Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 24.00 (), Volume 24 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest [ongoing] Volume 24 : Issue 00 () FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 24 (10 Aug 2005 to ...) (NOTE: This summary is archived in ftp file risks-24.00 at ftp.sri.com, cd risks, and is also at http://catless.ncl.ac.uk/Risks/24.00.html.) ---------------------------------------------------------------------- Date: 29 Dec 2004 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Mailman can let you subscribe directly: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request@csl.sri.com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. INFO [for unabridged version of RISKS information] .UK users should contact . => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from The full info file may appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks [subdirectory i for earlier volume i] redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: for browsing, or .ps for printing ------------------------------ RISKS 24.00 Subject: SUMMARY OF RISKS VOLUME 24 (10 Aug 2005 to ...) (archived in ftp file risks-24.00) RISKS 24.01 Wednesday 10 August 2005 Russian remote controlled submarine failure (Martyn Thomas) Caltrans screwup (PGN) Lightning causing problems for lightning-detection system (Klaus Johannes Rusch, PGN) Navy jet has severe brake failure (PGN) US Navy to drop paper charts (Scott Peterson, PGN, Scott Peterson) Social Security Administration sends cards to the wrong place (Jonathan Kamens) German social services software drops changes (Debora Weber-Wulff) Hermann Chinery-Hesse and software in Ghana (James H. Haynes) Greeting answering machine! (R H Draney via Mark Brader) Every odd digit of number A, even digit of number B (Dan Jacobson) The risks of cell-phone auto-spellers (William Colburn) Credit-card obfuscation (William Colburn) Re: Car computer systems at risk to viruses (Adam Laurie) Re: Increasing sophistication of phishing spammers (Jonathan de Boyne Pollard) Re: Timezones and appointments (Sean Smith, Przemek Klosowski) Re: New Microsoft anti-piracy program circumvented (Peter Gregory) REVIEW: "File System Forensic Analysis", Brian Carrier (Rob Slade) RISKS 24.02 Sunday 28 August 2005 The Time Has Come: Taking Our Issues to the Public (PGN) Customs Computers Fail (Chuck Weinstock) 10th "planet" discoverer shares a secret a bit earlier than planned (George Swan) Hospital struck by computer virus (Andrew Brydon) USAF personnel database compromised (Ross Stapleton-Gray via Dave Farber) Students face punishment for computer tampering (Thom Kuhn) Cellphone carriers can listen in through your phone (Ryan Block via Dave Farber) No inspection record, lack of human contact, or something else? (Mythdraug) Risks of First UTC Leap Second in 7 Years (Dave Glicksberg) Teacher concerns over L.A. school computerization project (Lauren Weinstein) Re: Navy jet has severe brake failure (Carl F) Bad password practices (Jeremy Epstein) Risks of Bluetooth pirates? (Andre Kramer) Re: Risks of REAL ID: incorrect (Charles P. Lamb) Re: US Navy to drop paper charts (R A Lichtensteiger) Re: Slade's review of "File System Forensic Analysis", Brian Carrier (Simson Garfinkel) RISKS 24.03 Wednesday 7 September 2005 Katrina's telecom damage tops $400 Million; repairs may take months (Monty Solomon) Cockpit confusion found in Cypriot airliner crash (Lindsay Marshall) Flight Control System Software Anomalies (Peter B. Ladkin) Ships relying on GPS-based systems (Peter B. Ladkin) VT Gas pumps give up at $3/gallon (Monty Solomon) UK Elections: Web and text vote trials dropped (Chris Leeson) German social services software with new, costly errors (Debora Weber-Wulff) Not guilty because of system deficiencies (Debora Weber-Wulff) The FBI Virtual Case File and other disasters (jhhaynes) Mercedes car-door locking functionality (Leon Kuunders) Re: Risks of Bluetooth pirates? (Vassilis Prevelakis) RISKS 24.04 Friday 16 September 2005 Nation's Critical Infrastructure Vulnerable to Cyber Attack (U.S. House Science Committee) Katrina -- predictions before