Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 25.00 (25.99), Volume 25 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Volume 25 : Issue 00 (99) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 25 (Jan 2008 - ongoing) (NOTE: This summary is archived in ftp file risks-25.00 at ftp.sri.com, cd risks, and is also at http://catless.ncl.ac.uk/Risks/25.00.html.) ---------------------------------------------------------------------- Date: 17 Oct 2007 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request@csl.sri.com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact . => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: for browsing, or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ RISKS 25.00 Subject: SUMMARY OF RISKS VOLUME 25 (ongoing) (archived in ftp file risks-25.00) RISKS 25.01 Monday 7 January 2008 Fire! Works! oops, too slow (Mark Brader) Boeing 787 networking issues (Martyn Thomas) Feds Release Pass Card details (Brock N. Meeks via David Farber) Has chip-and-pin failed to foil fraudsters? (Pere Camps) Sears exposes customers' information via its web site (Rich Kulawiec via IP) User Data Stolen From Pornographic Web Sites (David Lesher) Election Computers Stolen in Tennessee (David Lesher) Er, Airline Captains Do What, Again? (Rick Moen) Risks of embedded javascript (Paul Wallich) Mercedes console display with conflicting information (Henry Baker) Mac Quickbooks update deletes user desktop (Bonnie Packert) No more loose lithium batteries in checked luggage (Peter Gregory) Risks of believing what you see on the WayBack Machine (Fred Cohen) Re: Computer Failure Causes Closure of Seattle Downtown Transit Tunnel (Stanislav Meduna) Re: Satnav: Nope, you can't get there from here. (Craig DeForest) Re: Satnav (Martyn Thomas) Re: Drunk a better guide than sat nav (Ross Younger) Passing of Computing and Information Security Pioneer: Jim Anderson (Gene Spafford) RISKS 25.02 Monday 14 January 2008 Coffee Grounds Qantas (Charles Wood) Computer problem suspected in erratic Airbus flight (Antonomasia) Metal structure beneath runway affects aircraft instruments (David Dixon) Polish teenager uses city trams as train set (Peter Houppermans) Novel approach to reducing electoral fraud (Peter Mellor) Risks of believing a GPS system (Paul Karger) GPS in a tea shop anecdote (Mark Brader) More GPS mishaps (Paul Saffo) Nightmare on VoIP Street (Ed Ravin) A risk of static analysis tools -- and refereeing (Peter Gutmann) Bank gives money to fraudster posing as its chairman (David Dixon) REVIEW: "Managing Knowledge Security", Kevin C. Desouza (Rob Slade) RISKS 25.03 Tuesday 29 January 2008 Data entry error leads to incompatible transplant (Mark Brader) London Heathrow plane crash (Colin Stamp) "Butterfly Award": French Bank Says Trader Hacked Computers (Henry Baker) Henhouses, guarding of, by foxes: Kerviel Kerfuffle (Steve Summit) Problems with the German tax software "Magpie" (Debora Weber-Wulff) Florida computer problems halt early voting (PGN) The risks of upgrading software (Clive D. W. Feather) Charter Cable deletes 14,000 e-mail accounts. No backups. (Danny Burstein) IRS: Kansas City lost our tapes. Lots of personal info.... (Danny Burstein) Automated parking garage reopens (Rich Mintz) Blue Screened Asphalt Jungle... (David Lesher) Windows virus protection on NASA Linux machines (David Lesher) Authors, pseudonyms, and software (Steven M. Bellovin) Re: Metal structure beneath runway affects aircraft instruments (Roderick A Rees) Re: Boeing 787 networking issues (Mark Siegel) Re: Coffee Grounds Qantas (Brian Hayes) Re: More GPS mishaps (Joel Maslak, Dag-Erling Smørgrav, Paul Saffo) REVIEW: "Fuzzing", Michael Sutton/Adam Greene/Pedram Amini (Rob Slade) RISKS 25.04 Saturday 2 February 2008 Transplant patient has NEW kidney removed after NHS computer blunder (Richard I. Cook) Tachometer error caused 2005 runway overrun (Mark Brader) Mideast submarine cable disruptions (David Lesher) Empire State Building car e-interference mystery (David Chessler) Technology Review: Stopping cars with microwaves (David Chessler) Manufacturer Blames Bankruptcy on Failed ERP Implementation (Ken Dunham) 2008 meltdown margin player blames s/w for failure to complete trades (George Michaelson) Fifth Amendment: Passphrase cannot be forced (David Lesher) British software pirate sells GBP 12K package at 1/1000 (Peter Mellor) DTV vs USPS (Peter Zilahy Ingerman) Voting Machine Usability Testing (Ken Dunham) Impersonating armored car personnel (Craig Partridge) Another public data loss in the UK (Robert Klemme) Automated calling system glitch locks down school (Steve Eddins) Re: Air Canada A319 upset (Peter Ladkin) Re: Coffee Grounds Qantas (Preston de Guise) Re: Metal structure beneath runway ... (Neil Youngman) Hoist by one's own petard: data security: UK Child Benefits (Adrian Cherry) REVIEW: "Software Testing Practice: Test Management", Spillner et al. (Rob Slade) RISKS 25.05 Monday 18 February 2008 L.A. School payroll system's spectacular failure (Richard I. Cook) FBI mistakenly receives supposedly protected e-mail (Steven M. Bellovin) Canadian Government Mails Out Confidential Data (Ken Dunham) JAL cabin crews sue over personal info (PGN) JAL near miss on attempted takeoff (PGN) Future of e-voting in doubt in Japan (PGN) Computer Error Strands Tanker off Massachusetts (Lee Rudolph) Bell Canada Data on 3.4 Million Customers Stolen (Ken Dunham) Royal Canadian Mounted Police Censured for Privacy Violations (Ken Dunham) Re: Lost Kansas City IRS tapes with personal info. (Danny Burstein) Critics chuck MS 'friendly worm' plan on the compost heap (Chris Leeson) Another BlackBerry Outage Caused by System Upgrade? (Ken Dunham) Vulnerability info suppressed by criminals paying to hide it (Ken Dunham) New GAO Report on IRS Information Security Pervasive Vulnerabilities (Diego Latella) The GPS miracle (Rich Mintz) 'Woman Says Being Declared Dead Ruins Life' (PGN) A reminder: Eric Sevareid's Law (Ken Knowlton) Ah yes, just what you need!!! (David Lesher) RISKS 25.06 Monday 25 February 2008 Securing The Wrong Spaces: A Lesson (Paul Ferguson via Gregory Hicks) Software problem at London Heathrow Terminal 4 affects baggage (Peter Mellor) YouTube outage blamed on Pakistan (Amos Shapir) One way not to conduct Internet voting (Peter Kaiser) Being declared dead ruins life (Andrew Koenig) New RFID ticketless bus system in Brisbane goes live... with glitches (George Michaelson) US Treasury "TreasuryDirect" Web site security enhancements (Jonathan Kamens) EU money for 4 small businesses IT risk mgmt pilot (Patrick O'Beirne) Cold Boot Attacks on Disk Encryption (Jacob Appelbaum, Declan McCullagh) Illegal drag race kills eight (John Curran) Free-to-download password cracker (Peter Mellor) Re: the GPS miracle (Steven M. Bellovin) RISKS 25.07 Saturday 1 March 2008 Risks of Leap Years and Dumb Digital Watches (Mark Brader) Risks of Leap Years and Dumb Airline Software (PGN) $1.2 billion up in smoke (Paul Saffo) Southeast Florida Massive Power Outage (Steven J. Greenwald) FL power failure triggered by human error (Lauren Weinstein) Competent? We can't even archive our own e-mail reliably! (Jim Horning) DreamHost Accidently Bills Customers $7,500,000 (Dan Jacobson) IT Project Failure Blog (Ken Dunham) Is the "law of unintended consequences" biting W3C DTD reference? (George Michaelson) Pakistan, YouTube, Google, and No Simple Answers (Lauren Weinstein) Re: YouTube outage blamed on Pakistan (R A Lichtensteiger, Richard Grady, Jay R. Ashworth) Cold Boot Attacks: Vulnerable While Sleeping (Ed Felten via Monty Solomon) Citibank needs a clue (Rich B. Astaird) Re: Hoist by one's own petard: data security: UK Child Benefits (Merlyn Kline) REVIEW: "Better Ethics Now", Christopher Bauer (Rob Slade) RISKS 25.08 Friday 14 March 2008 Wind Power Risks (Charles Wood) FBI Found to Misuse Security Letters (lynn via Dave Farber's IP) RFID hack could crack open 2 billion smart cards (Sharon Gaudin) Nasty scanner attack: AccuBasic malware (PGN) Hacking a pacemaker (Gadi Evron) More on pacemaker risks (PGN) Stopping cars with microwaves (Matthew D. Healy) It's too easy to access the "off" switch (Robert P Schaefer) UK ISPs to sell users' private browsing information (Mike Scott) TSA can't believe MacBook Air is a real laptop; owner misses flight (Paul Saffo) Deja Vu all over again (Andrew Koenig) CAPTCHA attacks (Monty Solomon) Safari "beachball" black on black (Richard A. O'Keefe) Risks of Leap Years and Dumb Digital Watches (Clive D. W. Feather, Amos Shapir) USENIX Announces Open Access to Conference Proceedings (Lionel Garth Jones) RISKS 25.09 Thursday 27 March 2008 Billion-dollar IT failure at Census Bureau (eekid via David Farber) A Heart Device Is Found Vulnerable to Hacker Attacks (Barnaby Feder via Monty Solomon) FL power outage NERC updates (Catherine M Horiuchi) Vandals halt some hybrid buses using external 'off' switch (Rick Damiani) Flight Service Software Crashes; Pilot Briefings Delayed (Gabe Goldberg) Substantial supermarket breach affects millions (Robert Heuman) Man arrested by mistake over phone system bug (Rick Damiani) Hoax on Craiglist causes duped victims to steal property (Mark Brader) Payment by fingerprint disappears (Jon Van and Becky Yerak via Paul Saffo) Cute e-mail leak (Steve Summit) Search engine bait? (Steve Schafer) RISKS 25.10 Tuesday 1 April 2008 A modest proposal for the improvement of Daylight Saving (Tony Finch) A Current Affair: Lauren Weinstein, Inside Risks, CACM April 2008 (PGN) Chaos Computer Club publishes Minister's fingerprint - and more (Peter Houppermans) DST transition time mismatches (Tony Finch) Mini-Y2K fears over Aussie daylight saving change (Max Power) NYPD erases crime statistics for February 29 (Ed Ravin) More flights canceled as Heathrow remains in chaos (Alan Cowell via David Farber's IP) Heathrow: The risks of hubris (Diomidis Spinellis) GPS Errors are riskier than you may imagine: consider Liability-Critical Applications (Bern Grush) Re: Securing The Wrong Spaces: A Lesson (Rick Damiani) Re: Arrest over phone system bug: Trailing zeroes (Graham Reed) Re: Thieves become victims? (stanley) RISKS 25.11 Wednesday 9 April 2008 Crossed wires cited in recent UAL skidding incidents (Monty Solomon) Unanticipated GPS risk: foreign translations (Paul Schreiber) Census to scrap handheld computers for 2010 count (Bob Schaefer) Boston city complaint line lags (Donovan Slack via Monty Solomon) Indiana school district wipes out high school grades (Danny Burstein) Re: Search engine bait? (Martin Ward) Another genuine mail that looks like a phish (Andy Piper) Nissan GT-R sports car recognizes racetrack coordinates and aftermarket parts (Clark Family) REVIEW: "Security Data Visualization", Greg Conti (Rob Slade) RISKS 25.12 Tuesday 22 April 2008 Industrial Control Systems Killed Once, Will Kill Again (Ryan Singel) GPS leads a bus astray (David Caley) Neighbor's data shows up in my browser (borborugmus) Oklahoma Dept of Corrections Website URLs contain raw SQL (Jim Garrison) Real-time spying on credit card holders (Nick Brown) Larger Prey Are Targets of Phishing (John Markoff via Monty Solomon) Aer Lingus economy 5-euro flights to the US after test data leaked to web (Patrick O'Beirne) Gone in 60 seconds: Spambot cracks Live Hotmail CAPTCHA (Emil Protalinki via Monty Solomon) Bouncing Merrily Along (Peter B. Ladkin) The 10,000 web sites infection mystery solved (Bojan Zdrnja via Monty Solomon) Re: Census to scrap handheld computers for 2010 count (Derek P Schatz) Re: Search