks down in San Francisco (PGN) Clocks set back a week too early (Dave Stringer-Calvert) Nuclear Regulatory Commission lab info on Web (Dave Brunberg) Battlefield Robotics are risk to the world public (Edward G. Nilges) Spyware epidemic threatens to stall computer industry (NewsScan) Swedish Hospital forces persons to change names (Peter H) Election candidates' web pages hacked during Finnish election (Erka Koivunen) Re: Internet voting (Hamilton Richards) Address-form glitch proves an easy scam (Gabe Goldberg) Re: TV emits international distress signal (Steve Summit) Re: Is Windows up to snuff for running our world? (Atom 'Smasher') Re: Do vendors read their own security policies? (jmeissen) RISKS 23.59 Monday 8 November 2004 New Standards for Elections (NYT editorial summarized by PGN) Some 2004 voting anomalies (PGN) Bidding up prices on online auctions (NewsScan) Identities stolen in seconds (Timothy L. O'Brien via Monty Solomon) Pirates see video games before paying customers do (NewsScan) Music industry on the wrong course (NewsScan) Cahoot online banking security issue (Nik Barron) Westpac Internet Banking problems (Tim Chmielewski) Banks and their marketing/PR departments (Henk Langeveld) Re: TV emits international distress signal (John Levine) Re: Clocks set back a week too early (Martin Hepworth, Mike Causer) Re: Is Windows up to snuff for running our world? (Ron Bean) Re: Battlefield Robotics are risk to the world public (Geoff Kuenning) Book on malicious cryptography (J.H. Haynes) RISKS 23.60 Saturday 27 November 2004 Another telco equipment theft (David Lesher) The coming catastrophe in German social services (Debora Weber-Wulff) BMW series 5 disables Dynamic Stability Control and ABS (Stefan Lesser) Business risks of software development (Peter B. Ladkin) Recent fiasco with computer system at Child Support Agency (Pete Mellor) Software is no substitute for thought: yet another instance (Robert Allan Zeh) Wanted by police: a few good icons... (David Lesher) Texas officials wary of plan to hunt by Internet (Arthur Goldstein) Whites Only websites? (Dan Jacobson) Re: Battlefield Robotics are risk to the world (Edward G. Nilges) Increasing sophistication of phishing spammers (Dan Wallach) Scott Sagan: The Problem of Redundancy Problem (PGN) REVIEW: "WarDriving: Drive, Detect, Defend", Hurley/Thornton/Puchol (Rob Slade) Computers, Freedom & Privacy Conference 2005, Call for Proposals (Bruce R Koball) RISKS 23.61 Wedesday 8 December 2004 Group urges Government to focus on cybersecurity (NewsScan) UK "Government department wiped out by IT upgrade disaster" (Bob Heuman) Cyberspace activism (NewsScan) "Midway scare is blamed on glitch" (D. McKirahan) Defibrillator maker issues recall, goes out of business (Caleb Hess) Exploding cell phones (PGN) Air Traffic Control blacked out by rodent (D. Joseph Creighton) 'Virus-throttle' software from HP (NewsScan) E-mail notification (Drew Dean) When e-commerce and poor translation meet... terrorism? (Harry Neumann) Job posting follies (Stephen Cohoon) Re: New Standards for Elections (Atom 'Smasher') Re: new standards for elections; voting anomalies (J.E. Cripps) More on the electoral process (J.E. Cripps) Voter touch-screen no good? Here's a pen! (Joel Garry) Re: Is Windows up to snuff for running our world? (Sander Tekelenburg) Deworming the Internet: addressing computer security market failure (Douglas Barnes) RISKS 23.62 Tuesday 21 December 2004 Flaw in Google's New Desktop Search Program (John Markoff via Jim Schindler) A chess-playing "bankomat" (Lothar Kimmeringer) GPS Shutdown "during national crisis" (Jim Youll, Atom 'Smasher') French motorist obeys GPS navigation, makes U-turn into traffic (Peter G Capek) Colorado welfare system computer problems (Mike A) Automated medication worse than the disease? (NewsScan) Strange S&P numbers (Dawn Cohen) Judge slams spammers with $1-billion judgment (NewsScan) Unintended effects of RFID devices (Paul Wallich) Medical records-sharing in Massachusetts (NewsScan) Satellite