Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit precedence: bulk Date: 31 Dec 2007 Subject: Risks Digest 24.00 (24.94), Volume 24 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Volume 24 : Issue 00 (94) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 24 (10 Aug 2005 to 30 Dec 2007) (NOTE: This summary is archived in ftp file risks-24.00 at ftp.sri.com, cd risks, and is also at http://catless.ncl.ac.uk/Risks/24.00.html.) ---------------------------------------------------------------------- Date: 17 Oct 2007 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request@csl.sri.com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact . => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: for browsing, or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ RISKS 24.00 Subject: SUMMARY OF RISKS VOLUME 24 (10 Aug 2005 to ...) (archived in ftp file risks-24.00 and risks-24.94) RISKS 24.01 Wednesday 10 August 2005 Russian remote controlled submarine failure (Martyn Thomas) Caltrans screwup (PGN) Lightning causing problems for lightning-detection system (Klaus Johannes Rusch, PGN) Navy jet has severe brake failure (PGN) US Navy to drop paper charts (Scott Peterson, PGN, Scott Peterson) Social Security Administration sends cards to the wrong place (Jonathan Kamens) German social services software drops changes (Debora Weber-Wulff) Hermann Chinery-Hesse and software in Ghana (James H. Haynes) Greeting answering machine! (R H Draney via Mark Brader) Every odd digit of number A, even digit of number B (Dan Jacobson) The risks of cell-phone auto-spellers (William Colburn) Credit-card obfuscation (William Colburn) Re: Car computer systems at risk to viruses (Adam Laurie) Re: Increasing sophistication of phishing spammers (Jonathan de Boyne Pollard) Re: Timezones and appointments (Sean Smith, Przemek Klosowski) Re: New Microsoft anti-piracy program circumvented (Peter Gregory) REVIEW: "File System Forensic Analysis", Brian Carrier (Rob Slade) RISKS 24.02 Sunday 28 August 2005 The Time Has Come: Taking Our Issues to the Public (PGN) Customs Computers Fail (Chuck Weinstock) 10th "planet" discoverer shares a secret a bit earlier than planned (George Swan) Hospital struck by computer virus (Andrew Brydon) USAF personnel database compromised (Ross Stapleton-Gray via Dave Farber) Students face punishment for computer tampering (Thom Kuhn) Cellphone carriers can listen in through your phone (Ryan Block via Dave Farber) No inspection record, lack of human contact, or something else? (Mythdraug) Risks of First UTC Leap Second in 7 Years (Dave Glicksberg) Teacher concerns over L.A. school computerization project (Lauren Weinstein) Re: Navy jet has severe brake failure (Carl F) Bad password practices (Jeremy Epstein) Risks of Bluetooth pirates? (Andre Kramer) Re: Risks of REAL ID: incorrect (Charles P. Lamb) Re: US Navy to drop paper charts (R A Lichtensteiger) Re: Slade's review of "File System Forensic Analysis", Brian Carrier (Simson Garfinkel) RISKS 24.03 Wednesday 7 September 2005 Katrina's telecom damage tops $400 Million; repairs may take months (Monty Solomon) Cockpit confusion found in Cypriot airliner crash (Lindsay Marshall) Flight Control System Software Anomalies (Peter B. Ladkin) Ships relying on GPS-based systems (Peter B. Ladkin) VT Gas pumps give up at $3/gallon (Monty Solomon) UK Elections: Web and text vote trials dropped (Chris Leeson) German social services software with new, costly errors (Debora Weber-Wulff) Not guilty because of system deficiencies (Debora Weber-Wulff) The FBI Virtual Case File and other disasters (jhhaynes) Mercedes car-door locking functionality (Leon Kuunders) Re: Risks of Bluetooth pirates? (Vassilis Prevelakis) RISKS 24.04 Friday 16 September 2005 Nation's Critical Infrastructure Vulnerable to Cyber Attack (U.S. House Science Committee) Katrina -- predictions before and response after (Inman Harvey) Health Records Of Evacuees Go Online (Jonathan Krim) One radio frequency for emergency services (Fred Cohen) LA power outage (PGN) Public Call for Skype to Release Specifications (Lauren Weinstein) WebGoat 3.7 - Application Security hands-on learning environment (Jeff Williams) National Academies/CSTB report on Electronic Voting (Herb Lin) Gmail security flaw: acts on javascript in unopened e-mail (Suw Charman) Re: Risks of REAL ID: incorrect (Steven M. Bellovin) CardSystems Complies With Industry Standards (Curt Sampson) REVIEW: "Forensic Discovery", Dan Farmer/Wietse Venema (Rob Slade) RISKS 24.05 Friday 30 September 2005 Software hijacks jet airliner ... again? (Charles Wright) Airbus, Whistleblower Dispute A380 Pressurization Controls (PGN) Metra Rail accident in Chicago (Andy Steingruebl) Katrina victims required to use Microsoft IE (Douglas W. Jones) Travelers Continue to Struggle with Wrongful Watch List Matches (EPIC FOIA Notes) Scots Jail hi-tech door locking system broke (George Michaelson) Risks of keyboard shortcuts (Andrew Koenig) Designing "safe software"...: A 4-star article! (Michael Radow) Sorcerer's Apprentice in the Driver's Seat?? (David Lesher) Mea culpa: How we got it wrong on Calling-Number ID (Geoff Kuenning) Open letter: Why "dot-xxx" is for Chumps (Lauren Weinstein) Router worms and International Infrastructure (Gadi Evron) Wolf Blitzer repeats Rudy in questioning governors (Fred Cohen) RISKS 24.06 Wednesday 5 October 2005 Google, Privacy, and Masochism (Lauren Weinstein) Legal docs expose various risks in routine Diebold maintenance in NC (Joseph Lorenzo Hall) Car and van collide (Kathy Uek via Monty Solomon) Y2K glitches linger (George C. Kaplan) Windows delete command can fail silently (Diomidis Spinellis) Buffer overrun in television sets (Matt Roberds) Why telephone "Caller ID" is actually now even worse than we expected (Lauren Weinstein) Re: Mea culpa: How we got it wrong on CNID (Kelly Bert Manning) Windows and USB devices (Mike Swaim) Router worms and International Infrastructure (Gadi Evron) D.C. Red-Light Cameras Fail to Reduce Accidents (Monty Solomon) Re: Katrina victims required to use Microsoft IE (Michael Bacon) Re: Kitten on the keys... (Andrew Koenig) CCSA Fall Symposium Call for Participation 3 Nov 2005 (Michel Kabay) RISKS 24.07 Thursday 13 October 2005 Takeoff at Logan aborted by errors (Mac Daniel via Monty Solomon) Faulty radar serving Logan leaves thousands stranded (via Monty Solomon) Translation can be hazardous to your identity? (Mark Brader) NOAA's radio transmitters missing backup power (Danny Burstein) The number 7 blocks Belgian ATM machines (Lindsay Marshall) We are from the /Greek/ government and we are here to help. Really! (Vassilis Prevelakis) Risks of Web 2.0, or, the MySpace worm (Paul Bissex) Unusually slick phishing attempt (Nickee Sanders) Re: Airbus, Whistleblower Dispute A380 Pressurization Controls (Kurt Doppelbauer) Re: B777 incident (Peter B. Ladkin) "One Frequency" (Jay R. Ashworth) Re: Windows delete command can fail silently (Joe Loughry) Re: Mea culpa: How we got it wrong on CNID (Geoff Kuenning, Jon A. Solworth) Criticism of Caller ID Well Founded (Robert Ellis Smith) RISKS 24.08 Wednesday 26 October 2005 Colleges protest call to upgrade online systems (Sam Dillon/Stephen Labaton) Printer steganography (Mike Musgrove) Meso-Mess: German registration office -- Just leave us alone! (Debora Weber-Wulff) Keep your eyes on the road! (Peter Scott) Internet banking risks need fixing (Monty Solomon) Mileage sign errors (Monty Solomon) OARS privacy problems (Nanette Asimov) Membership database from bankrupt User Group to go to highest bidder (Dale E. Coy) BlackBerry Thumb (PGN) Woman summoned to court over unread Oyster card (Nick Rothwell) Cingular says: "No password needed" is a Good Thing! (Steve Fenwick) How ATM fraud nearly brought down British banking: phantom withdrawals (Andrew King) ACM e-mail looks like Phishing -- again! (James Garrison) UK electoral registration security issues (Mike Williams) Interest Earned at a bank not the same as Interest Paid (Keith Price) Criticism of CNID well founded (Robert Ellis Smith) Re: Windows delete command can fail silently (Erling Kristiansen) CfP: Human-Computer Interaction in Aeronautics (Chris Johnson) Mark Stamp, Information Security: Principles and Practice (PGN) RISKS 24.09 Thursday 17 November 2005 Berlin tunnel control fail-safe fails for good (Debora Weber-Wulff) Software bug crashes Japanese stock exchange (Mark M Bennison) Flight Booking System Can't Recognise February 29 (Chris Brady) Fun with Daylight Saving Time (William Reitwiesner) Computer Glitch Lets Prisoners Out Early (Craig S. Bell) Radio signal keeps gates and garage doors closed (Bob Heuman) T-mobile erratic behavior (M. Barnabas Luntzel) Freddie Mac profits misstated due to software error (Jeremy Epstein) Some Fast Lane accounts double-billed (Mac Daniel via Monty Solomon) Sony CD DRM Blow-Up Continues -- Recalls Ordered, Lawsuits Possible (Lauren Weinstein) GPS tracking with Google Maps (Monty Solomon) 'Splogs' Roil Web, and Some Blame Google (David Kesmodel via Monty Solomon) Whither Goes Google? (Lauren Weinstein) Amex Blue Chip magic! (Lindsay Marshall) UK Police Vehicle Movement Database (Alan Fitch) My approach to CLID / 'phone number privacy issues (Paul Wexelblat) Re: Cingular: "No password needed" ... (Kevin Kadow) Two books of possible interest (PGN) RISKS 24.10 Wednesday 23 November 2005 Voting glitches from the 7 Nov 2005 Election (Joseph Lorenzo Hall) Mode error leads to recall of medical device (Richard I Cook) When switching to backup systems is too costly (Alan Powell) In-car GPS navigation - when it causes an accident (Mike Scott) Bank Shares Suspended After Annual Results Released Early (David Shaw) They needed a real firewall! (Jeremy Epstein) UNH alumni directory misreports 500 deaths (via Monty Solomon) "Chip and PIN" - whose goods are you paying for? (Andrew Law) More Excel risks (Patrick O'Beirne) Irony