Illustrative Risks to the Public
in the Use of Computer Systems
and Related Technology
Peter G. Neumann, Computer Science Laboratory,
SRI International, Menlo Park CA 94025-3493
March 6, 2014

NOTE: Many recent RISKS cases are not yet included. Maintaining this file has become increasingly labor intensive. However, the Election Problems section and the Illustrative Risks section are now up-to-date as of 6 March 2014. For other recent items, try the search engine at http://www.risks.org. Also, the ACM SIGSOFT Software Engineering Notes (SEN) have for many years contained highlights of items from online RISKS, along with one-liners of additional items of note. All of the SEN issues are now online: http;//www.sigsoft.org/SEN/

Copyright 2014, Peter G. Neumann, SRI International EL243, Menlo Park CA 94025-3493 (e-mail Neumann@csl.sri.com; http://www.CSL.sri.com/neumann; telephone 1-650-859-2375; fax 1-650-859-2844): Editor, ACM SIGSOFT Software Engineering Notes, 1976-93, Assoc.Ed., 1994-; Chairman, ACM Committee on Computers and Public Policy (CCPP); Moderator of the Risks Forum (comp.risks); cofounder with Lauren Weinstein of People For Internet Responsibility (http://www.pfir.org).

Contents

  • Contents
  • Descriptor Symbols
  • 1 Collected Items Listed by Categories
  • 1.1 Recent yet-to-be-merged items
  • 1.2 11 Sep 2001 and Homeland Security
  • 1.3 Space
  • 1.4 Defense
  • 1.5 Military Aviation
  • 1.6 Commercial Aviation
  • 1.7 Rail, Bus, and Other Public Transit
  • 1.8 Ships
  • 1.9 Automobiles
  • 1.10 Motor-Vehicle and Related Database Problems
  • 1.11 Electrical Power (nuclear and other) and Energy
  • 1.12 Medical, Health, and Safety Risks
  • 1.13 Other Environmental Risks
  • 1.14 Robots and Artificial Intelligence
  • 1.15 Other Control-System Problems
  • 1.16 Other Computer-Aided-Design Problems
  • 1.17 Accidental Financial Losses, Errors, Outages
  • 1.18 Financial Frauds and Intentionally Caused Losses
  • 1.19 Stock-Market Phenomena
  • 1.20 Telephone Frauds
  • 1.21 Other Telephone and Communication Problems
  • 1.22 Election Problems
  • 1.23 Insurance Frauds
  • 1.24 Security Problems
  • 1.25 Cryptography
  • 1.26 April Foolery and Spoofs
  • 1.27 Privacy Problems
  • 1.28 Spamming, Phishing, Junkmail, and Related Annoyances:
  • 1.29 Other Unintentional Denials of Service:
  • 1.30 Law Enforcement Abuses, False Arrests, etc..
  • 1.31 Identity Theft, Internet Fraud, Mistakes, Related Problems
  • 1.32 Other Legal Implications
  • 1.33 Other Aggravation
  • 1.34 Calendar/Date/Clock Problems including Y2K
  • 1.35 The Game of Chess:
  • 1.36 Miscellaneous Hardware/Software Problems
  • 1.37 Other Computer System Development Difficulties
  • 1.38 Achieving Better System Development and Operation
  • 1.39 The Proper Role of Technology?
  • 2 Reference Materials
  • 2.1 Books
  • 2.2 Inside Risks Columns
  • 2.3 Pun-intended definitions
  • This list summarizes items that have appeared in the Internet Risks Forum Digest (RISKS) - which I moderate (comp.risks newsgroup) - and/or published ACM SIGSOFT Software Engineering Notes (SEN). In this collection of mostly one-liner summaries, (R i j) denotes RISKS volume i issue j; (S vol no:page) denotes an issue of SEN, where there has been one volume per year, with vol 33 being the year 2008; page numbers are given fairly regularly from 1993 on; (SAC vol no) indicates an item in the quarterly SIGSAC Security and Control Review, where vol 16 is 1998, which was the final volume. The RISKS-relevant SEN material prior to 1995 is summarized in my Computer-Related Risks book (see below). SEN material is now being brought on-line by Will Tracz: http://www.acm.org/sigsoft

    Some incidents are well documented, while others need further study. A few are of questionable authenticity, and are noted as such ("bogus???"). Please send me corrections and new cases, along with suitable references. This document is updated at least quarterly and is browsable on-line (ftp://ftp.CSL.sri.com/neumann/illustrative.html courtesy of Otfried Cheong's Hyperlatex). [Hyperlatex is wonderful Free Software:
    http://www.cs.uul.nl/~otfried/Hyperlatex).] This document is also printable in a two-column 8-point format (illustrative.pdf and illustrative.ps).

    SEN regular issues, by year, volume&number 
    ..1976,vol 1: #1 = May; #2 = Oct
      ==================================
    ..year 1977 78 79 80 81 82 83 84 85 
      volume  2  3  4  5  6  7  8  9 10 
      ---------------------------------
      Jan    #1  1  1  1  1  1  1  1  1 
      Apr    #3  2  2  2  2  2  2  2  2 
      Jul    #4  3  3  3  3  3  3  4  3 
      Oct    #5  4  4  4  5  4  5  5  5 
      ==================================
    ..year 1986 87 88 89 90 91 92 93 94 
      volume 11 12 13 14 15 16 17 18 19 
      ---------------------------------
      Jan    #1  1  1  1  1  1  1  1  1 
      Apr    #2  2  2  2  2  2  2  2  2 
      Jul    #3  3  3  5  3  3  3  3  3 
      Oct    #5  5  4  6  5  4  4  4  4 
      ==================================
    ..1995,vol20: #1=Jan; 2=Apr; 3=Jul; 5=Dec
    ..1996,vol21: #1=Jan; 2=Mar; 4=Jul; 5=Sep
    ..1997,vol22: #1=Jan; 2=Mar; 4=Jul; 5=Sep
    ..1998,vol23: #1=Jan; 3=May; 4=Jul; 5=Sep
    ..1999,vol24: #1=Jan; 3=May; 4=Jul
    ..2000,vol25: #1=Jan; 2=Mar; 3=May; 4=Jul 
    ..2001,vol26: #1=Jan; 2=Mar; 4=Jul; 6=Nov
    ..2002,vol27: #1=Jan; 2=Mar; 3=May; 5=Sep
    ..2003,vol28: #2=Mar; 3=May; 4=Jul; 6=Nov
    ..2004,vol29: #2=Mar; 3=May; 5=Sep; 6=Nov
    ..2005,vol30: #1=Jan; 2=Mar; 3=May; 4=Jul; 6=Nov
    ..2005,vol31: #1=Jan; 2=Mar; 3=May; 4=Jul; 6=Nov
    ..2006,vol32: #1=Jan; 2=Mar; 3=May; 4=Jul; 5=Sep; 6=Nov
    ..2007,vol33: #1=Jan; 2-Mar; 3=May; 4=Jul; 5=Sep; 6=Nov
    ..2008,vol34: #1=Jan; 2-Mar; 3=May; 4=Jul; 5=Sep; 6=Nov
    ..2009,vol35: #1=Jan; 2-Mar; 3=May; 4=Jul; 5=Sep; 6=Nov
    ..2010,vol36: #1=Jan; 2-Mar; 3=May; 4=Jul; 5=Sep; 6=Nov
    ..2011,vol37: #1=Jan; 2-Mar; 3=May; 4=Jul; 5=Sep; 6=Nov
    ..2012,vol38: #1=Jan; 2-Mar; 3=May; 4=Jul; 5=Sep; 6=Nov
    ..2013,vol38: #1=Jan; 2-Mar; 3=May; 4=Jul; 5=Sep; 6=Nov
    ..2014,vol38: #1=Jan; 2-Mar; 3=May; 4=Jul; 5=Sep; 6=Nov
    
    

    Read the Risks Forum as comp.risks if you can, or send e-mail to risks-request@csl.sri.com for a subscription, single text line "subscribe" (append desired address only if not your From: address), or "info" for info. Send contributions to risks@CSL.sri.com. Archives are available at http://www.risks.org, which redirects to Lindsay Marshall's Web site at Newcastle http://catless.ncl.ac.uk/Risks/, including a nice search facility. Specific issues can be read directly as http://catless.ncl.ac.uk/Risks/I.J.html [where I=volume#, J=issue#]. SRI's archive is at ftp://ftp.sri.com/risks or by "ftp ftp.sri.com", "login anonymous", "cd risks" (which gets the "dir" for the current volume, and "cd i" then gets you into the subdirectory for noncurrent volume i). An Australian mirror is at http://the.wiretapped.net/security/textfiles/risks-digest/. "Inside Risks" distills some of the discussion into a monthly inside-back-cover column in the Communications of the ACM. The list of columns to date is given at the end of this document.

    My book (Peter G. Neumann, Computer-Related Risks, Addison-Wesley (ISBN 0-201-55805-X) and ACM Press (ACM Order 704943), 1995) summarizes many of these cases and provides additional analysis. (A few errata for the first three printings are on my Web page, noted above.) Most of the (S vol no) items listed below for no < 20 are discussed in the book; more recent items generally include the relevant on-line (R i j) references. If you cannot find the book in a bookstore, it is on amazon.com, or call A-W within the U.S. at 1-800-822-6339 - or if you are outside of the U.S., 1-617-944-3770 and ask for International Orders. The book is now also available in Japanese (ISBN 4-89471-141-9). Instead of trying to produce a second edition in the face of a massive influx of new RISKS cases, the fourth and fifth printings of the book gives the URL for the Addison-Wesley Web site (http:www.awl.com/cseng/titles/ISBN-0-201-55805-X/), which includes the first chapter of the book and an extended preface. That Web site and my own contain further material that would otherwise have gone into the second edition.

    Henry Petroski (among others) has noted that we rarely learn from our successes, and must learn more from our failures. The collection of cases cited here provides rich opportunities for reflection that could help us to avoid similar problems in the future. Unfortunately, it also demonstrates that the same types of mistakes tend to recur, over and over...

    SEN and RISKS also consider approaches for developing better computer systems, e.g., safer, more reliable, more secure, fewer cost and schedule overruns, etc. There are many approaches to developing sound systems; none is guaranteed. Whereas the emphasis in the following list is on problems rather than on would-be solutions, the pervasive nature of the problems suggests that techniques for the effective development and operation of computer-related systems are frequently ignored. Worse yet, even ideal systems can result in serious risks, through unanticipated technological problems or human foibles. We include here primarily cases that have been publically reported, although we know of various additional cases whose existence for one reason or another has not seen the light of day. A few successes are also included, although the failures seem to predominate. We are always interested in hearing more about successes. Although I receive occasional complaints about the preponderance of failures in RISKS, there appear to be very few real successes. Perhaps not enough folks are heeding some of the advice that you can gather from RISKS and that are distilled in Computer-Related Risks.

    Descriptor Symbols

    The following descriptor symbols characterize each entry.

    ! = Loss of life/lives; * = Potentially life-critical or safety problem

    V = Overall system or subsystem surViVability problems (with respect to diVerse adVersities, including attacks and malfunctions). Startlingly many cases fit this category; many V-unflagged cases also represent failures to continue performing properly, or delays, or other cases of misuse that could have led to much more serious survivability problems.

    $ = Loss of resources, primarily financial

    S = Security/integrity/misuse problem; P = Privacy/rights abuse or concern

    H = Intentional Human misuse (e.g., user-administrator-operator-penetrator)

    h = Accidental Human misuse or other inadvertence

    a = Event attributed to animal(s)

    I = Insider; O = Outsider; A = Inadequate Authentication, Access control, or Accountability

    d = System Development problems

    e = Improper Evolution/maintenance/upgrade. (H,h,i,f,d,e involve human foibles.)

    r = Problems with Requirements for system or operation (including the overall system concept)

    f = Flaws (or Features in design, or hardware/software implementation)

    i = MisInterpretation/confusion/human errors at a man-system Interface; documentation problems

    m = Hardware Malfunction attributable to system deficiencies, the physical environment, acts of God, etc.

    M = Malfunction or misuse specifically due to electronic or other interference

    + = Beneficial; - = problematic with none of the above categories

    @ = This item is also listed in another category

    1 Collected Items Listed by Categories

    1.1 Recent yet-to-be-merged items

    $ Destia (EconoPhone) terminates all service (R 21 37)

    *SM UK trials of GPS controlled car speeds (R 21 22-23)

    V(m/f?) Canadian grocery chain Sobeys' software crash lasts 5 days (R 21 22)

    Vf University of Washington server crash leaves thousands of students unable to register for classes (R 22 38)

    i Risks of not-quite-identical keyboard layouts (R 21 26)

    $h United Airlines Web site for one hour accidentally offered SFO-Paris round trips for cost of taxes and fees only (roughly $30 instead of $300) (R 21 24-25)

    f Japanese modem misdialing seemingly at random in pulse-dial mode (R 21 25)

    eh EoExchange shuts down free ad-supported services without warning; customer data lost (R 21 32)

    i PC virtual-parrot squawks confuse firemen (S 26 6:10, R 21 46)

    f Cable theft results in network congestion when Seti@Home screen savers are unable to access Seti servers (R 21 48,53)

    fe Carefully planned seamless British Telecom BT SurfTime upgrade seemed very seamy, with premature cancellation of old service (R 21 44)

    hie Risks in MacOS 10.2.4 update and httpd.conf replacement (R 22 56)

    $fe UK magistrates courts staff upgrade failure requires two sets of systems instead of one, and a huge windfall for the deficient contractor (R 21 59)

    fe Adobe Acrobat 5.0 pdf upgrade not backward compatible (R 21 59)

    e NASA data from 1970s lost due to "forgotten" file format (R 21 56)

    f California DMV sorting machine sends licenses to wrong people; 8-year-old sorting machine blamed (R 21 39)

    * IBM auto dashboard system can shoot water at drivers not answering questions properly (R 21 53)

    he Half of Norway's banks offline for a week: erroneous keystroke in EDB Fellesdata AS upgrade wiped out entire data warehouse instead of merely initializing 280 new disks (R 21 58)

    + OnStar GPS computer reports accident, pinpoints hit-and-run driver (R 21 46)

    f* Polarized sunglasses mask LCD displays (R 21 53,54,56)

    f False fatal-error report on completed atomic transaction (R 21 53,54,57)

    mh Fiber cut takes out network connectivity within U. Pennsylvania (R 21 55)

    i Another autoresponder loop (R 21 51,56)

    $fhe Euro computer cutover risks (R 21 40)

    f$ Payday delayed by one day in Belgium; once-in-five-year glitch (R 21 45)

    h JDS Uniphase bad quarterly results report allegedly hacked, halting trading - but it turned out the report was Web-posted prematurely! (R 21 56)

    eHS Beware of free URL-forwarding services (R 21 47)

    di Custom system risk: dead men produce no documentation (R 21 47)

    $h 40,000 federal tax returns and $800M payments missing at Mellon Bank processing center (R 21 63)

    $m CD-eating geotrichum fungus amongus (R 21 51)

    ? Singapore bans divorce by SMS (short-text messaging between cell phones), overruling Muslim authorities, after 16 divorces Apr to Jun 2001 (R 21 58)

    $ Chinese divorce: fight over online Mir 2 game account characters and virtual items worth over 40,000 Yuan (R 23 93)

    - Chinese Internet blind date turns out to be married couple; big spat when they finally rendezvoused! (R 21 55)

    $fh New British solar parking meters give free parking in bad weather, when installed under trees, etc. (R 21 65)

    $H Judge tosses out red-light camera tickets because contractor had incentives to increase the number of citations (R 21 65)

    fi Poor car-wash control interface design (R 21 77)

    !hi Military intelligence at its best? "As a pilot, I can do everything perfectly with a perfect weapon system, and still cannot account for every weapon going exactly where it's supposed to go." U.S. Rear Admiral John Stufflebeem was responding to the deaths of three U.S. soldiers in Afghanistan after yet another bomb went astray. (S 27 2:5, R 21 82)

    he Stupid defaults in database conversion cause propane runout (S 27 2:5, R 21 89)

    e Mistranslated fields and changed defaults create problems in database conversion for propane company changeover (R 21 89)

    *hi(VSP also) Sometimes high-tech isn't better: discussion of doctors' dependence on computers (Laura S. Tinnel, S 27 2:5, R 21 84)

    $f Japanese Yohkoh satellite loses control due to annular eclipse during invisible-orbit out-of-sight period, draining batteries; recovery possible but not clear (R 21 85)

    Vm Durham NC water line break closes 911 center and police department (R 21 89)

    Vf(SH?) Dutch royal chat session failed on apparent overload (R 21 89)

    fi Excel cut-and-paste glitch (R 21 88) +/-? Largest prime number: Mersenne prime, 4,053,946 digits: 213,466,917-1; found with 130,000 volunteer participants (R 21 82-83)

    ??? 100:1 lossless compression hype sounds like oil (R 21 87)

    h Euro cutover risks: lots of screw-ups, wrong currencies, etc. (R 21 84,86,87); Luton schoolboy profits from ATM giving 1.6£to the Euro, rather than the reverse (R 21 86)

    $f UK NatWest bank turns debits into virtual credits in Quicken and MS Money .OFX format (R 21 81)

    $hf Grocery self-checkout risks: duplicate charges (R 21 81)

    $f Automated bus pass kiosk denies authorization but debits: previous customer's authorization screen image displayed (R 21 81)

    hV Outsourcing of upgrade to automated system knocks out Australian Bureau of Statistics (R 21 90)

    f Johns Hopkins researchers announced the "color of the universe" based on a weighted average of the electromagnetic frequency of emissions from all galaxies in the observable universe: it's turquoise; after discovering a software glitch, no, it's really beige (R 21 98); no, because of an algorithm error, it's really salmon (R 22 02); could there be a pot of gold at the end of the rainbow for the culler of colors?

    $fe More on PayPal problems: IPO prospectus, flaws, upgrade difficulties, fraud reported, fraud holds, merchant views (R 21 92,94,98) Paypal meets the Patriot Act: eBay accused of facilitating Internet gambling, eBay rebuts (R 22 67,69; S 28 4:9-10)

    $SH $1M eBay fraud scams 1000 victims for $1000 each for nonexistent laptops (R 22 77)

    Vm Disk crash destroys on-line law-enforcement mug shots in Macomb County, Michigan; no backup other than some hardcopy photos! (R 22 08)

    Vhie 50,000 Idaho court records erased during upgrade; no viable backup (R 22 60)

    $(m/f?)V Crash of critical legacy system costs Comair $20 million (R 23 87)

    V(f/m?) Year 2000 crash destroys WashDC maintenance database of 5000 trees destined for removal, causing serious subsequent problems (R 22 08)

    +? Dutch city implanting chips to monitor tree health (R 22 10)

    Si Risks of deceptive characters in URLs: Rob Graham (R 21 89), and note on Gabrilovich/Gontmakher's Inside Risks column on The Homograph Attack, with look-alike characters in different languages Comm.ACM 45, 2, Feb 2002 (R 21 89); confusion among lowercase L, uppercase I, number 1 (R 21 91-93); lloyds vs llyods and domain protections (R 22 11, correction R 22 12)

    Shi Risks of ordinary GUI "pop-up" windows: hidden spoofing (R 23 46,49; S 30 1:13)

    Risks of Unicode and WSIWYG interpreting addresses: lookalike Japanese and English modes (S 27 3:8-9:, R 21 96)

    fi Undesired text alterations: Microsoft Outlook appropriates the word "begin" to denote uuencoded text; recommended solution is not to start messages with the word "begin" (R 21 90); .Net violates English rules (R 21 91); search engines give wrong site, altering punctuation (R 21 91); OCR scanning alterations as well (R 21 92); UK Waitrose strips apostrophes from message content (R 21 92) and perhaps is using SQL? (R 21 93); BAD! in Perl, apostrophes are string delimiters (R 21 93); some Web forms reject addresses containing a plus sign (R 21 93)

    SV Dutch royal chat session failed; intended for 100 selected citizens, and using a site designed for tens of thousands of users, the site reportedly received 3 billion hits (which seems implausible)! (R 21 89)

    e Time runs out for BBC's Domesday time-capsule discs: media unreadable (R 21 93); FOLLOW-UP (R 25 44)

    $i Australian man racked up A$22,000 in fines on Melbourne toll road, not having updated his address, and not having acquired a transponder (R 21 93)

    $(f?h?) Seattle City light billing disputes (R 22 05)

    (f?) Two unsolved telephone mysteries: unattended mobile phone calls home, and replicated phone bills; software faults? (R 22 08-10)

    $h E-commerce Web site mistakenly listed low price for Kodak cameras; automatic response constituted acceptance of sale (R 21 90);

    $hi PC mail-order price typo cost Marubeni over $2 million; company honored the error (R 23 02)

    $ Buy.com mispriced a monitor; automated price search promises lowest price; (R 20 21)

    h (but blamed on computer) Argos retail offered Sony Nicam TV for 3£ instead of 300£ (R 20 57)

    $(hi?) Oops! US Air round trip for $1.86 (R 23 85)

    $h Huge $25 airfare bargains from United Airline's Web site (R 22 10)

    $h Compaq issues refunds for one-cent PCs after canceling the erroneous promotion (R 22 08)

    $hi Self-service gas station loses money due inadvertent low pricing: $.19/gallon instead of $1.83/gallon (R 23 72)

    $hi Candy machine non-atomic transaction punishes the quick-thinking (R 22 08-10); a related story (R 22 10)

    * China bans toxic American junk: computers, TVs, copy machines, etc. (R 22 14)

    $ No more JPEGs: ISO to withdraw image standard in infringement case (R 22 18)

    $ef Boston Big Dig overruns $1 billion (R 22 55; correction 22 56)

    *m Sentinel Fire Mapping tool for Australian fire location overloaded by heavy demand by nonemergency users (R 22 58)

    mef IBM's DB2 blamed for Danish banking crisis (R 22 68; S 28 4:6)

    i Risks of misquoting Google hit counts (R 22 72)

    ai$ Turtle tangled in discarded beacon triggers Coast Guard massive search and rescue effort (R 22 70)

    f?h? Kellogg's American Airlines online sweepstakes: thousands of nonwinners erroneously notified of winning (R 22 71)

    - The Googlewashing of our language: Risks of trusting Google? (R 22 67)

    m?f?h? Database crash loses names of Canadians in nationwide firearms registry (R 22 77, S 28 6:9)

    f Verizon's error sends customers to Massachusetts adult phone line (R 22 84)

    fmV GenCon conference registration woes blamed on computer network (R 22 84)

    f Guardian crossword puzzle unable to handle numbers! (R 22 82)

    i(-$) Cingular sends final bill for -$3.36 after refund check, threatening late fee (R 22 88)

    m Eurofighter Typhoon brake fault (R 23 02; S 29 2:9)

    f FAA warns of FlightLogic EFIS system fault (R 23 12; S 29 2:9)

    defm Houston 911 system prone to crashes (R 22 92; S 29 2:10)

    $drfh UK MoD scraps £130-million inventory management system (R 23 05; S 29 2:10)

    Sdfi Computer virus freezes 21 VMS York car park displays tracking empty spaces; one system showed 349 spaces instead of none; mass chaos (R 22 92; S 29 2:10)

    $df Messed-up test run gives erroneous deposits on outsourced payroll system (R 22 96; S 29 2:11)

    + Rigorous semantics of SPARK Ada applauded (see John Barnes' High Integrity Software); also more discussions of avoiding GOTOs (R 23 02)

    *m Faulty wiring in window heater led to windshield cracks in 3 Boeing 777s (R 22 94)

    *m Seattle Air Traffic Control [and elsewhere] affected by fires in Southern California (R 22 98)

    hi$ Continental Airlines backs off erroneous 500K free-mile winners (R 22 92)

    m Risk of leaving devices turned OFF: electrolytic capacitors degrade chemically: new kind of bit rot (R 22 98)

    *m Nokia blames mobile-phone battery explosions for nonNokia batteries (R 22 97)

    e$ WBIG radio unable to pay employees after computer upgrade (R 23 01)

    *fi Honda CRV 4WD electronic doors trap man in Australian flood, nearly drown him (R 23 06); try the rear window, which is not electric! (R 23 12)

    *hi(f?) Driver relies on car navigation system, winds up inside a supermarket (R 22 96)

    i Acura MDX and BMW 7 series (in)human interfaces (R 23 01); BMW: "When you add complexity you add risks" (R 23 02); Karcher's Law: "Don't check for error conditions you are not prepared to handle." (R 23 03)

    *$f BMW series 5 flaw disables Dynamic Stability Control and ABS (R 23 60; S 30 2:18)

    hi Input data error on auto registration transfer causes driver's arrest (R 23 11)

    fi French weather program mistakenly interprets frost (on a spider web on a sensor) as snow (R 23 03)

    $hi Trifecta race-track bet on 2003 Melbourne Cup wins AU$2.6 million despite betting operator's ten-fold error: bettor had not requested confirmation (R 23 03; S 29 2:14)

    hi Goofs: Animated billboard congratulates the Chicago Cubs on winning the baseball's National League pennant - but they lost! someone hit send instead of delete (R 22 96); New York Post prepared opposite editorials, released the wrong one: N.Y. Yankees lose 2003 American League pennant - but they won! (R 22 97); Israel's YNET.co.il announced Columbia had landed safely (with Israel's first astronaut aboard, and details of what he was supposed to be doing after landing) - but the Columbia was lost on reentry (R 22 98)

    hi `Technical error' blamed for dirty picture shown to Mexico's first lady (R 22 92)

    f Difficulties with U.S. Census Bureau income data: Gini averages based on truncated individual data for the wealthiest, max recorded is $999,999, to protect identities? No! (R 22 93,95,97)

    $f Computer problem affects Mississippi liquor stores and restaurants (R 22 98)

    fe South Carolina DMV software glitch costs Sumter County $164,000; car tax records vanish (R 22 98)

    $hi E-ZPass returned via UPS truck keeps getting charged for Jersey Turnpike trips! (R 23 01)

    $ Official self-service litigation system available in England/Wales (R 23 06)

    $himf Peter Deutsch's Eight Fallacies of Distributed Computing (R 23 06)

    hi NOAA training session test message warns of hotter weather as Earth nears the Sun (R 23 07)

    i Southern drawls thwart voice recognition for Shreveport police (R 23 04)

    hi Proper understanding of "The Human Factor" (essay by Don Norman, R 23 07, commentary on two earlier RISKS items in R 23 04 and 06); two follow-ups from Doug Jones and Peter Ladkin (R 23 08); more on Murphy's Law (R 23 09) and developers (R 23 09); similar arguments about medical records (R 23 10)

    i 'Master' and 'slave' computer labels unacceptable, LA officials say (R 23 05)

    m Sony recalling 550,000 CD Walkman battery packs (R 23 04)

    hi Erroneous Australian banana import recommendation due to error in risk assesment input to Microsoft Project file with @Risk add-on (R 23 28)

    (m/f/h?) Dispatch computer glitch grounds Delta flights for 2 hours in Atlanta (R 23 35)

    f Netgear/UWisc NTP router to keep time accurate: bug causes incessant retransmissions; fascinating item (R 23 41)

    d Risks of believing in testing; also a GAO report (R 23 38-43)

    f Jim Horning: Risks of inadequate exhaustive testing of 10M cases (R 24 42, S 31 6:23)

    $f Poor fallbacks on automated systems: Paytrust SmartBalance (R 23 39)

    fi Reason Magazine subscriber-customized covers messed up (R 23 39)

    hi The Daily Farce online satire (Rumsfeld banning digicams in Iraq) reported as truth (R 23 39)

    fi USB "square" plugs plug in backwards! (R 23 32)

    fi Florida sues AT&T for billing a million noncustomers (R 23 35)

    ef Canada's largest bank has "processing disruption" (R 23 43)

    $f TurboTax electronic filing option fails to send AMT Form 6251 (R 23 35)

    de Risks of broadband upgrades: Cox outage affects the recommended Toshiba 1100 cable modems: bad upgrade (R 23 30)

    $fm MiniDV Firewire connector fragility (R 23 33)

    e On-line accounting software upgrade problem: increased ID number length breaks system, which converted to scientific notation and rounding! (R 23 51)

    m Zinc whiskers from under datacenter floors can lead to high equipment failure rates (R 23 45)

    m DSL problem: mice, snakes, and wiring (R 23 57)

    $f Lack of sanity checking in Web shopping cart software: beware of specifying fractional items (R 23 51)

    $m Gloria Estefan performance in Dallas canceled due to computer crash (R 23 49)

    i Emoticon-interpreters create risks in instant messaging services: :) becomes a yellow smiley-face icon (OK), but 401(k) in e-mail to female boss becomes 401 followed by "a big pair of smoochy lips"(R 23 48)

    fhi Leslie Lamport: A Comedy of Errors; TLA+ quoted character anomaly (R 23 66; S 30 2:19-20) and discussion (R 23 67)

    fhi Jim Horning: Risks of lenient parsing: a tale of tracking down an HTML problem (R 23 66; S 30 2:20) and discussion (R 23 67)

    fi Software is no substitute for thought: yet another instance: need for human checks for reasonableness (R 23 60; S 30 2:20)

    f Bruce Tognazzini list of 130+ most common bugs (R 23 67):
    http://asktog.com/Bughouse/index.html

    $fh Belgium's Banksys cashpoints failed due to small technical errors and overload, affecting 220K bank card transactions and 60K credit card transactions (R 23 63)

    $(f/h/i/m?) Strange Standard and Poor stock numbers: index fell 870 points, 73% of its value, for one day (R 23 62,63)

    fi Unintended effects of RFID devices; RFIDing babies (R 23 62,63,65)

    hi E-mail notification from Southwest Air to wrong person, with no reply possibility (R 23 61)

    $hi Problems with Chicago-area toll road transponders (R 23 67)

    $hi Ticket not in computer system: your insurance rates may increase, because you cannot pay the fine! (R 23 66)

    fm (etc.) 130 most common bugs - and counting (R 23 67; S 30 3:29)

    hi- Vatican Web page on Pope John Paul II's death on 2 Apr 2005 was prepared on 1 Apr 2005, before his death, announcing "Vacancy of the Apostolic See" (R 23 84)

    *(f/m/?) Judge accepted hypothesis that Ontario Safari Park tiger triggered power window opening and entered the automobile, awarded $2M in damages (R 23 69)

    m A risk of high-speed CD/DVD-rom drives in current-day PCs, and slowing them down (R 23 71,72); Macrovision DVD copy-protection (R 23 72)

    !*+/-? Hospitals have dramatically reduced unnecessary deaths? (R 24 32,33)

    $f $8 million for self-parking charge: 8.1E+6 (R 24 30-31)

    e NZ IRD tax numbers about to run out (R 24 33)

    m Wily crows disconnect wired Tokyo (R 24 33)

    f Irish ATM pays double; ethical dilemma (R 24 30)

    fi Construction blocked by e-mail filtering `erection' (R 24 30)

    Vhi Risks of relying on the Web in wartime: Australian Consulate required registration online, with no electric power (R 24 35)

    hi DVD player human interface, not designed for usability?
    (R 24 44)

    *hi Silliness in Action: California poised for car cell phone ban (R 24 40)

    British ambulance crew goes 200 miles off course based on name confusion in satellite navigation (R 24 48,49)

    END of yet-to-be-merged items .....

    1.2 11 Sep 2001 and Homeland Security

    ..... Combatting Terrorism

    !!!*VSHf$$ 11 September 2001: terrorist highjacking of four planes used as cruise missiles to destroy the World Trade Center twin towers and part of the Pentagon, with thousands of lives lost and extensive disruption of lower Manhattan infrastructures; relevant GAO reports cited (S 27 1:7, R 21 66-67)

    !h Stray bomb caused by typo in coordinate digit (R 21 70,71,73);

    Sf Discussion of the risks of remotely controlling airliners to prevent hostile takeovers (R 21 68-69); tamperproof autopilot (R 24 60)

    SP Joke e-mail seemingly from bin Laden reportedly landed its recipient in jail, but the details were in dispute (R 21 68-70)

    + Role of amateur (ham) radio communications after land-line and cellular comms failed (R 21 68-71)

    !ih Friendly fire in December 2002 caused by Special Forces GPS battery changeover resetting Taliban target confirmation to its own location!!! (S 27 3:5, R 21 98)

    Sm RISKS discussion of earlier World Trade Center problems (R 21 67) and lessons of 7 WTC (R 21 80)

    S The Web Never Forgets, foiling attempts to remove info later thought to be sensitive (R 21 80)

    SHA Airport security: can you trust a "trusted traveler"? (S 27 3:, R 22 03)

    SPfh No-fly terrorist blacklist snares peace activists, a nun, etc. (R 22 29); More on the No-Fly List (R 22 74); people named David Nelson turned away by CAPPS II pattern matching: at least 6 in LA area, 18 in Oregon, 4 in Alaska (R 22 80); in Austin, David Nelson planned to fly as D. Austin Nelson (R 22 81)

    SPhi Travelers continue to struggle with wrongful Watch List matches (R 24 05)

    SHfh "Homeland Insecurity": technology not foolproof; subsequent discussion on Probabilistic Risk Assessment, firearms in the cockpit, and Computer Assisted Passenger Screening (R 22 20-21,23-24,27); Real risks of cyberterrorism, related to disaster planning; large-scale events; SCADA systems, even if not Internetted; nonpublication of Gartner/ NavalWarCollege study; beware of fear-mongering (R 22 22-23,27)

    SH SCADA systems hacked (R 24 44, S 31 6:28)

    Sf Unexpected consequences of airport random screening: 20selected instead of 2% (R 24 36, S 31 6:28)

    Sfhi Vancouver Int'l Airport locked down due to training software phantom bag (R 24 44, S 31 6:27-28)

    SH Richard Clarke on Homeland Security, airport ID checks, etc. (R 23 78-79; S 30 3:30); "High-tech passports are not working" (R 23 73; S 30 3:31)

    $SH Thieves sabotage Dutch telecom infrastructure (R 24 43, S 31 6:28)

    S Digital retouching of photos to make a propaganda point (R 24 36, S 31 6:28)

    ..... Cybersecurity

    SHfi User security, system security, DMCA, etc.: Edupage neatly juxtaposes two items: Richard Clarke (at Black Hat in Las Vegas) urges hackers to find and report bugs; HP uses DMCA against bug finders (R 22 20); FTC uses Dewie the Turtle to promote computer security through hard-to-guess passwords, antivirus software and computer firewalls, just like President's Critical Infrastructure Protection Board - which puts the onus on users, not on the need for secure systems (R 22 27); reminiscent of Bert the Turtle from Duck and Cover (R 22 28); relying solely on users to tighten security is misguided (R 22 33); attempts to rescind parts of DMCA by Rick Boucher and by Zoe Lofgren (R 22 28)

    Shi Education and the National Strategy to Secure Cyberspace: a critical review of the second version of the national cyberstrategy (Rob Slade, R 22 63)

    S?H?f? Ptech raided for suspected al Qaeda link? No, financial crime investigation, says U.S. attorney; their software is used by Government agencies, but possibilities of Trojan horses reportedly unfounded (R 22 42)

    $ Liability risks from cyberterrorism (S 27 6:12, R 22 18)

    SP American style cyberwarfare: what are the risks? (S 27 6:13, R 22 18,22)

    S Federal agencies get failing grades on cybersecurity; half D or worse (R 23 73; S 30 3:30-31)

    *S Security? Nuclear plants don't need no stinkin' security! (R 23 78; S 30 3:31)

    *SHfff Nation's Critical Infrastructure Vulnerable to Cyber Attack (U.S. House Science Committee, R 24 04; S 30 6:20-21)

    *(SV) One radio frequency for emergency services? (R 24 04) No, (R 24 05,07)

    [See also the sections on security and privacy.]

    ..... Natural disasters

    hi Risks ignored: Hurricane Katrina - predictions before and response after (R 24 04; S 30 6:20)

    !*m Katrina's telecom damage tops $400 Million; repairs may take months. [Of course, that is just the tip of an enormous iceberg.] (R 24 03)

    *hi Katrina victims required to use Microsoft Internet Explorer (R 24 05,06)

    SHP Health records of Hurricane Katrina evacuees go online; privacy implications (R 24 04; S 30 6:23-24)

    1.3 Space

    ..... Manned/Womanned [Peopled?] Space Exploration:

    !!$$Vrfh Shuttle Challenger explosion, 7 killed. [Removed booster sensors might have permitted early computer detection of leak?] [28Jan1986] (S 11 2) [Probably not? See Paul Ceruzzi, Beyond the Limits - Computers Enter the Space Age, MIT Press, 1989, Appendix.] Whistle-blower Roger Boisjoly fired by Morton Thiokol after reporting O-ring problem that led to loss of the Challenger (R 5 78, R 5 80, and R 12 40)

    !mhi NASA cultural failures on STS-107 leading to loss of the Columbia shuttle (reminiscent of the Challenger loss); final data unrecoverable; more discussion (R 22 54); Over-reliance on PowerPoint leads to simplistic thinking, linked to Columbia shuttle accident analysis and disaster (23 07)

    * Mercury astronauts forced into manual reentry? (S 8 3)

    $f STS-1 1st Space Shuttle Columbia backup launch-computer synch problem. See Jack Garman, "The bug heard 'round the world" (S 6 5:3-10) Oct. 1981. I summarize this in my Computer-Related Risks book, page 20-21, along with several of the following cases.

    *f STS-2 shuttle simulation: bug found in jettisoning an SRB (S 8 3)

    *f STS-2 shuttle operational simulation: tight loop upon cancellation of an attempted abort; required manual override (S 7 1)

    *Vf STS-6 shuttle bugs in live Dual Mission software precluded aborts (S 11 1)

    *m STS-9 Columbia return delayed by multiple computer malfunctions (S 9 1)

    *f STS-16 Discovery landing gear - correlated faults (S 10 3:10)

    *if STS-18 Shuttle Discovery positioned upside down; mirror to reflect laser beam from Mauna Kea site aimed upward (+10,023 miles), not downward (+10,023 feet) (S 10 3:10)

    *$ STS-20 Two-day delay of Discovery launch: backup computer outage (NY Times 26 Aug 1985); Syncom 4 satellite failure as well (S 10 5)

    $f SRS-36 Atlantis launch delayed [25Feb1990]; "bad software" in backup tracking computer system, but no details given. (S 15 2)

    h Shuttle Discovery shutdown procedure for two computers reversed (S 16 1)

    *hife STS-24 Columbia near-disaster, liquid oxygen drained mistakenly just before launch, computer output misread (S 11 5)

    *f Columbia orbiter suddenly rotates, due to telemetry noise (S 15 3)

    $m Columbia delayed by computer, interface, sensors; then navigation (S 16 3)

    $f Shuttle Endeavour computer miscomputes rendezvous with Intelsat satellite; nearly identical values interpreted as identical; those SW problems force spec changes (AviatWkSpT 29May/8Jun1992, S 17 3 duplic S 17 4)

    * Shuttle computer problems, 1981-1985; 700 computer/avionics anomalies logged; landing gear problems in STS-6 and -13; multiple computer crashes in STS-9, cutting in backup system would have been fatal; thermocouple failure in STS-19 near disaster (S 14 2)

    m Atlantis spacecraft computer problem fixed in space (S 14 5)

    $f Untested for change, SW delays shuttle launch; 3-min on-line fix (S 15 3)

    $(m/f?)V Shuttle Atlantis launch scrubbed: "faulty engine computer" (S 16 4)

    $*V Columbia launch scrubbed at T-3sec 22Mar93, leaky valve (S 18 3:A14)

    $*V STS-56 Discovery launch scrubbed at T-11sec 5Apr93, main propulsion system high-point bleed valve open-indicator went to off, closed-indicator did not switch to on. Indicator problem? program error? (S 18 3:A14)

    h Discovery SRB recovered with missing pair of pliers (S 18 3:A14)

    *h Discovery shuttle tail speed-brake gears were installed backwards in 1984, not discovered until 2004, 30 flights later! (R 23 29; S 29 5:13)

    fm Channel blocked, Discovery exhausts storage for ozone data (S 18 3:A14)

    H Experimental Space Shuttle e-mail address divulged, bombarded (S 16 4)

    m Woodpeckers delay shuttle launch (S 20 5:8)

    *m Docking problem aboard Soviet space station Mir (S 15 5)

    m Mir Space Station computer problems add to difficulties; main computer failed during docking attempt, 19 Aug 1997 (R 19 31,32), with detailed analysis by Dennis Newkirk (R 19 33)

    m Mir computer failure affects steering; replacement computer fails to load (end of May 1998, just before Discovery launch) (R 19 78)

    *$d GAO reports on NASA Space Station: increased safety risks, costs (S 17 4)

    * Risks of junk in space much greater than previously thought (S 17 4)

    *f$ Potential software nightmare for International Space Station, with considerable discussion (R 19 49-51)

    *$f International Space Station software problems in 2001 predicted in 1997 (S 26 4:4, R 21 37): see (R 19 49-51)

    deh$ Space Shuttle launch-pad test of redesigned fuel tak omitted; problem of test-induced failure (R 24 28)

    ..... Space Exploration, Satellites, Probes, Others:

    $f Hubble Space Telescope problems, soaring costs, missed deadlines, reduced goals, etc. (S 15 2); sensors misdirected because of wrong sign on precession in star data; antenna # 2 limited by misplaced cable, #1 limited because software had only one limit stop, same for both (S 15 3) No system test. 1mm error in monitor program of mirror polisher (S 15 5) See M.M. Waldrop, Science 249, 17Aug1990, pp.735-736.

    Vf/m Hubble Space Telescope antenna swing causes shutdown (S 17 1)

    fh More Hubble SW: misloaded ephemeris table, bad macro (S 18 1:24)

    $fhV $150M Intelsat 6 comm satellite failed; booster wiring error, payload in wrong bay; miscommun. between electricians and programmers (S 15 3)

    $mV Canadian TeleSat Aniks die: solar coronal hole electron flux (S 19 2:3) Anik E-2 control restored, but with shorter life ($203M asset) (S 20 2:11)

    $(f/m?)V Taurus rocket plunges into Indian Ocean, destroying Orbital Imaging satellie, NASA QuikTOMS, and cremated remains of 50 people (S 27 1:8, R 21 68)

    hif NASA's DART spacecraft smashes into satellite; faulty nav data (R 24 29, S 31 5:16)

    $fhe Backward gravity switches: Genesis slammed to Earth after parachutes failed (R 24 33, S 31 5:16)

    fmV SOHO Mission Interruption Preliminary Status and Background Report documents apparently unconnected multiple failures that caused the satellite to lose control (R 19 87)

    fhV Final report on the Solar and Heliospheric Observatory (SOHO) spacecraft failure: software flaw and improper command (R 19 90); mis-identification of a faulty gyroscope, staffing problems, inadequate training, ambitious schedule, unreviewed procedure changes, etc. (R 19 90, 94); contact finally reestablished. (S 24 1:31)

    hm 5 printers off-line or jammed, Voyager 1 data lost over weekend (S 15 5)

    f Voyager 2 software faults at launch, 20 Aug 1977 (S 14 6)

    V$ Titan 34D, Nike Orion, Delta-178 failures follow Challenger (S 11 3)

    V$* Titan 4 rocket test-stand SRB explosion; simulation missed failure mode (R 12 09, S 16 4)

    V(m/f?) Final Titan 4A launch explodes with Vortex satellite; total cost over $1B, Aug 1998 (R 19 91, S 24 1:32)

    mV Titan 4B leaves missile warning satellite in useless orbit (R 20 36)

    Vm/f? Titan 4B with Milstar communications satellite separates four hours early, resulting in a useless low orbit, 30 Apr 1999 (S 24 4:26, R 19 36)

    Vhm$ 6 successive Theater High-Altitude Area Defense (THAAD) failures, including three typos; then a "success" (R 20 43,45); Titan 4B failure (R 20 39) blamed on shifted decimal point in upper-stage software (R 20 45)

    Vf,f Delta III launch ends after 71 seconds due to software flaw; two weeks later, Delta III leaves Loral Orion comm satellite in useless low orbit 4 May 1999 (R 20 38)

    Vmfh Centaur/Milstar upper-stage failure due to attitude-control system software (R 20 49); roll-rate filter constant .1 factor (-0.1992476, not -1.992476) (R 20 57,59)

    Vm$ Private imaging satellite Ikonos 1 disappears 8 minutes after launch (S 24 4:26, R 20 36); loss blamed on an electrical problem that prevented the aerodynamic payload cover from coming off. Subsequent Ikonos launched successfully (R 20 60):

    f Terra spacecraft navigation software problems (S 25 3:18, R 20 78)

    V$(m?f?) Two satellite failures (R 21 19, S 26 2:5)

    Vm/f? Russian rocket blows 12 Globalstar satellites (S 24 1:32, R 19 95)

    V$(f?m?) Computer blamed for Russian rocket crash (R 21 18, S 26 2:5)

    $fmmm Fascinating historical case recently reported of Russian KORD N-1 rocket-engine shutdown system failures, 1969, 1971, 1973; lots of lessons to be learned (R 21 53)

    h Boeing space station tanks accidentally taken to Huntsville dump (R 20 83)

    Vh Space Station endangered by NASA flight controllers' blunder in maneuvering around space junk; predicted distance also way off (R 20 46-47)

    SH Space Station Problem Reporting Database hacked (R 20 47-48)

    $Vmf Space Station risks (R 21 14, S 26 2:5)

    f "Truncation error" found in GPS code on Int'l Space Station (S 27 6:6, R 22 11)

    $de NASA space station undergoing software repairs for 500 of 1000 known flaws (R 23 46; S 30 1:10)

    V$ehf Canaveral Rocket lost; wrong key hit in loading guidance SW (S 16 4)

    df NASA finds problems in EOSDIS Earth Observing System (EOS) spacecraft flight operations software development, expected to delay launch (R 19 67)

    m+ Apollo 11 lunar module, pen used to replace circuit breaker (S 18 3:A14)

    Vr* Lightning hits Apollo 12. "Major system upsets, minor damage". See article by Uman and Krider, Science 27 Oct 1989, pp. 457-464. (S 15 1)

    V$m Lightning changed Atlas-Centaur program (51 sec). $160M lost (S 12 3, 15 1)

    @V*$m Lightning hits launch pad, launches 3 missiles at Wallops Island (S 12 3)

    V$f Mariner 1 Venus probe: HW fault plus programmer missed superscript bar in `R dot bar sub n'. See Paul Ceruzzi, Beyond the Limits - Flight Enters the Computer Age, Smithsonian, 1989, Appendix (S 14 5). (Earlier reports had suggested DO I=1.10 bug (see next item) or a garbled minus sign (or hyphen.) (S 8 5, 11 5, S 13 1)

    $f Project Mercury had a FORTRAN syntax error such as DO I=1.10 (not 1,10). The comma/period interchange was detected in software used in earlier suborbital missions, and would have been more serious in subsequent orbital and moon flights. Noted by Fred Webb. (S 15 1)

    *f Gemini V 100mi landing err, prog ignored orbital motion around sun (S 9 1)

    V$f Atlas-Agena software missing hyphen; $18.5M rocket destroyed (S 10 5)

    @VSH Lauffenberger convicted of logic bombing GD's Atlas rocket DB (S 17 1)

    Vm Navy Atlas rocket places satellite in worthless orbit (S 18 3:A14)

    V$f Aries with $1.5M payload lost: wrong resistor in guidance system; (S 11 5)

    V*f TDRS relay satellite locked on wrong target (S 10 3:10-11)

    Vm AT&T Telstar 401 satellite failure (S 22 4:26, R 18 76)

    de Satellite system outage hits Associated Press (R 21 04; S 26 1:18)

    Vm Ariane 5 test problems: motor failures, nitrogen leak (S 20 5:9, R 18 27,28)

    V$f New Ariane 5 failure (S 21 5:15); More on Ariane 5: conversion from 64-bit floating to 16-bit signed caused Operand Error (R 18 27-29,45,47); Note: Matra made software for Ariane5 and Taipei subway system (S 21 5:15); Incidentally, Robert L. Baber, Univ. Witwatersrand, Johannesburg, suggests you browse http://www.cs.wits.ac.za/ bob/ariane5.htm - showing how a simple correctness proof could have avoided this problem. (R 18 89-91)

    *Mm Cosmic rays hit TDRS, Challenger comm halved for 14hrs [8Oct1984](S 10 1)

    $Mr Sunspot activity: 1979 Skylab satellite dragged out of orbit (S 13 4)

    hM 1989 pulsar discovery now attributed to TV camera interference (S 16 3)

    V$hfe Soviet Phobos I Mars probe lost (Sep 1988): faulty SW update (S 13 4); cost to USSR 300M rubles (Aviation Week, 13 Feb 89); disorientation broke radio link, discharged solar batteries before reacquisition. [Science, 16Sep1988] More on Phobos 1 and 2 computer failures (S 14 6)

    V$? Soviets lose contact with Phobos II Mars probe. Automatic reorientation of antenna back toward earth failed. (S 14 2)

    V$f 1971 Soviet Mars orbiter failed after "unforgivable" SW bug; new info (S 16 3)

    f Assessment of predictions on the Russian Mars Probe crash site (S 22 2:22)

    V$fm 1993 Mars Observer lost entering Mars orbit (S 18 4:11; R 14 87,89; 15 01); loss blamed on fuel line leak (Washington Post, 10 Jan 1994)

    f What really happened on Mars Rover Pathfinder? David Wilner on VxWorks system resets and preemptive priority scheduling, and Glenn Reeves - first-hand commentary must be read (R 19 49,50,53,54) and further discussion of priority inversion (R 19 50,53,54,56)

    fe Spirit Rover failure on Mars: software upload to delete files failed, file space exceeded, caused reboot with insufficient file space, causing reboot loop (R 23 14,15, see final summary in R 23 24); DOS file system continual growth design oversight (R 23 51) ["Spirit was willing, but its flash was weak." Jim Griffith, R 23 17]

    dfe More on NASA Spirit and MS-DOS/VxWorks FAT system (R 23 51,52; S 30 1:10)

    V$fm Mars Climate Orbiter lost, dipped too close to Mars due to English/Metric confusion; Mars Polar Lander reprogrammed to report back directly on 3 Dec 1999 (R 20 59-62); Mars Lander then lost entirely on landing attempt, search abandoned after a month. Crash finally blamed on software shutting engines off prematurely (R 20 84,86)

    + Mars Odyssey probe maneuver braked successfully in orbit, 22 Oct 2001 (S 27 1:8, R 21 71)

    m$ Japan's Mars probe Nozomi goes off course (R 23 07; S 29 2:9)

    m+/- Pioneer 10 still alive, sort of, 30 years later (R 22 44)

    f+ Cassini-Huygens mission to land on Saturn's moon, Titan succeeded; software flaw detected and fixed (R 23 65,67; S 30 2:17)

    $h Loss of data from the Huygens Probe: one comm channel not turned on (R 23 67; S 30 3:22)

    $f/h? NASA HESSI shake test 10 times too strong, damaging spacecraft (S 25 3:15, R 20 86)

    $f Sea Launch rocket drops satellite into Pacific Ocean (S 25 3:15, R 20 84,86); single line of code allowed launch with second-stage valve open, causing helium leak (R 20 97)

    Vfm$ Electronics startup transient opened telescope cover prematurely, destroying Wide Field Infrared Explorer (WIRE) spacecraft (R 20 47-48)

    V$m $1.4B Galileo antenna jammed, en route to Jupiter (S 18 4:11)

    V$m Landsat 6 vanishes; space junk tracked by mistake (S 19 1:10)

    V$f Magellan space software problems: serious design flaw fixed (S 14 5) Nonatomic setting of scheduled and active flags interrupted. See H.S.F. Cooper, Jr., The Evening Star: Venus Observed, Farrar Straus Giroux, 1993. Discussion in J.M. Rushby, SRI-CSL-95-01.

    $m Magellan spacecraft manual guidance overcomes faulty computer chip (S 15 2)

    V*h Soyuz Spacecraft reentry failed, based on wrong descent program, (orbiting module had been jettisoned, precluding redocking) (S 13 4)

    *fh Software bug in autopilot on return sends Soyuz off course (R 22 72,74,78; S 28 4:6, S 28 6:7)

    V$fe Viking had a misaligned antenna due to a faulty code patch (S 9 5)

    *f Ozone hole over South Pole observed, rejected by SW for 8 years (S 11 5)

    ? Global-warming data confusion (R 19 91-92)

    @Vfm Channel blocked, Discovery runs out of storage for ozone data (S 18 3:A14)

    * Continuing trend toward expert systems in NASA (S 14 2)

    f SW bug on TOPEX/Poseidon spacecraft "roll momentum wheel saturated" alarm aborted maneuver. It was recoverable, however. (S 18 1:24)

    1.4 Defense

    V!hhh U.S. F-15s take out U.S. Black Hawks over Iraq in Friendly Fire; 26 killed, attributed to coincidence of many human errors. (Other cases of friendly fire included 24% of those killed in the Gulf War.) (S 19 3:4) According to a seemingly reliable private correspondent who has read through at least 62 volumes of investigation reports, the public was seriously misled on this situation and there was a considerable cover-up. For now, contact me if you want further background.

    !!$rhi Iran Air 655 Airbus shot down by USS Vincennes' missiles (290 dead); Human error plus confusing and incomplete Aegis interface (S 13 4); Commentary on Tom Wicker article on Vincennes and SDI (S 13 4); Aegis user interface changes recommended; altitude, IFF problems (S 14 1); Analysis implicates Aegis displays and crew (Aerospace America, Apr 1989); Discussion of further intrinsic limitations (Matt Jaffe, S 14 5, R 8 74); USS Sides Cmdr David Carlson questions attack on Iranian jet (S 14 6)

    !!$rfe Iraqi Scud hit Dhahran barracks (28 dead, 98 wounded); not detected by Patriot defenses; clock drifted .36 sec. in 4-day continuous siege, due to SW flaw, preventing real-time tracking. Spec called for aircraft speeds, not mach 6, only 14-hour continuous performance, not 100. Patched SW arrived via air 1 day later (S 16 3; AWST 10Jun91 p.25-26); Shutdown and reboot might have averted Scud disaster (S 16 4) Patriot missiles misled by `accidental' decoys; T.A. Postol report (S 17 2); summary of clock drift, etc. GAO/IMTEC-92-26, February 1992 (S 17 2); reprisals against Postol for his whistleblowing (R 13 32, S 17 2); Army downgrades success to about 10% rather than 80% [4 out of 47 hits] (R 13 37, S 17 2, 17 3); A retrospective analysis (in Italian) by Diego Latella (R 24 41, S 31 6:26)

    GAO report documents clock problem in detail (S 17 3) 24-bit and 48-bit representations of .1 used interchangeably (S 18 1:25)

    $(m/f?) Two of three Patriot missiles failed (R 21 92)

    !m/f/h Friendly Fire: Patriot software again a concern: shoots down British Tornado GR4 near Iraq/Kuwait border (R 22 65-67); more discussion (R 22 67-70); confusions with numbers (R 22 69-70); Aegis (R 22 71)

    !!$hV Russian airliner shot down by Ukrainian missile in errant test; earlier Ukrainian missile test killed four people in an apartment block (S 27 1:8, R 21 69)

    *f Patriot system fails again (S 25 3:18, R 20 85)

    !mhi Report on Patriot missile friendly fire over Iraq on 2 Apr 2003; plane mistaken for hostile missile (R 23 72; S 30 3:23)

    *f Software snafu slowed critical data during Iraq raid (S 24 3:25, R 20 23)

    !!V$h? Sheffield sunk during Falklands war, 20 killed. Call to London hindered antimissile defenses on same frequency? [AP 16May1986](R 2 53, S 11 3) An "official" version disputes this conclusion - see "The Royal Navy and the Falkland Islands" by David Brown, written at the request of the Royal Navy. Page 159 of that report discusses another problem with the Sea Wolf system, occurring several days later.

    @SVf$ Royal Navy battle software unsafe; whistle-blower fired (R 23 56)

    !V$ British Falklands helicopter downed by British missile. 4 dead (S 12 1)

    !fi Software problem in Advanced Field Artillery Tactical Data System kills soldiers in training incident; unspecified altitude defaults to zero (S 27 6:10, R 22 13)

    !!V$f USS Liberty: 3 independent warning messages to withdraw were all lost; 34 killed, more wounded. Intelligence implications as well. (S 11 5)

    !Vhfi? Stark unpreparedness against Iraqi Exocets blamed on officers, not technology, but technology was too dangerous to use automatically (S 12 3); Captain blamed deficient radar equipment; official report says radar detected missiles, misidentified them. (S 13 1)

    Vrf$ USS Yorktown Aegis missile cruiser dead in water for 2.75 hours after unchecked divide by zero in application on Windows NT Smart Ship technology (S 24 1:31, R 19 88-94); letter to Scientific American: it was an explicit decision to "stimulate" [sic] machinery casualties? (S 24 4:26, R 20 37)

    $hfe Navy software problems in upgrading software on battle cruisers USS Hue City and USS Vicksburg (S 23 5:25, R 19 86-87)

    $SVrfe Navy to use Windows 2000 on aircraft carriers (R 20 95)

    fid Not-so-smart weapons in Kosovo (R 21 01; S 26 1:18)

    *Vf 5th Bell V22 Osprey crash: assembly error reversed polarity in gyro (S 16 4); Bell V-22 Osprey - correct sensor outvoted (S 17 1)

    !V$fmh Another Osprey crash April 2000 kills 19 (R 21 14, S 26 2:5); falsified maintenance records; yet another crash 11 Dec 2000 killing 4 Marines, blamed on hydraulics failure, software failure, and incompletely tested backup (Ladkin in R 21 21, 21 24, see also R 21 25,33-36, with more detailed analysis in R 21 38 and 41; summarized in S 26 4:3)

    !fmH More on the Osprey (S 26 6:8): software problem identified, but downplayed in Blue Ribbon report (R 21 41); 8 Marine officers charged with falsifying maintenance records (R 21 60)

    !V$fmh? Two U.S. F-15 jets disappeared over Scotland, 26 Mar 2001; U.S. Army RC-12 reconnaissance plane crashed near Nuremberg, killing two pilots - same day; German military helicopter crashed in Peppen, Germany, on 27 Mar 2001, killing four (R 21 31; S 26 4:4)

    *hi Sea King helicopter crashes onto Canadian HMCS Iroquois: fire control system deployment failure (R 22 76, S 28 6:8)

    Vfhi Predator UAV crash, 25 Apr 2006: console locked up switchover erroneous, cut fuel (R 24 29, S 31 5:17)

    *h Swiss radar controller jokingly labeling helicopter as al Qaeda almost leads to French fighter intercept of civilian craft (R 22 79, S 28 6:7)

    $ Expensive Australian Navy avionics development failure in Super Seasprite helicopters (R 24 29, S 31 5:17)

    *H Fraudulent test SW in Phalanx anti-missile system, Standard missile (S 13 4)

    Hhf West German flies Helsinki-Moscow through Soviet Air Defense (S 12 3)

    Hhf Soviet Air Defense penetrated again by amateur pilot (S 15 5)

    $h Russian missile-site power outage due to unpaid utility bill? (S 20 1:17)

    **f Returning space junk detected as missiles. Daniel Ford, The Button, p.85

    ** WWMCCS false alarms triggered scrams 3-6 Jun 1980 (S 5 3, Ford pp 78-84)

    ** DSP East satellite sensors overloaded by Siberian gas-field fire (Daniel Ford p 62); Ford summarized (S 10 3:6-7)

    **f BMEWS at Thule detected rising moon as incoming missiles [5Oct1960] (S 8 3). See E.C. Berkeley, The Computer Revolution, pp. 175-177, 1962.

    ** SAC/NORAD: 50 false alerts in 1979 (S 5 3), incl. a simulated attack whose outputs accidentally triggered a live scramble [9Nov1979] (S 5 3)

    *** Serious false 2200-missile-alert incident 3 Jun 1980 described by Stansfield Turner, mentioning thousands of other false alarms (S 23 1:12, R 19 43)

    *fmh Russian early-warning system close to retaliatory strike: Norwegian weather rocket mistaken for American Trident (R 19 85)

    m Report from Kommersant Vlast on Serbukov-15 base false detection of ICBMs en route to Moscow on 25 Sep 1983; human intervention stopped retaliation; system allegedly misbehaved due to radiation (R 19 97)

    *$VfM Libyan bomb raid accidental damage by "smart bomb" (S 11 3) F-111 downed by defense-jamming electromagnetic interference (S 14 2) More on U.S. radio self-interference in 1986 Libyan attack (S 15 3)

    * Iraq using British Stonefish smart mines, with "sensitive" SW (S 15 5)

    *fh Discussion of US/UK smart bombs missing targets in Iraq (R 21 26-28)

    *SP Britain bugged radio equipment sold to Iraq (S 16 4)

    *SP Trojan horse implants in DoD weapons (S 16 4)

    *SP Trojan horse inserted in locally netted printer sold to Iraq? (S 17 2)

    *Vm Arabian heat causing problems with US weapons computers (S 15 5)

    *V$m Lightning hits launch pad, launches 3 missiles at Wallops Island (S 12 3)

    * Frigate George Philip fired missile in opposite direction (S 8 5)

    *h? Unarmed Soviet missile crashed in Finland. Wrong flight path? (S 10 2)

    *Vf 1st Tomahawk cruise missile failure: program erased [8Dec1986] (S 11 2)

    *Vm 2nd Tomahawk failure; bit dropped by HW triggered abort (S 11 5, 12 1)

    f/m? CALCM cruise missile software bugs revisited (S 22 2:22)

    hi Accidental launch of live Canadian Navy missile: color-code mixup (S 22 1:18)

    *$rf Program, model flaws implicated in Trident 2 failures; self-destruct 4 seconds into one flight caused by unexpected turbulence before leaving the water (S 14 6, R 9 12)

    *VrmM RF interference caused Black Hawk helicopter hydraulic failure (S 13 1); More on Black Hawk EMP problems and claimed backwards pin (R 17 39,42)

    *VSM RF interference forces RAF to abandon ILS in poor weather (R 21 17)

    f Reliability risks in USB Army 'Land Warrior' soldier-of-the-future (R 21 27)

    *f Sgt York (DIVAD) radar/anti-aircraft gun - software problems (S 11 5)

    $f Software flaw in submarine-launched ballistic missile system (S 10 5)

    V$f AEGIS failures on 6 of 17 targets attributed to software (S 11 5)

    Vf WWMCCS computers' comm reboot failed by blocked multiple logins (S 11 5)

    $ WWMCCS modernization difficulties (S 15 1)

    *$f Gulf War DSN 20-30% call completion persists 3 mos. until SW patch (S 17 4)

    $f Armored Combat Earthmover 18,000 hr tests missed serious problems (S 11 5)

    $rfi Stinger missile too heavy to carry, noxious to user (S 11 5)

    **V$$rS Strategic Defense Initiative - debate over feasibility (S 10 5); Pentagon says SDI complexity comparable to nuclear reactors (Newsweek, S 17 3) See Way Out There in the Blue: Reagan, Star Wars, and the End of the Cold War, Frances FitzGerald, Simon & Schuster, 2000 for a fine retrospective analysis.

    $d SDI costs, budget issues, risks discussed (S 17 4)

    $ StarWars satellite 2nd stage photo missed - unremoved lens cap (S 14 2)

    f StarWars FireFly laser-radar accelerometer wired backwards (S 19 2:2)

    *f "Faith-based" National Missile Defense system discussed (S 26 6:6, R 21 41,43,45); two of the most recent three tests failed, and the other had radar failing to indicate "success" (R 21 53); all three reportedly had GPS-based homing beacons to aid the interception! (R 21 63)

    fff Alistair Cooke on National Missile Defense: among other risks, crude wobblers are harder to detect than sophisticated missiles (R 21 65)

    -[VSfmde?] StarWars to be exempt from oversight, reporting, and testing requirements? (R 22 59)

    h StarWars missile-defense test failure [11 Dec 2002] linked to single chip malfunction (R 22 68; S 28 4:6)

    $f Missile interceptor shut down before it could leave its silo [15 Dec 2004]; too many missed messages (R 23 65-66; S 30 2:17)

    $ Another missile interceptor test doesn't leave its silo [14 Feb 2005]; timing problem in ground support? 6th failure in 9 attempts (R 23 72; S 30 3:22-23)

    $f Software safeguards prevent Solar Sail from separation? (S 26 6:8, R 21 55)

    $* 1.7M resistors recalled. Used in F-15, Patriot, radar, comm aircr. (S 16 3)

    $hd DoD criticized for software development problems (S 13 1)

    $df Future Combat Systems procurement and development problems: GAO report considers JTRS, WIN-T, SOSCOE (R 23 93; S 30 4:19-20)

    * US Navy radar jammers certified despite software errors, failed tests (S 17 3)

    $ USAF software contractors score poorly on selections (S 14 1)

    $d ADATS tank-based anti-copter missile system development problems, $5B overrun, unreliability, ... (S 16 1)

    $d British air defense system ICCS SW causes ten-year delay (S 15 5)

    *Sf US Army Maneuver Control System vulnerable to software sabotage (S 15 5)

    $d US-supplied Saudi Peace Shield air defense software problems (S 15 5)

    $d Serious software problems in UK Trident nuclear warhead control (S 15 5)

    *m Russian nuclear warheads armed by computer malfunction (R 19 14)

    *h Outdated codes made US missiles useless until annual inspection (S 14 5)

    S Classified data in wrong systems at Rocky Flats nuclear weapons plant (S 16 4)

    SPh Classified disks lost by Naval commanders on London train (R 17 54)

    hi? Listing of US Navy safety problems in two-week period (S 15 1)

    Vm Rain shuts down Army computers; lightning effects and prevention (S 15 1)

    fh Army Automated Time and Attendance Production System (ATAAPS) loss of data for 10 days (R 20 97)

    * Role of e-mail, Internet, FAX in defeating 1991 Soviet coup attempt (S 16 4); (S) power surges used to fry faxes and computers in countermeasure (S 16 4)

    * Russian auto-response missile system still in place in Oct 1993 (S 19 1:10)

    !!*V(f/h?) Russian nuclear submarine explosion (missile test awry) kills crew of over 100 in Barents Sea, 13 Oct 2000. Also, Izvestia reported over 507 sub crew members had died previously. (R 21 01)

    *Vh Russian nuclear sub near-disaster due to utility power shutoff? (R 17 42,44)

    !mh Kursk submarine sinking: 23 crewmen reached the floating rescue capsule, but it failed to disengage - it had never been tested (R 22 11)

    *fV Russian remote-controlled rescue submarines failed to respond in time of urgent need due to software flaw (R 24 01, S 30 6:17); British sub comes to the rescue to unsnarl the Russian sub

    !! Analysis of U.S. peacetime submarine accidents http://freeweb.pdq.net/gstitz/Peace.htm

    !*hi The crash of the USS San Francisco into an undersea mountain at a depth of 525 feet (8 Jan 2005) has been attributed to use of the wrong chart, although other charts on board showed the seamount. (R 24 01)

    Vfm Software disaster leaves new Australian submarine unfit; wide range of pervasive hardware/software failures reported (R 20 48)

    1.5 Military Aviation

    !!V$f Handley Page Victor tailplane broke, crew lost. 3 independent test methods (wind-tunnel model didn't scale, resonance tests, low-speed flight tests), 3 independent flaws, masking flutter problem (S 11 2-12, correction S 11 3)

    !Vf Harrier ejection-seat parachute system accidentally deployed, blew through the canopy, but without ejecting the seat and pilot, who was killed (S 13 3)

    f Harrier targets police radar gun; fortunately not armed! (S 21 4:14)

    *V(h/m?) Japanese pilot accidentally ejected into the Pacific (S 19 4:12)

    *V$h British Harrier accidentally bombs British carrier, Ark Royal (S 17 3) 5 injured. Auto aim-off SW blamed for the Ark Royal bombing (S 18 1:23) Correction noted Mar2001: it was a Royal Air Force Harrier GR3, not a Sea Harrier.

    *V$f SAAB JAS 39 Gripen crash caused by flight control software (S 14 2, 14 5)

    *V$fmhi 2nd JAS 39 Gripen crash 8Aug1993 blamed on pilot/technology (S 18 4:11); interface difficulties, complicated analysis (S 19 1:12)

    *V$rf Software problems in B-1B terrain-following radar, flight-control; electronic countermeasures (stealth) jam plane's own signals (S 12 2); array antennas and effects on mobile phones can defeat stealth cloak of invisibility (R 21 49)

    *V$h B-1B swept wing punctures gas tank on the ground; blamed on low lubricant; problem found in 70 of 80 B-1Bs inspected (S 14 2)! No computer sensors?

    $fd Stealth development problems including SW miscalculation in wiring (S 15 1)

    $f UHB demonstrator flight aborted by software error at 12,000 feet (S 12 3)

    *V$fh F-22 prototype crash first blamed on computer SW, then on pilot (S 17 3)

    $*Vhif $133M F/A-22 Raptor air-superiority fighter crashed 11 seconds after takeoff, 20 Dec 2004; momentary power loss interpreted as switch to test mode; all three rate-sensor assemblies failed, with no warning; redesign in progress (R 23 90; S 30 4:19)

    *V$f F-18 crash due to missing exception cond. Pilot OK (S 6 2, more SEN 11 2)

    *Vhi F-18 missile thrust while clamped, plane lost 20,000 feet (S 8 5)

    fm F/A-18 jets have a severe brake failure problem due to thin electrical cable (R 24 01,02)

    *f F-16 simulation: virtual plane (or perhaps the apparent display horizon?) reportedly flipped over whenever it crossed equator (S 5 2); More on the upside-down F-16 bug: it was reportedly caught in simulation: the bug apparently led to a deadlock over whether to do a left or right roll to return to upright, and the software froze (S 9 5). This case is still one that still needs definitive resolution after all these years. Either (1) this was a flaw in the avionics software that was detected by the simulation, or (2) perhaps it was an error in the simulation program itself rather than the avionics software. Does anyone still alive know for sure? [I mentioned this again in connection with the F-22A Raptors, whose computers could not correctly cross the International Date Line (R 24 58). PGN, Mar 2007]

    $Vhi F-16 landing gear raised while plane on runway; bomb problems (S 11 5)

    *Vfh Unstallable F-16 stalls; novice pilot found unprotected maneuver (S 14 2)

    $d USAF ECM systems: software 2 years late for F-16 and F-111 (S 15 5)

    *hif Accidental shootdown of one Japanese F-15 by another (R 17 65, R 18 18); controversy continues (R 18 41,57)

    *V$f? F-14 off aircraft carrier into North Sea; due to software? (S 8 3)

    *V$f F-14 lost to uncontrollable spin, traced to tactical software (S 9 5)

    Vf YF-23 fly-by-wire prototype attempted tail corrections while taxiing. Same problem on first X-29. (AFTI/F-16 had weight-on-wheels switch.) (S 16 3) AFTI/F-16 DFCS redundancy management: ref to J.Rushby SRI-CSL-91-3 (S 16 3)

    +- Historical review of X-15 and BOMARC reliability experiences (S 17 3)

    $ Systems late, over budget (what's new?); C-17/B-1/STC/NORAD/ASJP (S 15 1)

    V*$fd C-17 SW/HW problems documented in GAO report; 19 on-board computers, 80 microprocessors, six programming languages; complexity misassessed GAO: "The C-17 is a good example of how not to approach software development when procuring a major weapons system." (S 17 3) Chairman John F. McDonnell's reply (S 17 4)

    f C-130 testbed uncovers 25-yr-old divide-by-zero bug in X-31 SW (S 16 3)

    *Vmf X-31 crash, 19 Jan 1995 (R 17 45,46,47,60,62; 60=Pete Mellor)

    V(f?) Unplanned 360-degree roll of NASA's X-38 in test (R 21 10)

    *VM US missile-warning radar triggers accidental explosions in friendly aircraft; radar must be turned off when planes land! (S 14 2)

    * AF PAVE PAWS radar can trigger ejection seats, fire extinguishers (S 15 1)

    !$h 1988 RAF Tornados collided, killing 4; flying on same cassette! (S 15 3)

    V$ef DarkStar unmanned aerial vehicle (UAV) crash from software change, cost $39M (S 22 1:17-18)

    $V(f?m?) Helios solar-powered remote-controlled flying wing with $10M fuel-cell system lost in Pacific after severe oscillations; previously had set altitude record of 100,000 feet (R 22 80, S 28 6:9)

    mM? Air Force bombs Georgia - stray electromagnetic interference? (S 14 5, R 8 72)

    *hme, etc. Navigation, GPS, and risks of flying (R 19 73,75,77); Implications of the U.S. Navy no longer teaching celestial navigation (R 19 75,77-79,81-82)

    *$VSf GPS vulnerabilities need attention, with increasingly critical dependence on continuous functionality; see Dept of Transportation report (R 21 67)

    - U.S. National Geospatial-Intelligence Agency (NGA) proposes to withdraw all aeronautical data and products from public distribution (R 23 91)

    *+/-? US Navy to drop paper charts in favor of global online digital database (R 24 01,02)

    1.6 Commercial Aviation

    hi Crew reliance on automation cited as "Top Risk" in future aircraft (R 21 35)

    ..... Commercial flight incidents

    !!hi Comair 5191, 27 Aug 2006: Taxiway altered before Kentucky jet crash; only one controller on duty (R 24 41, S 31 6:22)

    !!$V(hi?) Korean Airlines KAL 007 shot down killing 269 [1Sept1983]; autopilot on HDG 246 rather than INERTIAL NAV? (NYReview 25 Apr 85; SEN 9 1, 10 3:6, 12 1) or espionage mission? (R.W. Johnson, "Shootdown") Further information from Soviets, residual questions (S 16 3); Zuyev reports Arctic gales had knocked out key Soviet radars; Oberg believed Sakhalin air defense forces were "trigger-happy" following earlier US Navy aircraft overflight incursions [Reuters 2Jan1993]; Analysis of recent articles on KAL 007 (Ladkin, R 18 44)

    !!Vfe Korean Airlines KAL 901 accident in Guam, killing 225 of 254; worldwide bug discovered in barometric altimetry in Ground Proximity Warning System (GPWS) (S 23 1:11, R 19 37-38)

    !!Vm Alaska Airlines flight 261, 31 Jan 2000, dove into Pacific Ocean after jackscrew failure in stabilizer assembly; hearing results show loss of paper trail (R 21 15)

    !!V(m?h?) TWA Flight 800 missile-test accident hypothesis causing near-empty fuel-tank explosion off Long Island widely circulated in Internet e-mail, causing considerable flap. Missile theory officially discredited. Minireview of James Sander's The Downing of TWA Flight 800 (R 19 12); speculative discussion on the downing of TWA 800 (R 19 13); possibility of EMI raised in article by Elaine Scarry, New York Review of Books, 9 Apr 1998 (R 19 64-66). Harvard Magazine Jul-Aug 1998, pp. 11-12, diagram shows TWA 800 at 13,700 feet between a P3 Orion directly overhead at 20,000 feet, Black Hawk helicopter and HC-130 at 3,000 feet both directly below (with a C-141 and C-10 nearby). But this seems unlikely. (R 19 86) Report by the late Commander William S. Donaldson III, USN Ret., 17 July 1998, claiming a hostile missile attack, with radar tracks, etc. http://www.twa800.com/index.htm.

    !!V$rh Air New Zealand crashed into Mt Erebus, killing 257 [28Nov1979]; computer course data error detected but pilots not informed (S 6 3, 6 5)

    !!V$f/m? Lauda Air 767-300ER broke up over Thailand. 223 dead. Cockpit voice recorder: thrust reverser deployed in mid-air. Precedents on 747/767 controlled; investigation in progress. (S 16 3, AWST 10Jun91 pp.28-30) Suitcase full of cheap lithium-battery Chinese watches exploded? Earlier lithium battery problems: South African 747 in 1987, killed 159; Cathay Pacific 1990 emergency landing (S 16 3, Sunday Times, London, 23 Jun 91) Many other planes may be flying with the same thrust-reverser defect; FAA, Boeing simulations, suggest 757 less aerostable than though (S 16 4) Ex-Boeing expert had warned of software flaw in 747/767 proximity switch electronics unit; he claims he was ordered to suppress data. (S 17 1)

    !!Vhifmr Northwest Air flight 255 computer failed to warn MD80 crew of unset flaps misset, thrust indicator wrong; 156 dead (S 12 4;2); circuit breaker downed the warning system that should have detected those problems. [But who checks the checker?] Simulator, plane behave differently (S 13 1); Report blames pilot error, unattributed circuit outage (S 13 3); Report that the same pilots had intentionally disconnected the alarm on another MD-80 two days before raises suspicions (S 14 5, R 08 65); NW sues CAE over spec error in flight training simulator (S 15 5); A Federal jury ruled on 8 May 91 that the crew was to blame.

    !!V$mf/h/i? British Midland 737 crash, 47 killed, 74 seriously injured; right engine erroneously shut off in response to smoke, vibration (Flight International 1 Apr 89); suspected crosswiring detected in many OTHER planes (S 14 2); low-probability, high-consequence accidents (S 14 5); random memory initialization in flight management computers (S 14 5); Kegworth M1 air crash inquest: many improvements suggested (S 15 3); Criticism of "glass cockpits" (S 15 3); UK AAIB fingers 737-400 liquid crystal display layouts (S 16 3, R 11 42); now-retired British vicar Reverend Leslie Robinson claims a witches' coven was operating under the flight path (R 20 12)

    !hi B747 freighter crash on takeoff from Nova Scotia; data from previous flight used; all 7 aboard killed (R 24 34, S 31 5:16-17)

    !!mhi Cockpit confusion found in Cypriot airliner crash, resulting in cabin depressurization and 121 dead (R 24 03,05,07; S 30 6:13) (The aircraft was a Boeing 737, rather than the incorrectly reported attribution in the SEN summary.)

    !m Midair Collision in Brazil at about 37,000 feet, despite TCAS 2000 (R 24 50)

    *mfhi(+/-) etc. Analysis of flight control system software anomalies (Ladkin, R 24 03; S 30 6:13-16); autopilot software hijacks Malaysian Airlines 777 (R 24 05; S 30 6:16-17); more (R 24 07)

    * Example of two faulty avionics programs outvoting the correct one in a two-out-of-three majority voting experiment: J.E. Brunelle and D.E. Eckhardt, Jr., Fault-Tolerant Software: An Experiment with the SIFT Operating System, Fifth AIAA Computers in Aerospace Conference, 1985, 355-360.

    *fm Air disasters: A crisis of confidence? Phuket Air 747 aborts (R 23 83; S 30 3:23-24)

    !!Vh Aeromexico flight to LAX crashes with private plane, 82 killed (S 11 5)

    !!Vh Metroliner&transponderless small plane collide 15 Jan 87. 10 die (S 12 2)

    !!Vh Two planes collide 19 Jan 87. Altitude data not watched by ATC. (S 12 2)

    !!Vfih 1994 China Air A300-600 Nagoya accident killing 264: final report blames pilots and autopilot human-computer interface (R 18 33); (see also R 16 05-07, 09, 13-16)

    !Vh Air France Airbus A320 crash blamed on pilot error, safety controls off (S 13 4); 3 killed. Airbus computer system development criticized (S 13 4); Subsequent doubts on computers reported: inaccurate altimeter readings; engines unexpectedly throttling up on final approach; sudden power loss prior to landing; steering problems while taxiing (S 14 2); reportage by Jim Beatson (R 08 49, 08 77), barometric pressure backset? (S 14 5) investigators blame pilot error; pilots charge recorder tampering (S 15 3) Pilots convicted for libel in blaming technical malfunctions! (S 16 3)

    !!V? Indian Airlines Airbus A320 crashes 1000 ft short of runway; 97 die (S 15 2) A320 flight modes (S 15 3); apparent similarities in crashes (S 15 3) Air India unloading their A320s (S 15 5)

    V(m?) Air India Airbus 320 autopilot failure [19Apr1999]? (S 24 4:26, R 20 32)

    !!Vhmi French Air Inter A320 crash on approach to Strasbourg airport [20Jan1992]; 87 dead, 9 survivors; 2,000-foot altitude drop reported (R 13 05); crash site at 2496 feet. Report fingers mixture of human and technical error, airport ill equipped, serious failings in altimeter system, pilot unable to stop descent (S 17 2); Air Inter official charged with negligent homicide (S 18 2:9); Commission of Enquiry blamed Pilot Error (S 18 4:12); New case of A320 descent-rate instability identified approaching Orly, related to Air Inter crash (S 18 1:23); Final report blames crew training and interface problems (S 19 2:11)

    !Vf 1994 Toulouse A330 accident blamed on experimental SW. 7 died (S 19 4:11)

    *mf FADEC computers cause uncommanded shutdowns of aircraft engines in flight; linked to power transistor (R 21 05; S 26 1:22)

    *f Airbus A300 AA587 tail "BSD" incident, dropping 3000 feet: screens blanked for 2-3 seconds; unreliable data reset Symbol Generator Unit software changes required (R 21 96)

    *h/f? Misleading report on Air Transat A330 emergency landing in Azores, 24 Aug 2001, (R 21 93) addressed by Peter Ladkin; fuel leak not detected early enough, and other problems (R 21 94)

    !,*m(h?) Airbus A300/310 rudder problems: Air Transat 961; AA 587 out of JFK; others (R 23 79; S 30 3:23)

    * A320 flight-control computer anomalies summarized by Peter Ladkin (R 18 78)

    !*(V,etc.) Compendium of commercial fly-by-wire problems (Peter Ladkin) (S 21 2:22)

    @!!$hi Iran Air 655 Airbus shot down by USS Vincennes' Aegis system (above)

    ?h Qantas airliner challenged by US Cowpens, Aegis missile cruiser (S 17 4)

    !V(f/h/i?) Varig 737 crash (12 dead) flightpath miskeyed? (S 15 1)

    !V 707 over Elkton MD hit by lightning in 1963, everyone killed (S 15 1)

    !V$m American Airlines DC-10 stall indicator failed; power was from missing engine (S 11 5)

    !V Bird strikes cause crash of Ethiopian Airlines 737, killing 31 (S 14 2)

    !V Dominican Republic 757 crash 6 Feb 1996, cause unclear (S 21 4:13, R 17 84)

    !V BirgenAir crash at Puerto Plata killed 189 (R 17 87)

    !!V$hi Further discussion of American Airlines Cali and Puerto Plata B757 crashes (R 18 10); in Cali crash, killing 159 of 163: same abbreviated code used for different airports (S 22 1:17); in a trial, evidence was given that 95 of 8,000 navigational beacons were not included in the airline database, including Cali's Rozo (R) - see media reports 17 Apr 2000. US Federal jury allocated responsibility 17% to Jeppessen, 8% to Honeywell, 75% to American Airlines (R 20 92; S 26 1:23)

    !if American Airlines crash: simulator upset-recovery scenario predisposing pilots? (R 22 33)

    !fi EFIS failure main suspect in Crossair crash (S 25 3:17-18, R 20 78)

    !Vh 1996 B757 Aeroperu Flight 603: duct tape over left-side static port sensors? (S 22 2:22; R 18 51,57,59) Peru Transport Ministry verified this [Reuter, 18Jan1997]

    *m Failure of Embraer Brasilia aircraft electronic displays due to icing (R 22 65; S 28 4:6-7)

    *mfi Leisure International Airways A320 overran Ibiza Airport in the Balearic Islands [21 May 1998], partly due to computer failure (R 22 65-66)

    *fh Airplane takes off without pilot, flies 20 miles, crashes (R 21 84,87)

    Vm Migratory birds jam FAA radar in Midwest (R 17 44)

    m Lovesick cod overload Norwegian submarine sonar equipment (R 20 07) [Who needs a cod peace?]