TV broadcast pirated (Erling Kristiansen) Live television banner hacked (Matthew Schie) ATM spits out Canadian Tire "money" (Paul Schreiber) New browser vulnerability targets non-IE models, too (NewsScan) Re: When e-commerce and poor translation meet... terrorism? (Ulf Lindqvist) Re: Is Windows up to snuff for running our world? (Ben Galehouse) Re: More on the electoral process (D.F. Manno) Screensaver tackles spam websites (Amos Shapir) Freeze on anti-spam campaign (Amos Shapir) Re: ACM Needs Your Feedback (James Garrison) Increasing sophistication of phishing spammers (Jonathan de Boyne Pollard, Dan Wallach) RISKS 23.63 Sunday 26 December 2004 Patients not notified due to computer glitch (Jim Bruce) Comair cancels all flights 25 Dec (Jeremy Epstein) Restarting a reactor with a flawed part (Ken Knowlton) Wrong braking algorithm causes trains to overrun stops (Mark Brader) Banksys solves cash card mystery (David Kennedy) Y2K? Never heard of it... (Dag-Erling Smřrgrav) The new NASA calendar (Tom Nimitz) Flaw in Google's New Desktop Search Program (John Markoff) Windows into the world (Monty Solomon) The Graphing Calculator Story (Ron Avitzur) Why adding more security measures may make systems less secure (Don Norman) Re: GPS Shutdown "during national crisis" (Pat Place) Re: Unintended effects of RFID devices (cogg) Re: Strange S&P numbers (Dawn Cohen) Re: Whites Only websites? (Jonathan de Boyne Pollard) Software Engineering for Secure Systems: SESS05 (Gene Spafford) REVIEW: "Network Security Hacks", Andrew Lockart (Rob Slade) RISKS 23.64 Tuesday 28 December 2004 New Year's Privacy Resolutions (Marc Rotenberg) Tsunami: Natural Disaster Imminent: Whom to tell? How? E-mail! (Dan Vergano via Harry Crowther) "April Fools and Ho-Ho-Ho" Combo (James Bauman) More on computer glitches and laboratory result reporting (Robert L Wears) Cell phones for eavesdropping - finally some public "chatter" (Gadi Evron) T-Mobile Cripples the Blackberry (Jason D. O'Grady via Monty Solomon) Did a 16-bit counter shut down Comair? (Dan Foster via Richard M. Smith) Re: Y2K? Never heard of it... (Scott Nicol, Ray Blaak) Re: Pirates, Automeds (Charles Jackson) Re: Why adding more ... may make systems less secure (R. Geoffrey Newbury) Re: RFIDing babies (Ray Todd Stevens) RISKS 23.65 Tuesday 4 January 2005 Tsunami: natural disaster imminent? (Harry Crowther) Tsunami warnings and spam (Geoffrey Brent) New Year's Privacy Resolutions (Bernard Peek) A deaf Hubble...? (David Lesher) Missile interceptor doesn't even leave its silo (Vassilis Prevelakis) Two German projects: Toll and Dole (Debora Weber-Wulff) The effects of mistaking left- for right-fill (Jan Vorbrüggen) Ars Team Prime Rib finds fourth-largest prime number ever (Monty Solomon) Walgreen Overcharges, Reimburses Customers (Monty Solomon) Thieves take brain remote control (Charles Williams) Year Zero of Length Zero (Sam'l Bassett) Re: Cell phones for eavesdropping - finally some public "chatter" (Bill Stewart) Re: RFID'ing babies (Jerry Leichter) REVIEW: "High Tech Crimes Revealed", Steven Branigan (Rob Slade) RAID: Recent Advances in Intrusion Detection (Deborah A. Frincke) 30 Joint CS & CE conferences in Las Vegas, 20 Jun 2005 (H.R. Arabnia) RISKS 23.66 Friday 14 January 2005 A Comedy of Errors (Leslie Lamport) 30,000 personal records stolen in GMU server compromise (James Bauman) New FBI software not usable (NewsScan) Wal-Mart Stung in $1.5 Million Bar-Code Scam (Evan Schuman via Monty Solomon) Attack on T-Mobile (NewsScan) Risks of /pseudo-?