engine bait? (Randall Roberts) Re: Another genuine mail that looks like a phish (Gregory Hicks) Re: Nissan GT-R sports car and GPS (Peter Houppermans, JTaylor) 2008 IEEE Symposium on Security and Privacy (Yong Guan) REVIEW: "Computer Security: Principles and Practice" (Rob Slade) RISKS 25.13 Sunday 27 Apr 2008 Hack into Obama campaign site exploited a coding flaw (Jordan Robertson via Joseph Lorenzo Hall) Hacking a rival smart card? (Robert P Schaefer) Face scans for air passengers to begin in UK this summer (Brian Randell) 30th Spamiversary (Brad Templeton via Mike Hogsett) Re: Bouncing Merrily Along (Paul Karger) Re: Real-time spying on credit card holders (Ron Garret) Re: Neighbor's data shows up in my browser (Paul D. Smith, Erik Mooney) Re: GPS leads a bus astray (Roger Scrafford) Re: Nissan GT-R sports car and GPS (Chris Kantarjiev, Dag-Erling Smørgrav, Dag-Erling Smørgrav, Peter Houppermans, Dag-Erling Smørgrav) RISKS 25.14 Friday 2 May 2008 U.S. Customs computer system fails nationwide (PGN) Protecting Yourself From Suspicionless Searches While Traveling (Jennifer Granick via Monty Solomon) Air marshals' names tagged on 'no-fly' list (Audrey Hudson via Monty Solomon) Italy posts salary details on web (Amos Shapir) Tot dies after Internet 911 call fails to reach dispatchers (Tony Toews) Canadian Human Rights Commission investigator hijacks woman's Internet connection (Kelly Bert Manning) Microsoft anti-encryption toolkit (David Lesher) "Default Password" exploits still work (William Nico) Protecting credit card holders (Kearton Rees) Police officer uses real witness statement as template document (Identity withheld by request) False alarm guaranteed after 7 years (Daniel P.B. Smith) Facial recognition in airports... please say it's April 1st. (Fred Cohen) Re: Face scans for UK air passengers (Peter Houppermans) Re: 30th Spamiversary (Amos Shapir) Re: Real-time spying on credit card holders (Nick Brown) Blown to Bits, Abelson/Ledeen/Lewis (PGN) RISKS 25.15 Friday 16 May 2008 No-flies on you? (PGN) Gone in 60 seconds: Spambot cracks Live Hotmail CAPTCHA (Emil Protalinski via Monty Solomon) Hacker leaks 6 million Chileans' records (Amos Shapir) Dilbert site wants to install a widget (William Ehrich) Used hardware containing sensitive data (Tony Harminc) 88,000 hospital patient records stolen in NYC (Danny Burstein) UK CCTV used to create a music video (Forest Mars) QWERTYUIOOPS (Charles C. Mann) Post Office changes 100 SF addresses (Rob McCool) PO-boy (Peter Zilahy Ingerman) Debian OpenSSL Predictable PRNG Toys (H D Moore via Monty Solomon) Debian OpenSSL Vulnerability (Monty Solomon) How not to use SSL (Nickee Sanders) A risk for those that own Digital photo frames (Identity withheld) 'Peel and Stick' Tasers Electrify Riot Control (Paul Saffo) Risks of Be-clowning Yourself at Computerized Speeds, Internationally (R.G. Newbury) REVIEW: "Geekonomics: The Real Cost of Insecure Software", David Rice (Rob Slade) RISKS 25.16 Thursday 22 May 2008 Betting glitch spurs calls for reform (Will Oremus via PGN) Animal tricks, take n+1 (Jeremy Epstein) Ants and Computers (Gene Wirchenko) F.B.I. Says the Military Had Bogus Computer Gear (John Markoff via Monty Solomon) Another undeleted/deleted Document - "Krolls Associates" (Danny Burstein) Don't phlash that dwarf - hand me the pliers! (John Leyden via Randall) Geolocation software risks (Mickey Coggins) Shopping centers tracking cell phones (PGN) China's All-Seeing Eye (EEkid via Dave Farber) Re: Real-time spying on credit card holders (Curt Sampson) Microsoft security advice for sale (Peter Houppermans) Old-Style Pumps Balk At $4-a-Gallon Gas, Too (Nick Miroff via Monty Solomon) Clueless in France (Pete Kaiser) PayPal XSS Vulnerability Undermines EV SSL Security (Paul Mutton via Monty Solomon) More GPS Mishaps (Gene Wirchenko) Re: UK CCTV used to create a music video (Chris Drewe) Re: Dilbert wants a widget (Bill Bumgarner) Re: Debian OpenSSL Predictable PRNG Toys (Jim Horning) Re: Securing The Wrong Spaces: A Lesson (David E. Price) RISKS 25.17 Friday 30 May 2008 Wrong patient gets appendix removed, software to blame (Rex Sanders) E-Voting Banned by Dutch Government (Udo de Haes) Don't phlash that dwarf -- hand me the pliers! (John Leyden) Firmware-based phone vulnerabilities (David Magda) A Low-cost Attack on a Microsoft CAPTCHA (Jeff Yan and Ahmad Salah El Ahmad via Monty Solomon) SYN attack from RIAA contractor (David Lesher) Random and haphazard are not synonyms (Andrew Koenig) An iTunes file database problem Apple will never fix (Max Power) Microsoft's Masters: Whose Rules Does Your Media Center Play By? (Greg Sandoval) Fundraising that is too Excel-lent to report (Mark Brader) On-line registration for College Reunion 2008 (F John Reinke) Why not set the pump to half price and post a sign? (Daniel P. B. Smith) Re: Securing The Wrong Spaces: A Lesson (John Sullivan, Bill Hopkins) An account of the Estonian Internet War (Gadi Evron) RISKS 25.18 Tuesday 3 June 2008 Fire at The Planet takes down thousands of websites (Gene Wirchenko) UK power rationing causes fires and false fire alarms (Alistair McDonald) Beware of Error Messages At Bank Sites (Brian Krebs via George Sherwood) Still even more lost data (Gene Wirchenko) Mass exploitation with Adobe Flash (Monty Solomon) Risks in Instant Runoff Voting (PGN) Arkansas Election Officials Baffled by Machines that Flipped Race (PGN) Spelling checker runs amok in Pennsylvania high-school yearbook (Al Stangenberger) Full Disclosure and why Vendors Hate it (Jonathan A. Zdziarski via Monty Solomon) Re: An iTunes file database problem Apple will never fix (Alistair McDonald) Re: Wrong patient gets appendix removed, software to blame (PGN) REVIEW: "Secure Programming with Static Analysis", Chess/West (Rob Slade) RISKS 25.19 Sunday 8 June 2008 Control-Alt-SCRAM; update reboots nuke plant (Brian Krebs via David Lesher) Sensor error caused $1.4 bill B2 crash! (David A. Fulghum via Paul Saffo) UK bank takes 9 months to combine computer systems (Peter Mellor) Online registration for US visa waiver scheme from August 2008 (Donald Mackie) The ID Divide: Peter Swire and Cassandra Q Butts (Monty Solomon) ISP Secretly Added Spy Code To Web Sessions: Ryan Singel (Monty Solomon) Advice from HM Revenue & Customs on NI number fraud (Peter Mellor) Stanford employees' data on stolen laptop (PGN) Sometimes the computer is right... (David Hollman) "She'll never fail to stop at a railroad crossing ever again" (Jeff Rosen via Mark Brader) Experts Revive Debate Over Cellphones and Cancer (Tara Parker-Pope via Monty Solomon) Re: Risks in Instant Runoff Voting (Richard Gadsden) Re: Fire at The Planet takes down thousands of websites (Paul Czyzewski) Re: Whose Rules Does Your Media Center Play By? (Steve Wildstrom) Re: Beware of Error Messages At Bank Sites (Paul Czyzewski) Re: An iTunes ... problem Apple will never fix (Henry Baker, Max Power) RISKS 25.20 Sunday 15 June 2008 Security hole exposes utilities to Internet attack (PGN) Representative Frank Wolf's computer owned by China (PGN) Hidden Code Costs Poker Players Thousands (Chuck Weinstock) Wikipedia for medical students? (Steven M. Bellovin) Wartime global temperature anomaly kicks the bucket (Mark Brader) Colleges With Federal Contracts Will Have to Use New E-Verify (PGN) Google "safebrowsing" diagnostic page (Rob Slade) ID cards by the back door (Peter Mellor) Spuds and system security (Rob Slade) Clothing firm "Cotton Traders" customer database breached (Peter Mellor) Update on ISP Actions Regarding C-Porn and Usenet (Lauren Weinstein) Re: Risks in Instant Runoff Voting (Stewart Fist, Andrew Koenig) Re: Stanford employees' data on stolen laptop (Hal Murray) Re: Advice from HM Revenue and Customs (Edward Rice) Re: She'll never fail to stop at a railroad crossing (Leonard Finegold) Re: An iTunes ... problem Apple will never fix (Andrew M. Langmead) Tracking the Trackers: Piatek et al. (Monty Solomon) RISKS 25.21 Sunday 29 June 2008 Federal Agency Grounds Light Jet Used as Air Taxi (Matthew Wald) Spyware bill cloaks a mini-UCITA (Ed Foster via Monty Solomon) Wireless systems called disruptive (Robert P Schaefer) More on election system integrity (Gene Wirchenko) Re: Risks in Instant Runoff Voting (Scot Drysdale) Chrysler announces the rolling WiFi hotspot automobile (Drew Lentz) X-rated SMS case gives employees some privacy guarantees (John Timmer via Monty Solomon) Attorney-client calls from jail recorded (Joel Garry) HTML comments reveal corporate weakness (jidanni) Photos and laptop crypto (Rob Slade) Michael Fiola fired (Gene Wirchenko) REVIEW: "Challenges to Digital Forensic Evidence", Fred Cohen (Rob Slade) RISKS 25.22 Tuesday 8 July 2008 InciWeb map coordinate errors for California fire (Henry Baker) Oyster and Mifare cracked: NXP sues to silence Oyster researchers (PGN) Free Berlin subway rides (Debora Weber-Wulff) Citibank ATM breach reveals PIN security problems (Jordan Robertson) Web-based SSH key generation with escrow (Tina Bird) ComCast in Concrete? (Robert P Schaefer) State Dept: Celebrity passport files viewed repeatedly - CNN.com (PGN) California's Super-Stupid Anti-Science Cell Phone Law Takes Effect (Lauren Weinstein) Re: HTML comments reveal corporate weakness (Ivor Hewitt) Re: Approval voting and sincerity (Andrew Koenig, Dag-Erling Smørgrav) REVIEW: "The dotCrime Manifesto", Phillip Hallam-Baker (Rob Slade) RISKS 25.23 Friday 18 July 2008 E-mail response to wrong address, intended recipient arrested (Danny Burstein) San Francisco admin hijacks city net (David Lesher) Risks of wrong preprogrammed emergency message system being sent (C.Y./J.E. Cripps) P2P Data Breach affects SCOTUS (Jay R. Ashworth) "Plug and Play" Hospitals (Terrence Enger) Gmail Reveals the Names of All Users (Gene Wirchenko) Google Desktop, Word may expose encrypted data (Gene Wirchenko) UPS "Virus Warning" virtually indistinguishable from phishing attack (Jonathan Kamens) DR/BCM lessons from the Vancouver fire (Daniel Wesemann in SANS via Brent J. Nordquist) Re: Map coordinate errors for California fire (Henry Baker, Al Stangenberger) California's Super-Stupid Anti-Science Cell Phone Law Takes Effect (Kurt Thams) Handheld mobile safety (Paul D.Smith) The toll for terrorism is too high (David Lesher) Firefox 3's Step Backwards For Self-Signed Certificates (Lauren Weinstein) A not-so-obvious hyperinflation risk (B. Elijah Griffin) Re: Approval voting and sincerity (Anthony W. Youngman) Re: ComCast in Concrete? ((Greg Fife, Paul Wallich) US FTC seeks comments on privacy in contactless payments (Kevin Fu) RISKS 25.24 Wednesday 23 July 2008 Washington Metro farecard fraud (David Lesher) The $100,000 Keying Error (Patrick O'Beirne) What happened to handcuffing the briefcase to James Bond's wrist? (Randall Webmail) Taking a grab at what's the real system error (Jared) What's in a name? (Peter Houppermans) Yet more GPS risks: Angry Mob Stones Lost Tourist (Steven J Klein) Shocking idea for air passenger security (Robin Stevens) Re: Oyster card hack to be published (Amos Shapir) Re: San Francisco admin hijacks city net: Paul Venezia (David Lesher) Re: ComCast in Concrete? MAC addresses (R A Lichtensteiger) Re: P2P Data Breach affects SCOTUS (Pete Klammer, Jay R. Ashworth) Re: Approval voting and sincerity (Geoffrey Brent, Richard Gadsden) NC State Voter site exposes voter addresses (John O Long) RISKS 25.25 Sunday 3 August 2008 "Software bug" downs AA baggage handling at JFK (PGN) Intermittent network card causes air traffic control problems (Steven M. Bellovin) Crypto