Subject: RISKS DIGEST 12.00 (and 12.73) REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 31 December 1991 Volume 12 : Issue 73 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: SUMMARY OF RISKS VOLUME 12, collected in RISKS-12.00 (1 Jul 91 - 31 Dec 91?) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE INTERNET FROM: ADDRESS, especially .UUCP domain folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 12, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- RISKS 12.01 1 Jul 91 The Risks of Undelete and the Law (Ron Dippold) Patriot missile specifications (Robert I. Eachus) Lawsuit Pending over Patriot's Failure to Stop Dharan Scud (Sean Smith) Word Perfect file locking poor protection (John Gilmore and Helen Bergen via Peter Jones) Statement in Support of Communications Privacy (John Gilmore) NIST announces public-key digital signature standard (John Gilmore) Re: Videotape of the pilot discussing the crash of UAL 232 (Robert Dorsett) RISKS 12.02 2 July 1991 Insecure Superman leads to Superbill (Paul Leyland) Too Many Computer Systems Hurt War on Drugs, study says (PGN) Colombian Constitution Erased (Brian Snow) More phone disruptions (Fernando Pereira) Bell Atlantic 26 June Failure (Robert McClenon) Re: The Risks of Undelete and the Law (Al Donaldson) Searching the RISKS archives via WAIS (Ephraim Vishniac) "On the Danger of Simple Answers" (elnitsky via Rob Slade) Videotape of the pilot discussing the crash of UAL 232 (Mary Shafer) Risk of posting to RISKS (Jerry Hollombe) RISKS 12.03 8 July 1991 Alcor/Email suit pays off! (Henson) Computer based estimation of mortality (Richard I. Cook) On finding a coding bug in the Time Server Daemon (Martin Minow) Animated hieroglyphics on telco operators's terminals (Dan Jacobson) Dutch Phreaks and Chaos Congress 90 (Klaus Brunnstein) Risks Forum and Vulnerability (Klaus Brunnstein) Re: Global warming: Not so funny. (Victor Yodaiken) Re: "On the Danger of Simple Answers" (Chuck Karish) The advantages of posting to RISKS (Brian Tompsett) RISKS 12.04 9 July 1991 Clip-Art Confusion Causes City Change (Christopher Davis) Hiding a face on television (Tim Smith) A RISKy night in Georgia (Robert E. Van Cleef) Risks of HR 1400 to modem community (Jim Thomas) Dissemination of confidential information (Hugh Cartwright) Review of "TERMINATOR 2: Judgment Day" (R. Mehlman) Re: Computers and Exporting (Vadim Antonov) Re: Formalism vs Experimentation (Vadim Antonov, Daniel Palumbo) Disk based crime plan (Rob Boudrie) Deleting vs. Shredding (Brad Templeton) Re: The Risks of Undelete and the Law (Steven Tepper, William Ricker) RISKS 12.05 11 July 1991 TRW Accused of Exploiting Consumers (PGN) Dissemination of confidential information (Adam Curtin) Phone disruptions (Ed Andrews) (Im)probability theory (By Arthur Salm) Leaking of Gates memo not an IT risk (Henry J. Cobb) Coding bug (Dennis L. Mumaugh) Re: A RISKy night in Georgia (Trevor Kirby, Bruce Perens, Paul Smee) Risk Preferences [Research effort!] (Kevin Crocker) FINAL CALL, COMPUTING & VALUES CONFERENCE, AUG 12-16 (Walter Maner) RISKS 12.06 16 July 1991 Bay-Area Long-Distance Service Disrupted (again!) Computer Showers a Briton with Gifts (Henry Cate III via Mark Brader&rec.humor) Computer "assistance" in the UK Grand Prix (Brian Randell) Re: auto telemetry records (Erik Nilsson) Free [Canadian] Money? (Mark Batten) Nitwit ideas (Niven and Pournelle) (Clive Feather) Puzzle boxes for critical device interfacing (Ross Williams) U.S. Electronic Data Move Challenged on Privacy Issue (NYT via Jeff Helgesen) NPTN Infosphere Report (Sue Anderson) Re: Risks of Posting to RISKS (Chuck Dunlop) RISKS 12.07 16 July 1991 RISKS: US West 10x charges users (patlo) Houston City Hall voice-mail prank (PGN, S. Spenser Aden) Re: Risks of posting to newsgroups (Li Gong) 1992 IEEE Symposium on Research in Security and Privacy (John McLean) Puzzle Boxes: Reply to comments (Ross Williams) RISKS 12.08 25 July 1991 Another false apprehension -- erroneous database information (PGN) Human Error Blamed for Soviet N-Plant Problems (PGN) Shuttle Atlantis out to launch (PGN) Risks of getting used to computers (Geoff Kuenning) Index of Known MsDos Malware: 998 viruses/trojans (Klaus Brunnstein) Sometimes they even warn you about the pitfalls (self-trapping) (Andrew Koenig) Smart cockpit with no backup (Henry Spencer) Black boxes in autos for accident "facts" (Mark Seecof) Re: Artificial Dissemination (Edward Jung) RISKS 12.09 25 July 1991 The limits of simulation (Henry Spencer) RISKS vs. RISKS (Steve Bellovin) Gottschalks rejects check (Todd Heberlein) Proposed law on computer searches (Chris Hibbert) [longish] New Jersey "software engineering" registration legislation (John M. Ritter via Arthur Rubin) [longish] RISKS 12.10 29 July 1991 Summer slowdown (PGN) Egad, sail-by-wire! (W. K. (Bill) Gorman) Third Chicago Airport: Rare Events & Computer Projections (William E. Mihalo) Risks of human error in Soviet nuclear "industry" (Tom Blinn) Re: Smart cockpit with no backup (Simson Garfinkel) Licensing of Software Engineers (Bill Murray) Re: New Jersey "software engineering" registration legislation (Bob Frankston) ACM SIGSOFT '91, SOFTWARE FOR CRITICAL SYSTEMS (Judith Burgess) RISKS 12.11 30 July 1991 DEFSTAN 00/55-56 (Victoria Stavridou and Andres Ravn) Computer problems at BCCI (David Shepherd) Census data in the Land of Oz (Michael Panosh) Soft Eng Cntrl aids during Hydraulic Failure (Science News) (Jeffrey Sorensen) Risks of human error in Soviet nuclear "industry" (Ken Mayer) Cardphone Problems in Ireland (D.P.O'Donoghue) Book review: Practical Unix Security (Clifford Stoll) *WRONG* ftp-adress in Brunnstein: Index of Known Malware (Eibo Thieme) Re: Smart cockpit with no backup (Henry Spencer) Re: The limits of simulation (Henry Spencer) Re: Licensing of Software Engineers (Henry Spencer) Data entry is NOT software engineering.. (Thomas P. Blinn) New Jersey "software engineering" registration legislation (Arthur Rubin, A. Padgett Peterson, Christopher R Riley, Chris Riley, Joseph Beckenbach) Flawed assertion in RISKS-12.08 (Mark Seecof) Re: Risks of Posting to RISKS (Jerry Hollombe) RISKS 12.12 12 August 1991 Teenage Hacker Emulates Hess (PAJ) Future Risks (Hilarie Kauiolani Orman via Richard Schroeppel) Security comes to the Free Software Foundation (Martin Minow) Lotus Marketplace Epilogue (Marc Rotenberg) Computer frustration (Andrew Goldberg via Les Earnest) Yet another threat to telephone privacy (Jeff Makey) "Enemy of the State" -- Story on risk to privacy (Richard Thomsen Firefighters won't give first aid to AIDS patients (Sean Eric Fagan) Lifestyle discrimination (Martyn Thomas) RISKS 12.13 19 August 1991 Junk Mail in Outer Space: Shuttle test mail-bombed (Peter Scott) ATM mixup in New York (John Martin) Computer failure helps Bakthiar murder suspect (Fernando Pereira) Deutsche Airbus 2000 (Martyn Thomas) Bell V22 Osprey crash (Martyn Thomas) "Doctored" radios (PGN) "Virus Implants in DoD Weapons" (David Risler via Jerry Leichter) Cracker charged in Australia (Fernando Pereira) Profitable Drug Wars -- Innocents Presumed Guilty (mauler via Charles Hoequist) [SEE ALSO RISKS-12.13LAW] Patriot and Dhahran again (Phil R. Karn) Re: "Traffic crystal ball" may be in your car's future (Secty Samuel Skinner, [editorial], via Jeff Helgesen) Risks of Calling Reporters in Ohio: Procter & Gamble (PGN) Risk of Power Failures in Computer Controls: 9 Mile Point (PGN) RISKS 12.14 19 August 1991 TRW Wrong on Credit Reports for Entire Town (Scot Drysdale) Computer Crime Bill - S1322 (Robert E. Van Cleef) Bank Shot (RISKS of automatable documents) (Ed Ravin) Misuse of computerized auto registration info (Rodney Hoffman) Risk of licensing programmers -- lost freedom and creativity (John Gilmore) A320 revisited (Robert Dorsett) Re: Procter&Gamble (Steve Bellovin) Re: FSF machine having to clamp down on security (Paul Mauvais) Re: "locking" DoD smart weapons (Guy Sherr) Re: Rumor regarding Soviet calibers (Michael Edelman) More Credit Bureau Risks (Mike Waters) RISKS of calling 911 from cellular phones (E.M. Culver) Book: "Narcissistic process and corporate decay..." (Dan Jacobson) RISKS 12.15 22 August 1991 Electronic mail beams shuttle's message home (Joe Abernathy, PGN) The RISKS of a national computerized entertainment ticketing network (KJPhelan) Personal data in California (Phil Agre) Electronic Library Systems in Airliners (Robert Dorsett) Microsoft, IBM demonstrating faults in each other's products (Jon Jacky) "Citicorp Creates Controversy With Plan To Sell Data ..." (Jerry Leichter) NY Times Letter on Fake Documents (Sanford Sherizen) ATM videotapes (Jyrki Kuoppala) Re: Bell V22 Osprey crash -- assembly error (Henry Spencer) RISKS 12.16 26 August 1991 Pacific Bell "Message Center" failure in San Francisco Area (David Schachter) More Risks of Computer Billing -- $22,000 water bill (PGN) Risk Perception (Rodney Hoffman) More on Houston Chronicle spacemail item (Joe Abernathy) Internal computer fraud at Pinkerton (Rodney Hoffman) P&G phone record search (Mark Seecof) RISKS on trusting organizations like CERT (Jyrki Kuoppala) TCAS sees ghosts (IEEE Spectrum article via Jim Horning) More on the Lauda Air crash (Brian Acohido via Nancy Leveson) RISKS 12.17 26 August 1991 Computer-related problems at Cape Canaveral (Steve Bellovin) Computer communications and the aborted Soviet coup (PGN) Medical records for sale (Jerry Leichter) Citicorp selling of credit card data (Bud Couch) Automating commodities markets (Cameron Laird) Re: Bank Shot (RISKS of automatable documents) (Jerry Hollombe) Re: Microsoft, IBM demonstrating faults in each other's products (Flint Pellett) More about California's Automatic Vehicle Identification spec (Steve Bagley) California DMV AVI proposal (Phil Agre) Use of ATM for blackmail in UK TV script (Mark Evans) Desktop Forgeries (John Moore) Re: SSNs (Brad Templeton) Sometimes you can only get there using the long way around (Bob Cunningham) Re: canopus.stanford.edu goes nova (Joe Dellinger) FTCS 22--Symposium on Fault-Tolerant Computing (Jack Goldberg) RISKS 12.18 27 August 1991 13 Aug 91 NY Nine Mile Point 2 Nuclear Plant Incident Reassessed (PGN) Risks to Computers from Coup Attempt (Aldis Ozols) Oil Firm Surveys for Data and a Data