/random alphanumeric generation (Joe Thompson) Risks of lenient parsing (Jim Horning) Heisenberg at work? Ranking cardiologists (David Lesher) Ticket not in computer system: your insurance rates may increase (Joyce Scrivner) eBay open invitation to phishing scammers (Thomas L. Jones) Honest, General, it was only a little glitch (Jeremy Epstein) Microsoft AntiSpyware beta - quick review (Rob Slade) Re: Why adding more security measures may make systems less secure (Ron Bean) Re: New Year's Privacy Resolutions (Erling Kristiansen) REVIEW: "Net Crimes and Misdemeanors", J. A. Hitchcock (Rob Slade) RISKS 23.67 Monday 17 January 2005 Loss of data from Huygens Probe (John Murrell) 130 most common bugs -- and counting (Peter Ludemann) Cellery worm plays games with victims (NewsScan) Hollywood Sign Security (Bruce Schneier) Problems with Chicago-area toll road transponders (jhhaynes) GPS used to arrest snowplow driver (David Tarabar) Re: A Comedy of Errors (Rex Black) Yet another route map software problem (Nick Brown) MapPoint explains Vikings? (Adam Shostack) Re: Risks of lenient parsing (Doug McIlroy, Walter Roberson, Roger Burton West, Jonathan Kamens, Russell Smiley, Sander Tekelenburg) Copyright and reverse engineering (Rob Slade) Re: High Tech Crimes Revealed" (Steven Branigan) Re: A Kafka day at the Los Angeles traffic ticket office (Paul Robinson) RISKS 23.68 Wednesday 26 January 2005 Risk Analysis and the War on Terrorism (Curt Sampson on James Fallows) FBI axes Carnivore, eats investment (NewsScan) E-waste is piling up (NewsScan) Drug histories exposed (PGN) A-List Jury (Howard M Israel) A-Train in New York City disabled (Ken Knowlton) F/A-22 crash (Peter B. Ladkin) Figure this out: system configuration (Lindsay Marshall) HTTPS .ne. secure (Jeremy Epstein) No e-mail return address (Louise Pryor) PayPal contradicting its own security advice (Tim Huckvale) Re: eBay open invitation to phishing scammers (Drew Dean) REVIEW: "Outsourcing Information Security", C. Warren Axelrod (Rob Slade) REVIEW: "Degunking Your Email, Spam, and Viruses", Jeff Duntemann (Rob Slade) RISKS 23.69 Tuesday 1 February 2005 'Thief-proof' car key cracked. What, already? (Chris Leeson) Incredible Hulk No-Coaster (Frank Carey) Tiger triggers the car window? (Wendell Cochran) Search engine risks (Marcos H. Woehrmann) German Toll Collect - an exercise in Graph Theory (Debora Weber-Wulff) It's a feature, not a bug! The saga of the German dole continues (Debora Weber-Wulff) Oops: 'Can Spam Act' seems to be no-can-do (NewsScan) The joys of auto-complete (Thom Kuhn) Panix.com domain name hijacking (Cyrus R Eyster) Are *you* on a list of aggressive drivers? You could be, if I say so! (Dawn Cohen) Most identity theft occurs offline (NewsScan) Grocery store robot scanner a royal pain (Mark Rockman) American Express or Phishing? (John Pettitt) Re: HTTPS .ne. secure (Robert Ellis Smith) 'Hot' URLs in e-mail (Jay R. Ashworth) REVIEW: "Open Source Security Tools", Tony Howlett (Rob Slade) RISKS 23.70 Wednesday 9 February 2005 Off-by-one error: Evacuate the entire state! (Howard M Israel) Food via inkjet printer (Joyce Scrivner) An example of vulnerable OS creating havoc in new/unexpected locations (Karl Klashinsky) What's Bugging the High-Tech Car? (Tim Moran via Howard M Israel) Zuerich Main Railway Station Outage (Peter B. Ladkin) Supermarket: Let your fingers do the paying (Monty Solomon) How GPS Is Killing Lighthouses (sakshale) J.K. Rowling denounces Internet fraudsters (NewsScan) Most Dangerous Types Of Spyware Increasing, States SpyAudit Survey (Monty Solomon) Spammers try a new tack (NewsScan) Goofy account identification (Geoff Kuenning) The Land Registry (Ben Laurie) Weak on the concept (Elias Levy via PGN) U of Calgary adding spam and spyware (Rob Slade) Re: Thief-proof' car key cracked. What, already? (Steve Wildstrom) Re: It's a feature, not a bug! (Kees Huyser) Re: 'Hot' URLs in e-mail (William L Anderson) Balancing security and our lives (Jeremy Epstein) REVIEW: "Managing Security with Snort and IDS Tools", Cox/Gerg (Rob Slade) COMPSAC 2005: Extended deadline for paper submission (Yuen Tak YU) RISKS 23.71 Saturday 12 February 2005 Australian Frigate reversed onto rocks by computer override (Anton Lak) More uses of satnav/GPS (David Magda) Urology medical student residency "matching" process failure (Daniel Kahn Gillmor) Congressman Ron Paul R-TX Understands Risks and Countermeasures (Larry Sudduth) Flexibility destroys identity uniqueness: Implementing of IDN (Jon Lingard) Exploding cell phone shocks 911 dispatcher (Keith A Rhodes) RFID Tagging Elementary School Children (Peter H. Coffin) The risk of high-speed CD/DVD-rom drives in current-day PCs (Henk Langeveld) You type Zuerich and I type Zurich... A brief note (David G. Bell) Another MS Word info leak (Richard Akerman) High Risk Vulnerabilities in Eudora for Windows (NGSSoftware via Monty Solomon) Re: U of Calgary adding spam and spyware (Hendrik, Matthew Holmes) Re: Food via inkjet printer (Brian Reynolds) Minireview: Bill Neugent, No Outward Sign (PGN) REVIEW: "A History of Computing Technology", Michael R. Williams (Rob Slade) RISKS 23.72 Thursday 17 February 2005 Missile interceptor doesn't even leave its silo -- again (Jeremy Epstein) Report on Patriot missile friendly fire over Iraq (PGN) TCAS RA incident (Martyn Thomas) Scammers access ChoicePoint data on 35,000 (Matt Hines via Monty Solomon) Trees with concealed GSM antennas (Dan Jacobson) German TollCollect charges double (Debora Weber-Wulff) Wife broke law in using spyware (NewsScan) Gas stations lose money due inadvertent low pricing (Arthur T.) 'Smart' driver's licenses a Trojan horse? (NewsScan) "The Mother is Back!" Announcing "DayThink" Audio Features (Lauren Weinstein) Limits of search-and-replace (Mike Albaugh) I may know who handles Personal Certs at thawte (Ed Bruce) Malware and Auto Electronics (Peter B. Ladkin) Re: More uses of satnav/GPS (Paul E. Bennett) New copy-proof DVDs on the way? (John Borland via Monty Solomon) Re: The risk of high-speed CD/DVD-rom drives in PCs (Eben King, Jonathan Smith) RISKS 23.73 Sunday 20 February 2005 "High-tech passports are not working" (Yves Bellefeuille) Federal agencies get failing grades on cybersecurity (NewsScan) Break-In At SAIC Risks ID Theft (Griff Witte via Monty Solomon) ChoicePoint warns of ID theft concerns (NewsScan) In the Matter of Component Architecture (Paul Robinson) RSS reader redirect risks (Monty Solomon) eBay redirects to phishers from their own site (Pete Krawczyk) Risks of battery-operated wireless input devices (Peter Pankonin) You There, at the Computer: Pay Attention (Katie Hafner via Monty Solomon) Assuming customers can't spell (Andrew Malakoff) Unintended consequences of automatic abbreviation (John Pettitt) REVIEW: "Modern Cryptography: Theory and Practice", Wenbo Mao (Rob Slade) RISKS 23.74 Wednesday 23 February 2005 Mobile phone virus infiltrates U.S. (NewsScan) Re: Component Architecture (Jim Horning, Rick Russell, Kurt Fredriksson, Fred Cohen, Jay R. Ashworth, Ray Blaak, Richard Karpinski, Geoff Kuenning, Dimitri Maziuk, Stephen Bull, George Jansen) RISKS 23.75 Thursday 24 February 2005 Networked homes spell trouble for consumer electronics (NewsScan) Spam-blocker causes missed court date (Terry Carroll) UK gets official virus alert site (Chris Leeson) SPIM (NewsScan) More robot scanner phenomena (Mark Rockman) Re: Component Architecture (Martyn Thomas, Peter B. Ladkin, Jay R. Ashworth, Mike Ellims, Daniel P. B. Smith, Ben Galehouse, Roderick A. Rees, David G. Bell, Raj Mathur) Re: Urology medical student residency "matching" process failure (Jerry Leichter) Re: Assuming customers can't spell (Tom Russ) IWIA 2005 Call for Participation (Stephen D. B. Wolthusen) RISKS 23.76 Monday 28 February 2005 BofA loses backup tapes in transit with customer data (Nicolai E M Plum) Some Sympathy for Paris Hilton (John Schwartz via Monty Solomon) Sensitive information: lesson learned (Bill Hopkins) Computerization of the automobile continues apace (Omri Schwarz) Address coercion (Paul D. Smith) Re: "Spam-blocker causes missed court date" (Joseph Brennan) Re: UK gets official virus alert site (Rob Skedgell) Re: Component Architecture (Mark Lutton, Steve Taylor, Jan Vorbrüggen, Olivier Dagenais, Paul D.Smith, Steven Hauser, Dimitri Maziuk, Bill Royds, Tom Swiss, Ross Lonstein, Dave Budd, Geoff Kuenning, Dan Jacobson) RISKS 23.77 Wednesday 2 March 2005 Wanna be president of Microsoft? (Geoff Kuenning) Viruses being delivered into