in certificate-land (Jeremy Epstein) Risks of applying to law school (Tony Lima) Producing Error-Free Software is Hard (J H Haynes) US Military removes Word documents from the Web? (Diomidis Spinellis) RISKS 24.11 Wednesday 7 December 2005 Hospital operates on wrong patient (Walter F. Roche Jr.) Mercedes brake test fiasco (Andre Kramer) Tens of thousands mistakenly put on terrorist watch lists (Anne Broache via Richard M. Smith) Security Flaw Allows Wiretaps to Be Evaded, Study Finds (John Schwartz and John Markoff via David Farber) DHS-Sponsored phishing report (Aaron Emigh) Poorly designed online interfaces make identity theft simple (Marty Lyons) School psychologist's student records accidentally posted online (Monty Solomon) Plain-text passwords: as RISKy as you'd think (Steve Summit) Y2K++ (Jim Horning) Risks of naive date calculation (Mike Albaugh) Bye Bye BlackBerry? (Ian Austen via Monty Solomon) SafetyText (Nick Brown) Data disasters dog computer users (Amos Shapir) Online tax credit system closed (Amos Shapir) Re: Some Fast Lane accounts double-billed (Steve Summit) Stop speeding using a GPS? (Jeremy Epstein) Re: In-car GPS navigation (Henry Baker, Derek P Schatz, Ian Chard, Jack Christensen) Re: UK Police Vehicle Movement Database (Identity withheld, mathew) RISKS 24.12 Monday 12 December 2005 Unmanned shuttle system suspended after collision (Gerrit Muller) EFF sues North Carolina over electronic voting-machine certification (Peter Ludemann) A Little Sleuthing Unmasks Writer of Wikipedia Prank (Katharine Seelye via PGN) False WHOIS Data Still Bedevils (Jim Wagner) Miniature Golf Course on Terror Target List (Paul Saffo) Trouble for LAPD computer system (Dan Laidman via PGN) Trading Error Leads to $225 Million Loss for Japanese Firm Bulls or bears? Depends on parameter order (Jeremy Epstein) Anti-piracy gone awry in MacInTouch (Monty Solomon) Electronic Switch Fire Exits / Uniform Fire Code (Daniel Norton) Privacy implications of Microsoft's Windows Live Local (David Pescovitz via Monty Solomon) Live Tracking of Mobile Phones Prompts Court Fights on Privacy (Matt Richtel) Letter to Employees about Benefits from Meijer (James Bauman) Re: In-car GPS navigation (William Ehrich) Re: Y2K++ (Paul E. Ford) RISKS 24.13 Wednesday 28 December 2005 Oil blaze hits hospital systems (Paul Bennett, Pete Mellor) The drunks may save our election system (Danny Burstein) Risks of spreadsheets (Fernando Pereira) James Reason on Absent-mindedness and risk management (James Cameron) Yet another leap year error (Bruce Hamilton) Kansas Lottery Picks Same Number Three Nights in a Row (PGN) No one lost or made $225 million... (Bob Heuman) Re: A Little Sleuthing Unmasks Writer of Wikipedia Prank (Ian Halliday) Re: In-car GPS navigation (Gary G. Taylor, Dan Jacobson, Sean Dunn, Alex Colvin) Re: False WHOIS Data Still Bedevils (Dag-Erling Smřrgrav, Dave Bell) Re: Miniature Golf Course on Terror Target List (Rick Jones via PGN) Countering Trusting Trust through Diverse Double-Compiling (David Wheeler via Curt Sampson) REVIEW: "The Art of Computer Virus Research and Defense", Peter Szor (Rob Slade) RISKS 24.14 Wednesday 4 January 2006 United airlines computer out/r/age (Mark Seiden) Cat dials 911, saves owner (Amos Shapir) System fakes prisoner releases (Peter Scott) Marriott customer data for 200,000 missing (Monty Solomon) Another calendar error (Bruce Stein) Greenpeace donation transfers accidentally multiplied by 100 (Nick Rothwell) PDF documents can leak image data (Geoff Kuenning) Re: The drunks may save our election system (Tanner Andrews) Re: Kansas Lottery Picks Same Number Three Nights in a Row (Aaron Emigh) Re: Double compiling for debugging (Ken Knowlton) Never write checks on your birthday (Bob Mehlman) Re: Sat nav systems (Graham Reed) Expedia doesn't understand phishing (Art) False positive on check (F John Reinke) REVIEW: "CyberTerror", R.J. Pineiro (Rob Slade) RISKS 24.15 Saturday 28 January 2006 Google's Search Query Log vs. China Censoring: Perceptions Matter! (Lauren Weinstein) NSA on redacting Word and PDF documents (dmagda) NTSB report on Southwest Airlines crash (Joe Thompson) United computer failure (Steve Wildstrom) H&R Block blunder exposed SSNs (Leigh Blankenship) "Analog Hole" Bill to impose secret requirement? (Randall) NSA explains how to redact documents electronically (Steven M. Bellovin) Phone calling records for sale instantly (Lauren Weinstein via PGN) 'Hacker' held over U.S. Navy breach (Bob Heuman) Bank loses tape with personal information on 90,000 customers (John Christoffersen via Monty Solomon) Re: Bank loses tape with personal information on 90,000 customers (Dan Shoop) Another finger goof at the Tokyo Exchange, Lower loss, wrong company! (Bob Heuman) E-mail and the courts (Art T.) Cisco, haven't we learned anything? (Gadi Evron) REVIEW: "Rootkits", Greg Hoglund/James Butler (Rob Slade) RISKS 24.16 Wednesday 15 February 2006 Ameriprise's stolen laptop had data on 230,000 (PGN) Another example of missing plausibility checks: $8M tax bill (Jeremy Epstein) Video of my "Internet and Empires" talk at Google (Lauren Weinstein) E-mail glitch hides $3.98 billion in Air Force deals (Scott Peterson) New U.S. grant system excludes Mac users (Rick Weiss) Hacker attacks on Danish websites (Klaus Brunnstein) A List of Spreadsheet Errors (Gene Wirchenko) Re: "NSA on redacting Word and PDF documents" (Matt Jaffe) Re: "NTSB report on Southwest Airlines crash" (Peter B. Ladkin, dwikstrom) Gary McGraw on Software Security (PGN) REVIEW: "Information Security: Principles and Practice", Mark Stamp (Rob Slade) REVIEW: "Ending Spam", Jonathan A. Zdziarski (Rob Slade) RISKS 24.17 Monday 27 February 2006 On learning from accidents (Don Norman) Comparative Crash Management: OMX and TSE (Colin Brayton) A Malfeasant Design for Lawful Interception (Diomidis Spinellis) Active Content: Bad idea. Bad. (Rob Slade) Even security companies get the blues (Jeremy Epstein) Student records left exposed after computer glitch (Andrew King) 325,000 Names on Terrorism List (Daz, Robert Alberti) Behind the smoke screen of Internet and International Infrastructure (Gadi Evron) The risks of using cell phones while driving (Nico Chart) Some risks can be good for you, Re: redacting (Richard Karpinski) BOOK: Schumacher et al: Security Patterns: Integrating Security and System Engineering (PGN) REVIEW: "Role-Based Access Control", Ferraiolo/Kuhn/Chandramouli (Rob Slade) RISKS 24.18 Monday 6 March 2006 Cockpit usability (David Magda) Risks of using computers in airplanes (Yvo Desmedt) NJ Bill Would Prohibit Anonymous Posts on Forums (Lynn) Desktop-to-mobile Malware (Peter B. Ladkin) Re: Active content: Bad idea. Bad. (Paul Wallich) Re: On learning from accidents (Hamish Marson, Jurek Kirakowski, George C. Kaplan) New Security Paradigms Workshop: Call for Papers (John McDermott) 2006 USENIX Annual Technical Conference (Lionel Garth Jones) REVIEW: "Practical Internet Law for Business", Kurt M. Saunders (Rob Slade) REVIEW: "CyberRegs", Bill Zoellick (Rob Slade) RISKS 24.19 Friday 10 March 2006 Technical Problems Cause Errors in SAT Test Scores (Karen W. Arenson via PGN) Officials Say Scoring Errors for SAT Were Understated (Karen W. Arenson via Monty Solomon) Watered-Down SAT Scores! (Chuck Weinstock) Complexity causes 50% of product returns (PGN) Onboard Emissions Chip Major Malfunction (Colin Brayton) Excel garbles microarray experiment data (Mark Liberman) Citibank Blocks Some Debit-Card Use Abroad (Monty Solomon) Government surplus sale yields personal data (Karl Klashinsky) Australian National Credit Union Limits Internet Passwords (evant) More stupid high-tech legislation in NJ (Walter Dnes, Tanner Andrews, Rex Black) Re: On learning from accidents (Martyn Thomas, Jerome Ravetz, Perry Bowker, Richard Karpinski) Insecure APC BioPod (Gabe Goldberg) RISKS 24.20 Friday 17 March 2006 A risk of laparoscopy (Barnaby Feder) Security flaws could cripple missile defense network (Bob Brewin via Gabe Goldberg) Tesco advertising SMS unsubscription requires loyalty card membership (Toby Douglass) Elevator software risk (Toby Douglass) When trusted systems fail (Steve Summit) It's now a crime to delete files (Scott Peterson) CIA Covert Agents found using fee based searches by Chicago Tribune (R.S. (Bob) Heuman) Another Paypal scam, social engineering against ethical people (Mark Batten-Carew) Mindless precision (Andrew Koenig) Re: Complexity causes 50% of product returns (Henry Baker) Re: Excel garbles microarray experiment data (D. McKirahan, Philip Nasadowski, John Deltuvia, Devon McCormick) Australian emergency number has incorrect address information (Josh Parris) IEEE Symposium on Security and Privacy, Program (Cipher Editor) Call For Proposals: Data Surveillance and Privacy Protection workshop (Simson Garfinkel) RISKS 24.21 Thursday 23 March 2006 More SAT errors (Jeremy Epstein) Texas voting recount halted (David Lesher) Baby dies after untrained doctor presses wrong button (Adam Hupp) Tax Data for Sale? (Chris Hoofnagle) Fidelity laptop with customer data stolen (Bob Heuman) Fidelity loses laptop, recovery effort looks like phish (Larry Stewart) Risks: adoption vs. abortion? (Harry Hochheiser) How risky are preapproved credit card applications? (Steve Summit, Mark Brader) Re: Crime to Delete Files (Sidney Markowitz) Re: Excel garbles microarray experiment data (Fernando Pereira, Dimitri Maziuk, Tim Duncan, Nick Malcolm, Olaf Seibert) Risks of frequent publication (Rob Slade) OSDI '06 CfP (Geoff Voelker) Call for Participation - Team Software Process Symposium (Carol Biesecker) REVIEW: "Network Security Tools", Nitesh Dhanjani/Justin Clarke (Rob Slade) RISKS 24.22 Saturday 1 April 2006 Motorist trapped in traffic circle for 14 hours (Don Norman) Airbus A380 Evacuation Test (Peter B. Ladkin) Boeing B777 flight control anomalies (Peter B. Ladkin) Cartography dream realized (Don