Subject: RISKS DIGEST 16.97 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Fri 24 March 1995 Volume 16 : Issue 97 (00) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: UPDATED INFO ON RISKS (usually at the end of most issues) SUMMARY OF RISKS VOLUME 16 (2 May 1994 to 24 March 1995) (archived in file RISKS-16.00 and in RISKS-16.97) ---------------------------------------------------------------------- Date: 21 March 1995 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to (which is not yet automated). SUBJECT: SUBSCRIBE or UNSUBSCRIBE; text line (UN)SUBscribe RISKS [address to which RISKS is sent] CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. All other reuses of RISKS material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using RISKS material should obtain permission from the contributors. RISKS can also be read on the web at URL http://catless.ncl.ac.uk/Risks Individual issues can be accessed using a URL of the form http://catless.ncl.ac.uk/Risks/VL.IS.html (Please report any format errors to Lindsay.Marshall@newcastle.ac.uk) RISKS ARCHIVES: "ftp unix.sri.comlogin anonymous[YourNetAddress] cd risks or cwd risks, depending on your particular FTP. Issue J of volume 16 is in that directory: "get risks-16.J". For issues of earlier volumes, "get I/risks-I.J" (where I=1 to 15, J always TWO digits) for Vol I Issue j. Vol I summaries in J=00, in both main directory and I subdirectory; "bye" I and J are dummy variables here. REMEMBER, Unix is case sensitive; file names are lower-case only. =CarriageReturn; UNIX.SRI.COM = [128.18.30.66]; FTPs may differ; Unix prompts for username and password. Also ftp bitftp@pucc.Princeton.EDU. WAIS repository exists at server.wais.com [192.216.46.98], with DB=RISK (E-mail info@wais.com for info) or visit the web wais URL http://www.wais.com/ . Management Analytics Searcher Services (1st item) under http://all.net:8080/ also contains RISKS search services, courtesy of Fred Cohen. Use wisely. ------------------------------ RISKS-16.01 2 May 1994 Vandalism disrupts service at UK University (Peter Ladkin) Subjectively, it's eerie (Phil Agre) Miniature cameras on Sacramento-area alarm systems (Dan Zerkle) DIA delays due to programmers, mayor implies (Bear Giles [2]) Re: DMV Computer upgrade goes awry... (Shel Kaphan) Re: Unusual Newspaper Error (Stewart Rowe, David Wittenberg, Daniel Dobkin) Re: MIT student arrested for BBS ... ( Fredrick B. Cohen) "The Streetwise Guide to PCs" by Jerome/Taylor (Rob Slade) Computer-Aided Verification 94 Conference Announcement (David Dill) RISKS-16.02 3 May 1994 NEW YORKER article on library automation (Jon Jacky) Information Warfare: GM vs VW (Mich Kabay) TechWar: Cell Phone Jamming (Mich Kabay) Green Card Con Artists Exposed! (Bonnie L. Mahon via D.R. Hilton)) New firewalls book - a great risk reducer (Ray Kaplan) Re: Drunk in charge (John Simutis, Andy Ashworth, Dan Astoorian) Boot Prom commits Denial of Service Attack (Butch Deal) Staying Informed of Security & Privacy Issues (David Johnson) RISKS-16.03 5 May 1994 Spelling correction (Phil Agre) Sigh -- security through obscurity is NOT security (Alan Wexelblat) Bellcore cracks 129-digit RSA encryption code (Steven Tepper) Risk of Non-Computerization? (Klaus Brunnstein) Computers Blamed For FAA Woes (Mark Thorson) Brief note re DIA fiasco (Paul Green) Followup on credit card policies (re: "Streetwise Guide ...") (Rob Slade) ABC Nightline re LaMacchia (Mich Kabay) Risks of electronic door locks for automobiles (Paul Wallich) RISKS-16.04 10 May 1994 Secret elevator codes baffle Metro Toronto government (Dave Leibold) Smoke or Malaria - Lesser of the two evils (Hiranmay Ghosh) Dartmouth prof spoofed (Mich Kabay) 11-digit ZIP code (Christine Harbs) Frozen computer scientist (David Honig) Re: Bellcore cracks 129-digit RSA (Paul C Leyland, Dik Winter, Paul Buder) Re: Streetwise Guide [Risks ... credit-card laws] (Robert Slade) Future of US health care? (Mark Stalzer) White House May Issue National ID Cards (Mitch Ratcliffe via W.C. Daugherity) Canadian long-distance service reseller blunders (Mich Kabay) Cheers to two companies (Michael J. Zehr) Re: MIT student arrested (David desJardins) RISKS-16.05 11 May 1994 Are we betting on horses or computers? (off-track betting) (Reva Freedman) Amusing computer-related anecdote about local cable service (H Morrow Long) MTV Sues Curry (Adam Curry) China Airlines A300 Crash (Mark Stalzer) Re: Elevators, Car bumpers and Cryptography... (Peter Wayner) Re: Bellcore cracks 129-digit RSA encryption code (Fred Cohen, Amos Shapir) Re: ACM Nightline (Robert Morris) Don't always believe those E-Mail addresses (A. Padgett Peterson) EFF's Kapor announces new cyberspace TV show (Kapor via Stanton McCandlish) Automation: request for input (Ken Funk) RISKS-16.06 12 May 1994 Plane accidentally ejects pilot into sea (Frank E Carey) Tax preparation programs; IRS privacy; IRS computerization (PGN and COOVEN) Digital Defamation in the UK (Brian Randell) We spy harder! (Mich Kabay) Killers sue over phone taps (Mich Kabay) Journalists attack credit card account (Mich Kabay) Fragmenting of the News (Mich Kabay) Software piracy vexes industry (Mich Kabay) Ultra-high dependability and the Channel Tunnel (R.J. Stroud) Re: Future of US health care? (Amy McNulty) Re: China Air A300 Crash (David Wittenberg) Re: Copyright/patent owners: quick correction (Mark Seecof) Re: Amusing computer-related anecdote about cable (Ry Jones, Paul N Hrisko) Re: 11-digit ZIP code (Ed Ravin) RISKS-16.07 17 May 1994 Crossover of Diagnosis and Procedure Code creates risk (Paul Stoufflet) The Italian Crackdown? (Fabrizio Sala via Stanton McCandlish) Umass/Amherst Suffers From Week-long Service Degradation (Randy Sailer via Jonathan Welch and Sullivan) More on the A300 crash at Nagoya on 26 April 1994 (Peter Ladkin) Palm-reading and immigration (John Oram) Computer-based Notice Boards and Emergency Information (John R. Gersh) Re: Killers sue over phone taps (Adam Shostack) Revision to the Secure Hash Standard (NIST message via Paul Carl Kocher) Automated address changes (Linus Sherrill) Re: Tandem and California DMV (Scott Hazen Mueller) Tracking (Phil Agre) Secret... not so secret [NYNEX PINs] (Alan Wexelblat) RISKS-16.08 18 May 1994 Phone system crash at San Jose airport (Tarun Soni) Logging on as root is easy! (Eddy) Computer Crime on Wall Street (Sanford Sherizen) Going by the Book [air accidents] (Richard Johnson) Editor functionality mutates code (Kevin Lentin) UK ATM Spoof (Mich Kabay) The RISKS of complex procedures (Ry Jones) Tactical research (Phil Agre) FIPS to be tied... [hashing hashed, Capstone] (Peter Wayner) Re: INS recordkeeping (Jonathan Corbet) Re: killers sue over phone taps (Robert Morrell Jr.) Re: Secret... not so secret (Tony Harminc) Novel risk of medical records (David Honig) Crossover of Diagnosis and Procedure Code ... (Carl Ellison) RISKS-16.09 25 May 1994 Call Your OPERATER! (Martin Minow) Bank goof creates millionaire (Andy