mailing lists via BCC: (Nick Rothwell) Remote physical device fingerprinting (Tadayoshi Kohno) Re: BofA loses backup tapes in transit ... (Terry Harris, Keith F. Lynch, Chris Kantarjiev) Re: UK gets official virus alert site (David Alexander) Re: Spam-blocker causes missed court date (Keith F. Lynch, Craig A. Finseth) Re: Address coercion (John Harper, Russell C Page) Re: Component Architecture (Martin Ward, Mike Ellims) Components, yes; kitchen sinks, no (Walter Dnes) RISKS 23.78 Thursday 10 March 2005 Security? Nuclear plants don't need no stinkin' security! (Jim Horning) Drug-error risk at hospitals tied to computers (Scott Allen via Monty Solomon) Hospital computers make things worse (Richard Akerman) Richard Clarke: Real ID's, Real Dangers (John F. McMullen) MIT says it won't admit hackers (Robert Weisman via Monty Solomon) Website hijackings, 302 redirects, and security issues (Tim Chmielewski) Credit Information Stolen From DSW Stores (AP via Monty Solomon) Garbage Out, Garbage In? (Adam Shostack) More BofA problems (Tom Watson) Re: More uses of satnav/GPS (Michael Bacon) REVIEW: "Windows Forensics and Incident Recovery", Harlan Carvey (Rob Slade) RISKS 23.79 Thursday 17 March 2005 Professional Risk Assessment (Jack Goldberg) Fallbacks that cry wolf (Steve Summit) Airbus A300/310 rudder problems (David Rose via Harry Crowther) Oyster card fault causes problems on London Underground (Daniel Thomas via Paul Rummell) Computerized Physician Order Entry Systems (Charles J. Wertz) Computerized medical mistakes (Bob Morrell) Ballots "enhanced" by City Clerk (Arthur Kimes) Centralized Privacy Rights Mechanism (Curt Sampson) Man in the middle attack on SSL? (Russell Page) Payment via MSN and related news (Koos van den Hout) Microsoft antivirus - is it beta? (Rob Slade) Re: Viruses being delivered into mailing lists via BCC: (Dave Sill) Re: Richard Clarke: Real ID's, Real Dangers (Marc Auslander, Mike Pritchard) Users of AOL Instant Messenger and other services beware! (Alistair McDonald) RISKS 23.80 Wednesday 23 March 2005 Procurement risks and nonverifiable code (Tim Panton) DEA agent shoots self while demonstrating gun safety (Arthur T.) Boston College loses thousands of SSNs (Geoff Kuenning) Yes, we know what that means! (Tim Connors) Risks of long and short URLs (Arthur T.) GPS (Martyn Thomas) Snowplow fraud and GPS devices (David Tarabar) Re: More uses of satnav/GPS (Roland Giersig) Re: Website hijackings, 302 redirects, and security issues (Drew Dean) Re: Remote physical device fingerprinting (Markus Roth) REVIEW: "The Information Security Dictionary", Urs E. Gattiker (Rob Slade) RISKS 23.81 Monday 28 March 2005 Essex County NJ Jail locking-system failure (Charles Lamb) Cruise-control failures? (Robert Scheidt) TSA Finds Data On Air Passengers Lacked Protection (Amy Schatz via Richard M. Smith) RSA Finds More Flaws in RFID (Stephen D. Poe via Dave Farber) Sumitomo cyberattack (Tom Van Vleck) Clinical Healthcare IT, 'error', and safety (Richard Cook) Human error and computerized medical systems (Don Norman) Why IE is insecure: flawed logical thinking... (Craig DeForest) Re: Risks of long and short URLs (D.F. Manno) Risky US Bank Visa product (John Meissen) Important PITAC Cybersecurity report released (Gene Spafford) EEPI - Electronic Entertainment Policy Initiative (Lauren Weinstein) RISKS 23.82 Tuesday 29 March 2005 Times change ... problems don't (Michael Bacon) Unintended consequences: CA data theft reporting (Steve Summit) Even some major corporations don't understand domain names (Jonathan Leffler) Re: Cruise-control failures? (Stanislav Meduna, Steve Loughran, Nick Brown, Robert Scheidt, Ray Todd Stevens, Mark Brader) Re: Don Norman: High is good? (Ken Knowlton) Re: Computerized medical mistakes (Dave Brunberg, Bob Morrell, Richard Cook) Re: More uses of satnav/GPS (Chris Smith) Re: Remote physical device fingerprinting (David E. Ross) RISKS 23.83 Wednesday 6 April 2005 Cancer patients exposed to high radiation (Monty Solomon) Carjackers swipe