box failure causes MTA credit card processing failure (Steven M. Bellovin) 200,000 medical records sent to wrong patients, some with SSNs (George Mannes) DNA Database Searches (jared) Another GPS error story (Gene Spafford) Electronic voting: Indications of Sanity? (Geoff Newbury) Risks of Inflation: new Zimbabwe bank notes (Jim Reisert) Bruce Schneier: Inside the Twisted Mind of the Security Professional (jidanni) Details of DNS Flaw Leaked (Kim Zetter via Monty Solomon) Apple Fails to Patch Critical Exploited DNS Flaw (Rich Mogull via Monty Solomon) Fascinating phishing attack: valid links, dangerous toll-free number (Jonathan Kamens) Re: San Francisco FiberWAN and Terry Childs (Jeff Williams) Re: ComCast in Concrete? MAC addresses (Tanner Andrews) REVIEW: "Internet Denial of Service", Jelena Mirkovic et al. (Rob Slade) REVIEW: "AVIEN Malware Defense Guide for the Enterprise", David Harley et al. (Rob Slade) RISKS 25.26 Wednesday 6 August 2008 'Fakeproof' microchipped British e-passport is cloned in minutes (Martyn Thomas) On Metro Fraud and NXP (David Lesher) 11 charged in largest ID theft in U.S. history (Paul Saffo) Theft perils 150,000 on Busch laptop (PGN) Verified Identity Pass: CLEAR Suspended Following Laptop Theft (PGN) Unsuspected travelers' laptops may be detained at border (Ellen Nakashima via Monty Solomon) Neglecting to logout from Skype means sharing your Instant Messages (Michael Weiner) Another small interface risk (Peter Zilahy Ingerman) E-Z Pass Maryland training customers to visit random sites? (Mike Porter) Prescription Data Used To Assess Consumers (Ellen Nakashima via Monty Solomon) Re: What's in a name? (Dag-Erling Smørgrav) Re: UPS ... indistinguishable from phishing (G.M.Sigut) Re: Fascinating phishing attack: valid links, dangerous ... number (Al Macintyre) Re: Apple Fails to Patch Critical Exploited DNS Flaw (Robin Stevens) Re: Another GPS error story (J R Stockton) Survey: Perception of security in online environments (Gene Spafford) REVIEW: "The Innocent Man", John Grisham (Rob Slade) RISKS 25.27 Friday 8 August 2008 Strange Yahoo! vote count (PGN) Trust TSA? Maybe... Trust Akamai...? (David Lesher) "How reliable is DNA in identifying suspects?" (Robert P Schaefer) GPS causes nightmare vacation (PGN) Re: Another small interface risk (Thomas Wicklund) Re: Unsuspected travelers' laptops may be detained at border (Thomas Hamann) Re: Neglecting to logout from Skype (Dimitri Maziuk) Pizza delivery and postal addresses (Mark Brader) RISKS 25.28 Tuesday 12 August 2008 Internet attacks against Georgian web sites (Gadi Evron, Gadi Evron) Russia/Georgia: Tanks, Bombers, Keyboards (Edward Rice) Patch for Web Security Hole Has Some Leaks of Its Own (John Markoff via PGN) MIT Students Gagged by Federal Court Judge (EFF via David Farber) CloudAV (Rob Slade) Two on-line travel booking risks (Chris Drewe) 'Fakeproof' microchipped British e-passport ... (Lars Poulsen) Re: Unsuspected travelers' laptops may be detained ... (Steven M. Bellovin, R. G. Newbury) Re: GPS causes nightmare vacation (Fernando Pereira) Re: How reliable is DNA ...? (Michael Black, Steve Schafer) Re: Neglecting to logout from Skype ... (Al Macintyre) RISKS 25.29 Tuesday 19 August 2008 Olympics Windows crash (PGN) Translate of device mech auto-reproduce (Rob Slade) Electronic voting and antivirus software (jared) Officials Say Flaws at Polls Will Remain in November (Ian Urbina via PGN) Glitch let hundreds get free transit rail tickets (William Neuman via PGN) Big trouble with Germany's New Unified Tax Identification Codes (Ralf Fritzsch) Online Consumers at Risk and the Role of State Attorneys General (CAP/CDT item via Monty Solomon) 11 charged with massive ID theft (Monty Solomon) Re: Firefox 3's Step Backwards For Self-Signed Certificates (Michael Barrett) Re: 'Fakeproof' microchipped British e-passport (Hamish Marson) Billion dollar IT failure at Census Bureau (Michael Lewchuk) Attempt to muzzle MIT subway research backfires (B.K. DeLong) My date and place of birth are public (jidanni) Re: How reliable is DNA ...? (Geoff Kuenning, Rob Searle, Brian Hayes, Bob Buxton) RISKS 25.30 Thursday 28 August 2008 Bruce Schneier on Airport Photo ID Checks (PGN) Flight-plan FAAilure (PGN) Aug 26 FAA flight plan fiasco (Ken Knowlton) Commuter Flights Grounded Thanks To Bumbling TSA Inspector (PGN) Computer viruses make it to orbit (Gabe Goldberg) Ohio Voting Machines Contained Programming Error That Dropped Votes (PGN) States throw out costly electronic voting machines (vim) Risks of going on Internet record (Spamcop) And here we go off the rails: "spam hunter" (Identity withheld by request) Educational "testing firm" flunks Internet Security 101 (Danny Burstein) A cellphone bill roams to the stratosphere (Gabe Goldberg) Weird Clock Issue (Steven J. Greenwald) Risks of omitting off-site backups? (C.Y./J.E. Cripps) Telephone banking password /in/security (Tim Bradshaw) Boston judge tosses MIT students' gag order (Richard Forno) Re: DNA Database Searches (Hal Murray, Ken Knowlton) Re: Couple of On-Line Travel Booking Risks (Chris Drewe) Re: Germany's New Unified Tax Identification Codes (Ralf Fritzsch) Re: P2P Data Breach affects SCOTUS (Hal Murray) RISKS 25.31 Wednesday 10 September 2008 FAA redundancy -- or the lack thereof (Tessler and Robertson via PGN) Corrupt File Brought Down Flight Planning System (Gabe Goldberg) UK software upgrade issues (John Sawyer) JPMorgan Chase: The Bank Account That Sprang a Leak (Monty Solomon) Software problems affect the bottom line at J. Crew (Steven M. Bellovin) Google ads and language (Erling Kristiansen) Worditudinality (Rob Slade) Control-C vs. Bourne-Again SHell (jidanni) Control-C Control-C vs. gnus (jidanni) Risks of better security and "smarter" users (Ron Garret) BNY Mellon Data Breach Potentially Massive (George Hulme via Monty Solomon) Student hacker exposes Carleton U cash, ID card security holes (Sergei Patchkovski) Whit Diffie and Susan Landau: Internet Eavesdropping (Randall Webmail) US .gov website asks for personal info without https protection (Jonathan Thornburg) Re: Germany's New Unified Tax Identification Codes (Kevin Pfeiffer) Re: Firefox 3's Step Backwards ... (Dimitri Maziuk) RISKS 25.32 Thursday 11 September 2008 Google revives 6-year-old news story, sends United shared down 75% (Steven J Klein, Drew Dean, Scott Nicol) How Steve Jobs' obit got published (Philip Elmer-DeWitt via Monty Solomon) Internet Traffic Begins to Bypass the U.S. (John Markoff via Monty Solomon) Global Trail of an Online Crime Ring (Brad Stone via Monty Solomon) Automated Bill Payments Are a Cinch: Not So Fast (Ron Lieber via Monty Solomon) Hackers prepare supermarket sweep (Gabe Goldberg) Antivirus software in critical systems? (Erling Kristiansen) Re: States throw out costly electronic voting machines (Peter Houppermans, Jim Haynes) Risks of GPS Devices that we had Not Previously Heard Of (Mark Brader) Over-reliance on automated real estate valuation (Jeremy Epstein) Re: Control-Z vs. Bourne-Again SHell (David Chau) Re: Weird Clock Issue - a single bit error (Chris Smith, Mark Lutton, Amos Shapir) Re: Bruce Schneier on Airport Photo ID Checks (Andy Piper, Amos Shapir) Re: Risks of better security and "smarter" users (Dag-Erling Smørgrav, Ron Garret) RISKS 25.33 Monday 15 September 2008 Antivirus software in critical systems? (Rob Diamond, Robert P Schaefer, PGN) Re: States throw out costly electronic voting machines (Patrick J Kobly) Re: FAA redundancy -- or lack thereof (Mike Martin) Misleading headline: 'Big bang' experiment is hacked (Gabe Goldberg) Change name, get off no-fly list (David Magda) Re: Amos Shapir on Airport Photo ID Checks (Danny Lawrence) iPhone Takes Screenshots of Everything You Do (Brian X. Chen via Monty Solomon) Re: UAL, Automated trading gets spoofed! (Howard Israel) San Francisco officials looking for hidden network device (Gabe Goldberg) PayPal phishes their own customers (Andrew Pam) Re: Risks of better security ... (Chris Adams, Ron Garret on David Bliss) Re: Control-Z vs. Bourne-Again SHell (Philippe Pouliquen) Re: Weird Clock Issue -- a single bit error (David Magda) Re: Risks of GPS Devices ... (Sergei Patchkovski) Re: Automated Bill Payments Are a Cinch: Not So Fast (CBFalconer, Sten Carlsen, Erling Kristiansen) RISKS 25.34 Sunday 21 September 2008 SciAm article on Smart Grid (William P.N. Smith) Wall Street; where nothing can go worng wrogn wrgno.... (David Lesher) Mortgage loan crisis due to wishful thinking, Garbage In Garbage Out (Geo Swan) BNY Mellon data breach now at 200K in Mass, 12M in U.S. (Monty Solomon) Risks of financial systems too complex to understand (Daniel P. B. Smith) Risks of not using check digits in bank account numbers (Toby Douglass) Risks of banking in Holland (Toby Douglass) Re: PayPal phishes their own customers (Sidney Markowitz) Re: Automated Bill Payments Are a Cinch: Not So Fast (Huge) Capability creep strikes again (Jay R. Ashworth) Expiration of cryptographic certificate killed airline ticket (Kenji Rikitake) Antivirus software in critical systems? (Martyn Thomas) Re: Antivirus software in critical systems? Aurora! (Al Mac Wheel) Re: Control-Z vs. Bourne-Again SHell (jidanni) Re: Risks of GPS Devices ... (Richard Grady) USENIX Annual Tech '09 Call For Papers (Lionel Garth Jones) RISKS 25.35 Monday 22 September 2008 Sydney road tunnel closed by computer 'glitch' (John Colville) DC Primary votes don't add up... even with a fudge factor (David Lesher) Hurricane Ike (Les Denham) Hacker claims Palin e-mail hacked via password reset (Rob McCool) Re: Wall Street; where nothing can go worng wrogn wrgno.... (Martin Ward) Re: Risks of financial systems too complex ,,, (Jim Horning) Re: Risks of not using check digits (Erling Kristiansen, Paul van Keep) Re: capability creep on red-light cameras (Paul Wallich) RISKS 25.36 Tuesday 30 September 2008 Mersenne-aries receive benevolence (PGN) Wall Street's Collapse May Be Computer Science's Gain" (ACM technews) BBV: Two-Minute warning on voting machines (Steve Kelem) Online flight bargains not as good as they seemed (Donald Mackie) Risks of all-encompassing backups (Peter Gutmann) ATM reprogramming scam; Two arrested (Kevin Poulsen via PGN) Default passwords and gasoline thefts (Jim Haynes) ATM bug (Phil Smith III) Re: Sydney tunnel: When is a backup not a backup? (Martin Ward) Sydney Australia or Sydney Nova Scotia? (Rick Gee) Too big to fail = single point of failure? (Bill Hopkins) Flooded computers disposed of? (Marty Brenneis) Burning wheelchair almost destroys airplane (Andrew Koenig) Re: Risks of financial systems too complex ,,, (Robert P Schaefer) Re: Hacker claims Palin e-mail hacked via password reset (Scott Miller) Re: Risks of not using check digits (Toby Douglass) Risks in Networked Computer Systems, Andre' N. Klingsheim (PGN) Study on InSecurity of Social Networks (LinkedIn et al. via Klaus Brunnstein) Estonian Cyber Security Strategy document (Gadi Evron) RISKS 25.37 Thursday 2 October 2008 NASDAQ's Google surprise (PGN) Computer Failure Hobbles Hubble, Derails Shuttle Mission (Sharon Gaudin) Amazon multiple account weirdness (Graham Bennett) Alarm sounded on second-hand kit (Gabe Goldberg) Seeking tales of IT gone wrong (Andrew Brandt) Re: Risks of financial systems too complex ,,, (Robert P Schaefer) Re: When is a backup not a backup? (Mark F) The folly of retaining default settings (Ken Knowlton) Weak password reset procedures (identity withheld) New castle rules in chess? (Andy Walker) Re: Hacker claims Palin e-mail hacked ... (Rob