Interchange Format (John F Stoffel) Ada beats C++ according to the DoD (John F Stoffel) Unwarranted equivalence assumptions (Andrew Koenig) Study Recommends Earthquake Warning Network (Fernando Pereira) Re: Firefighters won't give first aid to AIDS patients (Tim Oldham) Re: Cracker charged in Australia (Richard A. O'Keefe) FAA seems misled (Re: TCAS Sees Ghosts) (Richard Johnson) Risks of CDROM publishing (Donald M. Craig) The RISKS of a national computerized entertainment ticketing network (Steve McDowell) New List: C+HEALTH (Computers and Health) (Judy Smith) RISKS 12.19 28 August 1991 Phone Fraud (Ed Andrews summarized by PGN) (Assumed) False Alarm at Nuclear Plant (Rodney Hoffman) O, Oh, what a difficult name (Gene Spafford) Programs Pester Public Policy People (Jeffrey Sorensen) Re: 13 Aug 91 NY Nine Mile Point 2 Nuclear Plant Incident (Steve Bellovin) Re: Ada beats C++ according to the DoD (Brinton Cooper) Re: Unwarranted equivalence assumptions (Brinton Cooper) Re: TCAS sees ghosts (Steve Jay, Lars-Henrik Eriksson, Keith Hanlan) pugwash.dcs.ed.ac.uk goes nova too (John Butler) NIST High Integrity Lecture Series: talk by Laszlo Belady (Laura Strigel) RISKS 12.20 30 August 1991 "Thieves Hit Social Security Numbers" (Yasmin Anwar via PGN) Jetliners in near-miss over Cleveland (PGN) More T/CAS (Martyn Thomas, Robert Dorsett) Overseeing dementia patients by computer (Urban Fredriksson) Heisenberg effect for credit data? (Peter G. Capek) The story of O [and Ng] (Jerry Leichter, Stuart I Feldman) A number is no name (Clifford Johnson) The need for utilities to deal with non-standard situations (Tom Lincoln) Uncle Sam Can't Keep Track of his Trillions (Bob Frankston) RISKS 12.21 DIGEST 31 August 1991 `Risk perception' (Phil Agre) Flaming makes the mainstream media (again) (Charles Forsythe via Gene Spafford) Phone Fraud Story a Fraud? (Michael Barnett) Re: Phone Fraud -- Langley VA [anonymous] +&*#$ (Bob Frankston) Banks, Credit Cards, and Short Names (Bill Biesty) YASSNS (Yet Another Social Security Number Story) (S. Peter Loshin) Re: Programs Pester Public Policy People (Jeffrey Sorensen) Police tickets & computers in the Netherlands (Ralph Moonen) Re: Cracker charged in Australia (Gene Spafford) Senseless Actions Invite Trouble (Charlie Lear) A Danger Associated with Intelligent Terminals (Douglas Thomson) Re: Unwarranted equivalence assumptions (Andrew Koenig) Old School Reports of the Famous (Kernel Mustered via Spaf and Keith Bostic) RISKS 12.22 3 September 1991 Madison mail mess-up (Tom Slone) RISKS of using electronic mail, and universal addressing (David Parnas) Re: +&*#$ (Tom Blinn) Re: Study Recommends Earthquake Warning Network (Floyd Ferguson) Re: Risks of Risk Perception Research (William P Gardner, Craig Seidel) Symposium on Reliable Distributed Systems, Advance program (Lorenzo Strigini) DIAC-92 CALL FOR PAPERS AND PARTICIPATION (Douglas Schuler) RISKS 12.23 3 September 1991 Herb Caen on Computerized Radar (via Mike Seibel, Brad Templeton, Allan Meers) "Miser held in record Social Security fraud" (Barry Jaspan) Re: "Thieves Hit Social Security Numbers" (Lars-Henrik Eriksson) Computer Abuse Amendments Act of 1991 (Thomas Zmudzinski) Re: A Danger ... with Intelligent Terminals (Paul Stachour) Complain to Journalists (John E. Mollwitz) The RISKS of Superiority (Arthur Clarke [!] via Ellen Spertus) NASA severs connection on electronic mail linkup (wrapup by Joe Abernathy) RISKS 12.24 4 September 1991 Radiation therapy machine dose rate doubled by configuration error (Lawrence W. Berkley and James A. Purdy, summarized by Jon Jacky) Salomon Brothers -- Database Design [anonymous] Airworthiness Directive for 747-400 electrical system (Robert Dorsett) `Risk perception' (Phil Agre) Re: Risk Assesment High Priesthood (Robert W. Kerns) Re: A number is no name (EKristia...) Re: Re: +&*#$ (Bob Frankston) Re: "Thieves Hit Social Security Numbers" (Urban Fredriksson) Re: Risks of a Universal Identifier (Martin Minow) RISKS 12.25 5 September 1991 A kludge too far? FAX-to-OCR-to-speech (Bob Frankston) LA Times Article on E-mail (Mike Kimura) Re: RISKS of using electronic mail (Brian Clapper, David Parnas) More on SSN risks (Glen Osterhout) Universal Email addresses and SSN (Jim Anderson) Re: "Thieves Hit Social Security Numbers" (Bob Frankston) Re: National Character variations in ASCII (Jim Haynes) Pork barrel software validation (Paul Eggert) Multics/UNIX Lessons (Edward Rice) Call for Papers, FICS 92, Singapore (Harold Joseph Highland) RISKS 12.26 6 September 1991 The Dead Sea Scrolls and Data Security (Jerry Leichter) Charging batteries (Erling Kristiansen) ``Returns for Senders'' (US Postal Service handling of forwardings) (Dinah Wisenberg Brin in Common Cause, via PGN) Re: Portability of E-mail Addresses (Robert Neff) DDN Management Bulletin 84 on NIC transfer (NIC) Re: +&*#$ (David J. Fiander, Tom Blinn) Re: Story of O (Will Martin) Re: A number is no name (Merlyn LeRoy, Bob Frankston) Re: RISKS of using electronic mail ... (Brinton Cooper, Bob Frankston) Re: National Character variations in ASCII (Bob Frankston) RISKS 12.27 7 September 1991 Play the lottery