    !!V Chinese Northwest Airlines BA-146 Whisperjet crashed on second takeoff attempt, killing 59; cause not available [23Jul1993] (S 18 4:12)

    !V Ilyushin Il-114 crash due to digital engine control failure (S 19 1:9)

    *V mi Dec 1991 SAS MD-81 crash (ice damaged engine) due to auto thrust restoration mechanism not previously known to exist by SAS (S 19 1:12)

    *Vf 11 cases of MD-11s with flap/slat extension problem, including China Eastern Airline plane that lost 5000 feet on 6 Apr 1993 (S 18 4:11)

    Vf/m/h? Chinook helicopter engine software implicated (S 23 3:23, R 19 51); more on the Chinook enquiry (R 21 14,18-20,22-23)

    $d RAF Chinooks: over 6 year delay; still cannot fly in clouds; "radar systems and software" won't fit in the cockpit! (R 23 31) and correction: software certification, noncompliance, more testing needed, changing operational environment (R 23 32)

    $*d UK MoD procurement risks and nonverifiable code; Chinook helicopters, software cannot be validated (R 23 80; S 30 3:23)

    *Vrh Lessons of ValueJet 592 crash: William Langewiesche in Atlantic Monthly (R 19 62,63)

    *Vf DC-9 chip failure mode detected in simulation (S 13 1)

    !!V$f Electra failures due to simulation omission of gyroscopic coupling [not overflow, as originally thought] (S 11 5:9)

    !V$f Computer readout for navigation wrong, pilot killed (S 11 2)

    *f Apollo NAV/COM air navigation software bearing up to 50 miles and 16 degrees off (R 21 53); Garmin GPS can be interpreted as off by 180 degrees (R 21 56)

    *Vhi South Pacific Airlines, 200 aboard, 500 mi off course near USSR [6Oct1984]

    *Vhi China Air Flight 006 747SP 2/86 pilot vs autopilot at 41,000 ft with failed engine, other engines stalled, plane lost 32,000 feet [19Feb1985] (S 10 2, 12 1)

    m/f B747-400 Electronic flight displays rendered inoperative (R 23 12; S 29 2:9)

    *V Simultaneous 3-engine failure reported by Captain of DC-8/73 (S 14 2)

    *Vfm Boeing KC-135 autopilot malfunction causes two engines to break off (S 16 2)

    $Vfme Design change caused short-circuit causing autopilot reset, premature separation of booster from $150 million Japanese supersonic jet model at Woomera rocket range (R 22 43)

    *Vf Avionics failed, design used digitized copier-distorted curves (S 10 5)

    *Vf Lufthansa A320 overruns runway in Warsaw; actuator delay blamed (S 19 1:11); Logic flaw in braking system; fix required fooling the logic! (S 19 2:11)

    mV A320 engine-starter unit overheats after takeoff, trips breakers, gave false thrust-reverser indications, engine control failure (S 19 2:12)

    *mfhie Lufthansa Airbus A320 incident 20 Mar 2001 on takeoff from Frankfurt (R 21 48); detailed analysis of sidestick cross-wired during maintenance (R 21 96); final report April 2003 (R 23 24)

    *V$f 727 (UA 616) nose-gear indicator false positive forces landing (S 12 1)

    *Vhi USAir 737-400 crash at NY LGA; computer interface, pilot blamed (S 15 1)

    !Vi Crash of USAir Flight 427 nearing Pittsburgh, 8 Sep 1994: see Jonathan Harr, (The New Yorker, 5 Aug 1996 (S 22 1:17)

    *V Tarom Airbus automatic mode switch escaped pilot's notice (S 20 1:16)

    *m Turkish Airbus false sensor indicating nose wheel not descended on landing (R 23 88)

    *Vf British Airways 747-400 throttles closed, several times; fixed? (S 15 3)

    *Vf JAL 747-400 fuel distribution stressed wings beyond op limits (S 16 3)

    *Vf Older Boeing 747 planes suspected of diving due to autopilot design flaw; 747-400 speed reduction of 50 knots ordered; 747-200 sudden increase in thrust, another pitched upwards; etc. (S 17 3); FAA report on possible 747 autopilot faults relating to altitude losses (S 18 3:A15)

    Vf 747 tail scrapes runway; center of gravity miscalculated by improper program upgrade (R 19 11)

    *Vf Boeing 757/767 Collins autopilot anomalies discussed (S 19 1:10)

    m Pilot fixes faulty 757 nosewheel sensor in Menorca airport (R 22 85); confusion in reporting analyzed (R 22 88-89)

    **V 767 (UA 310 to Denver) four minutes without engines [August 1983] (S 8 5)

    *Vf 767 failure LA to NY forced to alternate SF instead of back to LA (S 9 2)

    *Vm Martinair B767 Aircraft suffers EFIS failure; instruments blank (S 21 5:15)

    *V(f/m?) B777 autopilot/flight-director problems [Oct1996]? (S 22 4:29, R 18 83)

    V$ Boeing 777 landing-gear weakness; strength off by factor of 2 (R 17 04)

    *he Australian Ansett B767 fleet grounded due to maintenance breaches (R 21 17)

    *Vf 11 instrument software failures in BA aircraft in Jul-Aug 1989 (S 15 5)

    *fhi Analysis of potential risks of the Enhanced Ground Proximity Warning System (EGPWS), by Jim Wolper (R 19 56); pilots computer literacy? (R 19 57); relationship with GPS accuracy (R 19 57)

    * Missile passes American Airlines Flight 1170 over Wallops Island (S 22 1:18)

    m Fire alarms on Boeing 777 triggered by tropical fruit and frog cargo (S 22 1:17)

    M Cell phone ringing in Adria Airways luggage alarms avionics; plane returns (R 21 20)

    *m INCETE power ports in use in at least 1700 aircraft can result in exploding batteries? (R 19 94)

    m* High-flying hijinks: canine passenger sinks teeth into plane (R 20 54)

    SHf Air Canada "Jazz" airline grounded by computer virus in flight-planning computer, early Feb 2003 (R 22 54)

    Sf/h Airline boarding pass algorithm flaw: two people with the same name (one M, one F) assigned the same seat (R 22 70)

    Sh Hong Kong passenger winds up in Melbourne, despite correct boarding pass (R 22 79)

    fme Continental Airlines check-in computer foul-up (R 22 77, S 28 6:9-10)

    S* Risks of "soft walls" in avionics to keep hijacked planes at bay (R 22 79,80)

    $f Comair cancels all flights on Christmas Day 2004: configuration changes exceeded 215 for the month (R 23 63,64; S 30 2:21)

    *hi Takeoff at Logan Airport aborted: errors by pilot and controller (R 24 07)

    mV Faulty radar serving Logan leaves thousands stranded (R 24 07)

    fmhi? NTSB report on Southwest Airlines crash, Midway, 8 Dec 2005; delayed reverse thrust (R 24 15,16, S 31 3:17-18); thoughtful item from Don Norman: On learning from accidents: human error or not? (R 24 17, plus discussion, R 24 18-19, S 31 3:18-20)

    !$Vfhi The 2005 Helios B737 crash causes discussed by Peter Ladkin and Don Norman's (R 24 22); more (R 24 23-25)

    *V$m MV-22 Tiltrotor Crash after FADEC controller switch, March 2006 (R 24 26)

    fm United Airlines' 5-hour computer out(r)age in early 2006, affected all operations (R 24 14,15)

    fV Nashville airport X-ray baggage screeners offline: "software glitch" (R 24 23)

    hi TSA: Computer glitch led to Atlanta airport bomb scare, evacuation, when test item could not be located and test message indication was not delivered (R 24 27)

    fi Flight Booking System can't recognise 29 Feb for people who enrolled in a leap year (R 24 09)

    * Study on cockpit usability (R 24 18)

    *m A risk of using computers in airplanes (R 24 18)

    m Two personal occasions: airplane computers had to be rebooted (R 24 48)

    m Computer failure causing A320 power intermittent: video and lights flashing, audio system and cabin voice system failed, evacuation alarm sounded in midair ... (R 24 46)

    ..... Private plane incidents

    !Vrhi John Denver plane crash linked to unlabelled implementation change over spec: lever up for off, down for right tank, to the right for left tank; not very intuitive! (R 20 43, R 24 45)

    *hi Crossing the International dateline becomes a navigational risk for a small-plane pilot: failure to reconfigure navigation computer results in flying east, not west (R 22 78, S 28 6:10)

    ..... Airport problems

    Vm Power failure disrupts Ronald Reagan National Airport 10 Apr 2000 for almost 8 hours; backup generator failed (R 20 87)

    Vmhi Lightning causes problems for lightning-detection system in Montreal airport near-disaster (R 24 01)

    $def $200M baggage system seriously delays opening of new Denver airport (S 19 3:5); costly stopgap old-fashioned system planned in the "interim" (S 19 4:6); new software problems for incoming baggage (R 17 61); city overruled consultant's negative simulation results (R 18 66); baggage system only the tip of a huge iceberg of mismanagement, political infighting, etc., according to Bill Dow.

    $def United abandons Denver Airport baggage system to save millions in operating costs by not using it! (R 23 89, S 30 4:19)

    Vdfm$ Kuala Lumpur International Airport: Risks of being a development pioneer (R 19 68); airport opens 30 Jun 1998, but baggage and check-in systems failed for several days (R 19 84); similar events at the opening of the new Hong Kong airport a few days later (R 19 85)

    Vm Amsterdam Schiphol airport computer down for 30 minutes, major delays (R 19 85); unchecked out-of-range value (R 19 93)

    V$fe American Airlines' SABRE system down 12 hours; new disk-drive SW launched "core-walker" downing 1080 old disk drives, stripped file names ... (S 14 5)

    Vm American Airlines' Sabre system software problem down for four hours (30 Jun 1998, evening rush hour) affected hundreds of flights across 50 airlines; second crash in a week (R 19 84)

    m American Airline flights delayed due to computer crash, 29 Jan 2003 (R 22 54)

    $m Independence Air computer outage for 6 hours seriously impedes operations (R 23 48)

    $mh Computer failure grounds flights with day-long delays on American Airlines and US Airways coast to coast: human error? (R 23 47)

    f Is Windows up to snuff for running our world? Windows alert box covered up Delta Airlines display information; also related items (R 23 57,59,61,62); similar problem in a bank (R 23 58)

    *f/m/e? Computer error grounds Japanese flights 1 March 2003; flight numbers disappeared from radar screens; related to system upgrade to share flight plans with Japanese Defense Agency? (R 22 60-61)

    f/m SAS new baggage system miseries at Copenhagen Airport (R 19 97)

    m/f? Sydney Airport's new $43M baggage system fails for second time in five days (R 21 02; S 26 1:23)

    m Total primary/secondary power outage at Sydney Airport leaves 20 planes circling (R 20 94; S 26 1:22-23)

    h SAS reprinted summer airline timetables for the winter, but Internet version was correct (R 20 05)

    mh Boston airport electronic display fiasco on flight to Philly (R 19 96)

    m Airport security check powers up computer (R 20 55)

    @hfm Two human errors silenced Los Angeles area airport communications; routine reboot forgotten, Microsoft 49.7-day flaw strikes, backup system fails (R 23 53; S 30 1:14-15)

    ..... Masquerading

    *VSH 1986: Miami air-traffic controller masquerader altered courses (S 12 1)

    *VSH 1994: Roanoke Phantom spoofed ATC, gave bogus information to pilots for 6 wks, caught (S 19 2:5); out-of-work janitor pleads guilty (R 15 39)

    VSH 1996: Manchester (UK) air-traffic-controller message spoofer (UK) (R 17 44, S 21 2:21)

    ..... Other air-traffic control problems

    *h 20-foot aircraft separation near-collision over LaGuardia Airport, 3 Apr 1998, due to controller being distracted by spilled coffee (R 19 79,84) together with increased error rates and radar dropouts results in FAA ordering retraining of air-traffic controllers (R 19 79)

    mhe Aeroflot plane leaving Helsinki kept disappeared from tower radar, and had near-miss with Finnair charter, Nov 2000; newer French radar system also had other planes disappearing; problem traced to construction work at the airport! (R 21 22-23)

    fe Westbury Long Island TRACON upgrade failed test, but backup to old software backfired (R 19 79)

    *Vfm Radar blip lost Air Force One (S 23 4:21, R 19 63)

    Vm* Air Force One disappeared from the Gibbsboro NJ radar twice on 5 Jun 1998, with President Clinton en route to MIT for the commencement speech; also reported was near-collision with a Swissair 747, missed by radar, Oct 1997 (R 19 79); Air Force Two disappeared from radar, 7 Jun 1998, and the same radar failed with AF2 overhead 17 Jun 1998 (R 19 82)

    m?f? San Francisco Airport radar phantom flights (R 21 20, S 26 2:5)

    *m Faulty ASR-9 radar system failures (Boston, JFK) led FAA to inspections, discovery of 23 further cases, and remediations (S 26 4:4, R 21 29)

    f Air-traffic control woes (R 21 09, S 26 2:5-6)

    fh 2002: Rash of british air-traffic control system outages in National Airspace System (S 27 3:5, R 21 98, 22 02-03, 22 09)

    f Anecdote on a then-new European ATC center 99.99% reliable (52 minutes per year) that had already had a 20-hour down time shortly after installation: therefore it should not fail again for 25 years! It failed at 23:59 on 28 Feb (S 27 3:6, R 22 08)

    Vm Aviation near-crashes in Kathmandu (R 21 09, S 26 2:6)

    *V(m?f?) Indianapolis FAA route center running on generators for a week (R 21 11, S 26 2:6)

    *h Delta plane 60 miles off course, missed Continental by 30 feet (S 12 4)

    Vf SW fault in aircraft nondirectional beacon landing approach system (S 16 3)

    V* New San Jose CA ATC system still buggy, plane tags disappear (S 14 2)

    *Vf ATC computers cause phantom airplane images (S 16 3)

    *fe Jeppesen GPS restricted-airspace navigation database corruption (R 22 64; S 28 4:6)

    Vf West Drayton ATC system bug found in 2-yr-old COBOL code (S 16 3, R 11 30)

    *Vh Open cockpit mike, defective transponder caused 2 near-collisions (S 12 1)

    h Another open mike: couple join Mile-High Club, disrupt British air-traffic control (S 19 1:10)

    *Veh ATC equipment test leads to Sydney landing near-collision (R 20 24)

    *Vmf More ATC problems, fall 1998: New air-traffic control radar systems fail, losing aircraft at O'Hare (R 20 07); Dallas-FortWorth ARTS 6.05 TRACON gives ghost planes, loses planes (one for 10 miles), one plane on screen at 10,000 feet handed off and showing up at 3,900 feet! 200 controller complaints ignored, system finally backed off to 6.04 (R 20 07); near-collision off Long Island attributed to failure at Nashua NH control center (R 20 11); TCAS system failures for near-collision over Albany NY (R 20 11); two more TCAS-related incidents reported (R 20 12); landing-takeoff near-miss on runway at LaGuardia in NY (R 20 13); discussion on trustworthiness of TCAS by Andres Zellweger, former FAA Advanced Automation head (R 20 13)

    *f? Automation-related Reduced Vertical Separation Minima (RVSM) AIRPROX incident over the North Atlantic, despite ACAS and TCAS (R 22 19); European RVSM safety case is flawed (R 22 22)

    *def U.S. west-coast ATC woes 19 Oct 2000 (hundreds of flights affected) and 23 Oct 2000 (loss of flight plans for Northern CA and Western NV) (R 21 09; S 26 1:22)

    df$ FAA Runway Incursion System: further delays in AMASS due to excessive false alarms (R 21 60,62)

    $*fde STARS: Standard Terminal Automation Replacement Systems to replace ARTS - as of Feb 2002, more than 4 years late, $600 million over budget, "71 specific software problems that could prevent the system from operating as designed" and many questions (S 27 6:7-8, R 22 12)

    f/m? Collapse of UK air-traffic control computer (R 20 93-94); known bugs reduced from 500 to 200 (R 21 01)

    *dV Reports on UK New En Route Centre NERC for UK ATC (R 19 18,23,69); more on the NERC system crashes at Swanwick (S 27 6:9-10, R 22 12); safety and human factors (S 27 6:10, R 22 13); subsequent questions on readability of displays at the London Area Control Centre (R 22 40,44)

    $e British Swanwick ATC slowdown Jun 2004; backup recalcitrant on 30-year-old system (R 23 41,42)

    $ Discussion of NERC and STARS: COTS versus Bespoke ATC Systems (Ladkin, Leveson, S 27 6:8-9, R 22 12)

    *Vfm Review on air-traffic control outages by Peter Ladkin (S 23 3:26, R 19 59)

    *fhm, etc. UK air-traffic control problems summarized at www.pprune.org (R 21 11)

    *SHA Fake air controllers alert in UK (R 21 04; S 26 1:22)

    *h F-117 stealth fighter in near-miss with UAL jet (R 21 04; S 26 1:22)

    V(f/m?) Faulty TCAS behavior. Australian report shows two faulty TCAS cases: Jan 1998 near Hawaii, TCAS off by 1500 feet vertically, caused false maneuvers; Jun 1999 over China, TCAS had higher plane descending toward the lower (R 20 60,62);

    *Vfm Complete ATC power failure in the U.S. Northwest, 15 Jan 1999, discussion by Seattle controller, Paul Cox (R 20 19)

    *Vmh Dulles radar fails for half-hour 23 Nov 1998 (R 20 10); discussion of air-traffic control safety implications (R 20 11), and ensuing comments from a controller (R 20 12)

    *Vh Risks of runway crossings with tight takeoff/landing schedules (R 20 10)

    f Airline clock wraparound in displays: UA Flight 63 from SFO "Delayed 1 hr 39 min, Arrive Honolulu Intl 12:01am Tues Early 22 hr 35 min" (R 20 15); More United Airlines Website flight curiosities (R 20 44)

    h Accidentally enabled sex-aid vibrator in hand luggage causes bomb scare on Monarch Air flight; apparently not unusual (R 20 34)

    *Vm Air-traffic control data cable loss caused close calls (S 10 5)

    V$SHm Attack on fibre-optic cables causes Lufthansa delays (S 20 2:12)

    VmM Display lasers affect aircraft: pilots blinded over Las Vegas (R 17 55)

    *VM More on EMI and RF interference from passenger devices in aircraft systems (Ladkin) (R 19 24); still more, including discussion of Elaine Scarry article in 26 Sep 2000 The New York Review of Books( and follow-ups (R 21 04,08,11)

    VSfM Case of GPS jamming of Continental flight by failed Air Force computer-based test (R 19 71) more on GPS jamming/spoofing: British Airways flight lost all three GPS systems while French military was testing jammers; Continental DC-10 lost all GPS signals while Rome Lab was experimenting with jammers (R 19 74,85)

    Vf/h? GPS kills 8 in air (R 20 44-45) and radar-assisted collisions (R 20 45)

    @*VM Cell-phone linked to London to Istanbul crash-landing? (R 19 34,36,37)VM Australia's Melbourne Airport RF interference affected communications, traced to an emanating VCR! (R 17 44)

    *VM Osaka Int'l Airport's radar screens jammed by TV aerial booster (S 12 3)

    *m Plane diverts after erroneous 4-digit hijack alert (R 23 89-91)

    *M Cellular telephone activates airliner fire alarm (S 14 6)

    Vfmhi? Aviation Risks using Windows NT avionics systems (S 23 3:27, R 19 46)

    *Vfi Flawed ATC radars: planes disappear from screens; other problems (S 12 1)

    hi Controller screwup causes NW 52 to Frankfurt to land in Brussels (R 17 38,40)

    *Vdef Risks in the new Sydney airport control system (R 17 43)

    *m Computer outage in Concorde leads to rocky nonautomatic landing (S 12 4)

    *Ve British ATC 2-hr outage, 6-hr delays: faulty HW/SW upgrade (S 12 1) Computer problems down FL ATC, slow airline flights in Southern U.S. (S 19 1:11)

    *Vfmd Air-traffic-control snafus in Chicago, Oakland, Miami, Washington DC, Dallas-FortWorth, Cleveland, New York, western states, Pittsburgh! (S 20 5:12); Another Oakland airport radar outage 28 Nov 1995, two hours (R 17 49)

    V*fm Philadelphia airport radar problems, May 1999 (R 20 42) More radar glitches at Philadelphia airport 10 Mar 2000 (S 25 3:18, R 20 84)

    Vhm Brief KC power outage triggers national air-traffic snarl (S 23 3:23, R 19 51)

    Vhmm Air traffic control snafu around LAX: pickup truck caused power outage, backup power failed, 18 Jul 2006 (R 24 35, S 31 5:17)

    !Vm New York air traffic slowed for 10 hrs by construction contamination (R 19 41)

    *f Fall 1998 air traffic control upgrade problems: New Hampshire (R 19 93), Salt Lake ATC (R 20 05); Dallas-FortWorth ARTS 6.05 (S 24 1:31, R 20 07), Chicago (R 20 07)

    Vm Effects on automated traffic controls of plane crashing into 500Kv power line near Cajon Pass; more than 1000 traffic lights out (R 19 29,30); earlier effects of power failure in Perth (R 19 30); risks of major outages (R 19 32,33)

    *Vhe Southern Cal plane crash due to software change? (S 12 1)

    *Vmf Alaskan barometric pressure downs altimeters; FAA grounds planes (S 14 2)

    *Vfm FAA Air Traffic Control: many computer system outages (e.g., SEN 5 3, 11 5), near-misses not reported (S 10 3:12)

    *Vf ATC computer system blamed for various near-misses, delays, etc. (S 12 4)

    *Vhi Air-traffic controller errors. O'hare near-miss: wrong plane code (S 12 3)

    V(f/m/h?) 2 jets in near-miss approaching LAX; Brazilian VASP MD-11 pilot blames autopilot, others blame pilot (R 19 10)

    *Vh F-16 incidents, TCAS: 4 separate risky military approaches (S 22 4:28, R 18 83)

    *V$fm FAA report lists 114 major telecom outages in 12 months 1990-91; Secretary Pena blames air-traffic woes on computer systems (S 19 4:11) 20 ATCs downed by fiber cable cut by farmer burying cow [4May1991] (S 17 1); Kansas City ATC downed by beaver-chewed cable [1990] (S 17 1); Other outages due to lightning strikes, misplaced backhoe buckets, blown fuses, computer problems (S 17 1) 3hr outage, airport delays: Boston unmarked components switched (S 17 1) More on the AT&T outage of 17Sep91 noted below (5M calls blocked, air travel crippled, 1,174 flights cancelled/delayed) (S 17 1)

    fh WashingtonDC air traffic slowed 11 Jun 1997: old wiring error (S 22 5:13)

    V$fe SW bug downs Fremont CA Air Traffic Control Center for 2 hours [8Apr1992]; 12 of 50 radio frequencies died [17Apr1992], reason unspecified (S 17 3)

    V$d New Canadian air-traffic control system SW problems, system late, it crashes, planes flying backwards, frozen displays, no radar,... (S 17 4)

    *Vm NY Air Route Traffic Control Center computer failure (S 21 5:15)

    *Vef Computer glitches foul up flights at Chicago airports (S 24 4:26,R 20 38)

    @See below, general telephone problems that affected traffic control.

    *$ Discussion of the implications, needs for oversight, assurance (S 17 1)

    *V$m FAA ATC computers in Houston down for 3 hours; long delays (S 12 2)*

    *V$rm El Toro ATC computer HW fails 104 times in a day. No backup. (S 14 6)

    Vhfm Accidental power outage affects Pacific Northwest air traffic (S 21 2:21)

    Vm Dallas-FortWorth ATC system power outage affects southwest (R 17 40)

    Vm Las Vegas approach radar outage (R 17 41)

    *V$m London ATC lost main, standby power, radar; capacitor blamed! (S 12 2)

    *f London ATC goof - US ATC program ignores East longitude (S 13 4)

    *f Software misdirects air-traffic controller data in Boston (S 13 4)

    @d New £300 million UK air-traffic control system confronts complexity (S 22 1:18)

    *Vh Commercial plane near-collisions up 37.6% in 1986; 49 critical (S 12 2)

    *H Radar center controllers (So.Cal) concealed collision course info (S 12 2)

    *V Jetliners in near-miss over Cleveland; wrong freq assigned, neither plane in contact with controllers (S 16 4)

    *Vid Complexity of the airplane pilot's interface increasing (R 18 63)

    *V Computer errors involved in plane crashes? (Aftonbladet) (R 18 65,66)

    * Problems with below-sea-level aircraft altitudes (R 18 72,74)

    h Plane takes off, flies for two hours, without pilot (R 19 47)

    *Vf `TCAS Sees Ghosts' (see IEEE SPECTRUM, August 1991, p.58) (S 16 4); Traffic Alert Collision Avoidance System blasted by ATC people (S 17 1); See also relevant discussion on human errors by Don Norman (S 17 1:22)

    Vih? TCAS related collision-avoidance mistake discussed (S 18 1:24)

    *f Air-traffic controller reports on potential TCAS problem (S 18 3:A15)

    Vf TCAS blamed for near collision over Portland WA; previous reports of phantom planes and misdirected avoidance maneuvers (S 19 2:12); Followup report (S 19 3:9)

    *f?/+ TCAS incidents: northwestern U.S., Tehran (S 20 5:13)

    ? Discussion of TCAS near-miss in Southern Calif. (R 19 55,56)

    !Vhimf South German mid-air collision over Lake Constance, 1 July 2002: TCAS told Russian plane to climb, Swiss controller said descend; plane crashed into DHL plane whose TCAS had prompted descent; discussion in RISKS whether to listen to TCAS or the controller! 71 dead (S 27 6:6-7, R 22 15,18, Ladkin analysis R 22 19) Listen to TCAS, not the controller (R 23 19); later analysis; air-traffic controller subsequently stabbed to death (R 23 23,25)

    *m TCAS RA incident in UK airspace; faulty transponder off by 500 feet (R 23 72; S 30 3:23)

    *m Analysis of automation-related AIRPROX incident: loss of separation between A330 and A340 operating under RVSM over the Atlantic, 2 Oct 2002; turbulence, TCAS limitations, etc. (R 23 19)

    *Vf Chicago's O'Hare Airport radar lost planes, created ghosts (S 17 1)

    *h GAO faults FAA for inadequate system planning in Los Angeles area (S 15 5)

    $ FAA drops navigation system contract (S 21 5:16)

    *Vhi Four 1986 British near misses described - all human errors (S 12 2)

    *Vf/m? Leesburg VA Air Traffic primary, backup systems badly degraded (S 15 1)

    *Ve? DFW ATC 12-hour outage after routine maintenance (S 15 1)

    *V$ Computer outages force delays in So. Cal, Atlanta (S 12 2)

    Vm Winnipeg rodent blows transformer, blacks out air-traffic control (R 23 61)

    * Macaque reaches 747 cockpit controls; monkey loose on Cosmos 1887 (S 12 4)

    $ Travicom computerized air cargo system withdrawn; £5M lost (S 12 2)

    $H Computer hides discount airline seats from agents; lost sales (S 12 2)

    $f Pricing program loses American Airlines $50M in ticket sales (S 13 4)

    f,h,i Ordering airline tickets on-line: Nonatomic transaction gave tickets but no reservation (R 19 27); name confusions on e-tickets, with similar names (R 19 28) and identical names (R 19 29)

    $d American Airlines reservation system SW woes adding cars, hotels (S 17 4)

    V$m Power outage causes Australian airline reservation system "virus" (S 13 3)

    f Delayed DoT airline complaint report blamed on computer (S 12 3)

    $ First-day snafu at new Pittsburgh Airport; BA luggage uncoded (S 18 1:25)

    Vm Hong Kong Flying Service computers corroded by hydrogen sulphide (R 19 41)

    $f*h British Air 10M-pound inventory system loses parts, earnings, convictions, user confidence, nearly causes deaths, and costs legal expenses (S 18 1:9)

    *?f?V? Out with pilots, in with pibots in our national airspace (R 21 96), and flocking algorithms (R 22 01)

    deS? F-35 fighter jet too reliant on foreign software? (R 23 13)

    hi+ Orientation of instrumentation to highlight normal operating conditions in aircraft and submarines (R 23 26,27)

    *SHf Korean Airport subject to hackers, viruses, worms, etc. (R 23 53; S 30 1:12-13)

    1.7 Rail, Bus, and Other Public Transit

    !(h?) German driverless Transrapid maglev train crashes at 200 mph on test track in Emsland, killing 23; crash-proof car crashed into a non-maglev maintenance car (R 24 44, S 31 6:21-22), more (R 24 45)

    ! US railroad uses Wi-Fi to run 'driverless' trains (R 23 05; S 29 2:8); Union Pacific worker killed by locomotive he was operating remotely (R 23 07; S 29 2:8); Caltrain railroad accident results from deactivated crossing gate (R 23 08; S 29 2:8)

    !Vmh Driver killed by unanchored ballast simulating passengers in test of "computer-controlled" AirTrain to JFK intentionally on manual around a curve; damage to the train and to 150 feet of concrete wall as well; blame went to the driver, not the ballast that killed him! (R 22 37)

    !h Metra Rail accident in Chicago (R 24 05; S 30 6:17)

    f JFK AirTrain passengers end up at storage yard instead of airport (again) (R 23 28)

    !Vh 42 die in Japanese train crash under manual standby operation (S 16 3)

    !$Vm Loose wire caused Britrail Clapham train crash, 35 killed (S 14 6)

    !!$Vhi Canadian trains collide despite "safe" computer; 26 killed (S 11 2) Report by A.M. Smiley of Human Factors North (Toronto) blames freight-train engineer for running red signal (TNX to Mindor Sjaastad)

    *Vmh Rail Canada train derailed 3 Sep 1997; early warning alarm ignored by untrained crew, who disconnected it (R 19 94-95,97)

    !Vh Southern Pacific Cajon crash kills 3; tonnage computations wrong (S 14 6)

    !Vm Cannon St train crash in London, 1 dead, 348 injured, brakes failed (S 16 2)

    !Vm Kings Cross passenger trapped in automatic door, killed; no alarm (S 16 2)

    !V*h London commuter train crash out of Euston Station, 8 Aug 1996 (S 22 1:18)

    V!*h Ladbroke British train collision, Oct 1999; driver ran red Signal 109 (R 20 59-60, 62-63)

    *V(r?f?) London underground train went 4 stops with fail-safe doors open (S 16 2)

    *Vrf London Docklands Light Railway crash; protection system incomplete (S 12 4)

    m/f? U.K. computerized train from London halted in Chester countryside, ran through the entire set of remaining audio station announcements, tried to open the doors, issued false warning of fire; recycling all power for 10 seconds enabled the computer and train to reboot (R 21 47); new computerized Amtrak locomotives require 10 minutes to reboot, while 30-year-old Long Island RR electric trains seem fine (R 21 48);

    Vfe Oyster card fault causes problems on London Underground and Docklands Light Railway; failure in system for updating revocations (R 23 79; S 30 3:29)

    *f Flawed braking algorithm causes UK Pendolino trains to overrun stops in West Coast Main Line (R 23 63; S 30 2:17-18)

    * Discussion of completely automated train controls (R 21 82-83)

    *mfdei New `Heathrow Connect' trains do not want to go to Heathrow due to signal fault; scheduling problems with high- and low-speed trains; also braking problems, incorrect automated announcements; lengthening trains requires return to Siemens factory (R 23 91-92; S 30 4:23)

    f/m?V Unmanned Rotterdam Parkshuttle system suspended after collision (R 24 12)

    *Vh DLR unmanned trains crash under standby manual control (S 16 3)

    e DLR train stopped at station not yet built to avoid changing SW (S 16 3)

    *hf London Underground wrong-way train in rush-hour (S 15 3)

    *fh London Underground train leaves ... without its driver (S 15 3)

    *h South Wales train leaves without driver (R 22 26)

    *fh Another London Underground driver leaves train, which takes off (S 19 2:2)

    @SH London Underground hacked by insider posting nasty messages (R 17 36)

    *h 1928 British rail interlocking frame problem revisited (S 15 2)

    *f British Rail signalling software problems, trains disappear (S 15 5)

    *Vm Leaves on track cause British Rail signal failure (S 17 1)

    m Flat train wheels in 124 cars in NY/NJ: oily leaf residue (R 24 47, R 24 51, R 24 52)

    $ Britain's Network Rail faces unlimited fine over 16 safety breaches (R 24 46)

    *Vf Removal of train's dead-man's switch leads to new crash cause (S 17 1)

    *f/h? Severn Tunnel rail crash (100 injured) under backup controls (S 17 1)

    Vfm Elbtunnel computer crash causes monster traffic tie-ups (R 23 95; S 30 4:23-24)

    f/m Berlin tunnel control fail-safe test fails totally; tunnel closed for five hours during rush-hour (R 24 09); Computer problem closes Berlin tunnel again (R 24 34, S 31 5:17-18)

    V*fm Intercom hang-up caused 1997 Toronto train collision, 19 Nov 1997; 50 hospitalized; "dwarf signals" (R 20 49)

    !f Aasta trains crashed, killing 19, 4 Jan 2000; safety-critical error; report leaves uncertainties; considerable discussion (R 21 28,30,32,36)

    !Veihh Head-on train collision in Berlin killed 3, injured 20; track controls mistakenly set to one-way traffic, overseer overrode halt signal (S 18 3:A3)

    !Vm German high-speed train disaster Jun 1998 and implications; automated system with inadequate sensors and overrides (R 19 80,81,83,89)

    Vfm Berlin new automated train switching system (Siemens Generation C) fails from the outset of its use (R 19 77)

    Vf Berlin S-Bahn stopped by switching SW stack overflow (S 22 2:19, R 18 55)

    Vm Berliner S-Bahn power outage took out three switching computers, shutting down train traffic for 2:25 (R 22 53, S 28 3:5)

    hi Near-disaster on a French RER commuter train (R 22 92: S 29 2:8-9)

    *feh NY City subway crash due to operator, outdated parameters (S 20 5:8)

    *m Runaway train on Capitol Hill (S 24 3:26, R 20 13)

    *fm Runaway remote-controlled coal train plows into NIPSCO generating station; and earlier accidents; system not designed for these trains (S 27 3:6, R 21 94)

    m Computer crash freezes train traffic in 8 US states (S 20 3:8)

    $Vdef Stack overflow shuts down new Altona switch tower on first day (S 20 3:8)

    m Paper-clip causes hard-drive overflow, triggering traffic-control computer failure stopping trains in south Finland for an hour (R 19 10)

    * Train Accident in China due to safety systems known not to work (S 17 1)

    *m Control faults cause Osaka train to crash, injuring 178 (S 19 1:4)

    *f Sydney train system traps man's leg (R 21 01)

    VMf$ Sydney's new Millennium trains put on hold by electrical signal interference problems; very complex system with other problems as well (R 22 68-70)

    f/m? Computer glitch causes severe train delays in Melbourne (R 20 48)

    *m Melbourne's computerised train brakes fail (R 24 47)

    * Three of Australia's major railway routes blocked: single track; similar problems in Canada; `dark track' in the U.S. with no signals (R 24 46)

    Vm Electrocuted snake cancels 34 trains in northern Japan (R 19 88)

    *h Japanese bullet-train drivers must wear hats; driver with missing hat left his seat, and train kept running (R 21 27)

    *h Japanese bullet train driver falls asleep at the controls, fails to push confirmation button and brake; automatic brake worked (R 22 60)

    $*f Japanese bullet trains with faulty software speed controls, not detected in test runs (R 23 84)

    Vm Zürich main railway station outage due to control center failure (R 23 70; S 30 3:24)

    *hi Amtrak mainline train collision in Maryland, Feb 1996 (S 21 4:13)

    Vf/m? Amtrak ticket system breaks down (S 22 2:19)

    $dmfhV Amtrak's high-speed Acela trains sidelined for many months; million-mile brakes don't last, just enough spare parts to keep one train going; deeper problems as well (R 23 85,87)

    $mfV Amtrak halted by propagating power failures; Jersey Transit and BaltoWash MARC trains also affected (R 24 29, S 31 5:16)

    Vrm Hurricane Floyd had widespread effects, Amtrak operations center problems in Jacksonville affected trains in Eastern Seaboard, Chicago, Michigan; also DC commuter rail (R 20 58); ISDN lines, ATMs, EDS (R 20 62); nationwide AT&T cellphone service interruptions (R 20 59);

    f CSX crew spots problem signal, averts collision; insulation problem? (R 21 04; S 26 1:20)

    f/m Train-ticket vending machine bogus tickets; innocent victim harassed (R 19 20)

    f Train reservation process confuses city codes and airport codes (R 21 51)

    Vm Swedish central train-ticket sales/reservation system and its backup both fail (R 20 05)

    e Upgrade to Guildford Station (Surrey, UK) software disables hundreds of train tickets for automated gates (R 20 94: S 26 1:20)

    !i Washington D.C. Metro crash kills operator (S 21 4:13)

    Vmf Washington D.C. Metro Blue Line delay 6 Jun 1997; system+backup failed (R 19 22)

    $ef DC Metro discovers flag-day issues with changeover in SmarTrip payment systems (R 23 44, update in R 23 46)

    f/m/hi? Woman summoned to court over unread Oyster transit payment card (R 24 08)

    Vmfe Computer crash impacts Washington D.C. Metro (S 23 3:25, R 19 50)

    Vf/m? Computer problems foul up the Washington D.C. Metro system; graphics system froze (R 20 60)

    fi D.C. Metro can't label rerouted holiday trains on 4 Jul 2000: confusion (R 20 95; S 26 1:20)

    mf Computer graphics system crash stalls D.C. Metro (S 26 4:4, R 21 36)

    mf D.C. Metro computer crash leaves disabled riders stranded (S 26 6:9, R 21 44)

    *h Atlanta MARTA commuter train jumps track, injuring 19 (S 21 5:14)

    *f LIRR trains fail to trigger computerized crossing gates (S 22 1:18)

    m Lightning knocks down wall of an English pub, and closes fail-safe railroad crossing that blocked fire engines (R 19 72)

    Vfm Computer crash shuts down Taipei subway (S 21 5:14) Note: Matra made software for both Ariane5 and Taipei subway system (S 21 5:15)

    V$mf Swiss locomotives break down in cold weather; SW fails (S 20 2:11)

    h Swiss train disappears from tracking system (S 26 6:9, R 21 42)

    Vm Single point of failure in self-generated power paralyzes Swiss Railsystem for 3 hours 22 Jun 2005 (R 23 92; S 30 4:22-23)

    *f Flaw discovered in Swedish rail control system after near miss (R 19 22)

    fh Union Pacific merger aftermath: gridlock, lost trains (S 23 1:11, R 19 41)

    * Japanese railway communications jammed by video game machines (S 12 3)

    * Japanese train doors opened inadvertently several times; EMI? (S 12 3)

    *(m/f?) Caltrain Baby Bullet train runs with door open between stops (R 23 87)

    *f SF BART train doors opened between stations during SF-Oakland leg (S 8 5)

    f SF BART automatic control disastrous days of computer outages (S 6 1)

    *V$m BART power mysteriously fails and restores itself 5 hours later (S 12 3) battery charger short and faulty switch subsequently identified (S 12 4)

    m BART ghost train, software crash, 3 trains fail, system delays (S 22 2:19)

    f BART ghost trains; 567 cases in two years (R 20 31-32)

    defV$ Three days of San Francisco BART upgrade crashes; backup failed as well (R 24 23)

    $dh $80M automated BART train-control system mothballed (R 24 33, S 31 5:17)

    f SF Muni Metro: Ghost Train recurs, forcing manual operation (S 8 3)

    f SF Muni Metro: Ghost Train reappears; BART problems same day (S 12 1)

    mM San Francisco Muni adds new communicating streetcars, has to remove old ones blocking comms to increase service (R 19 95); Muni driver leaves car, which went on driverless! (R 19 95)

    hi Grenoble streetcar ticket machine welcomes you to London if you select English language interactions (R 24 07)

    *fm Chunnel has ghost trains, emergency stops (due to salt water?) (S 20 3:9)

    Vf Phantom trains down Miami's Metromover inner loop for 2 days (S 20 5:8)

    $*H SF Muni Metro crash; operator disconnected safety controls (S 18 3:A3)

    $d Washington D.C. Metro stops payments on troubled computer (S 23 4:21)

    h LA Rapid Transit District computer loses bus in repair yard (S 12 2)

    $f LA RTD phantom warehouse in database "stores" lost parts (S 12 2)

    fhi Analysis of the Chicago train/bus crash (R 17 43)

    *Vm Water seepage stops Sydney automated monorail computer controls (S 13 4)

    Vfh Daylight savings time changeover halts train for an hour (S 15 3)

    if Amtrak's on-line trip planner suggests Portland to Seattle via Chicago and LA (R 23 20,22)

    m Risks of the modern train: lots of inconveniences (R 20 54)

    @$dmf Las Vegas monorail big development delays; drive-shaft fell off; flaw in train spacing software (R 23 37; S 29 5:14)

    f Sydney trains disrupted by unknown software glitch, stranding passengers for two hours (R 23 35; S 29 5:14)

    mfhi UK New Southern Railway passengers trapped in trains for up to 45 minutes in new cars; software uses GPS-based detectors to detect trains stopped at station platforms with not-excessive train length; drivers apparently not trained to override (R 23 52); is GPS accurate enough for this? (R 23 53)

    *mh Amtrak railroad signal failure (R 23 54)

    SHVf Risks of British Rail using satnav/GPS to keep trains running on time; overkill? (R 23 71,72); related risks revisited (R 23 78,82)

    hf- Railway map in error omits Colne to Skipton line, which was then discontinued rather than admit the map error! (R 24 27)

    1.8 Ships

    $*f Puget Sound ferry computer failures - 12 crashes; settlement vs builder $7 million; cost of extra $3 million for manual controls! (S 12 2); Electronic "sail-by-wire" replaced with pneumatic controls (S 15 2)

    $fi Ship runs aground; reverse-logic steering problem? (S 15 1)

    *hi Canadian ferry crew Queen of The North didn't know how to use ECS display software; ferry sinks (R 24 33, S 31 5:17)

    m Royal Majesty runs aground due to GPS antenna failure (S 20 5:8)

    *hi Risks of ships relying on GPS-based systems (R 24 03)

    *f Hard-left cruise-ship's autopilot blamed for sharp turns (S 26 6:10, R 21 41)

    !$ Trawler Antares sunk by submarine; computer showed 3mi separation (S 17 4)

    *$rh? QE2 hits shoal; 1939 charts off by 7 feet? (S 17 4)

    M GPS on M.V. Manatoulin cargo ship failure traced to interference from the captain's TV antenna (R 19 90)

    (+/-) GPS is killing lighthouses (R 23 70) [risks of trusting technology, not your own eyes]

    m/h? Computer-controlled ballast tanks tip drydocked ship, both ways! (S 17 4)

    *f/m Apparently uncommanded rudder movement in cruise liner injures passengers (R 22 64; S 28 4:6)

    $*hhh Computer override backs Australian frigate onto rocks (R 23 71; S 30 3:24)

    f Titanic photo expedition control program erratic (S 11 5)

    ..... Roller-coaster accidents and risks

    !Vhmie Two loose screws cause death of Disneyland Big Thunder Mountain roller coaster rider (R 23 05; S 29 2:8)

    *m? 42 Japanese injured in roller-coaster car crash (EMI?) (S 12 3)

    *$f Computer-controlled Worlds of Fun roller coaster trains collide (S 15 3)

    *$f Dorney Park roller coaster crashes; same design flaw, builder (S 18 4:2)

    * Roller Coaster controls balance scariness and safety? (S 15 5)

    *e Astroworld ride jams at top with reporters; untested SW change (S 16 3)

    *f Blackpool roller-coaster (1) fault traps 30; (2) 2 trains collide (S 19 4:5)

    *fm Malfunction shuts down computer-controlled British Airways London Eye amusement park ride; also, a carnival ride with blue screen of death just before rapid descent (S 27 3:6, R 21 93-94)

    +? More on making roller coasters idiot-proof: automation (R 19 93)

    *? A new approach to roller coasters: RoboCoaster Windows-based self-programmed personalized rides, with six axes, 1.4 million combinations; all safe? (R 22 89, S 28 6:8); controls separated (R 22 94)

    fm Universal Orlando Incredible Hulk Coaster gets stuck (R 23 69; S 30 3:29)

    1.9 Automobiles

    !hi Driver kills cyclist while trying to save Tamagotchi virtual pet on her key ring (R 19 67)

    !$h Wilson (draw)Bridge warnings not set, truck plows into car (S 17 1); See relevant discussion on human errors by Don Norman (S 17 1-22)

    !$f? Mercedes 500SE with graceful-stop no-skid brake computer left 368-foot skid marks; passenger killed (S 11 2)

    Hf Mercedes brake test: unworkable demonstration rigged (R 24 11)

    !$f? Audi 5000 accelerates during shifting. 2 deaths. Microprocessor? (S 12 1)

    SHAOf Car computer systems at risk to viruses (R 23 96, R 24 01; S 30 6:21)

    *f? High-voltage hybrid vehicles may be hazardous to rescuers' health? (R 23 35), clarification (R 23 36)

    !*hi D.C. red-light cameras fail to reduce accidents, despite increased violations (R 24 06)

    *hi Car and van collide; handicapped-equipped Dodge controls rendered inadequate by handicap (R 24 06)

    *$f? Microprocessors in 1.4M Fords, 100K Audis, 350K Nissans, 400K Alliances/ Encores, 140K Cressidas under investigation (S 11 2)

    fmM More on risks of microprocessors in cars (S 16 2)

    *V(f?) Saturn auto assumption cuts off engine at high speed (R 21 10); Nissan also (R 21 13)

    *fm Formula 1's string of control-system failures (R 21 48,49)

    *SM Sudden auto acceleration due to interference from CB transmitter (S 11 1)

    *M Sudden acceleration of Dutch bus commonplace: interference (S 23 1:11, R 19 40)

    M GM sudden acceleration (31 deaths, 1121 injuries between 1973 and 1986) linked to EMI in court; Audi cases still suspected; cars less protected than aircraft (R 19 38); note from Adam Cobb in Australia (R 19 42)

    *m Runaway Pontiac Sunfire racing out of control, rescued dramatically (R 23 33-34)

    m? Runaway truck locked at 60mph for 140 miles; driver wants to sue manufacturer (Sorcerer's Apprentice in the Driver's Seat?) (R 24 05; S 30 6:17)

    *fm Hour-long runaway Renault regulator, speed reaches 125mph; solution: pull out the electronic card (R 23 56)

    *fhi Another near-disaster due to vehicle automation; accelerator jammed at 130mph (R 24 25,29)

    fm 2004/early-2005 Prius cars shut themselves down at speed (R 23 87; S 30 4:24)

    *i Handicapped's gas pedal on left side of car leads to 3 injuries (R 22 90)

    M Remote-control car starter also controls car doors, turns on heater, defroster, or air-conditioner, up to 400 feet away (R 19 37)

    *fmi The dangers of remote start on a car with manual transmission (R 22 90)

    *fm MS Windows crash traps Thai politician in BMW (R 22 73, S 28 6:11)

    @*fM Keyless remotes to cars suddenly useless (R 23 45)

    *f/m [but not human error] Fire truck with electronically controlled all-wheel drive auto-steers itself into tree (R 23 30; S 29 5:14)

    *fh Two Opticon-enabling fire trucks collide (R 23 34)

    f(i?) BMW under GPS navigation driven into Havel River (R 20 14)

    Shi French motorist obeys GPS navigation, makes U-turn into traffic (R 23 62)

    fhi More risks of in-car GPS navigation (R 24 10-14)

    i?h?f? Man trusting in-car computer directions to meeting in York in NE England arrested for speeding, banned from driving; computer had directed him to small village in NW near Manchester (R 22 37)

    M Swedish policeman's handheld digital radio triggered his car airbag, which hit him with the radio unit (R 19 43)

    SM Cell phones can interfere with auto systems (R 19 63)

    SM Czechs ban mobile phones in gas stations (interference) (R 19 68-69)

    Sf Denver car-emission testing program bypass (S 21 4:17, SAC 14 3)

    f Connecticut automobile emissions test readings in error; propane measured instead of hexane (R 23 28)

    f Auto onboard emissions chip major malfunction (R 24 19)

    $f Toyota smog-warning computer lawsuit (R 20 48)

    f Germany to rely on on-board diagnostics for vehicle emission checks (R 21 15, S 26 2:7)

    f$ Emissions software glitch falsely fails hundreds of older cars in Atlanta (R 20 04)

    *? Fly-by-wire SAAB: joystick, no mechanical linkage, keyboard, screen (S 17 3)

    *Vefm Jaguar loses all power due to faulty car phone installation (S 15 5)

    *f 1986-87 Volvos recalled for cruise-control glitch (S 13 3)

    *f Renault cruise-control failures? car won't slow down (R 23 81; S 30 3:25)

    * General Motors recalls almost 300K cars for engine software flaw (R 18 25)

    f*$ General Motors recalled almost one million cars (1996-97 Chevies, 1995 Cadilacs) for undesired airbag deployments; Chevy fix involved software change (R 19 85)

    *f$ GM recalling around 127,000 Chevrolet Corvettes for program flaw (R 23 18)

    *f GM recalls 12,329 Cadillac SRX for anti-lock brake flaw (R 23 30; S 29 5:14)

    m Sony recalls 40,000 more Vaio PCs due to defective power supply (R 22 70)

    - Comments on software explosion in new automobiles (S 22 2:23)

    *H Home-reprogrammed engine micro makes 1984 Firebird into race car (S 12 1)

    SH Hacking of car engine computers reaches Australia (S 13 4)

    *f Anti-skid brakes and computer controlled race cars? (S 12 1)

    *Vrf Car with computerized steering loses control when out of gas (S 12 4)

    *Vf Non-fail-safe power-outage modes - car locks (S 13 1)

    *Vrm Experimental semi-truck micro died (EMI) when near airport radar (S 12 1)

    *$f El Dorado brake computer bug caused recall of that model [1979] (S 4 4)

    i?m?f? Ford/VW/Nissan cars with Microsoft dashboard Windows PCs (S 23 3:25, R 19 54)

    *$f Ford Mark VII wiring fires: flaw in computerized air suspension (S 10 3:6-7)

    *Vf Cadillac recalling 57,000 cars for headlights-out computer problem (S 12 3)

    * Computerization of the automobile continues apace (R 23 76; S 30 3:27)

    V$f Oldsmobile design lost: hard disk wiped, backup tapes blank! (S 12 4)

    f GM blames smelly Astros and Safaris on faulty computer fuel mix (S 13 4)

    *mh Computer blamed for unbalancing of tires (S 14 6)

    $drf Computer traffic/revenue model problems delay Denver highway (S 17 3)

    m True Value 500 lap-counters in 5 cars fail during race; no time for backup (S 22 5:13)

    *m Automated Pentagon car barrier hoisted limousine, injuring Japanese Defense Minister and five others, Sep 1998; faulty sensor (R 19 97); same gate malfunctioned, Aug 1990, injures German defense attaché and American aide (R 21 06; S 26 1:26)

    *f Problems with the Wide Area Augmentation System (WAAS) (S 25 3:17, R 20 84)

    f Amusing parts inventory system overshoot: bits needed to remove spot welds from one car by one person required purchase of entire stock of drill sets each weekend for 3 months; result: predictive system ordered many hundreds! (S 27 3:10, R 22 05)

    $(+/-) Integrated Project Control System: the smart highway (R 22 01)

    1.10 Motor-Vehicle and Related Database Problems

    !!h Bus crash kills 21, injures 19; computer database showed driver's license had been revoked, but not checked? Also, unreported citation (S 11 3)

    !P Stalker obtained address of TV actress Rebecca Schaeffer from Calif DMV DBMS, and murdered her, July 18, 1989; new regulations on DB access: notify interrogatee, then delay response for two weeks (S 14 6, R 9 18)

    $SP Misused (25% of sample) computerized Calif auto registration info (S 16 4)

    SHI 24 California DMV clerks fired in fraudulent license scheme (S 23 1:14, R 19 27)

    SP California DMV online database reveals too much (S 27 3:13, R 22 05)

    @California DMV fosters identity theft: 100,000 of 900,000 duplicate license requests in 1999 were fraudulent! (R 21 07; S 26 1:34)

    *SH California Ex-DMV worker admits altering driving records for money (S 17 1)

    $SH Personal misuse of motor vehicle data by London policeman (S 17 1)

    $SPH Iowa theft ring misusing license plate info, busted (S 18 1:19)

    *SH British auto citations removed from database for illicit fee (S 11 2-4)

    $SH Father's desktop publishing used for bogus drivers' licenses (S 18 3:A8)

    P Risks of stored digitized photos on drivers licenses (S 19 1:9)

    $f California DMV computer bug hid $400 million fees for six months (S 11 2)

    $f Toronto motor vehicle computer reported $36 million extra revenue (S 11 3)

    Vef NJ DMV computer system upgrade crashes on first live use (R 19 80)

    hP NY State DMV accidentally cancels auto registrations (R 21 15, S 26 2:7)

    hi Audit shuts down Minnesota car license website; previous warnings ignored (R 23 85; S 30 4:24)

    V(m?e?) Massachusetts Motor Vehicle computer down after maintenance (S 14 6)

    ef Massachusetts new online renewal system issues ID cards instead of drivers' licenses to 3,600 drivers (R 22 35)

    f Alaskan DMV program bug jails driver [Computerworld, 15Apr1985] (S 10 3:13-14)

    f? Parisian computer transforms traffic charges into big crimes (S 14 6)

    $ Georgia vehicles stopped as stolen; new tags match old ones (S 15 3)

    $f New California DMV computer system issues large erroneous bills (S 16 1)

    $e SW patch adds $10-30 to 300,000 auto tax bills in Georgia (S 19 3:5)

    $ Chicago cars get erroneous tickets for illegal parking (S 15 3)

    $h 1000 IL residents dunned for bogus parking violations (S 15 3)

    $f NYC parking violations computer issues many bogus bills per year (S 15 5)

    f Computer glitch mails Mass. driver's licenses `en masse' (S 22 4:29, R 18 83)

    f NJ DMV computer changes drivers' names to "Watkins Leasing Co." (S 12 3)

    $ NSWales computer deregisters ALL police cars; unmarked car scofflaw (S 15 2)

    i Mileage input default problem in Ill. exhaust emission enforcement (S 17 2)

    $fd California DMV system upgrade botched; $44.3M deadend (S 19 3:5)

    dehi German registration offices new Meso software system cutover failed (R 24 08)

    m Computer crash caused loss of scheduled taxi cab pickups (R 20 98; S 26 1:20)

    *f Fire engine startup risks: computer-controlled engine requires minutes to reset (R 23 50)

    hi Massachusetts mileage sign errors (R 24 08)

    ..... Automated highways:

    * Human risks in IVHS automated vehicles (R 19 08,10,11)

    1.11 Electrical Power (nuclear and other) and Energy

    ..... Nuclear power:

    !!!V$rh Chernobyl nuclear plant fire/explosion/radiation [26Apr1986] (S 11 3) Misplanned experiment on emergency-shutdown recovery procedures backfired. Fatal (at least 31), serious cases continue to mount. Wide-spread effects. (The town of Chernobyl is now being dismantled.) [Vladimir Chernousenko, director of exclusion zone, estimates already 7-10K deaths among the clean-up crew, according to San Francisco Examiner, 14Apr1991, p. A-6.] 500,000 contaminated, 229,000 in clean-up crew (San Fran. Chron, 17Apr91); 8,500 in clean-up crew dead, many others (San Fran. Chron,14Apr91,p.A10); Greenpeace says the Chernobyl accident will claim the lives of more than 93,000 (Tierramérica, 3 May 2006)

    * Forsmark (Sweden) atomic power plant shutdown triggered by short circuit, 17 Aug 2006; AC/DC converters died, leaving reactor in an unknown state; Government shut down all similar reactors (R 24 41, S 31 6:26)

    *V$f 14 failures in Davis-Besse nuclear plant emergency shutdown (S 11 3)

    *$hrmi Three Mile Island PA, 28 Mar 1979, subsequently recognized as very close to meltdown (S 4 2:4), with 4 equipment failures, nondisclosure of faults, operator error, and misjudgement. SW flaw noted: thermocouple sensors were able to read very high abnormal temperatures, but the software suppressed readings that were outside of normal range, printing out "???????" for temperatures abouve 700 degrees. (S 11 3:9-10)

    *$h Three Mile Island accident revisited on 22nd anniversary: Loss of Comprehension, not just Loss of Coolant; typical of software development as well! (R 21 31)

    !!V,$ Various previous nuclear accidents - American (3 deaths SL-1 Idaho Falls) Soviet (27-30 deaths on Icebreaker Lenin, three other accidents) (S 11 3)

    *mfh Restarting the Salem nuclear reactor with a flawed part; sensors moved to avoid detection! (R 23 63; S 30 2:17)

    *r Subsequent to Chernobyl, US Nuclear Regulatory Commission relaxed fire isolation guidelines, enabling a fire to wipe out two systems (S 11 3)

    f* US-lent Russia Microsoft nuclear monitoring software, which lost track of nuclear materials (R 21 50)

    *$ Crystal River FL reactor (Feb 1980) (Science 207 3/28/80 1445-48, S 10 3:11-12)

    *Vrf Bug discovered in Shock II model/program for designing nuclear reactors to withstand earthquakes shuts down five nuclear power plants (S 4 2)

    * Nuclear power-plant safety (S 12 4)

    Sfi U.S. nuclear powerplants may not have firewalls (and not supposed to be linked to the Internet!) (R 22 90)

    *$f? British nuclear reactor software safety disputed (S 14 6)

    *d Untested risk management system for UK nuclear power stations? (S 18 2:10)

    *$hf? Sizewell B nuclear computer safety software complexity causes concern; Sellafield reprocessing plant computer error adds further concerns (S 17 1) Official report summarized. Maintenance work underway. Two shield doors left open. Waste raised. Plant still shut down, more study. (S 18 1:27) See also Dolan (R 15 58) and Parnas (R 15 59) on software testing.

    fff Czech Temelin nuclear plant problems: vibrating turbine causes three-month shutdown; restart again shut down due to software flaw; 23rd shutdown since beginning of operating tests (R 21 64)

    *$f? French nuclear power software safety considered error-prone (S 15 1)

    *Vm Oswego NY Nuclear reactor offlined by 2-way radio in control room (S 14 5)

    VSMr Interference downs Iowa nuclear power plant (2nd time) (S 18 1:12)

    *f SW error at Bruce nuclear station releases radioactive water, and raises questions about Darlington (S 15 2); more on Darlington, shutdown SW difficult to modify, verify (S 16 2); still more (R 22 87)

    * Fuzzy control in nuclear reactor startup/shutdown (Omron FZ-1000) (S 16 3)

    *r Nuclear Regulatory Commission Emergency Response Data System vulnerability: only one modem (R 20 11)

    *hhf Report by Chiaki Ishikawa on Japanese nuclear accident, with significant radiation release: a case study of bad design (R 20 61)

    *f Grenoble neutron reactor 10% over limit; equations wrong and instrument miscalibrated, ordinary not heavy water assumed in both cases! (S 15 2)

    $df New French reactor's distributed computer system abandoned (S 16 2)

    *$VSH Lithuanian nuclear power-plant logic bomb detected (S 17 2)

    Vhi 20 of 59 Soviet N-Plant shutdowns 1st half 1991 due to `human error' (S 16 4)

    f (Assumed) false alarm at San Juan Capistrano nuclear plant (S 16 4)

    *Vf Power surge shuts down 9 Mile Point nuclear station Oswego NY; uninterruptible backup power fails as well; site area emergency triggered (S 16 4; R 12 13)

    $* Tolerability of Risks from Nuclear Power Stations (report) (S 18 1:11)

    * Northeast Util. Millstone 2 nuclear power problems, underreporting (S 19 4:7)

    Vhi Xerox machine caused nuclear-power plant emergency halt (S 21 5:16)

    VSH Florida nuclear controls "vandalized"? Switches glued (R 18 35)

    *H More than 150 cases of falsified reports on welds in nuclear-power plants. (R 19 39)

    @eh Pilgrim nuclear plant Y2K readiness questioned by NucRegComm (R 20 40)

    *+/- California's Diablo Canyon 1 nuclear reactor auto shut down releases some radioactive steam; shutdown worked properly (R 20 89)

    *f Australia's Beverly uranium processing plant software bug blamed in radioactive spill (S 27 3:6-7, R 21 90)

    h Accidental alert spooks Vermont Yankee nuclear plant neighbors (R 22 44)

    Mmf Peach Bottom nuclear plant shut down by lightning strike (R 23 05; S 29 2:9-10)

    *h Nuclear reactor guard asleep on the job (R 22 92; S 29 2:10)

    ..... Nonnuclear power:

    !m,h Electrocution leads to more deaths (R 21 15, S 26 2:7)

    hd Grid-lock: Software missing, California electric power deregulation delayed (S 23 3:25, R 19 52)

    VSHO Calif. PG&E power substation damaged; note links attack to McVeigh verdict (R 19 21)

    mf$ "Heading off emergencies in large electric grids" (IEEE Spectrum article, April 1997, pp.43-47) (R 19 09)

    @$* Risk: Analysis, Perception and Management (report), assessing the worth of a human life around £2M to 3M, .5M in Transport Dept. (S 18 1:11)

    *V$r 9 Nov 1965 Northeast power blackout (NY, PA, VT, Conn, Mass) due to set-too-low threshold being exceeded; roughly 13 hours to recover

    *V$r 13 Jul 1977 power blackout (lower NY state) took twice as long to recover from as 1965: up to 26 hours

    *$Vhmfir 14 Aug 2003 massive northeast power-grid overload blackout; recovery took up to 44 hours to get most but not all power back (R 22 85-86, S 28 6:6; also R 22 96); computer failures led to NE US blackout (R 22 90); pithy analysis of the bigger picture of critical infrastructure vulnerabilities: The Road to Vulnerability, Patrick Lincoln (R 22 86, S 28 6:6-7); latent software bug in GE XA/21 energy management system contributed to the 14 Aug 2003 northeast blackout (R 23 18); computer failure analysis found a race condition, failures in the alarm system causing alarm queues to back up, crashing a computer (R 23 31; S 29 5:13-14)

    *V$f Power blackout of 10 Western states, propagated error [2Oct1984]; one-hour outage resulted from a supposedly routine event that was misread by an Oregon substation computer (S 9 5:5)

    *V$mh Western U.S. power blackouts, more propagated effects [2Jul1996] (R 18 25, S 21 5:13); apparently, initial report of outage from tree touching a power line was not relayed: operator could not find the phone number to call!

    *V$mhf West-coast summer power losses: 10 Aug 1996 affected 8 million accounts in 8 states, parts of Canada and Baja, with major outages, air-traffic effects; many interlinked causes. 13 Aug outages included Palo Alto shutdown due to erroneous signal (S 22 1:16); Palo Alto outage fried the Cable Co-op Playboy channel scrambling chip, programs went out in the clear (S 22 1:17); Stanford outage 10-11 Oct 1996 takes down Silicon Valley Internet connectivity, newpaper Web sites; caused by rats, explosion (S 22 1:16) (R 18 27-29,34); Claims that the 2 Jul 1996 outage could not happen again (R 18 32)

    VSH(O?) 3.5-hour San Francisco power blackout 23 Oct 1997 blamed on sabotage (S 23 1:13, R 19 42)

    V$m Downtown Chicago hit by electrical blackout, 12 Aug 1999; 3 of 4 transformers down, plus high-voltage cable (R 20 55)

    $Vh Power-plant apprentice's mistake melted down $500,000 transformer, blacking out Palm Beach; west-bus switch turns on cooling system; east-bus switch closed first, in another room (R 22 22)

    *V$hm Another San Francisco power outage: SFO Airport, Pacific Stock Exchange, rapid transit down, 1 million customes affected (S 24 3:25, R 20 11)

    Vmf Customs computer system down for 5.5 hours; 2000 passengers waiting at Miami International (R 24 02; S 30 6:17)

    *Vhi Los Angeles power outage affects 700,000; worker cut wrong line; spec wrong? (R 24 04; S 30 6:17)

    *Vm More Los Angeles power outages in summer 2006 despite redundant grid hookups and backup batteries; in one case, gravity-fed diesel required electric pump, which always worked in tests - with power! Another item on emergency shredding strategy that passed tests but would fail under power outage (R 24 37-41, S 31 6:23-24)

    V+ LA Cable Company, powered by an extension cord (R 24 37-39,41, S 31 6:25)

    *Vm Weeklong power outage in Queens NY, July 2006; burning wires, explosions in manholes; some wiring was 100 years old (R 24 36)

    Vm Enron power outage downed database servers used for gas and power trading: raised floor had collapsed (R 24 43, S 31 6:24)

    Vmf Earlier power outage recalled: AC-DC converters failed, failure mode not anticipated, no switches (R 24 41, S 31 6:24)

    Vm Scotland Yard power-outage chaos: all phones out, police emergency call logs failed (R 22 77)

    $Vmhe Huge 2003 London blackout caused by using 1-amp fuse instead of 5-amp fuse (R 22 91); later report: due to sloppy maintenance (R 22 97,98)

    $Vmhi London data-center power&backup outages Jul 2006: 11 hours; illustrative saga (R 24 41, S 31 6:24-25)

    $Vhi Nov 2006 widespread European power failure: Ems River transmission line shut down proactively, with unanticipated propagation (R 24 46,47, S 32 1)

    $Vm Another power outage and backup failure brings down German TV station NDR, 26 Nov 2006 (R 24 48, S 31 1)

    *$Vm Auckland NZ without power for weeks; El Nino drought affects cables (R 19 61); Auckland major power supply failure (4 power-cable failures): analysis report released (R 19 88)

    Vm$ New Zealand cable service disruptions due to (1) digging, (2)rodent, shut down stock exchange and other enterprises (R 23 91; S 30 4:22)

    m Remote line break leaves San Juan Puerto Rica without power (R 21 04; S 26 1:21)

    Vm Power cut in northern India hits 226,000,000 people (R 21 18)

    Vm Power cut blocks emergency calls (R 21 16)

    *V$ Don't forget the 6-week power outage in Quebec in winter 1996-97 due to massive collapse of heavily iced transmission towers, which had massive effects. Although it was not directly computer related, whoever designed the towers certainly did not allow for reality as the weight of the ice was way over the designed load.

    *Vrfm Maine Emergency Broadcast System fails: no emergency power (R 19 55)

    V$m Intel shut down by power-company software bug, 5-hour outage (R 18 02)

    *m Jan 1994 L.A. earthquake power failure affects Pacific NW (S 19 2:3)

    Vm$$ Chicago Loop tunnel flood blows power, computers, comm 13Apr92 (S 17 3)

    m 22-state PULSE ATM network completely disabled by Houston computer center flooded by Tropical Storm Allison (R 21 47)

    *Vf Ottawa power utility loses working three units to faulty monitor (S 11 5)

    V$fdmh $25M Australian power system runs amok; damages = $1.5M (S 20 2:11)

    *VSi Misdirected phone call shuts down local power (S 20 3:7)

    m Boa constrictor triggers blackout in Honduras (R 23 39)

    *V$rma Squirrel arcs power, downs computers in Providence RI (S 12 1)

    V$rma SRI attacked by kamikaze squirrel who downs uninterruptible power (S 14 5)

    Vrma 4th SRI squirrelcide causes 8-hour outage, surges, system rebuild (S 20 1:17)

    V$rma 5th SRI squirrelcide causes 18.5-hour institute outage, knocking out cogeneration power and disconnecting from utility power (R 19 96); earlier cases: see (R 17 91, R 18 52-53).

    Vm 6th SRI-wide power outage "caused when Cogen staff pressed the wrong button and took the facility off-line." (S 27 1:9, R 21 72)

    Vma Another squirrelcide: San Jose Airport power cut (R 20 87)

    V$rma Squirrel attack brings down Walla Walla (S 21 2:17)

    Vrma Squirrel knocked out Trumbull Connecticut infrastructure computer center (S 22 1:17)Vma Racooonoitering causes power outage at UC Santa Barbara (R 21 11)

    Vrma Snail causes Liechtenstein's cable TV system to fail (S 22 1:17)

    Vrma Kamikaze raccoon downs cold fusion experiments (S 14 5)

    Vrma Rat bridging connector downs U.C. Berkeley campus power (S 19 4:6) @Also, see Nasdaq squirrel outages (S 13 1) and (S 19 4:5-6)

    Vrma Rat-induced short-circuit at Barranquilla airport closes airport (R 19 38)

    Vrma Rat-patrol cat in Dhaka, Bangladesh, shorted out power station control room (R 19 74)

    Vra* House cat kills power to commercial district in Dhaka Bangladesh (R 19 67) ("Un chat" in the dark?)

    Vmr Fire ants enjoy the comfort of electrical equipment (R 19 17-19)

    Vrfh Vacuum cleaner interrupts uninterruptible power (S 19 3:8)

    *Vm Reactor overheating, low-oil indicator; two-fault coincidence (S 8 5)

    Vhi Trainee raises false alarm on utility emergency printer (S 12 3)

    Vmf Fire risks compounded by loss of residential power; alarms and cordless phone ran off house power (R 19 82)

    - Booming computer firms are running out of power (R 20 98)

    - Russian troops override power shutoff for unpaid bill affecting missile base (R 21 05; S 26 1:21)

    !h Illinois man dies after utility cuts power for arrears (R 20 95; S 26 1:21)

    $*m/h? Swedish power company system sent excessive voltage to customers, causing fire in one house, destroying heating systems (R 23 56)

    m Hydroelectric plant in Nova Scotia shut down when humpback whale breached underwater gates and neared turbines (R 23 51)

    fh Don't get stuck in the dark: not much improvement a year after the 2003 power outage (R 23 50)

    $mmf Australia's Channel 7 off-air due to multiple system failures; power outage, backup failure took down national phone system; (R 23 84,85; S 30 4:24)

    mf Power outage causes motorized-chair shopping carts to run amok; default state brake off, in forward gear (R 21 50)

    m Brownout-lowered voltages take out computers in Livermore (R 21 51)

    ..... Natural Gas

    Vm One-meter ice block in main gas supply knocks out 1/4 of gas in Victoria, Australia, with secondary power losses (R 19 81)

    V*hm UK Cable-and-Wireless employee accidentally cut gas line while repairing phone line (R 19 96)

    V*m Esso natural gas plant explosions in Victoria, Australia, killed 2, requires 5M people to shut off gas, despite three other plants (R 20 01)

    1.12 Medical, Health, and Safety Risks

    See http://www.iatrogenic.org/index.html for cases in which the supposed cure is worse than whatever the cure is intended to remedy. There are many such cases among the following items.

    ..... Various hospital and health-care problems

    !*hi Medical errors: name confusions, wrong doses; 1.5M Americans injured or killed each year by medication errors (R 24 37, S 31 6:23)

    !hrife Therac 25 therapeutic accelerator programming and operational flaws; 2 [now 3] killed, 3 injured (S 11 3, 12 3); see also Ivars Peterson, Science News, 12 March 1988; Jon Jacky, The Sciences, NY Acad. Sci Sep/Oct 89. See the definitive article by Leveson/Turner, An Investigation of the Therac-25 Accidents, IEEE Computer, July 1993, pp. 18-41: 2 deadly flaws: a nonatomically edited command line whose effect did not complete within 8 seconds, a six-bit counter that when zero bypassed the collimator check. Hardware interlock in Therac 20 eliminated.

    !h Therac-like failures: Data-entry errors kill five patients in Panama (S 26 6:8, R 21 49)

    !(ei?) Zaragoza Spain cancer radiation mistreatment; at least 3 died (S 16 2)

    *hHfm Medical Usability: How to Kill Patients Through Bad Design; 22 ways that automated hospital systems can result in wrong medication (R 23 84,87)

    *hi Cancer therapy missed tumor sites in 10 Australian patients (R 22 78, S 28 6:9)

    *(!?)hf 77 cancer patients exposed to excessive radiation (R 23 83; S 30 3:22)

    *S Hospital turns away as many as 300 radiotherapy patients due to computer virus infecting equipment (R 24 02)

    !hi Duke Hospital surgeons transplant mismatched organs; fail to check blood type (R 22 58-59)

    !hi Baby dies after untrained doctor presses wrong button on bypass machine (R 24 21)

    *hi Pittsburgh hospital performs mastectomy on wrong patient (specimens switched), with ten legal cases pending (although the hospital had passed federal inspection); Maryland hospital lab sent out hundreds of erroneous false-negative blood test results; lab mistakes; questionable links with oversight groups (R 24 11)

    * A risk of laparoscopy: accidental damage from stray electrical charge led to 13 operations and further complications; lack of device testing (R 24 20)

    *fhi Mode-change fault leads to FDA warning on glucose monitoring device (R 24 10)

    *f Brit. hospital radiation underdoses by 30% due to SW bug (S 17 2, 19 1:3)

    *Vm Possible Varian radiation therapy risks: run by 3 Windows 2000 PCs, crashes, schedule delays (S 27 1:8-9, R 21 74)

    *i X-ray machine risk due to mm vs cm units confusion (R 21 67)

    !*h Flying oxygen tank kills MRI exam subject (R 21 55) - 16 safety lapses subsequently cited in internal report; earlier case also reported of police officer's gun yanked out of his hand and fired (R 21 55); Hospital fined $22,000 (R 21 67); New England Journal of Medicine article cited (R 21 68)

    mV Explosion and fire at fuel depot hits Cambridge UK hospital patient information system and other installations (R 24 13)

    !h$ 3 patients die when Russian hospital omits utility payments (R 20 25)

    !(f?)(h?)(i?) Robot malpractice? da Vinci robot remotely controlled by doctor from screen accidently cut aorta and other blood vessel; patient died (R 22 36)

    *f/m? Robot runs riot at California hospital (R 23 92; S 30 4:20)

    fh Urology medical student residency "matching" process failure: one criterion misapplied (R 23 71, lengthy followup R 23 75)

    * The Downside of Wired Hospitals: contaminated computer keyboards (R 23 87)

    *Vm Risks of an `uninterruptible power supply' that wasn't: baby born by torchlight (R 21 09)

    *Vm Fuse caused a hospital to disconnect from the power grid (R 20 11)

    $V Cost-cutting endangers hospital power (R 22 26)

    Vrm Power outage leaves hospitals in the dark; inadequate backup (S 24 4:26-27, R 20 25)

    !fh Woman killed daughter, tried to kill son and self; "computer error" blamed for false report of their all having an incurable disease (S 10 3:8)

    !Vhri Girl electrocuted by heart-monitor plugged into electrical outlet (S 12 1)

    !fm MLKing/DrewMedicalCenter $411,000 new patient monitor system failed to alert nurses, disconnected following 2 deaths (R 23 20)

    m Seizure-inducing video hospitalizes 650 Japanese youths (R 19 51)

    [!h bogus] Report of cleaning person inadvertently killing patients (R 18.28,29); story later apparently debunked (R 18 72) mfhi "When Doctors Make Mistakes" (The New Yorker, 1 Feb 1999) considers user interfaces on defibrillators, design variations in anesthesia controls (R 20 18)

    *hi FDA warns Hitachi Medical about MRI systems; failures not properly reported (R 23 95)

    *f Flaw is found in software used to accredit hospitals (R 23 92; S 30 4:21)

    *fhi? 2,000 patients hit by lab test mix-up in Calgary, Alberta; results mixed up patients (R 23 94; S 30 4:21)

    *fhiV? Information system for Lisbon hospitals stopped for (at least) ten days; master patient index inaccessible (R 23 94; S 30 4:21)

    *fmV Frozen Windows system in hospital delivery room (R 23 92; S 30 4:21)

    *fhi Too many features in blood-glucose meter; mode confusion (R 23 95-96; S 30 4:20-21)

    rfhm Computer-based patient monitor problems: improvements still needed in anesthesiology (R 20 49-50)

    *+/- Open-source anesthesia software (Salon, R 20 52)

    *hi Bar codes identifying prescriptions cut 7000 hospital deaths due to medication error in half (R 23 21)

    *VmM? Medical monitors reboot in mid-surgery due to EMI? (R 20 49); other medical risks (R 20 51-52)

    *fV Laser eye surgery risks (S 26 6:8-9, R 21 59)

    *f The benefits and risks of robot surgery; hip/knee replacement robot criticized (R 22 90, S 28 6:7); more, on German Federal Civil Court ruling on Robodoc cases (R 24 33, S 31 5:19)

    V*m Clinical disruptions following loss of telephone service (R 20 50)

    h* Medical paper retracted following discovery of programming error (R 20 48); Statistical errors in medicine (R 20 49); Misplaced priorities with electronic hospital records (R 20 50)

    *fmd Life-threatening flaw in implantable cardioverter-defibrillator and other life-threatening medical equipment failures (R 20 48); Complexity and Safety in Medical Electronics, Dr. John Doyle (R 20 53)

    *$f Defibrillator maker AED issues recall, goes out of business (R 23 61; S 30 2:20-21)

    *fh Clinac 1800/2100C interlock boards switched, some calibrations x2 (S 16 4)

    *fi Risks of false alarms in medical systems; disconnected alarms (S 19 2:3)

    @*SHI Hacker-nurse unauthorisedly changes prescriptions, treatments (S 19 2:5)

    h Bremen hospital computer uses financial bottom-line whether to give intensive care; local government objects (R 18 84)

    $ Walter Reed Hospital health care system botches prescriptions, lab orders; access to narcotics not secure; increases doctors' workloads (S 17 3)

    mf California outage causes prescription mix-up (R 22 64; S 28 4:6)

    $f NY Blue Cross system confuses patients with same gender, birthdate (S 17 3)

    m Harvard Pilgrim HMO scheduling system creates chaos (S 21 4:13)

    @f/h? Empire Blue Cross/Shield glitches necessitate $50M write-off (S 18 3:A5)

    i Infirmary patient mistook painkiller button for call button (S 18 2:5)

    *rf Blood test for man born in 1889 "normal" (for 1989 birth!) (S 15 2)

    *f Medical SW fails to identify high cancer risks in British women (S 17 3)

    !$dfh London ambulance service SW development woes; major test fails (R 13 38,42,43; S 17 3) Complicated system, incomplete training, "wartime action room" (R 13 88,89, 14 02,09; S 18 1:26) Up to 20 deaths from delays, worst case 11 hrs (R 14 37; S 18 1:28); LAS made `virtually every mistake in the book' in implementation. (S 18 2:9); DEFINITIVE final report (R 14 48)

    *Vf 100 US hospital computer systems die; 2**15 days after 1/1/1900 (S 14 6)

    $ Computer delays cost Nottingham Hospital over £300K (S 17 1)

    *f Three medical product recalls due to software errors (S 14 5)

    *f Overseeing dementia patients by computer: conflicting advice (S 16 4)

    *f Multipatient monitoring system recalled; mixed up patients (S 11 1)

    *f Diagnostic lab instrument misprogrammed (S 11 1)

    *fi AI medical system in Nevada gave wrong diagnosis, overdose (S 11 2)

    $* 2nd mammogram after first botched causes health insurance denial (S 16 3)

    f Doctor phone analysis skewed by inability to register long waits (S 18 2:13)

    *h Nondial emergency phone gives recording to DIAL another number! (S 15 2)

    *SHi Rochester General Hospital disowns Web site heart-attack info (R 20 83-84)

    f/m/h/i/+/- Fascinating article on reducing risks to hospital patients; only 1 in 20 involved human error with most of the rest being caught in time; computer program cuts mistakes; only 1 in 80 adverse drug events reported (R 21 69)

    *fh Hospital's drug-error risks tied to computers; 22 types of mistakes identified (R 23 78; S 30 3:25)

    *hi Computerized Physician Order Entry Systems; bad doctor interface design; risks of relying on technology; also thoughtful pieces by Bob Morrell and Don Norman (R 23 79,81; S 30 3:25-27); more (R 23 82)k

    *m Helsinki Health Department Pegasos computer system down; hand-written recording slows down treatment (R 22 55)

    *Hi Large surgical tool left in woman's stomach for 4 months, equipment audit ignored (R 22 44,46)

    *hi Inappropriate human-machine interface on medical device: suction pump to remove fluid from infected wound (R 22 62)

    *m$ Computer crashes threaten Beth Israel Deaconess Medical Center operations (R 22 62, S 28 3:5); caused by research effort flooding the local network (R 22 64)

    m/h? Toronto public health computer accidentally erases many immunization records (R 22 62, S 28 3:5)

    *m Girl suffers 2nd-degree burns after laptop explodes (R 22 50)

    *(!)m Failure of electronically controlled of operating table during heart surgery (R 22 60)

    * Deep-vein thrombosis case results from 18-hour days of computer use (R 22 53,58)

    SM TETRA radios pose some risk to hospital equipment (R 22 55)

    *hi Pharmacists worry about automated drug vending units (R 23 44)

    hi Search Engine Dependence Syndrome as a neuropsychological disorder of physicians (R 23 89; S 30 4:26)

    ..... Pacemakers, interference, etc.

    !SrfM Arthritis-therapy microwaves set pacemaker to 214, killed patient (S 5 1)

    !SrfM Retail-store anti-theft device reset pacemaker, man died (S 10 2, 11 1)

    !*f$ Heart pacemaker and implantable cardioverter defibrillator recalls and alerts involve 520,000 devices (S 26 6:8, R 21 60)

    *VSrfM Electrocauterizer disrupts pacemaker (S 20 1:20)

    *Vrif Pacemaker locked up when being adjusted by doctor (S 11 1)

    +M Improved designs (including sealed titanium cases) have reduced the likelihood of RF interference. See Design of Cardiac Pacemakers, John G. Webster (ed.), IEEE Press, 1995, pp. 207-211.

    *Mi Japanese woman's rice cooker reprograms her pacemaker (R 22 67)

    !VrSM Cellular/radio RFI affects medical equipment; defibrillator fails; TV-RFI-altered diagnosis leads to unneeded pacemaker (S 19 4:7)

    SMVf Digital mobile phones can phreak pacemakers (R 22 77)

    +M RF risk turns pacemaker failure into accidental life-saver (S 19 4:7)

    *Vf Risks of flaws in programmable defibrillators (R 19 50,52,53)

    i Heart-monitoring software interface problem (R 18 49,50)

    *SM Stereo speaker risk to heart device (S 14 5)

    *Vm Failed heart-shocking devices due to faulty battery packs (S 10 3:7-8)

    *VrM Medical electronics RF susceptibility: triggers hospital alarms respirators failed because of portable radio interference (S 14 6)

    VrSM New HDTV signal shuts down Baylor heart monitors on same frequency (R 19 62)

    !SrM Miner killed by radio-frequency interference (S 14 5)

    *VSHP Risks of Internet-connected heart devices (R 20 78)

    ..... Chemical health hazards

    ! Higher miscarriage rate for women in computer-chip manufacturing (S 12 2)

    !* Reports on miscarriages in U.S. chip workers, Finnish VDT users; effects of Nintendo and other games on epilepsy (S 18 2:10)

    * "Dirty Secrets" of chip industry: hazardous chemicals (R 19 55)

    *f(h?) Computer flaw drops chlorine level, makes water undrinkable in Lewiston ME (S 24 1:32, R 19 92)

    *f Non-mercury replacements for blood-pressure cuffs may be unreliable (R 22 13)

    ..... Electromagnetic and other occupational hazards

    *f/h US occupational hazards much worse than in Europe? (S 14 6)

    *m Video display terminal health safety a continuing concern (S 11 3, 11 5); Series of three articles in The New Yorker by Paul Brodeur, 12-19-26 June 1989 Article on VDT Radiation, Paul Brodeur in MacWorld (S 15 5); VDT health effects discussed in K.R. Foster book chapter (R 14 70, S 18 4:5)

    *m Scandinavian study shows magnetic fields increase leukemia risks (S 19 1:3)

    ? Mobile phones cause memory loss? (R 20 23); Italian hospitalized for "acute Internet intoxication" (R 20 24) Studies continue to show possible health hazards from cell phones.

    * Computer noise linked to stress, especially in women (S 15 5)

    *f Killer terminals -teletypes (old) and Televideo 910s (S 14 1)

    * Repetitive strain injury, other risks in video terminal use (S 12 2)

    $ British Telecom pays £6000 for repetitive strain settlement (S 17 1)

    $ Apple settles RSI claim, after lawyer's error; IBM off the hook (R 16 86)

    $i Three awards (largest $5.3M) for arm, wrist, hand injuries attributed to Digital LK201 keyboard (R 18 66); references on RSI (R 18 68); Judge overturns all but smallest verdict in Digital keyboard case (R 19 14); a New York jury ruled Digital was not responsible for 9 workers' RSI cases (R 19 82)

    * Carpal tunnel syndrome (R 10 12,10.14), ulnar nerve syndrome (R 10.13)

    - BlackBerry Thumb: reports of repetitive-motion injuries (R 24 08)

    *$ Long Island county legislation on VDT Use (S 13 3)

    * VDTs and dermatology: rosacea, acne, seborrheic dermatitis, poikiloderma of Civatte. Medical article, useful references. (S 13 4)

    * VDTs and deterioration of eye focusing (S 13 4)

    * Health risks from dusty computer displays (R 18 21,23)

    * Glass cleaner causes static sparks, PC fires (S 13 2)

    !$ 2 Compaqs (Portable II) exploded after battery circuits rewired (S 12 1)

    *m UK office building evacuated after 30 computers exploded (R 22 96)

    *m 83 reports of exploding cell phones: bad batteries and chargers (R 23 61)

    *mV Dell recall for exploding batteries fails to check serial number and gives no diagnostic therefor (R 24 38-40)

    * Exploding cell phone shocks 911 dispatcher (R 23 71)

    *V GPS receiver explodes; PLGR violent venting at Fort Irwin (R 18 32)

    * Health hazards attributed to laser printers (S 12 1)

    @m Display lasers affect aircraft: pilots blinded over Las Vegas (R 17 55)

    *f Dangers of computerized robot used in surgery (S 10 5)

    * Computer use and extension phones linked with weight gains (S 15 3)

    m*? Risks of computerized Japanese toilets (R 20 51-52)

    f/m Bug in Windows-operated vacuum-operated toilet system fails throughout London's One Aldwych Hotel (R 23 20)

    *!h Trash compactor kills shoplifter; original story on automatic initiation incorrect (R 20 90-91)

    ..... 911 and related emergency system problems

    @!Vhi Death of 5-year-old boy due to SF 911 computer equipment failure (S 12 2) Ultimately blamed on terminal operator failing to press a button.

    !f CADMAS 911 dispatch SW problem contributed to woman's death (S 16 1)

    @!f Emergency dispatch EMS SW truncates address, man dies (R 11 55,57,60)

    @!f 911 software discarded updated address in fatal Chicago area fire (S 17 1)

    !Vfmh NYC 911 system crash during backup generator test: backup failed for an hour, main for 6 hours (R 20 19)

    m Los Angeles 911 system with no alternative power fails for 17 hours, but backup system worked! (A novelty in RISKS archives!) (R 20 03,07)

    m Wet cable leads to 120 false 911 calls (R 20 10)

    h? Fort Worth TX police computer makes 1,300 invitational calls in the wee hours: "reverse 911" (R 20 23)

    Vm* Small fire escalates into major disruption for 113,000 Toronto phone lines, with resulting protracted outages including 911 services (R 20 49,51)

    Vf/m/h? Glitch misroutes Nevada 911 calls to San Diego CHP (R 20 62)

    *f 911 call show wrong address (R 24 27,28)

    Vm Water line break closes 911 center & police department (S 27 3:7, R 21 89)

    hf 911 computer fails to find "street address" for stricken tourist at DC FDR Memorial (R 21 40)

    !fh Botched 911 call led to man's death: incomplete database (R 22 87)

    e Laptop configuration screwups and accidental 911 dialing (R 21 57,59); more on accidental 911 calls (R 21 92)

    !hi 911 emergency operators drop call from rowboat occupants with unrecognizable location (Long Island Sound) (R 22 58-59)

    *f Emergency 911 call from cell phone can be routed to wrong service (R 22 67)

    fmM Flat-screen TV emits international distress signal (R 23 57,59); similar story related to NY Civil Air Patrol Emergency Locator Transmitters (R 23 58)

    mi Man trapped for hours by finger stuck in payphone slot (R 23 05)

    +? Cat dials 911, saves owner (R 24 14)

    ..... Database and system issues

    fe Risks in SEVIS foreign students database: files accidentally or `misplaced' block re-entry, inability to do upgrades, random crashes (R 22 81)

    *f More on computer glitches and laboratory result reporting (R 23 64; S 30 2:21-22)

    SP Kaiser Permanente medical e-mails go to wrong people (R 21 02; S 26 1:38)

    *f 14,000 radiology reports not sent to doctors, patients not notified over one-year period (R 23 63; S 30 2:21)

    *hi Automated medication system worse than the disease (iatrogenic)? Many new potential risks (R 23 62,64)

    SPh,h URL typo + Web glitch = private Florida Health Dept files world-readable (RISKS 21.09-10)

    *P$ US Government's healthcare database contains inaccurate and flawed information (R 21 15)

    Sf Sensitive health data on PrecisionRX.com Web sites reflects lack of security awareness (R 22 75,76)

    h UK hospital tells elderly men they're pregnant (R 21 87)

    $de Old data systems a health-care burden; one-third of health-care costs in adminstration (R 22 54, S 28 3:5)

    @$deh $35M San Mateo California health system upgrade is a downer; receivables backlog over $40M; blame scattered (R 20 98)

    e$ NZ healthcare-insurer computer upgrade delays payments (R 21 88)

    SHI DMV security code disclosed at hospital in New Haven (R 18 28)

    $SHAI Mass. hospital technician accessed ex-employee's account, accessed 954 files, harassed former patients, raped girl (R 17 07, SAC 13 3)

    SHI 6000 AIDS records stolen from Miami hospital PCs and diskettes (S 19 2:9); bad prank follows (S 20 5:10)

    SHI 4000-person AIDS database leaked to press, Pinellas County, FL (R 18 48,53); former Health Dept employee and roommate charged (Reuters, 15 Feb 1997)

    f SW error almost doubled apparent death rate in St. Bruno, Canada (S 15 3)

    P Confidential medical records sold at auction (S 16 4)

    fe Hospital computer listed 8,500 discharged patients as dead, and informed insurance companies and Social Security Admin; mapping error in database conversion (R 22 55-56)

    e Combatting data extinction resulting from unreadability caused by dead technologies (R 22 89)

    @hi Proper understanding of "The Human Factor" (essay by Don Norman, R 23 07, commentary on two earlier RISKS items in R 23 04 and 06); two follow-ups from Doug Jones and Peter Ladkin (R 23 08); more on Murphy's Law (R 23 09) and developers (R 23 09); similar arguments about medical records (R 23 10)

    SP Case of pharmacy mixing up confidential records (R 19 53)

    SP Surplus computer in Kentucky held supposedly deleted AIDS files (R 22 55)

    @SP+ New California Online Privacy Protection Act requires posting of privacy policies, effective 1 Jul 2004 (R 23 46)

    See other sections on privacy problems for additional related database privacy issues.