McCool, Scott Miller, Allen Hainer) RISKS 25.38 Tuesday 14 October 2008 Investigator: Computer likely caused Qantas plunge (Paul Saffo) Qantas A330 accident (Martyn Thomas) B-2 crash on takeoff (Ken Knowlton) Illinois high-speed trains (Jon Hilkevitch via David Lawver) D10T: National Debt Clock is out of digits (Mark Brader) Passport RFID attack: missing validation (Aaron Emigh via PGN) Missing hard drive "not encrypted" because it was "secure" (John Carlyle-Clarke) Russian researchers achieve 100-fold increase in WPA2 cracking speed (Monty Solomon) Defective news submission website (Steven M. Bellovin) Risks of a new laptop (Nick Brown) Researcher Liuba Belkin: Workers more prone to lie in e-mail (Monty Solomon) Thomas Crown escape, revisited (Peter Houppermans) Re: Sydney NS vs. Sydney NSW (Steve Schafer) Oyster card hack details revealed (Gabe Goldberg) Re: Remarkable -- United Airlines Stock (Russ Nelson) RISKS 25.39 Friday 17 October 2008 NSA posts secrets to writing secure code (Joab Jackson via Jim Innes) Excel error leaves Barclays with extra Lehman assets (Gabe Goldberg) LAPD blames fingerprint errors for false arrests (PGN) Maryland Police Put Activists' Names On Terror Lists (David Hollman) Airport baggage screener charged with stealing passengers' stuff (Peter Houppermans) Credit card readers compromised (Peter Houppermans) More Smart Card Cracking (Gene Wirchenko) Stolen Votes and Stolen Elections (Mark E. Smith, PGN) Online health records (David Magda) New Data Privacy Laws Set For Firms (Ben Worthen via Monty Solomon) New Massachusetts Regulation Requires Encryption of Portable Devices ... (Monty Solomon) Amazon e-mail accounts (Steve Loughran) Security questions with unacceptable answers (Earl Truss) Worrisome money transfer (Martin Cohen) Stallman vs. Cloud Computing (jidanni) A comment on "outliers" (Ken Knowlton) The Risks of "Something you know" (Steve Taylor) Re: D10T: National Debt Clock is out of digits (Andrew Raybould) "Sydney NS vs. Sydney NSW" and popup adds! (Paul D.Smith) RISKS 25.40 Tuesday 21 October 2008 Treasury Office Faults IRS Computer Security (AP via PGN) Springer: Open for all to see (Debora Weber-Wulff) TBS leaves baseball championship game viewers in the dark (Jim Reisert) Drunk, and Dangerous, at the Keyboard (Alex Williams via Monty Solomon) Thousands Face Mix-Ups in Voter Registrations (Mary Pat Flaherty) Ohio Secretary of State's Web Site Hacked; voter suppression tactics (Steve Kelem) From BBV: Two-Minute warning on voting machines (Steve Kelem) Unbelievable security violation (Identity withheld) Re: More Password Reset Procedures (Identity withheld) Risks: Unlock your house via the Internet (Gabe Goldberg) Re: Remarkable -- United Airlines Stock (Martin Gregorie) Re: Outliers (Jurek Kirakowski) Re: Investigator: Computer likely caused Qantas plunge (Peter Rieden, Ron Garret) Re: Sydney NS vs. Sydney NSW (Chuck Charlton) Re: Illinois high-speed trains (Joseph Brennan) Re: Risks of a new laptop (Scott Miller) Correction/disclaimer re unistable polyhedron (Ken Knowlton) Re: The folly of retaining default settings (Mark Thorson) Re: D10T: National Debt Clock is out of digits (Mark Hull-Richter) RISKS 25.41 Thursday 23 October 2008 Re: Computer likely caused Qantas plunge (Peter Bernard Ladkin, Dag-Erling Smørgrav, Guy Dawson, Chris Kuan) U.S. Government to Take Over Airline Passenger Vetting (PGN) IEEE Spectrum review process upgrade curiosity (PGN) Dan Wallach's report on a vote-flipping examination (PGN) Deceptive practices in elections (PGN) Straight Party Voting Issues (Leonard Finegold) GAO report on Social Security Numbers (PGN) Re: More Password Reset Procedures (Ralph Jacobs) Re: Amazon e-mail accounts (Dimitri Maziuk, Klaus Johannes Rusch) 2 of 3 navigational devices functioning (Daniel P. B. Smith) RISKS 25.42 Friday 24 October 2008 Greenspan says computer input did it (CWmike via timothy via Wendell Cochran) Vint Cerf: Big Changes Ahead for the Internet (TechNews) UW researchers uncover gap in border security (Peter Gregory) Re: Computer likely caused Qantas plunge (Dag-Erling Smørgrav, Cameron Simpson, Adrian Edmonds) Re: Straight Party Voting Issues (David Phillips, Arthur Flatau) Re: Remarkable -- United Airlines Stock (John Levine) RISKS 25.43 Wednesday 29 October 2008 Driver hits NIPSCO pole; surge fries sewage treatment plant (Shawn Merdinger) Risks of escalating complexity: AA757 electrical power loss (David Lesher) Schlage BrightBlue wireless lock controllers (Shawn Merdinger) Computer screens out distress call from kidnap victim (David Tombs) Finnish E-Voting System Loses 2% of Votes (Pertti Huuskonen) Article on voting through American history (*The New Yorker* via Harlan Rosenthal) Poison-pill auto-disclosure for security vulnerabilities (Paul Robinson) They got us coming and going: tire monitoring (Paul Wexelblat) Holistic Systems (Pierre-Jacques Courtois) Twitter Jitters (Zachary Tumin) RISKS 25.44 Saturday 8 November 2008 U.K. NHS computer system "grinds to a halt" (Richard Cook) Risk of repairing Hubble too soon (Ted Blank) New GPS satellite may crash some receivers (William P.N. Smith) Risks of unilingual vacation-reply messages (Mark Brader) US court throws out most software patents (John Oram via Monty Solomon) Beware: T-Mobile's Voicemail Paging Trap (Lauren Weinstein) Re: BBC Domesday Project (Mike Tibbetts) Re: Treasury Office Faults IRS Computer Security (Paul Robinson) Computers Freedom & Privacy Conference 2009 - Request For Proposals (Bruce R Koball) REVIEW: "Handbook of Research on Technoethics", Luppicini/Adell (Rob Slade) RISKS 25.45 Monday 17 November 2008 Chinese hackers breach white house computer systems (PGN) Hacker Tool Targeting MS08-067 Vulnerability (Websense via Monty Solomon) Lose the BlackBerry? Yes He Can, Maybe: President-Elect Obama (Jeff Zeleny via Monty Solomon) Texas Suspends Massive Outsourcing Contract (Keith Price) Driver Blames GPS System For Car-Train Collision (Paul Saffo) Stop! Buses only! --What do you mean, you ARE a bus? (Mark Brader) Martian deep freeze: NASA's Mars Lander dies in the dark (Sharon Gaudin via PGN) The "Two Focaccia Buttons Defense" (Robert Hall) Risks of assuming constant hours in a day (Toby Gottfried) Excel auto-formatting (David Magda) Texting bug hits the Google phone (Amos Shapir) Vintage IBM tape drive in Apollo moon dust rescue (Chris Leeson) gnus-mime-print-part vs. Mom's room (jidanni) False security from privacy screens (David Alan Gilbert) Re: BBC Domesday Project (Martin Ward, Theo Bucher) Re: Poison pill auto-disclosure (Terje Mathisen, Al Macintyre, Richard O'Keefe) RISKS 25.46 Wednesday 26 November 2008 E-prescription for IT disaster (Tom Yager via Gene Wirchenko) Computer virus shuts down three London hospitals (Patrick O'Beirne) The Blackberry, the President, and Reality (Fred Cohen, Steve Wildstrom) Choose too large a sample interval and look like an idiot (Max Power) The Great RoHS/Tin Whisker Fiasco of 20?? (Jay R. Ashworth) ACMS helps recover lost Moon data (David Shaw) Re: Vintage IBM tape drive in Apollo moon dust rescue (David Brunberg) Re: BBC Domesday Project (Kees Huyser, Amos Shapir) Re: NASA's Mars Lander dies in the dark (John Levine) Excel user awareness (Patrick O'Beirne) RISKS 25.47 Monday 8 December 2008 Chatsworth Wreck May be a Safety Failure (Chuck Weinstock) Caltrain computer outage causes extensive schedule disruption (PGN) Water pumps failed in Yorba Linda fire (Jim Geissman) Dangerous Precedence Set - Federal Criminal Charges for Violation of Commercial Online ToS? (Stephen via Dave Farber) A cyber-attack alarms the Pentagon (Jerry and Virgil Gligor via David Farber) A secure version of reality (Andy Piper) The recovery features of botnets (Peter Houppermans) Fingerprints in South Africa (Heinz M. Kabutz) Facebook and tracking people (David Magda) How *not* to improve data quality (Richard O'Keefe) Israeli Labor primaries postponed: electronic systems fail (Amos Shapir) Re: Risks of assuming constant hours in a day (Curt Sampson) Workshop on GENI and Security: Call for Participation (Matt Bishop) MiniMetricon call for participation (Fred Cohen) REVIEW: "The History of Information Security", de Leeuw/Bergstra (Rob Slade) RISKS 25.48 Thursday 18 December 2008 Computer problem shuts down Toronto Stock Exchange for a day (Mark Brader) "Smart" vehicles - do they introduce new risks? (Mike Martin) An old clock arithmetic problem (Kees Huyser) Another translation adventure (Hal Murray) Cute piece of malware engineering (Drew Dean) Thieves Winning Online War, Maybe Even in Your Computer (John Markoff via Monty Solomon) CheckFree DNS hijacked (Hal Murray) Software Security Top-10 Surprises (Gary McGraw via PGN) iPhone thief thwarted by MobileMe sync (Nick Rothwell) Risks of data retention (Mark Armbrust) Password complexity? Not wiith LinkedIn (Leon Kuunders) Teacher Throws Fit Over Student's Linux CD (Mike Rechtman) FYI - !b404 (Rob Slade) "Helpful" authentication (Erling Kristiansen) The Perfect Law: Re: Dangerous Precedence Set (Martin Ward) REVIEW: "The Business Privacy Law Handbook", Charles H. Kennedy (Rob Slade) RISKS 25.49 Tuesday 30 December 2008 Three undersea cables cut (Dave Burstein via Dave Farber) Risks of flawed default behavior for your UAV (John O Long) Risks of excessive State data collection (Toby Douglass) Fun with speed-trap cameras for revenge (Arthur T., David Hollman, No-Name) Trust me, I have a cert! (David Lesher) Massive Embezzlement Case Involving Fry's Electronics (Lauren Weinstein) Fired Fry's executive: 'Caught up in the game' (Lisa Fernandez and Julia Prodis Sulek via Monty Solomon) In Move to Digital TV, Confusion Is in the Air (Eric A. Taub via Monty Solomon) VHS Rides Off Into The Sunset (Geoff Duncan via Monty Solomon) Inauguration Cellular Overloads (David Lesher) Automatic URL recognition (Bill Hopkins) Shooting Yourself in the Foot - on purpose? (Marc) Another method to lose yout credit card (Erich Neuhauser) Re: Cute piece of malware engineering (Paul Robinson) Re: Teacher Throws Fit Over Student's Linux CD (Kelly Bert Manning) How to become a digital forensic evidence expert (Fred Cohen) RISKS 25.50 Sunday 4 January 2009 Sunrise on the post-leap-second era (Tony Finch) Zounds! Zinger: Zune Zapped Zealously with Zero-tolerance (PGN, David Magda) Backward Hebrew writing on iPhone calendar (Steven M. Bellovin) We can't stop the train because our GPS is broken (Hawkins Dale) Medical devices lag in iPod age; Patients' safety is at risk (Carolyn Y. Johnson via Monty Solomon) JournalSpace wiped out; no backups (Lindsay Marshall) Some *digital* reception will go black in February! (Daniel P. B. Smith) Digital photo frames: risks of infecting PCs (Deborah Gage via PGN) Risks of Australians shouting at your hard drive? (Alec Muffett) Firewall product uses man-in-the-middle attack to defeat SSL crypto (Mike Coleman) Woman fools Japan's airport security fingerprint system (PGN) The danger of DNA: It isn't foolproof forensics (Maura Dolan and Jason Felch via Monty Solomon) Phishing Scam Spreading on Twitter (Chris Pirillo via David Farber) Domain registrar hacked; numerous repointings... (Danny Burstein) Qwest cuts off Internet subs in NM, including government VoIP (Lauren Weinstein) Computer vs. food and warmth (jidanni) Yahoo tracking where you go - invasion of privacy (jidanni) Intelligent Speed Adaptation (Martin Ward) Re: License plate camera readers (Danny Burstein) RISKS 25.51 Friday 16 January 2009 Software glitch causes incorrect medication dosages (Jeremy Epstein) Police