and response after (Inman Harvey) Health Records Of Evacuees Go Online (Jonathan Krim) One radio frequency for emergency services (Fred Cohen) LA power outage (PGN) Public Call for Skype to Release Specifications (Lauren Weinstein) WebGoat 3.7 - Application Security hands-on learning environment (Jeff Williams) National Academies/CSTB report on Electronic Voting (Herb Lin) Gmail security flaw: acts on javascript in unopened e-mail (Suw Charman) Re: Risks of REAL ID: incorrect (Steven M. Bellovin) CardSystems Complies With Industry Standards (Curt Sampson) REVIEW: "Forensic Discovery", Dan Farmer/Wietse Venema (Rob Slade) RISKS 24.05 Friday 30 September 2005 Software hijacks jet airliner ... again? (Charles Wright) Airbus, Whistleblower Dispute A380 Pressurization Controls (PGN) Metra Rail accident in Chicago (Andy Steingruebl) Katrina victims required to use Microsoft IE (Douglas W. Jones) Travelers Continue to Struggle with Wrongful Watch List Matches (EPIC FOIA Notes) Scots Jail hi-tech door locking system broke (George Michaelson) Risks of keyboard shortcuts (Andrew Koenig) Designing "safe software"...: A 4-star article! (Michael Radow) Sorcerer's Apprentice in the Driver's Seat?? (David Lesher) Mea culpa: How we got it wrong on Calling-Number ID (Geoff Kuenning) Open letter: Why "dot-xxx" is for Chumps (Lauren Weinstein) Router worms and International Infrastructure (Gadi Evron) Wolf Blitzer repeats Rudy in questioning governors (Fred Cohen) RISKS 24.06 Wednesday 5 October 2005 Google, Privacy, and Masochism (Lauren Weinstein) Legal docs expose various risks in routine Diebold maintenance in NC (Joseph Lorenzo Hall) Car and van collide (Kathy Uek via Monty Solomon) Y2K glitches linger (George C. Kaplan) Windows delete command can fail silently (Diomidis Spinellis) Buffer overrun in television sets (Matt Roberds) Why telephone "Caller ID" is actually now even worse than we expected (Lauren Weinstein) Re: Mea culpa: How we got it wrong on CNID (Kelly Bert Manning) Windows and USB devices (Mike Swaim) Router worms and International Infrastructure (Gadi Evron) D.C. Red-Light Cameras Fail to Reduce Accidents (Monty Solomon) Re: Katrina victims required to use Microsoft IE (Michael Bacon) Re: Kitten on the keys... (Andrew Koenig) CCSA Fall Symposium Call for Participation 3 Nov 2005 (Michel Kabay) RISKS 24.07 Thursday 13 October 2005 Takeoff at Logan aborted by errors (Mac Daniel via Monty Solomon) Faulty radar serving Logan leaves thousands stranded (via Monty Solomon) Translation can be hazardous to your identity? (Mark Brader) NOAA's radio transmitters missing backup power (Danny Burstein) The number 7 blocks Belgian ATM machines (Lindsay Marshall) We are from the /Greek/ government and we are here to help. Really! (Vassilis Prevelakis) Risks of Web 2.0, or, the MySpace worm (Paul Bissex) Unusually slick phishing attempt (Nickee Sanders) Re: Airbus, Whistleblower Dispute A380 Pressurization Controls (Kurt Doppelbauer) Re: B777 incident (Peter B. Ladkin) "One Frequency" (Jay R. Ashworth) Re: Windows delete command can fail silently (Joe Loughry) Re: Mea culpa: How we got it wrong on CNID (Geoff Kuenning, Jon A. Solworth) Criticism of Caller ID Well Founded (Robert Ellis Smith) RISKS 24.08 Wednesday 26 October 2005 Colleges protest call to upgrade online systems (Sam Dillon/Stephen Labaton) Printer steganography (Mike Musgrove) Meso-Mess: German registration office -- Just leave us alone! (Debora Weber-Wulff) Keep your eyes on the road! (Peter Scott) Internet banking risks need fixing (Monty Solomon) Mileage sign errors (Monty Solomon) OARS privacy problems (Nanette Asimov) Membership database from bankrupt User Group to go to highest bidder (Dale E. Coy) BlackBerry Thumb (PGN) Woman summoned to court over unread Oyster card (Nick Rothwell) Cingular says: "No password needed" is a Good Thing! (Steve Fenwick) How ATM fraud nearly brought down British banking: phantom withdrawals (Andrew King) ACM e-mail looks like Phishing -- again! (James Garrison) UK electoral registration security issues (Mike Williams) Interest Earned at a bank not the same as Interest Paid (Keith Price) Criticism