    ..... More safety risks

    ! Man dies after playing computer games non-stop for 86 hours in Internet cafe (R 22 30)

    *f New UK Millennium Bridge closed after one day: alarming instability despite extensive simulation; resonant frequencies at walking speeds! (R 20 93,95)

    *fe Risks on Auckland harbour bridge: no signal defaults to "lane open"; wait for a power outage! (R 22 27)

    *f Risks in scuba equipment (S 26 6:10, R 21 41)

    *fhi Risks of increasingly complex hardware/software in skiing rescue gear (R 24 34, S 31 5:18-19)

    *f$ Product recalls and class action lawsuit against Uwatec, Scuba Pro and Johnson Outdoors over faulty assumption in 1995 model Aladin Air X Nitrox scuba-dive computer (R 22 57); further discussion (R 22 76)

    - Internetomania: psychology of net usage (S 23 5:26, R 19 78)

    *fm? Medical image compression problems discussed (S 16 2)

    S Actress Margot Kidder's breakdown reportedly triggered by computer virus' lost files (R 18 46)

    h EverQuest game program is the "digital version of crack": highly addictive? (R 20 52)

    !h Woman electrocuted in hotel; faulty air-conditioning? (S 20 5:9)

    !f [bogus] 2 dead, 1 brain-dead from Chilean bank terminal [Weekly World News] (S 12 2)

    mf? Baby death due to software-controlled air bag deactivation? (R 20 28)

    * Computer CPU falls on man's foot (S 12 4)

    * High-power laptop injures lap: hot stuff! (R 22 39)

    + E-mail between Bordeaux and Minneapolis rescues a suicide attempt (S 18 1:6)

    + Microchip in dog tag identifies Australian boy (S 19 1:3)

    $SHAP FDA approves use of implantable ID VeriChip in humans (R 22 32-33)

    1.13 Other Environmental Risks

    !*$hi Indian Ocean Tsunami: Natural Disaster Imminent: Whom to tell? How? E-mail! (R 23 64,65; S 30 2:21)

    @*SH Tsunami warnings and spam (R 23 65; S 30 2:23-24)

    !Vem(SA?) June 1999 fatal 16-inch pipeline rupture in Bellingham WA spilled 237,000 gallons of gasoline, which ignited; blamed on unexplained unreproducible SCADA system slowdown just after new database records added; one account for all operators; modifications performed directly on live system; error logs apparently not watched (R 22 36,40)

    (!)*$$hif Exxon Valdez oil tanker on autopilot runs aground with captain absent; worst oil spill in US history; computer records deleted (S 14 5)

    f Exelon Power monitor misprogrammed by vendor for wrong standards, air quality suffers (R 23 93; S 30 6:18)

    *fh Automatic speed reduction causes New Orleans Bright Field crash (S 22 2:19)

    *f/h Computers blamed each time, 3M, 5.4M, 1.5M gallons of raw sewage dumped into Willamette River in three separate incidents (S 13 3, 13 4)

    (f/m/h?) Computer-related sewage release into Massachusetts Bay (R 21 08; S 26 1:18)

    h GPS setup error affects dredge dumping in California (S 24 4:27, R 20 30)

    rfh 1993 Midwest flood-warning problems; operations, models flawed (S 18 4:5)

    *m Warning system failed during Southern Maryland fatal tornado; number of counties to be warned exceeded programmed limit (S 27 6:10, R 22 17)

    h/f? Orlando newspaper forces stormwater tax delay; computer blamed (S 17 2)

    * Smoke ban in India brings back mosquitos, malaria (nontech risk) (S 19 4:7)

    @*f Ozone hole over South Pole observed, rejected by SW for 8 years (S 11 5)

    @fm Channel blocked, Discovery runs out of storage for ozone data (S 18 3:A14)

    1.14 Robots and Artificial Intelligence

    $Vfme All 15 entries fail relatively quickly in DARPA robot desert race; 7-mile maximum over expected 150-mile course (R 23 27)

    @fe Spirit Rover failure on Mars: software upload to delete files failed, file space exceeded, caused reboot with insufficient file space, causing reboot loop (R 23 14,15, see final summary in R 23 24) ["Spirit was willing, but its flash was weak." Jim Griffith, R 23 17]

    @SH Abuse of electronic copyrights: humorous piece on Mars Pathfinder landing was reported from the Martian point of view; later adapted by someone else for Spirit, without attribution (R 23 18)

    @!(f?)(h?)(i?) Robot malpractice? da Vinci robot remotely controlled by doctor from screen accidently cut aorta and other blood vessel; patient died (R 22 36)

    * Battlefield Robotics are risk to the world public (R 23 58-60)

    +? What the world needs is more lawyer-bots (R 23 57)

    !m Japanese mechanic killed by malfunctioning Kawasaki robot (S 10 1, 10 3:7) (Electronic Engineering Times, 21 December 1981)

    !m At least 4 more, possibly 19 more robot-related deaths in Japan (S 11 1)

    !mM? 6 of these deaths due to stray electromagnetic interference? (S 12 3)

    !m Michigan man killed by robotic die-casting machinery (S 10 2, 11 1)

    ! [bogus] Chinese `AI' computer electrocutes its builder (S 10 1) [WWN]

    !f [bogus] Computer electrocutes chess player who beat it! (WWN) (S 14 5)

    * Two cases of robot near-disasters narrowly averted by operators (S 11 3)

    V(!) Budd Company robot commits suicide by dissolving its electronics (S 13 3)

    $hi Programmed tunnel-digging robot runs amok (a-muck), $600,000 to fill hole (S 22 5:13)

    hi Robot car park holds cars hostage; software license expired, and hundreds of cars were trapped for days (R 24 36, S 31 6:27)

    f Servant robot runs amok, winds up in court (S 11 5)

    f NBC network-news robot camera runs amok during broadcast (S 13 3)

    $S Risks of on-line robotic SW repair: SoftRobots (S 12 4)

    Vmf? Stanford robot veered off course, fell down stairs (S 18 1:7)

    V$m Fiber cable snap ends Dante robot only 21 ft into Mt Erebus volcano (San Francisco Chronicle, 3 Jan 1993, p.B-6)

    V$m Dante II robot explores Mt Spurr plagued by problems: bear chews on antenna; power loss; topples over; tether snaps; finally helicoptered out (S 19 4:5)

    f Hospital delivery robot blocks exit from elevator (R 20 42)

    *Sr Thai robot has Web interface controlling a gun; risky! (R 21 02; S 26 1:19)

    SHh Texas officials wary of plan to hunt animals by Internet (R 23 60)

    *Sr(f?) USAF self-triggering robotic weapon system: airborne laser on a Boeing 747 (R 21 20, S 26 2:5)

    *fm Tourist balloon stuck over Baltimore, stranding 17 for 2 hours; automatic shutdown of control equipment impairs rescue (R 23 46; S 30 1:10)

    1.15 Other Control-System Problems

    !!$r,h? 1983 Colorado River flood, faulty data/model? Too much water held back prior to spring thaws; 6 deaths, $ millions damage [NY Times 4Jul1983]

    * Fishermen rescued after Vancouver area dam malfunction (S 27 6:11, R 22 14)

    f?h? Computer glitch causes false dam failure warning (R 22 75, S 28 6:7-8)

    *m Topeka KS water treatment outage (S 26 6:9, R 21 43)

    !mfV In emergency override during Tropical Storm Allison, elevator in the BofA building in Houston goes down, drowning its occupant even before reaching the bottom; perhaps a good strategy in a fire, but not good in a flood (R 21 47) [Apparently not quite correct, drowning occurred after walking down to the garage. ] Alan Wexelblat's Law cited in an article by Joel Garreau in The Washington Post, 31 Aug 2001: "When it comes to technological arrogance, nature has a nasty sense of humor." (R 21 65)

    !mfV MIT elevator stopped moving on a floor at which there was a fire, roasting the occupants (early 1970s, noted by Henry Baker)

    *mV Computer malfunction floods Boulder garages and basements (S 23 1:11, R 19 34)

    !fe 2 Ottawa elevator deaths; interlock logic bug; flaw unfixed after first death (S 14 5): first death (R 8 48-50,52-54); second death (R 8 77); failure to fix known problem (R 9 01); third death noted (R 22 89)

    !m Man decapitated after being caught by Houston hospital elevator door (R 22 87,89, S 28 6:7)

    *m Computer controller crane goes unstable, forcing evacuation of nearby apartments for at least two days, Jan 2002 (R 21 91)

    hi Off-by-one error in data entry during weekly emergency system test: Evacuate the entire state of Connecticut! (R 23 70; S 30 3:29)

    *MV RFI and elevators (R 8 57,58,61,63

    * Safety risk in elevator door closing algorithm (R 10 74)

    *SPe Woman locked in Newcastle-upon-Tyne computerized Cyberloo rescued by fire brigade ripping off the roof; elevator escape hatches welded shut to prevent dangers to children (R 21 35)

    !mV Computer-controlled computer-room door kills South African woman (S 14 2)

    !f ALCOA worker killed in interaction with automated guided vehicle (S 16 1)

    *$fm Computer-related British chemical industry accidents: watchdog program fails; other SW errors; operator overloads; maintenance error (S 14 2)

    *$rh Union Carbide leak (135 injuries) exacerbated by program not handling aldicarb oxime, plus operator error [NY Times 14 and 24Aug1985] (S 10 5) [This was after the 3 Dec 1984 Union Carbide Bhopal pesticide plant incident, which killed more than 3000 people and injured 200,000; many others have died since of gas-related illnesses.]

    *$h Dutch chemical plant explodes; input error gives wrong mix (S 18 2:7)

    *m Power surge ignited high-voltage transformer; ensuing fires caused evacuation of Australian steelworks (R 19 48)

    *$fe During SW maintenance Alta Norwegian flood gates open in error (S 12 4)

    !? Automated toilet seat in Paris killed child??? (S 12 2)

    V$f 3 computer crashes rupture Fresno water mains, 50 plumbing systems (S 14 1)

    V$f Stanford collider shut down due to innate complexity (S 13 4)

    $f "Redundant" air-conditioning system with a single thermostat (S 14 2)

    f Computerized air-conditioning bugs chill employees (R 21 05; S 26 1:26)

    $f Computer controls tear movable Olympic Stadium roof in Montreal (S 13 4)

    $f Toronto SkyDome movable roof open and shut case: software problems (S 14 5)

    *$m 8080 control system dropped bits and boulders from 80 ft conveyor (S 10 2) (Someone later suggested it was really 2 wheelbarrowfuls of gravel!)

    *f Automatic doors lock up Amsterdam patrons in new building (S 14 1)

    $h Welland Canal Bridge (not remotely controlled) lowered too soon, clips off top of wheelhouse of freighter Windoc, which caught fire (R 21 61); incidentally, in 2002, Windoc broke loose from its mooring in 130-kph winds, drifting 5km (R 21 95)

    *m Shorts open Seattle drawbridge without warning in rush-hour (S 15 2)

    f Dover DE drawbridge computer failure blocks traffic for 1 hour (S 18 1:8)

    df Seattle drawbridge control: manual automatic system for safety! (S 20 1:16)

    fm Automated bridge in Kupio Finland sticks in the up position (R 17 32)

    *m Ghost bridge traps motorist in Kropswolde (R 20 43)

    $f Restaurant orders on-line; computer crash overcooks steaks (S 12 2)

    h Sydney Restaurant computer data wrong, menu items transformed (S 13 4)

    m Saab Story: Cars rolling off the assembly line in empty factory (S 19 1:4)

    ..... Theatricks:

    *$f Computer-controlled turntable for huge set ground "Grind" to halt (S 10 2)

    *$f Computer stops "Les Miserables" set; 4600 refunds, $60,000 lost (S 12 2)

    *$M Secret Service phone interference plunges theater into darkness (S 12 2)

    $SM Mobile-phone interference moves Sunset Boulevard sets (S 18 3:A10)

    V$m Computer problems cancel Boston premiere of The Who's Tommy (S 19 2:2)

    V$f Prolonged Theatre Royal booking computer outage blocks tickets sales (S 12 2)

    *m Computerized theater winch goes berserk (full-speed-up and crash) (S 12 2)

    $m Los Angeles premiere of Goldenthal/Taymor opera Grendel delayed by computer malfunction; 28 motors, 18-ton wall! (R 24 29, S 31 5:18)

    1.16 Other Computer-Aided-Design Problems

    !f 98-foot section of Paris Airport new $890M terminal vaulted roof collapsed, killing five (R 23 38; S 29 5:14)

    *rh Hartford Civic Center Roof collapse: wrong model (S 11 5, ref. 14 5)

    *f Salt Lake City shopping mall roof collapses on first snowfall (S 11 5)

    @Vm Computer-center roof collapses in snow, downs 5000 ATMs (S 18 3:A4 and 5)

    $rf America's Cup Stars&Stripes misdesign due to modeling programs (S 12 1)

    *f John Hancock Building in Boston - problems in "active control" (S 12 1)

    *f Potential building collapse: the 59-story building saga in New York (S 20 5:10)

    hdi Bridge construction mismatch: Upper Rhine Bridge half 54 cm lower (R 23 29); 27 cm roadway difference recognized but corrected in the wrong direction (R 23 30); Similar differential in Australia's Wallerawang Power Station (R 23 30)

    1.17 Accidental Financial Losses, Errors, Outages

    $eh Largest computer error in US banking history: US$763.9 billion (S 21 5:13)

    *$h Oct 1987 Dow-Jones index losses amplified by program trading (S 13 1); Side-effects of saturated computer facilities; brokerage sued (S 13 1); Losses over 100 points truncated to two digits by Signal service (S 13 1); Program trading halted by Wall Street firms for own stability (S 13 3)

    $f L.A. County's pension fund loses $1.2B over 20 years due to programming error (R 19 66)

    $fe New £170M system gyps British pensioners of up to £100 each week (R 20 05)

    V$m U.S. national EFTPOS system crashed on 2 Jun 1997 for two hours, 100K transactions were "lost". One CPU failed, backup procedures to redistribute the load also failed. (R 19 21)

    e$ Canadian Imperial Bank upgrade affected half the transactions (S 22 2:22)

    fh? Canada's Bank of Commerce glitch delays 85,000 transactions (R 19 72)

    $e Fidelity Brokerage computer problems from new system installation (S 22 2:22)

    $h Mistyped password put two brokers in the same computer files (S 13 1)

    $f Investment program turns into selling-only doomsday machine (S 19 1:5)

    $f $32 Billion overdraft at Bank of New York (prog counter overflow) (S 11 1)

    $fe Ent Federal Credit Union misprocessed multiple same-day transactions for over a year, retroactively deducted $1.2 million from accounts (R 18 53)

    $h Franklin National Bank earlier lost $50M in speculation, led to demise (R 18 54)

    $f UK bank SW glitch hands out extra £2B in half hour (S 15 1)

    $hi $2 Billion goof due to test tape being rerun live (S 11 2)

    $m Mag-snag hits Reserve Bank of India's clearing operations (S 19 3:6)

    $d UK paid SD-Scicon £7.3M for scrapped IBM 3090 SW system (S 18 1:11)

    $de Bit bucket swallows AU$17M in new system (R 24 38, S 31 6:23)

    $dh BofA MasterNet development blows $23M; backup system gone(S 12 4) Two BofA executives leave after DP problems costing $25M (S 13 1); $60M more spent in botched attempt to fix it (S 13 2)

    ($) Barclays Bank almost transfers £14 billion to Greece (S 17 1)

    $def $18M new system hinders collection of $10M in L.A. taxes (S 16 2)

    $h British woman overdrawn by £121 billion, due to typing error (R 20 04)

    $f $100M overdraft plus daily interest in Sydney - "computer error" (S 13 1)

    $rih $.5M transaction became $500M due to "000" convention; $200M lost (S 10 3:9-10)

    $hi? California bank deposited $1M instead of $100K; it was spent (S 19 3:5)

    $$ High stakes: Wall St bank wires average over $1.2 trillion/day (S 12 2)

    $h Slow responses in Bankwire interface SW resulted in double posting of tens of $millions, with interest losses (S 10 5)

    $f Australian Comm. Bank doubled all transactions for a day (S 13 2)

    $h Some French civil servants get paid twice, others not at all (S 21 2:17)

    $h Teacher receives $7.9M for 18-minute job; employee number entered in hourly wage field; payroll fail-safes "didn't work" (R 22 28)

    $(f/h?) Double posting of credit-card charges (S 19 3:6)

    - ISP whacks game fan with $24,000 bandwidth fine (R 21 08; S 26 1:26)

    $fi NYC subway fare cards double-deduct; user interface at fault (S 19 3:6)

    $fe Extra line in Chemical Bank program doubles ATM withdrawals (S 19 3:6)

    $h Doubled payroll run surrounds Thanksgiving, run before and after (S 20 2:9)

    he National Australia Bank operational goof: payroll program not restored after test, payroll missed (R 19 97)

    $h $98,002 refund check based on zip code, not correct amount $1.99 (R 19 16)

    $f German Bundesbahn (railway) software messes up payrolls (S 20 2:9)

    $h Computer blunders blamed for $650M student loan losses (S 14 2)

    $h Unvetted software patches threaten $26B federal retirement fund (S 20 3:7)

    f/h? Empire Blue Cross/Shield glitches necessitate $50M write-off (S 18 3:A5)

    $f California state computer wrote $4M checks accidentally (S 11 5)

    h? 75,000 duplicate Calif. unemployment checks issued accidentally (S 18 3:A5)

    $f Farmer receives $4M US Government check instead of $31 (S 17 3)

    $f Canadian Pacific stock price sanity check rejects legitimate data (S 12 4)

    $(hi?) New York City school system accidentally issues check for $8.6 million for settlement of $86,000 (R 23 85); forgotten decimal point?

    $h Australian man can keep $335,000 windfall from computer data error (S 12 4)

    $f/i/h? Howard Jenkins receives accidental $88M; bank system error (S 19 4:8)

    SHI Dutch electronic-banking direct-debit scandal: Friesian church minister discovers surprise privileges (R 18 81)

    $f SW errors blamed for £71,000 VAT misdeclared; £21,000 fine results (S 16 3)

    $h First Boston loses $10M to $50M on computer securities inventory (S 13 2)

    $f New software system blocks commercial loans in California (S 14 5)

    $f $2B (3M bank transactions) stalled when computer rejected posting (S 13 2)

    rf More on ATM range checking. $999,999,999 deposit test goes through (S 15 5)

    $f Computer system refuses deposit of $200K; max just under $100K (S 17 4)

    f Bank's Exchange network overloads in Oregon and Wash, ATMs act up (S 15 5)

    mh Computer aspects of Credit Lyonnais Fire discussed (R 18 14)

    Vm Computer-center roof collapses in snow, downs 5000 ATMs (S 18 3:A4 and 5)

    $fi Chase Manhattan computer glitch affects thousands (S 21 4:12)

    $m 2000 Toronto-Dominion ATMs crashed for a weekend (S 22 2:22)

    $m 2001 Toronto-Dominion Bank system outage affected debit-card users (S 27 1:9-10, R 21 72-74)

    $h Codelco loses $207M on mistyped instruction (buy, not sell) (S 19 3:5)

    $f Ben & Jerry's expects first-ever loss, partly due to SW problems (S 20 2:11)

    $f NZ Databank computer error withholds funds for many accounts (S 16 2)

    $m European ATM repeated debit (S 14 2)

    Ve Chemical Bank's ATMs go down after botched file update (S 19 4:6)

    Ve 1529 Bank of America ATMs down after maintenance goof (R 19 16)

    Vfe Bank of Montreal card functions paralyzed by software flaw (R 20 01)

    e Non-U.S. Bank ATM users' debited, get no money; botched upgrade (S 18 2:12)

    $mf Haywire Fargo ND ATM spits out no cash for some, and extra cash for subsequent users; cold weather affected cash doors (R 22 64; S 28 4:8)

    $SH Russian ATM software error credits 2 billion rubles on 2000-ruble deposit; when informed, disinterested clerk ignores it; ensuing saga interesting as customer parlays this into 20 billion rubles! (R 24 40, S 31 6:27)

    SHf Diebold Opteva 520 ATM crashes, exposing Windows XP Inside! (R 23 28)

    $ Norwegian bank ATM gives 10 times the requested cash; long lines (S 15 3)

    $hi Cost of online banking typo put on consumer: extra digit in Swedish Internet banking account number transferred large sum to wrong account (no check sum); nasty results (R 24 43,45; S 31 6:27)

    $h European bank mounted wrong tape redid monthly transfers (S 14 2)

    $he Wells Fargo deposits slip - another software glitch (S 14 5)

    $f Wells Fargo 1987 IRS forms stated 100-times-salary for employees (S 15 1)

    V(m?f?) Wells Fargo computer network outage (R 21 15, S 26 2:6)

    fh Citibank ATM network outage due to software problems; online Internet service crashed also (R 21 65)

    Vf/m? Repeated computer outages for Swedish Nordbanken, affecting 3.5M customers; cause not reported (R 21 18)

    V$fei Mizuho online banking system 3-way merger huge failure, outages, incompatibilities (S 27 3:7-8, R 22 03,05)

    h? Resolution Trust Corp badly overreports to IRS on interest paid (S 18 2:11)

    $f 120,000 long addresses mess up British building society computer (S 14 6)

    $f Program bug permitted auto-teller overdrafts in Washington State (S 10 3:13)

    h 2,000 Texans get false overdraft notes from Bank One in Y2K test (R 20 13)

    $h Glitch causes 4 billion euro overdraft (S 24 4:27, R 20 30)

    fe Many Vermont (and other) gas pumps cannot handle gas at $3/gallon (R 24 03)

    $h New Zealand student grants debited instead of credited (S 14 5)

    fm More nonatomic ATM transactions: account debited, no cash (R 19 40)

    $h Brown University senior's account mistakenly given $25,000 (S 12 2)

    $f $80,000 bank computing error reported - by Ann Landers (S 12 4)

    e? Lisbon ATM gives receipt in esperanto instead of espanol (S 18 2:11)

    $dem Brit. Foreign Office accounting computer outage off by £458M (S 16 2)

    f Freddie Mac profits misstated by $220M due to accounting software error; bug had persisted for several years (R 24 09)

    $f $40M Pentagon foreign military sales computer misses $1B (S 13 3)

    hi British audit missing £37M (16M `usual errors', 21M lost) (S 18 3:A6)

    $fe Minnesota PR firm cut over to untested system, bills months behind (S 13 4)

    f$ San Jose system stops issuing garbage bills (S 22 2:20)

    $fe IRS COBOL reprogramming delays; interest paid on over 1,150,000 refunds (S 10 3:12)

    $fh IRS overbills 1000 people by $68M in five flood-damaged states (S 18 4:4)

    $h IRS audit turns up $752 VDT valued at $5.6M; $36K payment for idle mini; 32 duplicate payments, overpayments worth $.5M, $17.2M undocumented (S 18 4:4)

    $SP IRS computer modernization problems: privacy and security, cost (S 18 4:4)

    f$ Greenpeace donation transfers accidentally multiplied by 100 (R 24 14)

    $f Variances in up to 25% of adjustable-rate mortgage bills (S 16 1)

    $f British retail price index 1% off, costs £121M, testing (S 16 1)

    V$h San Jose library lost two weeks of records. Books, fines lost. (S 11 3)

    V$fm Los Alamitos racetrack lost $26K in excess payoffs; betting halted (S 16 2)

    fi Risks of banks' not retaining data between Quicken runs (R 19 39)

    $h Fire-control test backfires in midst of bank's end-month processing (S 15 5)

    $fm Newly centralized Sendai postal/banking computer crash effects (S 16 3)

    + NY Federal Reserve bank Fedwire EFT survives power outage, no loss (S 15 5)

    $m LA Federal Reserve computer snafu delays bank deposits (S 17 3)

    V$f SW flaw freezes Barnett Banks (Florida) computer for one day (S 17 4)

    $fh 5M NWB credit-card users get erroneous bills (S 17 4)

    @SH World Bank virus ("Traveller 1991") (S 16 4)

    S$e Barclays Internet-banking security-glitch following software upgrade enables access to accounts of others (S 26 1:37; R 21 01)

    Vm Barclays' BACS payment system failure (S 27 3:8, R 22 02)

    m Barclays outage of 1,500 ATMs on 27 Mar 2005 originally attributed to manual Daylight Savings cutover, subsequently to a hardware fault; (R 23 82-83; S 30 3:24-25:); earlier days the changeover required a manual switch! (R 23 84)

    fV Belgian Dexia ATMs freeze up on pins including `7' (R 24 07)

    f Risks of financial planning engines with bogus results (R 20 48)

    f (begets f) Visual Basic problem with decimal points and commas affects vehicle tracking software (R 23 27-28)

    $mh Operating under huge backlog, human error resulted in monthly Swedish child stipend deposit of roughly $10 billion (instead of 950 SEK per child); error corrected the next day, backing off 15 million SEK in interest as well (R 22 32)

    ..... Lottery, Gambling, etc.:

    $SHf Firmware bugs in Dutch gambling machines easy to exploit (S 13 4)

    $SH Harrah's Tahoe $1.7 Million payoff internal fraud - Trojan horse chip? 6 slot-machine progressive payoff triggered (S 8 5) 11 indicted (17 riggings in 3 yrs); `winner' later found dead (stoolie?)

    $SH See Jeff Burbank's wonderful invited talk at EVT/WOTE 2010, Outsmarting Regulators: Gambling in Nevada, based on his book, License to Steal, huge relevance to election systems.

    $SHIA Autotote ex-programmer hacks winning Breeders' Cup Pick Six horse-race bets and more; Drexel frat buddies implicated (S 28 2:13; R 22 33,38-40); programmer Chris Harn got only a year and a day in jail, because he helped the authorities; his buddies get two- and three-year terms (R 22 65)

    $f Bug in Queensland gambling machines scrambles checking facility (S 17 2)

    $SHO Sierra On-Line gaming site cracked (R 19 52)

    $SHOIA Risks of offshore Internet gambling (S 23 1:14, R 19 27)

    $SH Hackers and others win big in attacks on CryptoLogic Internet casino one rigged for $1.9 million (S 27 1:12-13, R 21 67,69)

    + Federal prosecutors indict offshore Internet gambling operators (R 19 63)

    @+/- Senate bans Internet gambling (R 19 89)

    $H West German crackers use knowledge of Poker game machine programs for big payoffs. 160,000 machines at risk. (S 12 3)

    $mSHf Glitch lets gamblers beat Nova Scotia video lottery terminals due to chip flaw (R 22 64; S 28 4:8)

    $f Sacramento woman denied $2.8 million casino jackpot by fail-safe mode (S 27 1:9, R 21 65)

    $ 110 Powerball lottery players hit 5 of 6 numbers, because of a common fortune cookie, totaling $19M (R 24 33)

    S+/-? Casino can reprogram slot machines in seconds (R 24 24, S 31 4:34)

    ($) Connecticut lottery computer accidentally gave backdated tickets (S 13 3)

    $ShH Proprietor tries to cash 5 extra winning lottery tickets (S 18 4:3)

    $f(H?) SW enables winning tickets purchased after lottery drawing (S 16 1)

    f/m Maryland Lottery software glitch distributes wrong winning numbers (S 22 1:20)

    $f,h California Lotto computer crash and its costly effects (S 14 1)

    $m Computer problems delay California Lotto payouts (twice) (S 15 3)

    h Calif. lottery computer gets ahead of itself; sales halted early (S 20 5:10)

    Vm U.K. lottery terminals downed by satellite network breakdown (S 20 5:10; R 17 18)

    f$ Arizona Lottery Pick 3 random number bug: 9 never picked; not so random after all (R 19 83)

    H Cooperative database develops winning combinations for Dutch soccer scatchables with 1445 alternatives; competition cancelled (S 22 1:21)

    $15.2M Pennsylvania lottery scam - post-fabricated ticket (S 13 3; R 6 77)

    $h Programmer unauthorizedly limits sale of certain lottery tickets (S 15 3)

    $f California lottery delayed; Daily 3 had flawed pseudorandom program (S 17 3)

    h Oregon lottery coincidence (reported by Infobeat) caused by computer crash: winning numbers published before they were drawn by editor mistakenly using Virginia numbers after a crash! (R 20 94)

    $f One-armed bandit chips "incompatible"; 70.6%, not 96.4% payoff (S 17 4)

    $f Electronic Keno game beaten; pseudorandom sequence gets reset (S 19 3:10)

    fS Unlosable casino game: browser click on back to undo loss; risk of negative bets for intentional losses subtracted from losses! (S 22 1:20)

    @$Hhi Greyhound racetrack takes bets after race; NZ$7,000 payout (S 18 2;4)

    $em Racetrack betting seriously impaired by degraded computer system (S 12 2)

    $Vf Saratoga Race Track parimutuel computer down on opening day (S 14 6)

    V$m Dog-track computer outage costs bettor $17,000 (S 19 2:2)

    $ Breeders' Cup tote-board display crashes, reduces betting take (S 22 2:21)

    Vm 1996 Melbourne Cup off-course betting computer fails (S 22 2:21, R 18 58))

    $SH Russian cockroach race swindle involved altered computer files (S 22 2:21)

    +/- U.S. Senate bans Internet gambling (R 19 89); U.S. House rejects bill restricting Internet gambling (R 20 95)

    + Co-owner of offshore online gambling business goes to prison (R 21 01; S 26 1:30)

    +? Use of `unpredictable auditable random numbers' in casino/gaming systems, possibly relevant in elections? (R 22 57)

    S? New cell phones well suited to wireless gambling (resembling the voting machine situation?)! (R 22 55)

    $Vfmde Three Canadian Banks experience computer software screwups within one month: RBC account balances off for three days; CIBC untested upgrade crashes system, recovery caused double postings; TD Canada Trust two-hour outage disabled ATM/Web services (R 23 48; S 30 1:11)

    $f US Airways credit-card snafu: double billing due to known "programming error" (R 21 54)

    $f Walgreen accidentally double- and triple-charges up to 4 million customers, due to overuse! (R 23 65)

    $f 8,498 Massachusetts Fast Lane accounts double-billed (R 24 09,11)

    hi $8M tax bill on house worth $122K; several missing plausibility checks (R 24 16, S 31 3:21-11)

    @$fe Paypal meets the Patriot Act: eBay accused of facilitating Internet gambling, eBay rebuts (R 22 67,69; S 28 4:9-10)

    $SHfe Internet gambling: Play at your own risk [resembles Internet voting!] (R 27 60)

    1.18 Financial Frauds and Intentionally Caused Losses

    $SHA See Bruce Schneier article on the Future of Fraud (R 20 08)

    $SHOf TILT! Counterfeit pachinko cards send $588M down the chute (S 21 5:19); Pachinko cards suggested by a CIA briefing to hinder money laundering (S 22 1:18)

    $SHI Volkswagen lost $260M to computer based foreign-exchange fraud (S 12 2) 5 people (4 insiders, 1 outsider) convicted, maximum sentence 6 years.

    $SH Computer problems at BCCI; records "confused"? (S 16 4)

    ($)H Four financial frauds, each foiled (e.g., by luck) $70M Chicago First National, $54.1M Union Bank of Switzerland (S 13 3) 250M kroner Norwegian clearing house Bankenes Betalingsentral BBS (S 13 3) $15.2M Pennsylvania lottery scam - post-fabricated ticket (S 13 3)

    $SH $70 million bank scam attempt; bogus request overdrew account (S 17 3)

    $S Risks in CHIPS clearinghouse handling $1M/sec. $20M stolen in 1989, distributed widely; culprits caught but only $8M recovered (S 18 1:10)

    $SHI Salomon Brothers scandal aided by misuse of database confirmations (S 16 4)

    $SHO FBI arrests Emulex securities and wire fraud suspect in stock manipulation hoax (R 21 04; S 26 1:27) with stock plummeting 62% in one day; Mark Simeon Jakob pleads guilty, 29 Dec 2000, surrendered $54,000 in cash to court; sentenced on 7 Aug 2001 to nearly four years in prison.

    $SHO Jason Diekman settlement: $272,826 for perpetuating false information on the Internet and profiting from stock fluctuations in Just Toys Inc. and The Havana Republic (R 21 04; S 26 1:27-28)

    $SHOA/I Russian hacker Vladimir Levin breaks Citibank security (S 20 5:13), sentenced to 3 years in jail (R 19 61) $10 million transferred, but most of it recovered

    $SH $15.1M fraud accidentally foiled because of a computer error (S 13 2)

    $SH $9.5M computer-based check fraud paid legitimate DCASR invoice (S 13 2)

    $SH Czech hackers allegedly rob banks of $1.9M (S 22 2:22)

    $SHf 27,000 euros disappear in 22 bogus transactions; accused Berlin social worker not guilty because of system deficiencies (R 24 03; S 30 6:18)

    $H European Community study of fraud on the Internet (R 19 13)

    $SHI Olympia WA HealthDept check scam detected; four indicted (S 18 1:12)

    $SHI Military pay fraud nets $169,000 using bogus account (S 23 1:14, R 19 26)

    $SHO Plot to tap British bank/credit-card information by higher-tech gang revealed by coerced software expert in jail (R 18 70)

    SHAO Chinese hackers who transferred 720,000 yuan to their own bank accounts sentenced to death (R 20 14)

    @SHI Massachusetts welfare fraud investigators fired: tax-record misuse (S 22 1:20)

    @$S Risks of Conn. fingerprinting system to catch welfare recipients (R 18 69) Also, note earlier NY Medicaid proposal (R 13 40)

    fe Software incompatibility hinders Florida fingerprint system (R 20 02)

    $SHI Teller embezzles $15K, caught by computer audit-trail (S 19 3:10)

    $SH Brussels BNP branch hit by BFr 245M computer fraud (S 19 1:6)

    $SHI Joseph Jett, Kidder Peabody, created $350M phantom profits, got bonus of $9M; scheme undetected by KP oversight (double meaning not a pun) (S 19 4:12)

    $SH U.K. computerized bank fraud nets £1M (S 14 2)

    $SH 1993 Prague computer crime up 75.2% including a $1.2M transfer (S 19 1:7)

    $SH $1.2M Czech computer fraud culprit gets 8 years in jail (S 19 2:7)

    $SHI Japanese bank workers steal 140 million yen by PC (S 20 2:12)

    $SHI Bank executive in Malaysia transfers $1.5M (S 15 5)

    $SHI $550,000 Tokyo bank fraud suspected in funds transfers (S 19 2:6)

    $SHI Beijing Hotel managers embezzle $9K by rigging billing records (S 19 4:13)

    $H Chemicals cause checks to disappear, bogus checks clear and vanish (S 13 3)

    $SHA Foiled counterfeiting of 7,700 ATM cards using codes in database (S 14 2); five admit automated teller scam (Mark Koenig) (S 14 5)

    SHO Italian thieves use bank cards, PINs, captured with bogus machine (S 17 4)

    $SHA Customer reprograms ATM to debit $5 for each $20 (R 24 43, S 31 6:28-29)

    $SHf Is a cleared check really like money in the bank? NO! Another scam (R 22 44-45)

    $SHAOei Bogus Yahoo e-mail gathers credit-card numbers from unsuspecting people (R 22 31)

    $SH Bogus ATM used to steal PINs, withdraw $100,000; two arrested (S 18 3:A9) 2 arrested; 300 accounts hit at 50 banks; $12M in fraud activity (R 14 85)

    $SHP UK stolen ATM captures IDs/PINS, enables 250K-pound theft (S 19 4:12)

    SH$ Phony ATM installed on High St in London, nets £120K (R 17 34)

    SH Theft of entire ATM bungled in British Columbia (R 19 20)

    $fSH Instant money: Bogus deposit exploits ATM flaw (S 22 2:21)

    $SHAOei NY Municipal Credit Union victim of massive ATM fraud following 11 Sep 2001 outage; unchecked access (R 22 19)

    $SHO Polish gang carries out ATM fraud in Israel (S 22 2:23)

    @$SH 1994 UK National Audit Office report on computer misuse in government: 140% increase; 655 cases, 111 successful; £1.5M defrauded; misuse; 350% increase in viruses; 433 computer thefts, worth £1.2M (S 20 3:11)

    $SH European cyberfraud: $150K phone calls, $400K Dell losses (SAC 13 3)

    $SH Cybercrime losses double to $10 billion; 485,000 credit-card numbers stolen from e-commerce site; hacking credit cards is preposterously easy; (Credit-card fraud worldwide is reportedly just under $1 billon a year, at about .7 percent of gross. It represents only about 2% of banking losses. PGN) (R 20 85)

    $SP Professor stole 40 student SSNs and IDs to get credit cards (R 21 02; S 26 1:38)

    $S International credit-card fraud growing. On-line fraud is estimated at $24 million per day (R 21 36)

    $SHfe Stolen ATM card nets $346,770; limits inoperative (S 20 2:12)

    $SH Health cards used to rip off ATM for $100K (S 20 3:12)

    SH Bogus card reader opens ATM door and helps capture IDs and PINs (S 19 3:10)

    @$SP Barclays credit system voice-mail hack gives sensitive info (S 18 1:20)

    @$SH U.Texas Dean's conferred password used to misappropriate $16,200 (S 17 3)

    $H Two charged with computer fraud in jewelry store credit scam (S 18 2:14)

    $SH Reservation computer fraud nets 50M AA frequent flier miles (S 14 1)

    $SHI Frequent flier computer scam nets 1.7 million bonus miles (S 14 2); Prison terms for travel agents in AA FreqFlyer ticketing fraud (S 16 2)

    $SH $Millions of bogus airline ticket sold in Phoenix (S 14 6)

    $fH Reversing air return/depart dates fakes out reservation computers (S 14 6)

    $SH Bogus computer message nets 44 kilos of gold from Brinks (S 14 2)

    $H `Credit doctors' sell clean credit records to high-risk clients (S 13 4)

    $SPH ASIS seminar reported $15M in 1991 Medicare fraud penalties (S 18 1:21)

    SH Wall St audit trail off enables $28.8M computer fraud (S 12 4) [bogus???]

    $H Hertz computer system kept two sets of books for accidents (S 13 2)

    $h Hertz charged $5 for gas if < 50 miles driven and tank filled (S 18 2:9)

    $H Value Rent-A-Car system charged for bogus 5 gallons (S 18 2:9)

    $SH NYC gas pumps rigged to deliver less fuel than charged (S 18 4:3)

    $SH Computer-generated Dartmouth graduation tickets sold for $15 (S 19 4:12)

    $h Manual card-swipe gains weeks in taxi charge float (R 20 02)

    SH States (MO, NJ, TX) crack down on "cyberfraud" (S 19 4:10)

    SHOI Italian police stop digital bank robberies with bogus shadow system; 21 arrested (R 21 08; S 26 1:25)

    SHOA Linear search nets 17,000 bank records from GST Startup certificate suppliers (R 20 94)

    $Shi Maryland State insurance pool has low threshold for fraud detection (R 23 95; S 30 6:22)

    f? Kansas lottery picks same number three nights in a row (R 24 13,14)

    ..... Tax fraud and tax data misuse:

    $SHAI Massive NY City tax fraud wipes out $13M in taxes; many implicated (S 22 2:23,R 18 63)

    $SH Dublin tax collectors faked VAT repayments by spoofing computer (S 12 4)

    $SH 45 phony computerized IRS tax returns net $325,000 in refunds (S 14 6)

    $SH Computer-filed tax returns net $100K in refunds from bogus W-2s (S 18 1:14)

    $SH Tax preparer accused by IRS of $1.1M fraud, 431 false electronic claims; Congressional hearing discloses inmates creating bogus returns; 61,000 bogus returns in 1st 10 months of 1993 totalling $110M (S 19 2:5-6)

    $HI Store owner hid $17.1M sales, avoided $6.7M in taxes; cost: $15M (S 18 4:7)

    $H Point-of-sale tax evasion via software data diddling in Quebec (S 23 3:25, R 19 48)

    SHI IRS agent accused of giving defendant tax data on judges/jurors/... (S 16 3:9)

    SH Thief nabs tax preparer's computer, generously returns floppies (S 13 3)

    SPI Risks of IRS outsourcing processing of tax returns (R 18 81,82,87)

    mfP Off-by-one error reveals other people's tax details (S 18 3:A6)

    fP Connecticut unemployment insurance folks mail out "off by one" tax letters with information on other people (S 27 3:9, R 21 90)

    ..... ATM and credit-card fraud:

    $SH US Coast Guard accessed Customs' computer to transfer $8M (S 12 3)

    $SH ATM money dispensers blocked and emptied later by youths (S 11 5)

    $SH Barclays Bank hacked for £440,000? (S 11 5)

    $SH 5 British banks penetrated, blackmail attempt to disclose method (S 16 1)

    ?$SH Cyberterrorists blackmail banks and financial institutions (this was in an article with considerable hype) (R 18 17,24)

    $SH MasterCard lost $381M in 1991, Visa lost $259M in 1989 to card fraud; Credit-card fraud investigations of computer misuse in San Diego (S 17 3)

    $SHI Visa victim of PC theft with info on 314,000 credit-card accounts (R 18 62)

    @SH Nasty scam exploiting Y2K card authorization expirations (R 18 68)

    $SH Risks of credit-card numbers being sniffed (R 17 69,71,76, S 21 4, SAC 14 3)

    $S FBI sting nabs man trying to sell 100,000 credit-card data items for $260K (S 22 5:14)

    $SPH 2,300 credit-card numbers stolen from ESPN Sportszone, NBA.com (R 19 24)

    $SHI Tower Record credit-card info offloading; 2 convicted (S 21 4, R 18 02)

    SHI Time Inc. employee peddles credit-card information (to detectives) (S 17 4)

    $SHI NJ car dealership in theft of 450 credit-card numbers, almost $4M (S 19 2:7)

    $SHIO 40 arrested (9 postal workers) in massive D.C. credit-card fraud (S 19 2:7)

    $SH 3 Britons charged with 2.5M pound European credit-card fraud (S 19 2:8)

    $SHO 2 computer crackers sentenced for $28M MCI credit-card fraud (SAC 13 3)

    $SH ATMs gave $140,000 on Visa card over weekend - software glitch (S 11 2)

    fSA SW failure in UK credit-card authentication system (S 21 2:18)

    $VmA Diner's Club authentication in Belgium out; Royal Bank transmission failure in Canada affects many (R 20 02)

    $SHOf Thief gets $63,900 with stolen ATM card&PIN, ATM program error (S 17 2)

    $SHAf Security Pacific ATM theft bypasses PINs, limits, nets $350,000 (S 14 1)

    $SHfe Australian Westpac ATMs big losses (IMS 2.2 installed untested) (S 12 3)

    $ef Australian Westpac Internet Banking upgrade problems lock out customers over the weekend (R 23 59)

    $hi Westpac bank shares suspended after annual results released early (R 24 10)

    $SHA $1800 card maker and spied PIN numbers nets $86K from ATMs (S 12 3)

    $SHA PC spoofed Italian bancomat ATM, ate cards after capturing PINs (S 14 1)

    $SHI UK Clydesdale Bank cash machine fraud; insider job suspected (S 16 2) bank engineer records ATM PINs, fabricates cards, takes money (S 17 3)

    $SHrf ATM accepted lollipop cardboard as $1M (New Zealand) deposit (S 11 5)

    $Hhf Two cases of erroneous deposits $95,093.35 and $520,000 (R 17 32,35)

    $ 525K Smith Barney customers credited temporarily with $19M each (S 22 5:13)

    $SH ATM scam gets PINs for stolen cards in Boulder (S 13 4)

    $SH UK banks suffer phantom ATM withdrawals, ATM removals! (S 17 3)

    @$SH 550 felonies in 1991 for SSN misuse; 12 people adopt a single SSN; $10,000 charge loss; 5 people cleaned out someone else's benefits (S 16 4)

    $H Scholarship scam used to gain SSNs, bank and credit-card numbers (S 18 1:14)

    $SHI Social (In)Security employees sold 11,000 SSNs to activate cards stolen in the mail (S 21 4),(R 18 02)

    SPhi US POWs in Iraq have their Social Security numbers revealed; implications discussed once again (R 22 67-70)

    P Virginia appeals court bans use of SSNs in voter registration (S 18 3:A11)

    SH Japanese department-store credit-card fraud case; incidents are increasing (R 20 77)

    $H Japanese BBoard fraud traps passwords, gains money; culprit caught (S 17 4)

    $Hhi Greyhound racetrack takes bets after race; NZ$7,000 payout (S 18 2;4)

    $H Video quiz game scam - teams of "experts" with right answers (S 11 5)

    $fH Students cheat Brit.Telecom, gain £68,000 in contest (S 17 4)

    $SPH Brazilian bank reserve data disappears; political link? (S 18 2:15)

    $SPH Kuwait Investment Off. diskettes stolen from Spanish Govt. (S 18 2:16)

    $$H Nick Leeson's Barings losses predate new risk-management system (S 20 3:7)

    $H Savings and Loan defaults linked to internal fraud, creative mismanagement. What could computers have done for S&Ls to prevent fraud/abuse? (S 14 2)

    $SH 1987: FBI estimates average computer fraud $650K, total $3B-$5B/year (S 12 3) and $1.5M average for computer frauds in financial institutions [old data as of then?]

    $SH 2002: U.S. Computer crime way up, says FBI (S 27 3:11, R 22 03)

    $H Customs Service back-dates computer clock at end of fiscal year (S 14 5)

    $H Alleged fraud in computer billing services (S 14 5)

    SH Risks in check forgery (S 15 1)

    1.19 Stock-Market Phenomena

    $hi UBS Warburg trader's error causes multi-million-dollar loss on Tokyo Stock Exchange in trading Dentsu Inc.: 610,000 shares of Dentsu at 16 yen sold instead of 16 shares at 610,000 yen [30 Nov 2001] (S 27 2:5, R 21 81)

    $fhi Mizuho's trading error leads to $225M loss: sold 610,000 shares of J-Com Co. at 1 yen share, instead of intended one share at 610,000 yen; Tokyo Stock Exchange software faulted for preventing order cancellation! (R 24 12,13); Note similar earlier case above, four years earlier (R 21 81)! Someone is not learning!

    $hi Another finger goof at the Tokyo Exchange; broker sold 25,000 shares of the wrong company, losing 500 million yen (R 24 15)

    de Software bug causes worst-ever Japanese stock exchange system crash; monthly upgrade failed, backup used same software and also failed (R 24 09)

    +$ Comparative Crash Management: OMX and TSE; Swedes handle obviously erroneous trades much better (R 24 17, S 31 3:22)

    $h German stock exchange bond futures goof: wrong buttons (S 24 3:25, R 20 09)

    $f Multiple stock transactions result from blocked confirmation (S 13 1)

    $f Midwest Stock Exch 13-yr error redirected $Millions in broker fees (S 17 1)

    $HI Bre-X Minerals gold scam (Indonesian no-gold) causes unprecendented trading, crashing Toronto Stock Exchange computer system (R 19 09); Bre-X, stock from $200 to .06, files for bankruptcy (news item, 9 May 1997)

    $ Computer-induced big stock-market swings (S 11 2, 11 5)

    $rf Vancouver Stock Index lost 574 points over 22 months - roundoff (S 9 1)

    $f Wild stock trade swing reports suppressed on 13 Oct 89 (S 15 1)

    $f Quotron SW problem gives wild swings in Dow Jones Industrial Ave (S 15 1)

    f E*Trade Market Watch shows Dow Jones average at $1, down $10936.88 (R 20 56)

    f Another D10K problem? DATEK reports Dow Jones Industrial Average at $0.20, down $10031.08 (presumably instead of $10000.20, down $31.08) - perhaps a result of earlier D10K fixes? (R 21 28)

    $f London Stock Market index quotes down for 2 1/3 hrs [23Jan1990] (S 15 2)

    $hi Reuters/ZDNet typo (TMCO instead of TMCS) causes wild stock fluctuations (R 20 11)

    f(h?) NYSE and derived sites temporarily reported Motorola stock drops 99.95% to one penny (R 21 56)

    f/h? Stock listing error: IBM at 0 1/16, down 88 1/2; implications? (S 17 1)

    $h Milano stock falls 20% due to typing error (S 19 1:5)

    f$ Dutch price index wrong due to software error (R 22 84)

    e Bureau of Labor Statistics Producer Price Index delayed significantly by upgrade complexities (R 23 27)

    $f Computer malfunction causes panic selling at Hong Kong stock exchange (S 22 2:20)

    V$m NY Stock Exch. halted for 41 minutes; drum channel errors killed primary and backup computer systems [24Feb1972]

    V$fe SW update halts NY Stock Exchange for one hour [18Dec1995] (S 21 2:16)

    V$m(h?) Voltage-dip power glitch downs NYSE for 24 minutes [22Oct1991] (S 17 1)

    Vm NY Stock Exchange computers crash for about an hour [26Oct1998] (R 20 05)

    he$ Software upgrade disables half of NY Stock Exchange stocks (S 26 6:9, R 21 46)

    V$m London Stock Exchange computer system crashes [23May1986]

    $hfe London Stock Exchange horrors on cutover to new system (S 12 1)

    $S London Stock Exchange "Taurus" problems in paperless authorization (S 17 2)

    $df Chicago's Globex trading system delays, critical test fails (S 17 3)

    V$m Hurricane Gloria in NY closes Midwest Stock Exchange (S 11 1)

    $eV Missing full-stop (.) in software change crashed New Zealand's stock exchange for five hours (R 22 87)

    mf Stock market problems in 27-28 Oct 1997 fluctuations (S 23 1:10, R 19 29)

    V$m Nasdaq OTC stock trading halted for 3 hours (S 12 1)

    V$f E-Trade computers crash repeatedly (S 24 3:25,R 20 20)

    V$ef Schwab's e-brokerage crashes (S 24 3:25, R 20 23)

    V$ma Squirrel arcs power, halts Nasdaq computers (S 13 1)

    V$ma Another Nasdaq squirrel 34 min outage, backup power fails (S 19 4:5-6)

    V$de/m SW upgrade downs Nasdaq for 2.5 hrs, backup fails (S 19 4:5-6)

    $Vhe Network Solutions goof bumps Nasdaq off the Internet (S 23 1:10, R 19 34)

    $Vrih NASD loses records on 20,000 brokers (S 22 4:26, R 18 82)

    V$df Alberta Stock Exchange shuts down again, 3rd time in 1997 (S 22 4:25, R 18 89)

    V$m Telstra's Haymarket exchange overloaded, crashing bank computers, data/fax lines for an hour in Sydney; 1000 manual resets needed (R 19 90)

    V$rfh Singapore Stock Exchange outage crashed repeatedly due to interaction with backup system (R 20 47)

    ef DB upgrade causes crash of Italian online stock trading (R 20 95)

    $Vdfh Johannesburg Stock Exchange computer fails, again (S 22 1:17)

    $V$m Toronto Stock Exchange down 3 hours; multiple disk failures (S 14 6)

    SH Toronto Stock Exchange virus scare causes all-night search (S 18 2:16)

    V$m Five NY futures market shut down; uncertainty over cause (S 15 3)

    $S GAO finds computer security at stock exchanges vulnerable (S 15 2)

    $S Stock Exchange network security flawed, lacked risk analysis (S 16 4)

    $H Chicago Bd of Trade automating commodities markets to hinder fraud (S 16 4)

    $h Salomon accidental stock sale, value in $ entered in shares column (S 17 3)

    h Elbow on keyboard causes 145 sell orders (for 14,500 government bonds) on French futures exchange (R 20 04)

    $reh Spanish bank accidentally buys many shares because of bounds check missing after Euro cutover (R 20 20)

    $h Bear Stearns' erroneous order to sell $4B stock instead of $4M (R 22 28)

    $ Euro changeover computational problems (R 21 70-71); bank assets disappear during Euro changeover (R 21 73); bank credits 300,000 euros instead of pesetas (R 21 78)

    $h Iomega stock volatility blamed on AOL postings (R 17 91)

    $h Computer glitch on Citicorp merger alters Dow Jones industrial average (R 20 03)

    *SH Spoofed press release on Aastrom Biosciences Web site announcing merger with Geron caused stock rumbles (R 20 81)

    $h Leaving a field blank temporarily wipes out 13.2B£ in stock selloff (R 20 57)

    i$ Mistaken order on Chicago Board of Trade's E-Mini Dow Jones Industrial Average Futures caused wild market swings: 10,000 contracts instead of 100 (R 22 79-82)

    e Risks of Dow-Jones over 10,000: D10K (R 19 64,73); no big deal - nothing adverse happened.

    reh Berkshire-Hathaway 1st NYSE stock to exceed $10,000 per share (S 18 1:9); Warren Buffet's never-split NYSE Berkshire Hathaway stock quotes BRK.A reach $32768 per share, must be entered by hand, blowing on-line databases (R 19 64); similar events in Australian stock market (R 19 70)

    if$ Software allows SEC stock-ownership limit violation (R 22 83)

    1.20 Telephone Frauds

    $SHOA Increasing phone fraud, switch cracking (E.Andrews, NY Times, 28Aug91) Mitsubishi lost $430,000 in 1990, P&G lost $300,000 in l988. NY City Human Resources Administration lost $529,000 in 1987. WRL lost $106,776 in 3 wks. CIA PBX cracked as well... (S 16 4)

    $SH $4B phone fraud per year reportedly due to organized crime rings (S 18 3:A7)

    $SHO Nevada teens `blue-box' $650,000 in phone calls (S 13 4)

    $SHO Canadian $500K phone fraud from altered voice-mail messages (S 19 2:8)

    SHAO Pacific Bell voice-mailboxes hacked, bogus messages and passwords (S 19 2:8)

    $SHAO Zotos switchboard cracked for $75K in calls (S 13 4)

    $SHA Phone credit-card numbers stolen from computer. $500M total? (S 12 3)

    $SHO Netfill porn access scams 900,000 credit cards (R 20 37)

    $SH Bogus cellular phone chip permitted free calls ($100M/year?); Secret Service developed SW patch, blocking 5000 calls the first day! (S 16 3)

    $SH Buyers of hot cracked Italian portable phone pay seller's calls (S 17 2)

    $SH US Sprint, computer penetrations, free calls, arrests (S 12 4)

    $SHA Crackers attack phone information systems and switches; arrests (S 13 4)

    $SHAO AT&T computers penetrated by Herbert Zinn, Jr. (`Shadow Hawk'); $1M program previewed (S 12 4); sentenced; more background (S 14 2)

    $SHAO Pac*Bell System computer attacker Kevin Mitnick arrested (S 14 1); further background (S 14 2); sentenced to year in prison (S 14 6); Leonard DiCicco pleaded guilty to aiding Mitnick in DEC SW theft (S 15 1); Kevin Mitnick arrested again after hi-tech tracking (S 20 3:12)(SAC 13 3); Mitnick's Defensive Thinking Web server vandalized twice (R 22 55)

    $SH Corte Madera CA teenagers arrested for $150,000 in phone calls (S 13 3)

    $SH Milwaukee computerized phone phreaking (S 14 2)

    Sfh Risks of modern PABXs and digital phones (R 19 52)

    SHAO Many telephone answering machines remotely accessible by anyone (S 13 3)

    Sf Security problems in Deutsche Telekom T-Net-Box answering machine (R 19 29)

    Sf Remote-access phone security discussed; serious risks (S 18 4:8)

    S Sprint account balances freely accessible; potentials for misuse (S 16 3)

    $hH NY Telephone free long-distance calls due to software glitch (S 14 5)

    $SHf Ringback number glitch in Ireland permitted free calls for 2 wks (S 16 4)

    $S Computer intruders access NASA phones. $12M in calls? (S 16 1)

    $SH Staten Island youths arrested for voice-mail misuse (S 16 1)

    $SH WA prison inmates phreak Fone America via collect-call indirection (S 17 1)

    $SH Swedish phone system free call-back from payphones (S 17 1)

    $(f/h) Canada's Bell Millennium payphones give free calls to anywhere; flaw widely known and exploited for 6 days before being fixed (R 21 41)

    $f SW flaw in payphones allowed free phonecard calls (S 16 1)

    $SH Customer-owned payphones Trojaned to steal credit-card numbers (S 16 3)

    f Software bug downs half of New Zealand Telecom's payphones (R 22 86-87)

    $SH Japanese Daiwa Bank hit by prison inmates' phone fraud (S 18 2:16)

    $SH $85,000 phone fraud on Minnesota Representative's account (S 18 3:A7)

    $SHO Phone calls to Moldova result from porn scam (R 18 80,83,84,87); 38,000 customers get credits or refunds totalling $2.74M (R 19 45)

    $SH Prisoner gets free calls by spoofing victim's call forwarding (S 18 4:6)

    $SH Plumber call-forwards his competitors' phones (S 20 2:12)

    SH$ Emergency call-boxes ripped off, cell-phone serial nos. reused (R 17 35)

    SH$ German telephone card system cracked, many free calls made (R 17 36)

    SHf$ British Telecom replaces payphone software after flaw exploited (R 17 36)

    SH Rigged phone trapdoor enabled priority NBA playoff tickets (S 18 4:7)

    @$SH Aussie Cracker charged with phone fraud, accessed US computers (S 16 4)

    - Connecticut Dept of Public Utility Control gets slammed (long-distance carrier changed) (R 18 69)

    1.21 Other Telephone and Communication Problems

    !hi Death of 5-year-old boy due to SF 911 computer equipment failure (S 12 2) Ultimately blamed on terminal operator failing to press a button.

    @!f CADMAS 911 dispatch SW problem contributed to woman's death (S 16 1)

    !f Emergency dispatch EMS SW truncates address, man dies (R 11.55,57,60)

    !f 911 software discarded updated address in fatal Chicago area fire (S 17 1)

    !e Computer delays response to fatal fire; faulty reload blamed (S 18 2:13)

    !f Incorrect 911 call redirection blamed in Massachusetts murder (S 18 2:13)

    h Role of 911 in Atlanta Olympics bombing aftermath: see transcript (R 18 35)

    VSH Swedish cracker disrupts 11 north Florida 911 Systems (R 18 90)

    *V$f Nationwide AT&T congestion [Martin Luther King Day, 15Jan1990] The official AT&T report with further comments (R 9 63): fault-recovery fault propagates [See Telephony, 22Jan1990, p.11.]; attributed to "switch"..."if"..."break" in SS-7 (S 15 2); Relation of AT&T congestion with SDI testimony of Sol Buchsbaum (S 15 2); See also three RISKS items (R 9 61); cf. 1990 ARPAnet collapse: PGNeumann, Risk of the Year, COMPASS 1990.

    *V$fe Signaling System 7 protocol implementations again cause extensive phone outages: WashDC (6.7M lines), Los Angeles, 27Jun91; Pittsburgh (1M lines): SW flaw: DSC Comm small patch installed without regular testing. (S 16 3) FCC report implicates typing mistake (6 instead of D), faulty data, clock failures, and other triggering events (S 17 1)

    *V$h AT&T standby generator accidentally not configured, backup batteries drained, 4-hour outage in 4 ESS closes 3 NY airports, 17Sep91. The two knowledgeable people were in a class on the power-room alarms! Alarms had been disconnected because of construction triggering them (S 16 4); FAA review concludes: 5M calls blocked, air travel crippled, 1,174 flights cancelled/delayed (S 17 1)

    Vfe$ AT&T frame-relay network interruption (S 23 4:21); "unique sequence of software flaws" (R 19 72)

    Vm Lucent loses all connectivity in Allentown PA; AT&T lost over 400 T3 lines, forcing rerouting and a further outage; fascinating propagation case (R 20 05)

    V$hm AT&T Canada fibre-optic frame-relay link cut affects computers, phone lines, Bank of Nova Scotia, southern Ontario (S 24 3:26, R 20 13)

    Ve MCI WorldCom frame-relay network problems, 5 Aug 1999, due to Lucent hardware/software upgrade; CBoT, ATMs, etc. affected (R 20 54)

    Vfe Phone system outage on 925/510 split cutover; cable modem good backup (R 19 95)

    Vm Most of Schenectady NY telephone exchanges downed for 24 hours by water-main break (R 21 18)

    m Heavy rains take out State Department phone service for 2 hours, backup batteries out because of earlier fire (R 20 93; S 26 1:21)

    $mh Drop of welding material causes fire that affected 27 cables, telephone service for 25,000 (R 20 93; S 26 1:21)

    m Algeria earthquake cuts Internet connectivity of major Greek ISP (R 22 75, S 28 6:8)

    Vm Australian largest undersea Internet cable severed, disrupting 60% of Telstra international traffic (R 21 13)

    *m$ Backhoe takes down Telstra service in New South Wales from North Sydney to Queensland border (R 21 41,44)

    !f 320K calls in hour for Garth Brooks concert tickets block 911 (S 17 4)

    *VH Toronto 15-yr-old paralyzes 911 emergency system (S 18 1:14)

    *mf Complaints on failed Dutch newspaper presses saturate phone system, which converts 650611 calls into 0611, national emergency number (S 18 1:12)

    *VSH Ex-employee Trojan-horses emergency system, which fails (S 17 4)

    i Accidental redial phones and alarms mother, who calls police (S 19 4:5)

    Vm Blown fuse takes out Iowa 911 system (S 22 2:21)

    Ve Bell Atlantic 411 outage for several hours; backup failed also (S 22 2:21)

    Vhm Cut telephone line induces emergency response (R 20 11)

    *V$H Thieves steal live Sprint telephone switching equipment (R 20 15)

    V(f/m?) Swedish telephone outage (S 24 4:27, R 20 29)

    fh C&P Tel glitch converts not-in-service messages to circuits-busy (S 18 4:5)

    *Vh Chicago phone cable cut, 150K people and O'Hare flights affected (S 16 1), and subsequent discussion by R.I.Cook on multiple failures (S 16 1)

    VSH Vandals cut cable in Newark, slow NY-DC MCI service for 4 hours (S 20 1:21)

    $*Vhe AT&T fiber-optic cable cut in removing old cable [4Jan1991], affecting commodities markets, NY air traffic ctl, flights, phone calls (S 16 1,2)

    $*Vh 2 fiber cables severed in Annandale VA, 14 Jun 1991, 80K circuits affecting AP, UPI, Pentagon (R 11 92, S 16 3)

    *$Vm Sprint long-distance out for 3.5hrs, 15 Jul 1991, due to fiber-optic cable cut in San Fran East Bay Area; AT&T saturated by rerouting (S 16 3)

    *Vm Portland OR area suffers fiber-optic phone cable cut, incl. 911 (S 17 1)

    m Sliced fiber-optic cable in Lancaster PA disrupts local and long-distance phone service NY to MD (R 20 93; S 26 1:20-21); another outage in Massachusetts (R 20 97)

    $Vhme Ground-cable removal blows Iowa City phone system upgrade (S 20 2:8)

    Vm WorldCom cable cut near Jacksonville affects telephones, ISPs (R 19 88)

    V$hm Massive fiber cut near Cleveland 29 Sep 1999 resulted from gas-company workers during construction, affected east-west traffic; various ISPs still down hours later (R 20 61-62)

    V$m Baltimore train tunnel fire damaged fiber-optic cables, derailing Internet service, postponing Orioles games (R 21 54)

    Vm Fire in Stockholm tunnel blacked out 50,000 people and high-tech companies (R 21 27)

    Vm Deja vu: Stockholm power outage hits high-tech companies (S 27 6:10, R 22 11)

    @$VSHm Attack on fibre-optic cables causes Lufthansa delays (S 20 2:12)

    Vh Oregon Garbage truck worker wipes out telephone service (S 21 4:13)

    *V(f/e?) Philadelphia 911 crash (S 19 3:8)

    *me San Francisco 911 system still not working properly (S 21 2:19)

    V(h/H) Merit (NSF) T3 fiber cable cut by backhoe; RISKS story bogused (S 18 1:6)

    Vmh NY Tel cable cut causes extensive three-day disruptions (S 18 4:5)

    Vm Campfire melts fiber-optic telephone cable in Connecticut (S 19 1:4)

    Vm Severed MCI fiber-optic cable in NY cripples East Coast Internet and phones (R 19 82)

    V$m Los Angeles fire knocks out phone service (S 19 3:7)

    Vm MFS Communications switch fails, with widespread effects (S 23 1:10, R 19 39)

    $Vm Mud slide cuts East-Coast MCI fiber, phones (S 19 3:7)

    *m Optic fibre fragment kills Australian Telecom worker (S 19 1:4)

    *$Ve SanFran outage 1Jul91: faulty clock maintenance; another a few days later (S 16 3)

    *$Vmf Stamford CT 18-hour telephone switch outage affects 27,000 phone customers; two-minute atomic action atomizes #1A to #5 ESS cutover (S 15 3)

    f Software fault prevents 76,000 Telstra customers in Brisbane from receiving phone calls (S 25 4:8, R 20 87)

    Vde Netcom database upgrade indexing error makes half of Norway's cellphones go offline, after promotion of all-wireless service (R 23 90; S 30 4:24)

    Vm Utility outage downs phone system, San Jose airport (S 19 4:9)

    Vfm UMASS/Amherst has week-long phone degradation (S 19 4:9)

    Vm 100,000 without phone service in Plano TX for 9 hrs (R 20 50)

    Vf Motorola cell-phone software bug: accidental denials of service (R 17 26)

    *Vhi SpaceCom technician omits <CR>, disables millions of pagers (S 20 5:8)

    $Vfe Word Perfect upgrade crashes Utah phone system (S 15 5)

    $Vf Software bug cripples Singapore phone lines (S 20 1:16)

    V(h/f?) Cyprus village telephones disconnected: "computer error" (S 21 2:18)

    Vmh Tele Denmark Internet downed by truck delivering Uninterruptible Power Supply (UPS) crashing into power cabinet (R 20 56)

    fm UPS backup system burns up, cutting off power (R 20 91)

    Vmfm Power coming back on causes UPS to lose power (R 20 55); more UPS problems (R 21 36,40,41)

    f Sensors for load-shedding and for UPS start-up in conflict (R 21 49)

    fe Brazilian telephone network upgrade for two extra dialled digits results in chaos (R 20 47)

    re Fixed-length fields strike again: Israel Defense Forces automated systems need 10th digit for cell-phone numbers (R 23 21)

    *h(V to others) Intentional total Moroccan communications blackout for 4 hrs after Hassan II died (R 20 50)

    *$V(f/m/e/h?) British Telecom computer failure cuts off 42,000 (S 16 4)

    $Ve East-coast 800 telephone numbers disabled by flaky SW upgrade (S 17 1)

    Veh Upload of flawed AT&T SS7 translation database took out 800 service (R 19 39)

    Vf The IBM "Gerry Johnson Bug" downs IBM global net (R 17 38-41,47)

    $Vf ISDN SW bug causes half-day telephone outage in Hamburg (S 19 1:3)

    Vmf Diagnostics stymied by loss of 37K lines due to tape malfunction (S 18 2:12)

    Vm 42K Ohio Bell lines disrupted for 45 min due to CPU failure (S 18 2:12)

    Vm 54K Ohio Bell lines disrupted for most of day by blown fuse (S 18 2:12)

    $*Vm 21-hr Pacific Bell SF "Message Center" double HW failure (S 16 4)

    Ve PacBell uploads corrupted database, disabling PCS digital telephone service (R 19 84)

    $VSHm MacNeil/Lehrer reported on phone system risks, 20 Jan 1992 (S 17 2)

    $(f/m/h?) One customer's telephone problems include nonoriginated two-party calls, false billings, incorrect numbers even when correctly dialed, multiple phone conversations on the same line, nonoriginated emergency calls. This saga prompted discussion of numerous other horror tales, plus hacking possibilities. (S 15 3)

    h Erroneous Skytel paging network broadcast mushrooms, deluges 100,000 customers, some of whom received 300 calls an hour (R 18 75)

    $f Pac Bell loses $51 million on lost phone-call charges (S 11 3)

    $h AT&T goof disrupts toll-free calls; switchover botched (S 15 2)

    $h Bell Canada misbills for 17,000 calls; exchanges exchanged (S 15 2)

    $fe US West overcharges users by factor of 10 (S 16 4)

    $h Illinois Bell bills customer for $8,709,800.33, not $87.98 (S 16 1)

    $f 400 pay phones in Hackensack lost charges for half of the calls (S 11 3)

    $fh 2M free long-distance calls blamed on "programming error" (S 17 4)

    $fe GTE Sprint incomplete SW changes lost $10-$20M in Feb-Apr 1986 (S 11 3)

    $fe GTE Sprint billing errors from botched daylight savings cutover (S 11 5)

    $f 4,800 customers billed in error for telephone calls to Egypt (S 13 2)

    $f 2M AT&T customers billed twice (S 13 2)

    $f Hangups lost, calls billed at 999 minutes (average overcharge C$2,450) (S 13 4)

    $f Bell Atlantic forgets AT&T charges in phone bill for 400K customers in D.C. area (R 19 57)

    $f Brisbane telephone accounting - erroneous $900 bill (S 21 5:18)

    $f/h? Computer error costs MCI $millions (S 21 5:13)

    f Northern Telecom DMS-100 billing errors result from upgrade (R 19 38)

    hd Utrecht phone-book database problems prevent publishing (R 17 38)

    $Vm Sharks munch out on fiber-optic phone cables. $250,000/bite (S 12 3)

    $Vm Fiber optic cables can self-destruct at high temperatures (S 17 1)

    Vmfh April First 1998, a bad day for high tech in Holland: cable cut downs phone service, BeaNet transaction system down, Postbank maintenance problem (S 23 4:21)

    *he Vodafone Spain's network down for almost 7 hours after botched "basic maintenance" (R 22 59)

    *f U.Iowa phone system program limitation - ringing forward to busy, phones incompatible: explosion or fire if misconnected (S 12 3)

    *$Vfe Michigan Bell ESS office, 2 long outages. SW updates in progress. (S 11 3)

    *$V 707 area code (above San Fran.) shut down completely for 5 hours (S 11 5)

    $*V Atlanta telephone system down for 2 hours (S 11 5)

    *$V C&P computer crashes 44,000 DC phones (S 11 1)

    *$V Dallas 4-ESS, backup down for most of day, area code 214 isolated (S 12 2)

    $Vf Program glitch disrupts PacBell 619 calls (So.Cal) for most of day (S 12 4)

    *V(f?) Computer `bug' downs 1000s of phones in Vancouver for an hour (S 13 4)

    $Vfe Improper SW upgrade disrupts NY Tel Poughkeepsie-area for 21 hrs (S 12 4)

    *Vfe 30,000 phone lines in San Luis Obispo out due to faulty upgrade (S 16 1)

    $Vfe SW upgrade glitch shuts down phones for 4 hours in Minneapolis (S 12 4)

    Vm Snowstorms cause telecommuting phone-line tie-ups (R 17 61)

    $Vf Week-long voice-mail snafu in Boulder (US West) (S 16 2)

    Vm/f? PacBell voice-mail system failure 25 Jul 1998 due to cable cut or software upgrade? (R 19 89)

    (h/f/m?) 60,000 Demon Internet e-mail messages go astray/delayed (S 21 2:18)

    $f C&P computer "tape flaws" delay 100,000 bills by two months (S 11 5)

    f(h?) Bell Atlantic sends mistaken notices of area-code change (S 20 5:10)

    $Vf 1979 AT&T program bug downed phone service to Greece for months (S 10 3:8)

    *V World Series ticket orders block phone exchanges, 911 for 3 hrs (S 13 1)

    Vh France '98 World Cup soccer ticket massive telephone overload (R 19 71,73)

    Vm$ Qwest overload problem: 500,000 calls per hour blocked (R 22 24)

    @Vh Star Wars Phantom Menace tchatchkis bring down eBay server on 3 May 1999; Amazon had no troubles (different system types) (R 20 38)

    !Vfm 41-year-old died while NYC's 911 system was down due to test-induced failure (R 20 39)

    *Vm Los Angeles computer blamed for 911 system crashes (S 14 2)

    Vdf Tacoma, WA 911 computer system problems (S 23 4:22)

    $fM Ghost phone calls to 911 from cordless phone interference (S 11 2)

    mMe More ghost phone 911 calls resulting from phone system changes (R 18 71,72) and related number compatibility issues (R 18 72).

    SfM More cordless phone problems; interference again calls 911! (S 18 4:6)

    +=- US West discovered its 911 lines were too silent, added noise (R 19 41); similar problem with Lexus engines (R 19 42)

    m North Yorkshire UK emergency call-center power-supply problem (R 22 20)

    *im Communications errors delay response to San Francisco fire (R 18 68)

    *S Telephone sales pitch computer calls emergency broadcast number (S 12 2)

    VSh Ross Perot's high voice tone shuts down newspaper phone hotline (S 19 2:10)

    $hi Swedish phone bill of $2600 - program error plus human error (S 11 5)

    $ Salem OR library computer racks up $1328 in phone calls (S 12 1)

    $i Some risks of reaching someone else's phone number (S 12 4)

    i Canadian government toll-free number for safe boating recycled to phone-sex line (R 23 84)

    fh Computer blamed; Yorkshire cricket fans reach sex hot-line (S 15 1)

    i One-run computer discrepancy in India-WestIndies cricket score causes critical confusion (R 22 11)

    $a Dog trained to reach out and touch 911 dials 900 numbers (S 16 1)

    i Risk of snowbound east-coast bookstore phones forwarded west (R 18 65)

    f SOUNDEX algorithm for directory enquiries fails for Gaelic, French (S 17 4)

    fi Calling Number ID (CNID) ghost calls (S 20 3:10)

    @SP CNID: negative ruling in California, free per-call blocking in Vermont; approved in 20 states, Washington D.C., and Canada (S 17 2)

    P Anonymous-call rejection to "balance" the effects of calling number ID blocking (R 19 83)

    f CNID fails to block in 510, 415 for four weeks (S 22 4:31, R 18 82)

    SP Calling Number ID revisited (R 24 05,06; S 30 6:24); more (R 24 07-08)

    fh Monitoring systems cause unintended changes in Bell Canada operator behavior [and Metro Toronto Police] (S 18 2:6)

    - Bezeq (Israeli telco) writes form letter to a public payphone (S 18 2:13)

    + Fax services for prayer, confession; beeper for Messiah arrival (S 18 2:13)

    + Success: SW permitted AT&T to reconfigure after Hurricane Andrew (S 18 1:5)

    ..... Communication satellite problems

    fh Satellite transmission snafu leads to diplomatic incident (S 23 1:11, R 19 26)

    $Vm* Galaxy IV malfunction causes massive pager outages, with backup also failing (S 23 5:25, R 19 75-77); two other Hughes HS601 satellites failed, but backup worked: Galaxy VII's primary control processor on 14 Jun 1998, and another satellite used by 3.7 million subscribers of DirecTV, on 4 July 1998 (R 19 85); overdependence on satellites and pagers (R 19 76,78,81); primary failure still unknown, backup failure due to crystal buildup in switch (R 19 93)

    Vm GE-3 satellite spin cuts news services incl. AP, 12 Mar 1999 (R 20 25)

    Vm Indian satellite power failure leads to abandonment (S 23 1:11, R 19 41)

    @Vm U.K. lottery terminals downed by satellite network breakdown (S 20 5:10; R 17 18)

    ..... Other computer network and ISP problems

    Vrf ARPAnet ground to a complete halt; accidentally-propagated status-message virus [27Oct1980] (S 6 1: Reference - Eric Rosen, "Vulnerabilities of network control protocols", SEN, January 1981, pp. 6-8)

    Vrfd ARPAnet loses New England despite 7-trunk "redundancy"; one accidental cable cut in White Plains knocks out all 7 links, 12 Dec 1986 (S 12 1)

    Vhef Internet routing black hole cuts off ISPs; MAI Network Services routing table errors directed 50,000 routing addresses to MAI; InterNIC goof as well, 23 Apr 1997 (S 22 4:25, R 19 12)

    Vm Explosion causes Internet blackout in New England (S 23 1:10, R 19 29,30)

    Vhe DNS upgrade causes e-mail black hole (R 20 25)

    Ve Internet nameserver problem affects .com and .net, 16-17 Jul 1997 (S 22 5:13)

    fh "Unfixable" error in InterNIC Whois database with name confusion: another Catch-22 (R 19 77)

    - ICANN takes hits from lawmakers (R 22 90)

    SPhi Open letter to ICANN from Lauren Weinstein: Why "dot-xxx" is for Chumps (R 24 05)

    Vm UK ISP suffers three-fold power loss: public grid, backup generator, and standby batteries (R 22 69; S 28 4:6)

    m Added note on risks of systems maintenance taking place in a different time zone (re: .COM, .NET DNS tables) (R 19 35)

    Vf "Redundant" Finnet virtual circuits both fail (S 22 4:27, R 18 76)

    @Vhef Internet routing black hole cuts off ISPs; MAI Network Services routing table errors directed 50,000 routing addresses to MAI; InterNIC goof as well [23Apr1997] (S 22 4:25, R 19 12)

    VSH Network Solutions blocks bulk accesses to whois database (R 19 96)

    m/f/h? Root servers used by Network Solutions failed (R 21 03; S 26 1:18-19)

    @Vhe Network Solutions goof bumps Nasdaq off the Internet (S 23 1:10, R 19 34)

    f Nasdaq glitch duplicates reports for stocks starting with 'M' or 'N', inflating daily volume figures (S 27 6:10, R 22 18)

    $f Nasdaq temporarily reports incorrect pricing, down 98% (R 22 86)

    Vh Minneapolis homeless burn out US West Internet fiber cables (R 17 23)

    Ve Bad upgrade disconnects much of Minnesota (MR.Net/InternetMCI) for 12 hours (R 18 46,47)

    h AOL Long Distance electronic (non)billing (S 23 4:22)

    $(h/m?) Erroneous AOL stock charts attributed to "malfunction" (R 19 66)

    Vh Star Wars Phantom Menace tchatchkis bring down eBay server on 3 May 1999; Amazon had no troubles (different system types) (R 20 38)

    Ve eBay embarrassed by crash and 22-hour outage, plunge of stock (R 20 45); traced to absence of upgrade (R 20 47)

    $ei MSN "upgrade" creates long-distance calling charges (S 26 4:6, R 21 32,40,54,56)

    ff Swisscom Mobile GSM network breaks down for 10 hours, due to two independent software flaws (S 26 6:9-10, R 21 60)

    (m/f?) Long blackout of mobile phone service in greater Frankfurt (R 22 90)

    $f Siemens software flaw in S65 mobile phones causes substantial losses (R 23 60)

    m Cingular wireless goes down in heat wave (S 26 6:10, R 21 60)

    1.22 Election Problems

    We have reported election problems in Software Engineering Notes and RISKS for many years. Many of these problems are summarized below. More recently, in the 2000 election, particularly in Florida, the chickens of neglect have come home to roost, exemplifying everything we have been saying all these many years - and more. Similar to the 1988 fiasco where a 210,000-ballot undervote occurred in the Senate Race in four counties run by BCR/Cronus, 19,000 votes were disqualified for the presidential race in Palm Beach County, and many more in Broward County - perhaps because of the confusion raised by the butterfly ballots. There are also some reports of the left-hand and right-hand pages being improperly aligned, so that a vote for one candidate actually counted for another candidate. Dimpled chad became important - perhaps resulting in part from blocked and never-cleaned chad trays (and there was a lot of extra chad resulting the invalidated multiple votes!). There were many irregularities involving improper voter disenfranchisement, with at least 91,000 voters being unable to vote because of a largely erroneous list of supposed convicted felons - including one election commissioner who found herself incorrectly on the list, and was apparently the only one to block use of the list in her region.

    Also, see the CACM Inside Risks articles from November 1990 (PGN), 1992, 1993, 2000 (Rebecca Mercuri), January 2002 (Mercuri), as well as November 2003, 2005, 2006, and 2007 (various authors). (http://www.csl.sri.com/neumann/insiderisks.html).

    Numerous problems are noted in the on-line RISKS, along with various commentaries (R 21 10-14). We note that punched-card systems are inherently flaky (!), and that even optical scanning is problematic, but that direct-recording electronic systems tend to be subject to serious potentials for fraud and manipulation. Internet voting is a disaster waiting to happen in light of the inadequate security of the Internet, personal computer systems, and subvertible servers. For example, the SERVE system appears to be seriously flawed. Proposals to vote from automated teller machines (R 21 15-16) are also problematic, and basically undesirable. Election 2000 demonstrated once again that we need to reexamine the entire election process objectively, and devise less-easily subvertible checks and balances that can provide much greater assurance. Election 2002 still had vastly too many problems, many of which have not been eliminated for Election 2004.

    Integrity throughout the election process is essential. And yet we repeatedly hear about unexplained anomalies (enumerated below, including the 1985 articles by David Burnham noted below) and various suspicions of fraud - some with convictions. For example, Ransom Shoup II (purveyor of the ShoupTronic election machines) was convicted of two felony counts - election fraud and conspiracy to commit election fraud. In 1996, Senator Chuck Hagel was CEO of the election company (now a part of ES&S) used by most of Nebraska in his first-term election (e.g., see Thom Hartmann, If you want to win an election, just control the voting machines, The Hill, 31 Jan 2003 - R 22 55); this may not have affected the outcome, but the early denial of the association is certainly ethically curious. In 1999, 22 people were indicted in Louisiana and 9 admitted guilt in a huge bribery/kickback election scam involving the acquisition of Sequoia voting systems.

    Numerous Web sites are springing up with timely information in addition to mine and Rebecca's. For example, see David Dill's Voter Verification Newsletter and subscribe: www.VerifiedVoting.org Also, see Lynn Landes's Web site www.ecotalk.org/VotingSecurity.htm and particularly www.ecotalk.org/VotingMachineErrors.htm for considerable detail on election fraud and irregularities. Another useful site is http://www.epic.org/privacy/voting/.

    If you are seriously interested in what might be needed for a high-integrity election process, and a further study of the inherent risks, see the outstanding University of Pennsylvania PhD thesis http://www.notablesoftware.com/evote.html of Rebecca Mercuri (mercuri@acm.org), Electronic Vote Tabulation Checks and Balances, 2000. What we are calling the Mercuri Method involves voter-verified paper ballot-images that become part of the official records. Useful URLs for various other relevant organizations are included at the end of that Web site. See also "Explanation of Voter-Verified Ballot Systems" (Rebecca Mercuri, S 27 5:15-16, R 22 17). See also my later comments (S 28 2:16-17) based on R 22 36 and R 22 38.

    If the risks of voting concern you, including potential conflicts of interest among owners, you might find some provocative information at http://www.ecotalk.org/VotingSecurity.htm, clicking on Ownership - privatizing, monopolizing, and politicizing the voting process. You can report voting irregularities you see for posting at http://www.VoteWatch.us/.

    S Role of standards (Roy Saltman)(S 18 1:17); see also (R 14 08-11) [Roy has retired from NBS/NIST, and was evidently the government person most knowledgeable about punched-card systems. He is still active.] See "Accuracy, Integrity, and Security in Computerized Vote-Tallying, Roy G. Saltman, National Bureau of Standards (now NIST) special publication, 1988, for a definitive report.

    +/-? US Federal Election Commission Voting Systems Standards update: draft available (R 21 51); the final version is on the FEC Web site at http://www.fec.gov. It still fails to address some of the most important integrity issues.

    @$SH See Jeff Burbank's wonderful invited talk at EVT/WOTE 2010, Outsmarting Regulators: Gambling in Nevada, based on his book, License to Steal, huge relevance to election systems.

    ..... U.S. election events, 1984 and before:

    1982: Elkhart, Indiana, program failed in midstream, programmer rebooted or patched the system on the fly during the election process. (S 10 3:8); more in (S 10 4)

    SH 1984: Series of articles by David Burnham in The New York Times, (29Jul, 30Jul, 4Aug, 21Aug, 23Sep, 24Sep, 18Dec 1985) documents vulnerabilities to tampering in Computer Election Systems (then the dominant electronic vendor); elections with their machines challenged in Indiana, WVirginia, and Maryland, with rigging suspected in the 1984 election in the first two states; Federal Election Commission standards inadequate; Texas also investigated numerous discrepancies, involving Business Records Corporation (which subsequently was involved in the Florida fiasco of 1988) - formerly known as Computer Election Systems; NSA asked to investigate if CES systems were open to fraud; California and Florida also investigated; Michael Shamos quoted - CES systems equipment "is a security nightmare open to tampering in a multitude of ways." The Burnham articles are a startling warning shot that was almost completely ignored. [Most lawsuits later thrown out: not guilty or lack of evidence, particularly in the absence of audit trails!].

    1984: McCloskey McIntyre Congresional election in Illinois long questioned, with only a few votes making the difference depending on which were thrown out in which recount. Other problems in Dade County in 1984, West Virginia, St. Louis (S 10 3:8)

    S[H?] Election frauds, lawsuits, spaghetti code, same memory locations used for multiple races simultaneously, undocumented GOTOs, COBOL ALTER verb allowing self-modifying code, calls to undocumented/unknown subroutines, bypassable audit trails (Eva Waskell, S 11 3); Report from the Computerized Voting Symposium, August 1986 (S 11 5)

    h Clerical error blamed for election computer program mishap (S 11 5)

    SHrf System designs, bad software engineering, standards (Eva Waskell, S 11 3)

    S[H?] Alabama, Georgia election irregularities (S 12 1)

    Sh Texas beefs up security of computerized voting (S 12 1)

    ..... 1988 U.S. election events:

    SH Computers in Elections (see the excellent article by Ronnie Dugger, The New Yorker, 7 Nov 1988, and several cited reports); 1988 problems in Florida - 210,000 votes fewer for Senate race (Connie Mack vs. Buddy Mackay) than for President in 4 counties administered by Business Records Corporation, part of Cronus Industries of Dallas, Texas (The New York Times, 12 Nov 1988, S 14 1:20, R 7 78); jammed chad slots? post-election multiply punched ballots? at least one disappearing ballot box reported? other possible scenarios?