avoid arrests due to time-consuming QPRIME computer system (Steven J Klein) Maryland Police surveillance (Lisa Rein and Josh White) Army subcontractor sends 7,000 misaddressed letters: 'computer glitch' (Rob McCool) Risks in Hating Web Video (Lauren Weinstein) "Spy pens" and the future of private speech (Jerry Leichter) Risk of Car Sharing: Getting Pinned with Someone Else's Ticket (Kent Borg) Taiwan Immigration Computer down for the Count (jidanni) Tony Hoare: "Null References: The Billion Dollar Mistake" (Olivier Dagenais) Facebook hacked and no avenue for redress (Mark Neely) How to NOT perform customer service and updates (Gene Spafford) Risks of digital signatures (Ron Garret) Update: N.J. officials order paper trail upgrades to voting machines (Danny Burstein) Teenagers' Internet Socializing Not a Bad Thing (Monty Solomon) SecAppDev 2009 (Johan Peeters) REVIEW: "Intellectual Property and Open Source", Van Lindberg (Rob Slade) RISKS 25.52 Thursday 22 January 2009 German Train System Computers Down for Hours (Debora Weber-Wulff) Yet Another Reason Not to use Windows for Medical Devices (Jeremy Epstein) Tricky Windows Worm Wallops Millions (Brian Krebs via Monty Solomon) Electronic Medical Records, Google, and Microsoft (Lauren Weinstein) Cursive, foiled again: What will become of handwriting? (David Mehegan via Monty Solomon) The perils of trusting the UK government to get software right (Bernard Peek) New Web Analytics Service Spies on Web Browsing Activity Without Permission (Lauren Weinstein) Re: "Spy pens" and the future of private speech (Henry Baker, Jerry Leichter) Re: Tony Hoare: "Null References: The Billion Dollar Mistake" (Henry Baker) Risks of Avis insufficient customer data checking (Chris Warwick) RISKS 25.53 Saturday 31 January 2009 England's NHS loses patient data: bad news, good news, bad news (Steven J Klein) Michigan man freezes to death after electric company cuts power (Mark E. Smith) Worm Infects Millions of Computers Worldwide (John Markoff via PGN) Trojan virus spreads to as many as 20,000 Macs (Boy Genius via Dave Farber) Fannie Mae insider attack (Kevin Poulsen via Jeremy Epstein) NSW, Australia Govt Jobs website hacked; authorities in denial (Andrew Jones) MP3 player contained US military secrets (Danny Burstein) Digital road sign in Austin, TX was altered to read, "Zombies Ahead." (David Hollman) Friends, Until I Delete You (Douglas Quenqua via Monty Solomon) Political risks of poorly configured email advocacy (Rich Mintz) Canadian do-not-call list becomes valuable telemarketing database (Olivier Dagenais) Staff Finds White House in the Technological Dark Ages (Anne E. Kornblut via Monty Solomon) Amex goes phishing (James J. O'Donnell) American Express Kept a *Very* Watchful Eye on Charges (Ron Lieber via Monty Solomon) Statue of Frauds [sic] (Martyn Thomas) Re: Yet Another Reason Not to use Windows for Medical Devices (Bernard Peek) Re: Tony Hoare: "Null References" (Michael Albaugh, Jurek Kirakowski, Ray Blaak, Martin Torzewski, Richard O'Keefe) RISKS 25.54 Wednesday 4 February 2009 Automated BART trains crash during manual operation of one of them (Rob McCool) Earthquake Alert System Failed To Work Properly (Max Power) 'Foul play' suspected in Tucson Super Bowl porn feed (Brian J. Pedersen via Monty Solomon) Perils of html e-mail (Charles Wood) Votes lost in Finnish e-voting (Antti Vaha-Sipila) Fannie Mae Logic Bomb (Jim Schindler) "This site may harm your computer" on every search result (Maxim Weinstein via Monty Solomon) Google Account Takeover, Mark Ghosh (jidanni) Local Police Want Right to Jam Wireless Signals (Spencer S. Hsu via Monty Solomon) 911 service not prepared for new generation of pranksters (David Chartier via Monty Solomon) Re: Digital road sign in Austin, TX was altered ... (Mark Feit) Re: MP3 player contained US military secrets (Geoff Kuenning) Re: American Express Kept a *Very* Watchful Eye on Charges (David Alexander) Re: Statue of Frauds (Mark Jackson) Re: Tony Hoare: "Null References" (Dimitri Maziuk, Tony Finch, Jay Carlson) RISKS 25.55 Tuesday 10 February 2009 RFID Passports cloned wholesale (Dan Goodin) Windshields and Windows combine to provide malware vector (Mark Brader) FAA Notifies Employees of Personal Identity Breach (Danny Burstein) 390,000 to access child database (Amos Shapir) Confidential LAPD misconduct files mistakenly posted on Internet (Danny Burstein) Risks of computer-gibberish names on forms (Joseph A. Dellinger) Mathematics and screening (Jerry Leichter) The privacy vs. health tradeoff (Jeremy Epstein) Variant of Mac Trojan Horse iServices Found in Pirated Adobe C54 (Monty Solomon) Re: Fannie Mae logic bomb (Wendell Cochran) Re: Tony Hoare: "Null References" (Rob Diamond, Robert P Schaefer) Re: Flat text is *never* what we want (Tony Finch) No wikipedia page (Olivier MJ Crepin-Leblond) What if you can't pull the plug? (Rex Sanders) Security Psychology (Gadi Evron) Call for contributions: New Security Paradigms Workshop: NSPW (Konstantin /Kosta/ Beznosov) RISKS 25.56 Thursday 19 February 2009 Train brake failure; broken valve (David Lesher) Collision - UK and French Nuclear subs (Charles Wood) Control-Alt-Eject? French Navy grounded... (David Lesher) GCTIP: New Forums for Internet Transparency, Performance, ISP Issues (Lauren Weinstein) The mystery of `Ireland's worst driver': an HR/training problem (Max Power) Hiding in plain sight (Jeremy Epstein) Stolen military laptop risks (Atom Smasher) Risks of reading RISKS (Bruce Horrocks) When a bit of knowledge is a dangerous thing (Jeremy Epstein) "It leaked into the kiosks and fried our computers" (Monty Solomon) Facebook Forever (John Kolesar) Opening event goes with a bang (David Alexander) Re: Hoare on Null References (Peter Bernard Ladkin, CBFalconer, William Bader, Dan Franklin) RISKS 25.57 Friday 20 February 2009 Taiwan immigration computer down again (jidanni) Wikipedia prankster dupes German media (Allen Hainer) The Trouble with Trusting Trend Micro (Kevin Way) ESTA visa waiver online doesn't provide existing waiver ref number (George Michaelson) Stove's Bad Crash Handling (Gene Wirchenko) Dates of birth are not unique identifiers (Steven J Klein) Re: Train brake failure; broken valve (Matt Roberds) Re: Collision - UK and French Nuclear subs (Richard I. Cook, Geoffrey Brent) Re: What if you can't pull the plug? (Michael Loftis, David Lesher) Re: Windshields and Windows combine to provide malware vector (Tom Perrine) Re: Godel and correctness (Martyn Thomas) Re: Tony Hoare: "Null References" (Dimitri Maziuk, King Ables) Re: The mystery of `Ireland's worst driver' (David Cantrell) Re: Opening event goes with a bang (Mark Brader) Re: Risks of reading RISKS (jidanni, Martyn Thomas, Scott Miller) RISKS 25.58 Sunday 22 February 2009 Buffer overflows in SHA-3 submissions (Joy Marie Forsythe) Re: Train brake failure - broken valve (Al Stangenberger) Due Diligence or is that "Don't..."? Citibank fraud (David Lesher) Digital Archivists, Now in Demand (Conrad De Aenlle via Monty Solomon) Re: Wikipedia prankster dupes German media (Debora Weber-Wulff) Re: Control-Alt-Eject? French Navy grounded (CBFalconer) Capital One Phishing Warning is dangerous (Marc Auslander) Re: The mystery of 'Ireland's worst driver' (Bernard Lyons) Re: Hiding in plain sight (Phil Smith III) Bounds checking in C (Andrew Koenig) The risks of Silver Bullets (Michael Smith) Re: Tony Hoare: "Null References" (Steven M. Bellovin, Dimitri Maziuk, Randy Saunders) Related to blacklists for antispam (De Vries Duane) Re: Dates of birth are not unique identifiers (David E. Ross) Re: USAA Web site follies (Jonathan Kamens) Alert TA09-051A -- Adobe Acrobat and Reader Vulnerability (US-CERT via Monty Solomon) RISKS 25.59 Sunday 1 March 2009 Iridium and Cosmos satellites collide (Ken Knowlton) When your files are online and you aren't (Hiawatha Bray via Monty Solomon) Man charged $81 billion for a fuel fill-up (Peter Gregory) Computer "Glitch" Results in $31 billion Error (Malcolm Pack) Best Buy swindled for $31 million by chip supplier (Jim Haynes) Google Gaffe: Gmail Outage Shows Pitfalls of Online Services (Jonathan B Spira) Power outage disables power failure alarm (Jim Haynes) UK building society online account open to DOS attack (Andy Repton) Wikileaks cracks key NATO document on Afghan war (Jeff Nye) Re: Hiding in plain sight (Al Macintyre, Mark Feit, Phil Smith III, Steve Lamont, Marcos H. Woehrmann) Urban legends in RISKS (David Guaspari) RISKS 25.60 Friday 6 March 2009 Health-care: The Computer Will See You Now (Anne Armstrong-Cohen via PGN) Turkish Airline disaster and the Altimeter (Turgut Kalfaoglu) Britain's Chinook helicopters unusable for years due to software (Mark Brader) Conviction in attempted 229 million GBP theft (Mark Brader) Altimeter and autopilot possible cause of plane crash near Schiphol (Ben Blout) Normal Accidents and Black Swans (Jerry Leichter) Building-Security-In Maturity Model: BSIMM (Gary McGraw) An insider attack... in the police (Jeremy Epstein) Diebold delete button for erasing audit logs (Kim Zetter via PGN) Re-examining assumptions (Jerry Leichter) Credit card #s plucked out of air at FL Best Buy (David Ian Hopper via Dave Farber) Worldpay ATM system breached (Neil Youngman) Re: Iridium and Cosmos satellites collide (Ivan Jager) Risk Contained In RISKS Posting? (David E. Price) Re: Wikileaks cracks key NATO document on Afghan war (Charles Wood) Re: Google Gaffe: Gmail Outage ... (Alain Picard) Verizon curiosity (Peter Zilahy Ingerman) RISKS 25.61 Sunday 29 March 2009 DNA contamination led to serial-killer illusion (Mark Brader) Announcing your crime in a chat room may interfere with it (Mark Brader) You have won $[2^32-1]/100, no wait, we mean nothing (Mark Brader) Student dead 2 months, told to improve attendance (Mark Brader) Phantom Serial Killer (Dave Mulkey) E-voting In Ireland (PGN) Fairfax County Virginia voting glitches (Jeremy Epstein) Arose by any other name: was Diebold (PGN) "Security by obscurity Considered Harmful" -- especially for voting (John Sebes) Malware installed at manufacturer on Diebold ATMs (Toby Douglass) Driver Says GPS Unit Led Him to Edge of Cliff (Richard Grady) The Information Security Debt Clock (Gunnar Peterson) Google translations used for phishing attacks against ISPs (Gadi Evron) Economics of Finding and Fixing Vulnerabilities in Distributed Systems (Gunnar Peterson) ZOL downtime and emergency maintenance (Andrew Yeomans) We seem to be going over the top on "risks", forgetting about some realities (Fred Cohen) RISKS 25.62 Wednesday 1 April 2009 GPS Outages Feared (Mike Tashker) Conficker (Ned Potter via PGN) A Peering risk (Chris Leeson) Google Calendar as a single point of failure? (Jeremy Epstein) Safety and man/machine interactions: Traffic crossings (Jerry Leichter) The Chinese iTunes Gift Voucher Trick (Monty Solomon) The Police don't send chain letters (Richard O'Keefe) UK considering generalised use of deep packet inspection (Toby Douglass) Software Related Accident: Pipe-Laying Equipment (David Smith) Spam as an indicator of network health (jidanni) When Clouds go Bad: Losing Data in MobileMe (Nick Rothwell) Only allow 1, 2, and 100 year domain name registration (jidanni) Re: ESTA visa waiver online (Chris J Brady) RISKS 25.63 Sunday 5 April 2009 ElcomSoft to Recover Passwords with a Tambourine (Olga Koksharova via Michel Kabay) More on Google calendar (Pat Lincoln and Jeremy Epstein via PGN) Woman follows GPS, gets stuck in snowmobile trail (Monty Solomon) A firmware glitch of router software: 