Norman) On the SAT errors (PGN) Re: More SAT errors (Richard Outerbridge, Steve Schafer) Man is charged $4,334.33 for four burgers (PGN) Offshore outsourcing cited in Florida data leak (Robert McMillan) City Manager Confuses Default Error Message for "hack" (Ashlee Vance) The Spider of Doom (Alex Papadimoulis via Joe Loughry) The 2005 Helios B737 Crash - A test for Don Norman's Thesis? (Peter B. Ladkin, Don Norman) RISKS 24.23 Tuesday 4 April 2006 Three days of San Francisco BART upgrade crashes (PGN) Nashville airport X-ray baggage screeners offline: "software glitch" (Carl G. Alphonce) IT Corruption in the UK (Jerome Ravetz) "Invisible fences" pose risks for dogs from coyotes (Philipp Hanes) Computer problems with voting system (Danya Hooker via Dana A. Freiburger) eFax/J2 opens door to expensive Joe-jobbing (Dallman Ross) Fake E-Mail Topples Japan Opposition Party (Hans Greimel excerpt) phishing@irs.gov (Al Macintyre) Maplin gives "How To..." advice on Wireless Networks (Chris Leeson) Rootkit: erosion of terms? (Rob Slade) Error bounds on estimated probabilities (Jacob Palme) Re: Excel garbles microarray experiment data (Przemek Klosowski) Re: It's now a crime to delete files (Crispin Cowan) Re: The Spider of Doom (Steve Summit) Re: The 2005 Helios B737 Crash - A test for Don Norman... (Martyn Thomas, Tom Watson, noone, Eric T. Ferguson) Re: Man is charged $4,334.33 for four burgers (Mark Feit) RISKS 24.24 Wednesday 12 April 2006 Casino can reprogram slot machines in seconds (PGN) Deleting May Be Easy, but Your Hard Drive Still Tells All (Eric Taub via Monty Solomon) Man Gets $218 Trillion Phone Bill (Les Hatton) Borders with Customs computers (David Magda) Australian police inadvertently reveal e-mail addresses/passwords (Mike Martin) The risks of scaling incompetence to big numbers (Poul-Henning Kamp) Secure colocation in the North Sea (Dan Jacobson) Classified military documents exposed through file sharing (Diomidis Spinellis) Unexpected Internet Explorer behaviour when copy/pasting (Pierre Pierre Blais) Re: Three days of San Francisco BART upgrade crashes (Martyn Thomas) Re: Rootkit: erosion of terms? (Steven M. Bellovin) Washington voting hijacked by computer mischief (Peter Gregory) Computer problems with U.Wisconsin voting system (Dana A. Freiburger) Risks of email-to-fax services (Jim Youll) Re: Man is charged $4,334.33 for four burgers (Martin Ward) Helios B737 Crash (Michael Loftis, David Alexander) RISKS 24.25 Tuesday 18 April 2006 IE Changes Due: What You Can Expect (Gregg Keizer via Monty Solomon) New Microsoft Patch Breaks Web Pages -- On Purpose! (Lauren Weinstein) How to lose 10,000,000 pounds (Mike Williams via Mark Brader) Norwegian bank has problems moving customers to new platform (Vetle Roeim) Hong Kong: Former police complainants exposed on the Internet (John Kane) Embedded Bug Detection (Al Mac) Oxygen and autopilots (Andrew Koenig) Another near-disaster due to vehicle automation (Pete Mellor) Re: Another near-disaster due to vehicle automation (Don Norman) Re: IT Corruption in the UK (Lem Bingley) DNS Amplification Attacks (Gadi Evron) Re: "routine" system failure (Ken Knowlton) RISKS 24.26 Thursday 27 April 2006 MV-22 Tiltrotor Crash, March 2006 (Peter B. Ladkin) Verizon's Aggressive New Spam Filter Causing Problems (From Slashdot) Congress readies new bill to expand DMCA, not shrink it (Declan McCullagh) Triple DES Upgrades May Introduce New ATM Vulnerabilities (Redspin) Another security/privacy breach at the University of Texas (PGN) Super Bowl ticket scam (Connie Paige via Monty Solomon) Opticon: A cheap way to get to work faster (Jeremy Epstein) Radar for your PC (Erling Kristiansen) RFID Zapper (Al Mac) Personal Electronic Devices on Commercial Aircraft (Peter B. Ladkin) PDF Hell for SA Bank (Colin Brayton) Honeypot Cars (Dawn Cohen) CfP: IEEE S&P special issue on malware (Ivan Arce) RISKS 24.27 Monday 1 May 2006 Sounding the Alarm on Government-Mandated Data Retention (Lauren Weinstein) Scarily Prophetic Ad (Daniel Graifer) New Private Investigator laws for e-USA (Al Macintyre) Japanese Newspaper subscriber information leaked to Internet (Glenn Story) Drexel personal information on stolen laptop (Leonard Finegold) Data storage firm apologizes for loss of railroad data tapes (Monty Solomon) TSA: Computer glitch led to Atlanta airport scare (Patrick J. Kobly) 911 call show wrong address (John Curran) Driven to distraction: cellphones (Monty Solomon) Re: Man Gets $218 Trillion Phone Bill (Mathew) Re: PDF Hell for SA Bank (Seth Breidbart, Jan Vorbrüggen) Trivia -- Truth Stranger than Fiction? (Chris Drewe) Re: RFID Zapper (Jan Vorbrüggen) Re: Triple DES Upgrades (Richard Outerbridge) Re: Honeypot Cars (Paul Robinson) RISKS 24.28 Thursday 11 May 2006 The Problem of Test-Induced Failure & the Space Shuttle (Harry Crowther) BA website discloses passenger passport numbers and DoB (Adam Laurie) Open Letter to Google on Privacy (Lauren Weinstein) Fraud in tampering with tamper-proof chip-and-PIN equipment (Nick Rothwell) Re: Triple DES Upgrades May Introduce New ATM Vulnerability (Jim Daley, (Bill Cheswick) NYPD deputy inspector caught rigging crime statistics (Ed Ravin) Google Captcha (Mark Johnson) Re: 911 call show wrong address (Ray Arsenault) Bell inadvertently blocks 1-866 numbers (Rod Davison) Re: Scarily Prophetic Ad (John Linwood Griffin) Re: New Private Investigator laws for e-USA (Stanley F. Quayle) In Wake of SAT Errors, Senator Seeks New Rules on College Testing (Karen Arenson via Monty Solomon) Spelling (Richard S. Russell) REVIEW: "Governance Guidebook", Fred Cohen (Rob Slade) RISKS 24.29 Friday 26 May 2006 Amtrak halted by power failures (Patrick McGeehan via PGN) Vast Data Cache About Veterans Has Been Stolen (Monty Solomon) NASA's DART spacecraft smashes into satellite (Alicia Chang via PGN) Predator UAV crash: switchology mistake (Mark M. Newton) Expensive Australian navy avionics development failure (Rodney Polkinghorne) Premiere of new opera delayed by computer malfunction (Mark Bartelt) Planes, Trains, wait, did that sign say what I think it just said? (Trevor Paquette) National Weather Center - Surface Winds from Bad Data (Ben Kamen) Over-reliance on satellite navigation causes near-tragedy, again (Omri Schwarz) Mandated Data Retention: Noble Goals With Evil Outcomes (Lauren Weinstein) Comcast outage leaves customers without TV, Internet & Phone service (Tim Duncan) Misunderstanding the risks of SSNs (Jeremy Epstein) Re: Another near-disaster due to vehicle automation (Mary Shafer) Re: Triple DES Upgrades May Introduce New ATM Vulnerability (Stephen Kent) Re: RFID zappers: zappers are not a new problem (Jerome Svigals) Re: Spelling (Dale Gombert) Re: Man Gets $218 Trillion Phone Bill (Barry Gold) Workshop on Trustworthy Elections: WOTE 2006 (Peter Ryan) Electronic Voting Technology Workshop at USENIX Security (PGN) RISKS 24.30 Thursday 1 June 2006 EU blocks US access to flight data (Duane Thompson) Computer outage hits Montana state government (Paul Goble) Irish ATM pays double; ethical dilemma (Gerard McCarry) $8 million for self-parking charge (Geoff Kuenning) China fielding cyberattack units (Peter Gregory) College Door Ajar for Online Criminals (Lynn Doan via PGN) Computer c*ck-up finds e-r-e-c-t-i-o-n hard to handle (Nick Rothwell) Why the Democratic Ethic of the World Wide Web May Be About to End (Adam Cohen via Monty Solomon) Risks of Dishonest Hosting Providers (Roger Strong) Nationwide's Website Refuses Customer Feedback (Chris Brady) Black Frog: next generation botnet. No generation spam fighting (Gadi Evron) Symantec Denies 'Highly Severe' Antivirus Flaw (Ed Sutherland via PGN) Re: NASA's DART spacecraft smashes into satellite (Robert P Schaefer) Re: National Weather Center ... Bad Data (Amos Shapir) Re: Comcast outage and backup (Craig Partridge) Re: Cellphones (Les Denham) Re: Google Captcha (Thomas Insel) Re: Over-reliance on satellite navigation (Matt Roberds) Re: Man Gets $218 Trillion Phone Bill (Marc Auslander, Andrew Klossner, Scott Peterson) RISKS 24.31 Monday 5 June 2006 Feds Continue Push For Mandated Internet Data Retention (Lauren Weinstein) Re: Government-mandated data retention (Chris D.) 243,000 Hotels.com credit-card numbers stolen (Robert Heuman) Data files erased at Aznar Government systems (Miguel A Gallardo) Spam King Settles With Texas, Microsoft (Monty Solomon) Risks of formulaic sanitization (Geoff Kuenning) Re: NASA's DART spacecraft smashes into satellite (Peter B. Ladkin) Re: $8 million for self-parking charge (Gabe Goldberg) Re: Nationwide's Website Refuses Customer Feedback (Michael Hogsett) REVIEW: "Software Configuration Management Using Vesta", Heydon et al. (Rob Slade) REVIEW: "Perfect Passwords", Mark Burnett (Rob Slade) RISKS 24.32 Wednesday 14 June 2006 Hospitals have dramatically reduced unnecessary deaths (PGN) Unverified air traffic data (David Magda) Report on security risks of applying CALEA to VoIP (Susan Landau) TIAA Breaches Whistleblower (Al Macintyre) Cybersecurity plan of the Federal government: what a screw-up (Fred Cohen) IRS Laptop Lost With Data on 291 People (Christopher Lee via Monty Solomon) Windows XP update may be classified as "spyware" (Lauren Weinstein) How MS spyware could be used by hackers to disable systems (?) DoE Discloses Data Theft (Ari Ollikainen via Dave Farber) UnSalted Credit Cards (Mark Ennis) Lottery scam spam -- unclear on the concept (Drew Dean) Dental X-Rays go Digital---same old problems (Howard Israel) Silver Bullet: Dan Geer (Gary McGraw) REVIEW: "Software Security: Building Security In", Gary McGraw (Rob Slade) RISKS 24.33 Tuesday 20 June 2006 Backward switches: Genesis slammed to Earth after parachutes failed (Howard Israel) Sunken Ferry Crew didn't know how to use ECS display software (Kelly Bert Manning) Possible Loss of Space Shuttle: 'I think, at that point, we're done' (Harry Crowther) More BART woes: automated train-control system mothballed (PGN) German Federal Civil Court ruling on Robodoc cases (Juergen Fenn) NZ IRD Numbers about to run out (M. Hackett) Fortune cookie bet made Powerball lottery players rich (Howard Israel) Wily crows disconnect wired Tokyo (PGN) Another risk of electromagnetic interference (Tom Philp) Volvo's self braking car (David Magda) Risks of Ajax and Javascript (Charlie Wertz) Ironic risk of using a 'free' mail service (Mike Scott) DoE Discloses Data Theft (Ari Ollikainen) Testing stolen credit card numbers (Walt Daniels) RFID "Best Practices" (CDT via Monty Solomon) Bank's redirector helps phishing (Fred Bone) Microsoft Patches crash IBM Midrange Consoles (Al Macintyre) Re: Man Gets $218 Trillion Phone Bill (Nancy Bogart) Re: Hospitals have dramatically reduced unnecessary deaths (Peter R Cook) Cyberwar (PGN) REVIEW: "Information Security and Employee Behaviour", McIlwraith (Rob Slade) RISKS 24.34 Wednesday 19 July 2006 Computer closes Berlin tunnel again (Debora Weber-Wulff) B747 freighter crash (Peter B. Ladkin) Y2038 bug strikes early (Conrad Heiney) One fewer risk (R.A. Whitfield) Yet another example of accidental disclosure of redacted info (Aaron Emigh) More university data exposures (PGN) Deceiving a computer is now a crime (Vassilis Prevelakis) Risks of increasingly complex hardware/software in rescue gear (Fernando Pereira) Unexpected electromagnetic interference (Ken Winters) Companies still unclear on authentic e-mail transmission (Steve Summit) Re: Sunken Ferry Crew didn't know how to use ECS display software (Joseph A. Dellinger) Re: Microsoft Patches crash IBM Midrange Consoles (Henry Baker, Al Mac) REVIEW: "How to Break Web Software", Mike Andrews/James A. Whittaker (Rob Slade) REVIEW (sorta): "Dictionary of Information Security", Robert Slade (Rob Slade) RISKS 24.35 Thursday 20 July 2006 Air traffic control snafu around LAX (PGN) 20 inspectors suspended over refusing GPS cellphones (Monty Solomon) PlusNet obliterates customers' e-mail (Mary Ellen Foster) IEEE e-mail alias service with Comcast (Pete Klammer) MSN Messenger blocking URLs on server side (Cody B) Dirty Data contaminates Business Decisionmaking (Al Macintyre) Corporate Risks (Al Macintyre) Banks not yet aware enough of phone-phishing (John Pettitt) The Risks of retro computing? (Edward G. Nilges) Risks of relying on the Web in wartime (Tim Chmielewski) Re: Yet another example of accidental disclosure of redacted info (Amos Shapir) Re: Subject: Deceiving a computer is now a crime (David H Smith) REVIEW: "Insider Threat", Eric Cole/Sandra Ring (Rob Slade) REVIEW: "Practical VoIP Security", Thomas Porter et al. (Rob Slade) RISKS 24.36 Tuesday 8 August 2006 Electrical Fires in Queens (R. Mercuri) AOL releases 500K users' search queries -- The Last Straw (Lauren Weinstein with included analysis by Seth Finkelstein) Digital retouching of photos to make a propaganda point (Jeremy Epstein) Voting machines in Ireland and The Netherlands (Erling Kristiansen) Dutch energy company Eneco sends huge bill (Leon Kuunders) Robot car park holds cars hostage (Steve Klein) German road pricing system should help fighting crime, politicians say (Harald Vogt) Unexpected consequences of airport random-screening glitch (Steve Summit) RFID Clonable (Brad Malin via Dave Farber's IP) Re: The Risks of retro computing? (Tom Watson) IEEE e-mail alias service with Comcast (Christopher Stacy) REVIEW: "Symbian OS Platform Security", Craig Heath (Rob Slade) RISKS 24.37 Saturday 12 August 2006 Letter on cybersecurity from Senator Reid to the President (PGN) Survey on putting electronics in checked airline baggage (Lauren Weinstein) More on medical errors (PGN) RFID Guardian (Erling Kristiansen) Search Engine Privacy - Re: AOL gaffe draws Capitol Hill rebuke (Lauren Weinstein) LA power outages? (Dan Jacobson) Your Cable Company -- powered by the guy with the extension cord (Lauren Weinstein) Most college students vulnerable to cybercrime (Al Macintyre) 3.1 million HSBC (Al Macintyre) Re: IBM 1620 - the joys of using punched cards (Chris Brady) REVIEW: "Frauds, Spies, and Lies", Fred Cohen (Rob Slade) RISKS 24.38 Friday 18 August 2006 RFID car keys and insurance (Joshua Levy) Anti-hijack software: what a great idea! (Nickee Sanders) Bit bucket swallows 17 million AU dollars (Rodney Polkinghorne) Sober Warnings About e-Voting Systems (Eric Sinrod via TechNews) The FBI's Upgrade That Wasn't (Eggen and Witte) Your Cable Company -- powered by the guy with the extension cord (Lauren Weinstein) UK bank details sold in Nigeria (Amos Shapir) Another auditor's laptop stolen (Neil Youngman) First conviction in UK for Wi-Fi hijack (Peter Mellor) Can't type? Your Dell laptop battery must be OK! (Dan Miller) Re: 3.1 million HSBC (Thor Lancelot Simon) Re: LA power outages (Scott Peterson) Re: Letter on cybersecurity from the president (Nick Simicich) REVIEW: "Risk Management Solutions ... Compliance, Quarterman (Rob Slade) RISKS 24.39 Thursday 24 August 2006 Pull the Plug on Touchscreens (R. Mercuri) Re: Pull the Plug on Touchscreens (Avi Rubin) More on Diebold, Ohio, and Touchscreens (PGN) Search Engine Privacy Dilemmas, and Paths Toward Solutions (Lauren Weinstein) Centrelink staff busted invading Australians' privacy (David Shaw) TiVo Is Watching When You Don't Watch, and It Tattles (Monty Solomon) The SAFEE Project (Peter B. Ladkin) Re: LA power outages (Kent Borg) At least the extension cord worked (Mike Albaugh) Re: ... Your Dell laptop battery must be OK! (Dave Blake, Brent Kimberly) "IT Security Project Management", Susan Snedaker (Rob Slade) RISKS 24.40 Tuesday 29 August 2006 Russian ATM software error (Morten Krog) Still more over-reliance on satellite navigation (Antonomasia) Silliness in Action: California Poised for Cell Phone Ban (Lauren Weinstein) The risks of your ISP putting ads in your signature (Neil Youngman) Re: LA power outages (Stephen Fairfax) Be careful WHAT you test (Name withheld) Re: LA power outages (Rex Black, Kent Borg) Re: ... Your Dell laptop battery must be OK! (S Miller, Chris D.) Re: Pull the Plug on Touch Screens (Sharon Mech) Re: Ambiguous Characters (David Bliss) Re: The SAFEE Project (Stewart Fist) Security Engineering (Ross Anderson) RISKS 24.41 Tuesday 5 September 2006 UK 141M-pound benefits computer system shelved (Martyn Thomas) Taxiway altered before KY crash (PGN) The Case of the Patriot System in the Gulf War (Diego Latella) High-tech Product Sabotage (Peter Mellor) British MP falls foul of wiki-d pranksters (M. Hackett) Swedish Atomic Power Plant Shutdown (Debora Weber-Wulff) Another power outage (Kurt Fredriksson) Re: LA power outages (Michael Bacon, Merlyn Kline) Re: Your Cable Company ... (Robert de Bath) More on the Sony lithium-ion laptop battery fire issue (Curt Sampson) Spread sheets weak point of Security (Al Macintyre) Re: LA power outages (Rex Black) Brave New Ballot, Avi Rubin (PGN) RISKS 24.42 Weds 13 September 2006 Risks of exhaustive testing (Jim Horning) Tax blunder undermines Belgian federal budget (Wim Heirman) New UK biometric passports & identity theft (C Greenock) Avi Rubin's latest report as an election judge (PGN) Princeton's Diebold analysis (Feldman-Halderman-Felten via PGN) REVIEW: "Scene of the Cybercrime: Computer Forensics Handbook", Shinder (Rob Slade) RISKS 24.43 Thurs 21 September 2006 Air Traffic Controllers Chafe at Plan to Cut Staff (PGN) Should you wear a helmet while bicycling? (Jerry Leichter) Cost of online banking typo put on consumer (Kjetil Torgrim Homme) Risks of reprogrammable ATMs (Mark Brader) Segway software gives hard landing (PGN) Yet Another Power Outage (Mike Swaim) Careful with that Fedex account number (Matt Wilbur) Hotel minibar keys open Diebold voting machines (Ed Felten via PGN) Cuyahoga County Primary Election Report (David Lesher) Re: Avi Rubin's latest report as an election judge (Kurt Fredriksson) SSN-as-ID under scrutiny - again (Peter B. Ladkin) New way to break into cars (Gerrit Muller) Thieves sabotage telecom infrastructure (Gerrit Muller) Cops say teen concocted radio calls (S Hutto) Regarding High-tech Product Sabotage (Phil Singer) REVIEW: "Computer Security Basics", Lehtinen/Russell/Gangemi (Rob Slade) RISKS 24.44 Tuesday 26 September 2006 German driverless Transrapid maglev train crashes, killing 23 (Debora Weber-Wulff, Martin Virtel, Peter B. Ladkin) SCADA Hacks (Al Macintyre) Vancouver Int'l Airport locked down due to software glitch (Karl Klashinsky) TIAA-CREF Payment Delays Because of New Computer System (Peter D. Junger) DVD player, designed for usability? (Daniel P.B. Smith) 1,100 Laptops Missing From Commerce Department (Alan Sipress via PGN) Home security system snafu (Ron Garret) RISKS readers as election officials (Peter-Lawrence Montgomery) Ron Rivest's ThreeBallot (PGN) Identities lost in phishing (Gadi Evron) 22nd Annual Computer Security Applications Conference (Christoph Schuba) RISKS 24.45 Thursday 19 October 2006 A380 delivery delays attributed partly to design SW problems (Peter B. Ladkin) More on A380 delivery delays (Peter B. Ladkin) A380 design software incompatibility costs 4.8 billion euros (Mike Martin) Brazil collision: Too much precision a bad thing? (David Magda) The NTSB on John Denver's crash and bad interfaces (Trammell Hudson) More on the Transrapid accident (Debora Weber-Wulff) Transrapid: fault of the people? (Debora Weber-Wulff) Re: Cost of online banking typo put on consumer (Peter B. Ladkin) Identity Theft With Google Code Search (Gervase Markham) AmEx security (Gregory Marton) 2007 Collegiate Voting Systems Competition (Tim Finin) REVIEW: "World War 3: Information Warfare Basics", Fred Cohen (Rob Slade) RISKS 24.46 Sunday 5 November 2006 Recent RISKS hiatus (PGN) Widespread European power failure (PGN) Rail network faces unlimited fine over 16 safety breaches (Scott Peterson) VCR gets wrong time as DST ends (Steve Golson) Three of