biometric Mercedes, plus owner's finger (John Lettice via Alpha Lau) Air disasters: A crisis of confidence? (Michael Bacon) Secret Service DNA - "Distributed Networking Attack" (Brian Krebs via Monty Solomon) Yet another phishing scam (Michael Bacon) Times change ... problems don't (Louise Pryor) Re: Why IE is insecure ... (Steve Taylor, Simon Zuckerbraun, Craig DeForest) Re: Remote physical device fingerprinting (Jerry Leichter) Re: Cruise Control failures (Jay R. Ashworth, John Sawyer, Neil Maller, Markus Peuhkuri, David G. Bell, Amos Shapir, David R Brooks) New Security Paradigms Workshop submission deadline approaching (George Robert Blakley III) RISKS 23.84 Monday 18 April 2005 Ch7 Australia off-air due to multiple system failures (Andrew Goodman-Jones) 310,000 Lexis-Nexis records accessed by identity thieves (PGN) Polo Ralph Lauren customer database attacked (Mohl/Bray via Monty Solomon) Tufts alumni data compromised (Hiawatha Bray via Monty Solomon) BofA agent gives out personal information to finder of lost VISA card (Caskey L. Dickson) Computer-generated gibberish conference paper accepted (PGN) Vatican's prescient Web masters (Diomidis Spinellis) Bullet trains with faulty speed controls (Dennis Mullin) Michigan message board says speed limit 100 mph (Monty Solomon) Israeli system for secure e-mail with the government (Shoshannah Forbes) The risks of phone number rollover procedures (Karl Klashinsky) "War"driving a minefield? (Rob Slade) Online security with usability problems (Ed Taft) So is this a phishing attack or not? (Jim Horning) Re: Short links and phishing (Alan D. Zimmerman) Re: Times change ... problems don't (Michael Bacon) Medical errors/usability (Jim Jewett) Comcast cable daylight savings change over problem (Mark A. Biggar) RISKS 23.85 Tuesday 26 April 2005 Amtrak's high-speed Acela trains sidelined until summer (Monty Solomon) Amtrak woes echo standard software engineering complaints (Michael J Harrison) Remote computer locks the doors, or does it? (Mark Lutton) Hacker broke into CMU computers (Bill Schackner via Monty Solomon, Bob Heuman) Another out-of-bounds condition that needs NO checking (David Lesher) A large scale disruption caused by incorrect virus-definition file (Chiaki) The risks of opening a PayPal account (Ross Anderson) Risks of having a distinctive surname (Stefek Zaba) SFPD officer accused of using airport cameras to ogle women (Bob Van Cleef) Trial ID card scheme is withdrawn in Cornwall (Chris Leeson) Audit shuts down Minnesota Car License Web (Steven Hauser) Oops! US Air round trip for $1.86 (Howard M Israel) Banks still force users to be vulnerable to ID theft (Brad Hill) "The national phone system failed"? (Mark Brader) Re: Michigan message board says speed limit 100 mph (Jeffrey Waters) Re: SecurID and E*TRADE (Jonathan Lewthwaite, Kurt Raschke) RISKS 23.86 Friday 6 May 2005 PDF not a good format for redacting classified documents (Bob Blakley iii) Time Warner backup tapes lost with 600,000 records (PGN) Hundreds of Texas driver's licenses mailed to wrong people (Peter Gregory) False negatives on fingerprints (Jeremy Epstein) Re: SecurID and E*TRADE (Vin McLellan) RISKS 23.87 Tuesday 17 May 2005 Prius cars shutdown at speed (Edwin Slonim) The Downside of Wired Hospitals (Ken Knowlton) Medical Usability: How to Kill Patients Through Bad Design (Dan Jacobson) REAL ID (Bruce Schneier) US Government to alter RFID passport regulations (Avishai Wool) Good old-fashioned physical security (Joseph Shead) Social security number seeding (Pekka Pihlajasaari) IT forecast from Dave Patterson (Marcus H. Sachs) Car breakins using bluetooth (Andrew Nicholson) Don't blame the messenger (Paul Tomblin) Re: PDF not a good format for redacting classified documents (Bob Blakley) Re: Amtrak's Acelas (Philip Nasadowski, Martin Ward, Derek P Schatz) Train anomaly (PGN) Comair: Bound to Fail (Craig S. Bell) What Search Sites Know About You (Joanna Glasner via Monty Solomon) Re: BofA agent gives out personal information (Brent