    ..... 1992 U.S. election events:

    m Misaligned Votomatic in Berkeley caused mispunched cards (S 18 1:15)

    S? Sandia helps NM develop "uncrackable" phone voting system (S 18 1:15)

    hf Oregon computer error reversed election results (S 18 1:16)

    hf Programming error reverses DistAtty election landslide in Oregon (S 18 1:16)

    h Ventura Cty CA votes reversed on 13 state propositions (S 18 1:16)

    h/H? Another voting machine misaligned, biased toward Bush (S 18 1:16)

    ..... 1996 U.S. election events:

    + Hanging chad removal in punch-card ballots overturns Massachusetts primary election (S 22 1:21)

    ? Louisiana results questioned because of evidence of misrecorded votes

    Ethics? Senator Hagel of Nebraska was CEO of the company whose voting machines got him elected, and had denied the connection (R 22 55)

    ..... 1998 U.S. election events:

    h ABC News accidentally posted test election results before the election (they were correct in 61 out of 70 Senate and Governor races!); Fox TV did a similar thing for a Yankee-Padre World Series game (R 20 05)

    ..... 2000 U.S. election events:

    hifm(H?) U.S. and Florida Presidential race complexities discussed (S 26 2:7-9), relating to RISKS items and others (R 21.09-15) [noted at the beginning of the section]. Sanity in the Election Process (Lauren Weinstein and PGN, R 21 12). Statement by Don Dillman on Palm Beach ballot layout (R 21 12). The early recount process showed many irregularities (R 21 12). Perspective from PGN (R 21 13) reminds us of many earlier warnings from 1985 (David Burnham) and 1988 (Ronnie Dugger, who quoted Willis Ware: "There is probably a Chernobyl or a Three Mile Island waiting to happen in some election, just as a Richter 8 earthquake is waiting to happen in California.") (R 21 13). Discussions on Internet and electronic voting by PGN, Rebecca Mercuri, and Lauren Weinstein (R 21 14), and others (R 21 13-14). Criteria for voting systems (Rebecca Mercuri's PhD thesis, http://www.notablesoftware.com), also Fred Cohen (R 21 15-16). Testimony of Doug Jones before U.S. Civil Rights Commission (R 21 20). DUMvoting 1.0, Gene N. Haldeman's parody on Dell/Unisys/Microsoft consortium (R 21 20). Later study by Doug Jones shows certain specific slots were more likely to jam and result in pregnant chad in Votomatic machines used in Florida (S 27 1:17, R 21 70-71), which could be relevant to the 1988 Florida Senate race as well. (See Mack/Mackay election, noted above.) Discussion of the Caltech/MIT report and what Los Angeles County is doing about it in attempting to upgrade to all-electronic systems (S 27 1:17, R 21 70)

    h Exit polls blamed for misleading results in disputed Florida counties, although those polls seemingly correctly reflected the intent of voters whose ballots were invalid! (R 21 11, S 26 1:17)

    f(h or H?) Florida election erroneous disenfranchisement of thousands of voters also traced to bogus Choicepoint data; Choicepoint blames its data aggregator, DBT (R 21 42)

    m?f? Report of Diebold voting machines in Volusia County FL registering -16,022 votes for Al Gore! (R 22 93,94)

    fmhH 4 to 6 million votes uncounted in 2000 U.S. election (S 26 6:15, R 21 51)

    Sfh Broward County FL officials consider letting students hack election systems, but later overruled (S 26 6:15, R 21 61)

    fe New voting protocol and new ballot tally system in Cochise County AZ special election resulted in miscounting (R 21 07; S 26 1:21)

    S Vote auction Web site moves overseas after being outlawed (R 21 11, S 26 1:18)

    ..... Other year 2000 items:

    fS? Contribution from Douglas W. Jones, Chair of Iowa State Board of Examiners for Voting Machines and Electronic Voting Systems (S 26 1:15-16, R 21 10). This updates his earlier report on risks in electronic voting in Iowa (R 18 15).

    dfeiSPHh NSF workshop on feasibility of e-voting, commentary by Avi Rubin and others (S 26 1:16-17, R 21 10-11)

    Sf House Science Committee hearings on electronic and other voting systems, 22 May 2001: testimony by Stephen Ansolabehere, Rebecca Mercuri, Roy Saltman, Douglas Jones (R 21 44)

    SP Risks of receipts for voting machines (R 21 23); potential risks in "open" development of voter data standards (R 21 33)

    fHh Discussion of the use of ATMs for voting (R 21 15-16)

    f$ Also in 2000, Pennsylvania county wins $1M for faulty MicroVote computer voting machines (R 21 10)

    SHA Minnesota election fraud accused in e-mail sent by Christine Gunhus (using a Hotmail alias) disparaging her husband Senator Rod Gram's opponent; identity revealed by X-Originating-IP: header sent from a campaign computer, and by GUIDs included in Word documents! (But Gram lost.) (R 21 50)

    Shmf New Mexico: at least 678 votes lost in 2000 early voting, greater than the presidential margin (R 23 50, correction R 23 51);

    ..... 2001 U.S. election events:

    f Programming error scrambles San Bernadino election results (S 27 1:15, R 21 74)

    VSm Implications of power outage during Nov 2001 Pennsylvania election (R 21 80)

    m Mercer County NJ voting problems 2001 due to Anthrax scare delaying Internet voting info (S 27 1:16, R 21 74)

    h Election problems before the election in Virginia result from 2000 census redistricting; electronic rolls lost 18,000 voters (S 27 1:17, R 21 74)

    @hP Erroneous law-enforcement data from Choicepoint: Privacy Foundation's Richard Smith discovered he had been dead since 1976, and had aliases with Texas convicts; Chicago woman misidentified as shoplifter and drug dealer, and fired. (Florida election erroneous disenfranchisement of thousands of voters also traced to bogus Choicepoint data; Choicepoint blames its data aggregator, DBT.) (R 21 42)

    ..... 2002 U.S. election events:

    h Compton California Mayoral election screwup from lack of randomization of candidate ordering (S 27 3:16, R 21 91)

    SP Miami-Dade OKs touchscreen voting for Nov 2002 (S 27 3:16-17, R 21 90,92,93)

    SAf Palm Beach's new electronic voting machines have problems (S 27 6:15, R 22 16) and more on lack of accountability (S 27 6:16, R 22 17)

    fmiSP(HI?) Florida Primary 2002 problems: touchscreen machines not working, showing the wrong candidate, or nonworking authorization cards; some huge voter delays, Governor authorized two-hour extensions although some already shut-down machines could not be restarted; lame testing; purchase contract makes it a felony violation if any devices provided for internal examination; serious reliability problems reported in Georgia and Maryland; comments from the Georgia Secretary of State (R 22 25); comments from Mercuri on MIT/Caltech press release (R 22 26);

    fmiSP(HI?) U.S. general election 2002: Glitches widely reported in FL, TX, AL, NV, GA, CA, SC, NE, NJ; Voter News Service outage (R 22 38); iVotronic machines lose 294 votes in Wake County NC (R 22 33); 2-3 hour waits in Florida early voting result from voter anticipation of election day problems! (R 22 34); factual errors reported in CNN article, particularly regarding use of old FEC standards, not new, and still voluntary; other errors (R 22 36); in FL Palm Beach and Broward counties and Georgia, voters found touch-screen machines that showed votes for untouched candidates; Broward programming error omitted 34,000 votes; 70,000 absentee and Spanish-language ballots missing from turnout but (supposedly) included in counts; Houston voters in 5 precincts had straight-party votes rejected; half of the Pulaski County AK had not been assigned precincts after redistricting, were not allowed to vote; NE long-shot candidate was given a premarked ballot for his opponent (R 22 36); more on exit polls (R 22 35,37); Broward County vote total short by 104,000 votes (R 22 36-37); 67 memory cards misplaced in Georgia, representing 2,180 ballots (R 22 37); "The right to have the vote counted is infringed, and we have lost the integrity of our voting system, when the ease with which ballots can be manipulated is greater than the ease with which the manipulation can be detected." (Kevin Craig, 2000) www.electionguardians.org (R 22 37); chip glitch hands victory to wrong candidate in Nebraska (R 22 38); Voters can report election irregularities at VoteWatch.us (R 22 38); problem in White Plains NY with sticking lever machine (R 22 44); vote only by mail in Oregon (R 22 35)

    Sm?f?H? 2002 unofficial election results in Alabama reversed, cause still unexplained: electronic results wrong, hardcopy results correct (R 22 60-61, S 28 3:10)

    fiSP(HI?) Columns by Lynn Landes on questionable ownership of voting machine companies (felons, etc.), also citing VoteScam, 1992 book by James and Kenneth Collier; interactive modems capable of controlling voting machines in real-time (R 22 25,37-38); ideal voting systems? (R 22 34); further discussion of the Mercuri Method, alternatives, and butterfly ballots again, and other discussions (R 22 27-31,38)

    SHPfi Boston gets Diebold AccuVote marked-paper reader systems, seemingly lacking in assurance of correct tabulation (but at least recounts by independent systems are possible - if requested) (R 22 39)

    SH? Diebold AccuVote system integrity questioned in Georgia because of the use of an unprotected FTP site for storing election software, election results files, upgrade files, etc. (for example, see The Register, 8 Feb 2003; surprising Max Cleland defeat linked?

    SPH Powervote electronic vote machines open to tampering: bogus ballot face (R 22 44)

    *m Explosion of nickel-cadmium batteries used in electronic voting (R 22 28)

    Sf Panel reports DoD SERVE System fatally flawed; bureaucrats in denial (R 23 14-15)

    SHf How to Hack an Election; Maryland (R 23 17); Physical security of voting machines (R 23 20); blank page anomaly (R 23 24)

    SH Online poll rigging (R 23 13)

    S+/- Avi Rubin's experiences as an election judge: http://www.avirubin.com/judge.html (R 23 25)

    S(Denial of Service!) Many new e-voting machines won't boot in San Diego County (California) primary election (R 23 25)

    fh Lost e-votes could flip Napa County race: Sequoia Optech optical scanner failed to record votes, detected by random 1% recount (R 23 27)

    m Many California voters turned away in Alameda and San Diego Counties in 2004 primary; Diebold DRE authorization machines failed, supply of paper ballots ran out; 200 calls for help from poll workers (R 23 27)

    ..... 2003 U.S. election events:

    SH Chief of Diebold voting machine company writes Republicans in fund-raiser he is "committed to helping Ohio deliver its electoral votes to the President next year." (R 22 89, S 28 6:11)

    SH "According to election industry officials, electronic voting systems are absolutely secure, because they are protected by passwords and tamperproof audit logs. But the passwords can easily be bypassed, and in fact the audit logs can be altered. Worse, the votes can be changed without anyone knowing, even the County Election Supervisor who runs the election system." (R 22 83)

    fS(H?) Avi Rubin et al. analyze serious flaws in Diebold electronic voting systems (R 22 82)

    mh Voting tech problems galore in Mississippi: locked precincts, machine malfunctions, erroneous ballots, voters given wrong ballots (R 22 83)

    f?m?SH? (who knows?) NYCity: Blank ovals sensed as votes, legitimate votes disqualified as overvotes (R 22 75)

    H? UC Riverside student arrested for allegedly derailing student election, casting 800 votes for a fabricated candidate (R 22 78)

    f?m?SH? Boone County Indiana's MicroVote election software returned about 144,000 votes with only 19,000 registered voters; final review counted 5,352 votes (R 23 03)

    f More voting snafus in Palm Beach and Broward Counties: Florida House District 91, 6Jan2004, winner Ellyn Bogdanoff by only 12 votes over Oliver Parker, out of 10,844 cast ballots, with 137 supposedly blank ballots in the only item in a special election; no mandated recount possible with ES&S touch-screen voting (R 23 12)

    Sie Data transfer Excel-COBOL loses voter data in 2003 Greenville Mississippi election (R 22 95)

    hi$ Grant Parish, Louisiana, election results reversed by doubled absentee counts; new election to be held (R 23 02)

    SH Hackers break in to VoteHere (which claims "best-of-breed security") (R 23 12)

    ei Pleasanton CA school board election displays instructions for the previous election (R 23 01)

    SHfe At least eight Fairfax County VA WinVote machines failed, seals were broken, and machines fixed (!) for reuse (R 23 01,02); more problems in Fairfax CO: WinVote machines subtract one in each hundred votes for a particular candidate (R 23 02)

    S(m/f/H) Analysis of California recall data confirms doubts about voting systems (R 22 94-96)

    Se California halts e-vote certification of Diebold machines after uncertified software installed in Alameda County CA (R 23 01,03); also, outsiders could make changes to vote-counting software (R 23 03); Diebold machines in 17 California counties had not been state-certified, three had not been Federally certified; changes after certification commonplace! (R 23 07); At least FIVE convicted felons among Diebold voting subsidiary employees (R 23 07)

    SHhfme California Secretary of State requires voter-verified paper audit trail by 2006 (R 22 04)

    Smf$ Broward County FL considers dumping $17 million in touch voting machines or retrofitting voter-verified audit trails, after serious errors (R 22 93)

    SHfm Avante Vote-Trakker voter-verified ballot printout mechanisms disabled by registrar when discrepancy occurred (R 23 03); What if DRE and paper trail disagree? DISABLE the system immediately (R 23 06)

    SHfm Congressional Research Service report raises more questions about electronic voting machines (R 23 03)

    S$ Nevada to apply slot-machine security to e-voting hardware? (R 23 06)

    SH(I/O) Another case of electronic vote-tampering? IEEE standards process broken (R 22 92); unsecure wireless communications would satisfy draft IEEE standards (R 23 02)

    SP Sensitive voter information publicly up for grabs (R 23 07,09,10)

    Hm Mechanical voting machines also risky (R 23 03); Why not just mark a piece of paper? Much of the rest of the world does. (R 23 06-08,10-12)

    SHf VoteHere reports computer break-in (R 23 10)

    +/- Essay on social aspects of electronic voting (R 23 10)

    ..... 2004 U.S. election events:

    $f California bans Diebold e-vote machines (R 23 35)

    $fh Republicans walk out on Federal civil rights hearing on voting machines (R 23 32)

    SPhie Florida's list of felons ineligible to vote in 2004 is still full of eligible voters (R 23 44)

    Sfd eVoting standards and testing (R 23 40)

    Sfi Washington State primary irregularities (R 23 53)

    SHVfmie Some thoughts on the November 2004 U.S. election process: almost everything in the election process was a potential weak link. (S 30 1:15-17) Numerous anomalies were reported: Palm Beach County logged 88,000 more votes than voters; A Franklin County Ohio machine error gave Bush 3,893 extra votes; Broward County FL balloting for Amendment 4, software counted backwards after reaching 215 - 1, in signed 16-bit field, in tabulating absentee ballots; numerous reports of screens "jumping" votes from Kerry to Bush; many cases of long lines and long waits only in certain politically skewed precincts, legitimate voters who were disenfranchised, special optical scan pens that were not capable of being tallied, and so on. Many other problems include weak standards and secret system evalutions, partisan oversight, inadequate funding for NIST and Election Assistance Commission, poor training, dirty tricks (S 30 1, elaborating on R 23 58,59); Better standards needed for elections (R 23 59; S 30 1; more in R 23 61)

    rfmhiSHPV etc. More on election standards, voting anomalies, and the electoral process (R 23 61,62)

    f Preferential voting software breaks down in San Francisco (R 23 58-59; S 30 1:17)

    SHPhi Perils of database matching on voter purges (R 23 45; S 30 1:17-18)

    SPHhmf, etc. Rebecca Mercuri's challenge at Black Hat Convention (R 23 47); The Mr Micawber Syndrome relating to incidents (R 23 47); Al Kolwicz evicted for submitting real accuracy/logic tests in Boulder County (R 23 48); Obion County Tennessee vote counting problems, failing to count early votes (R 23 49); Sequoia's new paper audit-trail system demo failed to record test votes cast by California State Senators (R 23 50); that Sequoia system used in Nevada in 2004 (R 23 52,53); Maryland rules against opponents of e-voting machines (R 23 53); Robert Heinlein scenario in "The Moon is a Harsh Mistress" (1966): computerized voting with no audit trail or ability to recount (R 23 53) Touchscreen voting spawns glitches (R 23 58)

    SHA Ohio: Columbus Ohio voters report fake elections board calls as election 2004 neared (R 23 57); Thieves steal campaign computers with sensitive information in Toledo (R 23 57);

    SHf Diebold GEMS central tabulator contains a stunning security hole: two-digit code alters results; this is a real doozer (R 23 52)

    SPfff (you-gotta-be-kidding department) Missouri military absentees in 2004 could have absentee ballots scanned, sent by unencrypted e-mail to Omega Technologies (partisan "trusted third party"), which then faxes the printed version to the appropriate precinct! Signed waivers of your privacy rights required. (R 23 52)

    S+ California Secretary of State Kevin Shelley (who mandated voter-verified paper trail by 2006) established more stringent requirements for touch-screen machines (R 23 45); Gov. Schwarzenegger signs California paper trail bill into law (R 23 55)

    SHhmf etc. Lost records of 2002 Florida vote raise 2004 concern (R 23 46); Alabama 2003, ES&S machines reversed the governor's race, not detected until long afterward! Bev Harris records 51 cases in which voting machines recorded the wrong outcomes, including Wayne County NC (reversed in time); 100% error in Orange County in 1998 bond issue (yes/no reversed) (R 23 51; more on Bev Harris's crusade, R 23 45 [her predictions were fairly prescient])

    SHf Multiple security vulnerabilities in Diebold Optical Scan 1.94w used to tally 25M votes in 2004 (R 23 94-95; S 30 4:27-28)

    ..... 2005 U.S. election events:

    SH Ballots "enhanced" by L.A. City Clerk (R 23 79; S 30 3:37)

    mfhH? Seven voting machines under scrutiny in Wayne County PA; 211 votes counted with 163 cast (R 23 90; S 30 4:27)

    f,m,h Legal docs expose various risks in routine Diebold maintenance in North Carolina (R 24 06; S 30 6:25)

    fmhi Voting glitches from the 7 Nov 2005 election (Joe Hall, R 24 10): San Joaquin County, CA: misplaced memory cartridge; Cumberland County, PA: software error forces recount; Harwinton, CT: Voting machine snafu may lead to challenge; Pasquotank Co., NC: 14-vote gap questioned Lucas Co., OH: State plans to investigate voting chaos; Wichita County, TX: Human errors hamper voting; Montgomery County, OH: 'Human error' creates doubt about phantom votes

    ..... 2006 U.S. election events:

    Shi EFF sues North Carolina over electronic voting-machine certification (R 24 12)

    fmhi? Texas voting recount halted; discrepancies of 20% between count and report (R 24 21)

    fm Computer problems with voting system invalidated U.Wisconsin-Madison student council election; then, failed again due to software errors (R 24 23,24)

    f Brennan Center study finds many flaws in three vendors' systems (R 24 38)

    f Princeton analysis of Diebold Accuvote-TS security (R 24 42); another report (R 24 39)

    f More on voting in Ohio (R 24 40); Cuyahoga County report (R 24 43)

    SP Avi Rubin's experience as an election official (R 24 42-43); another experience (R 24 44)

    Sf Florida's voting system certification inadequate (Rebecca Mercuri, R 24 50, S 32 1)

    SPfhi, etc. Bo Lipari's weblog on election problems: an excerpt (R 24 47, S 32 1)

    $SfhiV etc. Five U.S. House election results unresolved after 2 weeks: Mexico 1st Congressional district, with a .5% difference; North Carolina 8th Congressional district, with a .025% difference; North Carolina Court of Appeals, with a .24% difference; Williamson County, Texas, the votes each recorded 3 times. (R 24 47, S 32 1) Report blames Denver election woes on flawed software (R 24 52, S 32 1)

    Bo Lipari's weblog on election problems: an excerpt (R 24 47); Rebecca Mercuri's analysis of Florida's voting system certification (R 24 50); Report blames Denver election woes on flawed software (R 24 52); Audit finds many faults in Cleveland's 2006 Voting (R 24 65)

    $Sfhi etc. Analysis of computerized voting machines in Florida (Arthur J. Byrnes, with PGN comment on Noel Runyan's report Improving Access to Voting (R 24 63); Florida trying to sell off new DREs (R 24 86)

    ..... 2007 U.S. election events:

    SPfmhi Major summer study produced ten public reports on Sequoia, Hart, and Diebold election systems: California Secretary of State Debra Bowen's Top-To-Bottom Review http://www.sos.ca.gov/elections/elections_vsr.htm (S 32 6:26, November 2007) A one-page summary by Matt Bishop and David Wagner is in the November 2007 Inside Risks column in the Communications of the ACM,
    http://www.csl.sri.com/neumann/insiderisks07.html#209
    See also an excellent analysis by Bruce Schneier (R 24 79); Indications of Sanity? California Secretary of State Debra Bowen likes paper ballots (R 25 25)

    f$hi Alameda County judge invalidates e-voting results in close ballot measure because Diebold machines were unauditable (R 24 84)

    f Ohio's Hamilton Township election result reversed; blamed on ES&S programming error (R 24 91)

    SH Netcraft shows Ohio Secretary of State Web site indirecting apparently illegally (R 24 65)

    + Overreliance on voting technology? Paper and other low-tech alternatives (R 24 80); Also, see also Ron Rivest's three ThreeVotingProtocols:
    http://people.csail.mit.edu/rivest/publications.html

    SPf E-voting predicament: Not-so-secret ballots; time-stamps permit votes to be tracked (R 24 81)

    ..... 2008 U.S. election events:

    Vfm Florida "total network failure" halts early voting in Palm Beach County primary; voter registration database inaccessible (R 25 03)

    MV Ohio vote tampering opportunity? Use PDA and a magnet. (R 24 93)

    f Colorado decertifies voting machines (R 24 93)

    SHP Election commission laptops stolen in Tennessee (R 25 01)

    + Voting machine usability testing (MIT Technology Review) (R 25 04)

    SHf Nasty undetectable scanner attack on Diebold AccuVote Optical Scan: AccuBasic malware (R 25 08)

    SHf One way not to conduct Internet voting: Democratic Party's Global Primary (R 25 06)

    f Arkansas ES&S voting machines flipped race results, cast votes in wrong race (R 25 18)

    SPhi NC State voter site exposes voter addresses (R 25 24)

    SP Rogue code could skew election system integrity (R 25 21)

    fhi Strange Yahoo! Annual Meeting vote count: corrected changes exactly 100 or 200 million votes! (R 25 27)

    V Obama's widespread Democratic fundraising overwhelms Federal Election Commision computers (R 25 17)

    fhi Risks in Instant Runoff/Approval Voting (R 25 18,19,20-24)

    fh Diebold (now Premier) initally blamed on interference with anti-virus software (R 25 29-30), then blamed on software flaw in the GEMS back-end system - which had existed for at least 10 years and could have caused votes to be lost (R 25 30). More generally, critical systems should not have to trust untrustworthy components - but that's reality! (R 25 30,32,33); U.S. Govt effort on malware damage: Aurora (R 25 34)

    fm Washington D.C. 9 Sep 2008 primary early results included extra 1542 votes, which later vanished; blamed on defective memory cartridge (R 25 35)

    fVSHhi Officials say flaws at polls will remain in Nov 2008 elections (R 25 29)

    fVSHhi States throw out costly electronic voting machines (R 25 30,32,33)

    Sfhi Thousands Face Mix-Ups in Voter Registrations due to voter registration systems (R 25 40) Sfhi Dan Wallach's analysis of vote-flipping in the Hart Intercivic e-slate systems (R 25 41):
    http://accurate-voting.org/2008/10/22/vote-
    flipping-on-hart-intercivic-eslate-systems/

    Sfhi Various reports of straight-party voting anomalies: AES in New Mexico, Alabama, and likely elsewhere (R 25 41)

    Sfhi Two-minute time-out on some Diebold/Premier e-voting machines (R 25 40)

    SHi Ohio Secretary of State's Web Site Hacked; voter suppression tactics (R 25 40)

    SHhi Two reports on deceptive practices in elections (R 25 41); article on voter fraud (not much) and disenfranchisement (lots) (R 25 43)

    S+? N.J. officials order paper trail upgrades to voting machines (R 25 51)

    SHVf Premier Election Systems (formerly Diebold) delete button for erasing audit logs in GEMS software (R 25 60); Premier admits in CAlifornia hearing that audit logs do not record e significant events (R 25 61)

    Sf Fairfax County Virginia voting glitches: 3+3+1+3 = 0 (R 25 61)

    S+- Discussion of `Security by Obscurity' (R 25 61)

    Sf(H?) Sequoia Voting Systems agreed to reveal sensitive system information after DC primaries recorded more votes than votes (R 25 72); Sequoia e-voting machines manipulated without any insider information (R 25 76)

    ..... 2009 U.S. election events:

    +- NY voter voted absentee, then died before the election; ballot ruled invalid, resulting in a tie (R 25 68,69)

    ..... 2010 U.S. election events:

    $SHI Clay County Kentucky insider election fraud trial resolution: Jury convicts all five defendents in vote-buying and election-rigging indictments, including a former circuit court judge; long-term election fraud in 2002, 2004, 2006 (Bill Estep, 25 Mar 2010) (R 25 76-77)

    ..... 2011 election events:

    Indiana Secretary of State indicted for seven felony counts including voter fraud (26 37)

    Colorado Saguache County election fraud case goes to grand jury (26 37)

    Estonian voting system flawed (R 26 38)

    Risks of outsourcing elections in the Netherlands (R 26 34)

    Risks of Oscar voting process (R 26 34); Oscar e-voting problems worse than feared (R 27 13); Rush Holt on Oscar Voting (R 27 17)

    India: system failure impedes voting on a constitutional amendment: 169 votes recorded as 149 (R 26 40)

    NY Assembly candidate effectively shoots himself in the foot, defeated by his own law (R 26 36)

    Risks of playing computerized poker, by analogy to voting! (R 26 38)

    Diebold repairman accused of loading fake money into ATMs (R 26 46)

    New Court Filing Reveals How the 2004 Ohio Presidential Election Was Hacked (R 26 50)

    National Popular Vote Returns in California legislation (R 26 50)

    New Jersey Cumberland County primary election cover-up, destroyed evidence, Sequoia misreporting (R 26 59)

    Alleged Absentee Ballot Fraud in Florida (R 26 60)

    E-voting remains insecure, despite paper trail (R 26 60)

    Americans Elect first voting - and it is broken! (R 26 63)

    An experience with online elections (R 26 63)

    Software reliability testing for the space shuttle - and elections (R 26 69)

    Risks and aircraft control - how does voting fit into this? (R 26 69,70)

    Has America's Stolen Election Process Finally Hit Prime Time? NAACP petitioning the United Nations over disenfranchisement; Justice Department calls South Carolina's voter ID law discriminatory; Election Assistance Commission finds voting machines programmed to be partisan (R 26 70)

    ..... 2012 U.S. election events:

    E-voting system awards election to wrong candidates in Florida village; Sequoia (R 26 78)

    Small coding mistake led to big Internet voting system failure (PGN, R 26 73)

    Internet voting redux: felony case in New Mexico; Tory Party in Canada robocalls (R 26 75); Internet Voting a `disaster in waiting' (R 26 75); DHS Cybersecurity Chief criticizes online voting (R 26 76)

    Board of Elections does nothing as hundreds of Bronx votes go missing (R 26 75)

    DDoS attack disrupts Canadian political party leadership vote (R 26 77)

    Doug Jones and Barbara Simons, "Broken Ballots: Why Your Vote Won't Count" (R 26 77)

    Real solution: election day registration? or eliminating of voter the need for voter registration(R 26 81)

    NJ mayor hacks oppositional website (R 26 85)

    Risks from computers in elections? 90% of U.S. electronic systems can be accessed remotely without public awareness! (R 26 80)

    Internet Voting Still Faces Hurdles in U.S. (R 26 86)

    "Why voting machines still suck" (R 26 85)

    The Power of Individual Voters to Transform Their Government (R 26 81-84)

    Stuxnet Parallels to Voting Security (Rebecca T. Mercuri, R 26 91)

    Major Snafu in New Zealand Election was `Human Error' (R 26 92,93)

    Internet Voting Systems at Risk (R 26 96)

    More on election risks: Brennan Center study outlines how officials can cure election design defects, save votes (R 26 96)

    Tracking Voters with `Political Cookies' (R 26 91)

    Washington State wants to register voters via Facebook (R 26 93,94)

    How to avoid an Elections-Ontario-style data-breach fiasco (R 26 94)

    Elections Ontario data loss victims could top four million (R 26 98, 27 01)

    Overseas voter receives two dangerous spam messages, titled "Your Ballot is Now Available" (R 27 03)

    No Fundamental Right to a Secret Ballot? (R 27 03)

    Doug Jones: guest editorial on voter registration (R 27 01)

    Roles of governments in election oversight and accountability; PGN views before and after the 2012 election (R 27 06, S 38 1)

    Elections and Hurricanes: After the Aftermath of the Math (R 27 08)

    Changing voter registration addresses in WA and MD: Alex Halderman's demos (R 27 05)

    Numerous voting machines count the wrong candidate? (R 27 05)

    Covington anomaly: mistaken attribution: Obama-Biden listed as Republicans (R 27 08)

    Virginia city's ballot listing Obama as Republican, Romney as Democrat (27 08)

    Paper prophets: Why e-voting is on the decline in the U.S. (R 27 05)

    NJ e-mail voting article on Freedom-to-Tinker: LtGov issues misleading/erroneous directive to voters after the huge 2012 hurricane (Andrew W. Appel (R 27 06)

    Last-minute fiddling with voting machines in Ohio; adding untested/uncertified components; ES&S experimental patches (R 27 06,08)

    Huffington Post blog on Recount Roulette (R 27 06)

    Barbara Simons and Douglas W. Jones, Internet Voting in the U.S., Comm. ACM, 55, 10, pp. 68-77, October 2012 (R 27 06)

    Error and Fraud at Issue as Absentee Voting Rises (R 27 04)

    Romney and Obama campaign websites leak personal information (R 27 06)

    Two items from Thom Hartmann and Sam Sacks, The Daily Take blog ( (R 27 09):
    1. Anonymous, Karl Rove, and 2012 Election Fix? Unless Anonymous presents evidence to support its claims that Rove planned to steal the presidential election for the GOP, its work will be relegated to the status of Internet antics - and the dustbins of history.
    2. Why Anonymous' Claims about Election Rigging Can't Be Ignored, Given historical trends, why is it inconceivable to some that Karl Rove may have tried to electronically rig the election of 2012 in three states?

    ORCA, Mitt Romney's high-tech get-out-the-vote program, crashed on Election Day (R 27 09); "Unleashed! Project Orca, the campaign killer whale" (R 27 09)

    What's in a vote? Only your entire personal profile: "All politics is personal' is truer than ever in the big data era." (R 27 05)

    Summary of experiences on the 2012 election, by Douglas W Jones: I spent election day 2012 monitoring incident reports from polling places around the country. In doing this, I observed a number of patterns that seem worthy of note... Well worth reading. (R 27 08,09); Election day experiences, by Jeremy Epstein. Well worth reading. (R 27 08)

    Unusual risk for US voting machines: a spider in Rehoboth MA (R 27 08)

    51-vote margin in Alaska state senate race prompts recount (R 27 10)

    Estonia gets to vote online. Why can't America? (R 27 08); 3 reasons why Estonia's e-voting is irrelevant to the U.S. (R 27 09)

    Wall Street software failure (1 Aug 2012 Wall Street glitch that cost Knight Capital $440M), & relationship to voting; one of eight servers incorrectly upgraded (R 27 57)

    ..... 2013 U.S. election events:

    12 Common Election Security Myths, Not surprising to RISKS readers, but pithy. (R 27 15)

    How much does a botnet cost? and what about Internet voting? (R 27 18)

    Election screw-ups in Kenyan election: "everything that could go wrong did." (27 20)

    Hacking the Papal Election, excellent item with interesting lessons, by Bruce Schneier (27 20,21)

    Cyberattack on Florida election raises questions (R 27 21)

    Tom Coburn Amendment limiting National Science Foundation political science research funding passes U.S. Senate (R 27 21) [Some research is excluded, although something related to election integrity might actually fall into this category. PGN]

    US election fraud "because page after page of signatures are all in the same handwriting," and that nobody raised any red flags "because election workers in charge of verifying their validity were the same people faking the signatures." (R 27 27)

    Online ballot fraud in Miami (R 27 35) Doonesbury, 10 Mar 2013: Q: It's always a pleasure to welcome to the show Jim `Honest Man' Andrews. So, Jim, Trying times for your GOP pals?
    JA: Well, we've obviously had to ask some tough questions, such as, is voter suppression alone enough for us to win future elections? Are gerrymandering, roll purges, ID laws, registration hurdles, disinformation, early voting cutbacks, unequal resources and caging lists really getting the job done? Clearly not! It's time to get serious and double down with state-by-state election rigging.
    Q: So there's been some soul-seaching?
    JA: Hell, yeah! We can't just keep doing things the same old way.

    Asmussen in the San Francisco Chronicle, The Excess Democrat, 15 March 2013: Close Pope Vote Controversy: Pope Francis announced - or is he?
    Karl Rove Claims Ohio Still Not Decided on Pope. [...] Romney won't concede to Bergoglio.

    Reclaiming the American Republic from the corruption of election funding (R 27 25)

    Insider Threats, FBI NCIC and elsewhere (R 27 37)

    Online ballot fraud in Miami: bogus ballot requests for 2,046 Miami-Dade voters (R 27 35)

    Our Founding Fathers wisely recognized the risks in voting (R 27 52, critiques (R 27 53,55)

    Surveillance State Puts U.S. Elections at Risk of Manipulation (R 27 60)

    Judge Posner recants his previous ruling on the lack of evidence that Voter ID would cause any disenfranchisement. He now writes that he was guilty of upholding a law "now widely regarded as a means of voter suppression rather than of fraud prevention.' (R 27 56)

    Voter ID laws: Voter Suppression's New Pretext (R 27 61)

    Virginia Voter purge list would have incorrectly disenfranchised about one-third of the people on the list (R 27 56)

    Diebold Charged With Bribery, Falsifying Docs, 'Worldwide Pattern of Criminal Conduct' (R 27 58, two items not necessarily election related, but noted here because of Diebold's past involvements in voting - including the five convicted felons working in their voting system subsidiary)

    @Internet gambling: Play at your own risk [resembles Internet voting!] (R 27 60)

    Chinese hackers attacked crucial U.S. government election website (CNN, R 27 64)

    ..... Other election items in the U.S.:

    - Drunks have full disclosure for breath-measuring software; voters do not (R 24 13,14); subsequent court ruling denies disclosure

    Sfde Voting machine engineer sues, alleges machine design flaws (Bev Harris via Susan Marie Weber, R 22 59, S 28 3:10)

    S(H?) Senator Frist's on-line poll on Iraq removed, claiming tampering (R 22 62, S 28 3:10-11)

    Sfm Electronic voting: computer reliability aspects (R 23 11)

    h Missouri legal decision questions automatic ballot counting (S 13 2)

    m Computer miscounts votes on a May 1988 StarWars (Strategic Defense Initiative) Dellums-Boxer amendment in the House of Representatives to kill SDI funding (358 ayes for the amendment, & 237 nays, which added up to much more than 435!!! A manual recount showed the amendment was actually defeated, 299 to 118.) (S 13 3:4)

    Electronic voting on CAFTA in the U.S. House: decisive pledged no vote not recorded because Congressman's "electronic voting card failed." (R 23 96; S 30 4:28)

    *h Computer data-entry error in vote tallying (2828, not 28) (S 13 4)

    f/h? 8 Durham NC precincts had correct totals counted twice (S 15 1)

    f/h? Virginia governor's race also had totals counted twice (S 15 1)

    h Undeleted leftover test data reverses Yonkers NY election results (S 15 1:12)

    rf Manual districts required live fudging of Michigan election system (S 15 1)

    f Another experience with voting machines in Fairfax County VA (S 15 1)

    SHAO Absentee ballot fraud detected in Colorado since 1984 (S 18 1:18); 11 indicted in Costella Cty CO; 2536 voters with pop. 2278 (R 15 41)

    fh Other risks in unaccountable computerized elections (S 19 1:6)

    m CMU elections suspended because roster database system was down (S 19 2:8)

    SH Cat registered as voter to show risks (no pawtograph required) (S 20 1:16)

    m Static electricity affects ballot counting (S 22 1:18)

    VSH San Jose State voting computer crashes, "fixed". (S 18 1:18)

    $f NY City electronic voting machines still unaccepted after spending $20M (R 19 06) (Note: 1940s lever machines still in use in 2000 election!)

    +? A little humor: use of "fixed" vs "repaired" (S 18 1:18)

    m Computer disk crash gives ballots with 2 candidates omitted (S 20 1:17)

    hfm 1995 San Francisco elections (S 21 2:19)

    mfie Problems in Montgomery County election, 7 Nov 1995: anti-moisture spray effects, delays, bad operator initialization, phantom votes (R 17 50,56)

    h Risks of global editing in voting context: name `Pollack' changed to `Turnoutack' (S 14 5)

    Sm A. Appel and S. Govindavajhala, "Using Memory Errors to Attack a Virtual Machine, it IEEE Symposium on Security and Privacy, 2003. (R 23 48) [Not specific to voting systems, but relevant!]

    SHf Washington voting for state quarter design hijacked by computer mischief (R 24 24)

    SHfhi Stolen Votes and Elections: see Richard Hayes Phillips, Witness to a Crime: A Citizen's Audit of an American Election, Canterbury Press, Rome NY, March 2008, ISBN 978-0-9798722-3-5 (R 25 39)

    ..... Internet and remote voting:

    Internet voting systems are potentially even riskier than electronic voting systems, especially if you (and everyone else) can vote from anywhere in the world on a PC with inadequate security using code that you have downloaded from some supposedly trustworthy site on the Internet. The California Commission studying Internet voting suggested that the risks were too high for such a balloting method to be used, although it considered using such a scheme under carefully controlled physical surroundings. See http://www.pfir.org/statements/2000-02 for a discussion by Lauren Weinstein of risks in Internet voting, and later by PGN, Rebecca Mercuri, and Lauren Weinstein (S 26 2:, R 21 14), and others (R 21 13-14).

    SPf More on risks in Internet voting: NSF report (R 21 28-30,32,34)

    rSH Garciaparricide in 1999 All-Star balloting? 25,259 on-line votes cast by a Perl devotee; 22-vote max detected: same e-mail address; needed IP spoofing (R 20 47-48)

    SAOf Vote early, vote often for your favorite California quarter design - via the Internet (R 22 49)

    SP 2000 Arizona Democratic primary allows Internet voting (R 20 83) and more people voted that way than all votes in the 1996 election. Needs for privacy and anonymity difficult to meet (R 20 84); crypto for voting (R 20 85);

    fSH Problems with Australian ABC TV show online voting scores (R 21 06; S 26 1:33)

    f? College election.com online voting glitch (R 21 28)

    SH Large-scale fraud in Dutch election choosing new name for merged towns of Leidschendam and Voorburg (S 27 1:16, R 21 70)

    SPH E-voting and international law (S 27 2:11-12, R 21 81)

    SH 1998 People Magazine Most Beautiful People poll winner Hank the Angry Drunken Dwarf! 1998 Kesmai employees instructed to vote early vote often for Kesmai game award (S 27 3:18, R 21 90)

    SH Microsoft "astroturf" campaign stuffing an e-ballot box (S 27 2:12, R 21 87)

    SH Vivendi suspects electronic vote fraud (S 27 3:18, R 22 05)

    SP UK tries remote voting in Liverpool and Sheffield in May 2002, using SMS (R 21 90, R 22 03,05); Web voting in Wybunbury and Maw Green (R 22 04)

    Sf Internet voting: in the Netherlands (R 23 48,55); in Canada (R 23 53); in Switzerland (R 23 55); Internet voting contrasted with voter-verified paper audit trails (R 23 55); "Internet voting should not be considered secure until the electoral authorities are confident enough to give immunity from prosecution to anyone hacking the election, and to offer a substantial prize for anyone who can produce evidence that they have attacked it successfully." Martyn Thomas (R 23 56; comments 58,59)

    SHf DC Internet voting trial intermediate results (R 26 18); later results: easily hacked ballots, modified software, unencrypted IDs and PINs, accessible routing infrastructure and unprotected security cameras (R 26 19)

    fm, etc. National Academies/CSTB report on Electronic Voting, 2005 (R 24 04)

    ..... Other Election Problems:

    f Quebec election prediction bug: wrong pick [1981] (S 10 2 pp 25-26, 11 2)

    Sf Calgary Online student election; software flaws mix up voters, block some from voting (R 23 29)

    S+/- Electronic voting in Canada: intelligent report on Access, Integrity, and Participation (R 23 53)

    $Sfhim Electronic voting blamed for 2006 Quebec municipal election 'disaster' (R 24 46, S 32 1)

    fh Votes and candidates misaligned in Calgary 2001 election through misalphabetization of d'Arras as Arras (S 27 1:16, R 21 70)

    $f Votes lost in Toronto (S 14 1, 14 5); Toronto district finally abandons computerized voting; year-old race still unresolved (S 15 2)

    SHm SQL Slammer DDoS attack disrupted the 25 Jan 2003 NDP leadership convention voting in Toronto (election.com) (R 22 59)

    hfi Alberta vote-by-phone fiasco (S 20 2:8)

    - Canadian law disenfranchises one million people who do not have street names and numbers; later rectified (R 24 88,90)

    $SHPfhi NEDAP, the Dutch voting machine reprogrammed to play chess! (R 24 61,62); Yet another risk of voting computers: shoulder-surfing in the Netherlands (R 24 60); Dutch government suspends computer voting (R 24 84); E-Voting banned by Dutch government (R 25 17)

    $SPfhi Opposition to e-voting grows in France (R 24 62); French elections bring down foreign Web sites (R 24 65)

    SH Election fraud in the UK? (R 21 50,51)

    SP(+/-) UK publishes security requirements for e-voting (Cuddy and Mercuri response, R 22 40)

    SH BBC Website article on risks with e-voting: Yet every time we get to look inside a piece of software or a security system that has been developed in secret, and built on the top of a compromise between acceptable levels of risk and the cost of doing it properly, we find holes and errors. (R 22 83)

    SP+ The shape of elections to come in England: paper ballots continue, electronic voting considered (R 22 95)

    f UK Elections: Web and text vote trials dropped (R 24 03; S 30 6:25)

    SPf E-vote 'threat' to UK democracy (R 24 71,84)

    Software Error sends out wrong ballots for the UK general election (R 26 04)

    +? Church of England has certified software for its elections (S 17 1)

    SP Electronic voting in Ireland in spring 2002 (S 27 3:16, R 21 93)

    Sf Irish Labour Party urges suspension of e-voting until flaws addressed (R 23 01)

    Sf Ireland scraps electronic voting plans (R 23 35) and The Netherlands accepts the same technology despite secret evaluation (R 23 39)

    S$ Ireland E-voting an `unmitigated disaster'; Dutch, Germans abandoned same system (R 25 61)

    SHO Colombian vote count delayed by DoS attacks (R 25 97)

    SHfm Future of e-voting in doubt in Japan: reliability, credibility, other concerns (R 25 05)

    mH? Philippines election power failure affected only the area of the computer center; on reboot, the computer immediately declared the underdog to be the winner (S 10 3:8, The Washington Post 10 Jun 1985)

    $SPfhi Philippine Internet voting system challenged (R 24 64)

    fSAP New Zealand electoral Web site for registering and updating; authentication consists of full name and date of birth! (R 21 41,44)

    SAfe Electronic voting systems: more on system integrity and accountability (R 22 66); New South Wales forced to hand-count poll result after inadequately tested computer upgrade (R 22 69); crash of Will County, Illinois, Web site for tallying and publishing election results after being deluged with bogus requests (R 22 69)

    h 6000 moved Australian voters lost from computer election rolls (S 14 6)

    fm DB and WWW on one machine mess up 2001 Australian Capital Territory election (S 27 1:15, R 21 71-72); see earlier anticipation (R 21 67)

    fh Risks with automated counting of preferential ballots in 2001 Australian Senate elections (S 27 1:15-16, R 21 77)

    f/h/H? Computer error in Cape Town election affects results (R 18 17)

    h Read-ahead synchronization glitch and/or eager operator causes large data entry error, giving wrong winner in Rome Italy city election (S 15 1)

    f German parliament election: program rounds up Greens' 4.97%, but 5% needed to count; corrected error gives Social Democrats one-seat majority (S 17 3)

    h Wrong result in German Bundestag elections due to FAX of double-sided results pages (R 20 04)

    f Swedish election results delayed by computer errors, 140% returns (S 17 1)

    $h Mis-set parameter invalidates Oslo parliamentary election (S 19 1:5)

    S? Tampering blamed for lost Peruvian candidacy signatures (S 20 1:18)

    SH Electronic ballots eschewed in India due to rigging fears (S 16 3)

    SH Security Analysis of India's Electronic Voting Machines (Halderman et al., R 26 05); ensuing debate at EVT/WOTE 2010 (part of USENIX Security) (R 26 14); Subsequent detailed article by Alex Halderman (R 26 20), and Trust the Vote - not! (Rebecca Mercuri) (R 26 20)

    Incidentally, the EVT/WOTE 2010 workshop also had a highly relevant talk by Jeff Burbank (author of License to Steal) on insider misuse in the gaming industry R 26 14). See also British Columbia Online Casino taken offline within hours (R 26 14). For those who believe that gambling oversight is orders of magnitude better than voting, they are both inadequate! [PGN]

    Sfi Bulgarian parliament e-voting authentication based on member's weight (S 27 2:12, R 21 88-89)

    S Injured technician's inability to provide the password delays vote count in Mali (S 27 3:18, R 22 05)

    SHf Olympics' ice skating judging rigging leads to strange proposal for nonaudited electronic randomized voting scheme! (S 27 3:18, S 21 92)

    m Mice chew up paper ballots in Bangkok election (S 27 3:18, R 21 98)

    h How to rig an election by clever redistricting (R 22 05)

    hi Brazilian computer blocked twins, like-named siblings from voting (S 12 1) (This problem may still have existed in 1994, unless new report was old.) (R 16 45)

    fe Voting machine inflexibility causes postponement of Brazil's standard time cutover from daylight time because law requires 8 to 5 voting (R 22 33); Brazil modified 3% of their machines to use the Mercuri Method (R 22 24) - see article in November 2002 IEEE Spectrum.

    SP Nigerians to use fingerprint scanning technology in elections; lower-level officials hoard registration forms (R 22 30)

    SHf Phantom voting in Israeli Knesset; no security (R 22 76,79)

    SHPhfi Secret-ballot e-voting in Tel Aviv University (R 23 11)

    SM Cosmic ray blamed for failure of 2003 Belgian voting system adding extra 4,100 votes! (R 23 46, with discussion R 23 47)

    S+ Shm Venezuela postpones election due to computer problems (R 20 89); Voter-verified e-voting in Venezuelan election deemed sound (R 23 52); Venezuela constitution bans recounting of votes ... (R 27 25)

    SH Election candidates' Web pages hacked during Finnish election (R 23 58)

    SP Voting machines in Ireland and The Netherlands (R 24 36, S 31 6:33-34)

    Sfhi Finnish E-Voting System Loses 2% of Votes (R 25 43); usability issue (R 25 54)

    Vfm Israeli Labor primaries postponed: electronic systems fail (R 25 47)

    In Malaysia, online election battles take a nasty turn (R 27 28)

    `Ultra-secure' online primary in France disrupted by multiple and fake voting (R 27 32)

    Azerbaijan releases election results - before the election started (R 27 53)

    ..... Related technology problems

    @+? Use of `unpredictable auditable random numbers' in casino/gaming systems, possibly relevant in elections? (R 22 57)

    @S? New cell phones well suited to wireless gambling (resembling the voting machine situation?)! (R 22 55)

    h? Counting error on SMS poll evicts wrong contestant from 'Big Brother'; caught in audit! (R 23 46)

    SP+ Ron Rivest's ThreeBallot paper approach, eschews cryptography, hinders vote selling (R 24 44); Rivest-Smith three approaches to reducing electoral fraud (R 25 02) http://people.csail.mit.edu/rivest/publications.html

    Sfe Voting machines with incredibly poorly written software (R 26 19)

    SHO Hacker almost derailed Mandela election in South Africa (R 26 19)

    Sf Wall Street software failure and its relationship to voting (R 27 57)

    1.23 Insurance Frauds

    $SH Possible fraud on reinsurance - message time stamp faked??? (S 10 5)

    $H N-step reinsurance cycle; software checked for N=1 and 2 only (S 10 5)

    1.24 Security Problems

    in computers and communications: Penetrations, Trojan Horses, Viruses, Time-bombs, Scams, Blackmail, and Other Problems:

    ..... Recent yet-to-be-merged security items:

    ***** Apologies. I am way behind in coping with the pervasive occurence of these cases and trying to distribute them sensibly within the subtopics. PGN

    SH UK Sunday Business reported intruders seized control of a British military satellite, and demanded blackmail (R 20 23)

    Sf Security flaw with frames in browsers (R 20 09); risk of coopted back - not just in JavaScript (R 20 11-12)

    SAO 3Com security advisory admits to undocumented backdoor for CoreBuilder and SuperStack II switches (R 20 07)

    Sf Seeming SecurID flaw granting root access on login (R 20 10) actually NIS client code flaw (R 20 11)

    fS Excel 4.0 and Excel 98 mixes up hard disk and floppy, with nasty potential consquences (R 20 08); Excel messes up large numbers (R 20 14)

    Sf Internet Explorer 4.01 Son of Curatango cut-and-paste flaw (R 20 09)

    hi Unexpected Internet Explorer behavior when copy/pasting (R 24 24)

    hi Internet Explorer changes due (after patent ruling): What You Can Expect (R 24 25) and what does not work (R 24 25)

    Sf NT server worm attacks 10 MCI Worldcom networks (R 20 13)

    S Win98 Trojan Horse in installation of Java/Y2K upgrade (R 20 13)

    SAO PalmPilots can scan remote-control infrared codes (R 20 10,13); risks of RF garage-door openers, infrared alarm systems, etc. (R 20 13)

    SM Auctioning of frequency spectrum undermines Pentagon's ability to counter interference risks on cruise missiles (AW&ST item) (R 20 07)

    SM Sweden recommends banning mobile telephones on ships; Norwegian man consistently caused ship rudder to swing despite vessel on autopilot (R 20 08)

    SM Security risks of laptops in airline cockpits (R 20 12)

    SH Risks of Internet vote rigging: BBC Sports Personality of the Year (R 20 11)

    SH Rhode Islander sentenced for intentional damage and unauthorized access (R 20 23)

    M Man's cell phone interferes with all traffic in GTE Wireless tower (R 20 18)

    S Viruses spread in Sea Launch documents (R 20 16)

    VSH Smurf denial-of-service attack on Ozemail ISP (R 20 16)

    SH Unsuccessful cracker takes it out on challenge creator (R 20 19-20)

    $SHO German bank being blackmailed by putative cracker (R 19 56)

    - High-school student expelled for writing article on hacking (R 19 56)

    SH Ransom note on Yahoo demands freeing Kevin Mitnick (R 19 50)

    S(not-H?) Matthew Bevan (a.k.a. Kuji) cleared of unauthorized access charges; also reference to GAO report on Rome Lab breakins (R 19 48)

    $S Wells Fargo issues ATM/Check cards, which are actually debit cards; analysis by Lauren Weinstein (R 19 49)

    Sf Security vulnerabilities in Common Desktop Environment (CDE): faulty argument check (R 19 57)

    Sf Potential risks associated with Mobil Speedpass at gas pumps: replay attacks with RF and no PIN in TI's TIRIS (R 19 52)

    SHm 4-watt GPS/Glonass jammer from Russian Aviaconversia (R 19 54)

    *M? Australian air-safety report gives 30 cases of possible in-flight electronic interference (R 19 55)

    + Lufthansa combats mobile phone risk with detector (R 19 48)

    Si Risks of new Motorola car-control-via-pager system (R 19 50)

    + Discussion of IEEE/ACM Code of Ethics (R 19 57)

    $H Oregon DMV lost $15K photo licensing equipment (R 19 16)

    m Report that "hackers get into Ramsay case computer" (R 19 23) is false; it was a dead CMOS battery!! (R 19 24)

    Sfi Security flaw in Rogers Cablesystems Wave gives access to other users' data (R 19 43)

    m Mobile-phone electromagnetic radiation causes short-term memory loss; related to talkers' road accidents? (R 19 39)

    S PBS and TV "Barney & Friends" signal to activate interactive Barney doll via Microsoft ActiMates set-top box (R 19 39)

    ? Satanic Risks with GPS in every mobile phone? Comments on Lucent, Limbo, Styx, 666 5th Ave. in NY, from the Fortean Times (R 19 51)

    - Computer system implicated in need for death-penalty review (R 19 29)

    S Discussion of leaked report on Mondex security flaws (R 19 38)

    - Gerber net hoax (R 19 43)

    S+$ "Crack a Mac" contest server cracked; winners get 100,000 Swedish kronor each (R 19 31)

    ? Encoded circuit board missing from Chinese rocket (R 19 84) Chinese suspected of extracting it, later report it must have burned up on reentry

    H? Three alleged Quebec hackers accused of posting bomb recipes (R 19 81)

    SHO Department of Energy discovers security vulnerabilities, with 1400 Internet systems having classified or sensitive information (R 19 81)

    SHO German phone-cards cracked by Dutch crackers (R 19 77)

    ShHOA Dutch ISP WorldOnline security failures (R 19 85)

    SHOA CzERT group of hackers ravage Czech & Slovak cyberspace (R 19 77-78)

    Sfi Excite referer-log security hole (R 19 78-79, 19 90)

    SH/h/f/etc. Discussion of defining the line between hacking and Web surfing, by Eli Goldberg (R 19 84-85)

    SP Burglars foiled by cordless-phone interception (R 19 80)

    S SPA/BSA report: computer industry lost $11.4 billion in piracy.

    *VM Electromagnetic interference on defense systems such as Patriot, Predator, radars, telephones, etc. (S 24 1:34, R 20 04)

    M Sensormatic Ultra-Max shoplifting gate in bookstore interfered with 72-year-old man's defibrillator (R 20 05)

    SH Malaysian unrest; broadcasters' reports censored; satellite communications intercepted and blacked out (R 20 01)

    SH Irish gang physically takes out telephone exchange (R 20 01)

    Sf JavaScript flaw in Netscape allows reading of other caches (R 20 02)

    Sf Gmail security flaw: acts on JavaScript in unopened e-mail (R 24 04)

    Sf Cult of the Dead Cow Windows 95/98 BackOrifice Backdoor (R 19 90)

    Sf NT security flaw allows impersonation of admins (R 19 90); further discussion on the old days, C2 certification, etc. (R 19 95-96, 20 01-02)

    Sf Windows NT 5.0 reportedly about 48M lines of source code (R 19 90)

    SHAO AOL-official masquerader changes aol.com domain-name entry, takes AOL off the Net (R 20 04)

    SHO Computer consultant-hacker investigated for using 2,585 computers and 10.63 computer-years in prime-number search; detected by US West intrusion response team (R 19 97)

    SHf Small credit unions easy targets for debit-card fraud (R 19 93)

    Sf BankBoston and USTrust ATM teller machines truncate PINs to four digits! (R 19 89)

    SH Custom alarm decoders break electronic car systems quickly (R 19 93)

    ffffSH Frequent security break-ins at the Pentagon (R 20 24)

    Sh Sweep detects 31 secret files in former CIA Director John Deutch's PC (R 20 30)

    SH JavaScript eBayla virus infects eBay auction (R 20 32-33)

    SH Fake Swedish ATM front panel copies cards and PINs (R 20 31)

    $H 13-year-old makes $3M in bids on eBay auctions, wins a few and messes up others (R 20 35)

    SH Military-strength version of Windows NT certification problems: NT 3.5 is C2 (when standalone), NT 4 is not certified for the networked use NATO uses it for (R 20 36)

    Sf Woody's Office Watch reports virus-infected documents on MS Web site. (R 20 34)

    S Shamir's TWINKLE machine could increase speed of factoring by 3 to 4 orders of magnitude, threatening 512-bit public-key crypto keys (R 20 38)

    Sf False virus detection: searching for Melissa (R 20 40); HotMail and the happy99.exe infection; Virus Scan misses it (R 20 40)

    Sfff Discussion by Bruce Schneier on Why Computers are Not Secure (S 25 2:18, R 20 67,69)

    Sf GSM cell-phone encryption cracked by Birykof and Shamir (R 20 67,69) See http://www.crypto.com/papers/others/a5.ps

    SHf Pirate broadcasters overtake Radio Data System (R 20 74)

    Sf BlackICE Defender security product opens up gaping flaw (R 20 64)

    $Sf U.K. bank (Halifax) suspends on-line share trading over security flaw enabling you to trade for others (R 20 66)

    $SH Hacker redirected browsers from Staples to Office Depot (R 20 66)

    SH "Anonymous" Hotmail e-mail threat traced to AOL user (R 20 66)

    Sf Defective crypto in Netscape e-mail password saver (R 20 68,70,74)

    S Netscape mail confounds two accounts for one user (R 20 70)

    Sf Installing IE 5.0 changes the OS topology! (R 20 66)

    Sf No bounds checking in Microsoft RTF controls (R 20 66, 68-69)

    Sf Mini-Zip virus (R 20 66)

    SH Canadian debit-card fraud: doctored swipe readers transmit mag stripe info and PIN (R 20 69)

    $S Sanity.com allows CD orders without payment, in attempt to avoid credit-card risk (R 20 68)

    P Sanity.com violates its own privacy policy by divulging e-mail addresses (R 20 71)

    Sf Further CERT Advisories 99-15,16 on buffer overflows (R 20 69)

    SHV Dell loses five days' production time in Ireland to FunLove Virus (R 20 66)

    $SA Automated money laundering: counterfeit Japanese 500-yen coins made from Korean coins worth about 50 yen accepted by coin machines; coin return yields a genuine coin! (R 20 67-68)

    Si Risks in MS Outlook 98: sensitive attachments missent (R 20 67); trying to delete e-mail: embedded html executes OpenWindow to remote site (e.g., porn, which is logged) (R 20 69)

    SH Various risks of Conducent/TimeSink ads in software (R 20 65)

    *Sfi ATM user trapped for 9 hours by automatic 9pm lock, with no escape (R 20 66)

    SH$ Salary payment diskettes intercepted and manipulated (R 20 54)

    VS* If payments are delinquent, car might not start, or could stop while running (R 20 54)

    SHA Web users "page-jacked" by pornographers (R 20 60)

    SHA "United Loan Gunmen" attack on NASDAQ, AMEX, previously C-Span, ABC, Matt Drudge sites (R 20 58)

    h Stray faxes for U.S. Embassy go to Auckland NZ chicken farmer (R 20 56)

    SHA Author of false e-mail arrested for starting panic (R 20 47-48)

    SHAO Yet another ATM scam: Trojan-horsed keyboard (R 20 46)

    S New ICQ Trojan as JPEG (R 20 57)

    Sf Hotmail Trojan horse captures passwords (R 20 57)

    Sf Race condition flaw in Microsoft JVM / Java library with IE4 and IE5 (R 20 55); further flaw in MS bytecode verifier (R 20 62)

    Sf Microsoft "fixes" the macro virus vulnerability in MS Office (R 20 42); also problems in Word 97 (R 20 57,59)

    Sf*$ Vulnerability in Windows SSL server and common browsers: private key with exponent 1 (R 20 41)

    Sff ActiveX security problems in IE (R 20 44), in Windows 98 (R 20 50-51); Richard M. Smith's test page for dangerous ActiveX controls, recommendation to turn off ActiveX in IE5 (R 20 56)
    http://www.tiac.net/users/smiths/acctroj/axcheck.htm

    Sf More risks of Internet Explorer 5 (R 20 54); more flaws in Internet Explorer 5.0 interactions with ActiveX (R 20 61) plus further flaw in MS Java VM (R 20 62)

    Srf Security vulnerability in Netscape: <title> of bookmarked page is executed! (R 20 42)

    SHf Allaire/ColdFusion firewall vulnerabilities (R 20 43)

    SHOA Hackers breach Firewall-1 (R 21 02; S 26 1:29)

    Sf Critical Path has serious security hole affecting many including NSI (R 20 59)

    S Security flaw in Texas Hold 'em Poker program (R 20 56)

    S Auto-Fix feature for Dell PCs opens up security hole (R 20 55)

    SH$ eBay scam results from last-minute withdrawal of ridiculously high bid (R 20 51)

    S-ethics Clinton's Executive Order on Unlawful Conduct on the Internet (R 20 53)

    Sm,h,rf Maldesigned Baltimore computer system CCMS slows Pentagon background checks (R 20 46)

    ? Supreme Court upholds CDA barring indecent speech online (R 20 45)

    ShA DoD password management policies questioned (R 20 50)

    SA Security risks in "Treasury Direct" (R 20 50)

    SH Microsoft employee apparently posted aliased message falsely blaming AOL for a security flaw (R 20 54)

    SHf London Underground sequence rollover: certain 2-year-old Travelcards work again! (R 20 48)

    SM*? Cell phones and aviation electronics; One year in jail for cell-phone use on a plane (R 20 50-52); Chinese jet driven off course (R 20 53)

    Hhm Cell-phone hoax takes down Lebanon's phone networks (R 20 43)

    * Possible victims of Iridium demise: Pacific rower, Norwegian transpolar skiers (S 25 3:18, R 20 85); Iridium flames out (R 20 87)

    $h Reserve Bank of Australia (RBA) announced an unexpectedly larger interest rate hike at at 9:30 a.m. on 2 Feb 2000, but accidentally sent 64 people e-mail 6 minutes earlier. In those 6 minutes, approximately AUD$3 billion worth of bill and bond futures were dumped on the market. (David Shaw, R 20 78)

    f U.S. Census prepends extra digit to house numbers in mass mailing (R 20 83)

    $hf UK woman dunned for underpayment of four pence (R 20 75); other small debts (R 20 76)

    f Letter from Jim Allchin, Microsoft on Windows 2000 bugs (R 20 80) and comments (R 20 81-82)

    f More on MS Outlook Express feature: line begins with "begin ", following which everything is an attachment (R 20 75-76); more risks with pine bug (R 20 78-79,81)

    f Risks of Authenticode in Windows 2000 (R 20 81 after R 18 89)

    fi Computer-truncated flower-delivery message brings police (R 20 83)

    hi National Weather Service tests leak out live (R 20 82)

    f Weather.com leaves visitors in the cold, with erroneous temps (R 20 85)

    SHO Feb 2000 distributed denial-of-service attacks disable Yahoo, Amazon, eBay, CNN.com, Buy.com, ZDNet, E*Trade, and Excite.com for a few hours each. (S 25 3:19, R 20 79)

    $SHAO Credit-card data used for extortion (S 25 3:20, R 20 75)

    *fff Rhode Island computer arrested innocents (S 25 3:20, R 20 76)

    $SHAO Global Hell hackers steal 63,000 passwords (S 25 3:20, R 20 76)

    SHAO Judge sends message to network vandals: "go to jail" (S 25 3:21, R 20 83)

    +S U.S. removes most restrictions on encryption software (S 25 3:21, R 20 76-77)

    +S U.S. government abandons Bernstein restrictions (S 25 3:21, R 20 82)

    SP China to require encryption information (S 25 3:21, R 20 78)

    SH Online prankster distorts Clinton chat (R 20 80)

    SHOf Junk e-mailer uses closed e-mail list as a relay (R 20 79)

    Sf UK ISPs leave themselves wide open to potential abuse (R 20 83)

    Sf CERT Advisory http://www.cert.org/advisories/CA-2000-02.html on malicious html tags embedded in client Web requests; (R 20 78)

    $- Offshore online gambling operator convicted in NY placing illegal wagers over phone lines (R 20 84)

    Sfi Risks of a hyperactive anti-viral immune system (R 20 84)

    SHh etc. Computer Security: Will We Ever Learn? (Bruce Schneier, S 25 4:8-10 and R 20 90)

    S Peter Junger case: encryption code protected by First Amendment (R 20 87-88)

    SHf Code protecting Stephen King e-book Riding the Bullet cracked (R 20 87); Stephen King's not scared of trusting online readers (R 20 98)

    SHAO Love Letter Worm affects Microsoft Outlook users; See CERT Advisory CA-2000-04, http://www.cert.org/advisories/CA-2000-04.html, summarized in (R 20 88); See related items (R 20 88-89), security patch to disable attachments (R 20 89), and risks of antiviral software (R 20 90); Microsoft Outlook 2002 will enable restriction of 30 types of file attachments (R 21 36)

    Sf W32/ExploreZip.worm "virus" and user interfaces (R 20 44)

    VSHf,etc. Risks of e-mail borne viruses, worms, and Trojan horses, by Bruce Schneier (R 20 45); security sites vandalized (R 20 53)

    S Commentary from Bruce Schneier on Back Orifice 2000 (R 20 57)

    Sf CERT Advisory CA-99.06 ExploreZip worm (R 20 44); See http://www.cert.org for background.

    SHfe SQL Slammer/Sapphire worm slows Net, grounds South Korean surfers, disables most of Bank of America's ATMs (R 22 52); various Canadian banks affected (R 22 52), plus Canadian NDP leadership convention Internet election in progress (R 22 59); Microsoft's own unpatched servers victimized as well (R 22 53); Who is to blame? (R 22 52-53, 58); advent of network risk insurance (R 22 53); Caida analysis shows worm doubling in size every 8.5 seconds (R 22 54); side problem of Virginia furnace fuses blowing, causing file system corruption (R 22 53); parametric worm warning (humor, R 22 53)

    Sf Risks of reading zipped Microsoft text including .exe files (R 20 90-91)

    SHf Peacefire: Eudora "Stealth Attachment" security hole discovered (R 20 88)

    SHf Netscape Navigator improperly validates SSL sessions, CERT Advisory CA-2000-05: http://www.cert.org/advisories/CA-2000-05.html, summarized in (R 20 88); see also Misleading warning (R 20 89)

    SHf Microsoft Office 2000 UA ActiveX Control Incorrectly Marked "Safe for Scripting": CERT Advisory CA-2000-07, http://www.cert.org/advisories/CA-2000-07.html, summarized in (R 20 89)

    SHAO Canadian teen (Mafiaboy) held in February 2000 Web attacks on Yahoo, CNN.com, eBay, Amazon (R 20 87)

    Sf Web server displays admin password on failures (R 20 87)

    SHP The Mirror reports recovery of top-secret stolen UK laptop with Strike Stealth fighter data (R 20 89)

    *Sf Discussion of 2 devices allowing police to stop arbitrary cars (R 20 89) GM's OnStar for location, but also may allow remote hacker activities (R 20 90)

    S? India considering use of railroad communications for Internet connectivity (R 20 90-91)

    S?f?h?i? More risks of networked home appliances (R 20 88, R 21 37)

    M Study shows mobile phones do interfere with old-generation avionics (R 20 89)

    SV Scientists spot Achilles' heel of the Internet; critical nodes (R 20 98)

    SHI During a Verizon strike, 2 NY employee saboteurs cut a power cable next to a telephone cable, suffering burns (R 21 03; S 26 1:28)

    Sf NATO antivirus developers accidentally create Anti-Smyser1 virus that spills secrets (R 20 93; S 26 1:28)

    Sf Major security hole in Anna annapa.com online organizer service (R 21 02; S 26 1:28-29)

    Sfh "Verify your age with a credit card": more than $188M fraud (Lenny Foner, R 21 03; S 26 1:30)

    SH Cyber-extortion increasing (R 20 94; S 26 1:30)

    *m Microsoft software can damage your hardware! Plastic CD-ROM fragments and frags (R 20 92); hairline fractures in center hole dangerous (R 20 94)

    f Another Win95/DOS interaction (R 20 93)

    Sf Outlook buffer-overflow bug on date allows self-executing Trojan horses (R 20 97)

    SHOAi Fake PayPal site (PayPaI.com) collects user IDs and passwords (R 20 97); PayPal victimized by seemingly legitimate fraudulent e-mail (R 22 78,79,85)

    S (not-for-kids) Burger King gives away CD-ROM with porn addresses (R 20 93)

    f Edmonton man finds security hole in video slot machines, gets sued (R 20 93)

    Sf Risks of using HTML Mail and HTTP proxy "censorware" together (R 21 05-06; S 26 1:32)

    Sr Tighter security at Los Alamos may actually decrease security (R 21 07; S 26 1:32)

    Sf SSL Server Security Survey: 32% dangerously weak (R 21 02; S 26 1:32-33)

    Sfde? New Navy aircraft carrier to run Win 2000 for critical functions (R 21 05)

    Sf Windows NT/2000 "Lock Computer" allows palm sync (R 21 04-05)

    Sf Pretty Good Bug found in Windows versions of PGP for "trusted" third parties (R 21 03); another flaw in PGP plug-ins for MS Outlook distributed by Network Associates (R 22 15)

    fS Norton Antivirus 2000 defect on Win2000 content (R 20 94)

    Sf Security hole in Netscape infects computers, opens access (R 21 01)

    SH? (no) Report of hacker endangering astronauts in 1997 (R 20 93) disclaimed by NASA (R 20 94)

    SHA Risks of automated boarding passes for airline e-Tickets (R 21 02)

    e NY State running out of fingerprint IDs (R 21 02)

    [S-spoof] New security vulnerability: 13-year-old `r00ts' popular polynomial, crypto-spoof article by Leonard Richardson (R 21 03)

    S+ The end of the Multics era (R 21 12, S 26 2:9)

    S+ CERT's ActiveX security report (R 21 17, S 26 2:9)

    *SH$ Arizona Motor Vehicle counterfeiting rings (R 21 14, S 26 2:9)

    *SH Another DMV Break-in, in Oregon (R 21 15, S 26 2:9)

    Sf No security in Internet-connectable laboratory instrument controller (R 21 10, S 26 2:9)

    VSHI Security at UK nuclear power stations (R 21 20, S 26 2:9)

    SP How to upset your customers (R 21 09, S 26 2:10)

    $SH Hacker seemingly extracts large number of credit-card records from egghead.Com (R 21 16,18-19); egghead says maybe none of those cards was compromised; however, lots of people's cards were cancelled as a precaution.

    SHAO Florida 8th-graders penetrated school system and copied final science exam (R 21 18)

    SHAO 11-year-old boy charged with felony for computer tampering, changing grades (R 22 56)

    Shi Report on hacker altering MIT grades false; spreadsheet missorted (S 25 3:16-17, R 20 84-86)

    SP Report that Dutch hacker offloaded patient records from Seattle Hospital; U. Wash denies it (R 21 14-16,18)

    SHAO Microsoft Web site vandalized; Trojan horse sent company passwords to Russian site (R 21 11)

    S(f) Researchers able to defeat SDMI digital music security measures (R 21 11)

    $SH Poll of CIOs reveals confidence in their network security despite $billions in losses; over half of respondents did not report breaches (R 21 18); skepticism needed concerning loss figures (R 21 19)

    Sf Verisign and MS authenticode time-stamp errors (R 21 11)

    i Devious URLs making something look hacked when it isn't (R 21 16)

    ShHA Australian government minister has $50,000 phone bill on telephone card given to his son and used widely by others (R 21 09)

    SPf NJ EZ-Pass discovers risk of sending URLs instead of actual text (R 21 09)

    Sf Buffer overflow in Outlook Express allows execution of arbitrary code (R 21 13)

    Sf McAfee VirusScan update (4.0.4102) crashes Windows 95, 08, NT (R 21 13)

    S+/-? Bugtraq discussion: Security advisories are becoming less open (R 21 16)

    SP Dutch Railways to introduce electronic access/ID card (R 21 19)

    Sf Microsoft advisory format buggy (bugtraq item, Richard M. Smith, R 21 16)

    S Risks of automatic firmware upgrades in Dolby digital sound processors (R 21 17) and DVD (R 21 18)

    Sf More on ActiveX security limitations (R 21 30)

    Sf SiteGuest.com sends unauthorized e-mail during browsing (R 21 24,25)

    S(H?) Der Spiegel reports German armed forces banning MS software, citing NSA snooping (R 21 29); correction: Bundeswehr using hardware encryption - see original German text (R 21 31)

    h, then SH Millions of people were prevented from visiting dozens of Microsoft Web sites on 24 Jan 2001 (R 21 21), result of human error; flooding attack the next day jammed network, with four DNS all linked to a single network (R 21 22)

    f Microsoft's UltimateTV set-top box hard-drive storage space shrinks, reducing record-time max (R 21 35)

    H Over 5 months, HotMail blocked e-mail to peacefire.org, with delayed fake error message blaming peacefire outage (R 21 22)

    HHS Sabotaged phone lines and stolen credit cards allowed thieves to safely rob a Sydney shopping centre (R 21 35)

    SHO Hackers hit U.S., U.K., Australian government sites (R 21 23)

    SHO Hacker attacks from China peaked in May 2001 (R 21 37)

    SH Creator of Anna Kournikova virus claims intent to warn sites to tighten their Internet security (R 21 24); the virus blamed for fax machine blowing up! (R 21 24); damages assessed at $166,827; J. de W sentenced to 150 hours of community service (R 21 67-68)

    Sf Palm Pilot security; passwords not adequate (R 21 22,26,27)

    Se DirectTV remote updates enable remote disabling of old satellite TV receiver smart cards; newer hacks already emerging (R 21 22-24)

    Se ReplayTV auto-updated itself, disabling a valuable feature (R 21 32)

    S Dutch police send text bombs to stolen cellphones (R 21 32,34)

    SP Risks of outsourcing in banking (R 21 24)

    $ Technology exodus: 10% of U.S. computer service/software jobs moving overseas by 2004 (R 22 83)

    Sf Czechs discover flaw in OpenPGP to reveal private keys in digital signatures (R 21 28-29)

    SHAO Penetrator gets OS/COMET source code used in NAVSTAR GPS guidance (R 21 26), but code not classified as first reported (R 21 27)

    SHAO Former U.Wisconsin student Jerome Heckenkamp indicted in Jan 2001 for 1999 network vandalism at eBay, Exodus, Juniper, eTrade, Lycos, and Cygnus, and more than $900,000 in damage (R 21 22)

    SHAO NASA Web site hacked, replaced with conspiracy-theory moon-landing hoax hoax (R 21 27)

    SH Copper thieves knock out SETI@Home fiber-optic cable and Web site for 24 hours cut (R 21 26-27)

    $hm Chinese cybersurfers caught by fishermen's anchor nets, snagging cables (R 21 30)

    + Bank robber nabbed by escape-taxi's GPS (R 21 22)

    SH Teenager convicted of defacing Web sites sentenced to programming jail computers (R 21 29)

    SH Computer cords used in escape from police custody (R 21 33)

    Sf Nokia 8260 cell phone trivially easy to unlock (R 21 29)

    $SPi Seattle police using Palm VIIs to give traffic tickets (R 21 35)

    SP IBM and Carrier will offer Web-controllable air conditioners (R 21 35)

    Sf Risks in e-gaps: they are not air gaps between networks (R 21 26-27,29)

    S- DoE warning about "Naked Wife" virus blocked by politically correct mailer (R 21 29)

    H FBI director's home security system false alarms due to his young sons (R 21 28)

    SH California power grid hacked over 17-day period (S 26 6:12, R 21 46)

    S ebates.com installs Java program on user's computer (R 21 49)

    S$? Blaming the victim: vandalized sites could be liable for damages (R 21 64)

    SH Danish police break "Safeguard" encryption program in tax case? (R 21 58); no, they hacked the system and guessed some passwords (R 21 59)

    $SAOf Serious flaw in Wireless Encryption Protocol (WEP) link-layer security used in IEEE 802.11 wireless LANs; attack described by Fluhrer, Mantin, and Shamir (R 21 55); attack implementation described by Stubblefield, Ioannidis, and Rubin (R 21 57); AirSnort, WEPCrack, and other 802.11b-defeating sniffers (R 21 62); Bill Arbaugh and Arunesh Mishra present "session hijacking" and "man-in-the-middle" scenarios for cracking Wi-Fi security (S 27 3:11-12, R 21 92)

    SH First conviction in UK for Wi-Fi hijack (R 24 38)

    Sf The New York Times article on 19 Aug 2001 on Avi Rubin discovering that Morristown NJ hospital wireless network is unprotected (R 21 62)

    S War-chalking wireless networks for Internet access (S 27 6:13-14, R 22 18,23)

    SHA Insecure wireless access points mushrooming (R 22 65; S 28 4:8)

    SHA Wireless hacking on the increase (R 23 32; S 29 5:16)

    SAOh ISP employee Brian West who notified Oklahoma's Poteau Daily News that their Web site security had no authentication was threatened with felony conviction; discussion of law that specifies "exceeding authority" when there is no authentication (R 21 62); however, in court West plead guilty to copying proprietary PERL scripts and obtaining passwords (R 21 67)

    Sf Flaw in SSL encryption on Experimental Aircraft Association Web site (R 21 53,54,56)

    Sf Kaiser Permanente self-service Web site SSL vitiated by return e-mail! (R 21 62)

    *SH Firefighter's phone lines disrupted because of a report of free SMS calls (but originally thought to be a hoax) (R 21 55,59)

    Sfe U.S. Air Force authors blast Outlook security patch (R 21 39)

    Sfi Renewal of BT Trustwise digital certificate impeded by secure passphrase with non-alphameric characters (R 21 54)

    Sf Security risks in Passport Single Sign-on: Kormann and Rubin (R 21 58)

    SHf Stealing MS Passport's Wallet, credit-card numbers, etc. with browser and Passport flaws (S 27 1:12, R 21 74)

    SHAO($?) Microsoft admits Passport was vulnerable (R 22 72; S 28 4:8)

    $ Microsoft and Federal Trade Commission settle complaint that MS had violated its own privacy policy (R 23 19)

    SHf SirCam virus spreads widely, including inside FBI (R 21 55); U.S. Air Force officer mailing confidential information to 4400 cadets (R 21 62); sounds like just another SirCam example (R 21 63); more like MS Outlook and wrong distribution list (R 21 65)

    SHf Code Red worm (R 21 54); cyanide for Code Red: passive worm infecting the attacker (R 21 57); Warhol Worm variant discussed (R 21 59) several systems hosting the MSN Hotmail service infected by Code Red worm variants (R 21 58,62); avoid programming languages that don't check buffer lengths (R 21 62,64); yet another MS Hotmail risk (R 21 62)

    Sf Hotmail hackable with one line of code (R 21 63)

    Sf Norton Anti-Virus 2001 interprets backup script as a virus (R 21 57)

    SHP Software is called capable of copying any human voice (R 21 55)

    SHA Forged county-clerk stamp and chief-judge signature used in attempt to gain release of triple murderer (R 21 44)

    SHAf European Commission "safer Internet" site invaded by hackers (R 21 48)

    SHO Intruder crashes United Arab Emirates' only ISP (R 21 50)

    SHA Determining the age of Internet users, especially minors, the age of virtual porn characters, and differences between real and virtual (R 21 45,47,49)

    SHA 16-year-old boy concocted radio calls, adapted police alias, misled police and helicopter pilots, for over a month - despite "security codes" (R 21 39,41)

    H+/-? U. Virginia prof uses computer text comparison to identify cheaters (R 21 39)

    S? Publisher of $3,000 industrial reports uses ROT13 for protection! (R 21 58); of course, utterly trivial to break (R 21 39); when U.S. Army outlawed encryption software on SIMTEL20, ROT13 was removed! (R 21 59)

    $ Appeals court overturns ruling blocking publication of "The Wind Done Gone", an obvious parody of "Gone With the Wind" written from the point of view of black slaves; parodies tend to be exempt from copyright violations! (Good news for RISKS contributors of April Fools' spoofs!) (R 21 42)

    SH Abuse of electronic copyrights: humorous piece on Mars Pathfinder landing was reported from the Martian point of view; later adapted by someone else for Spirit, without attribution (R 23 18)

    h Apple Titanium Powerbook xray-nondeterminism 'bomb' scare shuts Burbank airport (R 21 41)

    Sf Denial of service possibility in FAA airport traffic Web site e-mail notification software (R 21 42)

    SHAO Gas-shutoff requests require minimal authentication and no verification (R 21 54)

    S? Weatherbug software security questioned in evaluation (R 21 42,44)

    Sf McDonald's testing cashless payments using speed-pass to make fast food faster; lots of risks discussed (R 21 43,46,49,58)

    Shi Sloppy use observed in PCs used as cash registers (R 21 49)

    Sf Flaws in swimming-pool changing cubicle motion-detector security (R 21 44)

    Sh? Implications of a Gullibility Virus: delete all your files, on the honor-system (too late for April Fool prank R 21 45)

    S DoD declares unclassified hard drives no longer need be destroyed (R 21 47)

    Sf EarthBrowser developer reports e-mail scam with Russian URL mimicking legitimate business Web pages, capturing credit-card info, etc. (R 21 47)

    SH New technology for sneaky advertising: fastclick.com masks source (R 21 47,48)

    SMf Car-door lock remote control activates another car's alarm (R 21 56)

    Sfh Many Federal computers fail hacker test (S 27 1:11, R 21 76)

    SHAIf Security hole in cash machines (S 27 1:12, R 21 74)

    SP Virgin Mobile security/privacy risk on archived mobile-phone usage records (S 27 1:12, R 21 74)

    S Risk of monocultures and exponential false anti-virus positives (S 27 1:13, R 21 73)

    *f British BSE crisis; misplaced trust in third-party analysis: wrong samples (S 27 1:13, R 21 71)

    $ Sony uses DMCA against Aibo Enthusiast's site (S 27 1:13, R 21 73)

    $SH Feds make record counterfeit software seizure (S 27 1:14, R 21 75)

    Sf GForce Pakistan crackers deface U.S. Defense Test and Evaluation dtepi.mil, after which rival Pakistani vigilanties retaliated (R 21 71)

    SH Jilted Michigan boyfriend convicted of hacking into ex-girlfriend's Internet bank account (R 21 73)

    SH Oklahoma man who reported access vulnerability to the Poteau Oklahoma News (R 21 62) guilty of copying proprietary files and stealing passwords (R 21 67)

    Sf Yahoo! news stories can be altered without authorization (R 21 67-68)

    Sf Hotmail Web site hackable by javascript exploits (R 21 67)

    Shfi Norton Personal Firewall security problems (R 21 65)

    Shf Consumer Reports password policy risks (R 21 65)

    SHh Hackers could face life imprisonment under "USA PATRIOT" anti-terrorism act (R 21 67); U.S. House approves life sentences for crackers (S 27 6:14, R 22 16)

    Sf Nasty Redesi virus (Dark Machine, Ucon) (R 21 71)

    *Sf Nimda worm patching problems in IIS (R 21 67); public hospitals in Gothenburg Sweden crippled by nimda (R 21 67)

    S Swedish national radio bans SETI software from office computers, fearing Trojan horses (R 21 74,77)

    Sf New class of wireless attacks against the Address Resolution Protocol gains unauthorized access to WEP-protected systems (R 21 69)

    $SH Playboy says hacker stole customer credit-card and other info (R 21 78)

    SAOf Insecure on-line promotion from American Express (R 21 73)

    S Black Hat Conference demo of how to disable a mobile phone by SMS (R 21 80)

    SP Ziff-Davis Media exposes credit-card info for 12,500 subscribers (R 21 77)

    SP Google freely giving out your phone number and home address (R 21 75,77)

    SHP($?) Financial records stolen from New Zealand Funds Management in Auckland (R 21 80)

    SH 800 "directory assistance" slamming redirects calls to third-party wholesaler unbeknownst to correct recipient (R 21 76-78)

    SP Ernst & Young reportedly terminated kids' learning game site moneyopolis.org, which became porn site (R 21 73); story is either bogus or else E&Y has reacquired the domain (R 21 74); related cases, one involving acquisition of 2000 expired domains (R 21 75)

    SPf Continuing SirCam activity leaks UCLA radiation safety document with dummy fields for names, SSNs, DoBs of personnel, but illustrative of the risks (R 21 69)

    SP U.S. court shuts down deceptive Web sites with spelling variants, etc. (R 21 67)

    SP Australians voice anger over online spying (R 21 67)

    Si Risks of deceptive characters in URLs: Gabrilovich/Gontmakher, (S 27 2:13, R 21 89, Inside Risks column http://www.csl.sri.com/neumann/insiderisks.html#140)

    SH Risks of bouncing e-mail forgery (S 27 2:13, R 21 89)

    SHf AOL Instant Messenger Buddy-Hole fix has backdoor (S 27 2:13-14, R 21 87)

    $SH Credit-card cloners' $1B scam (S 27 2:14, R 21 86)

    $Sf Risks of mag-stripes on retail gift cards (S 27 2:14, R 21 86)

    SH Latest Windows versions vulnerable to unusually serious attacks involving plug-and-play (R 27 2:15, R 21 83)

    Sfi HTTPS secure in, insecure out (S 27 2:15-16, R 21 83)

    S Lotus Notes silently losing data (S 27 2:16-17, R 21 88)

    Sf Facial recognition technology doesn't work (S 27 2:17, R 21 87)

    SPi Answering machine provides door entry code (S 27 2:18, R 21 88)

    Sf Risks of Georgia Tech anti-cheating software (S 27 2:18, R 21 88)

    Sfi SAS Institute software to detect e-mail untruths (S 27 2:18-19, R 21 88-89)

    SH Swedish police reportedly doctor video evidence, admit it (R 21 81-82)

    Sf Lawrence Livermore National Laboratory bans all wireless networks. Proponents say technology is secure. Experts say 90% of all Wi-Fi nets improperly installed, not secure (R 21 89)

    Sf Wireless carriers offer products that tunnel insecurely through firewalls (R 21 89)

    Sf Fingerprint scanner interfaces with built-in wireless LAN network card, defeating intended security (R 21 83)

    SHI$ Former Cisco accountants sentenced to 34 months and restitution of $8M for unauthorized computer access, fraud (R 21 82)

    *SHh Risks of remotely triggerable exploding chips in cell phone to foil thieves (R 21 87)

    SAOf Security hole at WorldCom left internal computer networks accessible at AOL Time-Warner, BoA, CitiCorp, NewsCorp, JPMorgan, McDonald's, Sun Microsystems (R 21 81)

    Sf Windows update server glitch blocks downloading of security patches (R 21 87)

    Sf Risks of Internet Reconfigurable Logic: FPGAs upgradable from anywhere based on IP address (R 21 87)

    Sf SMS phone crash disabling messages a risk in older Nokias (R 21 82)

    ShV Swisscom sends SMS test messages that delete roaming information on SIM cards (R 21 89)

    hi Risks of using SIM Cards with GPRS (R 23 91)

    Sm Anthrax postal mail irradiation can affect electronic devices (R 21 88)

    Sf A VeriSign Secure customer site isn't using https/SSL properly, resulting in failure of end-to-end security (R 21 84)

    Sf VeriSign's NetSOL vs. PGP: Risks of a crypto company owning a registrar? (R 21 82); similar problem discussed (R 21 86,88)

    f Bogus dates for McAfee virus alerts: sloppy programming (R 21 85,88)

    S$ "Don't Touch That Dial-Or You're Under Arrest!" Some entertainment industry folks insist that if you skip TV commercials, you are a thief. See a www.factsquad.org/radio piece by Lauren Weinstein (R 22 05), and article in the San Jose Mercury by Dan Gillmor (R 22 05)

    S(-?) Lifetime jail sentences proposed for reckless hacking (R 21 94)

    SM Lightning storm caused power outage and failure of jail's cell locks, defaulting to open (R 22 02-03)

    SA Iceland places trust in face-scanning for airport screening (R 21 89)

    Sf Face recognition kit fails in Fla airport experimental use: success rate less than 50%, false-positive extrapolations about 50 per day per checkpoint (R 22 10); Tampa police disband face recognition (R 22 87)

    Sf Unsecure wireless used for remote-controlled New Zealand water supplies (R 22 04)

    SH CIA warns of Chinese plans for cyber-attacks on U.S. (R 22 05); preparedness (R 22 06)

    Sf Security risks of programs that automatically update: http://schram.net/articles/updaterisk.html (Scott Schram, R 21 92)

    SHAO Fingerprint authentication: study shows all of the tested machines could be spoofed, 80% or more of the time (R 22 08-09)

    SHIe Remote mobile phone configuration changes made via Swisscom SMS service (R 21 89)

    fi ezmlm used for moderated e-mail lists responds erroneously, interfering with certain virus scanners and vacation programs (S 27 3:13-14, R 22 06)

    Sf Windows XP disables own firewall (R 21 98)

    Si Windows XP speech recognition feature: random words inserted in text, picking up ambient sounds (even if the mike is supposedly off) (R 21 95)

    hi Deleting rows in Excel scrambles the rows (R 21 88,90); another Excel "feature" changes your input: A grades changed to A- after A- entered previously, with prompted completion (R 21 94-95) and Word miscorrecting [College of the] Cariboo to Caribou and replacing asterisks (R 21 95)

    Sf BlackICE Defender and BlackICE Agent buffer overflows (R 21 91)

    Sf Security flaw in Sony Vaio computers (R 21 91)

    SHf Sony's "Copy-proof" CDs cracked with $0.99 marker pen; will marker pens be outlawed? (R 22 08)

    Si Apple: break your new PC with a nonstandard copy-protected CD, it's not Apple's fault (R 22 07-10)

    SPf Privacy risk in Netscape 6: Google use tracked by Netscape (R 21 93)

    SPf IE 6 Privacy features open users to attack (R 22 05)

    SPf$ VeriSign doesn't encrypt credit-card info (R 22 07)

    Sf Domain hijacking easy for AUDA/AUNIC Internet registration services (R 21 94)

    Sf US Navy suffers domain hijacking: NavyDallas.com taken over by porn site, NavyBoston.com by eBay auction site (R 22 10,13,15); Louisiana Attorney General site reused (R 22 15)

    SVhi Citibank Visa woes resulting from system outage (R 22 04)

    Sfi 714 newsletter items on Windows 2000 bugs, clarifications, etc., since release of Service Pack 2 (R 22 01)

    SHi Risks of spoofing, bouncing e-mail in Strasbourg, supposedly from the mayor (R 21 89)

    Shf Secret American Telstar 11 live spy photos broadcast unencrypted over satellite TV and Internet for over 6 months! (R 22 13)

    ShAi Sun's misguided instructions on installing StarOffice 5.2 (R 22 11)

    Si Apple computers trigger anti-shoplifting alarms? (R 22 11,13)

    Sh Norwegian history database password lost, then retrieved in contest (R 22 13)

    Sf FreeBSD Scalper worm (R 22 15)

    Sf New virus Perrun can infect picture files (R 22 13)

    $S Royalty fees may be the death of Internet radio (NewsScan, R 22 17)

    $SP Windows Media Player security update EULA gives MS permission to keep you from using "other software" on your computer (R 22 14-16)

    Sf Security flaw in Excel XP spreadsheets enables arbitrary code execution (R 22 12)

    Sf IIS e-mail flaw transforms server into open relay (R 22 16)

    Sf Security problem: Apple OSX and iDisk and Mail.app (Bugtraq, R 22 18,20)

    Sf SSH Protocol weakness advisory (R 22 17)

    Sf More on 802.11 wireless networks and security (R 22 17)

    S+ Hackers/crackers seem to provide the most useful information! (R 22 17)

    S Calculators OK in exams, not handheld computers (R 22 13)

    SHV Hacker attack targets 9 of the 13 Internet root servers (R 22 32)

    Sf San Jose access point for Southern Cross Cable Network co-located with MAE West, representing something like 70% of the Internet traffic from the Western U.S., 40% of the world Internet traffic. Worldcom (albeit owning only 10% of SCCN) is still a corporate weak-link for the Internet. (R 22 20-21)

    $Sf ATM operational flaw relating to transaction noncompletion (R 22 44)

    SHAI$ Former Drug Enforcement Agency employee sentenced to 27 months for selling protected data (R 22 44)

    SHAI Former UBS PaineWebber programmer faces U.S. fraud charge in virus attack (R 22 44,46)

    SH L.A. woman gets 9-year prison term and $11 million restitution penalty in counterfeit software ring (R 22 41)

    S Deceptive password complexity in building key codes (R 22 31-32)

    h VeriSign error mistakenly transfers immigrationdesk.com to site in India, with sensitive e-mail vanishing (R 22 21)

    $SA Australian automated toll collection charges auto owners for bikes with the same license plate ID but different color, irrespective of ownership (R 22 39)

    $f Web browser incompatibilities cost business (R 22 45)

    Sf Risks of automated law-enforcement responses, equivalent to vigilante actions (R 22 47);

    SHf GTech finds winning lottery tickets can be identified before purchase, unscratched, from bar codes (R 22 36)

    SP Credit agencies provide information on your relations under UK Data Protection Act (R 22 46)

    Sd Understanding the Windows 2000 Common Criteria EAL4 evaluation, Jonathan S. Shapiro (R 22 41) and Rick Smith (R 22 42); must-reading for serious developers

    Sh MS court ruling leaked early through security blunder - posted on open server (R 22 34)

    Sf Software leaves encryption keys and passwords lying around in memory; optimizer removes memset() (R 22 35)

    SPf Internet home banking unsafe (R 22 37)

    Sfe Patch slip-up raises security questions: Robert Lemos article (R 22 40-41)

    S Retrospective ACSAC Karger/Schell paper on Multics Security Evaluation (R 22 25-26)

    S Throttling Viruses: Restricting propagation to defeat malicious mobile code, by Matthew Williamson, HP Labs at ACSAC 2002 (R 22 42-43)

    $SHA Crackers steal University of Oslo password file with 52,000 users (R 22 39); MS SQL security patches not installed (R 22 44)

    SHP Sensitive backup tapes stolen from Japanese national system of citizens' private information (R 22 45)

    SHP FBI bugging Hartford Public Library? (R 22 35) or not? (R 22 38); Libraries Say Yes, officials do quiz them about users (R 23 91)

    SHP How mobile phones let spies see our every move; U.K. Celdar project (R 22 31)

    $SHA NSF Fastlane proposal submission system: privacy problem for co-investigators (R 22 39) and PIN exposure problem (R 22 41)

    $ShA Internet eBay auction scam (R 22 41); also, eBay sends plaintext password changes (R 22 40-41)

    SHAO$ Canal Plus accuses NDS Group of breaking its smart-card secret key, giving it to counterfeiters; Cadence Design suit against Avant Corp for stealing programs results in verdicts against seven with ties to Avant; in 1999, Internet bookseller Alibris paid $250,000 to resolve federal charges that it had unlawfully intercepted thousands of e-mail messages to its customers from Amazon.com. (R 22 22)

    $SHAI Turin credit-card duplicating machine (R 22 19)

    Sf Are you bothered by telemarketing? It's a $270 billion industry (R 22 35)

    Sf Spoofability of Calling-Number-ID (R 22 46-48)

    f More e-mail content filtering: the word "fugue" causes censorship for music group (R 22 20); "klezmer" blocked by "klez" scan (R 22 20)

    SPf A little bit of anti-porn filtering can go a long way; more may not be appropriate (R 22 42)

    - Ironic filtering example from rec.humor: "Congress shall make no law abridging the freedom of sxxxch, or the right of the people peaceably to xxxemble, and to pexxxion the government for a redress of grievances." (R 22 42)

    S? Greek Law Number 3037 bans electronic games (R 22 23); later found unconstitutional? (R 22 24); Greek consulate clarifies that ban extends only to games that can be used for gambling purposes (R 22 26)

    SHVif Risks of Georgetown Law Center exam software supposedly limiting laptop functionality (R 22 34)

    S,P,f,etc. Prediction: e-mail will become double-trouble in 3 years (R 22 29)

    SPHh$* etc. Concerns over Total Information Awareness (TIA) widely discussed in the media during November-December 2002. See various RISKS items (R 22 44-47); Total Information Awareness renamed to Terrorist Information Awareness; privacy advocates doubt Pentagon promises on spying (R 22 74, S 28 6:13)

    SPH Don Norman essay on the risks of risks, including social engineering, citing Mitnick and Simon, The Art of Deception: Controlling the Human Element of Security, Wiley, 2002; book also reviewed by Rob Slade (R 22 43); follow-up from Norman (R 22 44) and Fred Cohen (R 22 45)

    SP "Scopeware" as universal structure 3D stream of e-document. David Gelernter quote: "Operating systems are lapsing into senile irrelevance." (Risks not noted.) (R 22 36)

    SP Castro Valley nurses refuse to wear locator devices (R 22 24)

    SPHh$* etc. Automation increases anxiety - with cause; abuse, blacklists, blackmail, privacy; in Japan, a proposed family-registry database, a national ID, and various misuses (R 22 21); Japanese phones vulnerable to hackers (R 22 22)

    P U.S. transport worker ID, privacy rights, funding at issue (R 22 22)

    SP(+/-) U.S. Senate closes its proxy server's accidental anonymizer capability (R 22 43)

    $?SP? U.S. Navy searches for at least 595 missing computers, then only 187 after further checking; two top-secret laptops disappeared (R 22 32)

    SP 1,100 Laptops Missing From Commerce Department 2001-2005 (R 24 44)

    SPfh French Kitetoa group discovered U.S. Navy Web sites leaking information via Lotus Domino, e.g., trouble tickets since 1989 (R 22 37)

    Sf? Opportunities for Trojan horses in StealthChannel music? (R 22 28)

    SHP RIAA orders U.S. Navy to purge computers of illegally downloaded MP3s (R 22 40)

    SPh Defense Information System Agency leaves shopping list and requisition info online (R 22 28)

    SPh Website personal-data security flaw costs Ziff-Davis Media $500 per subscriber (R 22 22)

    SPf Wireless keyboard radiates 150 meters away (R 22 38)

    SP Quote from a book review: Writing a book on wireless security is like writing a book on safe skydiving - if you want the safety and security, just don't do it. (R 22 23)

    P Car goes airborne for 110 feet; airbag spills the beans: driver going at 124 mph in 40-mph zone (R 22 21); such information suspect? (R 22 22)

    P Pacific Bell (now SBC) will share info, with almost invisible opt-out notice; SBC Yahoo will request personal info to "customize" your account (R 22 43)

    SHAO/SP$ UK Government under digital attack: security breaches revealed (R 22 41); UK police offer anonymity to cybercrime victims (R 22 42)

    +/-? Quantum cryptography for secure global communications over increasing distances; interceptions self-evident (R 22 28) But what about denials of service?