via Nintendo (Mike Cepek) Re: Salomon Brothers -- Database Design (Jeff Berkowitz) The REAL RISKS and REWARDS of E-Mail (Larry Press via Tom Lincoln) Re: ``Returns for Senders'' (Willis H. Ware) Re: +&*#$ (John Moore, Andy Goldstein) Re: A number is no name (RMRichardson, Bob Frankston) Re: Unusual characters in addresses (David Lamb) Re: A permanent EMAIL address (Mike Van Pelt) Re: RISKS of using electronic mail" (David Parnas, John Sloan) Re: The Dead Sea Scrolls and Data Security (Chuck Karish) Re: WHOIS (David A. Curry, Chuck Karish) A better model for cracking (Scott Draves) Prize for Most Useful Computer Virus (Cliff Stoll) 15,000 Cuckoo Letters [Another RISK OF EMAIL?] (Cliff Stoll) RISKS 12.28 9 September 1991 FAA on 755 thrust reversers (PGN) Inmate, working for TWA, steals credit card numbers (Rodney Hoffman) Re: Salomon Brothers -- Database Design (William Dye) Fax machine IDs (Robert Morris) Re: Unusual characters in addresses (Bob Frankston) Failsafe mode for 3.5" Floppies (Don Phillips) Re: The RISKS of Superiority (John Hobson) Re: A Danger ... with Intelligent Terminals (Randolph Bentson) Risk assessment: a specific experience (Mark Fulk) Re: Risk Perception (Geoff Kuenning, Chuck via Phil Agre, David Chase, Dan Drake, Craig Partridge, William P Gardner, Phil Agre, Fred Heutte) RISKS 12.29 10 September 1991 CIA dumps on the National Security Archive (Tom Slone) CAA grant Cat IIIB autoland clearance for 747/767 (Martyn Thomas) Follow-up on Hobson's M16 story (Jim Purtilo) Risks of Incompatibilities (Harry Erwin) Crackers for hire (Mark Seecof) Re: Salomon Brothers -- Database Design (Dan Drake) Re: Risk assessment: a specific experience (Peter Wayner) Re: The risk of thinking we are in control (Larry Seiler) Re: National characters on car plates (Torsten Lif) Re: Failsafe mode for 3.5" Floppies (BartMassey, BruceHamilton, AndrewKlossner) Re: Number of virus events dropping (Mark Hittinger) Re: Prize for Most Useful Computer Virus (Raymond Chen, Richard A. Schumacher, Dave Butterfield) It is RISKy to believe that Averages are `average' [!] (David Paschall-Zimbel) Seventh Annual Conference on Computer Assurance (James Bret Michael) RISKS 12.30 11 September 1991 Export controls on workstations (John Markoff via PGN) Re: Multinational Character sets (Hugh Davies) Re: National Character variations in ASCII (Kim Greer) Re: Risks of sloppy terminology (Geoff Kuenning) Re: M16 (Ty Sarna) Re: Failsafe floppies? (Jordan M. Kossack, Bob Jewett, Doug Krause, David Palmer, Mike Berman) Re: Beneficial viruses considered harmful (Brian Rice) Re: Prize for Most Useful Computer Virus (Joe Dellinger) RISKS 12.31 12 September 1991 Re: Export controls on workstations (Neil W Rickert, Brinton Cooper, Haakon Styri) "Checkless society" (Daniel B Dobkin) Re: Multinational Character sets (Dik T. Winter, Robert Ullmann, Hugh Davies) Re: +&*#$ (Mike Morris) Re: M16 and James Fallows' "Two Weapons" (Jon Jacky, Tom Faller) Junk Mail -- In memoriam, Dave Sharp (Peter Mellor) Risks of assumptions? (R. Cage) The seriousness of statistics mistakes (Jeremy Grodberg) Risk Assessment: a specific experience (Justine Roberts) Re: risk analysis (Victor Yodaiken) Averages and distributions (Jerry Leichter) RISKS 12.32 12 September 1991 Security in software distribution (Joe Morris) Re: Crackers for hire (Joan Eslinger, James Deibele) Re: Helpful Viruses? (Stan Kurzban, Bob Johnson, Chuck Royalty) Re: Cheap air tix (Mark Seecof) Re: EMP (Phil Agre, Tom Faller) Re: The seriousness of statistics mistakes ... (Mark Fulk, Ronald A. Thisted) Re: ASCII (Eric Florack, Mark Seecof) RISKS 12.33 15 September 1991 British Telecom computer failure cuts off 42000 (Paul Leyland) Security Software Bug Locks Up System (Sanford Sherizen) Companies Steal Information (Sanford Sherizen) Industrial espionage (Jerry Leichter) Re: Junk Mail ... 737 crash (Steven Philipson) RSA vs. NIST (digital security standards) (Tom Slone) Re: Salomon Brothers -- Database Design (Gary Beckmann) Secret Computations the basis for Corporate Decisions (Jeffrey Sorensen) Re: +&*#$ (Bob Clements, H. Fuss) History of Internationalization of ASCII (Paul Green, Lars Henrik Mathiesen) Export controls on workstations, or, more mantras (Jerry Leichter) RISKS 12.34 16 September 1991 Network Security Lacking at Major Stock Exchanges (PGN) "Planted" data in databases [anonymous] Re: RSA vs. NIST (Greg Rose, Steve Bellovin, Dan Bernstein, Kevin McCurley) Re: Export controls on workstations (Hank Nussbacher, Lars-Henrik Eriksson, John Mainwaring) RISKS of trying to get hard facts [OS/2] (Conrad Bullock via Gideon Yuval) RISKS (yet again) of not enough data (Bill Gunshannon) Re: +&*#$ (Dave Roberts) Re: Multics/UNIX Lessons (Dick Karpinski) RISKS 12.35 17 September 1991 Computer security breach at Rocky Flats nuclear weapons plant (Fernando Pereira, Allen Miller) DSA is weak (Jim Bidzos) The difficulty of RSA (Jerry Leichter) Re: RSA vs. NIST (digital security standards) (Richard A. Schumacher) Re: Export controls on workstations, ... (John R. Levine) Virus halted government computers in south China (PGN) Smart Pill Bottles (Joe