J. Nordquist) SecurID: bad compared to what? (Rick Smith) RISKS 23.88 Tuesday 31 May 2005 Landing gear problem due to apparent computer glitch (Steven M. Bellovin) The ChoicePointSyndrome (Robert Ellis Smith) A bank you might not want to have Wachovia (PGN) Hyperthreading vulnerability (Olin Sibert) MarketScore exploit (Aaron Emigh) "Rumplestiltskin worm" on the loose? (Brett Glass via Dave Farber) The latest in clever spammer technique (Dan Wallach) Trojan attack in Israel (Amos Shapir) Re: PDF not a good format for redacting classified documents (Steven M. Bellovin) Interesting typo (Jon Callas) Conference on Electronic Entertainment Policies, Problems, Solutions (Lauren Weinstein) RISKS 23.89 Friday 10 June 2005 United abandons Denver Airport baggage system (PGN) More on the FBI Virtual Case File demise (Dan Eggen via PGN) Plane diverts after erroneous hijack alert (Geoff Kuenning) Self-service photo kiosk retains images, leads to prosecution (Matt Fichtenbaum) Search Engine Dependence Syndrome (PGN) Intelligence vs. Common Sense (Kevin N Haw) Method discovered of cracking Bluetooth security (Pete Mellor) Messaging and Security Feature Pack for Windows Mobile 5.0 (Alpha Lau) The Risks of HTML (William Colburn) Challenge/response e-mail filtering (Atom Smasher) Wide-scale industrial espionage using Trojan horses in Israel (Gadi Evron) Bold thieves build complete ATM (James Bauman) Spammer using Yahoo service and Google's name to hide actual server (Joe Smith) Future ChoicePoint-related flaws (David B. Lewis) Re: Michigan message board says speed limit 100 mph (Bob Heuman) Zabasearch, and coverage thereof (Jay R. Ashworth) Re: MarketScore exploit (Chris Smith, Doug Burbidge) Re: "Rumplestiltskin worm" on the loose? (James W. Adams) RISKS 23.90 Wednesday 15 June 2005 Details of F/A-22 crash December 2004 (Peter B. Ladkin) Database error makes half of Norway's cellphones go offline (Olav Langeland) When Crypto/Signature Plans Go Wrong: Sony PSP Exploit (Lauren Weinstein) Encryption Illegal in Minnesota (Al Macintyre) Seven voting machines under scrutiny in Wayne County (Lillie Coney via PGN) LSAC gives SSNs to recommenders (Jerry Saltzer) Risks of letting marketing spec your messages (Mike Albaugh) Microsoft censoring blogs in China (PGN) The Scramble to Protect Personal Information (Tom Zeller via PGN) ID Theft vs. Colorado Attorney General (Al Macintyre) Private, Personal Medical Info Faxed To Wrong Location (Bob Heuman) What Europe can teach us about identity theft (Amos Shapir) Paris Hilton Hack Started With Old-Fashioned Con (Brian Krebs via Monty Solomon) Ted Koppel: Take My Privacy, Please!, 13 Jun 2005 (Monty Solomon) Mom charged with stealing identity of soldier son (Julia Silverman via PGN) Re: Plane diverts after erroneous hijack alert (Michael Bacon, Andrew Koenig, Rob Bailey) Re: Challenge/response e-mail filtering (David Cantrell) REVIEW: "CISSP Exam Notes", K. Wan (Rob Slade) RISKS 23.91 Wednesday 22 June 2005 New Zealand Outage Shut Down Stock Exchange (Marcus H. Sachs) First no more air maps, next no more road maps? (Dan Jacobson) TSA kept passenger information it promised not to (PGN) Libraries Say Yes, Officials Do Quiz Them About Users (Eric Lichtblau from Richard Forno via Dave Farber) SOFTWARE 2015 (Jim Horning) US e-government risks (Al Macintyre) Asian Hackers Blamed for Attacks On U.K., U.S. Computer Networks (Cassell Bryan-Low) CardSystems' noncompliant practice compromises credit information (Eric Dash via Monty Solomon) CardSystems' Systems (Al Macintyre) Hacker accesses files at Equifax (Bob Heuman) Cell Phones Now Playing Role of Wallet (Bruce Meyerson via Monty Solomon) SIM Cards with GPRS (Darryl Smith) New 'Heathrow Connect' Trains - do not want to go to Heathrow! (S Byers) Re: Plane diverts after erroneous hijack alert (Dan Jacobson) REVIEW: "Brute Force", Matt Curtin (Rob Slade) RISKS 23.92 Wednesday 29 June 2005 Single Point of Failure paralyzes Swiss Railsystem for 3 hours (Debora Weber-Wulff, Anthony Thorn) The continuing saga