Fuller) Two risk-related articles from Edupage 5/24/94 (Terry Alford) Dell monitors too hot to handle (Mich Kabay) Canada, The Internet, and the Homolka trial [anonymous] Risks of setting up awful puns (Aaron Barnhart) Re: China Airlines A300 Crash (John Yesberg) Re: Computer Crime on Wall Street (Mike Rosenberg, Marc Horowitz) Cable / Closed Circuit TV Info Display Risks and 911 (Bob Richardson) Re: Logging on as root is easy! (Dan Franklin, Eddy) Re: UK ATM Spoof (Gary Preckshot) Privacy Digests (reminder) RISKS-16.10 31 May 1994 Closed Doors in Glasgow Human.risks-- Scapegoats and Puddlejumpers... (Peter Wayner) Man charged with E-mail stalking (John C. Rivard) Police BBS in Silver Spring, MD (Mich Kabay) Re: alt fan karla homolka (Phil Overy) Eavesdropping hits NSA (Peter Wayner) Risks of too-simple responses (Jerry Leichter) "Zap!" by Sellers (Rob Slade) RISKS-16.11 3 June 1994 Flaw in Clipper detected (Jim Huggins) Re: Solo midair collisions (Martyn Thomas) Donuts with Ears, Part II (Peter Wayner, David Wright) Ollie North on the high seas...Big toys, big egos, E-trails (David Honig) Nonexistent Risks (Re: Call Your OPERATER!) (Gregory B. Sorkin) Risks of faxing (Adam Shostack) The Ghost in the Modem (Loka Alert 1:6 via Phil Agre) Zimmermann statement on PGP 2.6 (Philip Zimmermann) "The Hacker Crackdown" by Bruce Sterling (Rob Slade) RISKS-16.12 8 June 1994 RISKS OF RISKS again (PGN) Hazards of the real-time switchover of a prison system (Ray T. Stevens) Campaigns and Elections (Phil Agre) Library fines unstoppable after earthquake (Geoff Kuenning) Flames and viruses in e-mail - article in the New Yorker (Martin Minow) Tetris addiction? (Mich Kabay) Re: Closed Doors in Glasgow - Trapped Guard Dies in Fire (John Vilkaitis) Re: Risks of too-simple responses (UK ATM Spoof) (Henry J. Cobb, Mathew Lodge, Jerry Leichter) Re: Clipper (Gene Spafford, Sidney Markowitz [2], A. Padgett Peterson, Paul Carl Kocher) RISKS-16.13 9 June 1994 RISKS summer slowdown (PGN) False alarm in Channel Tunnel (John Colville) Apathy toward computer errors (Chip Seymour) Mailing-list software security problem (Jim Patterson) GIF contains more than just a picture (Matthew David Aldous) Re: "The Ghost in the Modem" (Scott Dickson) Re: China Airlines A300 Crash (Mark Terribile) Re: Flaw ? in Clipper (A. Padgett Peterson, Robert I. Eachus) WWW Virtual Library page on safety-critical systems (Jonathan Bowen) "Network Security Secrets" by Stang (Rob Slade) Re: "The Hacker Crackdown" by Bruce Sterling, via WWW (John Oram) RISKS-16.14 13 June 1994 Unconventional Telephones (Mike Hoffberg) Ex-deputy police chief charged over Computer Records (Mich Kabay) RISKS in UK Election Voting Process (Thomas Rushton) Big brother wants the shirt off your back (Lynn R Grant) Re: GIF contains more than just a picture (Castor Fu) Re: How to feel safer in an Airbus (Peter Ladkin) Airbus A3(0?)0 deductions (Phil Overy) Correction for address of Clipper paper (Sidney Markowitz) Chunnel vision (David Honig) RISKS of real-time image processing (Andy Cunningham) Re: Women and Tetris addiction (Hilarie Orman) Re: Campaigns and Elections (Robert J. Burkhart) Re: Apathy toward computer errors (Tom Yurkiw) Security? Maybe.... (Neill Clift) Re: Call Your OPERATER (Hardwire) Re: Risks of too-simple responses (Ross Anderson) RISKS-16.15 15 June 1994 Privacy: Your Secrets For Sale (Les Earnest) Life imitates Bart Simpson (Jeffrey S. Sorensen) "Computer Ethics" by Deborah Johnson (Rob Slade) Re: More Chunnel vision (Philip H. Smith III) Re: Airbus (Mary Shafer, Robert Dorsett, Phil Overy, Wesley Kaplow) Re: Risks of speed enforcement (Jonathan Clark, Clive D.W. Feather) Re: RISKS in UK Election Voting Process (Doug Tooley, Kent J Quirk, John C Sager, Sean Matthews, Peter Robinson, John Gray) RISKS DIGEST 16.16 15 June 1994 Congressman Jack Brooks' Statement on Crypto (David Banisar) WSJ article: RFI hoses medical equipment (Robert Allen) Summary of safety-critical computers in transport aircraft (Peter Ladkin) More on Airbuses (Robert Dorsett, Peter Ladkin, Wesley Kaplow, Pete Mellor, Kaplow again, Bob Niland) RISKS-16.17 17 June 1994 Poulsen guilty of L.A. charges (Mich Kabay) Counterfeit graduation tickets (Mich Kabay) "Virtual Billboard" on TV (R. Peter Jackson) Misdirected Mail (Jeffrey Austen) Revenue Canada database allows birthday change (John Howard) NIST Response to Blaze Attack on Clipper (Ed Roback) ROLM phones and "Do Not Disturb": how to lose calls (Rob Levandowski) A320 hull losses: Lies, damned lies and statistics (Pete Mellor) RISKS-16.18 21 June 1994 Physical Location via Cell Phone (Derek Atkins) RF Interference (unattributed alt.shenanigans item via Elana) EDI mail storm (Cheryl Berthelsen via Brian D. Renaud) Re: Campaigns and Elections (Peter J. Denning) Re: Airframe Safety (Bill Murray, Mark Staler, Andy Dingley, Tom Lane) Shopping Risks... (Philip R. Banks) RISKS-16.19 5 July 1994 A330 crash: Press Release (Pete Mellor) States crack down on "cyberfraud" (Mark Seecof) AI to screen bad from good cops in Chicago (Christopher Maag) Going to a Computer Conference? Don't use your real name! (Steve L. Rhoades) Fraud on the Internet (Mich Kabay) ACM Releases Crypto Study (US ACM, DC Office) USACM Calls for Clipper Withdrawal (US ACM, DC Office) Re: Physical Location via Cell Phone (Lauren Weinstein, Willis H. Ware, Robert Morrell Jr.) Cellular Confusion (Bob Frankston) RISKS-16.20 6 July 1994 EM RF RISK turns into life-saver (Ralph Moonen) Mosaic risks (Faisal Nameer Jawdat) Airbus (Robert Morrell Jr.) ACM crypto policy panel chairman's statement (Steve Kent) Re: Physical Location via Cell Phone (A. Harry Williams) Phone records (Lauren Weinstein) Video cameras in City Centres (Scott A. McIntyre) Re: AI to screen bad from good cops in Chicago (Piers Thompson) Re: Scary (Jim Horning) Environmentally Aware Computing (JAN Lee) "Repetitive Strain Injury" by Pascarelli (Reviewed by Rob Slade) "Computer Ethics" by Forester/Morrison (Reviewed by Rob Slade) "A Short Course on Computer Viruses" by Fred Cohen (Reviewed by Rob Slade) Re: Rob Slade's review of "The Hacker Crackdown" (Richard Schroeppel) RISKS-16.21 7 July 1994 Risks of REDIAL (via Lance Hoffman and others) Online services taking big hits (Alan Wexelblat) Tax Software to Avoid: CA Simply Tax (Smith Craig) IRS SSN risks may abate (Michael Gerlek) Re: Fraud on the Internet (Jeff Barber) Signatures in electronic commerce (Mich Kabay) Re: Scary (Peter J. Denning) Just the Facts, Ma'am (AI to screen bad from good cops) (David Honig) Re: Video cameras in City Centres (Robert Allen) Digitized CC Signatures (Eric Richards) Re: Shopping Risks... (Jane Anna LANGLEY) RISKS-16.22 9 July 1994 Roller coaster accident -- computer blamed (Jonathan Moffett, Marcus Marr) Re: Tax Software to Avoid: CA Simply Tax (Rick Smith, Barry Margolin) Re: Risks of vote fraud (Lawrence Kestenbaum) Literary treatment of street-corner cameras (Mark Seecof) Re: Just the Facts, Ma'am (Bob Frankston) Re: Mosaic risks (John R Levine) Any data of Bill Gates's Info-highway book? (Richard Botting) Re: A330 crash (Curtis Jackson, Peter Ladkin) Re: ACM Crypto Policy Statement (Nap & Erik van Zuuren) Re: Fraud on the Internet (D. Owen Rowley) EMI of 'VW? NOT! (Chris Norloff) RISKS-16.23 13 July 1994 Inmates con jail computer (Peter Ilieve) White House Buys Off EES Patent Holder (Brock N. Meeks v. Stanton McCandlish) New National ID Card Proposal (David Banisar) SimCity (Phil Agre) Teletext run amok (Michael J. Stern) "Glyphs" may track your demographics (Walter C. Daugherity) EMI of 'VW'? YES (Rick Cook) Correction to A330 report (Peter Ladkin) Re: Promises and "Scary" (Phil Agre) Laptop Danger for Airplanes (Dan Arias via Martin Howard) "If Ajax had a good computer system, Peter would still be alive." (Daniel P. B. Smith) Re: Roller coaster accident -- computer blamed (Clive D.W. Feather) Re: ACM Crypto Policy Statement (Dave Golber) Re: Phone records (S. E. Grove) Re: Signatures in electronic commerce (Robin Kenny) Re: Digitized CC Signatures (Mark Brader) RISKS-16.24 14 July 1994 Quoth the Maven, Livermore! (porno repository) (PGN) "DUMB FROGS AHEAD" (Tom Zmudzinski) Digital display boards on highways (Jason Hanson) Mailers that add "Company Confidential" (Paul Szabo) Scams (Phil Agre) Re: Secure use of Internet (Tom Patterson) Re: Shopping Risks... (Philip H. Smith III) Re: Brock Meeks article on Clipper (Jerry Leichter) Cellular phone risks/privacy (Phillip Brown) Literary treatment of street-corner cameras (Scott Dorsey) Teletext (Bob Richardson, Clive D.W. Feather, Bob Frankston) Re: Laptop Danger (Bob Frankston, Joe Chew, Lars-Henrik Eriksson, Tony Abo) RISKS-16.25 19 July 1994 NASDAQ computers crash (PGN abstracting) An Irish Sting Operation (Brian Randell) TCAS story on NBC Dateline 7/14/94 (Andres Zellweger) Vindication (Winn Schwartau) Re: Risks of electronics on aircraft (Phil Overy, F. Barry Mulligan, Chris Norloff) Re: Digital Display Boards on Highways (Don Root) EDCC-1, Final Program [European Dependable Computing Conf.] (Erik Maehle) RISKS-16.26 20 July 1994 IRS (Phil Agre) Crashed bank teller (Kees Goossens) HERF Vindication II (Winn Schwartau) The digital individual (Phil Agre) Victim on the infobahn (Bill Donahue) Benefits Agency Smart Payment Card (Shaggy) Risks of confusing "headlines" with "in depth news" (Bob Estell) Re: Aircraft Avionic Vulnerabilities (A. Padgett Peterson) Re: Inmates con jail computer (Amos Shapir) "Firewalls and Internet Security" by Cheswick/Bellovin (review by Rob Slade) "The Fool's Run" by Camp (review by Rob Slade) InfoWar II--First Call for Participation (Mich Kabay) RISKS-16.27 21 July 1994 Pentagon computers cracked (Mich Kabay) Chemical Bank ATM's go down after snafu (Josh Rivel) Re: Crashed Bank Teller (William Hugh Murray) EPIC on Gore Letter (David Sobel) Re: Victim on the infobahn (Marc Horowitz, Jeffrey I. Schiller, Max Hadley, Bob Rahe, John W. Burgeson, Mich Kabay, Andrew Marc Greene) RISKS-16.28 22 July 1994 Hoods Hit the Highway (Jon Loeliger) Dutch police victim of phone-tapping criminals (Ralph Moonen) As the Worm Turns--Ant-icipating Problems (Mich Kabay) It's a real world out there, and the Internet is part of it. (Phil Agre) Automated mail listserver causes Internet "Spamming" (Jean Renard Ward) Leahy Statement on Gore Statement on Clipper (Marc Rotenberg) Privacy Journal this month (Robert Ellis Smith) CFP: IEEE Symposium on Security and Privacy (Catherine A. Meadows) RISKS-16.29 26 July 1994 Let me off the Information Superhighway! (Nancy Leveson) Risks of assuming standard interfaces (Clive D.W. Feather) Airport codes (Clive D.W. Feather) Embezzlement at Beijing Hotel (Mich Kabay) Remote reading of gas meters (Mich Kabay) Hack FAQ (summary) (Martin Minow) Risks of being unable to clear records (Marcus J Ranum) More inadvertent mail list "spamming" (Phillip Finch) Two kinds of risks (Robert Morrell Jr.) Risks of hot lines (Philip H. Smith III) RISKS-16.30 2 August 1994 MCI inbound internet gateways choked (Mich Kabay) RISKs of electrical wiring (Robert Rose) How to clean out a checking account (Paul Dineen) FBI hunting for Agent Steal, flashy computer hacker (Mich Kabay) PCMCIA cards (Mich Kabay) Progress on RFI in aircraft (Mich Kabay) Porn Peddlers Convicted in Memphis (Mich Kabay) Re: Video Cameras (Nap van Zuuren) Computer telephony (Phil Agre) Re: Crashed bank teller (Ted Lemon, Patrick O'Callaghan) The Cult of Information by Ted Roszak (WN Peters) Report Released on Public Key Law and Policy (Michael S Baum) RISKS-16.31 9 August 1994 Unda(u)nted exploration: DANTE II (PGN) Denver "solves" hi-tech baggage handling problems (Lauren Weinstein) Re: Squirrels again bring down Nasdaq (Joe Morris, Bob Frankston) More than squirrels: Newbridge Networks (Bob Frankston) Re: RISKs of electrical wiring (Lauren Weinstein) Re: The Cult of Information (Steven Tepper) Rapid Application Development (RAD) (Rebecca Mercuri) Intel plant in Albuquerque (Phil Agre) Madcap world of modern banking (Ross Anderson) A330 Crash investigation: Pilot error blamed for crash (Erik Hollnagel) Workshop Announcements PDCS2 and SCSC (Barry Hodgson) CSR Software Reliability & Metrics Club - Meeting Announcement (Pete Mellor) Washington DC ACM Seminar (John Sheckler) RISKS-16.32 16 August 1994 Pin the tail on the Dante? (PGN) Adventures in Debugging (Michael J. Stern) Commercial identity on the Internet (Mich Kabay) Desktop check forgery (Phil Agre) Burglary suspects caught by Caller ID (Jonathan I. Kamens) National Guard payment problems (Mich Kabay) Escrowed keys vulnerable to chosen contraband attacks (Stephen R. Savitzky) The Danger of Six-Digit Dates (Mike Sullivan) A Minor Risk for Centenarians (Bruce Scott) IRC bug (Andrew David Tinkham) Privacy Conference (Dave Banisar) Intrusion Detection Workshop announcement (Debra Anderson) RISKS-16.33 23 August 1994 [misdated 22 Aug] Program Information: 17th National Computer Security Conference (long) [Full program in CRVAX.SRI.COM RISKS: directory RISKS-16.33NCS while the missing registration/hotel materials are in RISKS-16.33NCSX] RISKS-16.34 24 August 1994 Bug in Microsoft Word (Chris Norloff) Report on the 1992 Gatwick near-miss (Peter Ladkin) The new Cray and Unix passwords... (Peter Wayner) Most home security alarms are false (Mich Kabay) Misconceptions about PGP 2.6 from MIT (Philip Zimmermann) "Secrets of a Super Hacker" by Fiery (Rob Slade) International Cryptography Institute (Dorothy Denning) RISKS-16.35 25 August 1994 Fraud and Identity (Mich Kabay) Summary of Der Speigel interview with Airbus' Bernard Ziegler (Peter Ladkin) CORRECTION, Report on the *1993* Gatwick near-miss (PGN) Re: pi = 3 (James Dudley, L. P. Levine) Re: The new Cray and Unix passwords... (Chris Ransom) RISKS-16.36 29 August 1994 Vandals Cut Cable, Slow MCI Service (Mich Kabay) Mexican election computers (John Sullivan) Attack of the killer spellcheckers... (Valdis Kletnieks) U.S. Mail causes ZIP-code problem (Al Stangenberger) Re: Bug in Microsoft Word (Dave Moore) Salt in wounds (Re: New Cray and Unix Passwords...) (Peter Wayner) Re: Fraud and Identity -- SCI-FI (Andrew Marchant-Shapiro) Politicians Join the Internet (Mich Kabay) Re: pi = 3 (Mark Stalzer, Rob Boudrie) System makes bank check forgery easy (Christopher Klaus) CFP: 2nd ACM Conference on Computer and Communications Security (Li Gong) RISKS-16.37 31 August 1994 Risks of spread-spectrum cordless phones (Don Alvarez) St. Louis water mishap (David G. Himrich) Satellite imaging for targeted marketing? (Denis Haskin) Millennium goes to prison (Henry Troup) Breakdown of police emergency number (John Colville) Risks of client search tools (the WWWorm turns, and returns, ...) (Rob Slade) Changeable `constants' (James Ashton) Re: vandals Cut Cable, Slow MCI Service (C. Paul Ferroni) Unintended document contents (Walter Smith) Re: Bug in Microsoft Word (Steen Hansen, Pete Ferris, Anthony E. Siegman) Re: system makes bank check forgery easy (Paul Gloger) More on Real World/Cyberspace ID matching (Paul Green) Re: pi = 3 (Mark Brader) New indecency rules proposed for all online services (Daniel J. Weitzner) RISKS-16.38 2 September 1994 Football interference without penalty? (PGN) RFI and "winchcraft" (Mich Kabay) Drawbridge controls -- fail-safe? (Steve Summit) Chile: "Multicarrier" telephone system collapses (Patricio Poblete) Anarchist files linked to child mutilation (Mich Kabay) Poulson Pal Pinched (Mich Kabay) Barclays Bank's new computer system (Steve_Kilbane) Risks of living abroad (DelleraK) Re: Changeable `constants' (George W Dinolt, Joseph H Presley, Mark Brader, Bob Frankston, Steve Kilbane, Lars-Henrik Eriksson, James Cottrell, James Carlson, Mark Nelson) RISKS-16.39 6 September 1994 PKZIP encryption broken (known plaintext attack) (Paul Carl Kocher) Some privacy notes (Phil Agre) Database Marketing (privacy in *Business Week*) (Mark Stalzer) Backspace Problems (John Vilkaitis) Backspace Failure (John Vilkaitis) Re: Millenium goes to prison (Jim Hiller) _Modern_ risks of call by reference (Mike Albaugh) Some comments on the A330 accident (Peter Ladkin) ESORICS 94 Program (Yves Deswarte) RISKS-16.40 12 September 1994 Highest Quality Company Logos for Inclusion in Software (Dennis Lawrence) German Parking Violators Accused of War Crimes (Scott Mincey) Enola Gay: Another text substitution (from alt.folklore.urban) (Henry Troup) More daring tales of address disasters! (Peter Ladkin) Risks of duality in electronic media (Bob Mehlman) Unique way to find bugs: be investigated for breaking the rules [McLaren Peugot Formula One] (Bjorn Freeman-Benson) Neural Redlining == Plausible Deniability ? (Fred Baube) Reply to New indecency rules proposed for all online services (Julian Meadow) CPSR Annual Meeting (Phil Agre) Proceedings on Assurance and Trustworthiness (Marshall D. Abrams) RISKS-16.41 22 September 1994 Computer disk crash causes misprinted ballots (Lani Teshima-Miller) Internet Gets First False Ad Charge (PGN) Uninterruptable thought patterns (Phil Agre) Re: Digital Logos (Peter J. Denning) Reason 55: National Security and the FBI Wiretap Bill (Marc Rotenberg) Yet More daring tales of address disasters! (Paul T. Keener) High Security Digital Payment Systems (Michael Waidner) The Fuzzy Systems Handbook (Rob Slade) Neural redlining (Andrew W Kowalczyk, Peter J. Denning, Fernando Pereira, Thomas E. Janzen, Jan Vorbrueggen, Bob Frankston, John Turnbull) RISKS-16.42 23 September 1994 Power Outage in Russia? (Bradford Wetmore) The Future of the Internet is Secure: Press Conference (Winn Schwartau) Telephone background noise RISKS (Michael P. Gerlek) Re: Uninterruptable Thought Patterns (A. Padgett Peterson) Re: Computer disk crash causes misprinted ballots (Douglas W. Jones) Re: Yet More daring tales of address disasters! (Steve Bellovin et al.) Re: Address disasters (John Cantrell, Martin Ewing) Re: Highest Quality Company Logos (Jim Prall, Gary Greene, Ray T. Stevens) Call For Papers: 8th IEEE Computer Security Foundations Workshop (Li Gong) RISKS-16.43 27 September 1994 Pretty Bad Privacy in Top-Level Negotiations (Charles Dunlop) Re: Mexico election (H?vard Hegna) Coyote sues Acme Co. (Luis Fernandes) Reasoning 101, the FBI Telecom Bill, and EPIC (Jerry Leichter, Marc Rotenberg) Please!, let's call it the "Government Wiretap Bill" !!! (Jim Warren) The high-tech university: 500 channels, all alike (Phil Agre) Pagers and power supplies (Laszlo Nemeth) Marketing of science (Michael Jampel) Power Disasters (Matthew D. Healy) Re: Power Outage in Russia? (Arthur D. Flatau) Questions re: security of computerized medical records (Richard Goldstein) Network Security Observations (NSO) RISKS-16.44 29 September 1994 Re: Neural Redlining == Plausible Deniability? (Jim Horning on Brian Randell) Response to various comments on Internet Security (Winn Schwartau) Present Internet Security (George Thornton) Re: Mexico election (Alex Lopez-Ortiz) Re: Uninterruptables (Phil Agre, Martyn Thomas) Safety issues with Screen Savers (Rich Baker) Re: Phil Agre on high-tech university (Robert Ashcroft) Re: Neural networks and testing (Fred Cohen) Re: Yet More daring tales of address disasters! (Dan Fass, Andrew Marc Greene, Steve Summit, Jan Mandel, Jonathan I. Kamens, Mike Crawford, Chris Smith, Paul Robinson, Michael Jampel) Privacy & American Business conference in DC next week (Lance J. Hoffman) RISKS-16.45 10 October 1994 Anonymity and the Stock Markets... (Peter Wayner) ICL loses 1.3m pounds poll-tax case (Jonathan Bowen) AOL sells its subscriber list (David L. Gehrt) Twins out of luck in Brazil (Debora Weber-Wulff) Confidential information passed on (Nik Clayton) Privacy Digests -- and Digital Telephony (PGN) CFP for CFP'95 (Computers, Freedom, and Privacy) (Carey Heckman) CALL for PAPERS: EUROCRYPT '95 (Jean-Jacques Quisquater) RISKS-16.46 19 October 1994 Risks of putting out RISKS Software Bug Cripples Singapore Phone Lines (Lee Lup Yuen) Cellular Phone Scam (PGN) Barclays Bank Banks Big-Bang Bump-up (a success story) (Brian Randell) Data security in Iceland (Haukur Hreinsson) Memory Chip Theft (R. Szczesniak) Risks of not thinking about what you're stealing (Mark Brader) Calling Number ID debate (Phil Agre) Creating kidspaces on the net (Prentiss Riddle) And you thought one-letter passwords were RISKy ... (Dan Astoorian) RISKS-16.47 20 October 1994 Computer mess at Greyhound (Phil Agre) British Rail Journey Planner (Marcus Reynolds via Clive D.W. Feather) Spin control by computer (Rob Hasker) Tampering blamed for rebuffed candidacy in Peru (PGN) Re: Data Security in Iceland; Software Bug Cripples Singapore (Jim Haynes) Tarom Airbus: automatic mode switch escaped the commandant (Daniel Salber) Computer risk that nearly proved deadly (Carl Maniscalco) Software reuse (Mark Gonzales) Risk of seeming similar interfaces (Monta Elkins) Re: squirrelcide (Douglas W. Jones) Re: CNID (Peter da Silva, Scott E. Preece, A. Padgett Peterson) Washington