Abernathy) (from CACM via VOGON) Retraction: The seriousness of statistics mistakes (Jeremy Grodberg) The seriousness of statistical mistakes (Clifford Johnson) RISKS 12.36 18 September 1991 AT&T Phone Failure (Ed Andrews) Fly-by-wire without leaving the ground (JCF) World Bank virus (Ted Lee) SunOS SPARC Integer Division Vulnerability (CERT Advisory) The risks of a computer-based forum (Brian Holt Hawthorne) Descriptive terms [false positives and negatives] (Jon Krueger) Risks of mistreating programmers (Arun Welch) Re: Security Software Bug Locks Up System (Sanford Sherizen) RSA stuff (John Mount) Manipulation of digital images (Joe Morris) Re: +&*# (Richard Ristow, John Wichers, Gary Beckmann, Timothy Freeman, Lynn R Grant, John F. Woods) RISKS 12.37 20 September 1991 Letter to Congress on NIST's DSS (Jim Bidzos) RISKS 12.38 20 September 1991 Midwest Stock Exchange Reaps Millions Due to Accounting Glitch (Jeff Helgesen) Newark NJ high school computer problem (Martin A. Leisner) Technology and the oldest profession (Henry Cox) YATO (Yet Another Telco Outage) (Richard Johnson) AT&T switch trouble (Fernando Pereira) English Supermarket Checkout Failure (Maddock) Samurai Hackers' Cunning Employer Screening Process (Marco Barbarisi) Re: Fly-by-wire without leaving the ground (A. Padgett Peterson) MSAFP, utilities, and all that (Mark Fulk) Computer monitoring of pill bottles (Jennifer Heymont) Documentation and lack thereof (Stanley (S.T.H.) Chow) Just the wrong number (Jerry Leichter) Reliability and Redundancy (Bill Murray) CPSR Annual Meeting (Eric Roberts) RISKS 12.39 23 September 1991 Carpal Tunnel Syndrome strikes (Peter Mellor) Risks of technical translation (Bertrand Meyer) Patent for Travelmation on Fare-Search System (Bob Frankston) Rounding and truncating within multilevel software (Brenton Hoff) Re: SunOS SPARC Integer Division Vulnerability (Dik T. Winter) Re: Risks of mistreating programmers (Vesselin Vladimirov Bontchev) Re: Play the lottery via Nintendo (Mike Cepek) Re: documentation and the obsolete parts problem (Lou) Ideas made simple (Bob Frankston) Book review: Technological Risk, H.W. Lewis (Jack Goldberg) RISKS 12.40 25 September 1991 Bell V-22 Osprey - correct sensor outvoted (John Wodehouse) Challenger O-ring Problem heads topics at conference on ethics (George Leach) People and Public Screens (Antony Upward, PGN) Credit bureaus, heisenbugs, and clerical errors (Peter G. Capek) Electronic locks at Harvard (David A. Holland) Bad error handling in Lamborghini Diablo engine management (Richard Boylan) Denver Hacker Hacks NASA (Andy Hawks) Re: MSAFP, utilities, and all that (Eric Eldred) RISKS 12.41 28 September 1991 Ada Code Formatters pretty dangerous (Richard G. Hash) Risks of computerized typesetting (Simson Garfinkel) Galileo's Revenge - Junk Science in the Courtroom (Martin Minow) Readings in Judgement and Decision Making (Doug Jensen) Nintendo Lottery Is For Real (Jim Huggins) Radio Shack computerized mailing list problem (Joseph Poirier ) Re: Security in software distribution (Kilgallen) Re: Bell V-22 Osprey (John Wodehouse, A. Padgett Peterson) Have you tested your machine lately? (K. M. Sandberg) Electronic Locks in Universities (Martin Ewing, Jim Huggins, Dean Rubine, Kraig Meyer, Mike Carleton) RISKS 12.42 30 September 1991 Dialup lottery (PGN) Space Station Software Hubris (David Bremner) Re: V-22 Osprey (Henry Spencer) Re: Risks of computerized typesetting (Lauren Weinstein, Gene Spafford) Re: Radio Shack computerized mailing list problem (John R. Levine, et al.) Re: eelskin wallets and magnetic cards (Robert Ullmann, et al.) Re: Have you tested your machine lately? (Bennet Yee, Henry Spencer) RISKS 12.43 7 October 1991 Full (16 rounds) DES Broken (Li Gong, Dave Roberts) AT&T "Deeply Distressed" over Outage (Mark Seecof, Michael F Eastman) Fred Cohen's contest and ``good viruses'' (Gene Spafford, John Markoff) RISKS 12.44 8 October 1991 RISKS of Highway warning signs (Jim Hofmann) US Coast Guard's user fiendly software [sic] (Dave Schmidt) Fiber optics can spontaneously destroy themselves! (Jeffrey Sorensen) 911 Glitch Delayed Help in Fatal Mt. Prospect Fire (W.F. Wicks via Mark Brader) Risks of owning a modem (Geoff Kuenning) Emergency phone dialer in Contra Costa county (Darren Alex Griffiths) ECC == Error CAUSING Code? Tape drive overcorrects itself... (John Board) Re: AT&T "Deeply Distressed" (Bob Colwell) Re: Back quotes print wrong (Dick Karpinski, Simson L. Garfinkel) Re: Space Station Software Hubris (Stephen G. Smith) Schipol Airport (Peter De Graaf via Mark Kennedy) Computer Mediated Ethical Discussion: An Invitation (Peter Danielson) ACM Computer Security Day (Beth Olson) RISKS 12.45 9 October 1991 TACAS -- good news / bad news (Martin Minow, PGN) Safer flying through fly-by-wire (Henry Spencer) Friendly (?) viruses (Paul Smee) Computers and missile control (Walt Thode) Re: Known plaintext attacks (Ted Rodriguez-Bell, Clive Feather) Re: AT&T "Deeply Distressed" (Steve Bellovin, Bob Colwell) Re: Schipol Airport (Henry Spencer) Re: RISKS of Highway warning signs (K. M. Sandberg, Joe Morris, Dominic G. Flory, Michael Cook) Risks