Australia's major railway routes are blocked (M. Hackett) Computer failure causing A320 PA not to work... (James Hughes) SSE delay and failures reported (Martyn Thomas) Regulating Search Engines? - Calif. Initiative For Internet Privacy (Lauren Weinstein) Several backlogged items from Lauren Weinstein (PGN) Electronic voting blamed for Quebec municipal election 'disaster' (Dan Hurley) Re: More on A380 delivery delays (David Smith) Re: A380 design software incompatibility costs 4.8 billion euros (Ed Prochak) REVIEW: "Writing Secure Code", Michael Howard/David LeBlanc (Rob Slade) RISKS 24.47 Wednesday 22 November 2006 More on the European power outage (PGN) Phone service cut to the St. John's region for 5 hours (Theodore S. Norvell) Scottish radiation therapy accident report available (Richard I Cook) Flat train wheels in NY/NJ (PGN) Melbourne's computerised train brakes fail (Boyd Adamson) Yet another canceled public sector IT project (Martyn Thomas) All your eggs... Aegis-class cruiser crippled (David Lesher) Bo Lipari's weblog on election problems: an excerpt (PGN) Some recent election results unresolved -- or unresolvable? (PGN) New Google Service Will Manipulate Caller-ID (Lauren Weinstein) Proposed Solution For Google's "Click-to-Call" Caller-ID Problem (Lauren Weinstein) Hospitals Urged to Ease Mobile Phone Rules (Paul Czyzewski) REVIEW: "Preventing Web Attacks with Apache", Ryan C. Barnett (Rob Slade) RISKS 24.48 Tuesday 5 December 2006 Still more on the European power outage (PGN) Another power outage brings down German TV station (Debora Weber-Wulff) The UK NHS IT plan (Brian Randell) Rebooting airplanes (Douglas W. Jones) Mascalls, Manchester, what's the difference? (Mark Brader) Three guilty of identity fraud which netted millions (Brian Randell) Identity theft made easy (John Haselsberger) Federal Reserve E-Banking System Outages: Brian Krebs (PGN) How To Tell If Your Cell Phone Is Bugged (Lauren Weinstein) Firefox flaw causes engagement to break off (Mark Lutton) Critical Firefox hole allows password theft (Monty Solomon) REVIEW: "Phishing: Cutting the Identity Theft Line", Liniger/Vines (Rob Slade) REVIEW: "The Security Risk Assessment Handbook", Douglas J. Landoll (Rob Slade) RISKS 24.49 Sunday 10 December 2006 Health Hazard: Computers Spilling Your History (Milt Freudenheim and Robert Pear via Monty Solomon) Re: Mascalls, Manchester, what's the difference? (Chris D.) The risks of relying on Online Directions: Death? (Paul Ferguson) Re: Yet another canceled public sector IT project (Richard Karpinski) Trig routine risk: an oldie (Doug McIlroy) Vulnerability in Microsoft Word Could Allow Remote Code Execution (Monty Solomon) Risks of driving a car that uses plastic parts in critical areas (Kent Hartfield) Research based on RISKS forum data at UBC, Canada (Hafiz Abdur Rahman) Computers, Freedom, and Privacy, CFP 2007 (Stephanie Perrin) REVIEW: "Incident Response", E. Eugene Schultz/Russell Shumway (Rob Slade) REVIEW: Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools (Rob Slade) REVIEW: "Kim", Rudyard Kipling (Rob Slade) RISKS 24.50 Friday 15 December 2006 Florida's Voting System Certification (Rebecca Mercuri) Midair Collision in Brasil (Peter B. Ladkin) Don't Try to Program and Fly at the Same Time (Peter B. Ladkin) RFID access control tokens widely open to cloning (Adam Laurie) How Pop-Ups Could Brand You a Pervert or Crook (Lauren Weinstein) No computer issues in Kim family navigation error (Andrew Klossner) Time Warner Cable / Showtime Major Fubar (Simon Higgs via Dave Farber) *The Guardian*'s billing dept. aids identity theft (Nik Clayton) REVIEW: "Understanding and Managing Cybercrime", Samuel C. McQuade (Rob Slade) RISKS 24.51 Friday 15 December 2006 Bloomington bank night depositors victims of old fashioned fishing (David Zawislak) Trig error checking (Martin Ewing) Re: A380 delivery delays (Peter B. Ladkin) Re: Flat train wheels (Peter B. Ladkin) Re: Yet another canceled public sector IT project (Gary Hinson, Richard Karpinski, Jack Ganssle, Rex Black, Richard Karpinski) Re: Slade on "Kim" (Michael Bacon) RISKS 24.52 Thursday 21 December 2006 Report blames Denver election woes on flawed software (PGN) Digital cameras converted to weapons (Mark Brader) Secure Passports and IT Problems (Diomidis Spinellis) RFIDs in Malaysian license plates (PGN) An Ominous Milestone: 100 Million Data Leaks (ACM TechNews) Risks of using spelunker's tools inside the genome (Denise Caruso) Re: Yet another canceled public sector IT project (Steve Taylor, Richard Karpinski) Re: Flat train wheels (Olivier MJ Crepin-Leblond) Re: Trig error checking (Mike Martin, Richard A. O'Keefe, Dik Winter, PGN) USENIX Annual Tech '07 Call for Papers (Lionel Garth Jones) RISKS 24.53 Friday 29 December 2006 Glitches postpone launch at Wallops (Walter Schilling) Cybercrooks Deliver Trouble ... (Brian Krebs via Monty Solomon) Typo takes tourist 13,000 km out (Monty Solomon) 2007 Preview: Newt's Muzzle, Google's Data, Microsoft Over the Line (Lauren Weinstein) Vista DRM The 'Longest Suicide Note in History'? (Peter Gutmann via Gunnar Helliesen and Dave Farber) Drop zones and an intelligence war (Gadi Evron) Re: Trig error checking (Ted Lee, Ken Knowlton, Gene Spafford) Re: Flat train wheels (Peter B. Ladkin) E-mail me at xx at yy dot zz (Dan Jacobson) RISKS 24.54 Friday 19 January 2007 The problem of abstractions, or the lack thereof (Paul Robinson) There's more to worry about than math libraries (Paul Robinson) Mars Global Surveyor failure due to human error? (Al Stangenberger) Unexpected changes (Andrew Koenig) Cell phone in man's pocket sets him on fire (Mark Brader) Excel Date Bug (Al Macintyre) Travel to US to need all 10 fingerprints, credit and e-mail checks (Peter Mellor) Another insecure login (Paul D.Smith) Electronic flash, capacitors, and nerdy adolescents (Daniel P.B. Smith) Re: Digital cameras converted to weapons (Sidney Markowitz, Mark Brader) EVT 2007: Electronic Voting Technology workshop (David Wagner) RISKS 24.55 Saturday 3 February 2007 Super Bowl site hacked, seeded with exploits (EEkid) Ed Felten: AACS Decryption Code Released (Monty Solomon) /Mis/using a laptop to compute take-off parameters on a B747-400 (Philippe Jumelle) Customer was sent 75000 bank statements (Martyn Thomas) Another example of bad software (Avi Rubin) Windows Vista voice vulnerability (Joe Loughry) Daylight savings time mess looms (Lauren Weinstein) Massachusetts Attorney General sees card fraud close up (Mark Lutton) Canadian coins containing tiny transmitters (Mark) StopBadware blacklists a cartoon book site (Jim Youll) Doesn't sound like a laser pointer to me... (Paul Saffo) Square roots (Andrew Koenig) Risks of one's complement arithmetic? (Daniel P.B. Smith) Re: Excel Date Bug (Steve Wildstrom) Re: Cell phone in man's pocket sets him on fire (Lauren Weinstein) REVIEW: "Security Governance", Fred Cohen (Rob Slade) REVIEW: "Knowledge Power: Intellectual Property, Information and Privacy", Renee Marlin-Bennett (Rob Slade) RISKS 24.56 Sunday 4 February 2007 CastleCops 5-Year Anniversary (Rob Slade) A second site "improves" security (FJ Reinke) Re: There's more to worry about than math libraries (Richard Karpinski) Re: Excel Date Bug (Steve Schafer, R.G. Newbury, Dik Winter) Re: Daylight saving time mess looms (J R Stockton) Re: Super Bowl site hacked (Rob Slade, A.Lizard) Re: The problem of abstractions ... (Jos Buurman, David Cantrell, Tony Finch, Ben Hutchings, Steve Schafer, Ray Blaak, Christopher C. Stacy) Re: Digital cameras converted to weapons (Steve Schafer) Re: Canadian coins containing tiny transmitters (Rob Slade) Re: Windows Vista voice vulnerability (Rob Slade) RISKS 24.57 Wednesday 21 February 2007 Govt Health IT: Electronic prescribing is no panacea (Deborah Peel) DNS roots attacked (PGN) AACS: A Tale of Three Keys, by J. Alex Halderman (via Monty Solomon) Amazing boilerplate text in Fairfax County e-mail (Gabe Goldberg) Crashing an in-flight entertainment system (Steve Summit) Infrastructure risks: pump-station alarm (Matt) Carmakers copy and repeat error almost forever (Doug McIlroy) Two war stories from the NASA trenches (Ron Garret) US government's contracts tracked by contractors (Ken Knowlton) Study Finds Security Flaws on Web Sites of Major Banks (Gabe Goldberg) Web Site Wants JPEG of Government ID (Mike Conley) Re: Math libraries (Peter B. Ladkin) Re: Excel Date Bug (John Levine) Impact of DST changes on BlackBerry device users (Monty Solomon) Re: Digital cameras converted to weapons (Leonard Finegold) Re: Canadian coins containing tiny transmitters (Adam Abrams) New Short Video: "Is Your Cell Phone Bugged?" (Lauren Weinstein) REVIEW: "Code Quality: The Open Source Perspective", Diomidis Spinellis (Rob Slade) RISKS 24.58 Thursday 1 March 2007 USAF F-22A jets grounded by software glitch (PGN, Jeremy Epstein) Briz-M rocket booster explodes over Australia (Mark Luntzel via PGN) Software error reportedly contributed to sudden Dow-Jones drop (PGN) Don't compute and drive at the same time... (Paul Saffo via PGN) Risk of not knowing technology: jail (Ronald J Bottomly) The Risks of Updating 80 Year Old Equipment (Chuck Weinstock, Jim Geissman) RFID tracking (Paul Wallich) Putting the SSN genie back in the bottle? (Steve Summit) Re: DNS roots attacked (Robert Graves, R A Lichtensteiger, Joe St Sauver) Re: Crashing an in-flight entertainment system (PGN) Re: Amazing boilerplate in Fairfax County e-mail (Mark Brader) Disposable digital Cameras are truly digital (Jason Mechler) Carmakers copy and repeat error almost forever (Mark Brader) WOTE 2007 CfP (Josh Benaloh) REVIEW: "The Art of Software Security Assessment", Dowd et al. (Rob Slade) RISKS 24.59 Tuesday 13 March 2007 Errors down Canada's electronic income tax filing system (Paul Robinson) Mega Millions Mess (Benjamin Jun) PG&E sidesteps $38 million bill for daylight-saving patch (Paul Eggert) FDA - DST