DC ACM Professional Development Seminars (John Sheckler) RISKS-16.48 21 October 1994 "The Mother of All Utility Bills." (F. Barry Mulligan) Observed Electro-Magnetic Interference (Henry Troup) Re:Computer risk that nearly proved deadly (Mark Thorson, Gary Koerzendorfer) Cellular Phone Fraud Operator Arrested (Paul Robinson, Chip Maguire) Not enough bytes bites again (Marc Auslander) Inadvertent postal forwarding (V. Michael Bove Jr.) Computer model of Haiti (Phil Agre) Re: Risks of not thinking about what you're stealing (Joel Finkle) Re: Risk of similar interfaces (Chris Norloff, Erann Gat, John Mainwaring) Re: Software reuse (David Honig) Re: Greyhound (Danny Burstein) CNID and Don Norman -- CNID can be private (Justin Wells) Re: CNID (Andrew Klossner, Phil Agre) RISKS-16.49 24 October 1994 "Computer Related Risks" by Neumann (Rob Slade) Half a degree is better than none? (Mark Brader) Re: Barclays Bank Banks Big-Bang Bump-up (Mark Brader) Re: Not enough bytes bites again (Dave Moore) The FTC wades in (Don Blumenthal via Joel K. Furr) That Macintosh Power Switch (Don Norman) The Risks of Ignorant in Computer Science (Yaron Y. Goland) More on risky interfaces (Mike Perry, Gary Page, Brad G. Parks, Jean Renard Ward, Kevin Purcell, Kent Borg, Mike Alexander) RISKS-16.50 25 October 1994 Another way for computer failure to delay trains (Mark Brader) Bank Robber Foiled by Security Screen (Paul Gillingwater) Re: Ignorance in Computer Science (Roy Maxion) Re: Don Norman and the Power switch (William Hugh Murray) Re: deadly risk (Scot E. Wilcoxon) Re: Cell Phone Fraud Countermeasures (Bill Hensley) Re: Badly designed interface in MS Mail (Russell Stewart) Re: Inadvertent postal forwarding (Kent J Quirk) Re: Data security in Iceland (Curtis Jackson) Mailing lists risk critical-mass spamming (Benjamin A Ostrowsky?) Re: CNID (Lauren Weinstein, Michael D. Sullivan, Tim Duncan, B.M. Cook, J. Eric Townsend, Michael Jampel, Mark Stalzer,) RISKS-16.51 28 October 1994 Stolen account used to send hate mail at Texas A&M (Bruce Sterling via Prentiss Riddle) Orwell was off by 499 channels, and what to do about it (Phil Agre) GRE Computer-Based-Testing scores reconsidered (Carlos I McEvilly) America Online Offlines America (PGN) More on backspace problems (John Vilkaitis) CAPS-LOCK Considered Harmful (Barton C. Massey) Microsoft Natural Keyboard (Don Alvarez) Re: Mailing lists risk critical-mass spamming (Paul Wallich) Re: CNID and screening (Robert Ellis Smith) Drivers license as universal ID? (John Sullivan) RISKS-16.52 31 October 1994 Telephone game glitch (Julian Meadow) The Sinking of the USS Gitarro (Mike Crawford) Re: FEC Voting "Standards" (Rebecca Mercuri) No Real Risks of Seemingly Similar Interfaces (Roger Carasso) There are risks and then there are risks (Alan Wexelblat) Re: Security screen (Bank fences, power keys, etc.) (Frederick B. Cohen) Re: More on backspace problems (Esther Filderman, Russell Stewart) CAPS-LOCK (Paul Barton-Davis, P. Kevin Parker, Rick Cook, Phil Keys, Doug Siebert) Re: AOL (Greg Lindahl, Mike Crawford) Re: Half a degree is better than none? (Curtis Jackson) RISKS-16.53 6 November 1994 UK boy cracks S.Korean system (Mich Kabay) CMU blocks access to nasty newsgroups (Mich Kabay) Roll-Over Date Frozen? (Ed Ravin) Followup on Sears captures signatures (Steve Holzworth) Minnesota driver license (Daniel Frankowski) Re: CAPS-LOCK Considered Harmful (Jim Griffith) RFD: sci.engr.safety (Sethu R Rathinam) 2nd Conf. on Mathematics of Dependable Systems (Victoria Stavridou) RISKS-16.54 7 November 1994 Fall time change and the usual computer system havoc (L. Scott Emmons) Ottawa Library fines people using unreliable automatic calling system (Michael Slavitch) Tele-Phoney (John Vilkaitis) Risks of assumption (Tom Swiss) Re: CMU blocks access to nasty newsgroups (Bob Frankston, Arthur Hicks, Jim Huggins, Harry Rockefeller) RISKS-16.55 9 November 1994 EMI and construction cranes (Steve Summit) Postscript FAX Security Hole (Mike Crawford) Hardware-borne Trojan Horse programs (Chris Tate) Risks of posting warnings with the wrong time or date (George Swan) Existential risks of computer systems (Ian Horswill) E-Signatures (Benjamin Wright) Re: Suitable for whom? (Jon Green) PBX at Large? [Re: Tele-Phoney] (Stephen Bogner) Re: Parental Responsibility (Mich Kabay) Re: Ottawa Library fines people ... (Erik Jacobsen, Daniel P. B. Smith) RISKS-16.56 14 November 1994 Catalogin' (Henry Cate) Worker cleared of deleted planning files (Vinc Duran) "Netsafe makes the Internet safe for K-12 schools" (Forman) Alberta vote-by-phone fiasco (Mich Kabay) Rob Slade's review of Robert Slade's book (Rob Slade) Re: EMI and construction cranes (Michael P. Hartley, Arthur Byrnes) Re: Ottawa Library fines people ... (Peter Kaiser, Sean Donelan) Re: Postscript FAX Security Hole (Andrew Klossner, Brooks Benson, Ross Oliver, Kevin S. McCurley, Ed Taft, Barry Margolin) RISKS-16.57 22 November 1994 Cell-phone ergonomics side-effect (Robert Stanley) Pentium FDIV bug (Bill Broadley) All's Well that Orwells? (Peter Wayner) Spell Checker Goes Beserk; Editorial Maimed (Robert Bane) Security is not privacy (Phil Agre) Authorities Still Investigating Software Theft (Edupage 15 Nov 1994) Beware the Calendars (Pertti Malo) Re: Parental Responsibility (Daniel P. Johnson) Clarifying answers to TEN QUESTIONS PARENTS SHOULD ASK THEIR CHILDREN RISKS-16.58 26 November 1994 Hacker learns intelligence secrets (Mathew Lodge) [See RISKS-16.58BT] Automated Weather Reports for Pilots (Tom Keenan) Extended Phone Failure in Iowa City (Douglas W. Jones) Enormous water bills - gigo strikes again (James M. Politte) Computer-generated bridge-tournament hands (G. Gates/M. Brader/PGN) The PC as a RISC (how could I resist 8*) (A. Padgett Peterson) Problem with 911 service in Philadelphia (Paul Robinson) Department store security cameras linked to computer (David Hembrow) Children on the Infobahn (Bradley K. Sherman) Re: Pentium FDIV bug (Mike Carlton) Re: Cell-phone ergonomics side-effect (Bill Innanen, Paul Robinson) Re: Anon. on "TEN Q's" (Mark Seecof PSD x77605) RISKS-16.59 30 November 1994 The IRS knows "everything about you that we need to know" (John Sullivan) RISKs of electronic ticketing on buses (Rhys Weatherley) Why You Need a UPS For Your Bread Machine (Curtis Jackson) Listserv Loops (Richard Klau) NYNEX touts Credit Card authorization over Cell Phones (Paul Green) Re: Iowa phone switch (Matthew Charles Wetmore) Re: Reasonably Large Water Bill (L. P. Levine) Risks on TV: Eye-to-Eye-to-RFI (Jan I. Wolitzky) British Telecom "hacker" article was a hack! (Sidney Markowitz) The risks of media hack reports (Rob Slade) Re: Pentium FDIV bug (Wilson P. Snyder II, Peter da Silva, Ron Heiby, Dale R. Call, Andy Grove via Richard Wirt) RISKS-16.60 5 December 1994 Excel linked spreadsheet bug (Michael D. Crawford) 3 hits and you're out? (SSN use) (Geoffrey S Knauth) The Economist and E-cash (Mark Stalzer) RISKS of Going to the Movies (Keith