of computerized typesetting (Paul Wallich, Joe Smith) Re: Ada Code Formatters (or the dangers of old software) (Kent Mitchell) Re: Computerized typesetting and character sets (Richard S. D'Ippolito) RISKS 12.46 10 October 1991 Encryption Exportability (Clark Weissman) (from ``Inside Risks'') Security Criteria, Evaluation and the International Environment (Steve Lipner) RISKS 12.47 10 October 1991 Ex-DMV worker admits altering driving records for money (Vireday) Software migration at Johnson Space Center (Joe Bouchard) European Ideal Embraces Harmonised Pornography (Brian Randell) Prison Phone Phraud (or The RISKS of Spanish) (Jim Flanagan) "Peace Patent" and "Colossus: The Forbin Project" (Lauren Weinstein) UCSC to install touch-tone registration (HELP WANTED) (Darrell Long) Re: Ada Code Formatters (... old software) (David Parnas) Re: Encryption Exportability, by Clark Weissman (Carl Ellison) Re: Fiber optics can spontaneously destroy themselves! (Paul Leyland) Re: Safer flying through fly-by-wire (Randal L. Schwartz) Re: ``Friendly'' (?) viruses (Bertrand Meyer) Re: AT&T Outages (Peter G. Rose) Re: RISKS of Highway warning signs (Steven Philipson, Arthur Hamlin, Richard Thomsen, Bob Haar, Keith Henson) RISKS 12.48 11 October 1991 Police raid wrong house -- for second time (David B. Benson) Crypto Public Policy (Bill Murray) Re: Security Criteria, Evaluation and the International Environment (Henry Spencer, PGN) Re: "Safer Flying through Fly-By-Wire (Arnd Wussing, Mary Shafer) Re: Computers and missile control (Eric Prebys) Re: Software migration at Johnson Space Center (Bob Frankston, Doug Burke, Guy J. Sherr) Human error: once more, with feeling (Don Norman) Re: AT&T outage (Bob Colwell, Mark Seecof, Bob Niland, Martyn Thomas) A step towards adopting DefStan 00-55 (Vicky Stavridou) Digital Retouching on the Telephone (Chuck Dunlop) RISKS 12.49 14 October 1991 Nuclear Computer Safety Fears (Antony Upward) Computer Error by Policeman (Antony Upward) Thermostat failure mode (Liudvikas Bukys) I really like banks -- world wide! (Boyd Roberts) I'm sorry, the computer says your credit is bad (David Bremner) "Who Flies the Plane?" (Ken Tindell) Risks of Enterprise-Wide Phone Systems (David Fiedler) AT&T Outage (Jerry Schwarz) Re: "AT&T `Deeply Distressed' (Flint Pellett) Re: External risks to computer systems (Peter Mellor) Re: Keeping people in the loop (George W. Leach) Re: ``Friendly'' (?) viruses (Brandon S. Allbery, Paul Smee) Re: buggy software (James B. Shearer) Re: Security Criteria, Evaluation ... (David States) Re: Software migration at Johnson Space Center (Richard H. Miller, Tim Parker) Informatik journal available (Duane) RISKS 12.50 15 October 1991 TRW misreports local taxes (Mark Seecof) ATM Doesn't Catch Cash Cache Problem (Ed Miller) Re: buggy software (David Parnas) Risks of genetic engineering? (Michael Pilling) Electronic thermostat failures (Ralph Palmer, Mary Shafer, Bob Wilson) ACM SIGSOFT'91: SOFTWARE FOR CRITICAL SYSTEMS [timely reminder] (Nancy Leveson) RISKS 12.51 16 October 1991 Mathematical and scientific foundations for engineering (Henry Petroski via PGN) Thermostat failure (Richard Schroeppel) Blockbuster `Loses' Returned Video (Mowgli C Assor) Credit Card Fraud (Brian Randell) New Massachusetts check/credit card ID law (John R. Levine) Giving Away Privacy (Continued) (Sanford Sherizen) Re: buggy software (Martyn Thomas, Magnus Kempe, Dave Parnas, Bart Massey, Ernesto Pacas-Skewes) Re: TRW misreports local taxes (Rob Spray) RISKS 12.52 21 October 1991 The Future is Here (Amos Shapir) The_RISKS_of_Geraldo (Andy Hawks) [totally accidental juxtaposition!] Re: Police raid wrong house -- for second time (Amos Shapir) Re: TRW (Bob Colwell, Anthony DeBoer, Steve Hollasch) Re: buggy software (Mark R Cornwell, James B. Shearer, Byron Rakitzis, Richard Hanlon, Stephen G. Smith, Bob Wilson, David Parnas, David Chase) Licensing Software Engineers (Christopher E Fulmer) RISKS 12.53 21 October 1991 Inappropriate ATM error codes (Sean Eric Fagan) Blood Donor Cards (Robert E. Van Cleef) RISKs of new E911 system (Paul Robichaux) Unusual risks of frequent flying (Rob Aitken) Review of THE GLASS COCKPIT (Robert Dorsett) Yet another journalistic cock-up (cracker activity) (Simon E Spero) Assurance of High-Integrity Software - Report (Rick Kuhn) Video stores losing videos... (Chris A. Anderson) Re: Blockbuster (Brian Boutel, Matt Crawford, Kevin Hughes, Patricia Shanahan) RISKS 12.54 22 October 1991 Oki Telephone Programming (Stuart Bell) Nintendo lottery sidetracked for now Single Point of Failure in L-1011 Intercom (Craig H. Seidel) Computer reads water meter (John Sullivan) Risks of software controlled safety switch (Diomidis Spinellis) Re: Licensing of Software Engineers (David Parnas) Law requiring bug fixes (Mark Seecof) Re: Yet another journalistic... (Amos Shapir) More ATM anecdotes (Ralph Moonen) Re: TRW misreports local taxes (Matt Bishop) Re: JSC SMS rehost (David Carlson) Avis vs. Spaf (Gene Spafford) Re: Have you tested your machine lately? (Boyd Roberts) RISKS 12.55 23 October 1991 Power outage downs New York Stock Exchange for 24 minutes (PGN) Near-sighted or far-sighted fibre-opticians? (PGN) MCI Friends & Family & anyone else with a touch-tone phone (Brian R. Krause) Risks of double standards (on PRODIGY)? (David HM Spector) Use of Prodigy on AMC Computers (Louise R. Silsby via Brinton Cooper) A note on RISKS contributions (PGN) Re: Videos and "Dumbing Down" (again) (Daniel J Yurman) Re: More ATM anecdotes (Mark Bartelt) Re: Oki Telephone Programming (Randal L. Schwartz) Re: Computer reads water meter (Lauren Weinstein, Sam Ho via John Sullivan, Lars Poulsen, Bjorn N. Freeman-Benson) Re: Have you tested your machine lately? (Neil Hunt) Re: Software Migration at the Johnson Space Center (Joe Bouchard) RISKS 12.56 25 October 1991 More O'Hare-raising experiences Swedish election results were delayed (Martin Minow) Campaign against telco info services (Mark Seecof) The computer is always right. (E. Kristiansen) 1-900 scam (Torsten Lif) RISKS of Electronic Credit Card Authorization (Derek Atkins) Australian Software Quality Management Standard (Douglas Thomson) AT&T/ATC outage revisited (Alfred H. Scholldorf via PGN) Re: Single Point of Failure in L-1011 Intercom (Brinton Cooper) Re: Law requiring bug fixes (Geoffrey H. Cooper) Re: Prodigy (Jamie Saker, Fred Gilham, Ronald Hale-Evans, Greg Brail) RISKS 12.57 28 October 1991 DSA/DSS -- Digital Signatures (Ron Rivest) Porn-Sabotage in Italian newspaper (Enrico Musio) Re: MCI Friends & Family (Allan Meers) Do floor vibrations damage disks? (Magnus Redin) Re: Software migration at Johnson Space Center (Doug Burke) A New Twist on "Speed Controlled by Radar" (Andrew C. Green) Call for Papers ESORICS-92 (Yves Deswarte) RISKS 12.58 29 October 1991 Would you put your rook and bishop out on knights like this? (PGN) Re: DSA/DSS -- Digital Signatures (James B. Shearer, Ron Rivest) FDA-HIMA Conference on Regulation of Software (Rob Horn) UCI computing survives power outage [almost] (Doug Krause) Re: Swedish election results were delayed (Lars-Henrik Eriksson) Re: Licensing of Software Developers (John Gilmore) The risks of "convenient" technology (Curtis Galloway) Free Call-Back (Lars-Henrik Eriksson) The flip side of the 1-900 scam (Andrew Koenig) RISKS 12.59 5 November 1991 New Computer Center for Soviet President [anonymous] "Computer rats on students who don't show up in class" (Steve M. Barr?) Bank tries to lose 14 billion pounds (Nigel Cole) Management Often Bungles Firing Process (Jeff Helgesen) Chaos Congress 91 (Klaus Brunnstein) Japan's barriers against IT risks (Tokyo conf.report) (Klaus Brunnstein) DES is better than anyone would have guessed! (John Sullivan) DES Watch (Richard Outerbridge) Risks of ``record'' and ``replay'' terminal capabilities (Bertrand Meyer) Re: Licensing of Software Developers (David Parnas) Re: campaign against telco info services (Dave Bakken) Re: Mathematical and scientific foundations (Leslie J. Somos) Re: UCI computing survives power outage (William Walker) RISKS 12.60 6 November 1991 Driver arrested in computer muddle: Data protection problem (paj) Computer Saboteur Pleads Guilty (Rodney Hoffman) Blaming the computer (again) (Randal L. Schwartz) YAHIR (Yet another human interface risk) (Friedrich Knauss) Certified Voting Program (Brian A Wichmann) Electronically controlled bus transmission (Mark Seecof) V-22 Tiltrotor Roll Sensors and Triple Redundancy (Mike Allard) Re: FDA-HIMA Conference on Regulation of Software (Frank Houston) RISKS of propagating legendary RISKS (Paul Karger) Software safety, formal methods, standards (Jonathan Bowen via Jim Horning) RISKS 12.61 7 November 1991 Cop Charged with Doctoring Computerized Citation Record Legal status of digital signatures (Steve Bellovin) The dangers of telco competition (Lauren Weinstein) Oven temperature regulator problem (Jane Beckman) No Power backup on Electronic Fuel Injection (Gareth Howell) Another smart card risk (34AEJ7D) UK Phone charge card risk (Graham Toal) Risks of telephones with status displays (Neil Strauss) Don't bank on computer viruses! (Gene Spafford) [WWN strikes again!] NSF researchers required to undergo security checks? (Nancy Leveson) Re: Have you tested your machine lately? (Matt Crawford, Dave W. Hamaker) Re: Blaming the computer (again) (George Malits, Paul J Karafiol) Re: A new twist on "Speed Controlled by Radar" (Clive Dawson) Re: Electronically controlled bus transmission (Adam V Reed, Jamie Mason) RISKS 12.62 12 November 1991 Leaves cause railway signal failure (Graeme Tozer) Computer controlled train is unsafer (Bob Devine) More air scares and phone moans (PGN) RISKS of infrared car door locks (Andrew Evans) Summary of responses on UK phone card risks (Graham Toal) Re: Licensing of Software Developers (Brinton Cooper, David Parnas) Searching a library database (Matthew Merzbacher) Audi Pedal Pushers (Bob Ayers [and others]) Religious bias in RISKS posts is counter-productive (Bill Gray) Re: Radar (Eric Florack) Security failure: recycled "unlisted" phone number (Steven J. Edwards) You can help build the National Public Network. (Gerard Van der Leun) Call for Papers: 5th Annual Computer Virus/Security Conference (Jack Holleran) RISKS 