and Medical Device Safety (Richard I. Cook) Countdown to Confusion (Babington/Tse via Monty Solomon) Insured car wrongly crushed? (Chris Drewe) Two traffic engineers deny hacking into L.A.'s traffic system (PGN) Hackers break into Harrisburgh water system network (PGN) Trailing blank causes e-mail failure (Richard Karpinski) Date arithmetic before 1900 (John Gilliver) W2SP: Workshop on Web Security, call for papers (Dan Wallach) Re: REVIEW: "Code Quality: ..." (Peter Mellor) REVIEW: "FISMA Certification and Accreditation Handbook", Laura Taylor (Rob Slade) RISKS 24.60 Friday 16 March 2007 'Embarrassed' Man Sues Microsoft After FBI Finds Sex Videos On His PC (EEkid) Yet more privacy risks from copiers (Arthur T.) Thoughts On New $1B Viacom Suit Against Google/YouTube (Lauren Weinstein) Comments on Google's Privacy Announcement (Lauren Weinstein) Yet another risk of voting computers (Erling Kristiansen) When security software goes bad... (Jeremy Epstein) Wireless bingo in UK for smokers (C R Ritson) CBC: Vancouver bus info signs 'duds' (Andrew Gray) Biometric ID at airports (Peter Mellor) 'Tamperproof' autopilot for passenger jets to avoid hijacks (George Michaelson) USAirways Merged Reservation Systems Fubar (Chuck Weinstock) Re: PG&E sidesteps $38 million bill for daylight-saving patch (Tom Watson) Re: US DST date changes (Robert Graves) Re: Date arithmetic before 1900 (Ken Hagan) Re: Putting the SSN genie back in the bottle? (Ketrick McMillin) Announcement: the Ninth Bieleschweig Workshop (Peter B. Ladkin) RISKS 24.61 Saturday 31 March 2007 Risks of Virtual Professionalism, Jim Horning (PGN) Quantum Security (Rob Slade) Time-handling bug leads to lost time machine (David) Alaska Government worker formats wrong disks, backups unreadable (PGN) Latent software risk in aircraft control systems (Mike Martin) Brazil software ATC failure (PGN) More railroad-related unintended risks (PGN) Satellite Navigation may be Hazardous to your Life Of Crime (Mark Brader) NEDAP, the Dutch chess-playing voting machine (Mark E. Smith) Typing saves your skin (Peter B. Ladkin) Proving NON copyright infringement (Joseph A. Dellinger) A parable about the state of the Web (Andrew Koenig) Hotel door locks that are too secure (Kevin Fu) Intuit's Amazing Web Pricing Roulette (Lauren Weinstein) Re: When security software goes bad... (Rick Damiani) Two-step authentication (Marc Auslander) RISKS 24.62 Wednesday 4 April 2007 TJX ID theft: 45.7M and counting ... (PGN) Nothing succeeds like failure (PGN) Risk of depending on a half-used system (David Lesher) Visitor Tagging abandoned for US VISIT (George Michaelson) A couple of unrelated risks (Jay R. Ashworth) Opposition to e-voting grows in France (Elaine Sciolino via PGN) Re: NEDAP, the Dutch chess-playing voting machine (Debora Weber-Wulff) Re: Yet more privacy risks from copiers (Alistair McDonald) Re: 'Tamperproof' autopilot for passenger jets to avoid hijacks (Rick Damiani) Re: Insured car wrongly crushed (Tony Woolf) AMEX prepaid cards can be forced into overdraft (Charles Hanes) 10TH IEEE High-Assurance Systems Engineering Symposium CFP (Jicheng Fu) REVIEW: "Botnets: The Killer Web App", Craig A. Schiller et al. (Rob Slade) REVIEW: "Beyond COSO", Steven J. Root (Rob Slade) RISKS 24.63 Sunday 15 April 2007 Mars Global Surveyor review panel (PGN) Boy falsely jailed because of DST changeover (Ron Garret) Caltrain *Double* Daylight Time (PGN) Computerized Voting machines (Arthur J. Byrnes) Washington DC Metro replacing software that causes fires (Jeremy Epstein) When banking real time isn't really real time (John Pettitt) Surely it can't be this easy? (Ted M Lee) On "proving NON copyright infringement" (Ferdinand J. Reinke) A Botted Fortune 500 a Day (Gadi Evron) Airline Online Payment Requires Citizenship No. (Chris Brady) Re: Insured car wrongly crushed? (David W. Brunberg) Reminder - Computers, Freedom & Privacy 2007 (Stephanie Perrin) Joint HCMDSS and MD PNP: EXTENDED ABSTRACT DEADLINE 20 Apr 2007 (Steve Goddard) RISKS 24.64 Thursday 19 April 2007 BlackBerry suffers widespread outage (Monty Solomon) Turbo Tax Servers Can't Handle E-Filing Load from Procrastinators (Cameron Wilson) RISKS of relying on systems to file taxes late (mahlon) US Daylight Saving Issues, System Libraries vs Program Libraries (William C Bonner) time.windows.com failure (John Pettitt) Philippine Internet voting system challenge (PGN) Why should spam ever go away? The economics. (Sten Carlsen) More on Metro software fire (Taz Daughtrey) Re: Washington DC Metro replacing software that causes fires (Peter Rieden) Re: On "proving NON copyright infringement" (Jim Horning, Norman Gray) Risks of convenience (Jay R. Ashworth) Impossible data requested (John Harper) Re: Surely it can't be this easy? (Al Macintyre) ACM Computer Security Architecture Workshop (Jon A. Solworth) USENIX '07 Registration Now Available (Lionel Garth Jones) REVIEW: "Measuring ITIL", Randy A. Steinberg (Rob Slade) RISKS 24.65 Tuesday 24 April 2007 A new book on risks by Charles Perrow, The Next Catastrophe (PGN) Gov't Straining to Secure Computer Systems (PGN) Don't let your navigation system fool you (PGN) KPMG profile of a fraudster (Rob Slade) US Dept of Agriculture & Census Bureau have long contained SSNs (Kenneth C Knowlton) Automatic translation leads to ethnic slur (Jeremy Epstein) Prisoner freed by fax (Bob Morrell) "System problems" on a departing airline flight? (A.E. Siegman) Elections bring down foreign Web sites (Bertrand Meyer) Netcraft Data for Ohio Secretary of State Web site (McGrude) Audit Finds Many Faults in Cleveland's 2006 Voting (David Lesher) Re: Philippine Internet voting system challenge (David Lesher) Re: Washington DC Metro replacing software that causes fires (Barry Gold) RIM cites upgrade glitch for BlackBerry outage (Robert Israel) Re: US Daylight Saving Issues (Larry Jones, Charlie Shub) Re: Risks of relying on systems to file taxes late (Rex Black, Ross Oliver) REVIEW: "Information Security Awareness Basics", Fred Cohen (Rob Slade) RISKS 24.66 Monday 14 May 2007 Browns Ferry 3 nuclear power site scrammed (PGN) Reactors, remotely defended (Wendell Cochran) Unit confusion caused fatal chemotherapy overdose (Mark Brader) Error in climate data recording software (Charles Perrow via Martyn Thomas) Another sat-nav accident: car destroyed, driver escapes (Mark Brader) Touch typing (Jim Horning) NZ fisheries "ruler" short (George Michaelson) TSA Loses Hard Drive With Personal Info (PGN) Internet2 Knocked Out By Homeless Man? (Chris Hodge via Dave Farber) Ed Felten: You Can Own an Integer Too - Get Yours Here (Monty Solomon) More on the bogus Canadian "spy coin" (Jim Horning) Re: Impossible data requested (Gillian Brent) Re: Automatic translation leads to ethnic slur (Tony Ford) An interesting phishing risk... (Craig DeForest) Microsoft sets the wrong time in the PC's real time clock chip (Len Spyker) Re: US Daylight Saving Issues (Nick Bender, John Levine, Joseph Barrett) First Usenix Workshop on Offensive Technologies: WOOT 07 (Tal Garfinkel) RISKS 24.67 Saturday 19 May 2007 E-stonia e-stoned (PGN) Colorado State Government Computer Project Failures (Peter Shriner) Alcatel-Lucent, lost disk (Ken Knowlton) UK judge: "What's a website?" (Ken Knowlton) BSoD forces students to retake standardized test (Jeremy Epstein) Risks of combining too many cards (Jay R. Ashworth) Information leak in combined systems (Paul E. Black) Re: Touch typing (Jim Horning, Tim Howe, Martin Ward) Re: Satellite navigation system (Ken Knowlton) Re: Another sat-nav accident: car destroyed, driver escapes (Alan J. Wylie) Re: Daylight savings time and Microsoft (Bruce Dawson) Re: Time zones and MS Exchange and Outlook (Tony Finch) Re: Microsoft sets the wrong time in the PC's real time clock chip (Dag-Erling Smřrgrav) Re: Felten, You Can Own an Integer Too - Get Yours Here (Mark Brader) Top 5 Reasons to Attend USENIX '07 (Lionel Garth Jones) RISKS 24.68 Monday 11 June 2007 US Flight Service Privatization system problems (Don Poitras) FDA issues Class I recall for an algorithm (Richard Cook) New Hampshire federal judge overrules privacy law (Ethan Ackerman) IT industry has failed in desktop security (Munir Kotadia via PGN) Belgian biometric passport (Jean-Jacques Quisquater) Flawed Symantec update cripples Chinese PCs (PGN) Facebook doesn't allow friends born before 1910 (Henry Baker) Royal Bank of Scotland total failure of cash access systems (PGN) Keyloggers used to steal city funds (Rick Damiani) Want to Write a Virus? Take a Class (Erik Larkin via George Ledin) Windows' ATMs (Mark Barnabas Luntzel) Round Up, Round Down, or How one cent became a profitable event (Leon Kuunders) Re: UK judge: "What's a website?" (Rob Slade) Re: Broken Microsoft + Daylight saving (Len Spyker) Engaging Privacy and Information Technology in a Digital Age (Jim Horning) RISKS 24.69 Thursday 14 June 2007 Hurricane forecasting uncertainty (Jessica Gresko PGN-ed) Glitch Blamed for Fire Alarm on Orbiter (John Schwartz PGN-ed) Casting Ballot From Abroad Is No Sure Bet (Ian Urbina PGN-ed) Lawsuits mounting over massive customer data breach at TJX (Mark Jewell via Monty Solomon) Hotel wake-up calls and daylight savings deja vu (Kevin Fu) Council builds database of burglary targets (Adam Laurie) Man risks five years jail time for using open WiFi connection (Nick Brown) Urgent Call For a Google At-Large Public Ombudsman (Lauren Weinstein) AT&T's Internet Monitoring Plans (Lauren Weinstein) Just a few clicks sends all pupils NSFW pictures (Debora Weber-Wulff) Risks of secure e-mail access (Nick Brown) Bloat: 1986 personal computer outperforms 2007 personal computer (Daniel P. B. Smith) RISKS 24.70 Tuesday 19 June 2007 Gripen: Risks of safety measures in military jet aircraft (Tony Lima) EFF: Court Protects Email from Secret Government Searches (Kevin Bankston via David Farber) Blogger unmasked, court case upended (Jonathan