Schengili-Roberts) Providing Good Defaults (and risks of not doing so) (Ry Jones) The PC as a RISC (Michael Slavitch) HERF Rides Eye To Eye (Winn Schwartau) Interesting product claim (Mike Kenney) Criminals 1, Consumers 0 (Peter J. Denning) Re: Duplicate bridge-tournament hands (Asya Kamsky) Re: Listserv Loops (Steve Summit, Peter da Silva, Joe A. Dellinger) "Tekroids" episode of Tekwar and the perception of viri (Rob Slade) RISKS-16.61 6 December 1994 Lots of Turkeys (Debora Weber-Wulff) Fun with your phone company (Russell Stewart) Pentium + Spell-Checkers (Paul Fuqua) Pentium FDIV bug (A. Padgett Peterson) Re: Interesting product claim (Mathew Lodge) Virus alert virus alert (Yehuda Berlinger) Re: Mailing list problems... (Errors-To) (David Barr) Mailing-list deadman switch (Steve Losen) "Applied Cryptography" by Schneier (Rob Slade) RISKS-16.62 7 December 1994 Baby-proof keyboard handling needed (Amos Shapir) Network file race condition (Andrew Koenig) Power failure causes airline check-in chaos (Fernando Pereira) Pepsi promotion misfires - computer error (John Dalbey) Formal verification of the AAMP5 Microprocessor (John Rushby) Re: Formal methods and the Pentium FDIV (Mark Stalzer) Re: Formal verification of INMOS T800 (Patrick Campbell-Preston, Mathew Lodge) Re: Formal methods ... (Steve Kilbane, Mark Lomas) Re: Slade's review of Schneier's "Applied Cryptography" (Richard Schroeppel) Self-extracting emacs elisp code (David Blob) Virus time (Dwight Silverman, Zygo Blaxell, Reuven Lerner) Program Announcement - ISOC 1995 Symp. Netw. & Distr. Sys. Security (David M. Balenson) RISKS-16.63 9 December 1994 "High-Tech Can Hinder Policy Work" (PGN) Laptop proscription (Bob Morris) Our police and media in action [RF interference] (Lynn Gold) Digital cash on the web -- comments? (Justin Wells) New printer font: Sloppy Handwriting 14pt (Norman H. Cohen) Multicast backbone blunder [risks of hidden transmission] (Alan Clegg) A Question for the Community regarding National Crypto Policy (Herb Lin) Problems with compiler optimisation (Pentium related) (Martin Poole) Risk of _not_ using floating point..... (David Lesher) Re: Formal methods and the Pentium FDIV (Tim Bradshaw) It's all my fault, really [re: Good Times] (Martin Minow) Good Times is a *meta*virus (Joe Chew) Good Times is a Meme (Keith Henson) Re: Schneier's book "Applied Cryptography" (Y. Radai) Re: Fun with your phone company (Geoff Kuenning, Russell Stewart) More on network file race condition (Andrew Koenig) Rights and Responsibilities of Participants in Networked Communities (Herb Lin) Searching RISKS et al. (Frederick B. Cohen) RISKS-16.64 10 December 1994 Re: Interesting product claim (more Pentium stuff) (Paul N. Hilfinger) Re: Formal Methods ... Intel FDIV bug and verifying FPUs (Miriam Leeser) Re: Formal verification of the AAMP5 (Srivas) Re: Multicast backbone blunder (Derek Atkins) Re: Digital Cash (A. Padgett Peterson) Re: Cellular One roaming in NYC (Alan Clegg) Re: "Good Times" virus (Steve Summit, Susanne Forslev) Re: Fun with your phone company (Andy K) Re: Digital cash on the web (Hal Pomeranz) German Telecom: technical risks/crime (Klaus Brunnstein) RISKS-16.65 15 December 1994 No, I'm not Newt. ("GingrichN" alias Steve Barr) Oral Hackers (Mark Colan via John Markoff) Technology Under the Weather (Gordon Symonds) Wendy's Stock (Charles R Trew) Re: Formal Methods and Exhaustive testing (Tony Lauck) Re: Mailing-list deadman switch (John Gardiner Myers) Re: Self-extracting emacs elisp code (Morgan Jones) RISKS demonstrates more RISKS in mailing list software (Sidney Markowitz) RISKS-16.66 20 December 1994 Microsoft has no plans to acquire Catholic Church (from EDUPAGE) Mistaken Identity (Tom Knoedler) Emergency Broadcast System Goes Automatic? (Darrell F. Oresky) Brands Burn the Bull's Behind (Peter Wayner) Followup to "No I'm not Newt" (Ted Koppel) Re: Oral Hackers (Steve Holzworth) Re: Technology Under the Weather (Ross Oliver) Intel announces new Pentium replacement policy (Rich Kulawiec) Pentium bug as data management problem (Rob Aitken) Testing the Pentium bug (Daniel Essin) Mary Payne and "Good to the last bit!" (Paul A. Karger) Pentium FDIV problem - so what's new ? (A. Padgett Peterson) Spreadsheet Errors Study (Ray Panko) The Status of Disclaimers (Dick Nickalls) CFP: New Security Paradigms Workshop (Catherine A. Meadows) CFP: Safety and Reliability of Software Based Systems (Stella Page) RISKS-16.67 23 December 1994 Software glitch snares Social Security Administration (Mike Manos) Cancelbot Derails Online Promo (WSJ via Edupage) Ben & Jerry's expects first loss (Arthur D. Flatau) Proliferation of Cockpit Warning Signals (David Walter) Year 2000 date problems already happening now (Elana) Re: Prevention of Oral Hacking (Brad G. Parks) Re: Pentium FDIV problem - so what's new? (Mark Brader) Intelligent Commentator on McNeil-Lehrer (D.P. Schneider) Financial Payment Systems (Jeff Stapleton) Possible solution to the (electronic) meme problem (Bob Mehlman) Advertising on the Net (Mich Kabay) Risk Takers Among Management (Tom Kaiser) Re: Koppel et al. (Peter da Silva) Re: Microsoft and the Catholic Church (John Stevenson) EDUPAGE on the WWW (Timothy Hunt) Public CM WAIS Server to end operation (WAIS Admin) Call for Papers and Panels: National Information Systems Security Conference (Jack Holleran) RISKS-16.68 27 December 1994 Washington Post flubs stock prices (William C. Fenner) Sorcerer's Apprentice Hits Medicare (Mich Kabay) $25m power bungle: Automation at Australian electricity plant (Tom Worthington) Buy a country for $1200 (Amos Shapir) Re: Mary Payne and "Good to the Last Bit" (Jim Haynes) Rate Hike For Universal TouchTone? (Leonard Erickson) Re: Year 2000 date problems already happening now (Scot E. Wilcoxon) Re: American Scientist article on the year 2000 (Brian Hayes) RISKS of guessing at Fair Use (Mich Kabay) [long] RISKS-16.69 3 January 1995 Gov't Recommends Electronic Copyright Restrictions (Edupage) One for the GIFfer (CompuServe-Unisys GIF Tax Protest) (Pat Clawson) Mail repeatedly returned to sender (Curtis Keller) Dates in a 4GL (name removed) Dates and Times Not Matching in COBOL (Fred Ballard) Testing and the Sources of Dates and Times (Fred Ballard) Dates in "Ancient" Systems (Fred Ballard) COBOL's Two-Character Year Field (Fred Ballard) Last call for papers for COMPASS 95 (John Rushby) RISKS-16.70 4 January 1995 GIF, UNISYS, and CompuServe (Tim Oren) Datastream may be charged in Jan 1995 (Mich Kabay) Common Criteria Draft (0.9) on CD-ROM (Klaus Brunnstein) Computer Addiction (Mich Kabay) Virus Creation Labs (Andy S. Lopez) Don't plot murder via cordless phone (Mich Kabay) Cell phones in Israeli army (Mich Kabay) Dense ordinateurs (Mark Stalzer) Re: COBOL's Two-Character Year Field (Mark Brader, Walter Murray, Paul Robinson) RISKS-16.71 5 January 1995 A Whole Bunch of Date-Time Stuff (Fred Ballard, Paul Robinson, John Cavanaugh, Dave Moore, Chuck Karish, Jerry Leichter, Richard