12.63 14 November 1991 Copy of Letter to NIST in response to proposed DSS (Martin Hellman) Antivirus software vendor creates viruses (Richard Kulawiec) I DEMAND AN APOLOGY FOR THIS LIBEL! (W. K. Gorman) RISKS 12.64 15 November 1991 MCI's Response for RISKS (Sally McCaffrey) Computer-assisted trading (Brendan Kehoe) Risks of truncation in the stock market (Frank G Kienast) gray vs gorman (Fred Gilham) ACM SIGSOFT'91: SOFTWARE FOR CRITICAL SYSTEMS (Peter G. Neumann) 5th Refinement Workshop: Theory and Practice of Formal Software Development (Cliff B Jones) RISKS 12.65 26 November 1991 Phone outages ... tied to typing mistake (Rudy Bazelmans/Jim Horning) Weather Service Circuit Failure Problems with nuclear plant safety computer in the UK (Peter Ilieve) Results of Train Accident Investigations (Jymmi C. Tseng) Bank misdeposits money (David Shepherd) Mass. Governor wants to sell list of drivers licenses [Yes and No] (Kent Quirk) CPSR FOIAs U.S. Secret Service (Craig Neidorf) The Trojan Horse named `AIDS' Banning of autodialers? (John Sullivan) A new risk for computer folks? Computers and termination policy (Mark Bartelt) E911 system brought to it's knees by a prank (Glenn S. Tenney) Study on Computer Addiction (Chris) RISKS 12.66 26 November 1991 Pentagon computers vulnerable Risks of hardcoded hexadecimal instead of symbolic constants? (Tom Blinn) Re: Leaves cause railway signal failure (Geraint Jones) Re: Termination (David Lamb, anonymous) Proposed Antivirus Certification (Klaus Brunnstein) Call for Papers: IFIP World Congress'92/Vulnerability (Klaus Brunnstein) RISKS 12.67 2 December 1991 Computer Delays costs Hospital over \pounds 300,000 (Paul Leyland) A RISK of dishonestly using a visible password (Paul Leyland) Sprint Voice Calling Card uses SS# (Lauren Weinstein) Bright AT&T billing sys? (Thomson Kuhn) `Contractor queries data security' (Matthew Farwell) Proposed traffic congestion charging system, Cambridge UK (Hugo Tyson) Mailing lists - a right royal mistake (Dave Horsfall) Re: Leaves, trains, and computers (Peter Mellor) Re: Proposed Antivirus Certification (David A. Honig) Re: Employee Termination (anonymous, Bill Murray) Re: Pentagon computers vulnerable (Brinton Cooper) Re: Risks of hardcoded hex instead of symbolic constants? (Bob Frankston, Bennet Yee, Graham Toal, Brandon S. Allbery, Paul S. Miner) RISKS 12.68 13 December 1991 Hubble Trouble: Space Telescope shuts itself down (Henry Cox) Postal worker leaves automated stamper in test configuration (Palmer Davis, Joe Brownlee) 2 Safeway preferred customers, to go! (Bear Giles) Hospital computer solicits the dead (Adam Gaffin) Computer records track killer (Robert Jenkins) Train crash in UK - is it human error? (Olivier M.J. Crepin-Leblond) TRW lawsuit settled with FTC, 19 states (Phil R. Karn) National Fingerprint Database specs (Clifford Johnson) Bill on computer usage about to become law in Ireland (Mark Humphrys) The description is right, only the language is wrong (Dan Franklin) Poll tax incompetence (Robin Fairbairns) Truth in Antiviral Advertising (Russell Aminzade) Re: Pentagon computers vulnerable (Steve Bellovin) Post-structuralism and Technology (Phil Agre) Chaos Congress 91 Program (Klaus Brunnstein) RISKS 12.69 16 December 1991 800 telephone outage due to software upgrade (PGN) Stock-listings typo: The possibilities are scary. (James Parry) More on Lauda crash and computers (Nancy Leveson) "Questioning Technology" in WHOLE EARTH REVIEW (Rodney Hoffman) Privacy of Email (James Ting Lui) More on E911 and representation (Bob Frankston) Re: Computer records track killer (Brinton Cooper) Re: The description is right, only the language is wrong (Scott E. Preece) The EFF Pioneer Awards (Gerard Van der Leun) RISKS 12.70 18 December 1991 Life, Death, and Faxes -- Convicted forger released by bogus fax (PGN) BT ordered to pay damages for keyboard injuries (Olivier M.J. Crepin-Leblond) Re: Privacy of Email (Eric Florack) Re: More on E911 and representation (Erling Kristiansen) Software safety, formal methods and standards (Jonathan Bowen) [Full text FTPable from RISKS-12.BOWEN] 2nd Conf on Computers, Freedom, and Privacy (Lance J. Hoffman) RISKS 12.71 24 December 1991 Illegal sales of confidential data (Fernando Pereira) The London Stock Exchange "Taurus" System (Brian Randell) Computer Database of Former E. German State Police (Stasi) (Sanford Sherizen) Remember, computer data is far from sacred. (Dean Pentcheff) Outgoing fax numbers and Mercury PIN security (Nick Rothwell via Werner Uhrig) RISKS 12.72 31 December 1991 [actually issued 30 December 1991] Airbus Fuel monitoring; tanks shown full when they were not (John Van Voorhis) Recent Novell Software Contains a Hidden Virus (John Markoff) Has anybody ever been spoofed on the wide network? (George Michaelson) Re: Whole Earth Review Questions Technology (Tom White) The Whole Earth is greater than the sum of its parts (Re: Jerry Mander) (PGN) RISKS 12.73 31 December 1991 [actually issued 30 December 1991] SUMMARY OF RISKS VOLUME 12, collected in RISKS-12.00 ------------------------------ End of RISKS-FORUM Digest 12.7x ************************