    SH Weak encryption or poor design leads to killing of wolves fitted with transponders; hunters might say "tri-angu-later, alligator?" (R 22 29-31)

    +/- Court welcomes e-mailed excuses/explanations for traffic tickets (R 22 28)

    *SA Automakers block crash data-recorder standards (R 22 47)

    Sfm Dishplayer and digital phone don't play well together (R 22 30)

    VHh Microsoft rashly gets entire site shut down for alleged copyright infringement, based on reader feedback (R 22 62, S 28 3:8)

    SHVf Windows root kits a stealthy threat (R 22 62, S 28 3:8)

    eSV MS says Upgrade! HP says Don't Upgrade! (R 22 54, S 28 3:6) HP advises customers to "check back frequently", but the notice has been up for 4 months.]

    $SHA Attempt to buy BMW over the Net results in $55,000 scam (R 22 58)

    Sf+ Sendmail flaw tests new Dept. of Homeland Security (R 22 62)

    SH Feds pull suspicious AONN.gov cyberwarfare site (R 22 54)

    SH$ Feds charge 17 with stealing satellite TV signals, 6 of them for violating DMCA (R 22 55)

    SPH Indiana University Center's computers breached by hacker; identities of 7,000 patients potentially compromised (R 22 61)

    SPAOfi Risks of using Tax IDs for other things: Internet banking exposes Princeton University's accounts (R 22 61)

    $SHI Australian security firm forced to close after insider sabotage (R 22 62)

    $SHI Danish credit-card fraud: mailman intercepts postal mail (R 22 61)

    $SH Credit company's 15,000-customer list leaked to an underground gang, which demanded 200 million YEN in blackmail (R 22 61)

    $SH 16M Yen stolen from sniffed bank passwords at Japanese Internet Cafe (R 22 61)

    $SH Israeli Post Office/bank break-in results from Trojan horse sniffer capturing passwords (R 23 13)

    $S Lexmark DMCA lawsuit temporary restraining order against rejuvenated toner cartridges (R 22 50); Lexmark wins injunction (R 22 60)

    $S DMCA case: garage-door opener company Chamberlain Group levels claim against Skylink, maker of universal remotes (R 22 50)

    Sf Citibank seeks gag order on disclosure of ATM vulnerabilities (Ross Anderson, R 22 58)

    Sf FirstUSA/BankOne sends login ID and PW as clear text (R 22 62)

    $SH UK cash machine error goes unchecked, gives unlimited money; error reported, but left unfixed, then exploited (R 22 50)

    SH Computer sabotage against Venezuela oil? (R 22 49)

    SHAO Boston College student reprograms his ID card, getting other students billed for his books, meals etc. (R 22 55)

    SH Up for drunk driving, man hacks court computer (R 22 51)

    SH Welsh computer virus writer gets two years in prison (R 22 52)

    SH 12 University of Maryland students accused of high-tech cheating (R 22 53)

    Sfhi DoD inadvertently offers admin privileges on .mil Web sites (R 22 51)

    SI Matt Blaze's discussion on long-hidden lore of master keys for mechanical locks (R 22 51) with subsequent comments - including he's a hero (R 22 52)

    Sf A. Guadamuz: Trouble with Prime Numbers: DeCSS, DVD, and the Protection of Proprietary Encryption Tools (R 22 51,52,54)

    Sf TurboTax 'activation' restricts subsequent use (R 22 51); online registration works on Windows only if security parameters reduced to lowest (unsecure) setting (R 22 55)

    i Greek government internal revenue website supports only Windows (R 24 07)

    fhi U.S. federal government grant system excludes Mac users (R 24 16, S 31 3:22)

    *+/-? Bugsplat: military collateral damage simulator (R 22 59)

    SH- Lawyers say convicted hackers are getting comparably harsher sentences (R 22 58)

    $SHP Crooks harvest customer details and perpetrate fraud from Birmingham England Internet bank kiosk (R 22 52)

    S(f?h?H?) Smut interrupts 'Army Newswatch' program on Webster NY cable channel (R 22 49)

    SHAO Text message can disable Siemens mobile phones (R 22 65; S 28 4:9)

    SH-SH Automated denial-of-service attack using the U.S. Post Office (R 22 69; S 28 4:10)

    S? 2003 Stupid Security Awards include some doozers! (R 22 68)

    $Si Risks of bank deposit-only ATM displaying MS NTDetect 4.00 prompt and boot with live keys with interface wider than intended (R 22 69-70)

    Shi Draft legislation on using crypto in commission of a crime: extra five years in prison (R 22 67); but, if encryption is treated like arms, does that violate the Second Amendment? (old argument, repeated in R 22 67)

    SHAO Cracking of small Nevada hospital system hack traced to Russia (R 22 69)

    SHO Bogus Internet domain-name renewal offers spoof NSI (R 22 71)

    SH NASCAR fan faces prison time for flooding Fox with angry e-mails (R 22 70)

    SH Website hoax on killer SARS virus triggers Hong Kong panic (R 22 67)

    Sh CNN reveals pre-prepared obits for living people (R 22 70)

    Sf Software patching gets automated (William Jackson) (R 22 84-85, S 28 6:11-12)

    $SH Ukrainian crime `kingpin' cracker arrested in Thailand; counterfeited MS, Adobe software; fraudulent schemes worth $1 billion (R 22 74)

    $SH Man fined $180 million for piracy conspiracy stealing satellite TV signals (R 22 79)

    $SH Ex-student fined more than $500,000 for stock fraud on Net (R 22 74)

    SHf The Great Capacitor Scare of 2003; Chinese corporate stole incomplete electrolyte formula, resulting in his new employer's capacitors failing after 250 hours instead of 4000 (R 22 73)

    $SH BestBuy.com e-mail swindle uses bogus fraud alert about a swindle (R 22 78)

    $SH ATM electronic spying and camera scam nets $623,000 Australian (R 22 85)

    SHAO Free Software Foundation GNU/Linux source site hacked (R 22 86)

    SAOf California state Web site accepts completely unverified updates of statement by domestic stock corporation; also tends to crash browsers (R 22 88)

    SAf Denver school student information system on the Internet; protection questioned (R 22 85)

    SAf Biloxi schools have cameras in classrooms, pictures on Internet (R 22 85)

    SHA Safe-cracking via telephone (R 22 74)

    Shf Pilots hear baby's cries instead of air-traffic controllers' guidance; baby monitor set on wrong frequency (R 22 73)

    SHAO More on deceptive URLs (R 22 85,86)

    SHAOf Walk-by hacking: more unprotected wireless access in Midtown Manhattan (R 22 80)

    SH Acxiom's FTP Server compromised by (now former) client (R 22 84)

    S Incompatibilities and incomparabilities among 802.11a, b, g (R 22 89)

    SH SCO wants licensing fees from corporate Linux users (R 22 82); Denial-of-service attack cuts off SCO Web site (R 22 89)

    Sf Adobe Acrobat and PDF security flaws: no improvements for 2 years (R 22 80)

    Sf Hand-held computer devices easy to hack (R 22 83)

    SH Jolitid: Downloading data can turn your computer into a server (R 22 77)

    SH Network vandals hijack Internetted PCs to spread pornography (R 22 80)

    SHI Nova Scotia worker deletes her speeding ticket, gets fired (R 22 84)

    SH ISP Charter Communications' DHCP servers infiltrated (R 22 78)

    Sf Internet Bank Egg advises customers that ActiveX is a security product! (R 22 80)

    SV John C. Dvorak estimates 30 billion Windows crashes each year (R 22 84)

    Shf U.Michigan center advises ignoring ssh key change warning (R 22 80)

    SH SRI firewall reject rates show dramatic peaks (R 22 87)

    S Risks of TheftGuard remotely disabling PCs as an anti-theft measure (R 22 80)

    S- Reassembly of shredded Stasi documents outs informant (R 22 81)

    SH Man steals home-detection tracking transponder, which tracks him down (R 22 89)

    SHA Customer passwords stolen from Kinko's in Manhattan for two years (R 22 82)

    SHf Student hacks high-school computers, erases class files; the fix: change passwords every 60 days! (R 22 76)

    SA Lack of Abbey National telephone banking security (R 22 81)

    Sf Microsoft withdraws security update for XP; it would knock 600,000 users off the Internet (R 22 74)

    SA New method cracks Windows passwords in seconds (R 22 82)

    Sf Denial of service via algorithmic complexity attacks, Crosby and Wallach (R 22 76)

    S Chips that can self-destruct: add gadolinium nitrate (R 22 89)

    Sf Hardware to avoid buffer overflows? (R 22 74,75)

    hf Pentium 4 hyperthreading/shared cache vulnerability (R 23 88)

    Sh Owner of stolen 'sex.com' can sue VeriSign (R 22 82)

    i White House puts up obstacle course for e-mail; critics cite burden of additional steps (Markoff, R 22 82)

    SH Slammer worm hits system within Davis-Besse nuclear power plant (R 22 88,89)

    SH LoveSan/Blaster/MSBlaster wreaks havoc, targets W32, MS security site, includes RPC DCOM exploit to insert payload (R 22 85); risks of believing MS advisory (R 22 86) and MS patch management (R 22 86)

    SH$ Sobig virus affects CSX railroad, Amtrak freight and commuter service (R 22 87,89), Air Canada operations (R 22 88); sobig forges FROM: addresses from innocent victims who get rampant bounces (R 22 87,88); huge load increases (R 22 87) and side-effects (R 22 87); further analysis (R 22 88,89); organized crime link? (R 22 88)

    SH Covert virus channels? (R 22 90)

    Sf CCIA trade group tells DHS don't use MS (R 22 90)

    S-? Curtailing online education in the name of homeland security (R 22 90)

    SH$ etc. Some observations on e-mail phenomenology (Peter B. Ladkin, R 22 88)

    SH "Good" worm supposedly fixes infected computers (R 22 87,89)

    SH Palyh/Mankx Internet worm disguised as e-mail from Microsoft (R 22 73)

    S Risks of teaching virus writing (R 22 75-77)

    SHf DCMA strikes again; student sued for publishing SunnComm CD protection bypass - the shift key! (R 22 95; S 29 2:13)

    S(H?)f UK Teen rides Trojan Horse defense (R 22 97; S 29 2:13)

    Sf Feds admit error in hacker convicted for notifying customers of a security flaw! (R 22 97; S 29 2:13-14)

    $SH Microsoft puts a price on the heads of virus writers: $5M Anti-Virus Reward Program, $250,000 bounties [still won't fix the problems!] (R 23 01; S 29 2:14); Microsoft patches their patched patches (R 23 01; S 29 2:14)

    SHef Discussion of security patching: a story from the trenches (R 23 03,05)

    Sf Risks of self-adjusting firewalls in Longhorn: auto patches (R 23 28)

    *M Loss of Mitsubishi bus braking due to nearby illegally modified transceivers and electromagnetic interference (R 23 09; S 29 2:14)

    $SH Internet fraud tripled in 2002 (R 22 98); Cybercrime more than doubled in 2003 (R 23 10); Reliability of network vulnerability testing is decreasing (R 23 10)

    $SH Jury convicts Florida man (JungleMike) of selling DirectTV unscramblers in first jury-trial DMCA conviction (R 22 93)

    SHAI Acxiom database cloner busted (R 23 08)

    SHi New Windows CD antipiracy mechanism disabled by shift key (R 22 94)

    Sh$ Crypto screwup: Sensitive Israeli missile test inadvertently broadcast (R 23 01)

    Sf$ Linux backdoor exploit detected in kernel.kbits.net server (R 23 02)

    SH$ Credit cards used as IDs! (R 22 93)

    S VeriSign temporarily suspends Site Finder (R 22 92) $SHf Diebold ATMs hit by Nachi worm; MS operating systems being upgraded! (R 23 04,06,07,09)

    SHP Hotel minibar keys open Diebold voting machines (R 24 43)

    M Illinois School district sued over WLAN planning lacking EMF radiation considerations (R 22 94)

    Sm Risk of trusting computer-free security? Dog trainer sentenced to 6.5 years for defective bomb-sniffing dogs! (R 22 94)

    P- = S+ Telephone evidence connects armed robbers with robberies (R 22 94)

    *SH Tanker truck shutdown via satellite; risks considered (R 23 05)

    *SHfmi Israeli government suspends purchases of Microsoft software (R 23 11)

    *SHfmi, etc. Microsoft Windows in every automobile? (R 23 05)

    SHf Risks of USPS/Microsoft digital signatures for permanent records (R 22 97)

    Sf "Openness" in Government: DROS gun-purchase verification system security flaws include ActiveX (R 23 09)

    $SH Kalispel casino near Spokane victimized by barcode forgery (R 22 98)

    $SH The Future of Surveillance; gas station employees record ATM transactions; Kinko's keystroke loggers; analysis (Bruce Schneier, R 22 96)

    $SH Captured logins enabled dumping of losing Cisco stock options onto victims, distributing the losses; SEC filed civil charges (R 22 95); Drexel student charged with securities fraud, using Beast to monitor keystrokes to access TD Waterhouse brokerage account (R 22 96)

    SH Discover cancels 60,000 possibly compromised accounts (R 22 97)

    $SH Nigerian scam nets $400,000 from Florida man (R 23 04); older folks especially vulnerable to scams (R 23 06)

    SHi Bank scam with spaces in trick URL (R 23 03)

    SHf Debian project security breach and forensic analysis (R 23 05)

    Sf Deadlock in Dell licensing agreement; shrink-wrapped agreement could not be read without first agreeing! (R 22 96)

    Shi Detained kidnapper mistakenly freed after April Fool's e-mail (R 23 07)

    SH Driver arrested wardriving child porn piggybacked of nearby wireless net (R 23 04)

    SH Burger King wireless speaker spoofed: drive-through customer told he/she is too fat to order a Whopper! (R 23 12)

    SH New definition of "Fish 'N Chips": microchips implanted in fish break illegal poaching operation (R 23 03)

    Sf Coping with buffer overflows, and looking back on Multics, Burroughs/Unisys, VMS (R 23 20,22,24,27)

    f Buffer overrun in television sets; two extra videostream bits not in spec (R 24 06; S 30 6:18)

    $Sfm Firms look to limit liability for online security breaches (R 23 26)

    SH U.S. Senate security shenanigans: Republican clerk mines Democrat database (R 23 26)

    SH Google Bombs influence search order; "unelectable" turns up "Biography of President George W. Bush" (R 23 15; still the case at least two months later)

    f Amazon's Inside the Book text search service; lacking (R 22 98)

    i Amazon transforms queries on abortion to adoption (R 24 21)

    $SH More risks of word filtering: C. O'Kane (R 23 19); ci*lis in many words such as speci*list, multiraci*alism, soci*lism, commerci*lism, commerci*lise (R 23 20) [Asterisks replaced the letter "a" in RISKS to retard blocking of e-mail and Web versions.]

    $SH Scams: Finally! 52 Nigerian e-mail scammers caught (R 23 15); e-mail scam attacks on AT&T Worldnet (R 23 13); More spoofs of PayPal, eBay (R 23 13,15), Postbank (R 23 15); mortgage scams (R 23 20); UK: Vital e-crime evidence often destroyed (R 23 17)

    $SH Perfect copies of 4000 credit cards made in Turin restaurant (R 23 19)

    SHm Massive ATM fraud on NY Municipal Credit Union after security problems due to 11 Sept attacks; 4000 people took $15M in ATM overdrafts; one person withdrew $18,000 in 54 transactions (R 23 19)

    SH BBC reports ATM card-cloning scam in Wales (R 23 26)

    Sf Intentionally faulted IT design in support of the cold war (R 23 21,23)

    Sf Microsoft withdraws support of Java Virtual Machine (R 23 20,22,23)

    SH Raleigh NC school/business closing Web site wide open for misuse (R 23 23)

    Si Chris Meadows printed a file at Kinko's, wirelessly; but Kinko's did not have a wireless net! (R 23 16)

    *SH Risks of stolen heart monitor with dedicated pacemaker link (R 23 22) and unauthenticated remote reprogrammability (R 23 24)

    Sf Roadside camera speeding notice for Peugeot 406 supposedly going 406 mph (R 23 14)

    MSHAO Drunk mistakenly unlocks police car with own key, and other cases (R 23.16-18,20); More on garage-door openers (R 23 19,20,22)

    SM Air Force Motorola radios jam garage-door openers in FL Panhandle (R 23 39)

    $ Theft detection system misfires in cold weather (R 23 17)

    $(-?) Smartcards weren't so smart after all, says Target: limited use (R 23 26)

    Sf British review: Flaws threaten Voice over IP networks (R 23 21)

    $- "The history of IT is littered with companies that lost substantial leads in this fast-changing field. I see no reason why it couldn't happen to countries." (IT forecast from ACM President, Dave Patterson (R 23 87, S 30 4:32)

    $S(P) Risks of outsourcing and offshoring (R 23 14)

    $de Forrester analysis of white-collar offshoring (R 23 37); GAO analysis of DoD and offshored software: GAO-04-678, 25 May 2004 (R 23 38)

    $deP India's outsourcing business in trouble (R 23 42)

    S "Special Skills draft" for computer and foreign-language skills (R 23 28)

    SH$ Cable-modem hackers conquer the co-ax: Sigma program downloaded over 350 times daily (R 23 18)

    S+ P2P legal defense by separation of content and key? Song scrambled, key must be obtained separately (R 23 27)

    SHf Swedish social insurance computers disabled by virus, affecting all 9M Swedes (R 23 43)

    SP GPS-enabled Coca-Cola promotional cans seen as privacy threat (R 23 44)

    S+/-? Toyota music-playing robot and possible spinoffs (R 23 29, PGN April Foolishness); malicious code problem in MIDI instruments/robots (R 23 30)

    Sfi Australian News24's not-very-restrictive access restrictions: turning off JavaScript bypasses security (R 23 30-31)

    $SHI Time records altered to reduce payroll! (R 23 30)

    $SH April Foolproof: AT&T Alerts Consumers About the Latest Scams (R 23 29-30)

    $SH Scams: Bank spoofed (R 23 29); Latest Citibank scam and card compromise (R 23 30,32); Net hoaxes snare fools all year (R 23 30);

    $SH AOL unveils spam-victim sweepstakes (R 23 29)

    SH Who's in charge of the e-mail virus war, and are we losing? (R 23 30,32)

    SHH Attacking the attackers: maybe not a good idea (R 23 43-44)

    SHi Edison Utility employees rig customer-satisfaction survey (R 23 29)

    hi- Wrong number dialed leads to woman's arrest (R 23 29)

    Sf More on buffer overflows, iAPX432 (R 23 30-31) +/-? Network Solutions' 100-year domain registrations (R 23 29)

    SP Risks in Network Solutions' domain information masking (R 23 31)

    SHP AOL worker sold list of 92-million AOL customers to spammer (R 23 43)

    SPHI 4.6-million DSL subscribers' subjected to data leakage in Japan (R 23 30-31)

    SPfh French authority forbids "DIDTHEYREADIT?" service (R 23 44)

    $SP* RFID could cost 4 million jobs by 2007 (R 23 44)

    SP Risks in Google's New "Gmail" Service (R 23 31)

    SPH Outsourced data on stolen laptop includes SSNs and other data on 95,000 (R 23 38)

    SPH Shocking laptop horror stories: UCLA laptop stolen with 145,000 blood donors' data, after earlier laptop stolen with another 62,000 (R 23 43)

    SPH Israeli Police losses laptop with critical agents' information (R 23 44)

    Sf Queensland researchers find WiFi flaw (R 23 37)

    SH UK firms increasingly facing security attacks (R 23 34)

    Sf Shamir-Tromer, breaking RSA by acoustic means (R 23 37)

    SAO Risks of automatic software updates (R 23 33)

    Sf Autorun considered evil (R 23 41-44)

    SV Vivendi Automated Copyright Notice System disables Net access for supposed copyright offenders (R 23 34)

    Sfi Radar gun follies; Belgian ticketed for driving at Mach 3!!! (R 23 32,33,38); speed camera glitches in Australia (R 23 35,36,38); Automotive "black box" data used in Canadian trial (R 23 34)

    SHi Computer glitch gives out free gasoline if driver's license swiped instead of credit card, but drivers traceable (obviously!) (R 23 36)

    SHAO At least 20 University supercomputers attacked by vandals (R 23 33)

    SHAO Network vandal penetrates South Korean defense systems (R 23 43)

    SA Are passwords passé? Scandinavia opting for two-factor authentication (R 23 40)

    Sfe, etc. Users, learning from history, social engineering, planning (Gadi Evron); mentions nuclear silo password 00000000 (R 23 40)

    SH 'Pirate Act' raises civil rights concerns (R 23 39)

    SMi Radiation treatments for cancer set off airport detectors (R 23 33)

    Sf? Terror over Voice over Internet Protocol? (R 23 43)

    SHf Canadians warn of North American critical infrastructure cybersecurity risks (R 23 57); South Korea vulnerable to cyber attacks from North (R 23 57)

    SHf 3/4 of biggest Australian banks vulnerable to Web attacks (R 23 48)

    Sef Cahoot Internet banking upgrade security issue (R 23 59)

    SHf Virus disables Colorado DMV for nearly a week (R 23 56); Maryland MVA disabled earlier by Blaster (R 23 57)

    Sf Trojan horse for handhelds (albeit not self-propagating) (R 23 48)

    Sf JPEG/GDIplus security vulnerability (R 23 55)

    $SH 36% of the world's software is pirated, costing $29B in lost revenue (R 23 45,46,48)

    $SH Pirates see video games before paying customers do (R 23 59)

    $SH Music industry on the wrong course with the INDUCE Act (R 23 59)

    S Java programs at risk from decompilers (R 23 54); once again, risks of believing in security by obscurity (R 23 55): risks of Nuclear Regulatory Commission lab info on Web? (R 23 58)

    S Risks of using open forums for disaster recovery (R 23 52)

    Sf Risks of third-party Windows Buffer Overflow Protection Programs (R 23 49)

    Sf Buffer Overflow in "I'm Away" feature of AOL Instant Messenger (R 23 49)

    Sf More risks of using MS Internet Explorer (R 23 45)

    SH Nonexistent would-be fictitious URL used in comic strip springs to life with "questionable content"! (R 23 57)

    $SH San Carlos (California) software company sues Mumbai police for not investigating alleged code theft by Indian subsidiary (R 23 56)

    Sfhi British Customs and Excise electronic returns for VAT collection; certificates vs passwords; confusion (R 23 56)

    SH Sabotage-induced power outage in Wisconsin: bolts removed from 80-foot tower (R 23 56)

    *Shi U.K. passport guidelines: You may not smile! (R 23 49,50); Stupid airline security measures (R 23 54)

    not-M Airbus and AA/Qualcomm tests show cell phones don't disrupt navigation systems (R 23 54)

    $SHf Internet attacks jump significantly in 2004 (R 23 54; S 30 1:11-12)

    *SH Tsunami warnings and spam (R 23 65; S 30 2:23-24)

    *Shi Screener error not supposed glitch reponsible for scare that evacuated Midway airport (R 23 61; S 30 2:24)

    SHP f Flaw in Google's new desktop search program (R 23 63; S 30 2:24)

    SP EPIC's New Year's Privacy Resolutions (R 23 64; S 30 2:24)

    S- Why adding more security measures may make systems less secure (R 23 63; S 30 2:24-25)

    *$SH $1 million theft of telco equipment disrupts 911 service for 7 hours for 25,000 customers (R 23 60)

    SH Thieves steal a remote device that allows woman to sleep by switching off an implant in her brain (R 23 65)

    S Ars Team Prime Rib finds fourth-largest prime number ever: 28433 * 27830457 + 1 (R 23 65)

    Shi US has plans for shutting down GPS "during national crisis", with huge seemingly unforeseen consequences (R 23 62,63)

    $h T-Mobile cripples the Blackberry by disallowing outbound port 90 (R 23 64)

    SHf Remote cell phone eavesdropping (R 23 64,65)

    SHfi German bank teller machine escapes to command level, plays chess! (R 23 62)

    Sf More on new and unpatched Windows flaws (R 23 63)

    $SH Wal-Mart stung in $1.5 million scam with bogus bar-codes (R 23 66)

    S Cellery worm plays games with victims (R 23 67)

    SHAOf Raleigh NC: hacking of live television banner for store closures (R 23 62)

    SHP Attack on T-Mobile compromises personal data on 400 customers (R 23 66)

    SHAO Carjackers swipe biometric Mercedes, plus Malaysian owner's finger (R 23 83; S 30 3:31)

    Sfhi Mercedes car-door locking functionality: toggles two cars (R 24 03)

    SHf Mobile phone Cabir virus infiltrates U.S. (23 74; S 30 3:31)

    SH Cellery worm plays Tetris with victims, spreads (R 23 67; S 30 3:31-32)

    SH (or h)? Michigan highway message board says speed limit 100 mph (R 23 84-85; S 30 3:32)

    SH?hi? Some business schools won't admit applicants who sought website on acceptances (R 23 78; S 30 3:32)

    Sf An example of vulnerable OS creating havoc in new/unexpected locations: Bluetooth-enabled cellphone virus corrupts automobile software (R 23 70; S 30 3:32); more (R 23 72; S 30 3:32-33)

    SHAOf Risks of networked homes compromising consumer electronics (R 23 75; S 30 3:35)

    $SHAO Risks of unvetted changes of California corporation information (R 23 77; S 30 3:35)

    $SHAO Website hijackings, 302 redirects, and security issues ( R 23 78; S 30 3:35-36)

    SHf Secret Service Distributed Networking Attack (R 23 83; S 30 3:36)

    $SHhifm PITAC Cybersecurity report released: http://www.nitrd.gov/pubs/ (R 23 81)

    $SHhifm Discussion of James Fallows' article Risk Analysis and the War on Terrorism (R 23 68)

    S(f/m) Essex County NJ Jail locking failure in touchscreen access control system - again (R 23 81)

    SH$ Police foil £220M cyberattack on Sumitomo bank (R 23 81)

    SH$ VisaBuxx: Risky US Bank Visa product (R 23 81)

    Sf `Thief-proof' car key cracked (R 23 69,70)

    SHf RSA finds more flaws in RFID (R 23 81); RFID clonable (R 24 36, S 31 6:29); Dutch device RFID Guardian scans for chips, blocks reading of RFIDs, spoofs others (R 24 37, S 31 6:29); RFID car keys cause insurance denial (R 24 38, S 31 6:29); more on cloning RFID access control tokens (R 24 50, S 32 1)

    SH Marketscore proxy service: Man-in-the-middle attack on SSL? (R 23 79)

    SHf Users of AOL Instant Messenger and other services beware! (R 23 79)

    SHf Why IE is insecure: flawed logical thinking... (R 23 81-83)

    SHA Amazon's goofy account identification (R 23 70)

    $SH Risks of grocery-store robot scanner a royal pain (R 23 69,75)

    Sf High-risk vulnerabilities in Eudora for Windows (R 23 71)

    Sf UK gets official virus alert site; potential security problems (R 23 75-77)

    SHi International Domain Name (IDN) makes spoofing of URLs easier and hinders identity uniqueness (R 23 71)

    Shi Kafka-esque Québec Govt Online PAC ID system makes system use very difficult (R 23 95; S 30 6:21-22)

    Sf GAO survey on US e-government security risks: 79-page enumeration of oblivious agencies (R 23 91)

    SH$ Big problem: fraud using VoIP (R 23 94); Phil Zimmermann's approach (R 23 95)

    Sf When Crypto/Signature Plans Go Wrong: Sony PSP Exploit (R 23 90,92)

    Shi Use of encryption declared illegal in Minnesota? (R 23 90,92); NO! (R 23 93)

    S(f?) U.K. firm boasts totally "hacker- and thief-proof" biometric ID card system (R 23 92)

    SH$ UK Government statistics show Home Office leads in stolen computers (R 23 94)

    Sf New Microsoft anti-piracy program circumvented (R 23 95, 24 01)

    Sf Wool and Shaked discover method for cracking Bluetooth security (R 23 89)

    SHPM Risks of Bluetooth enticing stolen laptops (R 24 02,03)

    SH Wide-scale industrial espionage using Trojan horses in Israel (R 23 89)

    SH($) "World's biggest computer hacker" arrested in London; attacked Pentagon and NASA "secure" systems! (R 23 89)

    $SHO Asian hackers blamed for attacks on U.K., U.S. computer networks (R 23 91)

    SHAOf Breach tracking by Adam Shostack (R 23 92)

    SHf Rumplestiltskin worm (R 23 88,89,92)

    Sfhi Challenge/response e-mail filtering failure modes (R 23 89,90)

    $SHP Hacking a London hotel TV system (R 23 95; S 30 6:23)

    SPhi 10th "planet" discoverer shares a secret a bit earlier than planned: publicly searchable audit logs (R 24 02; S 30 6:23)

    SH 13 Pennsylvania high-school students face punishment for computer tampering (R 24 02)

    SPhi Google, Privacy, and Masochism (R 24 06)

    Vhmi NOAA's radio transmitters missing backup power, part of emergency network! (R 24 07)

    $SH How ATM fraud nearly brought down British banking: phantom withdrawals (R 24 08)

    Smhi Computer glitch lets some prisoners out early, some late (R 24 09)

    SP More on CNID, less positive (R 24 07-08); Paul Wexelblat's approach to phone privacy issues (R 24 09)

    SH Organized fraud shuts down online applications for tax credits on Her Majesty's Revenue and Customs website (R 24 11)

    SH Spanish 'hacker' held over breach of top-secret U.S. Navy site (R 24 15)

    *hi More on risks of using cell phones while driving (R 24 17)

    Sfm U.S. Customs border control computers failed for five hours: virus? "routine system failure"? (R 24 24)

    Sei Norwegian bank has many problems moving customers to new platform (R 24 25)

    SHfi$ IT Corruption in the UK? Mapeley and the Passport Service; use of biometrics (R 24 23,25)

    Federal law applied to secure file deletion as "damage without authorization" of International Airport Centers computer; interesting legal implications (R 24 20,21,23)

    SH+ Alteration (one-character deletion in digital contract in Word) involved reducing 15% share to 5% share in sold company: $96M instead of $32M; detected by forensic expert and reversed (R 24 24)

    Sf$ PDF alterations of bank "proof of payment" forms (R 24 26,27)

    SH Use of honeypot automobiles as bait for thieves (R 24 26,27)

    *Si Invisible electrical fences pose risks for dogs from coyotes (R 24 23)

    SHfi Fake E-Mail Topples Japan Opposition Party (R 24 23)

    Sfi Triple DES Upgrades May Introduce New ATM Vulnerabilities (R 24 26-29)

    Shi Verizon's Aggressive New Spam Filter Causing Problems, blocking much legitimate e-mail (R 24 26)

    SHfi eFax/J2 opens door to expensive Joe-jobbing, billing based on e-mail address! (R 24 23,24)

    Sf Article on DNS DDoS amplification attacks (Randy Vaughn and Gadi Evron, R 24 25)

    ? "Rootkit": erosion of terms? (R 24 23,24)

    SHMi RFID zapper (R 24 26,27,29)

    SM More discussion on Personal Electronic Devices on Commercial Aircraft (R 24 26)

    SHf Opticon: A cheap way to get to work faster, change traffic signals remotely (R 24 26)

    Shi Greek classified military documents exposed on the Internet through file sharing (R 24 24)

    SHf Another security/privacy breach at the University of Texas exposes 200,000 records (R 24 26)

    Shi Hong Kong: Identities of 20,000 former police complainants exposed on the Internet (R 24 25)

    - Copyright Gone Mad: Risks of frequent publication (Rob Slade, R 24 21)

    hi Canada Bell inadvertently blocks 1-866 numbers, in transitioning to 10-digit dialing (R 24 28)

    SP Colleges protest call to upgrade online systems for easier government access (R 24 08)

    SH Risks of Web 2.0, or, the MySpace worm (R 24 07)

    SH Another unusually slick phishing attempt (R 24 07)

    SP Color printer steganography encoding in yellow dots (R 24 08)

    SMV Ottawa: radio signal keeps gates and garage doors closed; same frequency as Land Mobile Radio System (R 24 09)

    Sfi Sony CD DRM blow-up continues; recalls ordered, lawsuits possible (R 24 09) see also
    http://www.schneier.com/blog/archives/
    2005/11/sonys_drm_rootk.html]

    SHP Fauxjacking: GPS tracking with Google Maps (R 24 09)

    SH Chinese People's Liberation Army developing cyberattack units (R 24 30)

    VSM Risks of electromagnetic interference between laptop and cellphone (R 24 33), and an unrelated case (R 24 34)

    $SH Data files erased at Aznar Government systems (R 24 31)

    Se Windows Patches break operations of IBM midrange consoles (R 24 33,34)

    SH · "Deceiving a computer" is now a crime in the UK (R 24 34,35; cf. R 7 69)

    Vhie PlusNet obliterates 700GB of customers' e-mail; human reconfiguration error (R 24 35)

    VSi Comcast blocks all mail from IEEE e-mail alias service (R 24 35)

    VSi MSN Messenger blocking URLs on server side (R 24 35)

    S IEEE e-mail alias service with Comcast, BrightMail (R 24 35,36)

    Shi Home security system snafu: multiply used home ID creates bogus alarms? (R 24 44)

    *SH Denver teen concocted spoofed police-band radio calls (R 24 43)

    Sfhi The SAFEE Project and anti-hijack software (R 24 39, S 31 6:25-26)

    SH Bloomington bank night depositors victims of old fashioned fishing: dowel and fish hook nets 11 deposits (R 24 51)

    $SH 2006: Three plead guilty in 1995 Russian identity fraud which netted around $100 million (R 24 48)

    SHe Digital cameras converted to weapons (R 24 52,54) SHf Malware vulnerability in Microsoft Word could allow remote code execution (R 24 49)

    ..... End of recent yet-to-be-merged security items ..... Security flaws:

    *SHAf Many known security flaws in computer operating systems and application programs. Discovery of new flaws running ahead of their elimination. Flaws include problems with passwords, superuser facilities, networking, reprogrammable workstations, inadequate or spoofable audit trails, ease of perpetrating viruses and Trojan horses, improper handling of line breaks, etc. Lots of internal fraud and external penetrations.

    rfhie$ U.S. House Panel Slams Federal IT Security; attacks quintuple from 2002 to 2003 (R 23 28)

    f Stanford sendmail buffer overflows saturated systems (S 15 1)

    Sf Security flaw (buffer overflow) in popular e-mail programs and the programming language implications (R 19 90-93)

    Sf More on buffer overflows: CERT Advisories (S 24 3:27, R 20 21) Note: Steve Bellovin remarks that 8 out the 13 CERT Security Advisories for 1999 involved buffer overflows!

    Sf Extensive discussion of buffer overflows, causes, methods of prevention, etc. (S 27 2:7-11; R 21 83-86 plus an excellent analysis and response to further comments, by Earl Boebert (S 27 3:13, R 21 87,89)

    Sf More on eliminating buffer overflows: OpenBSD (R 22 71,72,74,75)

    fi Student mistaking list for scalar causes truncated Web info, brings police (S 26 4:7, R 21 27)

    Sf Ross Anderson et al. responded to MobilCom challenge (R 18 45) to hack GSM for 100,000 DMarks, found flaw, but discovered the offer had been withdrawn. (R 19 48)

    Sf Argus' PitBull £35,000 hacking challenge cracked in 24 hours (R 21 36)

    Sf SDMI Secure Digital Music protocol challenge cracked; RIAA threatened to sue Princeton prof Ed Felten's team if the results were published; the paper presentation was withdrawn (R 21 37,39)

    f GSM phones recalled for software upgrade (R 19 27,30)

    @Sf Crypto-based security in 90 million GSM phones cracked by Silicon Valley "cypherpunks" (R 19 67) $SHf CERT Advisory, IP spoofing attacks, hijacked terminal connections; Robert T. Morris, Tsutomu Shimomura, John Markoff, Kevin Mitnick (S 20 2:13)

    S Security flaw in NCSA httpd phf (R 18 69,70); CERN httpd (R 18 71)

    S Sun's Hot Java executes its code on your Web browser (S 20 3:9)

    Sf Netscape had a rough time securitywise: 40-bit crypto breakable, random number generator crypt seed breakable, bounds-check flaw (S 20 5:13)

    SO More risks of allegedly random numbers: spoofability (R 18 89)

    S Andrew Twyman reduces cost of cracking Netscape's 40-bit crypto to $584 (from $10K) (S 21 4:18, SAC 14 3, R 17 65)

    S Risks of Trojan horses with HotJava and Word (R 17 39-41,43,45,46,52); see particularly Marianne Mueller in (R 17 45)

    Sf More browser/server security problems in Java/JavaScript/Netscape (S 21 4:18, SAC 14 3): Dean, Felten & Wallach, Princeton, in (R 17 77); others (R 17 65,66,77,79,80,83-91,93-95, R 18 01,02); Abplanalp and Goldstein (R 18 06); David Hopwood (R 18 08), including a summary of Java-related bugs, with a pointer to John LoVerso's JavaScript bug list (R 18 08); further problems were reported in Java and JavaScript (R 18 09), in Netscape 2.02 (R 18 13,14), and again in Java (Hopwood, R 18 18). Princeton team finds Java security bugs in Microsoft Internet Explorer 3.0beta3 and Netscape Navigator 3.0beta5 (R 18 32); More on Java security (Mueller, R 18 50); Flaws in and Microsoft's warning on Internet Explorer 3.0 (R 18 36,38); ActiveX security risks (R 18 69)

    Sf More Java woes: Princeton team finds new flaw in Java ClassLoader that disables security controls in Netscape Navigator 4.0x (S 23 5:27, R 19 86)

    Sf Security risks of Ajax and Javascript (R 24 33, S 31 5:20)

    - Appropriateness of Confutatis Maledictis in MSIE advertisment? (R 19 23)

    VSf Land Attack (land.c) denial of service on TCP implementations; Microsoft implications; also see BUGTRAQ (R 19 48,49)

    f Microsoft Office 97 e-mail gives sight to blind copies (R 19 08)

    Sf Ruminations on MS security (S 23 4:24)

    SH Enumeration of over 100 holes in Windows NT (R 19 65)

    f Incompatibility between Cisco 5000 routers and Windows XP beta shuts down Xerox corporate network, draws ban on XP betas (R 21 37)

    f Another privacy bug in Netscape Navigator 2.0 (S 22 4:31, R 18 74)

    SP More on risks in Netscape browsing histories (R 18 79)

    SOf Netscape flaw allows reading of entire hard drive (R 19 22,23)

    SAf Netscape Communicator 4.01 for Windows 95/NT risks include forgeable digital signatures (R 19 30)

    Sf Netscape Communicator 4.02 and 4.01a allow disclosure of passwords (R 19 34)

    $Sf Risks in Secure Electronic Transaction (SET) protocol (R 19 31-36,48)

    SHP Security hole in Shockwave Web browser exposes e-mail (R 18 91)

    Sf More on Java security (R 18 77,79,87); Another Java security flaw (R 19 11)

    f Discussion of local classes in Java, flaw and fix (R 19 41,42)

    Sf Good Java security vs good network security (R 18 61)

    S More on Java performance (R 19 77) and applet security (R 19 78-79,81); vendors unite against bad applets (R 19 84), but Li Gong reminds us of the pervasiveness of mobile-code risks: CD-ROM, zip drive, Lisp code, Java applet, Word document, agent software, browser plugin, postscript file, removable storage, ActiveX components, articles posted to newsgroups, any number of scripting languages, attached e-mail components (MIME), floppy disk (demo disks you receive in the post), someone over the phone asking you to run a program, ... (the list goes on and on) (R 19 85)

    f Security hole reported in Java 2 (JDK 1.2) (R 20 30), fixed in JDK 1.2.1

    Sf Security problems in ActiveX, Internet Explorer, Authenticode (R 18 80-86,88-89); in particular, see detailed comments from Bob Atkinson (R 18 85) and subsequent responses (R 18 86-89); Paul Greene at Worcester Poly finds IE flaw (R 18 85); EliaShim notes two more IE flaws (R 18 88); Another ActiveX flaw (R 19 06,09)

    i ActiveX controls - You just can't say no! (S 23 3:26, R 19 55)

    SOf Internet Explorer runs arbitrary code: MIME type overridden (R 19 14)

    Se Misleading Internet Explorer security patch (S 26 4:8, R 21 35)

    Sf IE security bug with Active Scripting (R 20 80)

    SOf More on Web browser risks (R 19 18)

    Sf More on NT security (R 18 82,84,86-88); Another Windows NT security flaw (R 19 02)

    Sf NT passwords bypassable by overwriting hashed password (R 18 62)

    Sf Making good ActiveX controls do bad things (R 18 61); more risks (R 18 62)

    Sf Chaos Computer Club demonstrates ActiveX/Quicken flaw on TV (R 18 80,81)

    SHO Beware of offer of remote ActiveX-enabled antivirus scanner (R 19 30)

    Se Microsoft Java/COM integration support does automatic upgrades (R 18 64)

    @SP Discussion of security and privacy implications of "cookies" (squirreled information in browsers) (R 18 19,20, 63,65,67,68,70,72,78,79,88,92); residues in Internet Explorer 3 (R 18 68);

    Seh Over 10,000 sites running nonsecure versions of NCSA Web server (S 21 4:17, SAC 14 3)

    Sf SATAN anticracker software; discussion; version 1 flaw (S 20 3:12)(SAC 13 3)

    Sf Master password generation algorithm uses program bug in LOGIN (S 12 3)

    Sf Flaw in Sun 386i - argument that bypassed authentication (S 14 5)

    Sf DEC/Ultrix 3.0 breakins using tftpd, weak passwords, and known flaws (S 15 1)

    Sf SunOS 4.0.x rcp problem, exploiting /etc/hosts.equiv , /.rhosts (S 15 1)

    Sf Password Snatching? RS-232 data tap advertised for $29.95 (S 12 3)

    S Flaws in Kerberos version 4 and 5 (S 21 4:17 SAC 14 3, CERT Advisory CA-96.03)

    Sf Security hole in SSH 1.2.0 permits remote masquerading (R 17 66,68, SAC 14 3)

    Sf Trojan horsing electronic countermeasures? Def.Electr. Oct 89 (S 15 1)

    SH Risks of infrared-reprogrammable parking meters (S 15 5)

    Sf Risks from using laptops with cellular phones (S 15 5)

    SHf Justice Department computers vulnerable remotely (S 15 5) @ $S GAO finds computer security at stock exchanges vulnerable (S 15 2)

    S PRODIGY security and integrity problems discussed (S 15 2)

    Sf CTSS raw password file distributed as message-of-the-day; editor temporary file name confusion. See Morris and Thompson, CACM 22, 11, Nov 1979. (S 15 2) Also FJCorbató, 1991 Turing Award Lecture, CACM 34, 9, 1991, pp. 73-90.

    SPf Bad pointer dumps encrypted passwords as message-of-the-day (R 17 44)

    SH Dictionary-based password cracking (Morris-Thompson) happening (S 15 2)

    $Sh NZ Kiwinet posts new default password (S 16 4)

    $Sf RISC architectures crashable from user mode (S 15 5)

    Sf SunOS SPARC integer division grants root privileges divide&conquer (S 16 4)

    S Hitachi's dynamic microcode download facility (S 16 2)

    S Root console spoofable by function-key remote reprogramming (S 16 4)

    S Security breach in UK Government Whitehall computer (S 17 2)

    SH Crackers of Boeing and Seattle US District Court fined $30K (S 18 4:9)

    f FAX in send mode receives someone else's FAX instead (S 19 2:3)

    i Wrong fax code sends antiQuebec message to French-language papers (S 19 3:9)

    SP IRS checks mailed with visible SSNs and amounts in 1994 (S 19 4:10); City of Detroit MI did the same 400,000 tax forms in 2002 (R 21 91); new law will prohibit federal agencies from doing so, effective 2004 (R 21 92)

    SP Lexis-Nexis P-Trak database includes unselectable SSNs (R 18 43-45,47-49)

    Sf Univ. California computerized retirement system flaw (S 21 4:17, SAC 14 3)

    SAf Authentication in Lotus Notes has security flaws (S 20 3:9, R-17.10)

    Sh? Randal Schwartz finds security flaws in Intel, convicted (R 17 23,28)

    Sf More on Windows security bugs (R 17 62)

    Sf Windows 95 security hole: file names beginning with extended-ASCII 229 (S 21 4:17, SAC 14 3)

    f File name bug in Windows 95 (S 21 5:18)

    i File name problems in Unix (R 21 80,82)

    Sf Win 95 Microsoft TCP/IP flaw freezes system (R 19 26)

    i Risk of renaming a Windows 95 computer on a network (R 19 56)

    i Windows 95 renaming problem (R 19 66)

    f Warning! NT 4.0 utility wipes system configuration (R 18 49)

    f Windows NT 4 corrupting filespace and deleting directories (R 19 63)

    Sf Password unsecurity in NT cc:Mail release 8 (R 19 37)

    Vmf Massive NT outage due to registry corruption (R 19 60)

    f Bug in DoD Common Operating Environment screen-lock consumes resources (R 19 42); NT screen savers also risky (R 19 43)

    $f Reliability of NT in embedded applications (R 20 41)

    f Microsoft Word footnote problems irks federal appeals court: Word does not count words correctly (R 20 52)

    i Risks related to Ctl-Alt-Del (R 19 28,29,31,32)

    Sf Paper by Avi Rubin on Microsoft Passport flaw (R 20 85)

    Sf Bug in Microsoft Word 6.0, 6.0a releases unintended info (S 20 1:19)

    Sf More on Microsoft WORD macro security problems (R 18 70-72,75-77,79-89)

    Sf Microsoft again distributes a Word Macro Virus: WAZZU.A (R 18 53)

    Sff Microsoft vulnerabilities, publicity, and virus-based fixes (good analysis by Bruce Schneier, R 21 01)

    Sf Microsoft Windows Update Corporate Web site "features more than 1,000 system updates and drivers for the Windows 2000 platform"!!! (R 21 04)

    (f=feature)i Microsoft Word file holds two separate texts (R 20 40,45; MS response R 20 43); more on hidden old edits (R 21 45)

    (f=feature)i Office XP modifies what you type, changes links to point to MS sites, overrides corrections, without notification; you'd better read these items if you use Office XP! (R 21 42,43,45,46,48); Smart Tags in WinXP (R 21 46) later killed by MS (R 21 51); Comments on XP = smiley face = chi-rho = Cairo monogram (R 21 44, 46,48,51)

    f Uncleared disk space visible: MS Visual C++ or operating system problem? (R 21 50,51)

    $ Insurer considers NT high-risk (R 21 44,45)

    Sf,e,H,$,etc. More Microsoft problems and security flaws: Win32 API (R 22 19); Klez (R 22 20-21) and BugBear (R 22 29,31-32); OFfice/IE risks (R 22 22); Internet banking and e-commerce risks (R 22 22); certificate validation flaw (R 22 23); MS recommends preventive measures: eliminate blank or weak administrator passwords, disable guest accounts, run up-to-date antivirus software, use firewalls to protect internal servers, and stay up to date on all security patches (R 22 24,26); Microsoft EULA asks for root rights - again (R 22 19); risks of chaining substitutions in Outlook (R 22 30-31); more on risks of automated updates (R 22 29,31); MS says 1% of bugs cause half of software errors (R 22 29); UC Santa Barbara bans Win/2K (R 22 31); King's College, London, bans Unix/Linux on their network (R 22 32); switch-from-Mac-to-MS ad bogus (R 22 31); more on Windows daylight savings cutover, including a dual boot problem (R 22 34-35, previously noted in R 18 3, 18 96, 19 6, 19 11-12, 19 64); Windows quietly deletes Unix files (R 22 40); nine related Internet Explorer flaws reportedly leave systems vulnerable (R 22 32); Transportation Security Administration Word password protection easily compromised (R 22 45)

    Se Microsoft Hotfix erroneously undoes previous Hotfix (R 21 24); other fix files on MS Web sites infected with FunLove virus (R 21 37)

    Sf Bogus Microsoft Corporation digital certificates from Verisign (R 21 29,32,34); problem with revocation lists (R 21 30,32)

    Sf UK Government Gateway certificates block non-MS browsers (R 21 44); same system used for UK's agriculture department MAFF (R 21 45)

    SH Windows XP vulnerable (R 21 45,46,48); Release Candidate 2 has driver block preventing some programs from running, because vendors write bad code! (R 21 57,58); more Outlook security problems (R 21 46)

    Sf Freeware Password Recovery recovers Windows lost passwords saved in IE (R 21 56,59)

    Sf Microsoft Reader e-books broken (R 21 64)

    Shf Microsoft's PGP keys don't verify for several months, so MS security bulletins look forged! (R 21 56); WindowsUpdate Service Pack 2 for IE have questionable certificates as well (R 21 63)

    SHA Bogus letter-writing campaign opposing Microsoft anti-trust actions includes mail from dead people (R 21 63)

    fi Microsoft SMB protocol: Risks of undocumented `standards' (R 21 69)

    i- MS Front Page 2002 license agreement forbids use on disparaging sites (R 21 68)

    SP Security and privacy risks of Microsoft Hailstorm/Passport and Project Liberty alternative (R 21 70,72)

    Sf Windows XP accounts default to administrator with no password (R 21 76,78)

    Sf Remote tricking of users with Outlook XP with X-Message-Flag (R 21 76)

    Sf Windows XP hacked in hours, black-market copies shortly thereafter (R 21 76)

    -(S) Despite Connecticut's MS monopoly case stance, CT Attorney General's Web site requires JavaSoft to browse (R 21 80)

    Sf Microsoft IE Javascript cookie disclosure vulnerability (R 21 76)

    Sf "Beale Screamer" cracks Microsoft anti-piracy software (R 21 71)

    SA Microsoft using predictable passwords for Passport (S 27 2:18, R 21 88)

    Sf Microsoft C++ feature against buffer overflows is itself vulnerable (R 21 91)

    *Sfff? Windows NT html products basis for Interim Brigade Combat Force (R 21 94) Windows CE palmtops to be used to direct air strikes (R 21 94);

    SOf Security flaw in Microsoft Office for Macs leaves OS wide open via HTML feature (R 22 04)

    SHf W32/KLEZ.H polymorphic MS Outlook e-mail virus (R 22 05-08,10); and after-effects - bogus mail, spoofing, mail loops, etc. (R 22 11)

    Shf Microsoft invokes national security in not sharing information on MSMQ protocol, Windows File Protection API, anti-piracy and digital rights management; also, "some Microsoft code was so flawed it could not be safely disclosed." (R 22 13); more on MS's secret plan to secure the PC, Palladium, viruses, etc. (Peter da Silva, R 22 14; Cringely, Mellor on Palladium, R 22 15)

    Sf MSNTV WebTV virus dials 911 (R 22 17)

    Shf Microsoft sends Nimda worm to South Korean developers in Visual Studio .Net software (R 22 13-14)

    SPfh Tower Records reports customer information "leak" from Windows Active Server Page (R 22 43)

    SP FTC/Microsoft settlement: Passport violates its own user-ID privacy policy (R 22 19)

    Sf Macro virus lists from Klaus Brunnstein, ftp://agn-www.informatik.uni-hamburg.de/pub/texts/macro/ and ftp.informatik.uni-hamburg.de/pub/virus/macro/macrolst.* (R 19 24)

    S+ After October 1997 Macro Virus contamination and Eligible Receiver demonstration of significant vulnerabilities, NASA requested DoD to attempt penetration exercises (R 19 74)

    Sf New Word macro virus WM/PolyPoster posts Word documents to 23 Usenet newsgroups (R 19 85)

    $SHO Chernobyl CIH virus hits on 13th anniversary, attacks Windows 95/98; damage reportedly worst outside U.S., especially South Korea (R 20 34) and Sri Lanka, with usual rumors that it was created by an anti-virus supplier (R 20 37)

    Sf OS/2 Warp TCP/IP misfeature (S 21 5:19)

    SHA Another risk of reusable passwords: sharing them to avoid Web fees (R 18 85)

    @SHI Dutch electronic-banking direct-debit scandal: Friesian church minister discovers surprise privileges (R 18 81)

    Sf Security flaw found in Alcatel's high-speed modems (R 21 35)

    ..... Penetrations and misuse by "nonauthorized" personnel:

    !SH China executes hacker for embezzling £122,000 (S 18 3:A12)

    SPH British Telecom's Prestel Information Service - demonstration for a reporter read Prince Philip's demo mailbox and altered a financial market database [London Daily Mail 2Nov1984] (S 10 1) Break-in being prosecuted (1st such prosecution in Britain) (S 11 3) Conviction reversed by Appeal Court and House of Lords (S 13 3)

    SHAfe W.German crackers plant Trojan horses, attack NASA systems, exploit flaws in new OS release (S 12 4, 13 1); perpetrator arrested in Paris (S 13 2). See also (R 08 36,37 [response from `pengo'],38).

    $SHAOf Lawrence Berkeley Lab computer break-ins by Markus Hess; Stoll planted phony computer file; file requested (S 13 3, Cliff Stoll, CACM May 1988); see Cliff Stoll, `The Cuckoo's Egg: Tracking a Spy ...', Doubleday 1989. Hess and others accused of KGB computer espionage (S 14 2); Three of the Wily Hackers indicted on espionage charges (S 14 6), `mild' convictions on espionage, not `hacker' attacks [15Feb1990] (S 15 2)

    S Report from the Chaos Computer Club Congress '88 (S 14 2)

    SHf Hacker enters Lawrence Livermore computers (S 14 1)

    SH South German hackers hack TV German Post dial-in poll (S 14 6)

    SH Discussion of Dutch Intruders breaking in to U.S. systems (S 16 3)

    SH Dutch Hackers H.W., R.N. arrested; reportage from Rop Gonggrijp (S 17 2)

    SH First Dutch computer hacker arrested under new Dutch Law (S 18 3:A12)

    $SH Kevin Poulsen (Dark Dante) arrested (S 16 3); accused of rigging radio contests by phone hacking (S 18 3:A13) tapes, other evidence seized from locker ruled inadmissible (S 19 2:9); espionage charges dropped; Poulson pleads guilty to other charges (S 21 2:20)

    $SH Leonard Rose (Terminus) guilty of unauthorized possession of UNIX source and distributing access-capturing Trojan horses (S 16 3)

    $SHA 5 NY Master of Disaster hackers' Federal 11-count indictment (computer tampering/fraud, wire fraud, wiretapping, conspiracy; phones, computers, credit) (S 17 4); Phiber Optik (Mark Abene) sentenced to 1 year + for conspiracy, wire fraud (S 19 1:8)

    S? Feds arrest hackers nationwide in Operation Sun Devil; Steve Jackson Games investigated for cyberpunk fantasy game rules (S 15 3); Secret Service rebuked for Steve Jackson Games investigation (S 18 3:A8)

    $SH "Sun Devil" indictments: "Doc Savage" arrested for tel/credit fraud (S 16 3)

    $SH FtWorth programmer Donald Gene Burleson plants time-bomb, deletes 168,000 brokerage records; convicted, fined (S 13 3, 13 4)

    SH University of Surrey hacker arrested ... and released; Edward Austin Singh penetrated 200 systems (S 14 1)

    SH UK "Mad Hacker" (Nicholas Whiteley) goes to jail (S 15 5); appeal fails (S 16 2); new British Computer Misuse Act (S 15 5)

    SH Intruder hacks into Cambridge University systems (R 18 09-10)

    SH UK hacker "Datastream" finally arrested (S 20 2:13)

    SH Hackers break into Macedonian Foreign Ministry phones (S 23 3:24, R 19 46)

    SH R.G. Wittman accused of felonies in hacking NASA computers (S 17 1); sentenced to 3-year probation, mental health treatment (S 17 3)

    $SH 2 Norwegians fined for fraud; telephone fraud, browsing ignored (S 19 1:8)

    @SH$ Russian hacker Vladimir Levin breaks Citibank security (S 20 5:13, R 17 27-29,61); Levin pleads guilty (R 17 61), sentenced to 3 years, with $240,015 restitution; 4 accomplices previously pleaded guilty (R 19 61)

    SHOA 3 Croatian teenagers cracked Pentagon Internet systems. Classified files allegedly stolen (?). Zagreb Daily suggests damaging programs could cost up to $.5M (?) (R 18 84)

    SH Pentagon computers hacked ("most organized and systematic" according to John Hamre); Cloverdale high-school kid blamed (R 19 60); in blaming "hackers", DoD seems to be oblivious to its own bad security

    SPH Carlos Salgado Jr. pleads guilty, max up to 30 years, $1M fines (R 19 34)

    SH Wendell Dingus sentenced to 6 mos home monitoring for cracking USAF and NASA computers from Vanderbilt U. (R 19 35,36)

    SH Former IRS employee indicted for fraud, illegal browsing (S 20 5:13)

    SH* NY Police Department phone system cracked (S 21 5:19)

    SH British man (Black Baron) convicted as malicious virus writer (S 20 5:14)

    S Cancelbot derails online promo (WSJ via Edupage 20 Dec 1994) (S 20 2:11)

    $SH Criminal hacker arrested in Winnipeg (S 20 2:12)

    SH 16-year-old boy cracks university computer security (S 21 2:20)

    @SH DMV security code breached at hospital in New Haven (R 18 28)

    @SH AIDS database compromised in Pinellas County, FL (R 18 48,53)

    SH Geraldo show demonstrates how to break into tracer.army.mil (S 17 1)

    SHA Milwaukee 414s broke into many computers (some with guessable passwords)

    SHAO Australians use dictionary attack on various U.S. computer systems (S 15 2)

    $SPH Thieves ransack 55 government computers in Australia (R 18 14)

    SH St. Louis teenager Christopher Schanot arrested for computer fraud (R 18 01)

    SPH Two convicted: 1,700 Tower Record credit-card numbers offloaded (R 18 02)

    $SH U.Texas Dean's conferred password used to misappropriate $16,200 (S 17 3)

    S References to CERT memo and Dave Curry article on countermeasures (S 15 3)

    fH Fudging a poll on program(med) trading? (S 15 1)

    SH USAF satellite positioning system, others cracked by 14-yr-old (S 14 6)

    Sf Sony satellite dishes remotely reprogrammable? (R 17 33)

    SH CerGro voice-mail hacked, mailboxes used for illicit purposes (S 13 4)

    SP Olympics e-mail misuses affect Tonya Harding and Cathy Turner (S 19 3:10)

    $SP Barclays credit system voice-mail hack gives sensitive info (S 18 1:20)

    SH Voice-mail phreaking alters recorded message (S 19 3:10)

    @$SH AT&T computer break-ins (Herbert Zinn) (S 12 4)

    @$SH Pac*Bell System computer attacker Kevin Mitnick arrested (S 14 1); arrested again after hi-tech tracking (S 20 3:12)(SAC 13 3)

    SHAO Computer crackers arrested in Pittsburgh, West Coast (S 12 4)

    SH Argentine Hacker encounters computer wiretap (S 21 4:17, SAC 14 3)

    $SH Computer intrusion network in Detroit (Lynn Doucett) (S 14 5)

    $SH Fired computer engineer caught downloading proprietary software (S 13 2)

    *SH Ex-employee arrested in file theft via Internet (S 19 3:10)

    $SHI Two Lucent scientists charged with selling PathStar Access Server software to Chinese firm (R 21 38)

    $S MIT student arrested for running BBS used for pirate software (S 19 3:11)

    $H Australian hackers face jail or fines (S 13 2)

    $SH Australian intruder fined $750 for copying programs (trespass) (S 15 3)

    $SH Aussie Cracker charged with phone fraud, accessed US computers (S 16 4)

    *SH Australian computer hacker jailed for two years; caused release of thousands of liters of raw sewage on Queensland coast (S 27 1:14, R 21 74)

    $SH Phone cracker tried for Palomar Hospital felony wiretap/eavesdrop (S 17 2)

    *SHAO Hospital intruder captures password, alters drug protocol (S 19 3:10)

    *SH Tampered heart monitors, simulating failure to get human organs (S 19 2:5)

    SH 16yr-old Brit (Jamie Moulding) tried to sell cracked MoD files (S 16 4)

    $SPH Brit. Min. of Defense computers penetrated by 8LGM; 3 arrested (S 18 3:A9), hacked into NASA, ITN's Oracle, ... 2 given 6-month sentences (S 18 3:A12)

    SH TV editor raids rival's computer files (S 14 2)

    SH Fox TV computers hacked, access to news stories in progress (S 15 3)

    $SH TRW Credit information bureau breakins - one involved gaining information on Richard Sandza (Newsweek reporter who wrote "anti-hacker" articles) and running up $1100 in charges (S 10 1)

    $SH 14-yr-old cracks TRW Credit, orders $11,000 in merchandise (S 15 1)

    $S 12-yr-old boy arrested for tapping TRW credit files (S 15 3)

    $SH Risks of unauthorized access to TRW credit database (S 15 3)

    $SHAO U.S. Reps Zschau, McCain computers penetrated, mailings affected (S 11 2)

    VSH/h? Ross Perot's computers lose 17K names; intruder or inadvertence? (S 17 4)

    SPHA NJ Republican staffer breaks into Democrats' computer (S 16 1)

    SHAO Bogus e-mail says Dartmouth prof cancels exam; 1/2 noshows (S 19 4:12)

    SHAO Grade-changing prank at Stanford (around 1960) (S 8 5)

    SHAO More class grade changes: Alaska, Columbia U., U. Georgia (S 16 3); Berkeley High School, despite requiring two passwords! (R 20 92)

    S Remote student tests by push-button phone; Psych 519, Gov's State (S 16 1)

    $SH Southwestern Bell computer penetrated: free long-distance calls (S 11 3)

    $SPH British Airways dirty tricks tapping into Virgin Air data (S 18 2:15)

    $SH Bloodstock Research thoroughbred genealogy computer system break-in

    SHf Systematic breakins of Stanford UNIXes via network software (S 11 5) Brian Reid, "Lessons from the UNIX Breakins at Stanford", pp 29-35, Oct 1986

    SHAO UK's MI5 phone recruitment hotline spoofed by KGB impersonator (R 19 20)

    SH Masquerader acts as Liz Taylor's publicist, hacks answering machine (S 15 5)

    $S Laser printer counterfeiting and new US legislation (S 15 5)

    SH Free Software Foundation trashed, added passwords for integrity (S 16 4)

    $SH Remote-control automobile locks opened by signal replay attacks (S 18 4:7)

    $SH GM charged VW with industrial espionage (S 18 4:8); settlement eventually reached: VW agreed to pay GM $100M and buy $1B in parts over 7 years [Wall Street Journal, 10Jan1997, A3]

    SPf Risks of presumed anonymity in tar files, e-mail (S 18 4:10)

    @$SH Foiled counterfeiting of 7,700 ATM cards using codes in database (S 14 2)

    @*H Prison escapes via computer manipulation (S 10 1, 12 4)

    @*$H Masquerading spoof of air-traffic control comm altered courses (S 12 1)

    SH Dan Farmer's security survey [2Jan1997] catalogs attacks on government sites, banks, credit unions, etc. See http://www.infowar.com. (R 18 74)

    $SH 1994 UK National Audit Office report on computer misuse in government: 140% increase; 655 cases, 111 successful; £1.5M defrauded; misuse; 350% increase in viruses; 433 computer thefts, worth £1.2M (S 20 3:11)

    $SHO Computer breakins cost businesses estimated $800 million worldwide in 1995 (R 19 47)

    SHOA Stanford Linear Accelerator Center (SLAC) computer system penetrated 2 Jun 1998 using LAN sniffers (R 19 80-81)

    SHOA Canadian charged with breaking into U.S. government computer (R 19 74)

    SHOA Woman cracker gets five-month prison sentence for deleting info from Coast Guard personnel database (R 19 84)

    SHO Milw0rm crackers penetrated India's Bhadha Atomic Research Center (BARC), copied 5MB, relating to India's nuclear research, altered BARC Web site, deleted files, in protest of nuclear testing (R 19 78)

    SHf Critical mass or critical mess at Los Alamos? Lax security (S 23 4:21)

    SH Jonathan James (cOmrade) sentenced to six months detention for having penetrated DoD and NASA computer systems, intercepting 3,300 e-mail messages and stealing passwords when he was 15 (R 21 06; S 26 1:27)

    SH Jason Diekman, 20, charged with cracking into university computers and NASA, stealing hundreds of credit-card numbers to buy thousands of dollars of clothing, stereo equipment, and computer hardware (R 21 06; S 26 1:27-28)

    SHOA Raymond Toricelli charged with breaking into NASA computers, capturing passwords, running porn ads (R 20 95)

    ..... Web site hacks and risks:

    VSH Justice Department's Web site is infiltrated (S 22 1:21, R 18 35)

    VSH CIA disconnects home page after Web site hacked (S 22 1:21-22)

    VSHAO Air Force Web page hacked (S 22 2:23, R 18 64)

    VSHOA NASA's Web site http://www.nasa.gov hacked on 4 Mar 1997 (S 22 2:23, R 18 88)

    VSHf Three Army Web sites hacked (S 23 4:24, R 19 63)

    VSHf Hackers claim major U.S. defense system cracked (S 23 4:24)

    f Art Money (when nominee-to-be for U.S. AsstSecDef) was quoted in Federal Computer Week at an AFCEA meeting as saying that hackers had changed troops' blood types on a DoD Web site, reportedly causing DoD to revisit what info to put on its Web pages (R 19 97); however, the following issue of FCW said that no such attack had occurred, although the possible scenario had been identified by a red-team exercise (R 20 02)

    VSHOA National Collegiate Athletic Association (NCAA) Web site hacked, racial slurs posted; 14-year-old high school freshman? (R 18 90)

    VSHOA ACLU's AOL Web site cracked (R 19 77,81); further notes on AOL security (R 19 87)

    VSHAO NY Times Web site attacked in support of Kevin Mitnick, and suggestions of what could have been worse in insidious misinformation (R 19 96)

    VSHAO Lost World Web site hacked into Duck World: Jurassic Pond (R 19 20,21)

    VSAO Swedish meat packer Web site penetrated and replaced (R 19 14)

    SHAO Swedish 16-year-old arrested 3 hours after Web attack on Swedish National Board of Health and Welfare; discussion by Ulf Lindqvist (R 20 87)

    SH Teenage hacker Raphael Gray arrested in Wales, hacked 9 e-commerce sites, stole Gates' credit-card info (R 20 87)

    SHAO Man (Max Vision) indicted for vandalizing NASA, Argonne, Brookhaven, Marshall Space Center, DoD computers (R 20 87)

    SH National Hockey League Web site denial of service attack: down over 5 days, due to lack of admin expertise (R 20 89)

    V$SH Many New Zealand IHug Web sites wiped out by cracker (R 20 09)

    SH Internet vandals Trojan-horse USIA Web site (R 20 18)

    VSHf Hackers take down FBI and Senate Internet sites, 27 May 1999 (retaliation for Zyklon?), Dept of Interior and Govt facility at Idaho Falls hit on 31 May 1999 (R 20 43); Crackers do for U.S. gov't what critical infrastructure report couldn't (R 20 43); US GAO report found serious security gaps in 24 agencies' systems (S 26 4:7, R 21 36)

    VS Critical infrastructure DCS/SCADA security: dependence on the Internet! (S 27 6:6, R 22 14)

    Sf EPA Web site shut down in response to Congressman's threat to divulge vulnerabilities (S 25 3:20, R 20 79-80); GAO says EPA's computer security is "riddled" with weaknesses (R 21 02; S 26 1:28)

    SHOA George W. Bush's campaign Web site hacked, photo replaced (R 20 64)

    SHAO Gallup Web site hacked just before primary election (S 25 3:21-22, R 20 83)

    SH Zyklon admits attacks on NATO, USIA, Gore Web pages (R 20 58)

    SH Japanese Government Web sites hacked: Science and Technology Agency penetrated, census info erased (R 20 77)

    SHAO OPEC Web site hacked protesting oil prices (R 21 05)

    S Risks of Web sites from computer fraud (R 19 44)

    Sf Air Force thinks push-pull technology (e.g., Web browsers, PointCast) too risky (R 19 57); added risks from Netscape or anyone else giving away source code? (R 19 57-59)

    SHPA Federal Web sites lack privacy safeguards (S 23 1:13, R 19 35)

    $H Fake Web page cause 20% stock surge and then retreat in PairGain (R 20 30)

    SHO Western Union Web site hacked, with info on 10,000 customers' cards (R 21 04; S 26 1:28)

    ..... Trap-doors, Trojan Horses, logic bombs, worms, viruses:

    $$SHhf Internet worm attack 2-3 Nov 1988 on BSD-derived Unix systems, an intended constructive experiment that went awry (editor's discussion on software engineering implications; exploitations of sendmail debug option, finger, .rhosts, some dictionary-attacked encrypted passwords; references to detailed reports by Spafford, Seeley, Eichin/Rochlis) (S 14 1); Robert Tappan Morris indicted on felony count (S 14 6) Jury declares Morris guilty, Jan 1990; motions, sentencing pending (S 15 2) RTM sentencing and some implications (S 15 3); appeal fails (S 16 2)

    $SHI Taco Bell register reprogrammed to redirect funds (S 22 4:31, R 18 76)

    SH Unauthorized Internet activity; TELNET Trojan horsed (S 14 6)

    SH New rash of Internet break-ins with Trojan-horsed net software (S 19 2:5)

    SHA Another Trojan-horse bogus cash dispenser in Finland (R 20 03)

    SH Trojan Horse infests 15,000 Internet Relay chat users with Back Orifice (R 20 03)

    SH CERT alert: Trojan horse planted in TCP wrapper acquired by at least 52 sites (R 20 18)

    Sf html e-mail or Web page can launches Excel Trojan horses (R 20 15)

    SH Discussion of write-protectable hard drives as one way to defend against Trojan horses (R 20 21-22,24)

    SH Two Penn State Hackers arrested, service theft, etc. (S 15 2)

    SH C compiler Trojan horse for UNIX trapdoor (Ken Thompson, "Reflections on Trusting Trust", 1983 Turing Award Lecture, CACM, 27, 8, August 1984)

    SH? Rhode Island "disgruntled employee" arrested for "e-mail virus" (R 18 50)

    $SH PC Graphics program Trojan horse (ArfArf) wiped out users' files (S 10 5)

    SH PC-Prankster Trojan horse on PCs (S 12 4)

    SH Another Trojan horse trashes DOS - NOTROJ (S 11 5)

    SH Trojan turkey program deletes files (S 13 3)

    Sf Microsoft Network e-mail binaries can contain executables (R 17 31,32,33)

    SHOA Microsoft Network (MSN) fraudulent e-mail credit-theft risks (R 19 08)

    VS AOL alerts users to e-mail Trojan Horse that crashes hard drives (S 21 2:20)

    S Intel CD-ROM hoses hard drives (S 21 2:20)

    *SH Software time-bomb inserted by unhappy programmer (extortion?) (10 3:15)

    *SH Los Angeles Water&Power computer system software time-bomb (S 10 3:15-16)

    $S Booby-trapped contracted software "destroys data"; unpaid blackmail? (S 15 3)

    SH Lauffenberger convicted of logic bombing GD's Atlas rocket DB (S 17 1)

    SH NY law consultant plants logic bomb (claim 56789), seeks repair job (S 17 4)

    H Man accused of Trojan horsing his ex-wife's computer (S 18 2:4)

    $H Typesetter disabled system, demanded arrears; bankrupted corp sued (S 17 4:7)

    $SH Logic bomb allegedly planted in nonpaying customer's system (S 19 1:7)

    SH UK Logic Bomb displays Margaret Thatcher picture when triggered (S 13 3)

    @*SH Ex-employee Trojan-horses emergency system, which fails (S 17 4)

    SH Trojan horse Christmas-greeting message contains saturating virus (S 13 1)

    SH Apple II virus, Amiga virus, a chain letter; Canadian logic bombs; computer terrorism; voice-mail misuse (S 13 1)

    SH Pandair Freight (UK) logic bomb case (S 13 1); backfires (S 13 2)

    VSH Viruses halted government computers in south China (S 16 4)

    SH World Bank virus ("Traveller 1991") (S 16 4)

    SH Lehigh time-bomb virus propagates four times, wipes disk (S 13 2)

    SH Israeli 13th-of-month PC time-bomb, would delete files 13 May 88 (S 13 2) Jerusalem Virus bet declared a draw (S 13 3) Time-bomb warning on SunOS for 13 May 1988 (S 13 3)

    SH Jerusalem-B virus infects GPO library disk (S 15 2)

    SH Jerusalem-B virus infects Chinese computers widely [13Apr1990] (S 15 3)

    $S Fri 13th Virus found in a game software on the market (S 15 3)

    SH Anticipation of time-bomb causes accidental clock bomb (S 13 3)

    SH Various Macintosh Viruses/time-bombs - trap handler, INIT32 nVIR - Brandow/MacMag 2 March peace message, infected Aldus commercial software DREW, FreeHand (in shrink-wrap). (S 13 2)

    Sd Apple distributes a CD-ROM with a "Trojan Horse" (S 19 2:10)

    Sdh Ford Motor Co promotional floppy disk contains monkey virus (R 17 23)

    Shf Cardiff software shipped self-destruct timebomb in Teleforms 4.0 (R 17 36)

    SH More on viruses dangers of virus construction sets, propriety of assigning virus development in courses, plus more on the Atari ST virus, the (c) Brain virus and the Providence Journal attack, the Scores virus and the "ERIK" and "VULT" attacks, Elk Cloner, Disease DOS, and the growing anti- virus business - including contaminated versions of FLUSHOT that contained Trojan horses. (S 13 3 refers to on-line RISKS, VIRUS-L.)

    SH (c) "Brain" Virus at eastern universities (S 13 2)

    $SH Michelangelo - hype, preparation, and attack on 6Mar1992; Leading Edge shipped 6000 infected systems; Intel shipped 800 infected LANSpool 3.01; DaVinci shipped 900 infected eMAIL 2.0 disks (S 17 2) Various Michelangelo attacks were reported (in New Zealand, Australia, Japan, China, Poland, Germany, South Africa [where bootleg SW is prevalent], Canada); various US hits also noted (S 17 2) Norton's free antiviral utility more dangerous than Michelangelo (S 17 2)

    f(S) Intel says Itanium 2 error can crash servers (R 22 73)

    SH Novell shipped a stealth virus, Stoned III, to 3800 customers (S 17 2)

    $SH 2 Cornell students arrested for spreading Macintosh game virus (S 17 2) 10 hrs/wk for a year public service required as punishment (S 18 2:15)

    $SH The Trojan horse named `AIDS', from `PC Cyborg Corp' (S 15 1); Joseph Popp accused on 11 charges, computer blackmail of medical institutes, attempting to obtain £6M (S 17 2)

    @*$SH Lithuanian nuclear power plant logic bomb detected (S 17 2)

    SH The "Twelve Tricks" Trojan horse (S 15 2)

    SH DECnet `WANK' Worm on SPAN affected DEC VMS systems (S 15 1)

    SH PC pest programs in China and Japan (S 15 1)

    S Soviets claim unprecedented computer-virus shield (S 14 1)

    SH "Virus" removes security barriers in Italian judicial computers (S 17 3)

    SH Self-invoking RUNCOM self-propagates as virus on MIT's CTSS (S 13 3)

    $H Use of a virus excuse for nondelivery of software (S 13 2)

    $SHf Portable terminals for Hong Kong horse betting spoofable? (S 14 2)

    $SH [Bogus] "Big Red" Trojan horse reported (as virus) in Australia (S 12 3); Hackwatch `expert' Paul Dummet [alias Stuart Gill] claims exposed (S 15 1)

    SH Japanese PC-VAN network `Virus' posts passwords of NEX PC9800s (S 13 4)

    SH Virus aimed at EDS infects almost 100 NASA computers instead (S 13 4)

    S `Computer Virus Eradication Act of 1988' (S 13 4)

    *S Virus hits hospital computers in Michigan, creates bogus patients (S 14 5)

    $S "Virus" arrest in New Jersey (Chris Young) (S 14 5)

    SH Black Baron gets 18-month sentence for virus activities (S 21 2:21)

    S Prank "Virus" Warning Message in government service system (S 14 5) @SH Toronto Stock Exchange virus scare causes all-night search (S 18 2:16)

    SH Trojan horses implantable by active electronic jamming? (S 15 1) @$mSe Minn. 9th Federal Reserve Bank vulnerability during recovery (S 16 3)

    SH? Aum Shinri Kyo affiliate develops Japanese government software (R 20 83)

    Sh(H?) U.S. State Dept embassies' Mission Performance Plan software written by Russians! (R 20 81)

    S? Fantasy Baseball Journal errors attributed to a computer virus (S 18 3:A11)

    SH Contact krvw@first.org for access to the VIRUS-L on-line newsgroup, documenting, cataloging, discussing innumerable virus problems!