of CNID well founded (Robert Ellis Smith) Re: Windows delete command can fail silently (Erling Kristiansen) CfP: Human-Computer Interaction in Aeronautics (Chris Johnson) Mark Stamp, Information Security: Principles and Practice (PGN) RISKS 24.09 Thursday 17 November 2005 Berlin tunnel control fail-safe fails for good (Debora Weber-Wulff) Software bug crashes Japanese stock exchange (Mark M Bennison) Flight Booking System Can't Recognise February 29 (Chris Brady) Fun with Daylight Saving Time (William Reitwiesner) Computer Glitch Lets Prisoners Out Early (Craig S. Bell) Radio signal keeps gates and garage doors closed (Bob Heuman) T-mobile erratic behavior (M. Barnabas Luntzel) Freddie Mac profits misstated due to software error (Jeremy Epstein) Some Fast Lane accounts double-billed (Mac Daniel via Monty Solomon) Sony CD DRM Blow-Up Continues -- Recalls Ordered, Lawsuits Possible (Lauren Weinstein) GPS tracking with Google Maps (Monty Solomon) 'Splogs' Roil Web, and Some Blame Google (David Kesmodel via Monty Solomon) Whither Goes Google? (Lauren Weinstein) Amex Blue Chip magic! (Lindsay Marshall) UK Police Vehicle Movement Database (Alan Fitch) My approach to CLID / 'phone number privacy issues (Paul Wexelblat) Re: Cingular: "No password needed" ... (Kevin Kadow) Two books of possible interest (PGN) RISKS 24.10 Wednesday 23 November 2005 Voting glitches from the 7 Nov 2005 Election (Joseph Lorenzo Hall) Mode error leads to recall of medical device (Richard I Cook) When switching to backup systems is too costly (Alan Powell) In-car GPS navigation - when it causes an accident (Mike Scott) Bank Shares Suspended After Annual Results Released Early (David Shaw) They needed a real firewall! (Jeremy Epstein) UNH alumni directory misreports 500 deaths (via Monty Solomon) "Chip and PIN" - whose goods are you paying for? (Andrew Law) More Excel risks (Patrick O'Beirne) Irony in certificate-land (Jeremy Epstein) Risks of applying to law school (Tony Lima) Producing Error-Free Software is Hard (J H Haynes) US Military removes Word documents from the Web? (Diomidis Spinellis) RISKS 24.11 Wednesday 7 December 2005 Hospital operates on wrong patient (Walter F. Roche Jr.) Mercedes brake test fiasco (Andre Kramer) Tens of thousands mistakenly put on terrorist watch lists (Anne Broache via Richard M. Smith) Security Flaw Allows Wiretaps to Be Evaded, Study Finds (John Schwartz and John Markoff via David Farber) DHS-Sponsored phishing report (Aaron Emigh) Poorly designed online interfaces make identity theft simple (Marty Lyons) School psychologist's student records accidentally posted online (Monty Solomon) Plain-text passwords: as RISKy as you'd think (Steve Summit) Y2K++ (Jim Horning) Risks of naive date calculation (Mike Albaugh) Bye Bye BlackBerry? (Ian Austen via Monty Solomon) SafetyText (Nick Brown) Data disasters dog computer users (Amos Shapir) Online tax credit system closed (Amos Shapir) Re: Some Fast Lane accounts double-billed (Steve Summit) Stop speeding using a GPS? (Jeremy Epstein) Re: In-car GPS navigation (Henry Baker, Derek P Schatz, Ian Chard, Jack Christensen) Re: UK Police Vehicle Movement Database (Identity withheld, mathew) RISKS 24.12 Monday 12 December 2005 Unmanned shuttle system suspended after collision (Gerrit Muller) EFF sues North Carolina over electronic voting-machine certification (Peter Ludemann) A Little Sleuthing Unmasks Writer of Wikipedia Prank (Katharine Seelye via PGN) False WHOIS Data Still Bedevils (Jim Wagner) Miniature Golf Course on Terror Target List (Paul Saffo) Trouble for LAPD computer system (Dan Laidman via PGN) Trading Error Leads to $225 Million Loss for Japanese Firm Bulls or bears? Depends on parameter order (Jeremy Epstein) Anti-piracy gone awry in MacInTouch (Monty Solomon) Electronic Switch Fire Exits / Uniform Fire Code (Daniel Norton) Privacy implications of Microsoft's Windows Live Local (David Pescovitz via Monty Solomon) Live Tracking of Mobile Phones Prompts Court Fights on Privacy (Matt Richtel) Letter to Employees about Benefits from Meijer (James Bauman) Re: In-car GPS navigation (William Ehrich) Re: Y2K++ (Paul E. Ford)