32-bit integer handling (Chiaki Ishikawa) No remittance, no ignition: Auto 'electronic repo' in action (Henry Baker) Risks of on-line backups -- is it still safe once there? (David Lesher) Domino's dishes out 11,000 free pizzas by mistake (Monty Solomon) Australian DST in the news (Tony Finch) Medical histories on the Internet (A Subscriber) Playboy TV fined over explicit content (Max Power) Re: E-voting in Ireland (Robert `Jamie' Munro) Oldest Data Loss Incident Contest (Monty Solomon) 2009 IEEE Symposium on Security and Privacy (David Du) RISKS 25.64 Monday 20 April 2009 Lisa Wangness: Inaccuracies in Google Health records (Martin Ward) Woman killed by laptop in crash (Walter Roberson) San Francisco South Bay phone vandalism (PGN) Vesta tire-pressure warnings (Click and Clack) Finnish e-voting results annulled; municipalities to hold new elections (PGN) CIA agent testifies on risks of electronic voting (PGN) Conficker C Analysis from SRI (Monty Solomon) Japanese vending machine face recognition accepts 10-yr-old as adult (Paul Saffo) Pro-regulation viewpoint on cyber vulnerability (via David Farber) "Nowt for owt" with Amazon (Chris J Brady) Credit-Card Activation (Kees Huyser) Bad authentication question (Erik Mooney) Re: The Security By Obscurity Myth (Dick Mills) Re: Driver Says GPS Unit Led Him to Edge of Cliff (jidanni) Re: flat text is *never* what we want (Tony Finch) Workshop on Service oriented Enterprise Architecture for Enterprise Engineering: EDOC'09 (Selmin Nurcan) RISKS 25.65 Wednesday 29 April 2009 New cybersecurity report, National Research Council (PGN) CNN gets it right on swine flu scare (Jeremy Epstein) President Obama says 3% of GDP on R&D (PGN) Computer Spies Breach Fighter-Jet Project (Danny Burstein) Pencils, not pixels: Ireland scuttles electronic voting machines (Matthew Kruk) Russian Voting in Berlin? (Debora Weber-Wulff) Second chance for French Net bill (Amos Shapir) US Senate bills 773 and 776 (Mabry Tyson) The Risk of Namespace Collision (Gene Wirchenko) Re: Tire-pressure warnings and RFI (Philippe Pouliquen, Bill Hopkins, John Curran) Re: The Security By Obscurity Myth (Phil Colbourn, Steven M. Bellovin, Ted Lemon, Fred Cohen) Firewalls are ineffective? (Fred Cohen) Re: "Nowt for owt" with Amazon (Julian Bradfield) RISKS 25.66 Sunday 10 May 2009 FAA ATC shutdown (Linda Gorman) Documented risks to FAA computers (John Sawyer) Pipe Leak at NY Indian Point Nuclear Plant Raises Concerns (Gabe Goldberg) Minnesota court says defendants have right to see source code (Mark Thorson) Obama, McCain legal teams promote state-level clean election practices (David Lesher) Richard A. Clarke: Obama's Challenge in Cyberspace (David Farber) `Computer glitch' disrupts Boston city payroll (Monty Solomon) Teenage hiker's calls ignored; no street address (Rohan Sullivan) Hackers Break Into Virginia Health Professions Database, Demand Ransom (Brian Krebs via Monty Solomon) UCBerkeley health service hacked, with 160,000 at risk of ID theft (Henry Lee via Ari Ollikainen) How to guarantee bad passwords (Jeremy Epstein) Lexis Nexis does an Oopsis. Data breach... (Danny Burstein) "Server issues" delay Nielsen ratings (George Mannes) Researchers Take Over Dangerous Botnet (ACM TechNews) Materials Database Problem (Gene Wirchenko) Strange cash register arithmetic favors the house (Bart Thielges) Re: Credit card numbers *not* plucked out of the air at FL Best Buy (Jonathan Kamens) Real-Time Networks RTN'09 (ECRTS) RISKS 25.67 Saturday 16 May 2009 Emirates Tail Strike at Melbourne 20 Mar 2009 (David Landgren) Joke foils chess software (Fred Gilham) Canada's tax agency computers pile up (Ken Knowlton) New key-derivation function (David Magda) iCal/iPhone/iPod dislike senior citizens? (Steven M. Bellovin) JHU insider may have breached more than 10,000 patient records (PGN) DC financial-aid agency discloses personal data of 2,400 students (George Mannes) DHS Sensitive But Unclassified sharing platform hacked (PGN) French net piracy bill signed off (Amos Shapir) Kiwibank discovers perils of Google Adwords with 100% Interest campaign (Max Power) Australian emergency services can't break through their own firewall (Danny Burstein) Re: FAA ATC shutdown (Gene Wirchenko, Al Macintyre, Pete Kaiser, Mike Coleman, Linda Gorman) REVIEW: "Googling Security", Greg Conti (Rob Slade) RISKS 25.68 Saturday 23 May 2009 NY voter voted absentee, then died; ballot ruled invalid (PGN) In a Lab, an Ever-Growing Database of DNA Profiles (David Hollman) Computers and Medical Practice: Some actual data (Jerry Leichter) Risks: Hackers 'destroy' flight sim site (Gabe Goldberg) A Lesson in Internet Anatomy: The World's Densest Meet-Me Room (jidanni) Re: "Server issues" delay Nielsen ratings (Jesse W. Asher) Re: Materials Database Problem (Stuart Levy) Re: Australian emergency services (Bob Frankston) How small does the disk chunk have to be? (Fred Cohen) Authentication and Identity theft (Jay R. Ashworth) Re: Tail strikes from improper settings (Ken Knowlton) Re: FAA ATC shutdown (Stewart Fist) Is "security through obscurity" being called for in RISKS? (Fred Cohen) Re: On Government IT competence (Scott Miller) Book Review: The Science of Fear, Daniel Gardner (Bruce Schneier) RISKS 25.69 Sunday 24 May 2009 Another Boston subway crash with cell-phone implications HIV patients sue after records left on MBTA (Elizabeth Cooney) NZ bank lends $10M instead of $10K; couple takes the money and runs (Ian Wells) Re: NY voter voted absentee, then died; ballot ruled invalid (Paul Wallich, Harvey Fishman) Fragility of telephone system (Jim Haynes) SANS NewsBites gets it very wrong, fails to post a correction (Jonathan Kamens) Re: Nielsen Ratings (Rupert Moss-Eccardt) How to make memorable but secure passwords (Phil Colbourn) Re: A Lesson in Internet Anatomy: The World's Densest Meet-Me Room (Jidanni) Re: FAA ATC shutdown (Walter Roberson, Chris Drew, Gene S. Berkowitz, Al MacIntyre, Fred Cohen) Re: On Government IT competence (Pete Kaiser) eCrime Researchers Summit CFP (Monty Solomon) RISKS 25.70 Monday 1 June 2009 Municipal politician unseated over fake e-mail (Kelly Bert Manning) A new biometrics risk? (Lee Rudolph) No-risk intelligence gathering? (PGN) iDEAL is not so ideal (Erling Kristiansen) Failures of eCommerce are Human not Computers (Chris J Brady) No 911 Service (Gene Wirchenko) Risks On Rails (Rob Slade) Train and iPod do not mix (Gene Wirchenko) Cycle-omatic complexity needed? (Jeremy Epstein) NZ bank lends $10M instead of $10K; plus Facebook (Rob Slade) Re: Tail strikes from improper settings (Dick Mills) Radio-isotope shortage, again... (Danny Burstein) Hutber's Law, Clarke's Third Law and Weasley's Law (Michael Bacon) Re: How small does the disk chunk have to be? (Jeremy Epstein, Fred Cohen, Jeremy Epstein) Re: secure but memorable passwords (David Alexander, Dave Martin, Paul Karagianis) RISKS 25.71 Tuesday 23 June 2009 Metro train fatal accident -- too much automation? (Joe Thompson) Air France crash and computers? (Steven M. Bellovin) Electronic health record systems fails; ambulances turned away from hospital (Dale Hawkins) Demolition: GPS vs Address; Well, we were close... (David Lesher) Shoreline music-food event fiasco: electronic pay system fails (PGN) Green Dam Youth Escort (PGN) China dominates NSA-backed coding contest (Eugene H. Spafford) Electricity Industry to Scan Grid for Spies (Danny Burstein) Google Street View functions as CCTV (Mark Brader) Smart electric meter risks; disastrous GPS misuse (Nicky L Sizemore) Copier short-changes users (Matt Bishop) GM & Segway to make 2-wheeled car (Paul Czyzewski) Another High-Tech Accident? (Gene Wirchenko) Reducing Risks of Implantable Medical Devices (Kevin Fu) Woman Gets Others' Medical Records In Mail (Adolphius St. Clair) Bozeman asking job applicants for their userid/password (Arthur T.) Risks of copyright lobbyists hiring someone to plagiarize PR spin (Kelly Bert Manning) A new way to lose money via ATM... (David Lesher) Re: Security through obscurity (Steven M. Bellovin) REVIEW: "Zero Day Threat", Byron Acohido/Jon Swartz (Rob Slade) RISKS 25.72 Monday 6 July 2009 More on the DC Metro collision 22 June 2009 (David Lesher, Al Stangenberger) Re: Train collisions (Dave Parnas via PGN) Earlier autopilot problem on New York City subway trains (George Mannes) More focus on computers in the Air France crash (Steven M. Bellovin) Clear clears its ownership, but not stored data (PGN) Use of GPS leads to wrong house being destroyed (PGN) Sequoia Voting Systems vs DC (David Lesher) A Less than Simple Flight from Rome to Heathrow (Chris J Brady) Train and iPod do not mix (Barry Munns) Billions stolen in online robbery (PGN) HOW many? 12.000 laptops lost PER WEEK in US airports (Peter Houppermans) That old "object reuse" problem ... (Rob Slade) Politicians, personal e-mail, and the ECPA (Bob Gezelter) RISKS at catless.ncl.ac.uk (Lindsay Marshall) Google Earth a tool for thieves and scoundrels? (John Hatpin via Mark Brader) Re: A new way to lose money via ATM... (Jim Haynes) Re: Bozeman (Andrew Koenig) I think we're all Bozemans on this bus (Steve Lamont) RISKS 25.73 Thursday 16 July 2009 Massive Visa overcharge (Steven M. Bellovin) German electronic health card system failure (Martyn Thomas) Boston Ballet School data breach (Concerned Parent) Risks of the Cloud: Liquid Motors (Gene Wirchenko) Facebook fraud about to get more interesting? (Paul Wallich) Taiwan man rescued after getting lost via GPS (jidanni) July 4 Fireworks cyber-attack (PGN) Twitter Attack Raises Flags on Security (PGN) Teenager Falls Into Manhole While Texting (Michael Barkoviak via Monty Solomon) When Texting Is Wrong (Randy Cohen via Monty Solomon) TV station forced to go old school after fire (Denise Caruso) Re: More on the DC Metro collision 22 June 2009 (Steven M. Bellovin, Rick Dickinson, David Lesher) Saltzer-Kaashoek Computer System Engineering book finally published (PGN) paypal accounts (Toby Douglass) SPAM: Phishing - the state of the art? (Dirk Fieldhouse) Re: Bozeman (D.F. Manno, Mark Brader) Oakland 2010, IEEE Symposium on Security and Privacy, CFP (Ulf Lindqvist) RISKS 25.74 Wednesday 22 July 2009 Elements of Programming, Alexander Stepanov/Paul McJones (PGN) The NSA wiretapping story nobody wanted: Whistleblower Klein (jidanni) Amazon Erases Orwell Books From Kindle Devices (Brad Stone via Monty Solomon) Re: Amazon takes-back Kindle e-books (Hal Murray) Net-filtering tables turned (Geoff Kuenning) Jonathan Zittrain, "Lost in the Cloud" (PGN) Re: cloud computing & server loss (Harlan Rosenthal) Ruhr University team breaks code of KeeLoq system (David Lesher) U.S. Passport RFID security (Erica Naone via Monty Solomon) U.S. Passports: Special alloy sleeves urged to block hackers? (Todd Lewan via Monty Solomon) Arming ATMs with Pepper Spray? (Thomas Dzubin) Eye tracking to prevent screen snooping (Peter Houppermans) U.S. Withheld Data on Risks of Distracted Driving (Matt Richtel via Monty Solomon) Adobe Terms Gone Wild (Gene Wirchenko) Taiwan president in ruckus over prerecorded web messages (jidanni) Canadian Mint says missing gold may have been stolen (Darryl Dueck) Re: July 4 cyber attack (Joseph Brennan) Risks of hierarchical map displays (Paul Wallich) An interesting reversal of the usual credit card problem (Roger Leroux) "Don't freak out," says ING Direct. At least I THINK it's ING Direct! (Daniel P. B. Smith) RISKS 25.75 Thursday 6 August 2009 Software never fails, people decide that it does (Paul Robinson) Seven water mains break due to computer glitch (Joseph Lorenzo Hall) Stock Traders Find Speed Pays, in Milliseconds (Charles Duhigg via Monty Solomon) GPS typo saves couple? (Joel Baskin) How To Hijack 'Every iPhone In The World' (Andy Greenberg via Monty Solomon) 10 ways your voice and data can be spied on (Gene Wirchenko) The NSA Is still Listening to You (jidanni) Beware of Outdated E-mail Addresses (Gene Wirchenko) Funniest security faux pas this week (Ron LaPedis) You think Adobe bug reports are tough to submit... (Michael Albaugh) Re: Risks of hierarchical map displays (Leonard Finegold, Gavin Treadgold, Gene Wirchenko) Industrial object-oriented language made void-safe (Bertrand Meyer) Ari Juels, Tetraktys, a `cryptographic thriller' (Ben Rothke via PGN) RISKS 25.76 Saturday 15 August 2009 Amusement rides without Fail-safe States (Debora Weber-Wulff) Taipei rapid transit line closed until further notice (jidanni) Twitter disruption (Jenna Wortham via PGN) UK national ID card cloned in 12 minutes (PGN) Social security to pay $500 million to victims of database error (Rob McCool) Computer Error Caused Rent Troubles for Public Housing Tenants (Manny Fernandez via Monty Solomon) Kentucky election fraud indictments (PGN) Sequoia e-voting machine manipulated without insider info (Peter Houppermans) Boy Dies After Mom Says GPS Left Them Stranded in Death Valley (Richard Grady) China backs off on censorship software ... (Lauren Weinstein) Revealingerrors.com (Robert P Schaefer) Apple keyboard firmware hack demonstrated (Monty Solomon) Re: Software never fails ... (Martyn Thomas, George Jansen, Andrew Brydon, Paul Edwards, Rob Seaman, Devin Moore, Nick Keighley, Martin Cohen) Re: Ari Juels, Tetraktys, a `cryptographic thriller' (Dag-Erling Smørgrav) RISKS 25.77 Tuesday 1 September 2009 UK Chinook helicopters grounded for *years* due to software problems (Danny Burstein) DNA Evidence Can Be Fabricated, Scientists Show (Monty Solomon) Computer-driven class schedules (David Lesher) Computer to blame for man's fiery death (Gene Wirchenko) RFI isn't all harmless: turns on oven (David Lesher) Pepper-spray ATMs (Jeremy Epstein) The VA erroneously informs over a thousand vets of fatal diagnosis (Rob McCool) ROTC Computer Files Found in the Public Domain (Monty Solomon) Hackers break into police computer as sting backfires (Andrew Pam) 3 Indicted in Theft of 130 Million Card Numbers (Monty Solomon) AT&T unable to protect Kevin Mitnick's account (David Magda) Swiss Data Protection orders Google Streetview offline (Peter Houppermans) Canadian model gets Google to unmask nasty blogger (Simon Avery via PGN) Cannot print on Tuesdays! (Phil Colbourn) GSM's A5/1 cipher being brute forced (David Magda) The Pirate Bay Returns With Guns Blazing (jidanni) Bad questions for account retrieval (Jeremy Epstein) Take only pictures *we* like (David Lesher) Re: Kentucky election fraud indictments (Drew Dean) Stephen Albin. The Art of Software Architecture (David Schneider) RISKS 25.78 Monday 14 September 2009 South Africa's Telkom: For the Birds or Not For the Birds (Gene Wirchenko) OLPC: Sic Transit Gloria Laptopi (jidanni) Smart Cars? (Gene Wirchenko) Boston city employees routinely deleted e-mail (D.Slack/M.Levenson via Monty Solomon) Networks and Nationalization With Respect to Cyberwar (jidanni on Suresh Ramasubramanian) Heavy Data Use Puts a Strain on AT&T Service (Jenna Wortham via Monty Solomon) Snow Leopard: A gigabyte by any other name (Monty Solomon) Humbert Humbert Fishfingers (Lee Rudolph) Quantum Chip Helps Crack Code (Anne-Marie Corley via Monty Solomon) Nonprofit for collecting info on SCADA & PCS security incidents (Stephanie Neil via PGN) Utah Gets Tough With Texting Drivers (Matt Richtel via Monty Solomon) Re: UK Chinook helicopters grounded for *years* (Peter Duncanson) Bertrand Meyer, *Touch of Class*, Springer, 2009 (PGN) Re: VA erroneously informs over a thousand vets (Alexandre Peshansky) Interesting disclaimer added by my ISP to the latest RISKS (Glenn Chambers) RISKS 25.79 Friday 25 September 2009 Complex Machinery: a parody (Ken Knowlton) Los Angeles Drought Restrictions: Unintended Consequences? (Thomas Russ) More on the DC Metro collision 22 June 2009 (David Lesher) New York Nuclear Plant Mistakenly Blares Emergency Alarm (PGN) Air Force loses control of autonomous aircraft, shoots it down (Rob McCool) Policemen's sanitary habits result in high breathalyzer reading (Matt Fichtenbaum) Children's hospital in Ohio infected with spyware (Rob McCool) 'Robot' computer to mark English essays (Polly Curtis via Tom Heathcote) Swiss watchdog sets court ultimatum for Google Street View (Peter Houppermans) *NYTimes* Web Ads Show Security Breach (Matthew Kruk) Google Buys reCAPTCHA, Creating a Potential Privacy Issue (Lauren Weinstein) DMAchoice.org - a case study in how to run an insecure website (Jonathan Kamens) Retailer Must Compensate Sony Anti-Piracy Rootkit Victim (jidanni) Re: Quantum chip helps crack code (Steve Wildstrom) RISKS 25.80 Friday 9 October 2009 The computers did it -- differently (Wendell Cochran) Lobstermen Get Wrong Number for a Hot Line (Ian Austen via PGN) Swine flu brings down Kaiser Permanente servers (Tony Lima) Restricted manual on avoiding leaking sensitive data is leaked (Mark Thorson) Subject: Mass. Blue Cross physicians' personal info on stolen laptop (Kay Lazar via Monty Solomon) Airline status display follies (Steven Bellovin) For Washington Metro, it's the appearance of risk (Jeremy Epstein) Man forged 12,500 pounds worth of train tickets (Mark Brader) System diversity helps in power control system (Jeremy Epstein) How Hackers Snatch Real-Time Security ID Numbers (Saul Hansell via Monty Solomon) Perils of password reuse plus password security hall of shame (Jonathan Kamens) WordPress inadvertent disclosure bug (Jonathan Kamens) The risks of being cute, Re: Complex Machinery: a parody (Donald Norman, PGN, Bluejay) Re: Snow Leopard: A gigabyte by any other name (Phil Hobbs) Re: South Africa's Telkom: For the Birds or Not For the Birds (Richard Botting) Re: Software never fails, people decide that it does (Paul Robinson) RISKS 25.81 Monday 12 October 2009 Microsoft's Danger Data Service disrupts users (John F. McMullen) Microsoft's Danger SideKick and cloud computing (Daniel Eran Dilger via Monty Solomon) Microsoft's Sidekick due to dogfooding/sabotage (Daniel Eran Dilger via Monty Solomon) Cloud Danger, literally... M$ loses T-mobile data (David Lesher) Excess CAT scan radiation -- the return of Therac 25? (David Lesher) A Time Machine time bomb (Ron Garret) Why E-mail No Longer Rules (Jessica E. Vascellaro via Monty Solomon) Re: Airline status display follies (Peter R Cook, Arthur Flatau) Re: The risks of being cute (Rob Seaman, Ken Knowlton) Re: The computers did it -- differently (Wendell Cochran) Re: Software never fails, people decide that it does (Martyn Thomas, Michael Smith, Geoffrey Brent, Dimitri Maziuk) RISKS 25.82 Tuesday 20 October 2009 Toyota uncontrolled acceleration (David Lesher) Another Therac-25 rerun (Jeremy Epstein) Custom license plate lands man a database full of fines (Rob McCool) Risks of namespace conflicts among city names (Cody Boisclair) More on hospital error leads to radiation overdoses (Gene Spafford) Internet Pioneers Speak Out on Net Neutrality (Lauren Weinstein) Accessing your legacy (Peter Bernard Ladkin) Re: A Time Machine time bomb (Alan J Rosenthal) Re: Microsoft's Danger Data Service (David Lesher, John Murrell via John F. McMullen) Inexcusable Complexity, Re: The risks of being cute (Ed Lowry) Re: The risks of being cute (Curt Sampson) Re: System diversity helps in power control system (Ian Botham) Rethinking What Leads the Way: Science, or New Technology? (John Markoff on W. Brian Arthur, via PGN) Computers, Freedom and Privacy 2010 Conference: Call for Proposals (CFP) RISKS 25.83 Friday 6 November 2009 "Jimmy Carter era" computer causes traffic jams (Jeremy Epstein) Central Traffic unControl === gridlock (David Lesher) Washington Metro system communications depend on single data center (Jon Eisenberg) T-Mobile suffers major outage: nationwide or nearly so (Lauren Weinstein) File share leaks data on US Congress members under investigation (Jeremy Epstein, PGN) Fugitive caught via Facebook updates (Mark Brader) Facebook 'Suggests Contacting Dead Friends' (Matthew Kruk) Massive Gene Database Planned in California (David Talbot via Jim Schindler) Drivers ticketed for not speaking English - misapplication of UI (Frank Jimenez) Privacy of health care info & health insurers (Henry Baker) Spam forged from .gov and .mil (PGN) AMEX sends USB trojan keyboards in ads (David Lesher) Risks of Using Encryption (Roger Grimes via Gene Wirchenko) 'Robot' computer to mark English essays (Polly Curtis via Randall) Is Net Neutrality a Communist Plot? "Declassified DoD Film" (Lauren Weinstein) Speaking of cable modem insecurity (Danny Burstein) Re: Toyota uncontrolled acceleration (Anton Ertl, Matt Roberds) Re: Danger and Paris Hilton (Peter Houppermans) RISKS 25.84 Wedesday 25 November 2009 Apostrophe in Your Name? You Can't Fly! (Chris J Brady) NY area bank claws back over 50,000 pension payments (Danny Burstein) Hacking ring steals $9 million from ATMs globally (Gadi Evron) Teleportation via Skyhook (Jerry Leichter) Warren Buffett cell phone skills: did they doom Lehman? (jidanni) Two Are Charged With Helping Madoff Falsify Records (Robert Schaefer) Brevity of text message leads to rumor of death (Mark Brader) Nasty iPhone Worm Hints at the Future (Robert Lemos via Jim Schindler) Australian Emergency operator hangs up; no street address (Darryl Smith) "Your smart meter is watching" (Cavoukian-Polonetsky via David Magda) Failure begets failure? (Aahz) At Checkout, More Ways to Avoid Cash or Plastic (Matthew Kruk) Mafia Wars CEO Brags About Scamming Users From Day One (Matthew Kruk) NY State Proposing Laws to Restrict Trucker Use of GPS (jidanni) Re: Jimmy Carter era" computer causes traffic jams (JosephKK) Re: Drivers ticketed for not speaking English (Jerry Leichter) REVIEW: "Security and Usability", Lorrie Faith Cranor/Simson Garfinkel (Rob Slade) RISKS 25.85 Saturday 28 November 2009 London's stock exchange crashes again (John Oates via Kevin Pacheco) Your wallet in the cloud (Martin Ward) Used ATM Machines for Sale on Craigslist (Ben Moore) The Joy of satellite navigation failures (Steve Loughran) Re: Toyota Toyota uncontrolled acceleration (David Lesher, JC Cantrell) Patients' data used as Packing (Robert (Bob) Waixel) Re: Apostrophe in Your Name? You Can't Fly! (Andy Behrens, JosephKK, Dag-Erling_Smørgrav, Bob Frankston) Re: Warren Buffett cell phone skills: did they doom Lehman? (Curt Sampson, Henry Baker) Re: Teleportation via Skyhook (Charles Wood) Android Mythbusters (Matt Porter via jidanni) Solving the Android "Grayed Out Application" Deadlock (Lauren Weinstein) RISKS 25.86 Monday 14 December 2009 Stryker Operating Room System II Surgical Navigation System recall (Richard Cook) Northwest Flight 188 (Curt Sampson) Chase Quicken and MS Money bill pay broken for 2 weeks, no fix ETA (John Rivard) UK Digital Economy Bill -- Blocking Illegal Downloaders (Chris D.) Massive New UK Internet Wiretapping Plan Announced (Lauren Weinstein) Public servant fired over leak of private info of 14,000 (Gene Wirchenko) Farmer claims GPS led him to breed clams in the wrong place (Rob McCool) My mother regarding LED traffic lights and Wisconsin winters (Richard Cook) Were you talkin' to me? (Jerry Leichter) All the best efforts gone to naught... (Jeremy Epstein) Various Internet