Schroeppel, Craig Everhart, Erann Gat, Wayne Hayes, Walt Farrell, Stanley F. Quayle, Marc Horowitz, Peter Capek, Lars Wirzenius, Phil Rose, David Jones, Jonathan I. Kamens, Andrew W Kowalczyk, Barry Jaspan, Joe Morris, Lord Wodehouse) RISKS-16.72 6 January 1995 Computing error at Fidelity's Magellan fund (Kathy Godfrey, Arthur Flatau) Phone system problems in Santa Fe (Bruce Wampler) LZW/GIF flap on RISKS (Tim Oren) Re: CompuServe-Unisys GIF Tax Protest (Peter Bishop) Software math errors (Chris Phoenix) Rutherford Effect: term for particular class of failures (Bill Thomas) Re: Cancelbot Derails Online Promo (Andrew Haley) Re: Soldiers and Cellular Telephones (Linden B. Sisk) Re: Computer Addiction (Mary Shafer, John C. Rivard, Steven D. Brewer) Re: Date and Time (Leslie Lamport) RISKS-16.73 6 January 1995 My life as an international arms courier [longish, but good] (Matt Blaze) Work monitoring (Phil Agre) GRE by computer, the sequel (Cris Pedregal Martin) More on "Cell phones in Israeli army" (Heinz Wrobel) Re: Adopting Programming Improvements (Douglas W. Jones) Re: CompuServe-Unisys GIF Tax Protest (Kenneth Albanowski) RISKS-16.74 8 January 1995 Software sensitive to cold? (Karol Fruehauf) Revision Level, What Does It Mean??? (Mark Thorson) Re: Cancelmoose, WSJ word usage, and vigilantism (Steward) Re: ETS Electronic Testing (Simson L. Garfinkel) Re: Fidelity error (Barry Margolin, Floyd Ferguson) Re: My life as an International Arms Courier (A. Padgett Peterson) Re: Israeli army, cellular phones, pizza (Michael Dahan, David Wadsworth) Re: GIF (David Winfrey, Simson L. Garfinkel, John Mainwaring, Garrett Nievin) Re: Date/Time (Steve Sapovits, Mark Brader, Erann Gat) RISKS-16.75 19 January 1995 Airline schedules in local time (Matthew Kwan) Car-radio security code nuisance (Daniel P. B. Smith) Bugs in Digital RAID Storage Subsystems (Andy Ram) Maryland Emission testing (Paul Peters) Computers in nuclear plant (WB Whaley via Jonathan_Welch) Anik E2 redux (Luis Fernandes) Shaky testing (Mark Stalzer) Re: Midnight Batch Run Bites (Paul Robinson) New Risk from the WWW (John MacInty) RISKS on the World Wide Web (Lindsay F. Marshall) Criminal hacker arrested in Winnipeg (Mich Kabay) Phone Phreaking Explored (Steve O'Keefe) International Cryptography Institute 1995 (Dorothy Denning) 12th Annual ISSA Conference & Exposition (Jack Holleran) RISKS-16.76 24 January 1995 CERT Advisory CA-95:01.IP.spoofing.attacks.and.hijacked.terminal.connections More on the new CERT advisory (Steve Bellovin) Bouncemail (Phil Agre) Another post office stamp machine story (they *almost* got it right!) (Jonathan I. Kamens) RISKS-16.77 30 January 1995 UK Cabinet Secret on National ID Card Found in Surplus Store (Li Gong) Perils of Call Forwarding (Stephen Thomas, Quentin Fennessy) Deutsche Telekom offices searched (Mich Kabay) My life as "uucp@aol.com" (Uucp@aol.com) Risks of reusing accounts (Charlie Shub) From the cat file (Andrew Koenig) Another stamp machine story (John Kriens) The risks of Risks (Fritz Knabe, Haritini Kanthou) ACSAC '95 Call for Papers and Participation (Marshall D Abrams) RISKS-16.78 2 February 1995 Novel form of interference (Mich Kabay) Attack on glasfibre cables causes Lufthansa delays (Klaus Brunnstein) Anonymous ?? Survey (Dave Moore) Deep Faults with NYNEX default? (Edward P Ravin) Nynex glitch lets Call ID work even if blocked (Dick Mills) "Protect Your Privacy" by Stallings (Rob Slade) Identification technologies (Phil Agre) Automatic file downloads in Seyon (Bruce E. Wampler) Announcement of new mailing list on ethical issues (Bashir Jiwani) CFP: 3rd International Workshop on Feature Interactions (Nancy Griffeth) RISKS-16.79 8 February 1995 Proposed Virginia law on self-disabling software (Jeremy Epstein) Cellular Phone Security (Chip Seymour) Japanese bank workers steal 140 million yen by PC (Mich Kabay) Road pricing in Singapore (Phil Agre) InfoWar Level II in Miami (Mich Kabay) Phone switch bug causes alarm among NM officials (Mich Kabay) Telephone RISKS (Ry Jones) Risks in computerized cockpits (Rob Horn) Concatenating phrases produces confusing results in bank responses (Daniel P. B. Smith) More from the cat file (Phil) 1996 ACM COCCS call for papers (R.F. Graveman) RISKS-16.80 13 February 1995 German Railway Wage Woes (Debora Weber-Wulff) Risks of modern newspaper article composing or editing? (Thomas A. Russ) Portuguese E-cash (Kent Borg) Long-Distance Debit Cards (Len Bauer) Risks of remote printing through a network (Skyruner) Risks of Third-Party-Billed Calls (Micah Altman) Re: Info War II in Miami (Jim Huggins) Re: Road pricing in Singapore (Mats Ohlin) New service for Risks Forum members (Frederick B. Cohen) Security and Privacy Program (Catherine A. Meadows) RISKS-16.81 14 February 1995 Stolen ATM Card nets $346,770 (David Tarabar, Jerome Whittle) Sweden-Pedophiles-Internet (Mich Kabay) A RISKy place on the Web (Stephen R. Savitzky) Rumors in Cyberspace (Adam Shostack) Priests told to keep cell phones out of confession (Mich Kabay) Cellular phones (Chaim Seymour) Web Page copying reader's system information (Brian Leibowitz) RISKS of posting to newsgroups (A. Padgett Peterson) Good Pentium Followup (Martin Minow) Invisible blue zone (Jeff Jonas) RISKS of third-party-billed calls not uncommon (Tony Yip) Self-disabling software (Jerry Leichter, Bob Brown) What "RISKS of Third-Party-Billed Calls"? (Gary Beckmann, PGN, GB) Re: attack scanning (Stephen Kelley, Frederick B. Cohen) RISKS-16.82 17 February 1995 New York Parking Meters In Violation of Federal Law (A. Padgett Peterson) Big Brother in the Big House (Peter Wayner) Computer aids in predicting death (Lauren Wiener) Hacker Mitnick arrested (Jim Griffith) Computer addiction and the 6 O'Clock News (Rob Slade) New Area Codes & PBX Programs (Mich Kabay) E-mail risks (Vincent Gogan) Re: Self-disabling software (Bruce Johnson) Re: Invisible blue zone (David Stodolsky) CERT Advisory CA-95:04.NCSA.http.daemon.for.unix.vulnerability RISKS-16.83 21 February 1995 Denver's Computerized Baggage System Finally Works (NYT via Edupage) Cyberbandits in Europe (CommunicationsWeek via Edupage) Perfect (?) Office Bug can cause harm (Gary Gillard) I can't help but say more about this addiction thing. (Peter Ladkin) Sparc10 keyboards and resetting the CPU (Carlos M. Puchol) Married by computer (Scott Sterner) UPS not quite so uninterruptable after all (Mark Frank via Jerry Leichter) Risks of generalized designs (Jim Griffith) Stolen ATM Card nets $346,770 (Rich Wells) Re: JUDGES-L (Peter da Silva) "PGP: Pretty Good Privacy" by Garfinkel (Rob Slade) The Coming Plague (Peter Wayner) Scan results (Frederick B. Cohen) Symposium on medical records (Phil Agre) NCSA Conference: Security on the I-Way (Mich Kabay) RISKS-16.84 24 February 1995 Old manuals, new features = security holes (Christopher Klaus) Software Firm is Victim of Virus (Timothy Hunt) National Cryptography Policy: Call for Input and Public Meeting (Herb Lin) CapAccess compromised (Mich Kabay) Major file corruptions (Charles M. Preston) Compact fluorescent lights (Edward S Suffern) EU office distributes Galicia virus (Klaus Brunnstein) Call for Papers, Risks in End-User Computing, HICSS '86 (Ray Panko) RISKS-16.85 24 February 1995 Another police sting based on a freebie video offer (Clive D.W. Feather) More Security Problems on the Internet (Edupage) "E-Mail Security" by Schneier (Rob Slade) *BUGS in Writing: [...] Debugging Your Prose*, by Lyn Dupre (Bob Donegan) Re: CERT Advisory CA-95:04.NCSA.http.