    NOTE: We long ago stopped reporting run-of-the-mill new viruses. Klaus Brunnstein reported the number of distinct strains has grown from five in early 1988 to over 1000 by early 1992. The number is now huge, over 10,000. See the VIRUS-L newsgroup for ongoing activities... But we must include two 1999 manifestations that result from the absence of meaninful PC security:

    ffSH Melissa Macro Virus. See my article (S 24 4:28, R 20 26) and my Web site (http://www.csl.sri.com/neumann/house99.html) for testimony for the 15 Apr 1999 hearing of the House Science Committee subcommittee on technology, in which I consider Melissa as the tip of a very large iceberg - the abysmal state of computer and communication security. See also other items in RISKS on Melissa: Report by Robert M. Slade (R 20 26); hidden risks (R 20 28); effect on a UK bank (R 20 30); Risks of monocultures (R 20 26) and more virulent macro viruses (R 20 26); further analysis (R 20 30); Role of the GUID in identifying David Smith as the purported culprit (R 20 26,28,30-34), with wrap-up from Richard M. Smith (R 20 33); Smith faces five years in prison; claimed to have caused $80M damages and infected over 100,000 computers (R 20 68); further discussion of GUIDs accepted in court (R 20 70); Mainframe viruses (R 20 30-32) and origin of virus vulnerabilities (R 20 29)

    SH CIH virus (26 Apr 1999) recalls Chernobyl (R 20 33)

    $SHf Sasser worm (R 23 35); Antivirus software prolongs viral life! (R 23 35,36); Sasser implicated in Australian train outage, stranding up to 300,000 commuters (R 23 35); Sasser hits unpatched Delta flight software in Atlanta (R 23 36); creator turned in for $250,000 reward from Microsoft (R 23 37)

    ..... Password and authentication violations:

    SH John-the-Ripper software finds 48,000 passwords (R 19 91)

    S Password problem on Bloomberg Web site (R 20 08)

    SHAOhe Stanford e-mail system passwords stolen by sniffer attack on un-upgraded systems, reportedly from Sweden and Canada (R 20 05)

    SHA Organized e-mail theft in Seattle: compromised master key (S 24 3:27, R 20 09)

    SH Strange case of Instant Messaging scam involving password on AOL (R 20 24); another scam on AOL using hyperlinks (R 20 28)

    @$h Mistyped password put two brokers in the same computer files (S 13 1)

    @$H Japanese BBoard fraud traps passwords, gains money; culprit caught (S 17 4)

    ..... Biometrics

    SPfm Unsupervised biometric scanners more toys than serious security measures (Markus Kuhn, citing c't article, R 22 37); US ARO seeking odortype detection (R 22 43)

    SA Biometrics technology: not yet ready for primetime (R 22 82)

    SP DoT linking DMV databases and biometrics on driver's licenses; risks of false arrest, internal abuse, disclosure, etc. (S 27 2:17, R 21 87)

    SPfmi Biometric systems more like toys than serious security measures (R 22 15,37); face recognition found lacking at Boston's Logan Airport (R 22 16)

    S Reports on biometrics for controlling borders, airports, and seaports (R 22 60)

    S$ Biometrics: retina scans used for automating English school lunch payments (R 22 49)

    SHAPf* More on biometrics, including iris scans (R 20 41-43); Thumbprints in Malaysian smart cards (R 20 43)

    SP UK Home Office identity infrastructure: Risks of diverse identification documents vs national identity card, biometric database, etc. (Markus Kuhn, R 22 47)

    *$fhi False-positive risks in fingerprints: lawsuits against Identix for multiple assignments of same ID, system flaw known since 1996, uncorrected into 2004 (R 23 37; S 29 5:15); false negatives (R 23 86)

    *hi FBI fingerprint screwup: Brandon Mayfield no longer a suspect for Madrid train bombing; misidentified from partial print (R 23 38-39; S 29 5:15-16)

    *hi Problems due to misfiled fingerprints (R 23 40; S 29 5:16)

    ..... Risks in voice-recognition systems

    SH Risks of computer voice recognition monitoring gang members (S 15 5)

    VSh Ross Perot's high voice tone shuts down newspaper phone hotline (S 19 2:10)

    Sfi British discover Texas accent is needed for voice recognition system for UK criminals (R 19 78)

    Sf Risks of voice-controlled human interfaces (R 19 25)

    S Potential for Trojan horses in voice software (R 20 10) and remote controls (R 20 10)

    S Trojan horses embedded in voicemail (R 20 10) and risks of turning on audio and video, e.g. Back Orefice (R 20 11-12)

    VShi NCR phone instruction for Tower Star multiport removal: "execute rm -r star" (R 19 65)

    VSi Voice-recognition software Format c: Return and Yes, Return (R 20 24)

    Sf- Seagull squawks consistently interpreted by speech recognizing software as "Aldershot" (R 20 36)

    ..... Internal perpetrations and insider misuse:

    ShI CIA Director Deutch and multilevel security (S 25 3:20-21, R 20 78)

    ShAI DoE weak password policy on nuclear secrets (S 25 3:21, R 20 77)

    $SPHI Man charged with counterfeiting Japanese bank ATM cards, based on insider access (R 20 34)

    $SHI/O AOL tech support volunteer sentenced to year in jail (R 20 74)

    SHI FAA programmer destroyed only copy of source code for flight-control data transfer; authorities recovered encrypted copy at his home (R 20 64)

    SHI ISP/bookseller intercepted Amazon messages, trying to get competitive advantage; fined $250,000 (R 20 66)

    SHI+O Hackers penetrated Russian Gazprom, controlled pipeline flow; Russian police noted twelve-fold increase in computer crime in 1999 over 1998 (R 20 87)

    SHIf Rogue code in Microsoft software, dvwssr.dll, includes password to access thousands of Web sites (R 20 87-89)

    *SHI Hacker-nurse unauthorisedly changed prescriptions, treatments (S 19 2:5; R 15 37,39)

    $SHI $1M internal computer fraud at Pinkerton (S 16 4)

    @$SHI NY police chief indicted for misuse of confidential database (S 13 4)

    @SHI 3 police officers sentenced for misusing Police Nat'l Computer (S 14 2)

    @$SPHI 45 LA police cited for searching private computer records (S 18 1:21)

    @SHI IRS agent accused of giving defendant tax data on judges/jurors/... (S 16 3)

    @$SHIO Harrah's $1.7 Million payoff scam - Trojan horse chip? (S 8 5) and San Francisco Examiner/Chronicle, 18 Sep 1983

    $SH Nevada slot-machine ripe for $10 to 15 million phony payoffs? (S 11 2)

    $H Amusement game machines have covert gambling mode (S 13 4)

    @$f One-armed bandit chips "incompatible"; 70.6%, not 96.4% payoff (S 17 4)

    *SPHAf San Fran. Public Defender's database readable by police; as many as 100 cases could have been compromised [Feb1985] (S 10 2)

    $SHI Browsing by IRS employees: curiosity to fraud (S 19 4:13)

    SHA Sabotage of Italian newspaper source text without access controls (S 17 1)

    $SH Sabotage of Encyclopedia Brittanica database (S 11 5)

    $S(H?) Forbes accuses former employee of sabotage; NY programmer accused of sabotaging Art Assets computer (R 19 47)

    $SH Prescott Valley Arizona computerized financial records wiped out (S 12 2)

    SPH LLivermoreNL system used as repository 50Gb 90K erotic images (S 19 4:6); Employee acquitted; pictures thought related to engineering! (S 20 3:11)

    @SH Election frauds by vendor or staff charged? ... [see above]

    @*SHI British auto citations removed from database for illicit fee (S 11 1)

    S Reporting and misreporting on successful Internet penetration of Navy battleship in exercise by U.S. Air Force (R 17 56-58)

    $SHI Trojan-horsed chips in gas pumps enable charging scam (R 20 03)

    SHI Mars Bars fraud via data diddling (S 24 3:27, R 20 09)

    ..... Other intentional denials of service:

    SHI David Salas, former subcontractor on a Calif. Dept of Info.Tech., was arrested on 3 felony charges for "allegedly trying to destroy" the Sacramento computer system (R 18 75,76)

    H Mail-merge program used to generate 12,000 amendments for Ontario legislature in blocking attempt (R 19 06,08,09)

    SH Bogus cable chips zapped, possessors bringing them in apprehended (S 16 3)

    *$SH Sabotage causes massive Australian communications blackout (S 13 1)

    SH Former estimator destroys billing/accounting data on Xenix (S 15 1)

    SH DC analyst in dispute with boss changed password on city computer (S 11 2)

    SH Insurance computer taken hostage by financial officer (S 12 3)

    *SH Cancer database disabled; 50K bogus calls, 10K-pound phone bill (S 18 2:17)

    @SH Swedish cracker disrupts 11 north Florida 911 Systems (R 18 90)

    SAO Swedish teen-aged hacker fined for U.S. telephone phreaking etc. (R 19 13)

    SHf Vandalism disrupts service at Stirling University for days (S 19 4:13)

    VSH Denial-of-service attack with e-mail flooding (S 21 2:20)

    $VSHI Disgruntled Reuters computer technie brings down trading net (S 22 2:23)

    @!$$Hm World Trade Center blast and outages discussed (S 18 2:17)

    @SH Vandals cut cable in Newark, slow NY-DC MCI service for 4 hrs (S 20 1:21)

    H? Workmen strike at CERN; beer bottles halt accelerator reopening (S 21 5:16)

    VSH Update on Windows NT denial-of-service attacks, Bonk/Boink, New Tear (S 23 4:24)

    ..... More on information warfare and terrorism:

    VSH Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, GAO/AIMD-96-84, in Senate hearings (R 18 15)

    SH+H Pentagon uses offensive information warfare against Electronic Disruption Theater attacks beginning 9 Sep 1998 against DefenseLink Web site; EDT says it was illegal! (R 20 03)

    S Pentagon to take stronger computer security measures; Eligible Receiver results indicate pervasive vulnerabilities (S 23 4:24)

    $VS* Canadians assess risks of computer terrorism (S 16 1)

    $S Cyber-terrorists blackmail banks and financial institutions (article with considerable hype) (R 18 17,24)

    VS GAO report: Government computers at risk (R 21 04; S 26 1:27)

    $Shi CSIA urges Government to focus on cybersecurity (R 23 61; S 30 2:23)

    S- Cyberspace activism: screensaver chokes spam servers (R 23 61; S 30 2:24)

    SHO Information Warfare in Israel (R 19 77)

    ..... Internet Service Provider outages and security problems:

    Vhfme Internet "dark address space" leaves 100 million hosts unreachable (S 27 1:9, R 21 75)

    Vf/m Problems with on-line services: Prodigy "comm error" shown live on ESPN; AOL downed by flood; traffic chokes MCI inbound Internet gateways (S 19 4:8)

    Pf Prodigy misdirects 473 e-mail messages, loses 4901 others (S 20 3:9)

    SH Racist cracker trashes BerkshireNet (R 17 83, S 21 4, SAC 14 3)

    $Vfh 14-hour Netcom crash due to extra & in code (S 21 5:14)

    $e Microsoft, AOL, and AT&T also have netwoes (S 21 5:14)

    VSHAO PANIX denial-of-service syn flooding attack (R 18 45); more on syn floods, IP spoofing, and how to defend (Fred Cohen, R 18 48)

    VSHAO Major denial-of-service syn attack on WebCom in San Francisco area (S 22 2:23, R 18 69)

    $e Bad upgrade gets America On-Line off-line for 19 hours 7 Aug 1996 (S 22 1:17, R 18 30-31)

    Vfe More AOL outages: 2 Dec 1996; bad upgrade, 5 Feb 1997 (S 22 4:28, R 18 81)

    Vfe E-mail volume brings down Microsoft Network (MSN) servers for C-E and T-Z names; Microsoft shut down entire service for several days to upgrade (R 19 09)

    Sf WorldNet security flaw (R 19 19, correction in R 19 20)

    Vh Telehouse `reliable' backup center in London downed by accidental power shutoff, downing most of the UK Internet (R 19 13,14)

    VSH PING-of-death attacks from Serbia on NATO Web server, counterattacks on www.gov.yu (R 20 31)

    SH Copper thieves hit Rogers@Home cable Internet service in Canada (R 21 27); exposed cables chewed by rodent during repairs take out 300,000 customers

    $fSHA Internet MSN Cyberseat park bench gives free international telephone service (R 21 59)

    ..... Other Internet-related security problems:

    SHAO Princeton admissions office caught breaking into Yale computers (S 27 6:13, R 22 18)

    ..... Stolen equipment and computers - including sensitive data: [See also Piracy, below.]

    $SH Computers stolen from SDI Office (S 13 3)

    S Stolen laptop contains sensitive British military data (S 16 2)

    SHO Sensitive customer data in stolen CalTrain ticket-by-mail computer (R 19 02,05)

    SHO Stolen Levi Strauss personnel computer contains 40,000 SSNs and other identifying info, also bank account into for retirees (R 19 12)

    SH Laptop with unspecified data stolen from London police car (R 18 24)

    $SPH Thefts of doctors' computers lead to blackmail in Cheshire UK (S 18 1:22)

    SH Stolen computer contains ophthalmology certification exam (R 18 53)

    @SHI 6000 AIDS records stolen from Miami hospital PCs and diskettes (S 19 2:9); bad prank follows (S 20 5:10)

    SHP 30,000 personal records stolen in GMU server compromise (R 23 66; S 30 2:24)

    H May 1995 theft of $10M in Pentium chips; Asian syndicate indicted (R 19 21)

    $H Armed theft of $800K in chips thwarted (R 19 23)

    Hm Russian harvests 60 meters of cable in Ulan-Ude, disabling external phone service in Russia [19Jun1997]. Previously, 2 thieves in eastern Kazakhstan were electrocuted trying to steal high-voltage copper wires. (R 19 23)

    Hm Backup system failure: cable stolen at Korat Royal Thai AFB, 1973 (R 19 24)

    ..... Piracy and proprietary software rights:

    SH 37% of programs used in business are pirated (S 26 6:12, R 21 42)

    - Risks of arbitrary binary representations (e.g., pi) infringing copyrights (S 26 6:12-13, R 21 42)

    Sf Ed Felten and coauthors (backed by Usenix and EFF) sue RIAA and DoJ over right to publish paper on Secure Digital Music Initiative flaws and constitutionality of DMCA (R 21 45)

    SHrf DVD CSS encryption algorithm cracked with 216 attack with 6 bytes of known plaintext, with 40-bit key; freeware software remove copy protection (R 20 64-65,67,69), with detailed analysis by Bruce Schneier (R 20 66); jail for possessing a debugger? (R 20 74) DVD lawyers make "trade secret" public in unsealed lawsuit against Norwegian teen (R 20 77); Lawsuit against 2600.com for posting DVD security crack DeCSS (R 21 37); DeCSS source code is ruled speech; object code is not speech (R 21 73,74); 'DVD Jon' acquitted by Norwegian court; Supreme Court rescinds emergency stay barrying Matthew Pavlovich from distributing DVD lock descrambler (R 22 48)

    SH Russian programmer Dmitry Sklyarov wrote program to unrestrict encrypted Adobe Acrobat e-book files; gave talk at Defcon in US, arrested for Digital Millennium Copyright Act violation, jailed, eventually released on bail (R 21 53,55); Elcomsoft and Dmitry Sklyarov cleared (R 22 44); an e-book publisher apparently uses utterly trivial rot13 for cryptographic protection! (R 21 58); extradition laws (R 21 62,64)

    SHf More discussion on DMCA, RIAA, DVD Crack (R 21 42,47,48,54,61,62); negative effects on forensic analysis (R 21 62); UCITA implications as well (R 21 54); use of rot13 as "encryption" (R 21.58-59,62); UCITA support fading (R 22 84)

    Shi Use a Firewall, Go to Jail! DMCA broadening: New U.S. state legislation in Mass, Texas, Michigan, and other states would ban the possession, sale, or use of technologies that "conceal from a communication service provider ... the existence or place of origin or destination of any communication." Also would ban encryption, Network Address Translation, home routers, remailers, wireless, Linux/*BSD for reading DVDs, etc. Horrendous legislation! (Ed Felten and others, R 22 66); effects on electronic voting and the Internet community (Doug Jones, R 22 67); further discussion (R 22 67-69) This reminds PGN of the California computer crime law that in essence makes it illegal to read, write, alter, or delete information!

    SA The Internet vs. the recording industry (R 22 66; S 28 4:9)

    SA$ Music piracy violations: fines up to $150K a song (R 22 67; S 28 4:9)

    SA-? Radio stations unable to play copy-protected CDs (R 22 68; S 28 4:9)

    ? Acacia owns patent on digital audio and streaming video; goes after small sites, including (R 22 67; S 28 4:9)

    Sf Very weak HDCP content protection broken - by various people (R 21 60-62)

    $dP Microsoft documents leaked on the perceived threats of open-source software, and desired MS countermeasures; see the "Halloween Documents" annotated by Eric Raymond (http://www.opensource.org/halloween.html http://www.opensource.org/halloween2.html) (R 20 04-05) Microsoft preparing campaign to counter open-source movement (R 21 37)

    $SH FBI raid "Davy Jones' Locker" (400-customers pirated-SW BBoard) (S 17 4)

    @SH Leonard DiCicco pleaded guilty to aiding Mitnick in DEC SW theft (S 15 1)

    $SH Captain Blood, software pirate, nabbed in L.A. (S 21 2:21)

    $SH Irish rock band U2 unreleased songs pirated from demo video, distributed on the Internet (R 18 62,63)

    SH$ Finnish executives jailed for software piracy (S 20 5:13)

    $SH Software piracy considered enormous, Hong Kong, worldwide (R 18 12-13)

    S U.S. No Electronic Theft Act may criminalize non-profit software copying (R 19 52)

    $S Software theft statistics: $7.4B losses in 1993, $9.7B in 1992; greatest increases in India, Pakistan, Korea, Brazil, Malaysia (S 19 3:11)

    S British Visa source code compromised, ransom sought (R 20 75-76)

    ..... Incomplete deletions and other security residues:

    !S,H? Mystery death of NZ man who bought old Citibank disks reportedly containing details of overseas accounts & laundering activities (S 18 1:13)

    fSP Footnotes in the Starr report that had been deleted in WordPerfect reappeared in the House-translated html version; this is the old mark-as-deleted but don't-really-delete residue problem; also, some text was lost in the translation. (R 19 97)

    Sf Effects of data residues in Microsoft Word (R 17 78,80) and Netscape Navigator 2.0 (R 17 79); incorrect text replacements in WordPerfect (R 17 80)

    SPf More on the MS Word deleted residue feature (R 20 83)

    SPf Microsoft Word residue reveals author of document from California's Attorney General on attacks on makers of peer-to-peer software: it was a Senior VP of the MPAA! (R 23 27)

    SHf Windows NT storage residue in supposedly deleted files (R 20 88)

    SP Microsoft Word hits Tony Blair: Web-posted document residues shows names of four employees involved in the plagiarized dossier on Iraq (R 22 79, two items)

    SPfh NZ Health Commissioner's anonymised case reports not so anonymous, including Word residues (R 22 81)

    hi Web site devoted to Word documents with unintended strikeouts (R 23 29)

    SP Discussion of security and privacy implications of "cookies" (squirreled information in browsers) (R 18 19,20, 63,65,67,68,70,72,78,79,88,92); residues in Internet Explorer 3 (R 18 68);

    Sf Alcatel Word document includes deleterious document history (R 21 35)

    SP Residue problem in frequent-flier miles on number reissue (R 18 65)

    *Sh Air Force sells off unerased tapes with sensitive data (S 11 5)

    SP Used UK Bristol University computer contains identities of pedophiles and victims (R 21 64)

    *S White-house backup computer files bypass shredders on Irangate (S 12 2)

    Sf Sex, lies and backup disks: more D.C. risks in (non)deletion (S 21 2:17)

    Sh Leftover sealed-indictment data on sold-off surplus computers (S 15 5)

    Sh Secret FBI files sold off inside $45 surplus computers (S 16 3)

    H Residual Gulf war battle plans incriminate $70K computer thefts (S 17 4)

    S Deleted files still on disk give evidence vs Brazilian president (S 18 1:7)

    SP Used hard-disk contains unerased confidential personnel files (S 18 4:9)

    Sh UK cabinet secrets on National ID card found in surplus store (S 20 2:12)

    P Czech intelligence computer stolen, with sensitive data (R 19 31)

    +*H US charges man planned to kill 4,000 travelers; laptop evidence (S 21 5:16)

    S More risks of core dumps (R 18 42,43,44)

    Shi Sloppy HTML in MS Outlook reveals supposedly hidden Microsoft comments when viewed in emacs or non-MS browsers; missing endif (R 22 49)

    SP Google search finds cached password-protected pages (R 22 49)

    SPf U.S. military Web sites offer a quarter million Microsoft Word documents, including deleted info (R 23 50)

    ..... Satellite takeovers and TV screwups:

    VSH "Captain Midnight" preempted Home Box Office program (S 11 3, 11 5)

    VSH Another satellite TV program interrupted (S 12 1)

    $VSH Playboy Channel disrupted with bogus program "Repent Your Sins" (S 12 4); CBN employee convicted, facing up to 11 years in prison and $350,000 fines (S 16 1, R 10 62)

    (m/f) Playboy Channel video appeared in the Jeopardy time-slot in the Chicago area for 10 minutes, due to a screwup (R 18 22)

    SH AsiaSat Satellite TV broadcast pirated for 4 hours, replaced with outlawed material (R 23 62); reminder of the Playboy spoof (R 23 64)

    e Upgrading Cartoon Network Channel gives Playboy video, Flintstones' audio (S 22 4:26, R 18 77)

    SH WGN-TV and WTTW in Chicago overtaken by pirate broadcast (S 13 1)

    SH Video pirates disrupt L.A. cable broadcast of 1989 Super Bowl (S 14 2)

    ..... Other cases:

    SH British businesses suffer 30 computer disasters/year (S 12 1)

    SH UK computer security audit estimates £40M fraud in 1987 (S 12 1)

    S Accidental breach of Rockwell security bares shuttle software (S 13 3)

    $SH Debit card copying easy despite encryption (DC Metro, SF BART, etc.)

    $SH Thieves profit from $240,000 in debit-card transaction adjustments (R 19 42)

    $SHO Counterfeit debit cards hit Burns National and others (R 19 53)

    @$SHf TILT! Counterfeit pachinko cards send $588M down the chute (S 21 5:19)

    $SH ATM cards altered by in-car home computer net $50,000 (S 12 1)

    $SH Microwave phone calls interceptable; cordless, cellular phones spoofable

    $SH Church cordless phone abused (piggybacked dialtone) (S 20 3:12)(SAC 13 3)

    $SPH More cellular phone eavesdropping cases: Private call on saving the SF Giants (broadcast on TV frequency); Dan Quayle call from Air Force 2 on Gorbachev coup; Seabrook control-room calls including one on bad valve karma, heard by an antinuclear activist; Green Bay Packer football player calling a male escort service; intimate conversation allegedly with Princess Diana ("my darling Squidge") (S 18 1:20)

    $SH Unsecure cellular phone fraud: $482M in 1994 (3.7% of revenue) (S 20 2:13)

    $SH Massive cell-phone identifier interception (S 21 5:19)

    $SH Callback security schemes rather easy to break (S 11 5)

    $SHA 18 arrested for altering cellular mobile phones for free calls (S 12 2)

    HS San Jose CA men arrested for altering, selling cellular phones (S 20 1:21)

    + E-mail tap nets German cell-phone fraudsters (S 21 2:19)

    SH Risks of lap-top computers being permitted in exams (S 13 3)

    $SH Embezzlements, e.g., Muhammed Ali swindle [$23.2 Million], Security Pacific ($10.2 Million), City National Beverly Hills CA [$1.1 Million, 23Mar1979] Marginally computer-related, but suggestive of things to come?

    S On-line BBS bug fix downloaded to an M1 tank in Saudi Arabia (S 16 2)

    1.25 Cryptography

    ..... Limitations of encryption and related problems (recent):

    SP National Research Council study report (CRISIS) on U.S. cryptography policy available from National Academy Press (http://www2.nas.edu/cstbweb) (R 18 14,17)

    Shi Robert Litt's comment on National Research Council crypto study (http://www2.nas.edu/cstbweb): it was written before he came on board and therefore he didn't feel obliged to read it. (S 23 5:27, R 19 80)

    SP Hal Abelson (MIT/HP), Ross Anderson (Cambridge Univ.), Steven M. Bellovin (AT&T Research), Josh Benaloh (Microsoft), Matt Blaze (AT&T Research), Whitfield Diffie (Sun Microsoft), John Gilmore, Peter G. Neumann (SRI International), Ronald L. Rivest (MIT), Jeffery I. Schiller (MIT), and Bruce Schneier (Counterpane Systems), The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption, May 27, 1997 (ftp://research.att.com/dist/mab/key_study.txt or .ps; http://www.crypto.com/key_study). This report considers the technical implications, risks, and costs of `key recovery', `key escrow', and `trusted third-party' encryption systems. (R 19 17, discussion R 19 18) It has appeared in various places, including the World Wide Web Journal, volume 2, issue 3, Summer 1997, O'Reilly & Associates, pp 241-257. This report was reissued in the summer of 1998 with a new preface: "One year after the 1997 publication of the first edition of this report, its essential finding remains unchanged and unchallenged: The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs. These risks and costs may not be appropriate for many applications of encryption, and they must be more fully addressed as governments consider policies that would encourage ubiquitous key recovery." [http://www.crypto.com/key_study]

    SP McCain-Kerrey Senate bill seeks crypto key-recovery infrastructure (R 19 23)

    SP Cryptography Policy and the Information Economy, Matt Blaze (R 18 71)

    +/- The Net Never Forgets (R 20 09-10), although the UK Labour Party removed its earlier promises against encryption controls from its Web site (R 20 11)

    SP 33 nations sign Wassenaar Arrangement on crypto export controls (R 20 11); some exemptions considered for open-source crypto software (R 20 11,12) and public-domain software (R 20 13)

    +/- French announcement on changes in liberalizing crypto policy (R 20 17-18), legal quirk (R 20 20)

    Sf Report on timing cryptanalysis of RSA, DH, DSS (Paul C. Kocher) (S 21 2:21)

    SfmM($?) Many new crypto-related results: Crypto implementations, particularly in smart-cards, under theoretical attack by interference-induced faults: Boneh, DeMillo, and Lipton (Bellcore) on public-key crypto (R 18 50); Ross Anderson on smart-cards (R 18 52); Biham and Shamir on differential fault-induced analysis of symmetric crypto - DES, triple DES, RC4, IDEA, etc. (R 18 54, 56); also Paul Kocher (R 18 57) and Ross Anderson (R 18 58); retrospective research note on crypto fault analysis, J.-J. Quisquater (R 18 55); role of replication? (R 18 58); history - note on Bletchley Park Colossus breaking Fish ciphers (R 18 59); practical tampering attacks, Ross Anderson and Markus Kuhn, Usenix Electronic Commerce paper (R 18 62); more from Quisquater (R 18 64)

    SHOA Paul Kocher provided information on three related attacks: Simple Power Analysis, Differential Power Analysis, and High-Order Differential Power Analysis, applicable particularly to devices such as smart cards. See Introduction to Differential Power Analysis, by Paul Kocher, Joshua Jaffe, Ben Jun, Cryptography Research (R 19 80)

    SP RSA crypto challenges: Ian Goldberg cracks 40-bit RC5 in 3.5 hours, using 250 machines to exhaust 100B would-be keys per hour (R 18 80); Germano Caronni cracks 48-bit RC5 in 312 hours, using 3,500 computers to search 1.5 trillion keys per hour (R 18 82); RSA's DES-I challenge broken after 4 months (http://www.rsa.com) (R 19 23); RSA's RC5-56 challenge cracked by Bovine Cooperative (S 23 1:14, R 19 43); DES-II-1 challenge cracked: 63 quadrillion keys, 90% of keyspace (R 19 60)

    SO DES Cracked: "EFF DES Cracker" Machine Brings Honesty to Crypto Debate; Electronic Frontier Foundation Proves DES Is Not Secure announcing the Deep Crack machine. See Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design, published by O'Reilly and Associates. (http://www.eff.org/descracker) (S 23 5:27; R 19 87); review of Cracking DES (R 19 90); implications on cracking passwords, including L0phtCrack (R 19 91-92)

    + Deep Crack (part of Distributed.Net's 100,000 PC attack) cracks RSA's DES Challenge III in less than a day, Jan 1999 (R 20 17-18)

    S Elliptic curve 97-bit challenge broken in 40 days with 740 computers in 20 countries (R 20 61)

    SH Lucent cracks SSL e-commerce encryption code (R 19 84)

    S Cryptanalysis of Frog, a not-very-strong AES candidate to replace DES (R 19 92)

    SP Implications of outlawing concealed messages: ban the Bible, smiley faces, foreign languages (Navaho used in WWII), on-line card catalogs, random numbers, what else??? (R 19 37-41); use of steganography, e.g., in graphical images (R 19 40,41); Feynman's censors in WWII objected to math! (R 19 39)

    SP(f?) More on risks of key recovery: see also PGN testimonies before the Senate Judiciary Committee and House Science Committee subcommittee on Technology, with written responses to questions as well (http://www.csl.sri.com/neumann/).

    S "Private doorbells" proposed alternative to key-recovery (R 19 85)

    Sf More on cryptographic hashing and MD5, Paul Kocher (R 19 26)

    S John Gilmore publishes strong crypto code for authentication (R 19 52)

    Sf? Discussion of alleged weak RSA keys in PGP (R 19 50)

    SP New attack on PGP keys with a Word Macro (R 20 19-20)

    Sf Exchange/Outlook plug-in for PGP bypasses crypto (R 19 81-83)

    S Why cryptography is harder than it looks, Bruce Schneier (R 19 61)

    SH Cypherpunks break GSM digital cell-phone encryption in 90M units (R 19 67-68); response from GSM Alliance (R 19 69)

    SP More on the key-recovery crypto discussion, including the Denning-Baugh report on crypto impediments to law enforcement (R 19 62,63,65,67,72)

    S Discussion of smart-card security, responding to Card Technology Magazine declaring, "The smart card is an intrinsically secure device." (R 18 91)

    S Commerce Secretary calls U.S. encryption policy a failure (S 23 4:25, R 19 68)

    SP Ron Rivest's nonencryptive Chaffing and Winnowing (S 23 4:25, R 19 64); natural-language example (R 19 65)

    SP Cellphone CMEA 64-bit encryption effectively only 24 or 32 bits (R 18 92)

    SHP Cellphone carriers can listen in through your phone, Ryan Block (R 24 02)

    S Myths about digital signatures discussed by Ed Felten (R 18 83,84)

    S Leevi Marttila program translates C to English and back; used for crypto, what is free speech and what is not exportable? (R 19 92)

    Sfi Microsoft Outlook e-mail glitch discloses unencrypted message; cancelled message not cancelled (R 19 74,76)

    mh Risk of not backing up PGP Key Ring files (R 20 30)

    hei Risks of running a public-key infrastructure (R 20 32-33)

    SH Adi Shamir reports design of special-purpose machine to factor RSA prime products (R 20 37)

    $SH Parisian programmer Serge Humpich makes his own smartcards; cracked 640-bit crypto key (R 20 77); despite negotiations to reveal the technique, he was convicted of fraud, but given suspended sentence (R 20 82).

    VSH Stephen King's on-line-only eBook taxes Web sites on opening day, 14 Mar 2000, representing unintended denials of service! (R 20 85); it was rapidly reverse engineered, decrypted, and pirated; ISPs forced customers to delete it, but was still available elsewhere (e.g., a Swiss bulletin board); developers blame export controls for weak crypto! (R 20 86)

    ..... Limitations of encryption and related problems (less recent):

    S 100-digit numbers factorable; crypto implications [as of 1988] (S 14 1)

    SP DES vulnerabilities claimed by Shamir and Biham (S 16 4, R 12 43); requires large amounts of known plaintext, ADDS credibility to DES!

    S 56-Bit Encryption Is Vulnerable, Says Phil Zimmermann (S 21 5:19)

    S Discussion on the strength of 56-bit crypto keys (R 18 26,27)

    SP Potential problems with NIST-proposed Digital Signature Standard (DSS) and DSA (based on ElGamal and Schnorr): Bidzos (R 12 37); Rivest, (R 12 57,58); others (R 12 33 to 35); Hellman, (R 12 63).

    $SP Risks of export controls on workstations, cryptosystems (R 12 30-35); See also Clark Weissman, Inside Risks, CACM, 34, 10, p.162, Oct 1991.

    SP Sun exploits loophole in crypto ban for SunScreen SKIP E+ (R 19 17)

    SP MD5 weakness and possible consequences (R 19 14,16,24,26)

    $SP Computer Systems Policy Project estimates $60 billion market-share loss in year 2000 resulting from current U.S. export controls on crypto products (R 17 61)

    $SP Crypto export licenses issued to Apple, Adobe, RSA (S 17 3)

    $SP U.S. encryption export control policy softens somewhat (S 17 4)

    S U.S. program export controls ruled unconstitutional by Northern California federal judge, Marilyn Hall Patel (R 18 69)

    SP Charges dropped relating to PGP export and Phil Zimmermann (S 21 2:20)

    SP Daniel Bernstein case involving export controls for crypto programs, snuffle and unsnuffle (R 19 05, 18 69, 19 52)

    SH Forged "PGP has been cracked" message (not from Fred Cohen); pursuing the given URL could lead to your ISP disabling you! (R 19 08,09)

    $SP NSA, FBI, cryptosystems: J. Abernathy, Houston Chron. 21Jun92 (S 17 4)

    SP Escrowed Key Initiative (Clipper, Capstone, and Skipjack) discussed (S 18 3:A12, R 14 51-59, ff.); Skipjack Review by Dorothy Denning (R 14 81); more on Escrowed Keys, SkipJack, Clipper, and Capstone (R 15 46, ff.)

    S NSA declassified 80-bit Skipjack encryption algorithm and its 1024-bit key-exchange algorithm (R 19 84)

    S Comments on the U.S. Government Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure (TACDFIPSFKMI) (R 19 84-86).

    SP "Key Recovery" replaces "Key Escrow" in U.S. encryption plan (R 18 50,54)

    S Palisades Park NJ school employs 16-yr-old to break into locked-up computer system - need for key recovery mechanisms? (R 18 70,71)

    $S Nov 1995 report on minimal key lengths for symmetric ciphers (R 17 69)

    SPH FBI digital phone tapping, see M.G. Morgan, IEEE Institute, Sep/Oct 92

    SP Police can't crack crypto used by Basque terrorist organization (S 17 3)

    ! Bank robber foiled by security screen (S 20 1:16)

    ..... Other topics related to cryptography:

    - Discussion over who discovered public-key crypto first: UK's CESG, or NSA, prior to Diffie-Hellman? (R 19 51)

    Sf Microsoft Crypto Service Provider confusion over "NSA" key discussed (R 20 57-58,60)

    1.26 April Foolery and Spoofs

    ..... April Fool's Day items

    +- April 1984 special section of the Communications of the ACM edited by PGN: A Further View of the First Quarter Century, pages 343-357, including The Complexity of Songs (Donald Knuth), The Telnet Song (Guy Steele, Jr.), A Linguistic Contribution to Goto-less Programming (R. Lawrence Clark - the famous Come-From paper), CLOG: An Ada Package for Automatic Footnote Generation in Unix (Preet J. Nedginn and Trebor L. Bworn), Languages: Three Interviews (Peter Brown), and a classic, The Chaostron: An Important Advance in Learning Machines (J.B. Cadwallader-Cohen, W.W. Zysiczk, and R.B. Donnelly).

    SH 1984: Chernenko at MOSKVAX: network mail hoax by Piet Beertema (S 9 4)

    SH 1988: Self-referencing forged April Fool warning message, seemingly from Gene Spafford (S 13 2,3; R 6 52)

    +- 1990: Transmission of IP Datagrams on Avian Carriers (S 15 3)

    $S 1995: Internet cybergambling (R 17 02)

    Microsoft will NOT acquire the Catholic Church! (S 20 2:7)

    1997: French immune to Y2K: quatre vingts dix neuf (4x20+10+9) will increment to cinq vingts (5x20); Windows ninety-ten will adopt similar strategy (R 19 01)

    1997: Proposal to lengthen the second by 0.00001312449483 to eliminate leap years (R 19 01) or slow down the earth's orbit accordingly (R 19 02)

    1997: Microsoft buys Sun in order to kill Unix (R 19 01)

    1997: Hale-Bopp solar wind (cosmic radiation) causes ticking and buzzing in computer mouse; problem worsened by Internet acting as giant antenna (R 19 02)

    1998: Funding for a new software paradigm, removing rarely used code producing routinely ignored diagnostics, to combat software bloat (R 19 64)

    1998: Quantum computer cracks crypto keys quickly (R 19 64)

    1998: The Computer Anti-Defamation Law protecting developers against criticism (R 19 64)

    1999: The Y9Z problem, Mark Thorson; 99 rolls over to 9A; 199Z (the year 2025) rolls over to 19A0; then 19ZZ can roll over to "2000" (R 20 26)

    1999: Y2K bug found in human brain (R 20 26)

    1999: Vatican announces all computer systems ready for new millennium; Roman numerals are the answer! (R 20 26)

    1999: Historical retrospective analysis of the Y10K problem, dated 1 Apr 9990 (R 20 26)

    1999: RFC2550 - Y10K and Beyond: marvelous RFC on solving the Y10K problem by Steve Glassman (R 20 27)

    1999: Linus Torvalds starts for-profit LinusSoft; open-source advocates SlashDot launch SlashDot Investor; Richard Stallman of the Free Software Foundation now Senior Vice President for Ideology (R 20 26)

    1999: Professor wants Y2K jokes banned on the Net (Edupage item, R 20 28)

    1999: Congress votes to move Daylight Savings cutover to Monday to avoid Easter confusion (R 20 28)

    1999: Tuxissa Virus creator (Anonymous Longhair) modifies Melissa to download and install Linux on infected Microsoft systems (R 20 29)

    1999: Running out of time on Y2K? Add a month to the calendar (Martin Minow)

    1999: Zurich loses citizens files on 31 Mar 1999 after Y2K upgrade test crash (R 20 29); was this real or April Foolish? Doesn't matter. The lesson is the same: keep backups (R 20 30)

    1999: Australian Securities & Investment Commission's April Foolery: Millennium Bug Insurance (R 20 37)

    2001: Windows 2000 source-code access to top MS customers protested by smaller customers; spoof on it being written in Microsoft Basic with obscure variable names (S 26 4:11, R 21 31) and follow-up comment (R 21 33)

    2001: Foot-and-mouth virus propagation: "first virus unable to spread through Microsoft Outlook" (Copyright, http://www.satirewire.com/news/0103/outlook.shtml) (R 21 31, with serious follow-up in R 21 33); also, roles of computers and bureaucracy in real spread (R 21 76)

    2001: Bogus movie description created by techies at The New York Times in test development in 1998 showed up accidentally in the paper - on 1 Apr 2001! (S 26 4:11-12, R 21 36)

    2002: ARF reconstituted as the Bureau of Alcohol, Tobacco, Firearms, and Software (ATFS), in an attempt to regulate the software industry, with penalties for possession of unlicensed products (R 22 01); discussion of this and the following 2002 spoofs (R 27 04)

    2002: Review of a bogus book, "Hacking for Dummies"; also two older pieces revisited, If GM build computers and if Microsoft built cars, and a SatireWire item on splitting up Microsoft into two companies, one to make software, the other to make patches (R 22 01)

    2002: Parody, "If General Motors had kept up with the technology like the computer industry has, we would all be driving $25.00 cars that got 1,000 miles to the gallon." Also, followup parody of would-be GM response, e.g., cars that crash twice a day, press start to stop the engine, airbags asking for confirmation, and overloaded single control interface (R 22 01); interesting discussion of the actuality of several of these (R 22 02-03)

    2002: Splitting Microsoft into two companies, one to make software, the other to make patches (R 22 01)

    2002: Spoof after warning to New South Wales students to watch out for 1 April (R 22 04)

    2002: The Scandanavian "nation" of Ladonia draws thousands of requests for citizenship! (R 21 96)

    2003: The Security Flag in the IPv4 Header, the Evil Bit (Steve Bellovin, R 22 66); alternative: The Angelic Bit (Drew Dean, R 22 66)

    2003: Recycling of old programs (R 22 66)

    2004: Coincidental Risks - related to electronic voting systems (Jim Horning, R 23 29, S 29 5:17-18)

    2006: Scholastic Aptitude Test errors resemble electronic voting machines (R 24 22)

    2006: Airbus A380 Evacuation Test (R 24 22)

    2006: Boeing B777 flight control anomalies (R 24 22)

    2006: Cartography dream realized: 1:1 scale maps (R 24 22)

    2006: Motorist trapped in traffic circle for 14 hours (R 24 22)

    ..... Other spoofs and pranks:

    VSHOA See the various Web site hacks above, in which the Justice Department, CIA, Air Force, NASA, Army, and other Web sites had bogus pages installed.

    VSHO 1984 Rose Bowl hoax, scoreboard takeover ("Cal Tech vs. MIT") (S 9 2)

    H CNN nearly broadcast bogus on-line report of Bush's death in Japan (S 17 2)

    SH Bogus report, BritTelecom NOT hacked for intelligence secrets (S 20 2:13)

    SH AOL4FREE.COM virus report started out as yet another hoax, but such a virus was actually created within 24 hours (R 19 11)

    SH Moynihan Commission report on Penpal virus hoax (R 19 04)

    SH E-mail hoax at University of Maryland: canceling classes (R 22 72; S 28 4:8-9)

    SH Washington DC street message board displays bogus message (S 15 1)

    SHA Caltrans freeway off-ramp sign spoofed (S 21 2:20)

    SHAO Bogus computer-generated draft notices swamp Univ. Minnesota (S 16 2)

    SHAO Bogus e-mail submits Univ. of Wisconsin official's resignation (S 19 1:7)

    SHAO German intruder forges White House messages (R 17 31,32)

    $SH "Goodbye, folks" software prank costs perpetrator £1000 (S 11 3)

    - [bogus] First cybersex pregnancy Weekly World News (R 19 60)

    - Reactions to Mary Schmich's parody of Kurt Vonnegut on the Internet (R 19 29)

    SHI London Underground hacked by insider posting nasty messages (R 17 36)

    SH Risks of digital video editing - authenticity question (S 14 2)

    S Risks in altered live video images: L-vis Lives in Virtual TV (R 18 18-21)

    $SH Beeper messages to call back result in $55 900-number charges (S 16 3)

    SH Password attack as e-mail root spoof demanding password changes (S 16 3)

    $SH Houston City Hall voice-mail pranked; no passwords needed! (S 16 4)

    S Stolen account used to send hate e-mail at Texas A&M (S 20 1:21)

    - Computer system tracks school assignments and automatically calls home on students who cut classes until someone/something answers; spoofable (S 17 1)

    - Bogus element 118 un-discovered. Phonium? Phakium? Phorgium? Phudgium? Mike Hogsett suggested Itaintium (It-ain't-ium or I-taint-ium) and Unscrupulum. With elements 102 and 101 being Nobelium and Mendelevium, Stephen Poley suggested 118 would be Nobelievium. (R 22 31-32)

    +/- Computer-generated gibberish conference paper accepted (R 23 84; S 30 4:26)

    1.27 Privacy Problems

    ..... Recent yet-to-be-merged privacy items: SPf Privacy flaw in CyberCash 2.1.2 discussed by Steve Crocker (R 19 47)

    SP Discussion of Easter Eggs (hidden features) in commercial software (R 19 53,55)

    P Ontario removes privacy controls on students' personal information (R 19 48)

    SP Swedes discover Lotus Notes (64-40 or fight?) has key-escrow crypto (R 19 52)

    $SHPOe Japanese bank records stolen; aftermath of flawed upgrade (R 19 53)

    P China cracks down on Internet access (R 19 54)

    P Navy discharge case based on violation of don't-ask don't-tell, illegally gained AOL data (R 19 55); ruling reversed

    PfSoftware flaw causes Virginia to misidentify 2300 people as child-support deadbeats (R 19 58)

    +/- Response to West Virginia 'deadbeat-dad' glitches: woman builds system to counter effects (R 19 73)

    S?P? Discussion of possible risks of interpreting robots.txt (R 19 57-59)

    SP? Furby off-limits at NSA as security risk (R 20 16,20)

    SP win.tue.nl ftp site hacked, login/uid info forwarded to Hotmail (R 20 18-19)

    SP Serious security breach in Canadian consumer-tracking database (R 20 18)

    P Furor over Intel's Pentium III processor ID discussed by Bruce Schneier (R 20 19); German report of flaw re-enabling override of ID disabling (R 20 23)

    hPi U.S. Bureau of Labor Statistics posts official tables one day prematurely (R 20 05); another premature data release: Producer Price Index (R 20 16); Australian budget press release follows suit, blamed on "technical and human errors" (R 20 39)

    SP Markus Kuhn and Ross Anderson's Soft Tempest, Microsoft, and copy prevention (R 19 59-60)

    SP American Bar Assn OKs unencrypted Internet e-mail for client documents (R 20 34)

    P? DejaNews feature on surreptitious URL link manipulation (R 20 34-36)

    P IWC Watch Company site publishing visitors e-mail addresses (R 20 35); wrong URL posted! (R 20 36)

    SP SingNet surreptitiously scans customer PCs: "looking for CIH virus" (R 20 40)

    SP* Bank United of Texas to use iris scanners (R 20 40)

    SPH MI6 agents "outed" on Web by disgruntled employee (R 20 39)

    P Conflict between UK libel law and U.S. free speech on usenet items written in the U.S. (R 19 79)

    SP Cell phones can be instant bugs! (R 20 53)

    SP Electronic wiretaps on wireless devices outnumber those on wireline phones (R 20 41)

    P Distributed cooperating Smart Dust particles as spies? (R 20 58)

    P Proposal for Secret Service national ID database (R 20 57)

    SPh Canadian spy secrets leaked on Web (R 20 55)

    SP+/- NCIC 2000 began 11 Jul 1999, with remote mugshots, fingerprint searches, expanded coverage (probation, parole, sex offenders, in prison); risks of false positives, accuracy/timeliness of new entries, no probable cause; cost overran x2 (US$183M vs US$80M), took 7 years not 3; accuracy requirement relaxed; risks of use on ordinary folks? (R 20 53); Mass. requires mugshots/fingerprints for firearm owners with no law enforcement records, forwarded to Feds (R 20 54-55)

    SPhi NCIC database accuracy requirements relaxed (R 22 65,67,69,71)

    P California wants to sell confidential wage data (R 20 43)

    SP Man recording police abusiveness sentenced for violations of wiretap statute (R 20 47)

    P DoJ seeks wider access to computer data (R 20 55)

    P Risks of sharing files via Yahoo (R 20 53)

    Ph Risks of unexpected cell-phone redials (R 20 46)

    P Minnesota Bank sued over client data sale (R 20 44)

    SP Zero-Knowledge Systems allows five pseudonymous identities, but restricts number of messages (R 20 69)

    SP Steganographic IDs in color copier/printer images (R 20 68)

    SAPi Risks in ResearchIndex, digital library of CS papers (R 20 70)

    SPhe Northwest Airlines may have leaked credit-card numbers after maintenance (R 20 74)

    $SHP Small-town Italian postman intercepts PIN codes for more than 100 new credit cards (R 22 68)

    SPf TWA e-mail includes others' addresses (R 20 85)

    SPH Stolen MI5 laptop contains sensitive info (R 20 85)

    SPf Breach 12-13 Feb 2000 exposes H&R Block customers' tax records, Block shuts down 15 Feb, 2nd time in two weeks (R 20 80)

    SP On-line confessional Web site promises privacy! (R 20 76)

    SP Great West bank reveals personal info (R 20 80,82)

    P Georgetown Univ. study criticizes health sites for privacy intrusions (R 20 78)

    P Lawsuit against Yahoo! for collecting cookies (R 20 78)

    P Doubleclick saga: Michigan files "notice of intended action" over cookies (R 20 81)

    *P Cybersex compulsives represent hidden health hazard (S 25 3:22, R 20 84)

    P Havenco, data haven offshore from UK (R 20 91)

    P Julia Roberts gains access of her named domain, and other cases of domain-name hijacking (R 20 91)

    P Pac*Bell publishes 400,000 phone books with Cox Communications customers' unlisted phone numbers, including names and addresses; Cox blamed for not pruning its own list (R 20 90-91)

    SP Powergen: 7000 customers' Credit-card info exposed on the Web (R 20 97)

    SPf Glitch at Amazon.com exposes e-mail addresses (R 21 04; S 26 1:37)

    SPf "Free" e-mail accounts and passwords exposed for a month (R 21 03; S 26 1:37)

    SPh Mix-up sends Spanish bank e-mail to Virginia BBoard (NewsScan, R 20 94)

    SP Verizon's 28M private phone records exposed on Web (R 21 01; S 26 1:38)

    SP British law would allow police to intercept e-mail (R 20 95)

    SP(+/-) White House revised encryption policy (R 20 95)

    SP Hotel telephones give identity of called room occupants (R 20 93)

    SP+/- People For Internet Responsibility (PFIR) Statement on Government Interception of Internet Data, 7 Sep 2000 http://www.pfir.org/statements/interception (R 21 04); Statement on Internet Policies, Regulations, and Control (http://www.pfir.org/statements/policies) (R 20 96)

    P Internet content for 2000 Olympics restricted to protect TV (including diaries, chats, streaming video) (R 21 07)

    SPH CIA secret off-color chat room undetected for five years (R 21 13)

    P Richard M. Smith's top 10 privacy stories of 2000 http://www.privacyfoundation.org/release/top10.html (R 21 18)

    P Intelligence gathering risks from some over-informative e-mail auto-responses (R 21 16,22)

    SP IBM and Intel push copy protection into ordinary disk drives: various views (R 21 17-19)

    P Privacy/quality risks in Quicken Online Billing Service (R 21 17)

    Phf Credit report full of errors - and ex-spouse's address (R 21 17)

    hiP Misidentification: recorded on CCTV, UK citizen arrested after making normal transaction immediately following cash-machine thief (R 21 36)

    SP Dutch government advised to give citizens Web access to Civil Registry 'digital vault' with their personal information; risks issues (R 21 33)

    SPh Kew Public Records Office using British prisoners for data input of old census data; they made changes such as "wardens" to "bastards"; subsequent corrections being outsourced to "cheap labor" in India (R 21 35)

    P Amtrak 'sharing' passenger information with Drug Enforcement (R 21 36); later backs down

    SSN problems in mortgage info database (R 21 31)

    SP 9 states have insecure sex-offender Web sites; 2 have insecure criminal history records (R 21 22)

    SP GAO finds lax security in IRS electronic filing system, ability to read and change other people's returns (R 21 28)

    SPf Network Solutions exposes e-mail addresses, enables unauthorized deletions (R 21 21)

    Sh Porn site took over domain of widely used agricultural resource center, causing unfortunate links from government and school sites; faulty Network Solutions record-keeping blamed (R 21 29)

    SPf Bibliofind exposes credit-card info for 4 months (R 21 26-27)

    SPH Theft of RCMP officer's vehicle gives home address, and robbery of home computers and property (R 21 22)

    P Police can read event data recorders in auto air-bag systems (R 21 23)

    Pf 401(k) mixup sends statements to off-by-one recipients, disclosing personal info (R 21 21)

    SPe Travelocity exposes 51,000 customers' information for up to a month (R 21 21)

    P Lax customer information privacy policies: Network Solutions (R 21 24), Amazon changes end-game policy, WebVan, ...

    P Lawsuit challenges "file buying" of prescription records when pharmacy stores are sold (R 21 35)

    SPf More on hidden info in MS Word documents (R 21 25,32)

    SP Fairfax Virginia police records are posted online (in MSWord), but never updated to include case dispositions (R 21 27)

    SP New flashlight sees through doors as well as windows (R 21 35)

    P Hidden highway robbery within Microsoft Terms of Use contracts? (R 21 32,35)

    SP U.S. Web sites fall short of global privacy standards (S 26 6:14, R 21 61)

    P Woman stalked by Michigan cop via police databases before being murdered (S 26 6:14, R 21 60)

    SPhe Georgia's HOPE scholarship program passwords and personal info exposed on the Web and cached on search engines for many months; deletion of one file blamed (R 21 58,59)

    SP Washington State public schools putting student information on the Internet; security and privacy questioned (R 21 43)

    P Council of the European Union considering storing all telecom traffic for at least 7 years - for "public safety and law enforcement"? (R 21 42-45)

    P Totally Hip's Mac "Livestage Pro" covert http tracking; Adobe similar (R 21 56,58)

    Se Building alarm-monitoring security-system update leads to insecurity: configuration database and backups deleted (R 21 54)

    Sfei Peoples Federal Savings Bank software upgrade goes awry: PINs inadvertently reset to obvious default; account linkages disabled; other changes (R 21 53); things not improved months later (R 21 82); retraction after bank explanation five months later (R 21 86)

    SP World bank, seeking safer place to meet, chooses the Internet! (R 21 43)

    Ph Illinois Registered Sex Offender database rife with consequential errors (R 21 44)

    SP More than 90 Michigan cops abused police database to stalk women, threaten motorists, settle scores (R 21 58)

    P(+/-) Omron Corp anti-theft device intended to stop stolen car outside police station and lock driver inside (R 21 58)

    SPH Software worm VBS.Noped.a searches your computer for pornography (R 21 49)

    SP Leakages of sensitive information: Excel (R 21 39); Berlin Bank (R 21 50); Eli Lilly Prozac users list (R 21 51); UK Consumers' Association Web site (R 21 51); UK cabinet minister's draft changes (R 21 53); medical records transcribed by 3rd-party, sent by unencrypted e-mail (R 21 56); AT&T Worldnet exposes all user passwords (R 21 57,61)

    SP FTD.com security hole leaks personal customer information (R 22 58)

    SP NASTAR Web site provides personal skier information to anyone (R 22 51)

    SHP Theft of 9 sports-club lockers followed by bogus phone calls from "police fraud department" asking for credit info, SSNs, etc.; several duped victims (R 21 56)

    SP Web site streams live audio from private Ottawa cell calls (R 21 48)

    P Supreme Court rules 5 to 4 in Kyllo case against thermal-imaging scanners (R 21 47)

    SP Scottish newspaper archive in contempt of court (S 27 2:13, R 21 88)

    SP Judge ordered hack of Interior Department trust fund system for Native Americans (R 27 2:13, R 21 81)

    SP Gwinnett County GA keeps prison inmates list online (S 27 2:14, R 21 81)

    SP FBI may not appreciate the risks with Carnivore sniffing e-Mail (S 27 2:15, R 21 82)

    SPH Wiretapping equipment compromised: FBI, CALEA (R 27 2:15, R 21 83)

    SP Web site about PC security asking to lower PC/browser security (S 27 2:16, R 21 86)

    Sf US ARO seeking odortype detection (R 22 43)

    SPi Iceland places trust in face-scanning (S 27 2:17, R 21 89)

    SP An outrageous violation of privacy in composite picture of WTC helper (S 27 2:17-18, R 21 87)

    SPhi ATT ignores its own privacy policy with cleartext bypass of SSL (S 27 2:18, R 21 86)

    SP Office XP, Windows XP can send sensitive info to Microsoft in debugging information following crashes (R 21 82)

    SP P3P privacy filters in IE6 present legal liability; in 1999, Bancorp paid $7.5 million for misstatements in posted privacy policy (R 21 82)

    SP Virginia county recalls 11,000 student laptops to retrofit security against porn, grade changing, game/music downloading, in-class messaging (R 21 88)

    SP German government bans porn (worldwide) except from 11pm to 6am German time! (R 21 81-82)

    SP RSA Conference e-mail newsletter has tracking bugs (R 21 89)

    SPA$ Official self-service litigation system available in England and Wales (R 21 89)

    SPf Wireless Nanny-Cam broadcasts hundreds of yards away, easy to intercept (R 22 04-05); wireless network eavesdropping can be done with an antenna made from an old Pringles tube (R 21 96)

    $SPHI Brisbane ISP in court for intercepting e-mail and fraudulent debits (R 21 89)

    SPH Theft of 30,000 Experian credit reports by masquerading as Ford Motor Credit office (R 22 09-10)

    SP Teale Data Center's California personnel files were breached for all 265,000 state workers (R 22 10)

    SP RSA Conference html-ized e-mail has tracking bugs (R 21 89)

    SPf Risks of hotel STSN Internet access (R 21 91)

    SP New official self-service litigation system available in England & Wales (R 21 89)

    SP LED light content reportedly can be detected remotely (R 21 94-96,98)

    SP Security leak in Dutch Internet sexshop (R 22 01)

    $SP Saab USA Web site leaks customers address, offers extra discounts (R 22 01)

    SP Gillette's Mach3 includes MIT antitheft tracking microchip (R 22 02)

    SPi UK govt wants to make Internet "e-filing" compulsory by 2010 for tax returns, with £3,000 fines (R 22 07)

    SPf E-mail subscription link gives full access to other people's personal details (R 22 01)

    ShP Midwest Express Airlines Web site leaks customer information (R 22 05)

    SP Photocopier stores document for later printing; confidentiality risk (R 22 01)

    P British Telecom publishes list including confidential ex-directory telephone numbers (R 22 01)

    Pi BBC monitoring policy states that any response whatsoever constitutes consent to e-mail being monitored; e-mail opt-out impossible! (R 21 95); This is a requirement of the UK "Regulation of Investigatory Powers Act". (R 21 96); more on copyright implications (R 21 98)

    $P CT Dept of Consumer Protection questions speeding fines levied by rental-car companies (R 21 91)

    SP Risks of SafeWeb anonymizer: tunneling too close to the person you're trying to protect (S 27 3:12-13, R 21 93)

    SPA Privacy risks in MSN Messenger 4.6 (R 22 13)

    SP Risks of identity-theft Web site (R 22 13)

    SPA 54% of U.S. schools use students for computer tech support (R 22 11)

    SPA Japanese service links ATMs to cell phones (R 22 16)

    SPH Enron/Anderson types of problems reach into information technology: the Big 5 accounting firms also audit information assurance and security (R 22 13)

    SP Tracking subway users by electronic fare cards (R 22 12)

    SP Finger-printing children in schools, without parental involvement (R 22 18)

    SPfi Kazaa users inadvertently share their private files (R 22 12)

    SPf Web glitch exposed 300,000 Canadian accounts at Fidelity Investments (R 22 12)

    P Are we legally obligated to watch commercials? (R 22 12)

    P Citibank's third-party e-mailing raises privacy concern (R 22 23)

    SP Federal appeals court overturns its own Web site privacy ruling (R 22 23)

    P$ Tough EU privacy rules influence U.S. Web practices (R 22 22)

    VSHPm Rube Goldberg strikes again: man damages cruiser; police use pepper spray, restraints, place him in jail cell; he jumps up, hitting light and microphone, destroying the light, tripping a circuit breaker, causing the police dispatch room lights to go out and messing up the phone systems (R 22 22)

    $SPf New Jersey E-ZPass transponders wearing out, causing bogus citations and necessitating 900,000 replacement devices (R 22 31)

    $h Problems with Chicago-area toll road transponders: Activating I-PASS hits a roadblock; Online demand blamed for delay (R 23 67)

    SPf? Lying Lie Detectors, William Safire article quotes National Research Council study: "No spy has ever been caught [by] using the polygraph." (R 22 30)

    $SP$ etc. The Underground Web: illegal activities so easy (R 22 24); fake Internet bank bilked two people out of $100,000 (R 2 29)

    SP Oregon proposing to tax in-state car mileage via GPS (R 22 46)

    P Privacy Journal ranks states on privacy; California and Minnesota best (R 22 32)

    P(h/f?) BSA Accuses OpenOffice ftp sites of piracy (R 22 60-62)

    SP+ Good example: seriously protected patient data with real deletion (R 22 60,62)

    SHP New $40 telemarketing tool makes caller ID fakery easy (R 22 60)

    SHP Bogus Hotmail password change page captured 120 user accounts (R 22 57)

    SHP Information on 5 million U.S. credit-card accounts hacked (R 22 56)

    SP+ eBay Sting locates stolen Fluke inline network tester (R 22 56)

    SP eBay privacy policy wide open to investigators (R 22 59)

    SP Junked hard drives yield lots of personal data (R 22 50)

    SP Hong Kong gym pulls plug on camera cell phones (R 22 49)

    SP Alcala University developing electronic system to monitor and remotely control elevators over the Internet (R 22 58)

    SP Judge suspends Washington State telephone privacy regulations; constitutionality? (R 22 55)

    P Scientology critic fined under French law for Web site (R 22 59-60)

    SPA T-Mobile Hotspot uses SSN for passphrase (R 22 72)

    SP- Use of satellite cell phones among embedded media folks in Iraq: Risks of not being lost! (R 22 69)

    SP Cisco's eavesdropping enables undetectable lawful interception (R 22 71)

    SPfh Search engines making sensitive information easy to locate (R 22 64)

    SP Benetton clothes to include tracking chip (R 22 64); later rescinded

    SP Federal privacy rules for medical information (R 22 69); rules let marketers see sensitive patient data (R 22 70)

    SP- Secrecy and the Patriot Act: library records, wire transfer blocked because of spouse's name, law suits, etc. (Amy Goldstein, NYT, R 22 90)

    Shi 193 innocent Brits erroneously labelled as criminals due to erroneous records (R 23 34)

    SP Self-referential Patriot Act suppression of law suit against Patriot Act (R 23 35)

    P MIT Web site provides dossiers on government officials, turning the tables (R 22 79)

    SP QinetiQ "intelligent" airplane seat to detect nervousness in passengers and alert airline staff (R 22 78)

    SP FTC increases focus on privacy; serious vulnerability on Guess Inc.'s Web site revealed 200,000 customer credit-card numbers (R 22 79)

    SP WhereWare tracks your location (R 22 90)

    SP Wall Street trading scandal uses instant messaging evidence (R 22 91)

    SHPIi VeriSign's Site Finder captures all nonexistent .com and .net addresses, breaks all sorts of Internet services, causes significant controversy (R 22 91); VeriSign temporarily suspends Site Finger (R 22 92)

    SHAOP Men steal computers from high-security Sydney Airport facility (R 22 90)

    SP Resold BlackBerry contains sensitive Morgan Stanley data (R 22 88)

    $S BlackBerry patent infringement battle threatens users (24 11); resolved out of court with large settlement!

    SP Confidential hospital records in memory stick (re)sold-as-new (R 22 83)

    SP Microsoft Word hits Tony Blair: Web-posted document residues shows names of four employees involved in the plagiarized dossier on Iraq (R 22 79, two items)

    SPfh NZ Health Commissioner's anonymised case reports not so anonymous, including Word residues (R 22 81)

    SP Metadata residues in Photoshop files (R 22 83,84)

    P Indiana man charged in e-mail stalking of TV anchorwoman (R 22 80)

    SHP+ Inadvertent cellphone redial leaves burglars' conversation on victim's girlfriend's voicemail (R 22 79)

    SP U.K. man proves he was victimized by network porn vandals (R 22 84)

    SP Pentagon's plans for terrorism futures market attacked, perhaps led to John Poindexter's resignation from DARPA (R 22 83); America Action Market offers wagers on political events (R 22 83,84)

    SP New laws induce greater corporate surveillance (R 22 80)

    SP Coplink software helps police draw crime links (R 22 81)

    SP+(!) Cell-phone log retention finds missing IRS employee's body (R 22 78,79)

    SP Samsung Electronics bans camera phones from key factories (R 22 81)

    SP Tiny RFID tracking chips surface in retail use (R 22 77); RFID site security gaffe uncovered by CASPIAN consumer group (R 22 79); nuking of RFID chips (R 22 80,81)

    SPA UK: Sign someone else up to be an organ donor! No authentication. (R 22 77)

    SP Credit agencies sending our files abroad (R 23 01; S 29 2:15-16)

    SPf 'Unfixable' Word password hole exposed (R 23 12)

    SPf Danish PM's private communications disclosed by Microsoft Word residues (R 23 12)

    SPf Justice Department censors report on workplace diversity, but releases pdf version made from Word version with recoverable deleted text (R 22 97)

    SPh AOL filters based on whether they like embedded URLs (R 23 09)

    *SPfm, etc. 9 out of 10 computer users stressed; may be bad for your health, including spam, lost files, time wasted (R 22 97)

    SP Identity Denial: Chinese woman wins damages for daughter-in-law canceling her identity registration, making her nonexistent! (R 22 93,95)

    SP DoD RFID policy: friend and foe, with a note on risks in biometric passports (R 22 98)

    SP Biometrics: 'Not your father's fingerprints' win out (R 23 10)

    SP Security versus liberty? Cronkite: zero-sum; Ben Franklin, no (R 22 93,94,96)

    SPf Victoria's Secret reaches a data privacy settlement; security flaw exposes everyone's orders (R 22 97)

    SPh AP accidentally distributes celebrity phone numbers (R 23 12)

    P Outsourcing risks: Pakistani tries to blackmail UCSF Medical Center threatening to reveal private medical records (R 22 97)

    SHOP E-mail contains 'Lover Spy' software, reporting on Web site visits (R 22 96)

    SPfi DoD on-line security clearance process seriously problematic (R 23 04-06)

    SPf Holes in online job-search privacy (Brian Berstein) (R 23 03)

    SPi France Telecom: a heavily used risky Web site (R 23 03)

    SP FBI's reach into records is set to grow (R 23 03); MATRIX (Multistate Anti-Terrorist Information Exchange) deemed 20-billion record "largest database on the planet" collecting info on everyone in the U.S. (R 23 03)

    SHPf Minnesota's CriMNet hacked, then shut down (R 23 03)

    SHP Supposedly private bank balances easily available on the Internet (R 23 11)

    SP Car-monitoring service allows you to be your own Big Brother (R 23 11)

    SHPI FBI employee snoops through confidential police databases, sentenced to 12-month prison term (R 23 23)

    SHP 4.6-million DSL subscribers' data leaked in Japan? 3 men arrested for extorting 3 billion yen (R 23 22)

    SHP Theft of Client Information at Israeli Bank's "Information Fortress" (R 23 21)

    !hiP UK data protection laws and the Law of Unintended Consequences: Database check missed record of Cambridgeshire caretaker, who later murdered two schoolchildren; couple froze to death after gas improperly shut off (R 23 14,15,18)

    $SPdehi Dept of Homeland Security protects vendors of anti-terrorism technologies from liability (R 23 14)

    SPhi Discussion of lie-detector glasses, claimed 90% accurate! (R 23 14,16)

    $P Some rental cars keep tabs on drivers, charge hugely for driving out-of-state (R 23 13)

    P TiVo watches TiVo watchers, who are uneasy after monitoring of recordings of Janet Jackson's Super Bowl performance showed it was viewed more than three times more than anything else (R 23 18)

    SHP Victoria Australia police: ongoing misuse of privacy information (R 23 18)

    SHP Programmer three levels indirected from supervision posted sensitive community college child care database on the Internet (R 23 18)

    SP Federal court rules no privacy for e-mail passing through ISP servers; eavesdropping okay (R 23 44)

    SP Selling Web bugs to detect whether e-mail has been read (R 23 41,44)

    SP Privacy and Security Risks in Rampell's E-Mail Surveillance Service (R 23 41,42)

    SPA France Telecom voice mail espionage (R 23 41)

    SP Risks of digital cameras re: prisoner abuse (R 23 36)

    SP New UK driving licence puts identity at risk (R 23 37-39)

    SP GAO report on data mining: http://www.gao.gov/new.items/d04548.pdf: Verity K2 Enterprise; * Analyst Notebook I2; PATHFINDER; Case Management Data Mart (R 23 39,40,42)

    SPf U.S. plan to allow Net users in China, Iran to bypass national site blocking, but adds keyword blacklists (R 23 36)

    SPm Gas explosion creates confidential litter (R 23 35)

    SPhi DidTheyReadIt operations and security concerns (analysis by Rob Slade, R 23 49)

    SPf Security cavities in Bluetooth in mobile phones allow offloading of personal information (R 23 48)

    $SH eBay sellers fined by NY Attorney General for bidding up prices on online auctions: (R 23 59)

    Shi U.S. air travel without government identification (two sagas, from Dan Wallach, R 23 50, and Kathy Gill, R 23 53)

    SP Federal judge strikes down part of PATRIOT Act (R 23 55)

    SP+ New California Online Privacy Protection Act requires posting of privacy policies, effective 1 Jul 2004 (R 23 46)

    SP Privacy concerns over Australian e-mail law that allows easy access to information (R 23 51)

    SP Social security info breach on Utah State University campus (R 23 56)

    SP California schools warned of identity theft, via lost laptops (R 23 52)

    $SHP Identity theft: FBI bust (R 23 59)

    SPh Published password opens access to foster-care records in Florida (R 23 56)

    SP Google aids spammers via error pages (R 23 45); Google bot cache is back door for pay-per-view information (R 23 50)

    Sf iPod security risk (R 23 46)

    SHf VoIP vulnerabilities can lead to compromised Calling Number ID (R 23 45); VoIP = Voyeurism over IP? Tapping into servers and hard drives easy (R 23 47)

    SPi Star38.com Web site offers VoIP CNID falsification service (R 23 51)

    SP Report on security risks of applying CALEA to VoIP (R 24 32, S 31 5:20-21)

    SP U.S. Government to alter RFID passport regulations, after complaints from privacy advocates (R 23 87)

    SPfhi REAL ID: planned national ID card is a bad idea, and will make things worse not better: analysis by Bruce Schneier (R 23 87; S 30 4:30); More on risks of REAL ID: tripled fees, longer lines, unfunded mandate (R 23 95; S 30 4:30-31); discussion (24 02,04)

    SP What Search Sites Know About You (R 23 87; S 30 4:32)

    !SPhi PDF not a good format for redacting classified documents; blacked out portions of classified report on Calipara/Sgrena incident revived by cut-and-paste (R 23 86-88); another example of compromisible redaction (R 24 34)

    $SHPhi E*TRADE Complete Security System security problems discussed at considerable length (R 23 84-87)

    SP TSA finds data on air passengers lacked protection (R 23 81); TSA kept passenger information it promised not to (R 23 91)

    SHPif Even some major corporations don't understand domain names: Hertz information can be compromised by bogus domain (R 23 82)

    SHP List of reportedly aggressive drivers open to misuse (R 23 69)

    SP RFID tagging of Sutter California elementary school children (R 23 71)

    SHP More on risks of national driver's license standards and centralized driver information, and countermeasures (R 23 71); `Smart' driver's licenses a Trojan horse? (R 23 72)

    SP The UK Land Registry data now easy to access (R 23 70)

    SP MS Word marginal info leak in press release relating to Vioxx risks (R 23 71)

    SP GPS used to arrest snowplow driver (R 23 67); correction and further discussion (R 23 80);

    *SP DEA agent shoots self while demonstrating gun safety; a year later home video on the Web exposes the agent! (R 23 80)

    SP San Francisco police officer accused of using airport cameras to ogle women (R 23 85)

    SP Pentagon hires BeNow Inc. to creating database of high-school students to aid military recruiting (R 23 93)

    SHP New Hampshire self-service photo kiosk retains images, leads to prosecution (R 23 89)

    SP What the Amex Blue Chip does! (R 24 09)

    SPHi GAO reports roughly 2,310,000 e-mail addresses for which owner/contact WHOIS data is unknown; anonymity for spammers, whistleblowers, etc.? (R 24 12-13)

    SPhi "Analog Hole" Bill to impose secret requirement? VEIL vs CGMS-A, licenses required to see compliance spec (Ed Felten blog item, R 24 15)

    SHPi$, etc. Compendium of legal cases relating to e-mail (R 24 15)

    SHPi Peter Denning, Jim Horning, David Parnas, and Lauren Weinstein, Wikipedia Risks, Inside Risks column, CACM, p. 152, Dec 2005.
    http://www.csl.sri.com/neumann/insiderisks05.html#12

    SHP British MP falls foul of wiki-d pranksters (R 24 41)

    SHP A Little Sleuthing Unmasks Writer of Wikipedia Prank: Saga of John Seigenthaler Sr. (R 24 12-13)

    SP Live tracking of mobile phones prompts court fights on privacy (R 24 12)

    SP Privacy implications of Microsoft's Windows Live Local (R 24 12)

    SP New Jersey legislature may prohibit anonymous posts on forums; serious implications discussed in RISKS (R 24 18,19)

    SHP Fidelity Investments laptop stolen with sensitive data on 196,000 retirement-account customers; sloppy remediation as well (R 24 21)

    SPh Australian police inadvertently reveal addresses/passwords (R 24 24)

    SP British Airways' website discloses passenger passport numbers and DoB (R 24 28)

    SP+ phishing@irs.gov for reporting IRS spoofs (R 24 23)

    SP Sounding the Alarm on Government-Mandated Data Retention (R 24 27)

    SP US Supreme Court lowers Whistleblower protection for employees reporting fraud or criminal misconduct to the proper authorities, but employees have more protection if they go straight to the news media (R 24 32)

    $SHP Spam king settles with Texas, Microsoft, pays at least $1M (R 24 31)

    $SHP Barclays Bank redirector helps phishing (R 24 33)

    SHP Banks not yet aware enough of phone-phishing (R 24 35)

    SP Mandated Data Retention: Noble Goals With Evil Outcomes (R 24 29,31)

    SHPi Misunderstanding risks of SSNs as authenticators (R 24 29)

    SHP EU blocks US access to flight data because of privacy inadequacies (R 24 30) SPh 20 Massachusetts inspectors suspended over refusing GPS cellphones (R 24 35)

    SP NPR discussion of SWIFT surveillance (R 24 34)

    SP Search Engine Privacy: AOL gaffe draws Capitol Hill rebuke (R 24 37, S 31 6:32-33)

    SHP Be careful with your Fedex account number; it is easily spoofed (R 24 43)

    SP How Pop-Ups Could Brand You a Pervert or Crook (Lauren Weinstein, R 24 50)

    SP An Ominous Milestone: 100 Million Data Leaks (R 24 52)

    SPM RFID chips in Malaysian license plates (R 24 52)

    SPhie Secure Passports and IT Problems in Greece (R 24 52)

    SPA Time Warner Cable / Showtime major fubar: customer info exposed (R 24 50)

    SP Firefox list of "don't save password" sites triggers dissolution of an engagement (R 24 48)

    SPH How to tell if your cell phone is bugged (R 24 48)

    SP New Google Service Will Manipulate Caller-ID (R 24 47)

    ..... End of yet-to-be-merged privacy items

    ..... Government Surveillance:

    SP Court says FBI has been given too much wiretap power (R 21 03; S 26 1:34-35)

    SP FBI's Carnivore monitors Internet traffic; summary of House Judiciary oversight hearing, by Lina Tilman (R 20 97; S 26 1:35-36); sloppy pdf usage allows expurgated information on review team identities to be uncovered (R 21 08-09, S 26 1:36)

    SPhi FBI's Carnivore unintended overcollection hampered anti-terror probe (R 22 11; S 27 6:11-12)

    SPHAOf FBI targets suspects' PCs with Trojan-horse spy (R 21 77; S 27 1:11)

    SP(H/h?) FOIA-obtained memo reveals FBI national security wiretap violations (R 22 32)

    +- DoJ does not support FBI on CALEA-amendment roving wiretaps (R 19 90)

    SPAHO Unencrypted Secret Service pagers intercepted, despite demos of the vulnerabilities 3 years before at Hackers on Planet Earth (S 23 1:13, R 19 39,40)

    P Germany still planning law-enforcement surveillance on ISPs (R 21 25)

    SPfh Software failure billed 50 German phone-tapped suspects for the eavesdropping connections, blowing secrecy; almost 20,000 lines currently under surveillance in Germany (R 22 33)

    SPH Risks of concentrated power and the surveillance state: Chicago Chief of Detectives insider information used for thefts (at least $5M) (S 27 1:13, R 21 73)

    SP French spies listen in to British business phone calls (S 25 3:20, R 20 77)

    P UK Regulation of Investigatory Powers Bill requires ISP to record all traffic; use of crypto can put you in jail if you cannot produce the key! (R 20 90)

    SPf Automated traffic-camera system has flaws, citing driver of Honda CR-V for speeding in a sporty coupe (R 21 58); Honolulu citations 80% unenforceable due to human errors (R 21 87); police officers being cited for speeding to emergencies (R 21 81)

    SHP Global Positioning Satellites (GPS): Surveillance to keeping convicts out of jail (R 22 31); commercial satellite security needs improvement (R 22 31)

    SHf Yugoslav forces intercepted unencrypted NATO air communications and thwarting attacks; consequence of ITAR export-control regulations? (R 20 37)

    SHP Abuse of intercept capabilities: Australia's `Tampa' affair (S 27 3:12, R 21 92)

    SP ACLU sees a growing Big Brother 'surveillance monster' (R 22 50)

    ..... Other surveillance, electronic monitoring, tracking:

    SHP Anonymous e-mailer convicted of cyberstalking (R 21 73)

    *SPH Hazards on the Superhighway: Woman cyberstalked by Vito; man receives fax from bogus lawfirm with false accusations; girl harassed; Chicago man sends obscene messages in someone else's name; Boston boy runs away to meet on-line Texas man (S 19 3:8)

    *SH Cyberstalking on the rise (R 22 70)

    *SH More on risks of surveillance (R 22 64-65); Is our TV watching you? (R 22 67)

    SP+ California making it harder for prying eyes: ISPs to inform customers of requests for their identities (R 22 72)

    P Norwegian brothel surveillance camera broadcasts live on WorldWideWeb (R 19 13)

    P Sex, Truth and Videotaping: risks of monitoring your baby-sitter (R 22 11; S 27 6:12-13)

    Sf Electronic card designed to spot football hooligans (S 14 5)

    @fh Monitoring systems cause unintended changes in Bell Canada operator behavior and Metro Toronto Police (S 18 2:6)

    SP Satellite monitoring of car movements proposed in Sweden (R 18 81)

    SP Swedish narcotics police demand telephone card database (R 19 07)

    P Location-tracing service of handy phones starts in Tokyo (R 19 58)

    SHAO Teen intercepts MD's pages, makes medical orders (R 21 19)

    $SHI Brisbane ISP in court for intercepting e-mail and debiting customer credit accounts (R 21 89)

    P Published demonstration photo from Ybor city surveillance camera recognized deleteriously by ex-wife in Tulsa (R 21 59); Charlotte NC will photograph license plates to analyze freeway travel (R 21 60)

    SP EPIC urges colleges not to monitor peer-to-peer sharing, as requested by recording industry (R 22 38)

    SPAHO New Jersey company intercepts pager messages, sells them to media (S 23 1:13, R 19 35)

    ..... Spyware:

    $SHA South Africa bank Internet spyware and fraud (R 22 82)

    SHP Two million scans uncover 55 million instances of spyware in six-month SpyAudit (R 23 48)

    SHP Spyware epidemic threatens to stall computer industry; MS blames rogue software for 1/3 of application crashes (R 23 58)

    S+ Microsoft AntiSpyware beta - quick review by Rob Slade (R 23 66)

    SHP Survey results: Most dangerous types of spyware increasing (R 23 70)

    SHP Florida court rules wife broke law in using spyware to secretly monitor her husband's computer (R 23 72)

    SHP(+/-) U of Calgary adding spam and spyware to its curriculum (R 23 70,71)

    SHP Microsoft's Antivirus and antiSpyware software (R 23 79)

    SH Spyware increasing: 8by screening service (R 23 95)

    SPf MarketScore spyware product exploit and other concerns (R 23 88,89)

    SPHi How MS spyware could be used by hackers to disable systems (R 24 32, S 31 5:20)

    ..... Accidental data disclosures and Intentional data mining:

    For further privacy violations relating to accidental release of information, see some of the `SP' descriptor entries in the subsection on Incomplete deletions and other security residues, toward the end of the Security section above.

    HSPO Newt Gingrich's teleconference compromised by cell phone (R 18 75,76; S 22 4:30-31)

    SHP Qualcomm CEO's laptop vanishes, containing corporate secrets (R 21 05; S 26 1:28)

    SPfh France Telecom inadvertent disclosure blamed on computer error, actually MS Office history: risks of e-mail compounded with the notes/comments/change-tracking features (R 21 65); see also article by Gene Spafford on protecting information, in Computing Research News (URL in R 21 65)

    SPf Handspring hands out names and springs out numbers (R 22 18; S 27 6:14)

    SP U of Montana releases children's psychological records on the Web (R 21 74)

    SP Universities ripe targets for privacy intrusions: 845,000 people compromised (R 24 30)

    SP IRS laptop lost with data on 291 people (R 24 32)

    SP DoE discloses data theft on 1,500 people (R 24 32)

    SHP Over 200,000 Western Illinois University students' data exposed (R 24 34)

    SHP 243,000 Hotels.com credit-card numbers stolen (R 24 31)

    SP Health hazard: hospital computers spilling your medical history (R 24 49, S 32 1)

    ..... Other privacy violations:

    For further privacy violations relating to intentional misuse of information, see some of the `SHP' descriptor entries in the subsection on Penetrations and misuse in the Security section above.

    S?h?+? Controversy surrounding Dallas Morning News posting news of alleged Timothy McVeigh "confession" on their Web site. Item obtained via computer breakin? Early Web posting to stave off injunction? (R 18 85) Bogus memo allegedly planted in attempt to trap a witness?