Saltzman via Monty Solomon) "Deleted" children in Japan (Rodney Van Meter via Dave Farber) More on the Space Station problem (PGN) Improving reliability of health critical software (Marc Auslander) Search Engine Dispute Notifications: Request For Comments (Lauren Weinstein) Extending Google Blacklists for Dispute Resolutions (Lauren Weinstein) Re: USAF F-22 jets grounded by software glitch (Gregory Chapelle) RISKS 24.71 Tuesday 26 June 2007 DHS = Department of Holey Security? (PGN) United Airlines cites 'human error' for glitch (Mark J Bennison) Cause of Gripen "spontaneous ejection" (Paul E. Black, Crispin Cowan) Transport system complexity presents insurmountable risk? (Mike Martin) Improving reliability of critical software (Jeremy Epstein, Paul E. Black) More people die from sand hole collapses than sharks (Jeremy Epstein) E-vote 'threat' to UK democracy (David Lesher) Reality TV, video archives and on-line voting (Robin Fairbairns) A movie torpedoes the concept of electronic voting? (Ferdinand J. Reinke) Information leaked from web order page (Bruce Hamilton) Not much e-mail is protected from government search (Andrew Klossner) Re: Search Engine Dispute Notifications (Crispin Cowan) Advertising Risk (Rob Boudrie) Not Talking About vs. Not Doing (Gene Wirchenko) RISKS 24.72 Wednesday 11 July 2007 Remote physical security for air traffic control center (Rob Slade) Beware of the fine print (Peter Mellor) The risk with the Mac OS X 10.4.10 version number (T Yip) The Athens Affair: Greek Cellphone Caper (Roy Stehle) Lightning bolt blamed for NYC power outage (PGN) Voltr Risks, Glitch - Fire Alarm - International Space Station (Robert J Perillo) Wikipedia, It's Time to Grow Up! The Benoit Murder/Suicide Case (Lauren Weinstein) Wikipedia and Responsibility (Lauren Weinstein) Re: Transport system complexity presents insurmountable risk? (Mark Brader) Re: Gripen: Risks of safety measures in military jet aircraft (Matt Jaffe, Peter Mellor) N-version programming -- the errors are in ourselves (Fred Cohen) Secure Programming with Static Analysis (Brian Chess) RISKS 24.73 Tuesday 17 July 2007 CCTV biometric surveillance software fails German reliability test (Martin Virtel) Military files left unprotected online (Randall via Dewayne Hendricks) Face recognition flop (Christian Kuhtz via Dave Farber) Microsoft protects me against ... Microsoft (David de Leeuw) Jogger with iPod Struck by Lightning (Gene Wirchenko) Phone switch rootkit in Greek surveillance (Jeremy Kirk) Space Shuttle uses 2-version programming (Andrew Morton, PGN) Re: N-version programming -- the errors are in ourselves (Peter Mellor) Re: Gripen: Risks of safety measures in military jet ... (Henry Baker, Peter Mellor) Re: BSoD in standardized tests (Martyn Thomas) Re: Wikipedia and Responsibility (Joe Bednorz) Re: Risk with the Mac OS X 10.4.10 version number (Dirk Fieldhouse) Search Engine Dispute Notification (Jurek Kirakowski) Exploiting Online Games, Hoglund/McGraw (PGN) RISKS 24.74 Thursday 19 July 2007 "Microsoft Copy Protection Cracked Again" and who's surprised? (Fred Reinke) Re: Microsoft protects me against ... Microsoft (Peter Mellor) Re: Space Shuttle uses 2-version programming (A. Marc Passy) N-version programming & low-probability events (Henry Baker) Re: Hurricane forecasting uncertainty (Jonathan Kamens) Re: Gripen: Risks of safety measures in military jet (Name withheld) Re: Search Engine Dispute Notification (Lauren Weinstein, Nick Brown, Paul Schreiber) RISKS 24.75 Wednesday 25 July 2007 Thompson, Langevin Release GAO Cybercrime Report, Announce Plans to Improve Private Sector Cybersecurity (CHSMajorityPress) Vista Mail claims rejected mail has been sent (Neil Youngman) SAIC sent military medical data unencrypted via the Internet (PGN) Whoops! Nevada governor accidentally posts Outlook password (Declan McCullagh) Wimbledon and the space shuttle (Mike Scott) iPhone security flaw (Chris Leeson) Right to Interfere with eBay Auctions (Greg Beck via Monty Solomon) NTSB report pending on Comair Flight 5191 crash in Lexington KY (PGN) IT risks in the Chemical Facility Anti-Terrorism Standard? (David E. Price) Risks: Cellular carrier account security (Gabe Goldberg) Risks of purism (Tim Panton) Re: Space Shuttle uses 2-version programming (Robert Woodhead) Re: Gripen: Risks of safety measures in military jet (Urban Fredriksson, Claes T, Nani Isobel) REVIEW: "Backup and Recovery", W. Curtis Preston (Rob Slade) RISKS 24.76 Tuesday 31 July 2007 Scientists' Tests Hack Into Electronic Voting Machines California Voting System Hacking Report (Rebecca Mercuri, PGN) Earthquakes and O rings (Rod Van Meter) If this guy's telling the truth, he should never fly an airplane (Erling Kristiansen) Three little zeroes (Mark Brader) Department of Health Proposes New Records System (EPIC News) Comair Flight 5191 (Andrew Koenig) Re: Accuracy of Hawkeye at Wimbledon (David Alexander) Re: iPhone Security Flaw (Nicholas Weaver) Re: Risk with the Mac OS X 10.4.10 version number (Richard Grady) RISKS 24.77 Friday 3 August 2007 Structural problems with the I-35W bridge span (PGN) Driver follows GPS when he should not (Erwan David) "Meteorology Police -- you're BUSTED!" (Annie Johnson via Paul Saffo) Hacked passport crashes RFID readers (Jeff Jonas) IRS computer security/privacy problems (PGN) User-hostile behavior (Steve Summit) Location-Based Dictionary Attacks (Diomidis Spinellis) Amazon chasing 2-cent Web services bill (Martin Redington) Windows Live Messenger blocking even more completely innocuous text (Cody Boisclair) Re: Accuracy of Hawkeye at Wimbledon (Paul Wallich) Fraudproof voting protocols from scientists (Warren Smith) REVIEW: "Implementing ITIL", Randy A. Steinberg (Rob Slade) RISKS 24.78 Wednesday 8 August 2007 San Francisco power outage (PGN) US-VISIT problems (PGN) PGN's Holistic Defective Agency (Peter Mellor) Ounces, pounds, war, and the I-35W bridge (Sidney Markowitz) Re: Comair Flight 5191 (Erling Kristiansen) A retrospective on an ARP spoofing attack... (Nicholas Weaver) BotHunter: Detecting when a local system might be infected! (Phil Porras) Legislation aims to end identity theft (Monty Solomon) Bush Signs Law to Widen Legal Reach for Wiretapping (Monty Solomon) Problem involving accidental misuse of someone else's credit card (Paul Robinson) Call For Search Engine Issues, Complaints, Concerns (Lauren Weinstein) Re: Accuracy of Hawkeye at Wimbledon (Mike Scott, Michael Smith) REVIEW: "COSO Enterprise Risk Management", Robert R. Moeller (Rob Slade) RISKS 24.79 Thursday 16 August 2007 Computer glitch holds up 20,000 at LAX (Paul Saffo) LAX airport delay cause (David Magda) U.S. legal time changing to UTC (Rob Seaman) Source code at issue in drunk test (Ted Nelson) Toll data nabs unfaithful spouses (Jonathan A. Marshall) Voting excerpts from CRYPTO-GRAM (Bruce Schneier) Computer-generated names (PGN) Re: User-hostile behavior (Alexander Klimov) RISKS 24.80 Monday 20 August 2007 Vista prevents users from playing high-def content (Jon Brodkin via Monty Solomon) Software bug took Skype out (Wolfgang Bruener via Mark J Bennison) Hacking The iPhone, Andy Greenberg on Black Hat (via Monty Solomon) Google mistakes own blog for spam, deletes it (Robert McMillan via Monty Solomon) Concern Over Wider Spying Under New Law (Risen-Lichtblau via Monty Solomon) Risks of trusting your fonts? (Boyd Adamson) Credit card headaches from TJX breach remain (Monty Solomon) Cost of data breach at TJX soars to $256m (Monty Solomon) Re: LAX airport delay cause (Olivier MJ Crepin-Leblond, Huge) Re: Source code at issue in drunk test (Steven M. Bellovin) Re: Toll data nabs unfaithful spouses (David Lesher) Re: U.S. legal time changing to UTC (David E. Ross, Randy Saunders, Rob Seaman) Overreliance on voting technology? (Joseph Brennan) Everyone is getting on the "secure voting" bandwagon (Ferdinand J. Reinke) Search engines: too many users for personal assistance (Dan Jacobson) Save your transaction numbers! (Andrew Koenig) Wendy's: In the Clear (Gene Wirchenko) Re: ... misuse of someone else's credit card (Adrian Cherry) Engaging Privacy and Information Technology in a Digital Age (Jim Horning) RISKS 24.81 Thursday 30 August 2007 Wells Fargo bank computer problem (Ted Lee) MS WGA Servers down; XP & Vista installs marked "counterfeit" (David Lesher) Tokyo subway train misses a station (Paul Saffo) Free rides on the Boston T (Ryan Haggerty via Monty Solomon) Skype outage resulted from flood of restarts after updates (PGN) Problem that knocked out Skype has happened many times in the PSTN (Matt Holdrege) "No trucks using satellite navigation" (Mark Brader) Risks of randomly evaporating letters (Mark Brader) Data thieves hit Monster.com site (Hiawatha Bray via Monty Solomon) Even the Navy Can't Censor the Internet (Lauren Weinstein) Chinese Village Name Change Sparks Chaos (Mark Brader) With Software and Soldering, a Non-AT&T iPhone (Ken Knowlton) Cell phones swamping 911 systems (PGN) Cable Industry Responds Regarding HD TiVo Incompatibilities (Lauren Weinstein) E-voting predicament: Not-so-secret ballots, Declan McCullagh (PGN) The Risk Factor weblog (David Magda) Risks of a protocol mismatch (Dave Horsfall) More Wikipedia "Gotcha" Silliness (Lauren Weinstein) Suspect named in TJX credit card probe (Ross Kerber via Monty Solomon) Don't make the normal into the unusual - leap seconds vs hours (Guy Dawson) Amusing Lack of Software Support (Gene Wirchenko) Re: Risks of trusting your fonts? (McGrude) REVIEW: "Security Metrics", Andrew Jaquith (Rob Slade) RISKS 24.82 Wednesday 12 September 2007 Amtrak ticketing system outage (Steven M. Bellovin) New Zealand: Telecom's NGN will make old phones obsolete (Henry Baker) German rubbish piles up due to due to toll-system problems (Peter B. Ladkin) Aircraft safety and software reliability (Phil Colbourn) Risks of a flying society (Nick Brown) Groklaw reports 'The Incredible "Lawyers as Hackers" Case' (Kelly Bert Manning) EZ-pass evidence and the law (PGN) On-line property assessment databases a bit too accessible (Jonathan Kamens) Police mail sensitive information to the press (Debora Weber-Wulff) iTunes sharing (Henry Baker) Security: an example from Pakistan (Dan Jacobson) Monster data capture also includes "USAJobs" (Jeremy Epstein) Redacted account numbers (Tom Watson) Re: Save your transaction numbers! (Diomidis Spinellis) Re: Chinese Village Name Change Sparks Chaos (Julian Bradfield) RISKS 24.83 Thursday 27 September 2007 Air traffic radar and radio outage hits flights (Robert P. Schaefer) Excel can't multiply (Steven M. Bellovin) FIA blunder reveals secrets: obscured material viewable (Ben Moore) Deploy first, test later (Steven M. Bellovin) Redacted material still viewable (Ben Moore) Fake blogs and search engines (Gadi Evron) Silly "Bad Words" filter (Reinhard Kopka) 29th IEEE Symposium on Security and Privacy (Cipher Editor) REVIEW: Endpoint Security, by Mark S. Kadrich (Richard Austin) Have you seen *Beautiful Code*? Awesome new book (Eugene Miya) Software Maintenance - A Management Perspective" (Phaneendranath) RISKS 24.84 Wednesday 3 October 2007 LAUSD payroll fiasco (David E. Ross) Assessing personal risk (Jeremy Epstein) Altered iPhones Freeze Up (Ken Knowlton) Alameda e-voting results tossed out (Dave Lesher) Dutch government suspends computer voting (Dik T. Winter, Eric Ferguson) Re: E-vote 'threat' to UK democracy (Blanche Kapustin) Re: Memphis center outage (Bill Hopkins) Re: On-line property assessment databases (Jonathan Kamens) AOL classified RISKS-24.83 as spam (Ken Knowlton) Re: Silly "Bad Words" filter (Gary Barnes) RISKS 24.85 Thursday 11 October 2007 DHS List Server causes flood (David Lesher) LI Railroad double-bills for tickets (Al Stangenberger) California off the Net (Bryan Webb) Clues to 3 Plane Wrecks Could Be Lost in Files Purge (Ken Knowlton) Name hacking comic strip (Anders Sandberg) Another case of Deploy First, Test Later (Huge) Stalling Cars Via OnStar: A Hacker's Dream Come True? (Lauren Weinstein) Microsoft HealthVault and Porn (Lauren Weinstein) The Coax Straightjacket: Stopping Cable Copy-Protection Abuse (Lauren Weinstein) Proposal for Breaking the Internet Network Neutrality Deadlock (Lauren Weinstein) Practical Issues of the Proposed "Global Internet Measurement Analysis Array" (Lauren Weinstein) More Regarding the Online Medical Records Trap (Lauren Weinstein) RISKS 24.86 Wednesday 17 October 2007 Lessons from June International Space Station crisis (James Oberg via Pat Flannery) Tokyo Train System Ticketing System Failure (Stuart Woodward) Dutch railway offers too-easy access to customer profiles (Leon Kuunders) Austin-area toll equipment double-billed 50,000 times (Arthur Flatau) Car Remote Control Cipher KeeLoq Is Broken (Steve Klein) License plate scanners in police cars (Rob McCool) Changed dates of NZ Daylight Saving; unsurprising consequences (Donald Mackie) Medical error: Double mastectomy after 2nd opinion (Ken Knowlton) Bypassing Internet censorship (Mike Radow) Risks of writing a novel with your cell phone (PGN) Re: Another case of Deploy First, Test Later (Henry Baker) Re: Fake blogs (Dan Yurman) What do you do with unwanted voting machines? (David Lesher) Election Law online video lectures (Avi Rubin) Symposium on Usable Privacy and Security 2007 CFP (Simson Garfinkel) REVIEW: "The Complete April Fools' Day RFCs", Limoncelli/Salus (Rob Slade) RISKS 24.87 Monday 22 October 2007 Tix-Nix Rocks Rox-Sox Jox Computerised anti-aircraft gun kills 9 (Gary Hinson) Russian spacecraft lands short: "computer glitch" (Ken Knowlton) Loss of control and crash of UAV (Ian Staines) Re: LI Railroad double bills for tickets (Al Stangenberger, Erik Mooney) Re: Dutch railway offers easy access to customer profiles (Leon Kuunders) Risks of cute e-mail (Chris Williams) SSP 2008: Paper Submission Deadline: Friday, November 9, 2007 (Yong Guan) REVIEW: "Exploiting Online Games", Greg Hoglund/Gary McGraw (Rob Slade) RISKS 24.88 Wednesday 31 October 2007 Rox-Shocks Tix-Nix Fix (PGN) Normal hardware upgrades may deactivate Microsoft Vista(tm) (Mike Radow) German Telephone-Network Partial Outage (Peter B. Ladkin) A computer-related fatality (Martyn Thomas) Anti-DWI interlocks considered for ALL drivers (D.F. Manno) Risk of laptop computer on a commercial aircraft (jared) LoJack undoes scheme to fake SUV theft (Paul Saffo) Trojan Horse Redirects Local DNS Settings to Malicious DNS Servers (Monty Solomon) Think before you legislate (Robert S. Heuman) Court filing in TJX breach: 94 million accounts affected (Monty Solomon) Restaurant chain customers' credit card data stolen (Monty Solomon) Fighting traffic citations (Steve Greenwald and Jeremy Epstein via PGN) Gatwick Airport screens display wrong local time (Philippe Jumelle) TV PVRs getting BST change not quite right (Nick Rothwell) DST traffic signal snafu (D. Joseph Creighton) Who set up that meeting anyway? (Jeremy Epstein) US Congress pulls the classic e-mail oopsie (Danny Burstein) Who needs bots? (Matt Simpson) Re: Fake blogs (Dan Jacobson) Same ol' same ol' (Andrew Koenig) RISKS 24.89 Friday 2 November 2007 Computer glitch stops TransAdelaide trains (Andrew Pam) Predicting fatigue failure (Ken Knowlton) Satanic car key traps 12 motorists in car park of horror (Chris Leeson) Car park denial-of-service attack (Peter Houppermans) Risk of Unanticipated Countermeasures -- Congestion Pricing (David Lesher) License plate scanners in police cars (Jonathan de Boyne Pollard) A second look at the Mac OS X Leopard firewall (Monty Solomon) CAPTCHA trojan (Scott Nicol) Mac trojan in-the-wild (Gadi Evron) Double Dipping and Double Charging (Paul Robinson) Re: Fighting traffic citations (Doug McIlroy) Plagiarism & technology (Jeremy Epstein) End of Leap Seconds? (Rob Seaman) RISKS 24.90 Tuesday 6 November 2007 Computer Glitch Rolls Back Provincial Government (Ken Dunham) "Error" blitzes health records in New Zealand (Robert S. Heuman) UK Revenue loses CD-ROM (Bernhard Riedel) "Network Neutrality Squad": Users Protecting an Open and Fair Internet (Lauren Weinstein) Technology, the Stealthy Tattletale (Christopher Maag via Monty Solomon) GPS Units With More to Say (Roy Furchgott via Monty Solomon) Zombie botnet spam attack from over 3,000 IP addresses in 8 hours (Jonathan Kamens) Problems with Google's Spam filters and Google Content (Terence Eden) Spelling corrector creates "Muttonhead Quail Movement" (PGN) Cellphone in USB charger became default route (Stefan Alfredsson) Time change problems: Alltel (Steven M. Bellovin) Broken by design (Aahz) Update to "Think before you legislate" (Robert S. Heuman) Re: Predicting fatigue failure (Gary Maxwell) Re: Mac OS X Leopard firewall (Chris Adams, Ted Lemon) Re: Plagiarism & technology (Bob Brown) Re: "Same ol' same ol'" (Eric Ball) Re: Leaping onward (Rob Seaman) RISKS 24.91 Monday 19 November 2007 Reported impending asteroid was actually Rosetta (Paul Saffo) Ship collision with San Francisco Bay Bridge (PGN) Village auto crashes blamed on sat nav (Amos Shapir) Is Car Safety Technology Replacing Common Sense? (Florian Liekweg) Adi Shamir's bug attack (Jean-Jacques Quisquater) Timing Glitch Affected Thousands in NYC Marathon (Henry Baker) Hamilton Township election result flipped: programming error (PGN) Cardinal sin? Scoreboard message (PGN) The dangers of machine translation (Shoshannah Forbes) Security company e-mail undercuts user education (Rex Sanders) Dangerous Mix of Globalization and Software (Stephen Smoliar via PGN) Re: Best practices to redact account numbers (Mark Seecof) Verizon phones make an audible alarm when 911 is dialed (Alex Burr) ACSAC 2007 (Cristina Serban) ICRAT - Air Transportation Research Symposium (Dres Zellweger) REVIEW: "Network Security Hacks", Andrew Lockart (Rob Slade) RISKS 24.92 Monday 17 December 2007 Private details of EVERY family in Britain 'lost' by taxman in major security gaffe (Peter Houppermans) UK Government disks were not well encrypted (Peter Houppermans) Whole of UK Child Benefit records on CD lost in the post (Peter Mellor) Bad Health Informatics Can Kill (Brian Randell) Space Shuttle Year End Rollover problem (Jan Wolitzky) Lost in Translation: Rail Signal Consistency + Questionable Reporting (Chuck Weinstock) Computer Security Meets Alcohol Breath Testing (Eric Van Buskirk) Miss California? Sensible vote counting did! (Peter G. Neumann) Daylight savings switch causes twins paradox (Tony Luck) Risks: Computer Glitch Leads To Kmart Brawl (Gabe Goldberg) DSL outage hits some AT&T customers (Yahoo! News via Stephen W Smoliar) Drunk a better guide than sat nav (Dan Jacobson) RISKS 24.93 Sunday 30 December 2007 Computer Failure Causes Closure of Seattle Downtown Transit Tunnel (Jason Axley) Breakdown of aircraft separation, Sydney 4 April 2007 (Andrew Rae) Nitrogen Used To Fill Aircraft Oxygen Systems (PGN) Army to use Macs to prevent hacking (Peter Houppermans) 'Wrong country' sat-nav blunder (Richard Weir) Man pleads guilty to attempted shutdown of state's power grid (Paul Saffo) FedEx Contemplating A Move to Kyrgyzstan? (Robert Mathews) Ohio vote tampering opportunity? (Paul Saffo) Colorado Decertifies Voting Machines (Ken Dunham) A new low in phishing? (Andrew Koenig) Re: Computer Glitch Leads To Brawl At Wauwatosa Kmart (Howard Israel) Re: Whole of UK Child Benefit records on CD lost in the post (Tony Wright) Re: Private details/UK Government disks (Rob Slade) HMRC Lost Discs & Encryption (Brian Gladman) Drunk a better guide than sat nav (Jay R. Ashworth) Risk of poor capacity planning, etc.: online auction (Steven Hoober) RISKS 24.94 and RISKS 24.00 31 December 2007 Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 24 (10 August 2005 to 30 December 2007) ------------------------------ End of RISKS-FORUM Digest 24.00 (94) ************************ .