[...]vulnerability (Timothy Hunt) Re: Perfect (?) Office Bug can cause harm (Keith Schengili-Roberts, (Jerome Whittle) Re: Sparc10 keyboards and resetting the CPU (Tarl Neustaedter) Re: Major file corruptions (George C. Kaplan, George Buckner, Kenneth Albanowski) Re: JUDGES-L (David Stodolsky) RISKS-16.86 3 March 1995 What Goes Intuit May Not Come Out the Same Taxwise (PGN) Apple Settles RSI Claim (Edupage) Apple Settlement Due to Lawyer Error (Edupage) More Security Problems on the Internet (Edupage) Encryption Lawsuit Filed in California (Edupage) Anti-Cyberporn [Exon] Bill Introduced (Edupage) Home Gambling Network (Mich Kabay) Losing your Marbles and your Barings (Peter Wayner) UK National Audit Office report on computer misuse in government (Brian Randell) Re: Perfect (?) Office Bug ... (Matt Cockerill) Blaming the victim for money stolen with lost ATM card (Elizabeth Schwartz) Sick Medicare Scanner (Judith Seeger) Interstate Panopticon (Phil Agre) Risks of living on the left side of the continent (Rob Slade) RISKS-16.87 7 March 1995 Authentication: (1) Vienna Marathon 1995; (2) Lotus Notes (Li Gong) Sexy photos just computer glitch (Louis Todd Heberlein) The source of semantic content (Erann Gat) Government of Singapore (Robert Ashcroft) Happy Michelangelo's Birthday (PGN) Microsoft and Lotus spreadsheet errors (Timothy Hunt) Spreadsheet Errors working paper available (Ray Panko) 6-cent T-shirts (Jeremy Stieglitz) Risk system comes too late to prevent Barings' collapse (Jeremy Stieglitz) Securities (Bob Frankston) Barings: Greenspan quote (Frank E. Carey) Re: Compact Fluorescent Lights (Mike Farringdon, Carl Maniscalco, Osma Ahvenlampi) RISKS-16.88 8 March 1995 Caller ID Ghosts (Jim Huggins) Interesting cellular news from Pakistan (Abhijit Dutta via Ben Burch) Re: Microsoft and Lotus spreadsheet errors (Barry Margolin) Re: Confused remotes (Philip H. Smith III) Re: The source of semantic content (Steven Tepper, A. Padgett Peterson, Barry Margolin, Jeremy Epstein, Jon Krueger, Tim Kolar, David Harpe) Re: Sparc10 keyboards and resetting the CPU (A. Harry Williams, Simson L. Garfinkel, Ed Bruce, Mark Stalzer, David Honig) RISKS-16.89 10 March 1995 Celsius-to-Fahrenheit conversion risk (Michael Tobis) Two on net porn charges (Jonathan Bowen) Re: 6-cent T-shirts (Evelyn C. Leeper) Re: Remote-Control Risks (Mike Cavanagh) Consumer electronic problems (Les Hatton) Can Pakistan Eavesdrop in America? (Peter Wayner) Sow's Ear from a Purse (Joseph H Presley) Resetting BSD/OS is easy as resetting MS-DOS (Re: Sparc10) (Kenji Rikitake) Re: Microsoft and Lotus spreadsheet errors (Tony Lauck) Loss of one of the X-31 research airplanes (Peter Ladkin) PGP Moose: moderator authentication and antispamming tools (Greg Rose) RISKS-16.90 14 March 1995 E-Mail Apology from Prodigy (Edupage) Kiosk prototype fails to deliver in trial run (Bob Frankston) Automatic return fire (Michael J Zehr) Internet providers raided (Kevin Yeung) Internet-Finland Privacy (Lars Arnkil via Bruce Baker) Re: Consumer Electronics Problems (Willie Smith) Mitnick Stole "SATAN" Security Software (Edupage) Re: PGP Moose (Jerry Leichter) Re: Microsoft and Lotus spreadsheet errors (Steve Bellovin, Ken Tindell) The source of semantic content: followup (Erann Gat) Re: Can Pakistan Eavesdrop in America? (Laurence R. Brothers, John R. Moore, Marc Horowitz, P.vanMossel) RISKS-16.91 14 March 1995 Re: PGP Moose -- Not just the headers! (William Oswald) Re: Automatic return fire (Joseph Chew) Scientology Blackmail Risk (John V. Vilkaitis) Viral morality (Rob Slade) [LONG] RISKS-16.92 16 March 1995 Health card rips off ATM for $100,000 (Roy Beimuts) A340 shenanigans (Les Hatton) Mistake of platform-specific instructions (Stanton McCandlish) The Manchurian Printer (Simson L. Garfinkel) [longish] Re: Scientology Blackmail Risk (Lance A. Brown, Jon Green) Re: Internet-Finland Privacy (Michael Jennings) Jumping to conclusions? (Lifeguard) (Peter da Silva) Re: Microsoft and Lotus spreadsheet errors (Bear Giles) Society and the Future of Computing (Phil Agre) RISKS-16.93 20 March 1995 About the "Altona Railway software glitch" (Klaus Brunnstein) Credit-Card Fraud (NYT via Edupage) Keeping buses on time plus a little eavesdropping (Mark Kruse) Does Internet threaten civilization? (Dick Mills) Latent risks of cost-benefit analysis (Phil Brown) Re: Internet-Finland Privacy (Peter Kaiser) Risks of doing date arithmetic early in the year without FP (Peter Ludemann) Phone companies with wrong 555-1212 databases (Frederick B. Cohen) Re: The Manchurian Printer & Prodigy Spies on Users (Frank C Ferguson) Software System Safety Class (Nancy Leveson) First Bank of Internet (FBOI) Opens (Vinn Beigh) RISKS-16.94 21 March 1995 Deutsche Bahnfires continue (Debora Weber-Wulff) Canadian Government Almost Spreads Virus (Colin Perkel) Too high-tech... (Bob Wilson) Reevaluating Our Trust in Computers (Cynthia P. Klumpp) Internet: Threat or menace? (Eric Raymond) Re: Latent risks of cost-benefit analysis (Steve Smith, David Chase) Re: The Prodigious Manchurian (Rob Slade, Bear Giles) Re: First "Bank" of Internet (Steve Holzworth, Rob Slade, Willie Smith) Information Security Tutorials (Sushil Jajodia) AMAST'95 Preliminary Programme available (Pippo Scollo) RISKS-16.95 22 March 1995 UK National Lottery [scratch as scratch can?] (Pete) Re: Too high-tech... (Steven Tepper) Re: Internet: Threat or menace? (Dave Parnas) Risks of one-to-many communication (Vicki Rosenzweig) Latent risks of cost-benefit analysis (Ron Ragsdale) Re: Risks of doing date arithmetic early in the year... (Andrew Marc Greene) Re: Prodigy (Craig Dickson) Re: PGP Moose (Jerry Leichter) FBOI Apology (fwd) (FBOI via Willie Smith) Re: FBOI (Mike Perry, Jonathon Tidswell) Re: NCSA httpd security hole (Timothy Hunt) Citizen's Advice on the Internet (Phil Overy) Re: FBOI and *Security Reviews* (Ross Anderson) RISKS-16.96 22 March 1995 Dan Farmer, SATAN and SGI (PGN) Triggerfish Cellular Phone Tap (John R Henry) RISKS of non-standard interfaces (Ry Jones) Pilot not informed of plane's intended destination (Mike Crawford) Snake Oil and Grantsmanship (Douglas W. Jones) Profiting from misdialed numbers (Matt Weatherford) Re: A340 incident at Heathrow (Peter Ladkin, John Rushby) Re: FBOI (Mike Crawford) RISKS-16.97 24 March 1995 SUMMARY OF RISKS VOLUME 16 (2 May 1994 to 24 March 1995) ------------------------------ End of RISKS-FORUM Digest 16.97 ************************