Issues, Succinctly Put (Peter Ladkin) Re: The Joy of satellite navigation failures (Jerry Leichter) RISKS 25.87 Tuesday 15 December 2009 A Deluge of Data Shapes a New Era in Computing (John Markoff via PGN) Forensics, COFEE, and Decaf (PGN) Encryption Considered Harmful (Curt Sampson) Toronto subway line closed for 6 hours after tunnel pierced by gas line crew (Tony Harminc) Happy Holidays? (Zach Tudor, Jeremy Epstein) Re: The Joy of satellite navigation failures (Michael D. Sullivan) Re: Teleportation via Skyhook (Jonathan de Boyne Pollard) Re: Android Mythbusters (Phil Colbourn) Re: Toyota uncontrolled acceleration (Jeremy Epstein, Graham Reed) RISKS 25.88 Saturday 26 December 2009 Insurgents Hack U.S. Drones (PGN) Another user interface fatal accident in Afghanistan (Mark Thorson) Security in the Ether: Cloud Computing? Or "Swamp" Computing? (Lauren Weinstein) HP's facial-recognition can't recognize black people's faces (Randall Webmail) Alert: Twitter apparently hacked (Lauren Weinstein) Silent Hybrid Nearly Causes Carbon Monoxide Poisoning (Bob Gezelter) UAL: Another risk of weather for computer based systems (Jared Gottlieb) When the human model doesn't match the system model (Sean W. Smith) Disconnects between the Real World and Cyberspace (Bob Gezelter) Obscure GPS problems not just in remote areas (Jeremy Epstein) On the Road with a GPS System (Gene Wirchenko) GPS ads for captive bus riders (jidanni) Cruise control failed to disengage (Steve Cody) Re: LED Traffic Lights are efficient but cannot melt away snow (John Johnson) RISKS 25.89 Thursday 7 January 2010 Y2K+10 problem 1. German contactless bank cards (Debora Weber-Wulff) Y2K+10 problem 2: Symantec (PGN) Y2K+10 problem 3: Bank of Queensland Eftpos system (Jared Gottlieb) Y2K+10 problem 4: SpamAssassin tags "2010" e-mail as spammish (Danny Burstein) Y2K+10 Bug, for those who thought that Y2K was a made up crisis (Bob Gezelter) Verizon: I just don't know what to say (Geoff Kuenning) Eurostar Risks (Anthony Thorn) Display: none; visibility: hidden; overflow: hidden (jidanni) Crumbling Crypto: RSA 768 modulus factored + security implications (PGN) Couple Stuck in Oregon Snow for 3 Days After GPS Leads Them Astray (Richard Grady) Risks of Relying on Downstream Syndication (Bob Gezelter) Re: Teleportation via Skyhook (Gary Bliesener) Toyota acceleration; is it just the gas pedal or not? (David Lesher) Re: Another user interface fatal accident in Afghanistan (Curt Sampson) Re: LED Traffic Lights are efficient ... (Dick Mills, Jerry Leichter, Amos Shapir, Rob Seaman) RISKS 25.90 Friday 8 January 2010 NIST-certified USB Flash drives with hardware encryption cracked (PGN) Skype: the case of disappearing telephone numbers (Chrisf J Brady) Libel by Twitter? (Al Stangenberger) Risks of USB chargers for cell phones (Paul Pomes) Y2K+10: look at the Hex (Dave Hansen) Y2K+10: what's underlying? (Chris Smith) Y2K+10: The problems with sticky tape (Peter Houppermans) Weight of a Land Rover incorrectly input into UK VCA database (Matthew Wilson) Re: Eurostar RISKS (Richard Pennington) Leaves on Tracks (Curt Sampson) Re: LED Traffic Lights are efficient (Dick Mills, Terrence Enger) Re: Silent Hybrid Nearly Causes Carbon Monoxide Poisoning (Walt Strickler) NDSS Program (Internet Society) RISKS 25.91 Tuesday 19 January 2010 New Massachusetts unemployment insurance employer website crashes and burns upon launch (Jonathan Kamens) Moscow grinds to a halt: spoofed traffic signs? (PGN) Despite Risks, Internet Creeps Onto Car Dashboards (Matthew Kruk) Software Firms Fear Hackers Who Leave No Trace (Markoff/Vance via PGN) "--b" parsed as a double-negation (jidanni) Network flaw connects Facebook users to wrong accounts (Steven J Klein) Fraudulent Facebook group leads to malware scam (Matthew Kruk) A5/3 attack (Alexander Klimov) S&P loses 8.5% (Daniel P.B. Smith) Dangerously wrong trailer weight in Web tool (Rex Sanders) Australian man dies after being crushed by computers (Darryl Smith) Update Your XYZZY Web Site Password (Dale E. Coy) Offensive shutting down of botnets (Kelly Jackson Higgins via PGN) Y2K+10 problem 1910 in BPCS 8.1 ERP (Al MacIntyre) Y2K+10: Windows Mobile has 2010 problems too (Jeremy Epstein) Y2K? Taiwan, N. Korea calendars facing Y1C in 2011! (jidanni) Re: Couple Stuck in Oregon Snow for 3 Days After GPS Leads Them Astray (Al Stangenberger) Other Traffic Risks (Gene Wirchenko) REVIEW: "Into the Breach", Michael J. Santarcangelo (Rob Slade) RISKS 25.92 Tuesday 26 January 2010 *NY Times* expose on medical radiation overexposure (Jeremy Epstein) Air-traffic control glitch due to the installation of new software (Chiaki Ishikawa) Extending TCP/IP into space (Randall Webmail) Y2K+10 and SMS (Richard Gadsden) Bodyscanners that don't work (Peter Houppermans) Corporate espionage in the news: Hilton and the Oil industry (Gadi Evron) Have the Chinese Really Hacked into MSN's DB? (Chris J Brady) Cyberattacks on Google in China (PGN) Unsearchable stores (Mark Brader) ICSI claims "effectively perfect" spam blocking method (Lauren Weinstein) LORAN being retired (David Magda) PROVINCE OF CHI (jidanni) Google Maps won't be taking my address for a ride (jidanni) Upgrading a World of Warcraft account ends in tears (Turgut Kalfaoglu) Unique PINs (Dag-Erling Smørgrav) Re: Offensive shutting down of botnets (Dick Mills) Cloud Computing Security (Ivan Arce) RISKS 25.93 Friday 29 January 2010 Doug Maughan's CACM article & Roadmap for Cybersecurity Research (PGN) UI fix freezes NYSE, affects 975 stocks (T Byfield) False positives galore in SARs (Geoff Kuenning) DC Metro - only kills average of 1 customer each 3 years (Paul Robinson) GPS Control Software Glitch: NANU Issued (PGN) How Not to Design Authentication (Alexander Klimov) Radiation Offers New Cures, and Ways to Do Harm (David Hollman) Warning: Your Cell Phone May Be Hazardous to Your Health (Christopher Ketcham via PGN) Driver watching laptop movie kills woman (Walter Roberson) It depends on which bus you take (Paul Robinson) Driving and walking through buildings (Pete Kaiser) Re: Teleportation via Skyhook (Tony Lima) Re: Extending TCP/IP into space (Mark Jackson) RISKS 25.94 Sunday 14 February 2010 Electronic Systems That Make Modern Cars Go (Jim Motavalli) Toyota Braking Problem Link (Gene Wirchenko) How computers took over our cars (Amos Shapir) Ex-Toyota lawyer points to electronic throttle control (PGN) Motor racing solution to Toyota runaway (Dave Crooke) Mercedes Benz E Class Commercial (Richard S. Russell) Medical privacy: They never, ever learn (Geoff Kuenning) Who Owns Your PC? (Lauren Weinstein) EMV busted (David Magda) Website glitch drives up parking penalty (Nick Rothwell) The Century Bug will repeat ... (Jonathan de Boyne Pollard) Making the grade or changing the grade? (Jeremy Epstein) Phishing Scam Cripples European Emissions Trading (Danny Burstein) Meta-spearphishing (Jeremy Epstein) CAPTCHA with the answer in the ALT text (jidanni) Re: GPS Control Software Glitch: NANU Issued (Andy Piper) Re: Unsearchable Stores (Bob Bramwell) RISKS 25.95 Sunday 28 February 2010 Growing Threat to GPS Systems From Jammers (Jerry Leichter) Sat-nav systems under growing threat from 'jammers' (Amos Shapir) More on Risks of EMV Legacy Compatibility (Anthony Thorn) Self-Signed Certificates Strike Again? (Bob Gezelter) Facebook friended, boyfriend offended, tragically ended (John Linwood Griffin) Google: Serious threat to the web in Italy (Monty Solomon) Fault-Tolerance as a Risk (Gene Wirchenko) School District Spying on Students at Home? (Gene Wirchenko) A Message from Ric Edelman about data lost (fjohn reinke) Nationwide Technetium shortage: coinciding reactor failure/maintenance (Richard I. Cook) IEEE Symposium on Security and Privacy: 30th anniversary (David Evans) FOSE 2010 (Kalin Tyler) RISKS 25.96 Saturday 13 March 2010 Silly season: DST is approaching (David Magda) Sony PS3: Yet Another leap year folly (Steve Summit) Sony thinks 2010 is a leap year (Debora Weber-Wulff) Old models of PS3 failed to connect to network due to leap-year miscalculation (Chiaki Ishikawa) Re: The Century Bug Will Repeat (Jerry Leichter) Death in the Atlantic: The Last 4 Minutes of Air France Flight 447 (F John Reinke) Software flaws may be at the root of Toyota's woes (Gene Wirchenko) Risk: Toyota secretive on 'black box' data (AP via Gabe Goldberg) Breakthrough in Electron Spin Control Brings Quantum Computers Closer to Reality (NSF) German Data Retention Law Overturned (Bob Gezelter) USGov rescinds 'leave Internet alone' policy (Richard Forno) Man posts "wanted" poster of himself on own Facebook page (Mark Brader) Car insurance bug (Clive D.W. Feather) Daily cyber attacks on the UK (Martyn Thomas) "Traffic analysis" from data (David Magda) Paranoia 101 (Paul Wexelblat) Risks of having friends with computers (Rob McCool) Computer core risks (Robert Schaefer) 4th International Conference on Network and System Security (NSS 2010) IEEE Symposium on Security and Privacy (Ulf Lindqvist) RISKS 25.97 Friday 26 March 2010 Unmanned goods train crash in Norway (Martyn Thomas) NRC to VA: you endangered patients, you owe us $227k (Danny Burstein) FBI Faces New Setback in Computer Overhaul (Eric Lichtblau via David Lesher) IRS systems can't be trusted (Randall Webmail) Risks to the power grid (Gary McGraw) Pwn2Own 2010: iPhone hacked, SMS database hijacked (Ryab Naraine via Monty Solomon) Warnings about Wifi-enabled air travel (David Strom via Gabe Gold) Cops inadvertently harass couple: real address used as test data (Mark Brader) Police raid wrong address 50+ times (David Lesher) UK SAS base "exposed" through Google Streetview (Peter Baker) Netflix Data Deanonymized (Bob Gezelter) Hacked "miss a payment, brick your car" system (Jeremy Epstein) Colombian vote count delayed (PGN) Surveillance via bogus SSL certificates (Matt Blaze) More on School Webcam Scandal (Gene Wirchenko) Couldn't logout from Facebook Mobile (jidanni) Re: Old models of PS3 failed to connect to network (DoN Nichols) RISKS 25.98 Thursday 1 April 2010 The 2010 Census as of April 1 (Rebecca Mercuri) Silver Iodide Can Seed Cloud Computing (PGN) Clouding Men's Minds (Cecelia Kang via PGN) CalJOBS Security is a Mess (Tony Lima) Why Won't USPS Let Me File This Complaint? (Jim Reisert) Incorrect software change to emergency ambulance call-handling system may have resulted in hundreds of deaths (Bruce Horrocks) Ohioans are dunned for long-paid fines ((Peter Zilahy Ingerman) User-friendly speed cameras in Belgium (Peter Houppermans) Academic Paper in China Sets Off Alarms in U.S. (Markoff/Barboza) Water-treatment computer: No, not the Three Stooges, but close (Jeremy Epstein) 3.3 million student-loan records pilfered (Gene Wirchenko) Old-fashioned computer risks, Re: 3.3 million student-loan data (Jeremy Epstein) High-tech copy machines a gold mine for data thieves (David Hollman) Survey: Millions of users open spam e-mails, click on links (Dancho Danchev via Monty Solomon) Plain Dealer sparks ethical debate by unmasking anonymous poster (Ferdinand Reinke) In Bid to Sway Sales, Cameras Track Shoppers (Stephanie Rosenbloom via Monty Solomon) TJX Hacker Sentenced (Gene Wirchenko) USENIX Health Security and Privacy Workshop due 9 Apr 2010 (Kevin Fu) GameSec 2010: Conference on Decision and Game Theory for Security (Albert Levi) RISKS 24.99 and RISKS 24.00 1 April 2010 Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 25 (7 January 2008 to April 2010) ------------------------------ End of RISKS-FORUM Digest 25.00 (99) ************************