    Phi Risks of errors in Calif Megan's Law CD of sex offenders (R 19 25)

    $SHP Crackers access University of Texas database, accessing over 50,000 SSN/name pairs (R 22 62)

    P Discussion of Whitewater Filegate security/privacy issues involving FBI, Secret Service, White House (R 18 21)

    S GAO criticizes White House for inadequate database controls (S 22 1:19)

    SH Privacy risks in telephone company voice-mail archives (S 16 3)

    SPH Civil liberties issues in National Crime Information Center (S 14 2)

    SP Calif. to permit prisoner access to confidential drivers' records? (S 14 2)

    SHI Database misuse by 11 prison guards in Brooklyn (leaking names of informants to prisoners, warning about searches, etc.) (R 19 20)

    SP Justice Dept wants to scrutinize parolee computer use (R 18 70)

    P Texas driver database on the Internet (R 19 22)

    P Kansas sex-offender database full of incorrect entries (R 19 14); Also true in California DB: 2/3 of entries incorrect (R 19 24)

    P Virginia's online sex-offender database not up-to-date (R 20 17)

    SPH Bryant Gumbel's on-line critique stolen, given to Newsday (S 14 2)

    SPH Belgian Prime Minister's e-mail tapped by penetrator (S 14 1)

    SP Oliver North private e-mail appears in New York Times (S 18 2:17)

    P? In-flight video privacy risks (S 18 4:9)

    SPH Are your medical records adequately protected? Probably not. (S 14 2)

    $PH Personal data being sold illegally by Nationwide Electronic Tracking (S 17 3); somewhat duplicated material in notes indictments (S 18 1:21)

    @SHI 6000 AIDS records stolen from Miami hospital PCs and diskettes (S 19 2:9); bad prank follows (S 20 5:10)

    SH AIDS database compromised in Pinellas County, FL (R 18 48,53)

    @$SHAI Mass. hospital technician accessed ex-employee's account, accessed 954 files, harassed former patients, raped girl (R 17 07, SAC 13 3)

    SPH Medical privacy violation reported by victim, U.S. congresswoman (S 19 2:9)

    P Australian insurance company builds household database from electoral rolls (R 18 02)

    $P Proctor&Gamble matched telco call records after WSJ news leak (S 16 4)

    SPH 2 Nissan employee firings allegedly based on eavesdropped e-mail (S 16 2)

    SPH Washington State monitored e-mail; privacy lawsuit filed (S 16 2)

    P 8 convicted killers sue to prevent Mass from monitoring phones (S 19 4:12)

    SPf Undelivered `private' e-mail message returned, but NOT to sender (S 14 1)

    SPH$ E-mail privacy rights vs company property lawsuit against Epson (S 15 5)

    SPH Proliferation of spy viruses predicted (S 21 2:21)

    $SP Risks in the British Data Protection Act (S 12 1)

    SP Concern over privacy of Swedish Databank (S 11 5)

    SP Discussion on computer privacy and search-and-match in Canada (S 15 1)

    SP Canada's Privacy Commissioner issues report warning about EDI (S 18 4:9)

    SP Thailand establishes centralized database on its 55M citizens (S 15 5)

    SP Risks of being indexed by search engines (R 18 15)

    SP Use of databases for investigative checks on would-be suitors (S 15 1)

    P 4-star General Griffith's SSN posted on Internet site (R 19 28)

    P Washington State posts criminal history records on the Net; legal issues (R 19 28)

    P Alaska exposes its rascals on Web site (R 19 30)

    SPH 30 implicated in selling Equifax credit records, bill histories (S 17 2)

    SPHI Illegal sales of confidential SocSecurity and FBI data in 9 states (S 17 2)

    SPHI Anaheim police employee leaks address of antiabortion target (S 18 3:A12)

    SPH 2 women accused of selling confidential adoption information (S 18 3:A11)

    SPH Ross Perot's campaign accused of stealing credit data (S 18 2:15)

    P Privacy implications of Ohio school. child abuse records (S 18 2:17)

    P Privacy concerns with Lotus Marketplace database of 80M households (S 16 1); Lotus Marketplace database withdrawn after 30,000 protest letters (S 16 2)

    P Australian government bungles private data on 6000 households (S 17 2)

    P Citicorp proposed marketing info on its 21M customers (S 16 4)

    P AOL announces its intent to share data with telemarketers (R 19 26) and ads on private e-mail (R 19 40); eventually modified in response to objections

    P Risks of aggressive marketing (R 22 06)

    $SPH TRW settles lawsuit with FTC, 19 states, over privacy violations and erroneous data; improvements required, $300K payment (S 17 1)

    +- L. Tribe proposes computer freedom/privacy cyberspace amendment (S 16 3)

    S Privacy Act vs. Justice Dept. file matching on One Big File... (S 16 3)

    $P Discrimination and privacy issues in insurance database (S 16 1)

    SP Calling Number ID: negative ruling in California, free per-call blocking in Vermont; approved in 20 states, Washington D.C., and Canada (S 17 2)

    $SPH Personal attack on USENET raises issues of privacy, ethics (S 12 3)

    P Big flap over German request that CompuServe remove offensive material; in response, CompuServe disabled some newsgroups (R 17 59,61,62)

    SPH NY Met's 1986 World Series parade: brokerage printout augments ticker-tape (S 12 1)

    SP New York Yankee 1996 World Series parade; in absence of stock-market ticker tape, confidential records from NYC Housing Authority and Dept of Social Services rained down (R 18 55)

    SP San Diego School payroll printouts appear as Xmas gift-wrap (S 12 2)

    SP Public pleasure-boat database could help thieves (S 14 5)

    SP Baby-monitor system bugs house, broadcasts to neighborhood (S 13 1)

    ? Pay-per-view failure lets adult station go unscrambled (S 19 3:8)

    h/f? Free porn-in-the-morn hits San Francisco cable channel due to early scrambler time-out (R 19 60)

    f Norwegian class gets porno image because of cache problem (R 19 48)

    i Recycled URL leads to porn site (R 19 47)

    - User-friendly Netscape transforms placeholder xxxx.htm in a developing Web site into URL www.xxxx.com for porno site (R 19 54)

    H World Wide War on Wonderland Club of child pornographers (R 19 94)

    ? "MP3" second-most-searched-for string (popular compression program with no anti-piracy protection) after "sex" (R 19 95); meta tags (R 19 96-97, 20 01) used to force search-engine hits, although that situation may be improving (R 20 02)

    SPH Teenage radio hams detect collusion in Los Angeles in 1911 (S 18 3:A11)

    S William Gibson's Book of the Dead supposedly on uncopyable diskette! (S 17 3)

    @* CA notifies licensee before responding to data requests (S 14 6)

    ..... Other items on privacy and related rights:

    SP Risks of reverse telephone directories (R 19 62)

    SP Risks of proposed universal CV database for everyone in the UK (R 19 67)

    P Lexis-Nexis archives don't match print versions; near-lawsuit over false information (R 19 67)

    SP On-line confession in Poland (R 19 70-71)

    SP Idaho State rules Boise city e-mail subject to FOIA (R 19 63)

    SP Clandestiny? Intuit TurboTax clandestinely uploading INTUPROF.INI? (R 19 71); Software clandestinely uploading names and e-mail addresses: Blizzard's Starcraft, and Virgin's Subspace (R 19 70)

    f TurboTax potential overstatement of gross income (R 21 26)

    SHP Proposal to make fake IDs a federal offense (R 19 85)

    SP Risks of Federal healthcare insurance database regulation (R 19 88)

    P- New Swedish personal information handling law makes most of the Internet illegal (R 20 05)

    P FTC charges Geocities with misleading customers, selling private info without permission; Engage system to track individual Net usage (R 19 92)

    $P Nancy Kerrigan settles X-rated lawsuit over faked porno images (R 19 97)

    SPH Social Security claims agent takes revenge on woman by entering her death date in SSA database (R 20 01)

    SP Security risks delay online registration system at U.Va. (R 20 09)

    SP Discussion of Northwest frequent-flyer database privacy and integrity (R 20 12-13)

    P Supreme Court rules against software filters for sexually explicit materials (R 20 10)

    P Swedes outlaw naming an individual on the Internet (R 20 05,09)

    P Shanghai entrepreneur Lin Hai tried in China for providing e-mail addresses (R 20 11)

    P Windows 98 Registration Wizard may violate European Privacy Laws (R 20 25)

    fSP IE 5.0 browser Favorites bookmarks graphic favicon.ico (R 20 31)

    SP Privacy risk in "shopping-cart" software (R 20 33)

    SP Major flaws in the WIPO domain name proposal, A. Michael Froomkin (R 20 24)

    SP Raytheon probes e-mail moles, subpoenas Yahoo! (R 20 30)

    ..... Inference used in deriving protected data:

    - Evident symmetry in scoring mask used to guess test answers (S 16 3)

    +- Joe Klein's computer-detected authorship of Primary Colors (S 21 4:14) confirmed by handwriting analysis of typescript annotations, then finally acknowledged by publisher! (R 18 26,27)

    1.28 Spamming, Phishing, Junkmail, and Related Annoyances:

    ..... Spam:

    - Maryland attempting to outlaw `annoying' and `embarrassing' e-mail (R 18 81)

    - Nevada contemplating outlawing unsolicited junk e-mail (R 18 87)

    SHOA Vineyard.NET used as spam conduit for 66,000 messages (R 18 79)

    SHOA More risks relating to spamming and spam blockers (R 19 02,05,10,13); legal implications (R 19 10)

    SPf Overzealous spam blocking (R 20 49), and IMRSS (R 20 51-53); delivery of RISKS-21.44 blocked by overzealous Melissa detector at health.gov.au (R 20 45); even more overzealousness (R 21 89)

    SP Porn spammers send cybergreeting with hidden URL (R 20 77)

    SH FAX Attacks - risks of junkmail spamming saturation (S 14 1)

    +/-? Discussion of whether U.S. Code Title 47, Section 227 applies to spam (R 19 33-36,42,44)

    SHf Risks of reading Trojan-horsed spam mail (R 19 49,50) and accidentally clicking on wallpaper icon (R 19 46)

    SHAO Spammer Craig Nowak used Tracey LeQuey Parker's from: address; she received 5,000 bounces, and sued - along with EFF and Texas ISPs Assoc. (R 19 19,20); Travis County court fines Craig Nowak $19,000 for his spam activities (R 19 46)

    SHi MCI Mail spam blocker and account-name changes may make things worse (R 19 53); further risks of overzealous anti-spam measures (R 19 55)

    SHO Spammers blackmail AOL, threaten release of 1M addresses (R 19 53)

    Shf More NSI woes; spamming its own customers with weak password scheme (R 20 58-59)

    S Spam causes major ISP delay in e-mail (R 20 53)

    - AOL enables blocking of 53 domains in attempt to reduce junkmail (R 18 56,62)

    SHA Cyber Promotions: spam and get spammed, plus restraining orders (S 22 4:28, R 18 81, 19 13); Cyber Promotions spamming restrained by Earthlink injunction; CP agrees to pay CompuServe $65,000; CP hit by 20-hour retaliatory spam attack (R 19 13); CompuServe blocks some multiple-address mailings? (R 19 21)

    SHAO Spammer retaliates against NJ ISP block by Beth Arnold, using her e-mail address and 800 number; she was ping stormed and flooded with calls (R 19 21)

    SHA More spamming: Newmediagroup anti-spam measures draw retaliation (R 19 16,17,21); Anti-spam bills in U.S. House and Senate (R 19 18,21);

    S Spam filtering (R 19 24)

    SH Spams and associated risks (R 19 25,27,31-34); laws (R 19 35-36); $125 million lawsuit to stop striptease advertising via Strong Capital Management (R 19 27); Hewlett-Packard scanner spam (R 19 38); Pacific Bell Internet spammed with forged QueerNet address, causing Pac*Bell to misdirect its retaliation (R 19 44); Samsung spam and reverse-spam (R 19 32,33)

    SH Spam continues to increase: 300% from 2001 to 2002 (R 22 51, S 28 3:7)

    SP SPAMMING: 6100 Cornell University students spammed with entire list in TO: field; 9 gigabytes (R 19 64); Rice University (R 19 66); Natl Assoc of Broadcasters deluges its own members with spam (R 19 62)

    hf NASAA spams investors by mistake (S 24 3:25-26, R 20 07)

    SPf Is your spam e-mail watching you? worse than cookies! (S 27 3:12, R 22 03)

    m Hospital e-mail delayed 84 hours, spam problems (R 21 23)

    S(H?) Verizon bombarded with spam; denial of service attack? (R 21 15,17)

    SHOA Effects of porn spam from spoofed e-mail address (R 21 35)

    SP Discussion of spammers getting sneakier, avoidance, and smtp as a root of problems (R 21 71,72,76,78,80)

    SHf$ MORE ON SPAM: Earthlink awarded $16M in spamages (R 22 73); EarthLink sues to stop Alabama and Vancouver spammers (R 22 89); California court rules against Intel in spam case (R 22 81); how about refusing to accept e-mail? (R 22 74); spam blocking and 'challenge-response' cures may be worse than the spam problem (R 22 74,76); more risks of spam filters (R 22 78); AOL blocking e-mail from other ISPs (R 22 81); easynet.nl is causing serious e-mail disruption with its overzealous blacklist (R 22 86); another credit-card scam spam (R 22 82); Who profits from spam? Surprise! (R 22 84); spam for new Jamie Oliver cookbook contains 121-page MS Word document, with fictitious title, Naked Chef 2 (R 22 82); Why are spammers backing spam-control laws? (R 22 81)

    SH Viruses, spam, phishing, etc.: Long-disused address hit by spam attack (R 23 13); MyDoom virus infects PCs, whacks SCO (R 23 14,17,18); other MyDoom effects (R 23 15); password-protected viruses (R 23 25,28); US-CERT warns of worm, forgets to mention operating system (R 23 15); AP blames viruses on users (R 23 15); nasty competition among Bagle, Netsky, MyDoom virus authors (R 23 25); DoomJuice (R 23 18); Sober.D worm masquerades as Microsoft update (R 23 26); FDIC phishing attempt (R 23 16,17); SSL is being severely stressed by phishing expeditions (R 23 27,28); Defeating phishing scams with SPF = Senders Permitted From (R 23 16); more on SPF, pro and con (R 23 17,18,21,23,27) and SRS = Sender Rewriting Scheme (R 23 21) More risks of virus scanners (R 23 15,17,18) and spam filters, with spam now over 50% of all e-mail (R 23 19,22,24); anti-spam lawsuits (R 23 28); risks of removing cryptographic signatures as attachments (R 23 28); captchas (R 23 17,19,20); Beagle virus scam asks for response because your mail system will be down (R 23 27); more on countermeasures (R 23 25); need for constant vigilance: analysis by Rob Slade (R 23 26); yet another Microsoft Windows flaw announced (R 23 18); Win32 API utterly and irredeemably broken (R 23 19); Microsoft EULA license agreement allows Windows to install updates (R 23 19)

    $SH SPAM: Perils of challenge-response autoblacklisting (R 23 36-38); Two-thirds of all e-mail is reportedly spam; 80% in USA (R 23 39); Florida law bans deceptive subject lines in e-mail (R 23 38); Maryland governor signs tough anti-spam law (R 23 39)

    P $SP African e-mail spam scams inspire "Special Forces Commando" in Afghanistan who wants to share $36 million in drug money (R 22 09)

    !S Nigerian consul in Prague slain by spam scam victim (R 22 59); new scam involves allegedly frightened Iraqis trying to move money (R 22 62)

    SH Internet spam mogul Alan Ralsky can't take what he dishes out (R 22 43)

    SH More spam tricks at hotmail (R 22 20,21); new spammer trick using forged received header (R 22 39)

    $ FEC OK's SMS spam without saying who paid for it (R 22 22)

    efi Invisible ISP spam separator gives "mailbox full" for seemingly empty mailbox (R 22 42)

    Sf The pinnacle of chutzpah in spam filtering by ISP: ISP rejects complaints! (R 22 24,26)

    SH How to spam a closed mailing list (R 22 60)

    S$ Allegedly disgruntled NetGaming Casino ex-developer posts spam of would-be attack (R 22 59)

    Sfi Spam filtering stops the democratic process in Parliament, blocking distribution of Sexual Offences Bill, paper on censorship, etc. (R 22 54)

    SH$ Microsoft sues bulk e-mailers over spam to harvested Hotmail users (R 22 58)

    SHO Spammers use viruses to hijack computers (R 22 71)

    SP Anti-spam legislation passed in the House (R 20 95)

    SP Google allows anonymous spam (R 20 95)

    ..... Phishing Attacks:

    $S Phishing scams: Phishees include Barclays (R 23 33-34), Australia/NZ Banking Group (R 23 34); Cooperative Bank (R 23 37); more (R 23 39); Barclays also victim of data robbery (R 23 44)

    $SHP Phishing: CitiBank assists scammers (R 23 46); CitiBank fraud/Phishing hotline address emailspoof@citibank.com blocks e-mail! (R 23 55); CitiBank spoof: Please confirm your account (R 23 57)

    $SH Increasing sophistication of phishing spammers, discussion with Dan Wallach and others (R 23 60,62); ACM message looks like Phishing (R 23 62); eBay open invitation to phishing scammers (R 23 66,68)

    SH$ Hundreds of thousands of Visa customers hit by phishing expedition seemingly from Bank of England; at least 5% victimized? e-mail scams rise by 400% (R 23 11, correction in R 23 12)

    $SH J.K. Rowling denounces Internet phishing fraudsters; organized crime gangs in Eastern Europe? (R 23 70)

    SHf Payment via MSN and viruses in MSN (and other) chat programs; phishing risks! (R 23 79)

    $SH Yet another phishing scam, aimed at PayPal (R 23 83)

    SP Fighting spam: raise the bridge or lower the water? Authentication instead of filters, other approaches, laws? (R 22 92,93); Senate Can Spam bill (R 22 97, 23 12)

    $SHP "Can Spam Act" seems to be no-can-do; spam still 80% of all e-mail (R 23 69)

    SHP Spammers try a new tack: routing through ISPs (R 23 70)

    h Spam-blocker blamed for missed court date in wrongful-death suit (R 23 75-77)

    SPH Instant messenger spam ("SPIM") ready to explode? (R 23 11); more on SPIM (R 23 38,41)

    SHP 1/3 of instant messaging is SPIM (unsolicited IM); first arrest of a SPIMmer (R 23 75)

    Sh Foolish wireless network access policies provides safe harbor for spam, etc. (R 21 39,41)

    S- Utterly amazing spam/scam offers heroin, "Tomohawk" [sic] missiles, cocaine, (sex) slaves, counterfeit currency, and child pornography

    S FAA.gov spam relay (R 21 73)

    Sh Human error leads to AT&T anti-spam gaffe (R 23 04; S 29 2:14)

    Sfi Apple Computer's hidden spam-filtering on POP3/IMAP mac.com addresses (R 22 07)

    SH Use of unclaimed British bank Web site by West African spam scammers cons victims (R 22 34); Paypal scams (R 22 34,43); phishing on AOL for passwords and credit-card numbers (R 22 35); imposter eBay site (R 22 42)

    SHfhi eBay users redirected to phishers by compromised eBay's site (R 23 73,80; S 30 3:34-35)

    ..... Other related problems:

    fh Monster accidental e-mail blitz (S 23 5:26, R 19 74)

    f Matsushita's Panasonic Interactive Media filter spews out vulgarities (S 23 3:26, R 19 82-83)

    SHO AOL hit by e-mail scam and Trojan horse URLs (R 19 34)

    S Trojan horse: 5-yr-old installs AOL CD-ROM from Chex Quest box (R 19 26)

    Sfff LLNL bans all wireless networks, including Wi-Fi, because of technology vulnerabilities, with only about 10(R 21 89); risks in wireless carriers tunneling through firewalls (R 21 89)

    Sf Minneapolis-St.Paul airport offers free wireless network; great opportunity for launching spam and security attacks (R 21 89)

    SH Bogus "Internet security update" spam seemingly from Microsoft (R 21 94)

    SPHi SPAM and the RISK of ignoring permission letters (R 21 94,95,98; R 22 02)

    iP Yahoo changes default marketing preferences, encouraging spam, require cookies to change (R 22 02-03)

    SPf Over 160,000 join Massachusetts Do-Not-Call Registry to block telemarketers (R 22 47); Do-not-call list preventing 911 notifications in Massachusetts, pruned list purchased! (R 22 75); Glitches hit FTC `do-not-call' list (R 22 79); effects of new state laws on privacy for anti-spam and do-not-call (R 22 78,79); further problems (R 22 79); Canadians cannot register home phones, but their 800 numbers are OK! (R 22 80); EchoStar sued for `No-Call List' breach (R 22 89); FTC says Do-Not-Spam list effort will be futile (R 22 87)

    $SH Iowa Judge slams spammers with $1-billion judgment (R 23 62)

    S Screensaver tackles spam websites: Lycos sponsored denial of service attacks against spammers used, and then withdrawn (R 23 62, two items)

    ..... Censorship, porn, and risks of filtering - or not:

    SP Spam prevention gone too far (R 21 89); Risks of using anti-spam blacklists (R 22 01); Use of SpamAssassin effective for the time being (R 22 08-10)

    S+? A better approach to spam filtering? Try bogofilter, based on paper by Paul Graham and Bayesian statistics (R 22 22)

    i Risks Forum blocked by SmartFilter under Criminal Skills category (R 21 14)

    SP U.S. Supreme Court rules Communications Decency Act unconstitutional (S 22 5:14, R 19 23)

    fi White House Web pages off-limits to Surfwatch: photo of first couple and second couple triggers filter (R 17 79); Surfwatch also blocked NYNEX's Web page named iixxxpg1.html because of the "xxx" (R 17 81)

    i Adult content filter considers MSDN Flash 6, 2, 22 Jan 2002, as "Unwanted adult spam"; it contained the string "over 18' in the text "Plus, VSLive! San Francisco provides over 180 hours of content in three technical conferences." (R 21 90)

    Sf AT&T's e-mail filter filters AT&T's e-mail (R 22 08)

    SP? No laptops on the Senate floor: fears of surfing, lobbyists, spamming, real-time on-line influence, etc., ignoring such possible benefits of being able to read pending legislation and to communicate! (R 19 29,32,33)

    rfi AOL's Scunthorpe saga: risks of string-based censorship (S 21 5:17, R 18 07-08); more on AOL filtering of Internet e-mail (R 17 65, 18 18,41,42,44,46,48)

    rfh SW filters sex, blocking access to NJ counties Sussex, Essex,... (R 19 24)

    Si Risks of filtering randomly generated 4-letter words in sendmail queue-ids (R 22 13,15); and other filtering risks (R 22 16); a Yahoo admits changing e-mail text to block hackers (R 22 16-17); more on filters and, in particular, dirty-word filters (R 22 17-18)

    fi The "finger" command and "Paul Hilfinger" (S 21 5:18)

    rfi CyberSitter censors "menu */ #define" because of the string nu...de; binary equivalents of bad words (R 19 56-58); more on dimwitted naughty-word filtering (R 20 39-40, R 21 03); e-mail with Don Beaver's name filtered (R 21 50); more overzealous filtering problems (R 21 47), and combatting them (R 21 47)

    - Applied Micro Technology Inc. device censors closed-captioned broadcasts, e.g., turning Dick Van Dyke into Jerk Van Gay (R 19 63)

    P China strengthens control over "cultural rubbish" on the Internet (R 18 73); Draconian controls on Chinese Internet usage (R 19 23)

    SP German Cabinet approves Internet privacy, censorship regulation (R 18 69)

    P South Korea clamps down on Canadian home page on North Korea (R 18 21)

    P BUGTRAQ may be banned by Australian censorship (R 20 43)

    $SHO Hackers sued by software-filtering company (S 25 3:20, R 20 84-86)

    fiP XXX Web filters take out Superbowl XXXIV sites as porn (R 20 77)

    f/h Name filtering causes revocation of police officer C. O'Kane's badge (interpreted as "cocaine") (R 22 19)

    rS Web anti-surfing filter prevents Palm Support Germany from doing its job! (R 21 65)

    Sh/h/h? Ed Felten's Web log at www.freedom-to-tinker.com shut due to questionable SpamCop listing (R 22 19); fascinating summary of responses on whom to blame (R 22 21-22); e-mail envelope filters blocking NDN and DSN (R 22 20); SpamAssassin (see R 22 08-10) blocked RISKS-22.20 (R 22 21)

    S Risks of junk-mail filtering (R 20 89, and see nondistributed issue RISKS-20.89x which would have been filtered!); Microsoft content-based spam Bcc: filtering (R 20 90-91)

    f/h Harvard admissions e-mail bounced by AOL's spam filters (R 21 84-86,88)

    i Police chief: don't permit certain file types (gif, pjg, ...) to stop porno (S 22 1:19)

    SH? Gateway 2000 issues promo video tapes with mysterious insertion of offensive and objectionable materials (R 18 90)

    - CompuServe German ISP indicted for transmitting porn content; former manager given suspended 2-year sentenced, 100,000DM fine (R 19 73,77)

    + U.S. Supreme Court rules ISPs not liable for content (R 19 83)

    fi Royal Court, UK theatre group aiming to "shock and offend", gets new computer system that filters its own specialties! (R 20 84)

    h USAF Space Command blocked San Francisco Exploratorium Yahoo site because of baking-soda/vinegar recipe (R 21 02)

    Marc Rotenberg reviewed Ray Bradbury's Fahrenheit 451 from the perspective of censorship and the banning of digital copies (R 22 03)

    fi CNN (but not the San Jose Mercury News censored Webby nominee with a questionable URL (R 21 37)

    SP Microsoft censoring blogs in China (R 23 90)

    hi Cabbage Patch doll with six-character serial ID considered obscene (R 23 66)

    1.29 Other Unintentional Denials of Service:

    ..... Recent cases (see also telecomm problems)

    Vm PGN's Univ. Maryland Fall 1999 course on survivable systems and networks beset with survivability problems: hurricane, lightning, teleconference circuit outages! (S 25 1:) See http://www.csl.sri.com/neumann/umd.html for the course notes.

    Vm Weather-predicting Cray C90 supercomputer lost in fire, weather predictions reduced (R 20 62)

    Vm Netcom file-server hardware outage loses half of the e-mail customers, depending on first letter of name (R 20 49)

    h White House admits over one year of VP's e-mail lost forever (S 25 4:8, R 20 91)

    $fm Greek tax information system experiences blackout (S 25 3:15-16, R 20 75)

    Vm Computer outage downs Montana state government for more than 24 hours (R 24 30, S 31 5:19)

    Vm Comcast outage leaves customers without TV, Internet & Phone service; caused by local power outage (R 24 29,30, S 31 5:19)

    f U.S. National Archives loses 43K e-mail messages, backup failed also (S 25 3:, R 20 76)

    f/h? NSA system inoperative for four days (S 25 3:16, R 20 78)

    $f/h? AT&T Business Internet Service major outage of primary and backup DNS systems (S 25 3:16, R 20 78)

    $f Computer glitch cancels 86 America West flights (S 25 3:16, R 20 80)

    $Vhm Northwest Airlines grounded for 3.5 hours after cable cuts off main and backup fibre (S 25 3:16, R 20 85)

    $m Week-long outage in NE San Jose after cable cut downs 11,000 phone lines (S 25 3:16, R 20 84)

    m Fire takes out Nottingham phones (S 25 3:16, R 20 80)

    m Senate Web site dies as Clinton stresses Net-reliability (S 25 3:16, R 20 81)

    i Online broker blames outages on software maker; incompatibility, not hacker attack! (S 25 3:16, R 20 83)

    mfhi Georgia's computer systems down for 16 hours; warnings of need for replacement batteries ignored (R 23 55)

    mfhi Illinois Secretary of State computer outage, blocked state business (R 23 52)

    mf Nationwide Radio Shack computer outage affects all 7000 stores (R 23 55)

    ef UMass: students cannot register for classes; system upgrade botched (R 23 53)

    ..... Older cases

    (!)$V Amsterdam air-freight computer crashes, giraffes die (S 12 1)

    @*Vf ARPAnet ground to a complete halt; accidentally-propagated status-message virus [27Oct1980] (S 6 1: Reference - Eric Rosen, "Vulnerabilities of network control protocols", SEN, January 1981, pp. 6-8)

    @*Vf ARPAnet loses New England despite 7-trunk "redundancy" (S 12 1)

    Vm Network crash halts Larry Ellison's OpenWorld demo (S 23 1:11, R 19 40)

    mh Judge Zobel's awaited e-mail in "au pair" case delayed over an hour by Boston Edison Electric workers in a manhole disconnecting his ISP (R 19 45)

    -/+ Estimates of the effects of the Starr report on the Internet (R 19 95): loc.gov, house.gov, and gpo.gov were essentially inoperative, but proliferation of mirrored sites eased the burden substantially (R 19 96); many comments that the Communications Decency Act I (ruled unconstitutional) would have had to penalize the Starr Report. with fines of $250,000 and 5 years in prison to anyone posting it on the Internet. AP estimated almost 6 million people browsed the report via the Internet.

    V$he Computer collapse wipes out British Social Security NIRS records; manual payments prone to fraud (S 24 1:32, R 20 01)

    - ACM's ISP cuts off service for late payment of fees (R 19 15)

    Vmh Computer crash loses CBC radio listeners' requests (R 20 17)

    f New Haven cable viewers see "SW Failure. Press left mouse. ..." (S 19 4:8)

    *$Vm Weather Service phone circuit failure downs forecasts for 12 hours (S 17 1)

    *$Vm Weather computers down for 12 hrs, blocking AFSS flight service (S 19 1:9)

    mfi National Weather Center - wild errors in reported surface winds result from bad data (R 24 29,30)

    Vm Cold weather impairs fiber-optic performance (R 19 41)

    @he Computer test residue generates false tsunami warning in Japan (S 19 3:4)

    Vm California Dept. of Labor computer system crash blocks labor certifications (R 20 25)

    $fe Government computer withholds benefits from British widows (R 20 19-20)

    *fh UK Serbian sanctions unenforced; Yugoslav breakup unprogrammed (S 18 1:9)

    demi DEC SRC Topaz rendered useless by multiple interacting events (S 16 2, a new classical saga in article by John DeTreville, pp. 19-22)

    m Hundreds of duplicate computer-mail copies due to errant gateway (S 12 1)

    $f 3 e-mail problems give extra copies: Internet, UUCP, MCI (S 14 6)

    mfh Part of the duplicate RISKS mailings problem resolved (S 15 3)

    f Posting to vmsnet.announce.newusers unmoderated newsgroup returned half- hourly nasty messages; `announce' implies moderation! (S 15 1)

    m Computer failures in automated GMAT testing (S 23 3:25, R 19 50)

    !Vm Remote clock comm, 22 traffic lights down. 1 killed, 1 injured (S 14 2)

    *f Playing Russian Roulette with traffic lights: flawed conversion from four-way flashing red to normal patterns (R 22 57-58);

    *f Lakewood CO traffic system fails; single disk drive, no redundancy (S 15 2)

    *Vm Austin TX auto traffic-light computer crashes; 2 lights out (S 11 5,12 1)

    *Vef Another traffic light outage in Austin TX (S 15 3)

    f/h German computerized traffic-light stuck on morning rushhour (S 19 3:5)

    *imM Traffic lights don't work in the snow (R 22 62,65,70)

    Vef Massive failure of Washington DC traffic lights (S 21 5:16)

    Vhe Dublin traffic lights out 28 Sep 1998: massive congestion (S 24 1:32, R 20 01)

    Vfe Gridlock as 800 London traffic lights seize (S 27 6:10, R 22 18)

    *m More on traffic signals going four-way green (R 20 48)

    m(*?) Finnish computer glitch causes traffic light malfunctions; date leaps from morning 30 May 2003 to night time in 1991; cause unknown (R 22 76, S 28 6:8)

    $f Overloaded Ontario transit computer delays commuters (S 14 2)

    *Vh Unplugged cable plugs Orlando traffic light computer system (S 14 1)

    *$Vh Hinsdale IL fire seriously affected computers and communications (S 13 3)

    $mSe Minn. 9th Federal Reserve Bank flooded as air-cooling pipe bursts; serious security vulnerability left open in backup operation (S 16 3)

    $V Rhine flooding disrupts computer networks for two days (S 13 3)

    $hV Noisy air conditioning shut off by mayor; downs computers (S 13 4)

    h GPS lost time synch when first activated when cleaning crew unplugged the master time source! (R 19 30)

    VSIh Nando.net shut down for three hours by custodian vacuuming, electrical overload, data server crashes (R 19 48)

    hi German Bundestag sound system disabled by misplaced book (S 18 2:5); microphones still not working, months later! (S 18 4:4)

    m Gobblings of legitimate automatic teller cards (S 9 2, 10 2, 10 3, 10 5)

    m Mass swallowing of falsely expired ATM cards (S 12 2)

    fmi ATMs swallow 400 bank cards; retry after no diagnostic that interconnection was broken (S 22 1:21)

    h Australian ATMs snatch 921 cards. "Human error" (S 12 4)

    $Vf&m Bank of America outage shuts down Cal ATMs, nationwide links (S 14 1)

    $Vm Wells Fargo, BofA ATMs out of service (S 14 2)

    $Vfm French ATM-authorizing computers down for 30 hours (S 18 4:3)

    @$f 1992 leap-year-end clock bug blocks ATM machines 1 Jan 1993 (S 18 2:11)

    Vf 1200 Citibank ATMs down four hours due to `software glitch' (S 18 2:11)

    $m Swiss debit-card system broke down (R 21 20, S 26 2:6-7)

    Vm Royal Wedding side-effect shuts down computer machine room? (S 11 5)

    $Vm CMU library computer power outage; no catalogues (S 12 2)

    Vfm Santa Cruz High computer crashes on opening day; no schedules (R 17 34)

    m Blown transformer disables automated library card catalog (S 18 2:7)

    $Vfmh Palo Alto library computer system errs increasingly, collapses (S 18 4:3)

    $Vrm NY Public Library loses computerized references; no backup, 1987 (S 12 4)

    Vhe Sun Valley ski area forgets to back up access database (S 23 3:25, R 19 53)

    $mhmh Fear of not enough backups (S 21 2:19)

    Vhe Stanford Grad School of Business storage addition causes years of work to be lost for some people; upgrade failed to check backups first (R 19 66)

    $Vm Computer crashes stop gasoline pumps, other businesses (S 11 5)

    $ Other problems with fast-food computers as well (S 12 1)

    $Vm Aylesford new supermarket checkout failure closes store (S 17 1)

    $f UNICEF loses thousands of orders for greeting cards (S 14 1)

    hi Fred Cohen's saga of HP200 data integrity woes (R 19 68,69)

    $f US Gov't computer password check flaw results in crossed orders (S 16 3)

    $m 1017 dipsticks ordered instead of 17 due to ASCII 0-to-1 error (S 16 3)

    $h M.Ward warehouse dropped from database, cut off from shipments; employees paid for 3 yrs anyway by different computer system! (S 16 3)

    * Hospital gets computerized Reagan vote calls, 20/hr for 6 hours (S 12 1)

    $V Broker's phone tied up 3 days: errant computerized sales pitch (S 12 1)

    f Phone call deluge from program bug in computerized Coke machines (S 10 2)

    h Another Coke machine phones home for help, gets Ft. Bragg number (S 17 2)

    ? Potential risk of latest wireless and cashless Coke machines (R 20 38)

    fh More machines phone home: summary notes cold drink dispensers, lonely oil tank, faulty public lavatory, medical insulin fridge alarmed because of low temperature (R 19 31,33); multiple autodial illegal (R 19 36)

    rh Vending machine default phone number 000 (Australian emergency number) yields hundreds of false alarms (R 20 47)

    hi Abandoned oil-tank phone harasses MA woman for 6 months (R 17 34,36,37)

    $H? Compass Airlines jammed with 25,713 calls; computer generated? (S 16 1)

    f Phone machines call each other; switchhook-flash glitch (S 19 3:8)

    fh Stray signal loops beeperless remote answering machine (S 14 6)

    Sfm Hare Krsna chant triggers answering machine remote (R 17 91-93)

    m Sony TV remote control turns Apple Performa 6300 on/off (R 17 95)

    $Vm Computer network node hit by lightning; down for weeks (S 11 5)

    V$m Lightning strikes drawbridge controls (twice!!), out for days (S 13 4)

    Vm Lightning disables lightning-strike-monitoring system (R 20 42)

    Vm Lighting triggers automated meeting-announcement messages half a day early, and repeats them for 6.5 hours (R 21 65)

    VH Green-Card law firm uses the Internet to broadcast ads; volume of protest traffic shuts down systems (S 19 3:9)

    Vm Basketball scoreboard clock fails as reporters PCs overload power (S 13 3)

    $Vf Australian betting network downed after software inconsistencies (S 13 3)

    $V Betting computer crash invalidates winners; class-action suit wins (S 19 4:9)

    (h) Fire destroys on-line (sole) copies of secret ice cream flavors (S 13 3)

    Vm NY Times omits op-ed page due to "computer breakdown" (S 20 5:9)

    $Vh IRS has no contingency plans for computer disasters (GAO report) (S 11 2)

    $Vhf Software can burn out PC monochrome monitor (0 horizontal sweep) (S 13 3)

    f Hewlett-Packard recalls personal organizers, battery change loses data (S 21 2:18)

    *m Product safety recall for Textronix TDS210/220 oscilloscopes (R 19 88)

    Vf VMS tape backup SW trashed disk directories dumped in image mode (S 8 5)

    Vf VAX UNIX file system disk purge runs amok at various locations (R 5 04)

    m Disk failures after extended shutdown, bearing seal problem (S 15 3)

    $m Electronic flash of BBC documentary crew hangs tape drives (S 12 4)

    m EPROMS susceptible to ultraviolet, bright lights (S 14 1)

    Sf Spreadsheet program destroys database (S 13 1)

    fm$, etc. A List of cases in which spreadsheets have caused trouble: http://arkfeld.blogs.com/ede/email/

    fhi More on risks of spreadsheet errors (R 24 13)

    m Rats take a byte out of Ugandan exam computers (R 20 05)

    ..... Other accidental denials of service due to interference:

    $SM Computer interference from McDonalds toasters; paychecks higher (S 15 1)

    $SfM Sputnik frequencies triggered garage-door openers (urban legend? or real? (revisited in R 23 19)

    $SfM Pres.Reagan's Air Force One jams 1000s of garage-door openers (S 11 2)

    SfM Fort Detrich communications jam garage-door openers? (S 13 1)

    SM Garage door interference again - Mt Diablo and the Navy (S 14 5)

    M EMI from USS Carl Vinson opens garage doors in Hobart (R 20 31)

    SfmM Risks of Army ordnance being autozapped by EM radiation (HERO) (S 16 2)

    SMi C-Guard antijam system jams cellular communications (R 19 73-74)

    $VSmM Sunspots disrupt communications, Quebec power station, ... (S 14 5)

    mM? Effects of Leonid meteor shower in 1998-99 on satellites? (R 19 23)

    fmM Faulty car alarm jams S-band downlink for Lewis satellite (R 19 24)

    *fM Keyless remotes to cars suddenly useless (R 23 45; S 30 1:12)

    SM Johnny Carson loses his hat to electronic interference (S 14 6)

    mM Clocks leap forward gradually. Power line interference! (S 16 2)

    *SM Airlines ban in-flight mouse use: interference with navig. systems (S 17 3)

    *mM More on risks of RF interference in aircraft: cell-phone linked to London to Istanbul crash-landing? (R 19 34,36,37)

    *SM Electronic interference affects airplanes, car brakes, robots (S 18 3:A10)

    *SfmM More on risks of electromagnetic interference: medical devices (R 18 47) and airplanes (R 18 47,52)

    SmM Interference effects of the next cycle of solar activity (R 18 62,63)

    *SM Opel Corsa stops for mobile phones (S 18 3:A10)

    *SM Interference from mobile telephones affects hearing aids, cars (S 18 3:A10)

    @VMf$ Sydney's new Millennium trains put on hold by electrical signal interference problems; very complex system with other problems as well (R 22 68-70)

    VmM Mobile phone interference dependably crashes Netware servers (S 22 2:20)

    SM Football coach-to-QB-helmet transmission interference problems (S 20 1:19)

    SM RFI affects Kroll K-154 building-construction cranes in Toronto (S 20 1:20)

    SM Microwave interference affects construction cranes in Seattle (S 20 1:20)

    SM Accidental EMI observed during Emergency Response seminar! (S 20 1:21)

    MH? Oral hackers could disrupt voice-operated systems (S 20 2:13)

    SM British hospitals ban portable phones because of interference (S 20 3:10)

    M* Studies of high-altitude cosmic-radiation effects on memory loss (R 18 79,81)

    SM Risks of erasable "cash" in SmartCards? (R 20 25)

    $mM? Damages awarded after Sleepezee Beautyrest high-tech bed controls went berserk. Electromagnetic interference? (R 19 11)

    @!!M Sheffield (20 deaths), pacemakers (2 deaths), @SfM Electrocauterizer disrupts pacemaker (S 20 1:20)

    @*SfM Air Force bombs Georgia - stray EMI?; @*M$ Challenger communications, CB auto interference, Ghost phone calls; @*M Fail-unsafe effects of microprocessor controlled autos; @*M Nuclear reactor knocked offline by 2-way radio in control room; @$M telephone outages, stock exchange outages, Tomahawk 2, Black Hawk; @$M "Grind" and "Sunset Boulevard" sets; and other cases noted here; @M Display lasers affect aircraft: pilots blinded over Las Vegas (R 17 55); @M Melbourne Airport VCR RF interference affects communications (R 17 44)

    @VSM New HDTV signal shuts down Baylor heart monitors on same frequency (R 19 62)

    @SfM Case of GPS jamming of Continental flight by failed Air Force computer-based test (R 19 71) more on GPS jamming/spoofing: British Airways flight lost all three GPS systems while French military was testing jammers; Continental DC-10 lost all GPS signals while Rome Lab was experimenting with jammers (R 19 74,85)

    @SM Cell phones can interfere with auto systems (R 19 63)

    @*SM Sudden auto acceleration due to interference from CB transmitter (S 11 1)

    @*M Sudden acceleration of Dutch bus commonplace: interference (S 23 1:11, R 19 40)

    @SM Czechs ban mobile phones in gas stations (interference) (R 19 68-69)

    @mM? Air Force bombs Georgia - stray electromagnetic interference? (S 14 5)

    @*$VfM Libyan bomb raid accidental damage by "smart bomb" (S 11 3) F-111 downed by defense-jamming electromagnetic interference (S 14 2) More on U.S. radio self-interference in 1986 Libyan attack (S 15 3)

    @VM Australia's Melbourne Airport RF interference affected communications, traced to an emanating VCR! (R 17 44)

    1.30 Law Enforcement Abuses, False Arrests, etc..

    ..... Database and audit-trail abuses:

    !P Stalker obtained address of TV actress Rebecca Schaeffer from Calif DMV DBMS, and murdered her, July 18, 1989; new regulations on DB access: notify interrogatee, then delay response for two weeks (S 14 6, R 9 18)

    !*$SHI Arizona ex-law-enforcement officer tracks down and kills ex-girlfriend; GAO report on NCIC itemizes that and many other flagrant misuses (S 18 4:7)

    !SHh Woman shot by former classmate who used Internet broker to gain information (R 22 46);

    !SH Man allegedly stalks ex-girlfriend with help of GPS (SmartTrack?) under her hood (R 22 46)

    $SHI NY police chief indicted for misuse of confidential database (S 13 4)

    SHI 3 police officers sentenced for misusing Police Nat'l Computer (S 14 2)

    S Risks of STOVEACT, phone-enabled STOlen VEhicle [de]ACTivation (R 19 66)

    *SHI SanFran police officer charged with deleting a warrant (S 17 1)

    $SPHI 45 LA police cited for searching private computer records (S 18 1:21)

    $SPHI Theft of 8.5K criminal records; investigator, 2 police indicted (S 18 2:16)

    SH Maryland defense lawyers hustling clients from database of arrest warrants, sometimes tipping off defendants prior to arrest! (R 19 48)

    $SPH Police frame sisters on murder charge with bogus ATM evidence (S 18 4:9)

    P Victim ordered to surrender computer and passwords (R 19 43)

    @S Risks in altered live video images: L-vis Lives in Virtual TV (R 18 18-21)

    @P 8 convicted killers sue to prevent Mass from monitoring phones (S 19 4:12)

    @$SHAI Mass. hospital technician accessed ex-employee's account, accessed 954 files, harassed former patients, raped girl (R 17 07, SAC 13 3)

    The New York Times Web site exposes CIA agents (R 20 93)

    SPhi Risks of automated pedophilia detection (R 23 28)

    ..... False arrests and hassles resulting from mistaken identities

    $Phi Repeatedly detained (S 10 3:14 quoting David Burnham in The New York Times; S 11 1) for actions of an impersonator, Terry Rogan wins rights violation case (S 12 4); settles for $55,000 from LAPD (S 13 2)

    $Phi Other cases of false arrest due to computer database use: C.R. Griffin license not suspended; Sheila Jackson Stossier mistaken for Shirley Jackson; two Shirley Jones, diff birthdays, 6", 70 lbs diff (S 10 3:14)

    SPH John Munden, UK policeman, acquitted after having his bank account cleaned out and false fraud accusation. Must read this one. (R 18 25)

    VHm Computer crash falsely blamed on San Mateo Dist.Atty computer chief by would-be successor (S 22 5:14)

    Phi Richard Sklar falsely apprehended three times because of impostor (S 14 2)

    $Phi Roberto Hernandez falsely jailed twice; won $7000 first time! (S 14 5)

    $Phi Joseph O. Robertson in for 17 months despite contrary evidence (S 14 5)

    *Phi Martin Lee Dement 2 yrs LA County jail; fingerprint sys not used (S 14 6)

    *$H Another bogus identity: someone with fake ID obtained a duplicate driver's license for Teresa Stover from the Virginia DMV license; `perhaps thousands' of fraudulent licenses `bought', often by illegal aliens (S 16 3); ring of bogus license sellers

    Phi Donny Ray Boone spent 41 days in jail because his name was similar to one mentioned on The Osgood File (noted in Computer-Related Risks)

    Phi Wrong Neil Foster arrested on incomplete database match (S 13 2)

    Phi More computer-inspired false arrests, libel, etc. (S 12 3)

    *hi Nonupdated stolen-car database; one owner shot, one roughed up (S 21 4:14)

    *P(f/h?) Driver arrested in computer muddle: two cars with same plates (S 17 1)

    *i Police raid wrong house (twice), due to uncorrected database typo (S 17 1)

    hP Two Russ Hamiltons with same birthdate; wrong one jailed (S 19 3:6)

    *$h Rented car falsely listed as stolen leads to false incarceration (S 16 4)

    *h ATM photo of wrong person sent as rapist/robber; `downloading error' (S 16 4)

    - Motorist gets citation based on photo, responds with photo of money (S 16 4)

    hi Ex-worker falsely arrested for deleting files; files were there! (S 20 2:8)

    fh? Man jailed erroneously because of computer glitch (S 23 3:23, R 19 58)

    hi Mistaken identity: Going to jail innocently over a speeding ticket (R 19 69,71)

    Ph Bank robbery "wanted" poster of wrong person due to unchecked match (R 19 29)

    Pi 70-yr-old black woman Johnnie Thomas mistaken for erstwhile FBI-top-ten man aliased as John Thomas Christopher while he was in jail; Oregon still would not remove her name from their computers (S 27 04:, R 22 07)

    Phi Ed Felten's sister-in-law victim of name confusion with Ponzi schemer (S 27 3:8, R 21 90)

    *$SPhie More false arrests based on bad law-enforcement data and sloppy law enforcement checks, failure to remove expired warrants (R 22 61, S 28 3:7-8)

    *fh ATM time-synchronization errors lead to mistaken arrests (R 22 73,76,78,79, S 28 6:13)

    *hi Wyoming woman falsely arrested on cruise ship under federal charges (R 23 43; S 29 5:16)

    ..... Effects of false database information

    False data entry for felony arrest hinders job seeking (R 20 92: S 26 1:29-20)

    hP Erroneous law-enforcement data from Choicepoint: Privacy Foundation's Richard Smith discovered he had been dead since 1976, and had aliases with Texas convicts; Chicago woman misidentified as shoplifter and drug dealer, and fired. (Florida election erroneous disenfranchisement of thousands of voters also traced to bogus Choicepoint data; Choicepoint blames its data aggregator, DBT.) (R 21 42)

    ..... Prison problems:

    !m Busy Philippine phone lines prevent stay of execution; ultimate denial of service in unreceived death reprieve (R 20 47)

    hi Philadelphia jail keeps 100 despite case dispositions (S 21 4:13, R 17 80)

    *SHA Santa Clara prison data system (inmate altered release date) (S 10 1)

    *SHA Drug kingpin escapes LA County prison via bogus release message (S 12 4)

    SHA Convicted forger released from Tucson jail via bogus fax (S 17 1)

    SHA Another phony-fax get-out-of-jail scheme: Richard Foster (S 23 1:14, R 19 27)

    *f Seven Santa Fe inmates escaped; prison control computer blamed (S 12 4)

    *hi Oregon prisoner escaped; frequent-false-alarm alarm ignored (S 12 4)

    *ref New Dutch computer system frees criminals, arrests innocent; old system eliminated, and no backup possible! 1987 (S 12 4)

    Semh Another computer-miscontrolled jail enables escape (S 23 1:14, R 19 44)

    hf Prisoner released due to program design flaw (S 23 3:23, R 19 59)

    Sf Kenton County KY Detention Center cell doors opened spuriously, remained open for 9.5 hours (R 20 24)

    Sf New Southeastern Ohio Jail emergency evacuation system malfunctions, unlocks doors prematurely, prisoner walks out! (R 20 83)

    m Scottish jail hi-tech fingerprint-authenticating door-locking system broken and undetected for one month (R 24 05; S 30 6:18-19)

    df New Tulsa County jail system development woes set back operation (R 20 39)

    f New El Dorado jail cell doors won't lock - computer controlled (S 13 4)

    Sf San Joaquin CA jail doors unlocked by spurious signal; earlier, inmates cracked Pelican Bay State Prison pneumatic door system (S 18 2:4)

    fm Oklahoma power outage freezes jail doors (S 18 2:4)

    f Northern Calif. jail-door openings due to software errors (S 19 3:11)

    S Limon (Colorado) prison is claimed to be escape-proof! (S 18 4:10)

    fmh Multitude of new Pittsburgh Jail system woes (S 20 5:9)

    hi Data entry omission extends prisoner's sentence (S 21 5:17)

    hifm Baltimore (MIS)throws the book(ing database) at criminals (S 21 5:17)

    @SP Justice Dept wants to scrutinize parolee computer use (R 18 70)

    HSP Texas prisoner convicted of rape employed to enter Metromail survey results, harasses respondents (R 19 13)

    ..... Other law enforcement problems:

    fh$ UCITA, the Uniform Computer Information Transactions Act (Schneier, S 25 4:8 and R 20 87, and Simons in August 2000 CACM Inside Risks); UCITA allows vendors to have total immunity from liability; bar use of proprietary interfaces; inhibit constructive reverse engineering, even for debugging and patching; install trapdoors that enable them to disable installed software remotely! (electronic self-help); forbid publication of criticism! OUTRAGEOUS. Already passed state legislatures in Maryland and Virginia. UCITA encourages DoS and DDoS Vulnerabilities (S 26 4:4-5, R 21 27); more on UCITA (R 21 35); It's time to bury UCITA (S 26 6:10-11, R 21 41)

    @Sf SDMI Secure Digital Music protocol challenge cracked; RIAA threatened to sue Princeton prof Ed Felten's team if the results were published; the paper presentation was withdrawn (S 26 4:5, R 21 37)

    @Sf Lawsuit against 2600.com for posting DVD security crack DeCSS (R 21 37)

    @f Digital Millennium Copyright Act (DMCA) problematic as well (S 26 4:5, R 21 37)

    P WIPO Copyright legislation, HR 2281; amendment permits reverse engineering for crypto research and security evaluation (R 19 88)

    m FBI Interstate Identification Index database system crashed on 11 May, for three days preventing background checks of some 100,000 would-be gun purchasers, and use of the NCIC 2000 Integrated Automated Fingerprint Identification System (R 20 88)

    m*(!?) Inacessible database leads to police friendly fire in Spain (S 22 4:29, R 18 88)

    $f New Dutch system fails to cope with police ticket writing (S 16 4)

    * Undercover police use CHAOSNet BBoards in `snuff' film bust (S 14 6)

    fi INS suspends immigration process due to EDS fingerprint data format incompatibility (R 20 10)

    f Fault in electronic leg tag indicates false-alarm escape (S 14 6)

    *mf System fails to report movements of murderer with electronic anklet (S 17 3)

    fh Monitoring systems cause unintended changes in [Bell Canada operator behavior and] Metro Toronto Police (S 18 2:6)

    f Long Beach CA crime statistics affected by program error: Computer program gives police a bum rap (R 10 77; S 16 2)

    - Old bounced checks jail hotel employee on visit from Barbara Bush (S 17 3)

    $h Fees on unused account overdraw, generate felony arrest warrant (S 18 1:15)

    - Swedish court fines parents for son's overly long name (S 21 5:17)

    i Australian court emulates Swedes (S 21 5:17)

    @SH "Virus" removes security barriers in Italian judicial computers (S 17 3)

    @$ NSWales computer deregisters all police cars; unmarked car scofflaw (S 15 2)

    @SP Police can't crack crypto used by Basque terrorist organization (S 17 3)

    @SH* NY Police Department phone system cracked (S 21 5:19)

    - Woman on murder charge blames chip implanted in brain by ex-husband (S 17 3)

    fi Computer-generated will rejected by court (R 17 95)

    fe When it was automated, Paris police computer mismatched split-out Corsican city code with postal code, and was unable to collect motorists' fines (R 19 41,42)

    i Risks of Florida's automating traffic citations (R 19 34)

    - Computer glitch turns traffic ticket into sex conviction (R 19 73)

    ..... Law enforcement successes:

    + Forensic use of GPS to catch murderer (S 23 3:26, R 19 83)

    1.31 Identity Theft, Internet Fraud, Mistakes, Related Problems

    ..... Identity theft and its precursors:

    @$Phi Repeatedly detained (S 10 3:14 quoting David Burnham in The New York Times; S 11 1) for actions of an impersonator, Terry Rogan wins rights violation case (S 12 4); settles for $55,000 from LAPD (S 13 2)

    $HP Imposter usurps Clinton Rumrill's existence (S 19 3:7)

    $HhP New license sent to imposter who plagued Charles Crompton (S 19 3:7)

    $SH 550 felonies in 1991 for SSN misuse; 12 people adopt a single SSN; $10,000 charge loss; 5 people cleaned out someone else's benefits (S 16 4)

    SP Impersonator transfers numerous traffic citations to victim (S 17 2)

    SHA Masquerader's name collision lands robbery victim in jail (S 23 1:14, R 19 28)

    SHA NC identity theft defeated by victim's wife (R 20 08)

    SP Report on identity theft (S 25 3:22, R 20 77)

    SPh Actor Jerry Orbach sues eBay for auctioning off a contract containing his SSN, leading to fraud (R 20 85); new identity theft case (R 20 86)

    SPHh Serious increases reported in identity theft (R 20 95, 21 04-05; S 26 1:34) See http://www.calpirg.org for possible assistance if you have been had.

    SPH California DMV fosters identity theft: 100,000 of 900,000 duplicate license requests in 1999 were fraudulent! (R 21 07; S 26 1:34); Identity theft risks with California driver's licenses as primary IDs (R 21 29-32,36); and supermarket discount cards (R 21 30); video rental aftermath (R 21 30)

    SP Indiana University system penetration detected offloading of student info files; fears of identity theft (R 21 29)

    SH$ Pair held in plot to steal thousands of mortgage identities (R 22 72; S 28 4:9)

    SHA Bogus computer-generated letters sent out in Bradford UK requesting original birth certificates (suitable for identity theft!) so that local council could recreate lost computer records (R 21 44)

    SP More identity thefts: To drive or to avoid identity theft: mutually exclusive? SSNs, laws, etc., nice analysis by Brett Glass (R 21 39); concerns for identity theft often go unheeded (R 21 54); risks of identity theft resulting from moving, DMV, SSN, etc. (R 21 54,55); huge identity theft uncovered: chat-room files with SSNs, drivers' license numbers (R 21 56)

    $S FBI arrests dozens for Internet fraud, growing problem (R 21 42); Internet Ponzi scam nets $50M (R 21 51)

    $SH U.S. cracks down on Internet fraud; 130 people charged, 90 investigations involving 89,000 victims, losses at least $176M (R 22 73, S 28 6:11); Gartner Group estimates 3.4% of U.S. consumers suffered ID theft in 2002; arrests in only one out of every 700 cases (R 22 82, S 28 6:11); identity theft victimizes 3.3 million in 2002, costs billions: businesses $32.9B, consumers $3.8B; 6.6 million victims of account theft (R 22 90)

    $SHAO 18-yr-old Brazilian arrested for thefts using the Internet, with $3 million in his account, stolen credit-card info, etc. (S 27 6:13, R 22 15)

    SH Internet fraud complaints triple in 2002, including auction fraud, nondelivery of goods, credit fraud, fake investments (R 22 71)

    SP California birth records acquired by RootsWeb.com, placed on the Internet; increasing risks of identity theft? Opt-out only (R 21 80); PGN attempted to opt out. The response was that they have removed the entire databases for California and Texas (R 21 81)

    SP Identity theft without prior knowledge of SSN (S 27 2:14-15, R 21 82,83)

    SHhH Another case of identity theft; identity hijacker reversed the corrective changes! (R 21 93)

    SHP Dictionary attacks can result in eBay identity theft (R 21 98); eBay lack of security facilitates fraud, locks out legitimate user (R 22 01)

    SPH Bogus "IRS Form W-9095" not issued by the Gov't, with considerable identity theft potential, renounced by Secret Service (R 22 02)

    SP Stiffer penalties sought: 2 to 5 years in jail for aggravated identity theft (R 22 06)

    SHAI/O Massive identity theft ring broken up misusing Ford Motor Credit credentials, with 30,000 victims (R 22 40; S 28 2:13)

    SHAI/O? Theft of information on 500,000 military-related from TriWest Healthcare Alliance on 14 Dec 2002 (R 22 46; S 28 2:14)

    SP Identity thefts: Alleged ID thief accused of identity theft on 12 Boston lawyers, using birth certificates and credit reports, evaded authorities for a year; previously convicted of fraud (R 22 20); Online job listing leads to ID theft scam via bogus `background check' (R 22 35); 4MyEmergency.com gathers personal info in case of disaster, ripe for misuse (R 22 26); Busboy pleads guilty to ID theft (R 22 28) [follow-up on (R 21 29)] Potential ID theft risk in X-Box gamezone (R 22 39); Identity thieves create change-ebay.com with a stolen credit card, scam obtains eBay user names and passwords (R 22 40,43); Yet Another eBay-Spoofing Scam (R 22 98); H&R Block employees suspected of identity theft against 27 customers (R 22 46)

    SP+ Virginia Identity Theft Passport identifies theft victims as victims, (R 22 80,81) and risks of its being forged! (R 22 83)

    SHPf Virginia grievance system online, except SSN is all that is needed to access the file (R 22 77)

    $SHP Identity thefts doubled from 2001 to 2002 (R 22 52; S 28 3:7)

    $SHP 19 charged in identity theft that netted $7 million in tax refunds (R 22 54, S 28 3:7)

    $SHP Identity theft evidently based on spoofing AOL (R 22 56, S 28 3:7)

    SP Canadian Centre for genealogical information might become a Centre for Identity Theft! (R 22 51)

    SHP Fake job listings on Net fostering identity theft (R 22 60)

    $SHP Identity mixup: NZ teacher identified as prostitute (R 22 62, S 28 3:7)

    *$SHPh The darkest side of ID theft: victim being arrested (R 22 62, S 28 3:7)

    *$SHPh Wrong man arrested after identity theft (R 22 62, S 28 3:7)

    @*$SPhie More false arrests based on bad law-enforcement data and sloppy law enforcement checks, failure to remove expired warrants (R 22 61, S 28 3:7-8)

    *SPhie Security holes at DMVs nationwide lead to identity theft and safety concerns (R 23 16)

    $SHP Most identity theft occurs offline; computer crimes only 12% of all ID fraud cases (R 23 69)

    SPh BofA loses unencrypted backup tapes in transit with data for 1M federal employee customers (R 23 76,77)

    $SHAOP ID thefts: ChoicePoint warns 145,000 people of ID theft concerns (R 23 73; S 30 3:33-34) Paris Hilton wireless phonebook compromised (R 23 76; S 30 3:34; masquerader posing as cell-phone operative, R 23 90); DSW Shoe Warehouse customer information compromised (R 23 78; S 30 3:34); Breakin at SAIC risks ID theft for tens of thousands of past/present employees (R 23 73; S 30 3:34); Boston College loses SSNs and other data on up to 100,000 alumni (R 23 80; S 30 3:34); University of Cal Berkeley laptop theft compromises 98,369 alumni, grad students and applicants; new California law requires disclosure (R 23 82; S 30 3:34) 310,000 Lexis-Nexis records accessed by identity thieves (R 23 84; S 30 3:34)

    SPh Time Warner backup tapes lost with 600,000 records (R 23 86; S 30 4:31)

    $SHPI 48,000 Wachovia customers. 600,000 Bank of America customers, and others from Commerce Bank and PNC Bank of Pittsburgh notified that their financial records were potentially compromised by insider operation; laptop with information on 16.500 MCI employees stolen (R 23 88)

    SHP$ Citibank: Japanese division lost mag tape on 120,000 customers, and in the U.S. lost a box of tapes on 4,000,000 American customers sent by UPS. Also 10 million consumers victimized by identity theft each year; quote from Mike Gibbons: "I think there are some people who dismiss this as a sky-is-falling problem. But the sky has already fallen and it's just a matter of when a piece hits you in the head." (R 23 90)

    SHP 3.1 million UK HSBC customers exposed (R 24 37-38, S 31 6:29-30)

    SHP UK bank details sold in Nigeria (R 24 38)

    SHPO$ Colorado Attorney General John Suthers victim of identity theft; hecks issued by a credit card company for a cash advance promotion were stolen from his home mailbox (R 23 90)

    SHPAO Penetrator accesses files at Equifax (R 23 91)

    SHI$ Virginia DMV fraud again; illicit licenses cost up to $3,500 each (R 23 94); many years ago, the bribe was only $25 for a notorious Virginia DMV office.

    SHPI Indian call centre 'fraud' probe: info on 1000 customers sold (R 23 93)

    SP Private, personal medical info on hundreds of people faxed to wrong location; HIPPA hotline not interested (R 23 90)

    SPf Programming error leaves USC application system wide open (R 23 93,95)

    SHhiP CardSystems' noncompliant practice compromises credit information (R 23 91; S 30 4:29-30); auditor claims they were compliant! (R 24 04)

    SHhP The ChoicePointSyndrome: Robert Ellis Smith's Privacy Journal provides a compendium of recent breaches of sensitive personal information, including CMU Business School, Tufts Univ. (106,000 alums), ChoicePoiint (sold data on up to 500,000 people), DSW Shoe Warehouse (1.4M customers), HSBC (180,000 GM MasterCard holders), Ameritrade (200,000), Canadian Imperial Bank of Commerce, four state DMVs, Iron Mountain (lost Time Warner backup tapes - fourth such loss in first half of 2005), Cal State Chico, U.Cal Berkeley (100,000 SSNs), Kellogg School of Management at Northwestern (21,000), Colorado State Health Dept. See www.privacyjournal.net. (R 23 88; S 30 4:28-29) They all add up to more opportunities for Identity Theft!

    SHP 33,000 USAF personnel in compromised database (R 24 02; S 30 6:21)

    SHP Ameriprise Financial stolen laptop had personnel data on 230,000 (R 24 16)

    S(f/m/h?)P Canterbury University (AU) student personal records exposed on the Web (R 24 17)

    SHP AU Centrelink (social services) staff busted invading Australians' privacy (R 24 39)

    ShP Japanese newspaper The Mainichi Shimbun employee copied data onto his computer, which was infected, leaking information on 66,000 subscribers to the Internet (R 24 27)

    SHP Drexel personal information on stolen laptop (R 24 27)

    ShP Iron Mountain, data storage firm, apologizes for loss of tapes with personal info on 17,000 LIRR employees (R 24 27)

    SHP 26.5M veterans' data cache stolen (R 24 29, S 31 5:20)

    SHP Identity Theft With Google Code Search: can find SQL injections, buffer overflows, backdoor passwords (R 24 45, S 32 1)

    SP The Guardian's billing dept. aids identity theft (R 24 50)

    +/- Legislation seeks to end identity theft (R 24 78)

    +/- New UK biometric passports and identity theft (R 24 94)

    ..... Risks of identifiers, particularly as authenticators:

    SPHfm Risks of national ID cards and supporting infrastructures, and risks of belief in identities (S 27 1:11-12, R 21 74-75); see also
    http://www.csl.sri.com/neumann/insiderisks.html#138

    SPIOA Risks involved in Social Security Admin PEBES database (R 19 05,06,09,12); legislation to bar use of personal information (R 19 10); See PGN's U.S. House testimony on PEBES and identity theft (http://www.csl.sri.com/neumann/ssa.html), subsequent extended position paper for an SSA panel (http://www.csl.sri.com/neumann/ssaforum.html); more on PEBES database problems (R 19 16); SSA restores PEBES service, with opt-in and a few other safeguards (R 19 37)

    SHA Knowledge of SSN sufficient to convince SSA falsely of Kirsten Phillips' death (R 19 39)

    SP Risks of SSNs: Chris Hibbert's SSN FAQ (http://cpsr.org/cpsr/privacy/ssn/ssn.faq.html) (R 19 12);

    SP CALPIRG Theft Identity Guide for protecting your identity http://www.pirg.org/calpirg/consumer/privacy/toi/prevent.htm (R 18 91)

    $Phi Discussion of identity cases, Inside Risks, CACM, 35, 1, Jan.1992.

    P Identity theft risks with California driver's licenses as primary IDs (R 21 29-32,36); and supermarket discount cards (R 21 30); video rental aftermath (R 21 30)

    $P Abraham Abdallah arrested while picking up equipment for making bogus credit cards, had data-mined SSNs, addresses, birthdates, etc., for 217 of the Forbes Magazine richest 400 U.S. people, also had 400 stolen credit-card numbers; caught trying to make $10M transfer (S 26 4:9, R 21 29)

    ..... Other personal name confusions and mistaken identities

    Phi More mistaken-identity nightmares: O'Connor, Taylor, Stapelton (S 13 2)

    Phi Michael W. Klein, mistaken identity due to outrageous mismatch (S 20 2:7)

    hi Two Belinda Lee Perrys share the same birthdate (S 21 4:13, R 17 88)

    $Phi Identical database record names cause nasty tax problem in Canada (S 12 4)

    h Two Steven Reids in Montreal sharing same birthday (S 18 1:22); See also Don Norman et al., on-line (R 14 12-17) on Name Problems

    hi Medical identity problem: confusion between Jim and James (S 23 3:24, R 19 46)

    @f,h,i Ordering airline tickets on-line: name confusions on e-tickets, with similar names (R 19 28) and identical names (R 19 29)

    fh Nasty name recognition problem in New Mexico state DMV and tax system arises in seeking interoperability (R 20 04)

    e Memorial Society software upgrade loses some life-time members (R 21 08; S 26 1:26)

    $f? Disabled mother barred from receiving tax credits because of computer inability to handle hyphenated surname (R 22 69)

    Pfhi Social Security Administration sends cards to the wrong place, won't admit it's due to buggy software they need to fix (R 24 01)

    1.32 Other Legal Implications

    !$ Deaths of 3 lobstermen in storm not predicted by National Weather Service - 3 mos unrepaired weather buoy; $1.25M award (S 10 5) [NY Times, 13Aug1985] Overturned by federal appeals court. [AP, 15May1986] (S 11 3)

    !m Spider triggers alarm, investigating dog is sick, man is shot (R 18 46)

    SPH+/-? Discussion of Communications Decency Act, unconstitutionality (R 17 74), federal court judge enjoins indecency provision; foreign implications (R 17 71,72,83,91,92, EPIC Alert 3.04); Federal Court rules against Communications Decency Act (S 21 5:19); another ruling against Communications Decency Act (R 18 29)

    S ITAR to allow personal-use export ("Matt Blaze exemption") (R 17 75, S 21 4, SAC 14 3)

    SP Judge: Computer encryption codes ruled protected speech (S 21 5:19); 9th Circuit Court of Appeals upholds district court in Bernstein case (R 20 38)

    $SH Anticracking bill S982 passes senate; between $2 and $4 billion in losses in 1995 reported (R 18 48)

    P California court rules unwanted e-mails are "trespassing" in Intel case (R 20 35)

    S ACLU files suit vs. Georgia Internet law against Web-spoof frauds (S 22 1:20)

    f Caldera lawsuit over being sabotaged by Windows 3.1; MS claims lost source code invalidates lawsuit! (R 19 94)

    $ SAP sued by bankrupted FoxMeyer Corp. for delivering unsuitable order-processing software; SAP disagrees (R 19 94)

    $hi Publishing wrong phone area code (800 instead of 888) costs Gateway $3.6 million in court settlement (S 27 6:10-11, R 22 17)

    SH Theft of UN computers impedes war-crime prosecutions (S 21 4:18, SAC 14 3)

    *$ EC Machine Safety Directive enables suits over unsafe HW/SW (S 18 1:26)

    $hfff Salvage Association awarded £662,926 from CAP Financial Services after badly botched accounting system was scrapped (S 18 1:8)

    $H Logisticon disabled Revlon SW in contract dispute (S 16 1)

    H? SoundWars: Creative Technology vs. Media Vision, SW sabotage? (S 17 4)

    $PH INSLAW case over Promis SW - US House report available (S 18 1:7)

    P Shetland Islands newspaper hyperlink controversy over Web links (S 22 2:20); subsequent reports (S 22 4:27, R 18 78-79,81)

    $PH Borland vs Symantec lawsuits based on MCI Mail evidence (S 18 1:19)

    S Risks of VeriSign digital certificates - legalese (R 18 47)

    $ MS-DOS 6.0 infringes on Stac compression, Microsoft pays $120M (S 19 3:8)

    $ Reuters Holdings PLC delays Dealing-2000 over liability issues (S 16 1)

    S Conflicting testimony in NYC case; differing phone records (S 16 3)

    + E-mail provides evidence in LA police probe (S 16 3)

    ih Van Nuys CA doughnut shop turns up in LAPD database because it is closest address to high-crime mini-mall street (R 18 70)

    $SPH Case of Oracle wrongful termination based on e-mail evidence (R 18 07-08); disposition: Adelyn Lee vs Oracle's Larry Ellison: The (f)e-mail of the PCs is more deadly than the bail (S 22 4:27-28, R 18 81)

    ! Discussion of New Orleans police chief murdering accuser despite wiretap (Shabbir Safdar, R 18 01)

    + PC file name "murder" contains plotting details for alleged murder (S 16 3)

    S? UK libel writ served overseas by e-mail (R 18 09)

    @$f UK poll taxes uncollected; flaw in ICL Comcis SW; printout ruled invalid evidence, unitemized dunning notices rejected by court (S 18 1:10)

    + Newly linked fingerprint file breaks unsolved SanFran 1984 murder (S 17 2)

    SH+ Bogus flying-saucer message traps police-band sniffers (S 18 3:A8)

    P+ Marijuana conviction based on anomalous use of electricity (S 18 3:A13)

    $SH London police foil million pound hacking plot (S 17 2)

    * Computer records for bus tickets contradict killer's bogus alibi (S 17 1)

    SPH Colorado Spgs Mayor reads Council e-mail, says it should be public (S 15 3)

    $h US court rules computer malpractice in Diversified Graphics case (S 15 1)

    $h Lawsuit vs Lotus' Symphony dropped (omitted General Costs proposal section) (S 11 5:11-12, 12 1)

    $fh SAP software leaves German SPD membership list in limbo (R 20 41)

    $ Uncertainties about PC shutdown damage while under lawsuit (S 15 5)

    $f Lloyds Bank pays £50K in libel suit over misbounced checks (S 18 1:13)

    $* Risk: Analysis, Perception and Management (report), assessing the worth of a human life around £2M to 3M, .5M in UK Transport Dpt (S 18 1:11)

    @$S Laser printer counterfeiting and new US legislation (S 15 5)

    @SH$ Lawsuit against Epson on e-mail privacy rights (S 15 5)

    @SH Litigated cases (Mitnick, Zinn, Burleson, Morris, British Telecom, ...)

    @SH Implications of Sun Devil investigations

    @$SPH TRW settles lawsuit with FTC, 19 states on privacy violations and erroneous data; improvements required, $300K payment (S 17 1)

    *$ Can a computer system be held liable? (S 15 1)

    $ Prodigy liable for contents because they exert editorial control (S 20 5:10)

    +/-? Proposed Virginia law on self-disabling software (S 20 2:12)

    ** Launch on warning legality subject of law suit (S 10 2, 11 5) [suit lost]

    H FBI's Cal House sting: ten-fold rise in computer backup deletions (S 13 4)

    $SH Cable freeloaders caught in sting by ad offering free T-shirt (S 18 2:14)

    $SH Users of pirated Cadsoft stung by offers of free program (S 18 2:14)

    $SH Cable-TV sting operation: Ireland traps stolen black-box users (S 19 4:13)

    $hSH FBI Medicare sting backfires; reported losses exceed $160K (S 20 2:11)

    $ Sex-therapy software risks (S 11 2)

    $ Computerized sex ring broken; records seized (S 11 5, S 12 1)

    S Further risks of computers in prostitution (S 14 1)

    $ $3M hi-tech prostitution ring raided, 4000-name database captured (S 17 1)

    $ Heroin smugglers caught; stored computer data used as evidence (S 12 1)

    * 7 terrorists arrested via phone numbers in wrist-calculator (S 12 3)

    + Residual evidence still stored in Psion EPROM nabs drug smuggler (S 13 2)

    + Robbers call first, break in, erase answering machine message, but are caught based on CNID record of the call (R 16 32)

    SP Incorrect phone trace lands Bostonian in jail; digits transposed (S 20 3:11)

    + Portuguese drug ring ensnared by pager technology (S 19 3:10)

    $ War-on-drugs communications network stalled by budget squeeze (S 17 2)

    $H Schwab employees use e-mail to sell drugs (S 17 3)

    * Detailed telephone bill provides alibi for accused murderer (S 12 1)

    * Mobile phone ID may trap British kidnapper? (S 17 2)

    $m Israeli supreme court appeal blamed on computer malfunction (S 11 5)

    *$ Expert systems for criminal investigations (S 11 5)

    $H Blackjack gambler with microprocessor faces trial (S 13 2)

    $H Financial-computer penetrator acquitted: "Welcome to the..system" (S 12 1)

    $h Man arrested after shooting his computer (S 12 4)

    $H America's Cup floppies held to ransom for telemetry data (S 12 1)

    $H Computer network used to advertise $250,000 in stolen ICs (S 12 3)

    $H U2 rock-band ticket oversell detected, shuts out scalpers (S 17 2)

    $h Canadian civil servants charged $1,270 for private computer use (S 12 3)

    $h NM court's docketing files erased in botched backup; $1300 cost (S 15 3)

    - Brazilian corruption probe runs out of computer resources (S 19 1:3)

    $P Minnesota Nintendo Lottery from your home proposed, withdrawn (S 17 1)

    SPH Exon anti-cyberporn bill (S 20 3:11)

    SHI Massachusetts welfare fraud investigators fired: tax-record misuse (S 22 1:20)

    $S Risks of Conn. fingerprinting system to catch welfare recipients (R 18 69) Also, note earlier NY Medicaid proposal (R 13 40)

    - Self-help legal software illegal in Texas? (S 24 3:26, R 20 21)

    ? Federal Court holds that source code is a functional device (Peter Junger, R 19 88)

    h Intel "accidentally" sues potential partner, Via Technologies (R 20 38)

    1.33 Other Aggravation

    ..... Risks of whistleblowing:

    $h Edward F. Wilson, whistleblowing aerospace SW Quality Assurer fired, life threatened (S 11 3)

    - Roger Boisjoly fired after reporting O-ring problem that led to loss of the Challenger. (See Challenger, in SPACE, above.) (R 5 78, R 5 80, and R 12 40)

    - Ted Postol harassed after report downgrading Patriot defense shortcomings (See Iraqi scuds, under DEFENSE, above.)

    SVf$ Royal Navy battle software unsafe; whistle-blower fired (R 23 56)

    ..... Internet and on-line hazards:

    PH Sexual harassment suit against Univ.Wisc-Madison over computer use by an individual (S 22 4:29, R 18 83)

    i Sending the wrong message with flowers: interface risk (S 23 3:25, R 19 53)

    h A risk of not keeping Web pages updated (S 23 1:12, R 19 41)

    H Citibank sued for racist e-mail (S 22 4:29, R 18 83)

    $H Internet scams: beware of pyramid schemes, bogus services, misleading equipment sellers, frauds, work-at-home offers (S 22 1:22)

    @$SPH 2,300 credit-card numbers stolen from ESPN Sportszone, NBA.com (R 19 24).

    $H E-mail scam from "Global Communications": dunning notice (S 22 1:22)

    SH U.S. Intelligence agencies reportedly hacked into European systems (R 18 30)

    h Cutting off husband's cybersex leads to assault (S 22 2:20)

    P French police raid leading Internet service providers (R 18 21)

    SPh Danish government puts its own records on the Web, illegally (R 18 63)

    Se Intel LANDesk Manager reaches directly into networked workstations (R 18 59)

    SP Detroit man charged with e-mail stalking (S 19 4:12)

    P Gina Smith (ABC News) saga of e-stalker described in Commonwealth Club forum on privacy, 24 July 1997

    SHI Emeryville Ontario cyberstalker (Sommy) (R 19 08) turns out to be family's son (R 19 10,11)

    Vhi Risks of information (being and) not being on the Net: black holes (R 20 14-15)

    hf Risks in AT&T Wireless PCS text messaging problems (R 20 52-53)

    hi 50 million U.S. adults at risk for Internet illiteracy (R 21 08-09; S 26 1:18)

    hi Computers eroding Chinese culture and calligraphy (R 21 24)

    hi TV channel inadvertently broadcasts link to porn site (R 23 95; S 30 6:23)

    ..... Spelling checkers and misplaced correction

    *h Spelling corrector fingers Mafia "enforcer" as "informer" (S 12 4)

    h Spelling checker for massive drug abuse? Changes "payout" to "peyote" (S 17 3)

    h Risks of spelling checkers: goddamn for Goldman; NAUSEA for NASA; colada for collider; one product name for another! Wilted for WilTel; (S 19 3:11)

    - Mispeler: Kafka, Musil, Schnitzler to Kaffee, Muesli, Schnitzel (S 20 5:8)

    - "Notre Dame" trashed by grammar checker for use of "dame" (S 20 5:8)

    hi A spelling-checkered existence: WSJ says Tony Blair "eLabourated" (R 19 12)

    hi More spelling curiosities: semper fidelis corrected to semipro fiddles (R 19 34-36); html mangling of & character (R 19 35); Cambridge (UK) City Council letter (spelling-checked) begins, "Dear Sir or Madman" (R 19 50); Dutch spelling checker turns Campbell into kampbeul (camp bully) (R 19 65); Spelling checker converts General Engr to General Negro (R 19 97); More spelling checkerisms: "Pope Beautifies 10 more" (R 20 24)

    fhi More spelling checker uncorrections: Relying on them increases errors in study (R 22 64-65); Regelsatz replaced with Regenschutz (R 22 66); Reuters spelling checker repeatedly renames Amritsar to AmriCzar (R 22 71); "Jeff Jackboot" for columnist Jeff Jacoby (R 22 72); AP item on NYTimes site cited Justice Clarence Thomas referring to Turgid Marshall, instead of Thurgood, for a few minutes until fixed (R 22 73); MS.Mail changed Org Chart to Orgy Chart (R 22 73); References to Osaka bin Laden on the Web R 22 74) (some appear to have been fixed subequently)

    h "Sussex villages" corrected to "Susan villages" in quote of Finest Hour: The Battle of Britain (R 20 98)

    f Nick Atty addressed as "Mr. Attorney" (R 20 25)

    f Microsoft Word grammar checker suggests rigor mortis for school reviews (R 18 24)

    f Microsoft Office 97 automagically transforms Michael Steffen Oliver Franz's initials `msof' into `Microsoft Office' (R 18 79)

    h Etalfried Wedd's Loan Authorization, another name garbling (S 15 5)

    h More on word processor context edit garbles (S 16 2)

    h Newspaper search-and-replace: "back in the black" changed to "back in the AfroAmerican" (S 15 5)

    ih "tif" to "jpg" fix results in arjpgicial, idenjpgied in Sydney paper (R 18 24)

    hi More spellchecker woes, in Radford University sports pages (S 20 1:17)

    hi Enola Gay: Another text substitution (S 20 1:17)

    i More spelling corrector amusements (Internet to Interment, etc.) (S 21 2:19)

    - Limits of automated newsgathering: rugby position (hooker) confused with sex news (S 22 2:20)

    fh CNN report on Gary Shandling lawsuit names him as "Changeling"; spelling corrected? (R 20 47)

    i DNS directory use results in spelling corrector transforming "washtech.com" to "washes.com" porn site (R 21 37)

    i Spelling checker on London City Univ. department head's memo: CS changed to Chihuahuas (R 21 83)

    i Spelling corrector munged HP's 2002 annual report: David and Lucite Packard Foundation, Edwin van Pronghorns, Eleanor Hewlett Limon, and Mary Hewlett Gaffe, instead of Lucile, Bronkhorst, Gimon, and Jaffe, respectively (R 21 90)

    i Spelling correction: experiment becomes excrement courtesy of MS Outlook (R 22 42)

    ..... Automated natural-language translation

    f Systran French-English automatic translation oddities (S 15 1)

    i Problems with computerized "translation" of English to Danish (S 21 2:19)

    fh AltaVista translation interjects "communist" in Esperanto "Prague Manifesto" (R 19 51)

    f Yahoo! Mail transforms some words in attachments when displayed (R 21 27,29,34)

    fi MS Word saves omegas as W; electrical resistances become kilowatts (R 21 29,33)

    i More language woes due to translation from place names in German: Madeira split into Made ira, which was translated as larva Irish Republican Army; Isle of Man becomes Isle of one; Jersey becomes jersey (clothing, not the island). (Remember that in German, nouns are capitalized.) (R 23 61,62)

    ..... Name, number, word confusions (other than false arrests):

    rf U.S. Social Security Admin systems cannot handle nonAnglo names, affecting $234 billion for 100,000 people, some back to 1937 (R 18 80)

    hi? Minnesota State Senate candidate victim of photo "mistake"? (S 22 1:20)

    - Risks of hyphenaters as in e-mail or E-mail vs. hyphenhaters as in email and Email: confusions avoided with hyphens (R 17 95,96, 18 01-04) [Note: email is a perfectly good French word.] French Culture Ministry bids adieu to the word `e-mail', urging instead use of "courriel" (R 22 82)

    f Two John P. Taylors with same birthday get only one vote (S 17 4)

    $f FL health services computer glitches; two babies identified as one (S 17 4)

    $fi 1st patient with NO SSN, 9 months old, gets billed for many others (S 17 4)

    h Mistaken duplicate SSN accusation hits NH Congressman Bill Zeliff (R 18 38)

    $e Cygnus XI BBS phone number recycled to dermatological DB; unknowing access attempts by telecomm SW triggered 4 equipment confiscations (S 16 3)

    hi Living soldiers listed as dead on Viet Vets' Memorial; input error (S 16 2)

    - Computer (cash register) as excuse for poor restaurant service (S 16 1)

    Sf Microsoft Trojan horse in Office97 installation (R 19 29)

    i Fax program substitutes outgoing fax number for @a (S 21 2:20)

    h Bulk US Mail from CA to Switzerla ND delivered abroad [fraud?] (S 14 6)

    f Walter Jon Williams' SciFi novel glitched by letter substitutions (S 15 1)

    ih Spelling corrector blamed for changing ACLJ to ACLU (S 19 4:10)

    e/ih Library automation loses catalog detail; Madonna becomes Mary, ... (S 19 4:11)

    hi Spellchecker goes beserk; editorial maimed ("boss" changed to "DOS") (S 20 2:9)

    h LA Times splices two stories together (S 20 2:9)

    $h 40,000 copies of book printed from unedited file by mistake (S 15 2)

    fe Bible concordance program shuffles text; marvelous garbled text (S 16 1)

    $f Bank computer develops costly crush on Fionas (S 20 5:10)

    - Anglican Primate gets query on Primate Research; amusing response (S 17 3)

    h CDs mislabeled; Dead Kennedys shipped as religious discs (S 18 2:5)

    ($)m Effects of single-segment errors in digital displays (S 14 1)

    f Glowing letter of credit recommendation to `Bob A. Speake, Deceased' (S 16 4)

    - Truncations beget name change (Community College of the Finger [Lakes])

    h MS Mexico recalls offensive Spanish-language thesaurus (R 18 25)

    Hi Vanity e-Mail domain names (e.g., DukeU.com) rile college administrators (R 18 50)

    i More on European comma versus U.S. period in numbers (R 18 79)

    i Help-desk question on "Press any key": Where's the any key? (R 19 60)

    SPh Leftover phone numbers in supposedly new cell phone (R 20 15)

    ei INTUIT support line sold off to sex support line (R 20 15); domain name change results in URL pointing to porno Web site (R 20 17)

    hi Risks of 3-letter user IDs for free e-mail accounts (R 20 39-40)

    h Grave error! Automated survey mailing software reaches for The Occupier, Burial Ground in UK (R 20 05)

    fi Opera browser confuses Australia (.au) and Austria (.at) (R 22 36)

    hi(f?) Nasty bank screwup: two different trust accounts merged - different TINs, different beneficiaries, but same trustee and same first form line) (R 23 27)

    hi UNH alumni directory misreports 500 deaths (R 24 10)

    ..... File confusions, domain name confusions and misuse

    i Multilingual naming problems [if you remove the hyphen inserted to prevent filtering of this file]: powergen-italia (R 22 81-83); experts-exchange.com (R 22 83); who-represents.com (R 22 83)

    i Risks of naming files "core" (S 21 2:18)

    h Risks of non-portable configuration files (R 17 62)

    h Centraal Corp.'s browser uses single words instead of URLs; "bambi" was a bad choice, and led folks to a porn site! (R 19 63)

    hi VP Cheney cites the wrong URL (FactCheck.com instead of FactCheck.org) in debate, with surprising results (R 23 56)

    f Lynx 2.7.1 browser on mistyped URLs coerces http.org domain (R 19 42)

    i Risks of Internet keywords in searching on incomplete URLs (R 20 10)

    i Missing hyphen in URL nets similarly named porn site (R 19 63)

    fhi More cases of misaddressed mail: off-by-one letter in domain (R 20 35) and reused domain (R 20 37); and systems doing what they thought you meant, not what you meant, in Outlook Express (R 20 36-37); Dodgy automatic address book resolution reported using IE5/Outlook 98 (R 20 34), and a similar experience (R 20 36); confusion on MS Web site between versions of NT 4.0 Service Pack 4 and 5 (R 20 37); Flash BIOS chips needing reprogramming (R 20 35)

    hi Domain-name confusions (R 20 40)

    SH Panix.com domain name hijacking (R 23 69)

    SAh,h Linux banned after Samba misconfigation blocks NT authentication (R 20 61)

    f(H?) Fiji loses all year-2000 account info (S 26 6:10, R 21 50)

    e Removal of departed Washtenaw County MI employee loses supposedly unrelated Netscape Calendar events (R 21 54)

    hi The Washington Post's washpost.com domain registration expired; invoice was mishandled (R 23 18)

    ..... Tax problems

    $h David Brinkley gets erroneous $2137 penalty from IRS, retaliates (S 12 4)

    $h IRS computer issues illegal $47,000 bill (S 13 1)

    $h? IRS mistakenly sends Dickie Ann Conn $1B for $67K back taxes (S 16 2)

    fh IRS incorrectly warns 90,000 taxpayers of Nannygate delinquency (R 19 28)

    $drS IRS computer project a four-billion-dollar fiasco (S 21 4:12); IRS drops Internet Cyberfile tax filing plan (S 22 1:19)

    h/m? Multiple (16,000!) California tax forms mailed to some businesses (S 22 2:20)

    @$e SW patch adds $10-30 to 300,000 auto tax bills in Georgia (S 19 3:5)

    $h/m? San Francisco's property tax computer fails to send bills (S 16 2)

    $h/f? British poll tax tales: bill for £4M instead of 70; bill delivered to "Occupier" at a bus stop in Kent. (S 15 3)

    $f UK poll taxes uncollected; flaw in ICL Comcis SW; printout ruled invalid evidence, unitemized dunning notices rejected by court (S 18 1:10)

    f 1.3m-pound award against ICL for faulty poll-tax software (S 20 1:17)

    $fh Bug in MacInTax drops "other" income in recalculated tax returns (S 17 3)

    f 20 income-tax preparation programs give 20 different results (S 19 4:10)

    f Intuit TurboTax, MacInTax incompatible with Quicken data (S 20 3:9)

    SPf MacInTax security glitch leaves Intuit master system vulnerable (S 20 3:9)

    f Another MacInTax glitch (S 22 4:29, R 18 88)

    ($)f New problems with Intuit tax software for 1996 (S 21 4, R 17 75)

    $fh Tax-program bug causes $36,000 overpayment (S 18 3:A6)

    f QuickTax 97 miscalculates self-assessment taxes (R 19 30)

    @$Phi Identical database record names cause nasty tax problem in Canada (S 12 4)

    ..... Other false alarms and related errors:

    hi Errant weather alert: internal National Weather Service test accidently releases bogus blizzard warning (R 23 13)

    hi Two bogus Emergency Alert System alerts in two days: Nevada (wrong code to cancel Amber Alert) and Florida (code for radiological emergency entered) (R 23 96; S 30 4:24-25)

    Vm/f Emergency Alert System interrupts hurricane announcement, and crashes for 20 minutes (R 20 58)

    ..... Other cases of erroneous charges

    $f Qwest Wireless erroneously overbills customers by thousands of dollars; one bill was for $57,346.20 (R 21 55)

    fhi? Dutch energy company Eneco sends invoice for 2,144,607.90 Euros (R 24 36, S 31 6:23)

    $f Automated debit of $21,000 on water bill: "There's nothing we can do to stop it." (R 21 87)

    $(h?) $59,500 home assessment recorded as $200,059,500 resulted in 6.5% overstatement of the total county property value, and a more than $2.3 million shortfall in tax revenues (R 22 20)

    $f Holiday Inn decimal point disappearance overbills 26,000 people by factor of 100, blowing many credit limits (R 22 33)

    $m 800,000 cards overcharged at Wal-Mart stores; hardware problem (R 23 30)

    $fe Canada Post bills $310 million for 9 recent parcels allegedly dated from 1906 to 1928, resulting from merger of 60 different databases (R 21 50)

    $hi Man gets $218 trillion phone bill (R 24 24); COBOL program? (R 24 27,29,30,33)

    $hi Man charged $4,334.33 for four burgers: employee enters 433 on debit card payment, forgets having done so, reenters 433 (R 24 22-23)

    $hi How to lose 10,000,000 pounds: SWIFT saga (R 24 25)

    ..... Other cases:

    !f Hillsborough soccer computerized turnstile totals erroneously indicate space available, allowing serious overcrowding (S 14 5)

    ![H?] 8 deaths, 1 disappearance, 1 injury relating to Marconi systems (S 12 3) (ultimately 9 deaths) (S 12 4)

    !Vh False computer data shuts off home power; alternative kills girl (S 12 1)

    fm California government agencies' computers fail, cars impounded; Pac*Bell blamed (R 20 62)

    *f Briton survives "sea monster" attack due to computer glitch (S 19 3:5)

    Sf Overload caused Experian credit reports to go to wrong people (R 19 31)

    $hi TRW blows credit reports for everyone in Norwich VT; 1 input error! (S 16 4)

    $hi TRW false data misreports local taxes; TRW blames subcontractor (S 17 1)

    @$ TRW settles lawsuit with FTC, 19 states on privacy violations and erroneous data; improvements required, $300K payment (S 17 1)

    $fP Credit queries from shopping around can be cumulatively harmful (S 16 4)

    $f Casino blames $320,000 jackpot on malfunction, reneges on payoff! (S 16 1)

    $h Pepsi promotion .5M winners blamed on computer glitch (S 17 4)

    *h Wrong bar codes result in water shut-offs in Utah (S 14 6)

    f Nielsen snafu hurts cable network's ratings (S 23 1:11, R 19 37)

    $f Software error really messes up 'round the world yacht race (S 14 5)

    fh SW prevents correction of recognized Olympic skating scoring error (S 17 2)

    fi Computer scoring glitch at Olympic boxing: evident winner loses (S 17 4)

    f/h? Computer-generated sports scores recycle old results (S 18 1:11)

    $h $300,000 budget error downsizes Whig Standard (Kingston, Canada) (S 17 2)

    $hi Tax blunder undermines Belgian federal budget; filters disabled (R 24 42, S 31 6:23)

    *h Weather Service false warnings, disaster reports in live test (S 12 2)

    he Computer test residue generates false tsunami warning in Japan (S 19 3:4)

    *$hi Poor input data blamed for nonprediction of European storm (S 13 1)

    fi Limitations of mouse-based interfaces on disabled persons (R 18 87,88)

    *m Carrier control unit blamed for nuclear false alarm (S 11 5)

    f/m? Channel Tunnel syndrome? Train false alarm triggers evacuation (S 19 4:8)

    V Channel Tunnel closed in both directions on 20 Aug 1997, cause not reported (R 19 32)

    $df Bargain Harold's receivership blamed in part on computer problems (S 17 3)

    h British Telecom test computer wakes up customer at 4:30am daily (S 18 1:6)

    Vi Program conventions cause network outages, terminal crashes (S 18 3:A4)

    f/h? ADP flubs cause wrong shareholder votes, wrong labor stats (S 18 3:A4)

    Vh "Buffer overload" crashes network bridge: floor buffer! (S 22 1:19)

    $e Oklahoma computer system upgrade foulup delays payroll (S 15 5)

    f$ Washington State unemployment checks "delayed" (S 22 2:20)

    hi Larger type font causes key sentence at bottom of the page to be omitted from Queen Elizabeth's speech in Poland (R 17 95, 18 01)

    S PostScript printer chip Trojan horse? Password changed (S 15 5)

    $SHi Eugene Smith, 33, legally dead after impostor dies in accident (S 17 4)

    $h Customer declared dead by bank computer; effects propagated (S 11 3)

    $h Vancouver woman, dead to revenuer database, can't collect refund (S 13 4)

    $i Dutchman's death masked for 6 months by automatic payments (S 16 2)

    $i Computer-paid bills mask death of Swedish woman for 3 years (S 19 1:2)

    $h Auto insurance program misses 18,000 bad-driver surcharges (S 15 1)

    $ Montreal life ins. company dies due to SW bugs in integrated system (S 17 2)

    $f Comm delays: $1100 debit for aborted withdrawal, side-effects (S 12 1)

    fh New computer system duns students for loans not due (S 18 2:9)

    $i Keystroke "record" and "replay" accidentally reissues old orders (S 17 1)

    $f Swedish union fees miscomputed when salary over 32767 crowns (S 18 1:14)

    $h $63 data entry converted to $6.3M electric bill (S 16 1)

    $h Tampa electric issues bill for $5M instead of $146.76 (S 13 4)

    fhi Another large electrical bill (R 22 68)

    $h Wrap-around problems in meter reading cause erroneous bills (S 13 4)

    $h $22,000 water bill for almost 10M gallons; new_meter < old_meter! (S 16 4)

    $hif Another enormous water bill due to new meter installation (S 20 2:8)

    $hi Another bill for 10 million gallons of water totals $29,787 plus $43,581 for sewer usage; broken meter and presumably reader roundoff up one month and down the next (R 23 94; S 30 6:19)

    ef$ Water company software upgrade results in monster water bill and threats of penalties and interest (R 20 12)

    $fhi Computer error means 2.3-trillion-pound electricity bill (R 22 61); possibly the old =A323.19 million representing 23 pounds 19 pence? (R 22 62); similar problem in Victoria, Australia (R 22 64)

    $hi Student at U. New South Wales gets bill for more than $3M Australian - an amount identical to his student number! (R 22 59)

    f British Gas blames SW for sending 15,000 customers false warnings (S 19 2:4)

    $f/m/h? Computer error halts fuel payments for 1,128 people in England (R 22 61)

    $f Marks&Spencer Visa charges in Paris accidentally multiplied by 100 (S 17 3)

    $f 28 Krispy Kreme customers each charged exactly $84,213.60 (R 22 61)

    $f NCStateUniv computer mismatches names, addresses on 6000 bills (S 13 4)

    $SH Blue Cross/Blue Shield victim of computer generated prank letter (S 13 1)

    $f Democratic National Committee thank-you mailing mistitled supporters (The New York Times, 16 Dec 1984)

    f British NHS computer sent out letters to males with female names (S 12 4)

    eh Automated postal canceller blurts out unfortunate test message (S 17 1)

    f Red valentine envelopes unreadable by automated mail sorters (S 18 2:6)

    m Earthquakes: 3 of 5 reported never happened; microwave static (S 11 5)

    h Query of vacationing programmer starts beer panic (S 11 5)

    hi German parking violators falsely accused of war crimes (S 20 1:17)

    $fi Chicago cat owners billed $5 for unlicensed dachshunds. Database match on DHC (dachshunds, domestic house cats) with shots but no license (S 12 3)

    h Mass. state budget plan 50-page loss attributed to "Virus"! (S 16 2)

    fh Mass. jury selection computer issues multiple summonses (S 15 2)

    fi 8-year-old called for jury duty (R 17 91,92,94)

    $h Computer program misdirects 30,753 Minneapolis school children (S 12 4)

    $hr 887 Boston school assignments botched; lost tape, no backup (S 14 6)

    f/h? Newark NJ high school computer breakdown mangles class schedules (S 17 1)

    h Indian program to reroute bus lines trounced (S 11 5)

    $m Microwave oven erases comic's 3 years of personal computer data (S 12 2)

    fi System deletes a file; each step makes sense, but the result is broken (R 19 57)

    - Beware of bogus diploma mills on the Net (R 19 52)

    $ef University software development fiasco; academic record system cutover still not working properly after one year (R 22 57)

    h/f? Cornell mistakenly sends hundreds of acceptance letters to previously rejected candidates (R 22 60)

    h Univ. Central Florida did not cut off student registration (S 12 3)

    SH On-line class registrations deleted by other students at UBC (S 18 1:19)

    fh "Computer error" affects hundreds of UK A-level exam results (R 19 40)

    fmhi Scholastic Aptitude Tests (SATs) score problems: huge errors attributed to wet exam sheets misread by scanners (R 24 19,21)

    f British school examination program gave erroneous grades (S 11 5)

    f Faulty computer program blocks promotion of fifth grader (S 12 2)

    h Computer gives law student wrong exam, passes him, after disk fix (S 12 2)

    f Four students victimized by grade spreadsheet error (R 19 89)

    hi Danville CA students expelled due to misinterpretation of overloaded database fields (R 17 87-89)

    h Svensson's Tennis rankings affected by name confusion (S 16 2)

    m PC EncROACHment: advice on roaches invading PCs (S 15 5)

    mi "My DOS ate my homework" (Blame it on the computer!) (S 13 3)

    h? Saudi Arabian uses computer to organize harem; it runs him ragged (S 13 2)

    f Computer error blamed for French diplomatic fiasco (S 13 2)

    - Computer service selects ex-wife as "ideal" mate for divorced man (S 12 1)

    H Stolen disk and digital audio equipment affects Stevie Wonder concert (S 13 4)

    H Bogus messages inserted in bank statements, TELEXes, prescriptions (S 13 2)

    $f British Customs computer `loses' 35.6 million bottles of wine (S 14 6)

    $f Automated Maryland food stamp computer overloads, jams many stores (S 17 3)

    f Overly clever failsafe system shuts down Australian TV transmission (S 17 3)

    h Washington Post runs OLD stock prices; file-name confusion (S 20 2:11)

    fhi MIME-Messages: quoted-printable characters mess up URLs (R 20 40)

    $h Hot-metal print supervisor uses mallet on computerized typesetter (S 15 2)

    $h Closed-fist-like pattern observed in damaged keyboard (S 15 2)

    + In-flight PC battery recharging leads to shaver outlet disabling (S 17 2)

    fm Apple PowerBook portable computer battery problem (R 17 36)

    +/-? Sabbath restrictions bypassed by using extensive autotimers (S 15 3)

    - Effects of deaths of Tamagotchi virtual e-pets; more than just a game? Counseling available (R 19 20,36,37)

    hi Risks of PostPet Japanese game (R 20 28); MS Outlook 98 has similar risks (R 20 29)

    @- Various cases of gobbled bank cards noted above.