of the German unemployment scheme Hartz IV (Debora Weber-Wulff) New Heathrow Connect Trains - Now Can't Even Connect! (S Byers) Flaw Is Found in Software Used to Accredit Hospitals (Milt Freudenheim via Monty Solomon) Robot runs riot at California hospital (Thom Kuhn) Frozen Windows in Delivery Room (Charles Palmer) Re: New Zealand Outage Shut Down Stock Exchange (Russell Smiley) One Week to Shattered Security: Lessons from the Sony PSP Exploit (Lauren Weinstein) Encryption Illegal in Minnesota (James R. Cottrell Jr.) U.K. firm boasts totally "hacker proof" ID card system (Ben Tudor via Declan McCullagh) CVS limits ExtraCare info access (Marion Davis via Monty Solomon) Yahoo Filters Phish (B Brown) Re: "Rumplestiltskin worm" on the loose? (Crispin Cowan) Breach tracking (Adam Shostack) REVIEW: "Spies Among Us", Ira Winkler (Rob Slade) RISKS 23.93 Sunday 10 July 2005 Monitor misprogrammed, air quality suffers (Bill Hopkins) US-VISIT (Marc Rotenberg) Pentagon Creating Student Database (PGN) USC application system cracked (PGN) Indian call centre 'fraud' probe (S Byers) Life gets messy online/offline in China (Esther Dyson via Dave Farber) Future Combat Systems procurement problems: GAO report (Dawn Onley via Pete Mellor) PayPal, a Risk when you do, and a risk when you don't... (David Lesher) More on Minnesota encryption (Steve Peterson) WWW 2006 Call For Papers: Security, Privacy & Ethics Track (Angelos D. Keromytis) REVIEW: "Silence on the Wire", Michal Zalewski (Rob Slade) RISKS 23.94 Tuesday 26 July 2005 2,000 patients hit by lab test mix-up in Calgary, Alberta (R.A. Tremonti) Information system for Lisbon hospitals stopped for ten days (Fernando Pereira) Why doesn't meter reading use sanity checking? (PGN) Proposed daylight saving time changes (David Magda) Virginia DMV fraud again (PGN) Fraud on VoIP (uk.telecom.voip via Pete Mellor) Physical-layer network vulnerabilities (Michael Tandy) Multiple vulnerabilities in Diebold Optical Scan (Bruce O'Dell) UK Government statistics show Home Office leads in stolen computers (Ian Cuddy) Mixing data from multiple customers (art) European Parliament rejects Software Patent Directive (Pete Mellor) "Perspectives on Free and Open Source Software" (PGN) RISKS 23.95 Monday 1 August 2005 Reuters: FDA warns Hitachi Medical about MRI systems (Craig S. Bell) Too many features in medical device (Colin Percival) Embedded Systems vs Us (Bob Paddock) Elbtunnel computer crash (PGN) New Microsoft anti-piracy program circumvented (Monty Solomon) USC Database hacked (Randall via Dave Farber) Spyware soaring (John Leyden via PGN) Privacy Guru Locks Down VOIP (Kim Zetter via Monty Solomon) TV channel inadvertently broadcasts link to porn site (David Hollman) NSW State Transit Authority decommissions servers --- and data, too (Florian Liekweg) Hacking the Hotel TV -- and more (Florian Liekweg) Two reports of possible interest (Gene Spafford) Low Threshold for Fraud Detection (Mark Rockman) 'Insane' Quebec Govt Online PAC ID system (Michael Hackett) Partisan e-mail censorship as spam filtering: afterdowningstreet.org (Pete Klammer) Risks of REAL ID (Robert Tanner via Monty Solomon) Re: Diebold Optical Scan security (Stanley F. Quayle) Re: Proposed daylight saving time changes (Stuart Prescott) RISKS 23.96 Tuesday 2 August 2005 20th Anniversary of RISKS! (PGN) Bogus EAS Alerts in Florida, Nevada (Kevin Poulsen) Car computer systems at risk to viruses (PGN) Not Combatting Identity Theft with "Smart" Social Security Cards (Geoff Kuenning) Electronic voting -- oops (Richard Schroeppel) Timezones and appointments (Nick Rothwell) Re: Partisan e-mail censorship as spam filtering (Craig A. Finseth) Re: Embedded Systems vs Us (Michael Kohne, Jay R. Ashworth) Re: Too many features in medical device (Russell N. Sheptak) RISKS 23.97 and RISKS 23.00 3 August 2005 Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 23 (7 November 2003 to 3 August 2005) ------------------------------ End of RISKS-FORUM Digest 23.00 (97) ************************