    @* Various false arrest cases noted below.

    f MIT system weather command gives "Temp: 2147483647 F (2147483647 C)"; yes, that's 231 - 1 (R 20 51-52); USA Today weather page: high of 577 F (R 20 58)

    ? NOAA radio +61 degrees F, wind-chill -64 (R 20 57)

    + NOAA satellite tracking system seen as having saved 4,500 lives since 1982 (R 22 53)

    $he $239M Lockheed Martin NOAA-N Prime spacecraft fell off cart, inflicted serious damage; bolts removed improperly from cart (R 22 91)

    f Kangaroo helicopter responses mess up Australian virtual-reality simulators (R 20 47,76)

    1.34 Calendar/Date/Clock Problems including Y2K

    ..... Y2K Manifestations: approaching 1/1/00

    $rfed Many of the following Y2K problems are the result of decades of collossal short-sightedness, in requirements specification in the first place, as well as throughout the development process. Note that in 1965 the Multics development effort recognized the 35-year-away Y2K problem and addressed it quite constructively, using a 71-bit date-time field lasting long after Y2K. The costs are staggering. The lessons that should be learned from this experience are profound. It is not just the Y2K remediation that is relevant - it is the entire software development process. [I have not even bothered to insert the new "r" descriptor in those cases below in which faulty requirements are obviously implicated!]

    f Discussion of date and century roll-over problems: Fujitsu SRS-1050 ISDN display phones fail on two-digit month (10); 1401 one-character year field; COBOL improvements; IBM 360 (S 20 2:13)

    f Year 2000? Don't forget 1752 and 30 February 1712; two references (S 20 5:11)

    $f Estimated costs of 1999-to-2000 date fix (S 21 2:16)

    $f When the Clock Strikes 2000: U.S. Fed Govt cost $30 billion? Only 70% to be fixed in time? (S 21 5:18)

    f$ More Y2K problems: Visa credit-card expiration-date problem and legal liabilities (R 18 63,74,75) $ Lawyers look forward to the year 2000 (S 22 2:23)

    f$$ Lots more on Y2K (R 18 74-80,82,83-84,87-88), including the unforesightful use of "12/99" as an out-of-band date flag (R 18 88); more on Y2K and other date/calendar/daylight arithmetic problems (R 19 02,03,06,08-12); costs to reprogram in UK (R 19 07); Y2K cost estimates worldwide now up to $600 billion (R 19 10)

    Vf More on Y2K: sliding window approach, year-2069 problem (R 19 13); (R 19 14)

    $f Y2K problem blocks UK divorcing couples from splitting pensions (S 22 1:19)

    ? Millenium fears lead to Virgin Birth insurance policies (in addition to alien impregnation policies) (S 22 1:19)

    SH Nasty scam exploiting Y2K authorization expirations (R 18 68)

    fde Y2K: Tcl 8.0 bytecode compiler Y2K risks; 00-38 now 2000-2038 (R 19 35-37); Y2K and C (R 19 37-38,40); non-Y2K problems with Java Date classes (R 19 38)

    Vfe DoD Global Command and Control System (GCCS) fails Y2K test (R 19 38)

    $ Y2K lawsuit: Produce Palace International sues Tec-America (R 19 29)

    - American Megatrends: "Year 2000 compliance means that the internal BIOS date and time clock will continue above the date 1999. It will not reset itself after 1999 to the date of 1980. It will continue to the date of 2099 before resetting to 1980." (R 19 60)

    H Y2K spam scam: jobs offered with no experience required (R 19 46)

    - Ottawa firm registers "Y2K" as trademark (R 19 47)

    f Freecell degenerates on erroneous date: Y2K and random numbers (R 19 48)

    f Potential risks of backup and recovery after Y2K (R 19 55)

    Vf PDP-11 Y2K leap-year bug with German clock board (R 19 56)

    f Risks of testing Y2K by setting clocks ahead (R 19 56)

    fe IRS Y2K fix threatens 1,000 taxpayers erroneously; IRS needs to check at least 62M lines of source code for Y2K (R 19 57)

    $f More on Y2K lawsuits: North Carolina contemplating suing computer industry (R 19 57); California legislation proposed to limit Y2K liability (R 19 59)

    f Canned-goods rejected with Y2K expiration dates (R 19 47,48)

    f Miniature Enthusiasts with Y2K expiration dates deleted from address DB (R 19 57)

    f Canadian guaranteed investment certificates with Y2K maturity vanish from DB (R 19 58)

    e Euro changeover makes Y2K bug look easy! (S 23 4:23, R 19 69)

    fh Gore congratulates 71-year-old Senator on birth of twins (S 23 4:23, R 19 64)

    $ffffe... As of March 1998, only 35% of Federal Agency computer systems checked for Y2K compliance, 3,500 systems remain (R 19 64); IRS to spend $1B (R 19 68); Effects on the aviation industry (R 19 64); Financial risks (R 19 69); Y2K in Britain (R 19 64); Y2K in China (R 19 65); Australian simulated results of effects on public health and public infrastructure (R 19 71)

    f Testing bugs that result from trying to test Y2K compliance, particularly when setting dates back to their correct value! (R 19 71)

    f Report that only 1/3 of popular Microsoft apps are Y2K compliant (R 19 68) with further clarifications (R 19 69-70)

    f Leap years: MS Excel 6.0 Office 95 version and 7.0 Office 97 version believe 1900 is a leap year (R 19 64)

    Vf Summer time: in Britain (R 19 64), voicemail backup system fails (R 19 67); in Germany, Deutsche Telekom adjusted clocks twice in Lübeck (R 19 65)

    f Year 2100 problems (AMI BIOS, R 19 60), IBM PCs and Network Time Protocol balk at 2100-Feb-29 (R 19 61,62);

    ? Fable of Y2K and 1979 Toyotas: shutdown if 00 in year field? (R 19 69,71); Computer insists on cataloguing Chateau Margaux 1900 as Ch. Margaux 2000 (R 19 67); Y2K and tombstones (R 19 61); Eagle Talons alleged Y2K problem (R 19 68) bogus (R 19 69)

    - Need for contingency plans, not just questionable remediation (R 19 85,88-89)

    fh$, etc. CIA worries about Y2K as an opportunity for hostile intent (R 19 84); Senate considers need for martial law after Y2K breakdowns (R 19 78); Potential Y2K railroad problems, with no more manual backups (R 19 84); Y2K risks to world shipping (R 19 82); Senate Y2K committee suspects power grid could collapse (R 19 82); Wells Fargo study shows millions of small firms at risk (R 19 77); Y2K insurance and financial risks (R 19 79); Swedish corporate insurance explicitly excludes Y2K (R 19 78); Y2K problem in Swedish personal identification numbers (R 19 74); Microsoft Y2K (non)compliance; Excel believes in 29 Feb 2000 and 29 Feb 1900, for Lotus 1-2-3 compatibility (R 19 73); More on Y2K forced-upgrade strategies (R 19 73); 102-yr old gets a birthday card for 2-yr olds (R 19 73)

    f$ SIR-C processor Y2K problem in shuttle imaging (R 19 81) and its economic implications (R 19 83)

    - Y2K priorities delayed security upgrades at bombed U.S. embassies (R 19 93)

    *$fd UK Railtrack (former BritishRail) has no safety-critical computer systems, because of past underfunding! Y2K preparations simplified by delaying upgrades! (R 19 90); UK Railtrack online timetable information has errors for holiday weekend schedules Xmas 1999 and NewYear 2000 (R 20 67); Railtrack running a year behind and £3 billion over budget in rebuilding London-Glasgow line, with workers being sent to Army training for discipline! (R 20 84)

    f Sloppy date handling in Perl scripts (R 19 88)

    + Wall Street test simulation gives good marks to 29 brokerage firms (R 19 89)

    $ No UK Y2K insurance for household electrical items (R 19 89); Canadian insurance not likely to pay off; also another 100+ year anomaly, from Rob Slade! (R 20 03)

    + Canadian RCMP blocks vacations to ensure Y2K emergency coverage (R 20 02); Wisconsin National Guard mobilizing (R 20 03)

    - White House calm, DoD nervous about Y2K (R 19 90)

    f Win98 date problem detected (R 19 91); occurs in 5-second window when booting around midnight (R 19 92)

    Sf Internet Explorer 4.0 instructions on how to bypass firewalls! (R 20 01-02)

    fe IE2 cannot read www.microsoft.com for upgrade (R 20 55)

    f Y2K risk in Javascript cookies despite 4-digit standard (R 20 01)

    Vf Consignment of corned beef with intended expiry 2001 rejected as too old: appears as 1901 (R 19 92); cf. the leap-day Xtra supermarket meat problem, below! (There's more than meats the eye.)

    $SPH Business Software Alliance finds 1400 unlicensed software copies in Los Angeles Unified School District, valued at $5M? (R 19 92)

    $ Clothing retailer sues for cost of non-Y2K-compliant 1991 system (R 19 94)

    Vf$ Product Palace settles with Tec America over Y2K-noncompliant software: entire system crashed on single 00 credit-card (R 19 96)

    fe Saga of another Y2K bug, after being "fixed", a letter dated 3 Aug 2098 sent mistakenly to half-million recipients (R 19 95)

    + Y2K problem resolved that had threatened the production of scotch whiskey (R 20 03)

    f New Vancouver Hospital pathology system default misses updates to patient files for many months (R 20 23); CORRECTION (R 20 30)

    - 400-year-old time machine (in Liverpool museum) to suffer from millennium bug: time runs out at year 2000! (R 19 79,81)

    + Memo on Y to K conversion: Januark, Februark, ... (S 20 23:, R 20 21)

    *$ Y2K-related panic may be more serious than Y2K computer problems (R 20 11)

    fH DoD Special Weapons Agency falsely claimed successful Y2K tests on 3 or 5 critical systems (R 20 10)

    $(f?) Hospital spends $700K on new digital nuclear medicine machine because vendor would not certify Y2K compliance of well functioning analog machine (R 20 10)

    *f UK MoD admitted that Rapier anti-aircraft missile was not Y2K compliant (R 20 13)

    $f 1 Jan 1999: Y2K hits Singapore and Swedish taxi meters (R 20 15)

    f Windows/Visual C++ daylight saving cutover one week early on 1 Apr 2001 (no fooling!), affecting 95,98,NT (R 20 15-16)

    ef Enator AdeEko Y2K update turns Malmo Sweden seriously disrupts city's bill paying (R 20 18)

    +? China contemplating making all airline executives fly on Y2K boundary (R 20 17)

    fm Store Baelt Bridge not Y2K-safe (R 20 22-23)

    h 2,000 Texans get false overdraft notes from Bank One in Y2K test (R 20 13)

    h Y2K "fix" test results in traffic offenses dated 2097 (R 20 21)

    $h PSE&G Y2K test of billing program results in false billing (R 20 23)

    - As of early 1999, GAO report says U.S. states lagging in Y2K readiness (R 20 20); CIA predicts serious Y2K problems around the globe (R 20 23)

    *h VPA's Peach Bottom nuclear-power Y2K-check crashed monitoring systems (R 20 24)

    fh Boston bank's Y2K problems blamed on IE5, but apparently not! (R 20 25)

    +? Sri Lankan Banks to close on 31 Dec 1999 for Y2K tests (R 20 25)

    SH Scam using Y2K bank problems as bait

    eh Pilgrim nuclear plant Y2K readiness questioned by NucRegComm (R 20 40)

    + Standards needed now for Y10K? (not April Foolery) (R 20 30)

    f Nottingham weather images dated "FEB 28 2000, 2330" and "FEB 28 2000, 2400": Y2K leap-testing? (R 20 42)

    Vf Y2K test knocks out Fiji's telecommunications (R 20 43)

    f Downloading Y2K fixes to Internet Explorer leads to clock problem (R 20 42)

    *f Y2K test sends sewage flowing in Los Angeles (R 20 46)

    S Another Y2K scam (R 20 51)

    Vfe* London Electricity Y2K upgrade left 2000 customers without power for days (R 20 54)

    +P Canadian govt recommends encrypted e-mail (R 20 54)

    ? Y2K in China (R 20 55); Indonesia: wait to see what happens in New Zealand and fix it quickly (R 20 58); Iraq decides to wait and see on Y2K oil disruption; concerns that oil nations are not ready (R 20 62)

    f$ Northwest Metrology stung by Y2K bug (R 20 56)

    f? Unix needs 10th decimal digit for timestamp on 9 Sep 2001; risks of format problems? (R 20 58)

    f Unix billion-seconds hits medical archiving application fixed-length label (R 21 69)

    f Bank switch to 4-digit years blows up on 1 Oct 1999, with 10/01/1999 truncated to 0/01/1999 (R 20 59)

    SHf FBI warns some Y2K fixes may be suspect (R 20 61); general concerns over Trojan horses in Y2K-remediated code

    fe NT, SP5, SP6 Y2K problems (R 20 62)

    f Maine year-2000 vehicles classified as "horseless carriages" from 1900 (R 20 63-65)

    f Cornell University registration system welcomes students to the spring 1900 semester (R 20 64)

    $? Businesses could owe millions for Y2K sliding-window fix if 1998 patent holds up, despite this being an old technique (used at least in the 1960s) (R 20 65)

    $ Microsoft Y2K liability claim: "... Microsoft does not warrant or make any representations regarding the use or the results of the use of any Microsoft Year 2000 statement in terms of its correctness, accuracy, reliability, or otherwise." (R 20 65)

    $efh Irish telephone network upgrade failed, backup failed, caused domino propagation in Dublin; independent cell-phone system failure; outage brings Y2K fears of lack of disaster recovery (R 20 66-67)

    efh $.5M fire-station fire blamed on Y2K computer fix; breaker disabled due to Y2K incompatibility (R 20 66)

    efh IEEE standard Y2K compliance attained by rendering software unusable (R 20 67)

    SH Flagrant antisocial behavior of Y2K virus competitions promotions (R 20 68)

    SH Y2K-related viruses: Worm.Mypic (R 2067), W95.Babylonia and others (R 20 69)

    fm Y2K test takes out all power in German Department of Justice, 11 Dec 1999 (R 20 69)

    $H Y2K fears lead Philippine man to withdraw his life savings, then robbed of everything (R 20 69)

    fff Australian Y2K readiness news page clock sticks at 31 Dec 1999 23:56:15, then 15 Dec 1999 00:23; New Zealand airport Web site update time-stamped 1 Jan 100; in Y2K test, Henderson NZ clock flashed "GAME OVER" at midnight; 20,000 UK credit-card machines incapable of coping four days before Y2K, with settlement date in 2000; Pentagon DefenseLINK Y2K info site accidentally disabled; Oakland CA 911 system not Y2K compliant, prioritizes earliest calls (seemingly from 1900); glitch with NIST's Automated Computer Time Service; Wells Fargo CD renewal notices dated 1900; many digital certificates expire with Y2K because old browsers could not accept 2000; date field called Shirley harder to detect; risks of last-minute FAA HOCSR patch

    ..... Y2K and Similar Manifestations: on and after 1/1/00

    f,h,e Y2K dates: Numerous cases of 1 Jan 100, 1 Jan 19100, Jan 1 2100. An Australian online media news gateway had 3 Jan 3900 on 2 Jan 2000, while appple.com and happypuppy.com should get a prize for year 20100, which beat out the U.S. Naval Observatory calendar with the year 19,000 and others with 19100. Amazon announced a Sonic Youth CD would be available on 10 Oct 2011. Startrekcontinuum.com noted the next Voyager episode would air on 1 Jan 1900. *The New York Times* Website said 1 Jan 1900. Compaq sites said it was 2 Jan on 1 Jan. Several counts of time until Y2K went negative in funny ways. An old 486 PC reset its clock to 4 Jan 1980. The atomic clock at UK's NPL read 31 Dec 1999 27:39 UTC at 2:39am GMT (off by an hour, at that). Various Web sites were hacked. www.2600.com had a humorous spoof. Toronto abandoned its on-line bus information service at midnight because it was not Y2K compliant. (R 20 72)

    feh A Pentagon computer system processing satellite intelligence data lost its capabilities at midnight GMT, for 2.5 hours, due to preventive human mistake (R 20 72); data from 5 satellites was reduced to a trickle for several days (R 20 75)

    f Automated New Zealand radio station repeats 31 Dec 1999 11pm news hourly, due to 99 > 00; Nokia phone not Y2K compliant?; effects on mobile and phone nets; more on cost of Y2K fixes vs. preventive measures; Filemaker Pro; Word Perfect 5.1 and medical transcription; lots more on bad arithmetic date programs, including Javascript problem; X-10 controller; New York Times correcting 102-year-old issue number glitch; nuclear-power glitches; Win95 Y2K bug?; California DMV snafu; ftp date problems; Talking Clock; count-down to Y2K programs go negative (R 20 73)

    f Y2K: repeated billings result from uninstalled fix; Bills for 100 years back interest; Sprint PCS network problems at Y2K; MKS Toolkit Y2K glitch: next backup 9 Jun 2005!; Barbara's Cereal expires July 1900; driver's license expires in year 1000!; NTSB website has Y2K test data mixed in with real data; Bogus message in live service for Quicken 2000; With stepped-up Y2K wariness, NAI WebShield blocks RISKS issues (R 20 74)

    f Newborn Y2K baby birth certificates dated 1900 (R 20 76); Satellite orbit predictor software fails (R 20 76); Flight Sim 2000 Professional Edition (R 20 76); abcnews.com continued copyright year of 1999 (R 20 78)

    $f New Y2K Tulsa County Court computer system fails for weeks thereafter (R 20 81)

    $f Nevada man registered his car late, billed for $378,426.25, accrued interest since 1900 (R 20 84)

    f Commentary on Lessons of Y2K by Toby Gottfried (S 25 3:18-19, R 20 77)

    *fm Berlin Fire Department dispatching system Y2K problem (R 20 75) also a Leap-Day problem; caused by faulty network cards (R 20 82) Y2K bug as well? (R 20 84); Yes, Y2K fix failed: date incompatibilities because of leading zeros (R 20 93; S 26 1:19-20)

    f Fax driver/app "Delrina WinFax Lite 3.0 Fax Administrator" can't recognize years 00 to 09 as the send date; Starfish Sidekick98 Y2K bug; Kremlin press office cannot send e-mail after Y2K (R 20 75)

    f Yet another Y2K bug in Jun 2000! (R 20 91)

    fh 54-week anomaly in American calendars every 18 years (R 21 19), but not in Europe and elsewhere; ISO standard 8601 (R 21 19-21,23);

    Vf Norwegian trains halted 31 Dec 2000 (R 21 18, S 25 2:11; also R 21 19,21)

    Vf 7-Eleven unable to process credit cards since 1 Jan 2001 (R 21 18, S 26 2:11)

    f Y2K+1 bug in Sharp Organizer? (R 21 18 S 25 2:11, also R 19,21,23,25)

    f In 2001, Oregon's Multnomah County residents summoned for jury duty in 1901 (R 21 20)

    f Motorola flex page blew 2000 (R 21 09)

    f Postscript Jan 2001 monthly calendar off by several days (R 21 19)

    f Millennium clock has a millennium bug (R 21 20)

    f Y2K-leapyear hangover: CDMA GTE wireless date 31 Jun 00 (R 20 92)

    American Express bill date confusion beginning Jan 2001: Y2K aftermath (R 21 24,25)

    Merlin travel-agency system credited Jan 2001 reservations to Jan 2000 accounts, affecting 200 agencies (R 21 25)

    Extreme Ultraviolet Explorer (EUVE) satellite launched Jun 1992 lived until 31 Jan 2001; planning system failed on 1 Jan 2001 - because the legacy data solar/lunar/planetary ephemeris file extended only to 31 Dec 2000 (R 21 21)

    Failure to bill pet fees cost Toronto $700,000 in 2000; Y2K problem? (R 21 24)

    f Y2K flaw blamed for Down's Syndrome test errors; four positives went unnoted (S 27 1:10, R 21 67)

    $fe Y2K malady lingers on in Brevard County, Florida: cities must repay county over $1M in erroneous disbursements (S 27 3:8, R 22 04)

    f 1 Jan 2003 Yorkshire Evening Press front page dated 1 Jan 2002: short-sighted hard-coded JavaScript calendar date fails! (R 22 45,51)

    f? Y2K bug at Macdonalds: July 1903 use-by date on birthday cake (R 22 70)

    f Y2K still around in 2004: the date on 23 Dec 2004 is "Jeudi 23 décembre 104"; See the ECMAScript and subsequent discussion (R 23 63-64; S 30 2:22-23)

    fhi Javascript Y2K glitch on 1 Oct 2005: October 1 105 (R 24 06; S 30 6:20)

    f Year 2106 and 2038 problems in Unix (R 19 15); year 65,536, leap seconds, UTC vs TAI (R 19 16); DEC OpenVMS expired on 19 May 1997 (R 19 18); clock synchronization (R 19 18); Java Y2K problem arises in the year 292271023 (R 19 21)

    f POSIX time counter expires one bit early on 9 Jan 2004, instead of 2038. breaking Pro/ENGINEER, Pro/INTRALINK, Windchill products (R 23 12; S 29 2:11)

    fe More calendar arithmetic problems: time_t wrap-around in 2038, (R 23.12-13,16);

    h Rotorooter schedules advance appointment in new year as an emergency: dispatcher omitted year (R 23 09; S 29 2:11)

    f OCLC interlibrary loan system rolls over 130th time, record numbers only 6 digits (R 22 95; S 29 2:11)

    ..... Leap-Year Problems:

    f Clock problems - Leap Day, end of century, etc. (S 13 2)

    f 1988 leap-year: Xtra supermarket fined $1000 for one-day overage on meat due to program skipping 29 Feb

    f 1992 leap-year problems: 29 Feb invalid but 1 Mar gets correct day; Prime's MAGSAV fails, probably because one-year expiration date 29 Feb 93 invalid; Imail dies worldwide; UUPOLL on MS-DOS due to bug in Borland C++ 2.0; Windows 3.0 locks up on mktime call; glitches in watches; Iowa state liquor licenses expired on 28-Feb, new ones started 1 Mar; leap day waivered. (S 17 2)

    f Airport parking bill for $3771 at $11/day with time-in 30 Feb 92 (S 17 2)

    $Vf 1992 leap-year-end clock bug blocks ATM machines on 1 Jan 1993 (S 18 2:11)

    f Many more calendar, date, and time problems - particularly surrounding Leap-Day 1996 and 1/1/00; Arizona lottery downed, insurance policy problem, leap-year algorithms, Excel 5.0, WIN95, and lots more; Persian gulf support problem; the business of fixing the year 2000 problem The length of the tropical year at present is about 365.24219 days. The present algorithm (not if divisible by 100 unless divisible by 400) works out to 365.2425 days, with an error of three days every 10,000 years. Expect a closer approximation in another few thousand years. (S 21 4:15-16)

    $Vf Leap-Year software bug at Tiwai Pt aluminum smelter halts potlines, costs NZ$1M (S 22 4:29, R 18 74)

    f time_t offset from 1900 in C led to leap-year mistake on 2000 in Plan 9 (R 20 31)

    f Leap-day 2000: Digital Casio wristwatch changed from 29 Feb to 30 Feb; Sony SLV-940HF VCR (which picks up date/time via cable) showed Tue 29 Feb 2000 as Monday 28 Feb; Washington Checkbook magazine sent out erroneous subscription renewals to subscribers on 29 Feb 2000 (R 20 83); bank fails to post check on 29 Feb 2000, even though it honored it (R 20 85)

    fh Risks of Leap Years and Dumb Digital Watches (quadrennial posting by Mark Brader) (R 23 24)

    f Another date error: Lotus/Visicalc compatibility: dates stored as days since 1 Jan 1900 off by one, because 1900 was assumed to be a leap-year! (RISKS-21.78)

    f Newly tested Amtrak update installed ahead of scheduled 1.5-hour outage fails - it's Leap Day! (R 23 25)

    f Pontiac Grand Prix 2004 leap-year bug (R 23 29; S 29 5:14)

    fhi?($) Yet another leap-year error in 2004, but not 2000! Toronto Dominion Visa bill (R 24 13)

    fi Swedish Apple Snaps, "best before 29 Feb 2006" (R 24 11)

    ..... Summer Time (and the livin' is queasy):

    @$fe GTE Sprint billing errors from botched daylight savings cutover (S 11 5)

    @Vhf Daylight savings time changeover halts train for an hour (S 15 3)

    f Hawaii not on daylight time; off-island program messes up rush-hour (S 17 3)

    i Some UNIX systems missed daylight savings end (US/Pacific-New) (S 18 1:5)

    f More daylight savings time problems (R 18 02-05)

    fi Windows 95 daylight saving confusion in Sweden (R 18 50)

    *f Summer-time cutovers splatter molten ingots, down police system (S 18 3:A4)

    f Daylight-savings: falling back 1997 - VCRs, Interac ATMs, Win95 (R 19 43,44)

    f New remote-synch radio clock blows daylight savings changeover (R 20 03)

    f Another VCR Summer Time screwup (R 20 29)

    !h Terrorist bombing botched due to daylight time difference between Israel and Palestine (R 20 58)

    f Two more daylight savings time problems (R 21 09)

    h U.S. spring 2001 daylight savings cutover on April Fools' Day (R 21 31,34)

    f Deutsche Telekom spring 2001 daylight cutover messed up (previous week) (R 21 34)

    f "Reflection from WRQ" package at Fermilab blows third-party Windows NT Kerberos authentication on Daylight Time cutover, 2 Apr 2000 (S 26 4:11, R 21 33)

    fh Super-accurate atomic-clock display goofs, losing an hour each Sunday after DST in April 2001; Y2K aftermath (R 21 55,57)

    fhi clocks set back a week too early: EU confusion over fourth vs last Sunday in October 2004 (R 23 58,59; S 30 1:15)

    f Comcast cable daylight savings change over problem (R 23 84)

    hi Risks in Congressional proposal to change daylight savings cutovers in the U.S. and similar problems (R 23 94-96, R 24 01); final version of legislation defers change to 2007.

    e Proposed U.S. Daylight cutover changes (R 24 09)

    ..... Other Calendar-Clock and Counter Problems:

    ???? TEASER: Akin to the Y2K problem, are we anticipating an IPv16 problem? (There is one hex-character field for the IP version number.)

    fe IPv6 addresses too big to fit in existing software; another Y2K-like incompatibility? (R 22 81)

    f Risks of leap-second corrections at Y2K (R 20 71)

    f Motorola Oncore GPS receivers misdisplay date at midnight UTC 28 Nov 2003 during leap-second, exactly 256 weeks after previous leap-second (R 22 94)

    - Risks of First UTC Leap Second in 7 Years (R 24 02)

    Vf GPS rolled over to 6 Jan 1980 at the end of 21 August 1999 [leaping back 1024 weeks] (R 18 24); More on older GPS receivers with 10-bit week-counter rollover on 21 Aug 1999 (R 19 73); Pioneer recalling GPS receivers (R 19 80) British Civil Aviation notice on GPS receiver rollover on 22 August 1999 after 1024 weeks (R 20 07) GPS clock rollover affected Tokyo taxicabs (R 20 55), the yacht Tam-o-Shanter (R 20 55), and some DoD weapons systems (R 20 62). Pioneer adapted or replaced 210,000 of 270,000 GPS receivers (R 20 55); GPS Selective Availability for degraded precision no longer in use, announced 1 May 2000 (R 20 88)

    f TruTime leaped forward 1024 weeks around 1 Jan 2002 (R 21 84)

    i? What Time Is It? Atomic clocks, GPS, others differ (R 22 83)

    $h Human input error on year causes $49-million error for NJ food stamps (S 24 4:27, R 20 28)

    Vf Swedish passport system and Swedish Giroguide both fail on "99" (R 20 14)

    fh Y2K-like problems include stop-codes such as 9999 (9 Apr 1999 is the 99th day of "99"), 99999999, etc. (R 20 14)

    f$ 9/9/99 was mostly a non-event, although it resulted in a non-critical medical app failure (R 20 55) and an accidental deposit of $160K (R 20 60)

    hm Japanese MARS rail-ticket system crashed due to customers wanting tickets bearing an 11/11/11 11:11 time stamp on 11 Nov 1999, year Heisei 11 of the current emporer (R 20 65)

    Vf Swiss hospital computers crash on 1/1/1999 (R 20 16)

    f Quicken'99 divide-by-zero bug on Jan 1999 dates in Auto category (R 20 16)

    f Clock-setting algorithm gets wrong time; other clock problems (S 11 2)

    f Hidden horrible bug in Grapevine mail system lurks for 5 years (S 12 1)

    *f 100-year-old's age computed as 0, license renewed without test (S 15 2)

    fi Kindergarten recruiting for born-in-'88 invites 104-year-old woman (S 18 3:A3)

    fi Insurance co. requests first-year checkup for 101-year-old woman (R 16 32)

    $f Auto insurance rate triples - man turns 101 (= 1 mod 100) (S 12 1)

    f Born in 1899, 103-year-old man is told to bring parents for eye test; a Y1.9K problem, not a Y2K problem (R 22 20)

    f 106-year-old woman born in '97 summoned to start school (R 22 58)

    f Democratic bug in AppleLink in Chile, reserved word "General" (S 15 3)

    f Apollo workstation date bug coming soon (S 22 4:30, R 18 78)

    Vf Windows 95 will crash in 2038 (R 18 84)

    f AOLServer fails on 12 May 2006; Y2038 bug strikes early (R 24 34, S 31 5:18)

    f Microsoft Outlook e-mail Word problem (R 19 23)

    f Thanksgiving misplaced in Microsoft Outlook 97: better check your calendar! (S 23 3:24, R 19 46:47)

    f Microsoft Outlook 98 reschedules Memorial Day 1999 (R 20 30) and 2 UK bank holidays (R 20 32); not Y4.501K compatible (R 20 31)

    fi Design flaw in MS Outlook/Word save procedure? (S 23 3:26, R 19 55)

    f Outlook Express date parsing problem: 2099 by mistake, but displayed as 1919 (R 20 24)

    fi Confusion of Microsoft Outlook shifting times with timezones (R 20 11-12); Windows 95 changes date without confirmation (R 20 13)

    e Melbourne hopital system upgrade took four years: system could not handle patient numbers over six digits! (S 27 3:8, R 22 03)

    V Multics crashes on Bernie Greenberg's 45th birthday; Bernie never anticipated Multics would still be running! (S 20 5:11)

    ehi Dartmouth Time Sharing System: Beware the Ides of March, 1970s (S 21 2:16)

    Vf Misdeclared variable type overflows term program on 26 Oct 1993 (S 19 1:4)

    Vf Microcode bug downs Tandem CLX clocks at 3pm 1-Nov-1992; detected in New Zealand/FarEast, fix available before it could hit Europe, US (S 18 1:5)

    Vf Every MTS shuts down: 2**15 days from 1 Mar 1900 to 16 Nov 1989 (S 15 1) @*f 100 hospital computer systems die; 2**15 days after 1 Jan 1900 (S 14 6)

    f National Semi chip flaw persisted, 1987-1990; skips a day (S 16 1)

    Vf NOS/BE clock failed after 2 years when the system 1st was up 24 days! (S 16 2)

    VSf Security bug hung Tandem systems worldwide 27Aug91, 4:22pm local (S 16 4)

    f Errant `timed' propagates effect, wrong date then skips 2.8 years (S 17 2)

    f AT&T PC date problem in AT&T 6300; 5-year max lifetime assumed! (S 17 2)

    Vf MOSS graphics systems crash on 15 Jul 1993 worldwide (S 18 4:3)

    f Ball Aging Analysis SW clock bug prevents plotting of new data (S 19 2:2)

    ehi A glitch in time shaves U.S. Naval Observatory (S 21 2:16, errata R 17 65)

    hh Erroneous bank-clock coincidence puts wrong photo on Crimestoppers (S 21 2:16)

    @M Clocks leap forward gradually. Power line interference! (S 16 2)

    Vf Hospital computer crashes every midnight at midnight until 00:15 (R 19 25)

    mfe AOL off line for two hours 29 Oct 1997 (R 19 44); AOL e-mail outage due to software, 3 Nov 1997 (R 19 45); more AOL e-mail outages, 18 Nov 1997, Internet outages 19 Nov (S 23 3:24, R 19 47,49)

    Vf Windows 95, Windows 95 OEM Service Release, Windows 98 hang after 49.7 days (= 232 milliseconds, Vtdapi.vxd problem) (R 20 24)

    f Overzealousness problem in Access on location-dependent date interpretation (R 20 31-32)

    f/m/h? Date failure on weather.com: 28 Apr not 16 Sep (R 20 58)

    f Fox network misprograms time on US VCRs for a year (R 20 95)

    German digital certificate expiration on 4/5/01: April or May? (R 21 34)

    Northwest Airlines Web site departures: 12:40am departures sorted as 12:40pm (R 21 35)

    f Date screwup in Visual Basic (S 27 1:10, R 21 74,76)

    f Outlook for Thanksgiving 2001: a week late in some versions (R 21 69)

    i- Calendar reminder service suggests gifts on death anniversary (R 21 37); another sends notification of cancellation of status as boyfriend (R 21 40)

    hif Networker backup software mislabels tape dates (R 22 49);

    hif Amazon offers new 2003 book showing release date of 31 Dec 1969 (R 22 49)

    f Moscow ML fails because of time overflow bug, rendering HOL unusable (R 23 13)

    hfm Two human errors silenced Los Angeles area airport communications; routine reboot forgotten, Microsoft 49.7-day flaw strikes, backup system fails (R 23 53)

    f Canvas 3.5 Mac Year-2004 bug (R 23 50; S 30 1:15)

    f The new NASA calendar for Space Station: "The following ISS sightings are possible from Mon Dec 20 to Sat Jan 32." (R 23 63; S 30 2:23)

    f Another calendar error: month prior to Jan 2001: Dec 3900 (R 24 14)

    1.35 The Game of Chess:

    SP Sealed chess move disclosed? Karpov-Kasparov authentication glitch (S 16 1)

    mi Deep Blue, Deep Trouble: ACM Chess Challenge glitch (S 21 4:14)

    hi Deep Blue in Deep Foo in first Kasparov match; chess board position A3 fat-fingered and interpreted as command `3', necessitating reboot and loss of 20 minutes (transcript in R 18 78);

    +-? Deep Blue beats Kasparov in second match (11 May 1997); long-term risks to the sanity of chess masters and the future of mankind?

    1.36 Miscellaneous Hardware/Software Problems

    f "My Hairiest Bug War Stories" (Communications of the ACM, April 1997, pp. 30-37) on debugging, including a program that worked correctly only on Wednesday, because the overwritten 9th byte was supposed to contain a `y'! (R 19 09); more examples in (R 19 10,11)

    h More computer-is-never wrong tales (R 19 07,08); mad-cow disease database trusted more than reality (R 19 11)

    P? Private Dead Sea Scrolls computer-reconstructed from concordance (S 16 4)

    f IBM de Mexico pays Mexico City for failed database system (R 19 89)

    $f Microsoft, IBM dispute faults in each other's products (S 16 4)

    fe Defects in Microsoft Word for Windows remained unfixed (S 17 4)

    f Windows 3.11 data loss problem in vcache (R 17 80)

    f Risk of 16-bit MIS-Access installed on WFW or Windows 3.1 (R 18 65)

    fe Risks of installing old SW on new systems in Microsoft Windows (S 20 3:10)

    Vf Windows 95 late-night sales cause midnight cash-register crash (S 20 5:11)

    f WinWord 6 "feature" and discussions of compatibility problems (R 18 70,71,72)

    f(*) File-conversion errors between WordPerfect and Word: 1/4 becomes 3; two problems involved, discovered at Hanford (R 20 35)

    h Inconsistent reception of e-mailed MS Word documents causes problem (R 20 03)

    mhi Risks of keyboard shortcuts in Windows: kitten on the keys (R 24 05,06; S 30 6:19)

    fhi Windows delete command can fail silently (R 24 06; S 30 6:19-20), more (R 24 07-08)

    Vm Microsoft TerraServer unavailability ("The world's largest online database!") (S 23 3:26, R 19 84)

    f Microsoft Web site denies access based upon Windows regional settings (R 20 03)

    f Side-effects of installing Microsoft's Media Player (R 20 03-04)

    f C compiler vs editor compatibility: WYSI not always WYG; different definitions of "newline" (20 39-40)

    - Risks of PC changes without changed model numbers (R 18 70,71)

    Vfi Quark XPress trims Unix >> to >, overwriting the file (R 20 13)

    Seh Risks of upgrading a UNIX system without rebuilding privileged apps (R 20 39)

    f Insidious SQL interpreter bug messes up files; don't forget patches (R 20 03)

    hi Discussion of = vs == (R 20 18,21-22)

    fi MapQuest Do-What-I-Think-You-Mean risk (R 20 37)

    if Anomalies in Microsoft driving directions (R 20 62-63); More: NJ to Atlanta via Canada; Delorme ignores Canada; (also Amtrak's on-line trip planner suggests Portland to Seattle via Chicago and LA) (R 23 20,22)

    $hi More route map software problems (R 23 67)

    f More MapPoint routes: Norway to Norway via 6 other countries (R 23 67; S 30 3:28)

    fhi UK North East Ambulance Service: over-reliance on satellite navigation causes near-tragedy; road too narrow (R 24 29,30, S 31 5:18); Another case: coach led down narrow lane, stuck in the surrounding brush (R 24 40, S 31 6:27)

    f AutoRoute Express 2000 Weekend Watchdog problems (R 20 39)

    Sfi Extensive discussion on inconsistencies in context-sensitive wildcard interpretation, special characters, and file-name conventions (R 17 73-79)

    i Confusion in page layout commands (R 20 14-18)

    fhi Risks in incorrect software warnings and alerts (R 20 13)

    f McAfee's PC Medic 97 Deluxe QuickBackup incompatibility (R 19 91)

    h Smoothly running missing network server Univ. of North Carolina found 4 years later - accidentally sealed behind a wall (R 21 35)

    ..... System and computation problems:

    f Harvard Mark I register least-significant digits interchanged on input AND output, no effect unless carry propagated; not caught for MANY years.

    $fm Flaws reported in Intel 486 chip (COMPAQ found it) (S 15 1)

    $f Three flaws in Advanced Micro Devices 29000 32-bit RISC chip discovered only in revision D: problems in instruction burst mode, exception handling priority, data-access exception. Workarounds were found. (S 15 1)

    $f Pentium FDIV bug discussed in RISKS-16.57-69,81, summarized in SEN; flaw in table, not algorithm (S 20 2:9)

    $f Time-bomb ticks in noncompliant no-name Pentium motherboards (R 19 13); further flaw detected in Pentium II and Pro - approximately 140,739,635,839,000 floating-point numbers affected (R 19 14); (R 19 18)

    m New Pentium flaw enables user-mode program to lock up the system (R 19 45); preventive fixes in operating systems, software (R 19 46,47)

    f New Pentium III chip recalled (R 21 04; S 26 1:21-22)

    - Centaur IDT-C6 Pentium-compatible: "exacting proof of correctness" results from tests on PC OSs because of their complexity! (R 19 25)

    f Errors discovered in Affymetrix GeneChip database (R 21 36)

    $hi TransAlta Excel spreadsheet clerical error causes $24-million loss (R 22 77, S 28 6:8-9)

    f$ Microsoft Excel linked-spreadsheet bug blows balances (S 20 2:8)

    f New Microsoft Excel math bug (feature?): 1.40737488355328 = 0.64 (S 20 5:11) and still more in (R 17 38,39,40); floating-point problems consequence of IEEE standard (S 21 2:17)

    Pfi Excel/Outlook risk of hidden information released (R 21 69-70)

    f Excel deletes terminal zeros in phone number conversion with abc.defg format, also IP 10.0.0.10 becomes 10.0.0.1 (R 21 74-75,77)

    fhi Space character in number causes overzealous Excel miscalculation (error of US$19,130) (R 20 30)

    f Microsoft Excel 97 re-exhibits ghost of Pentium FDIV bug (R 19 04,05)

    [f=feature?] Incompatibility between 1904 date in Mac Excel and 1900 in Windows affects expert-witness report (R 21 47); cut and paste risk between WinWord and Excel in Office 2000 (R 21 53)

    fi Excel garbles microarray experiment data (R 24 19-21,23)

    f Risks of Microsoft's self-extracting files: no file integrity... (R 19 92)

    f Side-effects of IE4 (R 20 03)

    f IE5 under Windows 98 multiwindow cache consistency problem (R 20 28)

    f/m Bill Gates demo of Windows 98 crashed at Comdex (R 19 70)

    f Microsoft software blocks copy of file with name of "sensitive country", and subsequent copies (R 20 19-20)

    f Risks of Windows NT Blue Screen of Death requiring reboot (R 20 20-21)

    fh Outlook 98 filters RISKS-20.32 as junk! (R 20 33)

    f Microsoft Explorapedia Nature: earth rotates in wrong direction (R 20 87)

    f Windows 95 error message pops up on Swedish bank ATM screen (R 20 19)

    i Microsoft: "Q276304 - Error Message: Your Password Must Be at Least 18770 Characters and Cannot Repeat Any of Your Previous 30689 Passwords" (R 21 37)

    ifh California I-405 bitmapped billboard displays Windows error message (R 21 45); cash machine displays MS-DOS prompt (R 21 46); CalTrans displays "NO DATA" (R 21 46); http://www.daimyo.org/bsod/ gives some classic blue screens of death in very conspicuous places (R 21 47); portable highway display shows "BATTERIES NEED RECHARGING" (R 21 48,50); Ottawa bus-station TV monitors displayed file-write error instead of time of next bus, for several days (R 21 40); The Drop Zone carnival ride display at the top explaining the 100-meter free-fall drop showed Windows crash message (R 21 50)

    rf Inmos T800 floating point used formal methods for analysis, but the specification was wrong (according to Bill Kahan) (S 20 2:10)

    f VAX 11-780 floating point and early-production GE 635 floating-point truncation problem (noted by Jim Haynes) (S 20 2:10)

    f 5 equivalent floating-point formulae give very different results (S 19 2:4)

    f Intel chip flaw in Orion 82450 reduces I/O bus throughput (S 21 4:13,R 17 83)

    M Moore's Law hits a leak: current leakage from inactive processors (R 22 43)

    f DEC Alpha bug: pow(1.234567, 7.654321) may not give 5.017... (R 19 24-26)

    m Real `bug' in Alpha VAX (S 21 4:14)

    h/m Trig routine risks: sine calculations wrong because of missing card in deck (R 24 49); malfunctioning VAX floating point (R 24 51,52); both in (S 32 1)

    f Faster Mac reveals lurking flaw (R 19 38,40)

    fhe Glitch in iTunes deletes Macintosh drives; bug detected pre-release, but wrong version was released (S 27 1:10, R 21 74,78-80)

    f 2-user login max due to HW floating-point flaw used by PW encrypt. (S 15 1)

    f Bug in zipcode catalog adds an extra decimal digit to invoice (S 22 1:19)

    fi When is -32768 not equal to -32767-1 ? (R 18 48-49, 55,57,58,60,61)

    f Software math errors also discussed: BASIC on TI 99/4A (S 20 2:11)

    f Accounting system claims quota exceeded at number approaching 232 copies (R 20 20)

    f ping program gives negative round-trip times; useful for time travel? (R 20 21)

    f UK supermarket customers can double their accumulated points due to synchronization flaw (R 19 82)

    ..... Other problems:

    hi Harmful puns on input: "EDIT" (Everything Deleted Insert T), "<cr>aboRT" See Inside Risks, CACM, 33, 9 (Sept 1990), p. 202.

    i Y=Yes, 9=No(nein auf deutsch) in control system operator interface (S 16 1)

    hif Hartford jurors uncalled; letter "d" interpreted as "deceased" (S 18 1:7)

    i Atari prompt is READY; editor cursor on prompt read as READ Y (S 17 3)

    ifh System uses "$" to return to main menu; havoc results (S 17 3)

    h Celsius-to-Fahrenheit conversion: 2.5C increase becomes 36.5F! (S 20 3:11)

    f Standard deviation in Lotus 1-2-3 uses wrong number in computation (S 17 3)

    f Microsoft and Lotus spreadsheet errors (base conversion, roundoff)(S 20 3:9); similar Fred Brooks tale retold, on pipeline billing (S 20 3:9)

    h Spreadsheet Research documents enormous operational error rates (R 19 24)

    hi? New York Times computer typesetting problems (S 17 3)

    m Single-bit errors in DQ-11 partition the network (S 14 1)

    f Windows open and close for runaway mouse in Word 4.0 (S 13 4)

    fm Toshiba DOS 3.3 Backup deletes files (S 14 5)

    fi Printer-truncated pathname causes directory overwrite on retrieval (S 17 1)

    f Domain name service meltdown due to cache corruption (R 18 38)

    $mfh $150 printer hangs up $0.5M VAXcluster (S 17 4)

    $f Tape unit caught on fire from repeated reading of tape section (S 5 1)

    fm 63,000 Dell monitors too hot to handle: overheating, fires (S 19 4:11)

    m(i) Stretching cat loads CDROM in Macintosh; interface misleading (S 15 2)

    h Incidents on people's willingness to trust computers (S 11 5)

    f Program works fine in debug, fails in live execution (S 12 4)

    fe Anaesthetist trainees fail exam because of computer roundoff (R 17 25)

    f Pseudo-randomly generated bridge hands identical except for suits (S 14 1)

    i German FORTRAN "unit" and "device" both translated to "Einheit" (auf deutsch) (S 17 1)

    fi Discussion of handling of null variables in programs (R 19 58,59)

    m Memory parity error corrupts nonwritable shell file (S 19 2:4)

    h French card tricks: customs agent "samples" cards [old] (S 20 5:9)

    h Program fails when blank card jams, is removed [old] (S 20 5:9)

    f Bioinformatics programs considered badly software engineered (S 27 3:7, R 21 98)

    i Risks of differing Unix variants of killall (S 27 3:7, R 22 05-07)

    i Risks of the rise of PowerPoint: format dominates content (S 27 3:10, R 21 91)

    *fh Cancelling errors, serendipity in avoiding risks, and Kepler: note by Henry Baker (R 20 48,51)

    ? Risks of "self-destructing e-mail" from Disappearing Inc. (R 20 62)

    S/f/m An early collection of risk-related anecdotes was presented at the ACM Symposium on Operating Systems Principles, SOSP 7 (S 5 1:30-35), with follow-on (S 7 1). The former collection includes the repeated dunning notices for a debt of $0.00, responded to by writing a check for $0.00, which results in an angry letter that the check had crashed the computer system.

    1.37 Other Computer System Development Difficulties

    !*V$SPdefhim etc. Center for National Software Studies report: SOFTWARE 2015 contains many risks-related issues; well worth reading (R 23 91, S 30 4:19):
    http://www.cnsoftware.org/nss2report/NSS2FinalReport04-29-05PDF.pdf

    $rdef... The Software Bloatware Debate (S 24 1:32, R 19 92-93); Extensive discussion of bloatware, why it occurs, what its consequences are: less adaptability, interoperability, ...; examples (R 20 35-38); revisited (R 20 91-92,98, R 21 08)

    $rdf Difficulties in developing large systems: IRS TSM ($4 billion), FBI (fingerprint system and NCIC upgrade), California (welfare database, BART, DMV) (S 22 4:25, R 18 81)

    $m Colorado welfare system computer problems; unable to distribute Medicaid payments; cases pending past limits (R 23 62; S 30 2:19)

    $dfe New FBI Virtual Case File software not usable; part of $.5 billion upgrade plan (R 23 66; S 30 2:18); House Appropriations report summarizes "errors and misjudgements" (R 23 89; S 30 4:19) See an excellent article by Harry Goldstein, IEEE Spectrum, September 2005, pp.24-35. (R 24 03); further item (R 24 38, S 31 6:22)

    @$drS IRS computer project a four-billion-dollar fiasco (S 21 4:12); IRS drops Internet Cyberfile tax filing plan (S 22 1:19)

    $df(SV* etc.) NIST study: Impact of inadequate software testing on U.S. economy, estimated at $59.5 billion per year (S 27 5:6, R 22 11)

    rd More on California's software woes: welfare system problems (R 20 53)

    @$hd DoD criticized for software development problems (S 13 1)

    d(rfi) GAO's latest evaluation of DoD software development practice: Defense Acquisitions: Stronger Management Practices Are Needed to Improve DoD's Software-Intensive Weapon Acquisitions. GAO-04-393, 1 Mar 2004 (R 23 24)

    $f Software problem delays upgrade of LAPD car computer system (R 24 12)

    @$d ADATS tank-based anti-copter missile system development problems, $5B overrun, unreliability (S 16 1); others: C-17, London Ambulance,

    $df HUD fires contractor over program error costing $3.8 million (S 23 1:10, R 19 43)

    $rf GAO report says Pentagon overpaid contractors by $millions because different accounting systems could not interoperate (R 19 14)

    $d Medicare computer project terminated (S 23 1:10, R 19 38)

    $rd California child-support deadbeat dads/moms database flawed; project overrun from $99M to $300M (S 22 4:25, R 19 12); Lockheed-Martin IMS Contract CANCELLED (S 23 1:9, R 19 43); State of California and Lockheed Martin IMSC suing each other over contract cancellation (R 19 82)

    $df Virginia State child-support payments halted: software problems (S 12 3)

    $drfh $4.5M Virginia child-support system scrapped; bad management (S 14 2)

    $ef Software upgrade glitch snares the Social Security Administration; $478.5 million in underpayments detected years later (S 20 2:8, R 16 67, 23 Dec 1994), subsequently reported as $850 million, affecting almost 700,000 people (S 21 1:20, R 18 51)

    @$deh $35M San Mateo California health system upgrade is a downer; receivables backlog over $40M; blame scattered (R 20 98)

    $d King County Washington blew $38 million on canceled payroll system (R 21 01; S 26 1:19)

    $de $3.2M NY City computerized death registration system design abandoned; new design for $1.8M; development cost approaching $10M; Similar project in NJ using Sybase completed in six months and $250,000 (R 22 79, S 28 6:10)

    eh Northeastern University admits 25% too many students (600 extra) after DB upgrade loses potential applicants (R 21 01; S 26 1:20)

    $d Congress' report Bugs in the System attacks waterfalls, procurement (S 15 1)

    $d GAO report on effects of IS technology (S 15 1)

    $d Congress repeals catastrophic insurance, SSA gets premiums anyway; too difficult to make the software modifications (S 15 1)

    $drfh Summary of several `runaway' computer software projects - Allstate, Richmond utilities, Business Men's Assurance, Oklahoma WorkComp, Blue Cross/Shield of Wisconsin (S 14 1)

    @$drf California DMV system upgrade botched; $44.3M deadend (S 19 3:5)

    @Vef NJ DMV computer system upgrade crashes on first live use (R 19 80)

    @$dh BofA MasterNet development blows $23M; backup system gone (S 12 4) Two BofA executives leave after DP problems costing $25M (S 13 1); $60M more spent in botched attempt to fix it (S 13 2)

    $fe $34M fails to fix Washington DC payroll computers (R 22 30)

    $df Los Angeles hospital billing system bugs; delays cost up to $16M (S 19 2:3)

    $rd Greyhound computer reservation system development problems (S 20 1:18)

    $f System to prevent gov't bond auction bid-rigging `deeply flawed' (S 18 3:A5)

    $df Software failures in Britain estimated at $900M per year (S 13 4)

    $df UK DWP £141M benefits computer system shelved (R 24 41, S 31 6:22)

    $d System Upgrade delays TIAA-CREF payments (R 24 44, S 31 6:22-23)

    $rd Comvor: Hamburg police computer system development problems (blamed on "complexity") (S 23 4:22; R 19 68)

    $dfh $5.4M Canadian computerized taxi system won't work (S 14 2)

    $rd Ontario toll-road system six months late at twice the cost (R 19 24)

    $dfm $800,000 computerized cab service system fouls up (S 15 2)

    $dfh $15M strip-mining violation computer system deficient (S 14 2)

    rdf New Notre Dame de Paris organ software development disaster (S 20 3:10)

    - Douglas Adam's `Mostly Harmless' quoted on repairability (S 18 2:5)

    @$def $18M new system hinders collection of $10M in L.A. taxes (S 16 2)

    @$df New French reactor's distributed computer system abandoned (S 16 2)

    @$dhff Salvage Association awarded £662,926 from CAP Financial Services after badly botched accounting system was scrapped (S 18 1:8)

    $dr Discussion by Lauren Weinstein on technology deterioration resulting from cutting corners during system development (R 17 94,96)

    $d A380 superjumbo plane software development commits to fixed delivery schedules before major components tested (R 23 40); A380 delivery delays attributed partly to design SW problems (R 24 45 and 51, S 32 1);

    $d New £300 million UK air-traffic control system confronts complexity (S 22 1:18)

    $fe UK DWP "Government department wiped out by IT upgrade disaster"; incompatible system downloaded to 80,000 computers (R 23 61; S 30 2:18)

    $fd Computer system fiasco at the UK Child Support Agency; case backlog mounting at 30,000 per month, debt grows to GBP 720 million; no collections from 417,000 absent parents! (R 23 60; S 30 2:19)

    $d Software problems with NATS new-generation air-traffic control center (R 19 18,23)

    $de New Zealand's INCIS Crime Information System (S 25 3:17, R 20 83)

    $dmf Las Vegas monorail big development delays; drive-shaft fell off; flaw in train spacing software (R 23 37; S 29 5:14)

    $dfe Canadian social services system: $500 million and counting (R 23 45; S 30 1:9)

    $de Chicago Tribune computer meltdown on upgrade failure (R 23 46; S 30 1:9-10)

    $de Ford dumps Oracle eVEREST Internet-based system after four years of trouble (R 23 50; S 30 1:11)

    $dfmeh German automatic TollCollect system unusable, postponed; problems unidentified (R 22 94; S 29 2:10-11); GPS-based German TollCollect system doesn't collect (R 23 21); German Toll-Collect announces another delay... (R 23 37); "first prize in the 'Never-admitting-we-were-wrong' category"; unlikelihood of succeeding (R 23 51,53; S 30 1:10)

    $dehf More on the German Toll Collect development woes (R 23 69; S 30 3:28), overcharging (R 23 72; S 30 3:28)

    $fd Two German projects: Toll and Dole; toll collection delayed again, but fails 10%; Arbeitslosengeld II direct deposit system leaves 5% of the recipients without money (R 23 65; S 30 2:18-19)

    $dehf German unemployment system emerging with similar problems (R 23 53,60; S 30 1:10-11); Further updates on the German unemployment system (R 23 69; S 30 3:28-29; R 23 92; S 30 4:22)

    $deh German social services software A2LL loses 100,000 updates (R 24 01; S 30 4:22)

    $f German social services software with new, costly errors; health insurance premiums miscalculated (R 24 03; S 30 6:17-18)

    $d Siemens recalls x65 mobile phones; software error triggers overly loud melody as battery fails (R 23 51,53)

    $fhi Complexity causes 50% of product returns (R 24 19,20)

    $fhiR Yet another canceled public sector IT project: UK Internet retirement planner, wasted £11M (R 24 47,49,52, S 32 1)

    1.38 Achieving Better System Development and Operation

    + Numerous articles on software development, specification, formal verification, safety, reliability, security, etc. (S 1 1 to the present)

    + Barclays Bank success story in cutover to client-server system (S 20 1:18)

    + Collected Papers by David L. Parnas, book edited by Daniel M. Hoffman and David M. Weiss, with foreword by Jon Bentley: commentary (R 21 42,43) by Jim Horning. Very useful book on good software engineering.

    + Software Engineering, Dijkstra, and Hippocrates (R 21 42,44)

    + Discussion on the need to certify computer professionals (S 16 1)

    + More on Proper British Programs - the MoD standard (S 14 1)

    + Updated UK Interim Defence Standards 00-55/56 on software safety (S 16 3); Comments on Revised 00-55/56 by Stavridou and Ravn (S 16 4); Progress on adopting DefStan 00-55 (S 17 1)

    @*$ EC Machine Safety Directive enables suits over unsafe HW/SW (S 18 1:26)

    + Australian Software Quality Management Standard AS 3563-91 (S 17 1)

    +/- Risk Management: Books by Brian Wynne, Lorraine Daston noted (S 18 2:8)

    + Interview with James Reason on absent-mindedness and risk management (R 24 13)

    $*VSde etc. Professional risk assessment (R 23 79; S 30 3:22)

    + IEC TC4 WG3 International Standard on industrial machines safety (S 16 3)

    + NewSpeak, a safer programming language (S 13 2)

    +/-?? Programming competency and the use of FORTH (R 20 49-53, R 22 14-15)

    + Spark, an attempt at a "safe" Ada subset (S 14 1)

    + Viper and formal methods used in Australian railroad switching (S 14 5)

    + Benefits of computer technology, particularly safety, discussed (S 14 6)

    + DoD Software Master Plan [preliminary draft released [9Feb1990] (S 15 2) + Flogging as an ancient method for assuring software quality? (S 16 3)

    + Scents increase productivity of Russian computer operators! (S 17 2)

    + Scents [androstenone] give 14% increase in bill-payment rate (S 18 2:5)

    1.39 The Proper Role of Technology?

    +- Winter 1991 issue of Whole Earth Review questions technology; articles by Jerry Mander, Howard Levine, Langdon Winner, Patricia Glass Schuman, Linda Garcia, Gary T. Marx, Ivan Illich, Amory and Hunter Lovins (S 17 2)

    +- Fujitsu probing brain-wave detecting interface; risks suggested (S 18 3:A10)

    fh Discussion of expectations of technology: Chase Manhattan Bank fire, 911 cell phone identification (S 23 5:25, R 19 83)

    d(SV*,etc.)(fm+,etc.) Extensive ongoing discussion on component architecture, composability, etc., much too long to summarize here, but quite instructive. Also, see PGN's report, Principled Assuredly Trustworthy Composable Architectures, Dec 2004,
    http://www.csl.sri.com/neumann/chats4.pdf and .ps, as well as
    http://www.csl.sri.com/neumann/chats4.html. (R 23 73-77)

    2 Reference Materials

    If you are interested in further details, pursue the back issues of SEN, the on-line RISKS archives, and Neumann's Computer-Related Risks, Addison-Wesley, 1995 (ISBN 0-201-55805-X) and ACM Press (ACM Order 704943).

    2.1 Books

    The following books may also be of interest.

    · Frederick P. Brooks, Jr., The Mythical Man-Month (2nd edition) Addison-Wesley, 1995.

    · David Burnham, The Rise of the Computer State, Random House, New York, 1982.

    · Steven M. Casey, Set Phasers on Stun, and Other True Tales of Design Technology and Human Error, Aegean, 1993.

    · Robert N. Charette, Software Engineering Risk Analysis and Management, McGraw-Hill, New York, 1989.

    · Robert N. Charette, Application Strategies for Risk Analysis, McGraw-Hill, New York, 1990.

    · Robert N. Charette, Frances Scarff, and Andy Carty, Introduction to the Management of Risk, HMSO (Her Majesty's Stationary Office), 1993 (ISBN 0 11 330648 2).

    · David Clark et al., Computers at Risk: Safe Computing in the Information Age, National Research Council report of the System Security Study Committee, National Academy Press, December 1990.

    · Ken Dam et al., Cryptography's Role In Securing the Information Society (a.k.a. the CRISIS report), National Research Council report of the Committee to Study National Cryptography Policy, National Academy Press, 1996. Executive summary is available at http://www2.nas.edu/cstbweb .

    · Mark Dery, Escape Velocity: Cyberculture at the End of the Century, Grove Press, 1996.

    · Dietrich Dörner, The Logic of Failure: Why Things Go Wrong and What We Can Do to Make Them Right, Metropolitan Books (Henry Holt), New York, 1996.

    · John H. Fielder and Douglas Birsch, The DC-10 Case: A Case Study in Applied Ethics, Technology, and Society, State University of New York Press, 1992.

    · John Gall, Systemantics : the underground text of systems lore : how systems really work and especially how they fail, General Systemantics Press, 3200 W. Liberty, Ann Arbor 48103, 1986. (The first edition was printed by Pocket Books in 1975 and Quadrangle/NYTimesBookCo in 1977.)

    · Robert Glass, Software Creativity, Prentice-Hall, Englewood Cliffs, New Jersey, 1995.

    · Greg Hoglund and Gary McGraw, Exploiting Software: How to Break Code, Addison-Wesley, 2004.

    · Karla Jennings, The Devouring Fungus, Tales of the Computer Age, Norton, 1990.

    · Deborah G. Johnson and Helen Nissenbaum, Computer Ethics and Social Values, Prentice Hall, Englewood Cliffs, New Jersey, 1995.

    · Rob Kling, Computerization and Controversy: Value Conflicts and Social Choices (2nd Edition), Academic Press, San Diego, February 1996.

    · Nancy G. Leveson, Safeware: System Safety and Computers, Addison-Wesley, Reading, Massachusetts, 1995.

    · Jerry Mander, In the Absence of the Sacred: The Failure of Technology & the Survival of the Indian Nations, Sierra Club Books, 1991.

    · Steven E. Miller, Civilizing Cyberspace: Policy, Power and the Information Superhighway, Addison-Wesley Publishing Co. and ACM Press, 1996.

    · Charles Perrow, Normal Accidents, Basic Books, NY, 1984.

    · Charles Perrow, Living with High Risk Technologies, Princeton University Press, 1999.

    · Charles Perrow, The Next Catastrophe: Reducing Our Vulnerability to Natural, Industrial, and Terrorist Disasters, Princeton University Press, 2007. [See PGN minireview in (R 24 65).]

    · Ivars Peterson, Fatal Defect: Chasing Killer Computer Bugs, Times Books (Random House), New York, 1995.

    · Henry Petroski, To Engineer is Human: The Role of Failure in Successful Design, St, Martin's Press, 1985.

    · Henry Petroski, Design Paradigms: Case Histories of Error and Judgment in Engineering, Cambridge University Press, 1994.

    · Scott D. Sagan, The Limits of Safety: Organizations, Accidents, and Nuclear Accidents, Princeton University Press, 1993.

    · Joan Stigliani, The Computer User's Survival Guide, O'Reilly & Associates, Inc., 1995.

    · Lauren Wiener, Digital Woes: Why We Should Not Depend on Software, Addison Wesley, 1993

    Also, check out Phil Agre's Web site (http://communication.ucsd.edu/pagre/) for a bibliography of recent books on social responsibility, many of which are relevant here.

    Computer-Related Risks draws heavily on the listed cases. It also incorporates some material from COMPASS and CACM Inside Risks sources, noted below. "The Computer-Related Risk of the Year" (abbreviated here as CRRotY) series of papers by PGN, in the Proceedings of the COMPASS (Computer Assurance) Conference, held each June, at NIST in Gaithersburg MD:

    1987: The N Best (or Worst) Computer-Related Risk Cases.

    IEEE 87TH0196-6, pp.xi-xiii.

    1988: CRRotY: Computer Abuse. IEEE 88CH2628-6, pp.8-12.

    1989: CRRotY: Misplaced Trust in Computer Systems. IEEE, pp.9-13.

    1990: CRRotY: Distributed Control. IEEE 90CH2830, pp.173-177.

    1991: CRRotY: Weak Links and Correlated Events. IEEE 91CH3033-8, pp.5-8.

    1993: Keynote, 16 Jun 1993, Myths of Dependable Computing: Shooting the Straw Herrings in Midstream, IEEE 93CH3291-2, pp.1-4.

    1995: Banquet speech on risks in critical systems, 29 June 1995 [no paper]

    2.2 Inside Risks Columns

    See also the "INSIDE RISKS" monthly columns inside the back cover of the Communications of the ACM, since July 1990, written by PGN except for guest columns as indicated. Many past columns are on-line
    http://www.csl.sri.com/neumann/insiderisks.html in one large file, with the 2004 columns available in a separate file
    http://www.csl.sri.com/neumann/insiderisks04.html for speedier access.

    .....Inside Risks, CACM VOLUME 33, numbers 7 through 12, respectively -

    Jul 1990: Some Reflections on a Telephone Switching Problem

    Aug 1990: Insecurity About Security?

    Sep 1990: A Few Old Coincidences

    Oct 1990: Ghosts, Mysteries, and Risks of Uncertainty

    Nov 1990: Risks in computerized elections

    Dec 1990: Computerized medical devices, Jon Jacky

    .....Inside Risks, CACM VOLUME 34, numbers 1 through 12, respectively -

    Jan 1991: The Clock Grows at Midnight

    Feb 1991: Certifying Programmers and Programs

    Mar 1991: Putting on Your Best Interface

    Apr 1991: Interpreting (Mis)information

    May 1991: Expecting the Unexpected Mayday!

    Jun 1991: The Risks With Risk Analysis, Robert N. Charette

    Jul 1991: Computers, Ethics, and Values

    Aug 1991: Mixed Signals About Social Responsibility, Ronni Rosenberg

    Sep 1991: The Not-So-Accidental Holist (on critical systems)

    Oct 1991: A National Debate on Encryption Exportability, Clark Weissman

    Nov 1991: The Human Element

    Dec 1991: Collaborative Efforts

    .....Inside Risks, CACM VOLUME 35 number 1 through 12, respectively -

    Jan 1992: What's in a Name?

    Feb 1992: Political Activity and International Computer Networks, Sy Goodman

    Mar 1992: Inside "Risks of RISKS"

    Apr 1992: Privacy Protection, Marc Rotenberg

    May 1992: System Survivability

    Jun 1992: Leaps and Bounds (on leap-year problems, distributed systems)

    Jul 1992: Aggravation by Computer: Life, Death, and Taxes

    Aug 1992: Fraud by Computer

    Sep 1992: Accidental Financial Losses

    Oct 1992: Where to Place Trust

    Nov 1992: Voting-Machine Risks, Rebecca Mercuri

    Dec 1992: Avoiding Weak Links

    .....Inside Risks, CACM VOLUME 36 number 1 through 12, respectively -

    Jan 1993: Risks Considered Global(ly)

    Feb 1993: Is Dependability Attainable?

    Mar 1993: Risks of Technology

    Apr 1993: Using Names as Identifiers, Donald A. Norman

    May 1993: The Role of Software Engineering

    Jun 1993: Modeling and Simulation

    Jul 1993: Risks on the Rails

    Aug 1993: Risks of Surveillance

    Sep 1993: Animal Crackers

    Oct 1993: System Development Woes

    Nov 1993: Corrupted Polling, Rebecca Mercuri

    Dec 1993: A World Lit by Flame, Peter Denning

    .....Inside Risks, CACM VOLUME 37 number 1 through 12, respectively -

    Jan 1994: Risks in Aviation, Part One, Robert Dorsett

    Feb 1994: Risks in Aviation, Part Two, Robert Dorsett

    Mar 1994: Technology, Laws, and Society

    Apr 1994: Risks of Passwords

    May 1994: Alternative Passwords

    Jun 1994: Risks on the Information Superhighway

    Jul 1994: Questions About the NII, Barbara Simons

    Aug 1994. Friendly Fire

    Sep 1994. Expectations of Security and Privacy

    Oct 1994. The Verdict on Plaintext Signatures: They're Legal, Benjamin Wright

    Nov 1994. Dehumanizing the Workplace, Herb Grosch

    Dec 1994. Inside "Inside Risks"

    .....Inside Risks, CACM VOLUME 38 number 1 through 12, respectively -

    Jan 1995. The Information Superhighway: For the People, Ben Shneiderman

    Feb 1995. Computers as Substitute Soldiers, Chris Demchak and Sy Goodman

    Mar 1995. Reassessing the Crypto Debate

    Apr 1995. Information Superhighway 2015, Peter J. Denning

    May 1995. How to Create a Successful Failure, Robert N. Charette

    Jun 1995. Computer Vulnerabilities: Exploitation or Avoidance

    Jul 1995. My Top Ten E-Mail Hassles, Phil Agre

    Aug 1995. Research on the Internet, Joel M. Snyder

    Sep 1995. Risks of Easy Answers

    Oct 1995. Risks of Social Security Numbers, Simson Garfinkel

    Nov 1995. Safety as a System Property, Nancy Leveson

    Dec 1995. Reviewing the Risks Archives

    .....Inside Risks, CACM VOLUME 39 number 1 through 12, respectively -

    Jan 1996. Risks in Digital Commerce

    Feb 1996. W(h)ither Research and Education? PGN and Peter J. Denning

    Mar 1996. Taking Responsibility for Our Risks, Robert Charette

    Apr 1996. A Risks-Related Bookshelf

    May 1996. Linguistic Risks

    Jun 1996. Securing the Information Infrastructure, Teresa F. Lunt

    Jul 1996. Using Formal Methods to Reduce Risks

    Aug 1996. Cryptography's Role In Securing the Information Society, Herbert Lin

    Sep 1996. Behind the State of the Art, Lauren Weinstein

    Oct 1996. Disinformation Theory

    Nov 1996. Distributed Systems Have Distributed Risks

    Dec 1996. Risks of Anonymity

    .....Inside Risks, CACM VOLUME 40 number 1 through 12, respectively -

    Jan 1997. Cryptography, Security, and the Future, Bruce Schneier

    Feb 1997. Hopes for Fewer Risks?

    Mar 1997. Some Observations on RISKS and Risks, Richard I. Cook

    Apr 1997. Webware Security, Edward Felten

    May 1997. The Big Picture

    Jun 1997. Spam, Spam, Spam! PGN and Lauren Weinstein

    Jul 1997. Identity-Related Risks

    Aug 1997. Crypto Key Management

    Sep 1997. Software Engineering: An Unconsummated Marriage, David Lorge Parnas, P.Eng.

    Oct 1997. Integrity in Software Development

    Nov 1997. Risks of Technological Remedy, Peter Ladkin

    Dec 1997. More System Development Woes

    .....Inside Risks, CACM VOLUME 41 number 1 through 12, respectively -

    Jan 1998. Protecting the Infrastructures

    Feb 1998. Internet Gambling

    Mar 1998. Are Computers Addictive?

    Apr 1998. On Concurrent Programming, Fred B. Schneider

    May 1998. In Search of Academic Integrity, Rebecca Mercuri

    Jun 1998. Infrastructure Risk Reduction, Harold Lawson

    Jul 1998. Laptops in Congress?

    Aug 1998. Computer Science and Software Engineering: Filing for Divorce?, Peter J. Denning

    Sep 1998. Y2K Update

    Oct 1998. On-Line Education

    Nov 1998. Toward Trustworthy Networked Information Systems, Fred B. Schneider

    Dec 1998. The Risks of Hubris, Peter B. Ladkin

    .....Inside Risks, CACM VOLUME 42 number 1 through 12, respectively -

    Jan 1999. Our Evolving Public Telephone Networks, Fred Schneider and Steven M. Bellovin

    Feb 1999. Robust Open-Source Software

    Mar 1999. Bit-Rot Roulette, Lauren Weinstein

    Apr 1999. A Matter of Bandwidth, Lauren Weinstein

    May 1999. Ten Myths about Y2K Inspections, David L. Parnas

    Jun 1999. Risks of Y2K, PGN and Declan McCullagh

    Jul 1999. Information is a Double-Edged Sword

    Aug 1999. Biometrics: Uses and Abuses, Bruce Schneier

    Sep 1999. The Trojan Horse Race, Bruce Schneier

    Oct 1999. Risks of Relying on Cryptography, Bruce Schneier

    Nov 1999. Risks of Content Filtering, PGN and Lauren Weinstein

    Dec 1999. Risks of Insiders

    .....Inside Risks, CACM VOLUME 43 number 1 through 12, respectively -

    Jan 2000. Risks of PKI: Secure E-Mail, Carl Ellison and Bruce Schneier

    Feb 2000. Risks of PKI: Electronic Commerce, Carl Ellison and Bruce Schneier

    Mar 2000. A Tale of Two Thousands

    Apr 2000. Denials of Service

    May 2000. Internet Risks, Lauren Weinstein and PGN

    Jun 2000. Internet Voting, Lauren Weinstein

    Jul 2000. Risks in Retrospect

    Aug 2000. Shrink-Wrapping Our Rights, Barbara Simons

    Sep 2000. Missile Defense

    Oct 2000. Tapping on My Network Door, Matt Blaze and Steven M. Bellovin

    Nov 2000. Voting Automation (Early and Often?), Rebecca Mercuri

    Dec 2000. Semantic Network Attacks, Bruce Schneier

    .....Inside Risks, CACM VOLUME 44 number 1 through 12, respectively -

    Jan 2001. System Integrity Revisited, Rebecca T. Mercuri and PGN

    Feb 2001. What to Know About Risks

    Mar 2001. Computers: Boon or Bane?, David L. Parnas and PGN

    Apr 2001. Cyber Underwriters Lab?, Bruce Schneier

    May 2001. Be Seeing You!, Lauren Weinstein

    Jun 2001. PKI: A Question of Trust and Value, Richard Forno and William Feinbloom

    Jul 2001. Learning from Experience, Jim Horning

    Aug 2001. Risks in E-mail Security, Albert Levi and Çetin Kaya Koç

    Sep 2001. Web Cookies: Not Just a Privacy Risk, Emil Sit and Kevin Fu

    Oct 2001. The Perils of Port 80, Stephan Somogyi and Bruce Schneier

    Nov 2001. Risks of Panic, Lauren Weinstein and PGN

    Dec 2001. Risks of National Identity Cards, PGN and Lauren Weinstein

    .....Inside Risks, CACM VOLUME 45 number 1 through 12, respectively -

    Jan 2002. Uncommon Criteria, Rebecca Mercuri

    Feb 2002. The Homograph Attack, Evgeniy Gabrilovich and Alex Gontmakher

    Mar 2002. Risks of Linear Thinking, Peter Denning and James Horning

    Apr 2002. Digital Evidence, David WJ Stringer-Calvert

    May 2002. Risks of Inaction, Lauren Weinstein

    Jun 2002. Free Speech Online and Offline, Ross Anderson

    Jul 2002. Risks: Beyond the Computer Industry, Don Norman

    Aug 2002. Risks in Features vs. Assurance, Tolga Acar and John R. Michener

    Sep 2002. Risks of Digital Rights Management, Mark Stamp

    Oct 2002. Secure Systems Conundrum, Fred B. Schneider

    Nov 2002. Florida 202002: Sluggish Systems, Vanishing Votes, Rebecca Mercuri

    Dec 2002. Why Security Standards Sometimes Fail, Avishai Wool

    .....Inside Risks, CACM VOLUME 46 number 1 through 12, respectively -

    Jan 2003. The Mindset of Dependability, Michael Lesk

    Feb 2003. Gambling on System Accountability, PGN

    Mar 2003. Risks of Total Surveillance, Barbara Simons and Eugene H. Spafford

    Apr 2003. On Sapphire and Type-Safe Languages, Andrew Wright

    May 2003. Risks of Misinformation, PGN

    Jun 2003. Reflections on Trusting Trust Revisited, Diomidis Spinellis

    Jul 2003. How Secure Is Secure Web Browsing?, Albert Levi

    Aug 2003. Spam Wars, Lauren Weinstein

    Sep 2003. Risks in Trusting Untrustworthiness, PGN

    Oct 2003. Information System Security Redux, PGN

    Nov 2003. Security by Insecurity, Rebecca Mercuri and PGN

    Dec 2003. The Devil You Know, Lauren Weinstein

    .....Inside Risks, CACM VOLUME 47 number 1 through 12, respectively -

    Jan 2004. The Myth of Homeland Security, Marcus J. Ranum

    Feb 2004. Outsourced and Out of Control, Lauren Weinstein

    Mar 2004. Risks of Monoculture, Mark Stamp

    Apr 2004. Coincidental Risks, Jim Horning

    May 2004. Artifical Stupidity, Peter and Dorothy Denning

    Jun 2004. Optimistic Optimization, PGN

    Jul 2004. Insider Risks in Elections, Paul Kocher and Bruce Schneier

    Aug 2004. Close Exposures of the Digital Kind, Lauren Weinstein

    Sep 2004. The Big Picture, PGN

    Oct 2004. The Non-Security of Secrecy, Bruce Schneier

    Nov 2004. Evaluation of Voting Systems, Poorvi L. Vora, Benjamin Adida, Ren Bucholz, David Chaum, David L. Dill, David Jefferson, Douglas W. Jones, William Lattin, Aviel D. Rubin, Michael I. Shamos, and Moti Yung

    Dec 2004. Spamming, Phishing, Authentication, and Privacy, Steve Bellovin

    .....Inside Risks, CACM VOLUME 48 number 1 through 12, respectively -

    Jan 2005. Not Teaching Viruses and Worms Is Harmful, George Ledin Jr

    Feb 2005. Responsibilities of Technologists, PGN

    Mar 2005. Anticipating Disasters, PGN

    Apr 2005. Two-Factor Authentication: Too Little, Too Late, Bruce Schneier

    May 2005. Risks of Third-Party Data, Bruce Schneier

    Jun 2005. What Lessons Are We Teaching? Susan Landau

    Jul 2005. DRM and Public Policy, Edward W. Felten

    Aug 2005. Disability-Related Risks, PGN and Michael D. Byrne

    Sep 2005. Risks of Technology-Oblivious Policy, Barbara Simons and Jim Horning

    Oct 2005. The Best-Laid Plans: A Cautionary Tale for Developers, Lauren Weinstein

    Nov 2005. The Real National-Security Needs for VoIP, Steven Bellovin, Matt Blaze, and Susan Landau

    Dec 2005. Wikipedia Risks, Peter Denning, Jim Horning, David Parnas, and Lauren Weinstein

    .....Inside Risks, CACM VOLUME 49 number 1 through 12, respectively -

    Jan 2006. Software and Higher Education, John Knight and Nancy Leveson

    Feb 2006. Trustworthy Systems Revisited, PGN

    Mar 2006. Privacy Risks Revisited, Marc Rotenberg

    Apr 2006. Fake ID: Batteries Not Included, Lauren Weinstein

    May 2006. Risks of RFID, PGN and Lauren Weinstein

    Jun 2006. EHRs: Electronic Health Records or Exceptional Hidden Risks? Robert Charette

    Aug 2006. Risks of Online Storage, Ari Schwartz, Deirdre Mulligan, and Indrani Mondal

    Sep 2006. The Foresight Saga, PGN

    Oct 2006. Virtual Machines, Virtual Security, Steven Bellovin

    Nov 2006. COTS and Other Electronic Voting Backdoors, Rebecca T. Mercuri, Vincent J. Lipsio, and Beth Feehan

    Dec 2006. Liability Risks with Reusing Third-Party Software, William Hasselbring, Matthias Rohr, Jürgen Taeger, and Daniel Winteler

    .....Inside Risks, CACM VOLUME 50 number 1 through 12, respectively -

    Jan 2007. Ma Bell's Revenge: The Battle for Network Neutrality, Lauren Weinstein

    Feb 2007. Widespread Network Failures, PGN

    Mar 2007. Risks of Risk-Based Security, Donn Parker

    Apr 2007. Risks of Virtual Professionalism, Jim Horning

    May 2007. The Psychology of Security, Bruce Schneier

    Jun 2007. Keeping the Forest in View, Peter A. Freeman

    Jul 2007. The Next Catastrophe(s), Charles Perrow

    Aug 2007. Which is Riskier: OS Diversity or OS Monopoly, Dave Parnas

    Sep 2007 E-migrating Risks, PGN

    Oct 2007 Toward a Safer and More Secure Cyberspace, Herbert S. Lin, Alfred Z. Spector, PGN, and Seymour E. Goodman

    Nov 2007 Risks of E-voting, Matt Bishop and David Wagner

    Dec 2007 Internal Surveillance, External Risks, Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, Jennifer Rexford, Peter G. Neumann

    .....Inside Risks, CACM VOLUME 51 number 1 through 6, respectively -

    Jan 2008 The Psychology of Risks, Leonard Zegans

    Jan 2008 Reflections on Computer-Related Risks, PGN [Essay for 5200th Anniversary, not an Inside Risks column per se, but a metacolumn]

    Feb 2008 Software Transparency and Purity, Pascal Meunier

    Mar 2008 Wireless Sensor Networks and the Risks of Vigilance, Xiaoming Lu and George Ledin Jr

    Apr 2008 A Current Affair, Lauren Weinstein

    May 2008 The Physical World and the Real World, Steven M. Bellovin

    Jun 2008 Risks of Neglecting Infrastructure, Jim Horning and PGN

    .....Inside Risks, CACM VOLUME 52 -

    Feb 2009 U.S. Election After-Math, PGN

    Jun 2009 Reducing Risks of Implantable Medical Devices: A Prescription to Improve Security and Privacy of Implantable Medical Devices, Kevin Fu

    Oct 2009 Reflections on Conficker: An insider's view of the analysis and implications of the Conficker conundrum, Phillip Porras

    .....Inside Risks, CACM VOLUME 53 -

    Feb 2010 The Need for a National Cybersecurity Research and Development Agenda, Douglas Maughan

    Jun 2010 Privacy By Design: Moving from Art to Practice, Stuart S. Shapiro

    Oct 2010 Risks of Undisciplined Development, David L. Parnas

    .....Inside Risks, CACM VOLUME 54 -

    Feb 2011 The Growing Harm of Not Teaching Malware, George Ledin

    Jun 2011 The Risks of Stopping Too Soon, David Lorge Parnas

    Oct 2011 Modernizing the Danish Democratic Process, Carsten Schürmann

    .....Inside Risks, CACM VOLUME 55 -

    Feb 2012 Yet Another Technology Cusp: Confusion, Vendor Wars, and Opportunities, Don Norman

    Jun 2012 The Cybersecurity Risk: Increased attention to cybersecurity has not resulted in improved cybersecurity, Simson Garfinkel

    Oct 2012 The Foresight Saga, Redux: Short-term thinking is the enemy of the long-term future, PGN

    .....Inside Risks, CACM VOLUME 56 -

    Feb 2013 More Sight on Foresight: Reflecting on Elections, Natural Disasters, and the Future, PGN

    Jun 2013 Learning from the Past to Face the Risks of Today, Nancy Leveson

    Oct 2013 Controlling Cybersecurity Risks in Medical Device Software, Kevin Fu and James Blum

    .....Inside Risks, CACM VOLUME 57 -

    Feb 2014 An Integrated Approach to Safety and Security Based on System Theory, Nancy Leveson and William Young

    [NOTE: The Inside Risks series is now three times each year.]

    See http://www.csl.sri.com/neumann/insiderisks.html for many of these columns; the columns from 2008 and beyond are in a separate file: http://www.csl.sri.com/neumann/insiderisks08.html, as are those for 2007, 2006, 2005, and 2004 - for speedier access if you have the direct url.

    2.3 Pun-intended definitions

    The San Jose Mercury (4 Jan 2004) gave a list of the 50 best punny definitions of the year (R 23 14). Here are several with computer technology relevance:

    · off-shorn: vt. Getting cut because your job moved overseas. [Rainer Richter, San Jose]
    · Microsofa: n. A piece of furniture that, while it looked fine in the showroom, gradually begins to dominate the living room, eventually forcing you to replace all the other furniture, including the TV, to be "compatible". [Earl T. Cohen, Fremont]
    · motherbored: n. In many homes, a technology discussion at dinner between father and the kids. (Bruce Kerr)
    · Luddate: n. Someone you are going out with who does not understand the [Santa Clara] Valley's obsession with technology. (Lisa Lawrence, Palo Alto)
    · Crisco: n. A person who got fried by buying Cisco at $80 a share. (Jim Schutz)
    And finally, here is an unfortunate motto for the ages: If it is not now on the Web, it does not exist; what's more, it never existed. (Too bad. A lot of good old stuff gets lost and becomes totally ignored if it is not on-line. At least this file is accessible. And now, even the early SIGSOFT Software Engineering Notes items are as well, thanks to Will Tracz.)