From: CSBVAX::CSBVAX::MRGATE::"SMTP::KL.SRI.COM::NEUMANN" 23-DEC-1988 02:31 To: MRGATE::"ARISIA::EVERHART" Subj: RISKS DIGEST 7.99 Date: Thu, 22 Dec 88 17:25:12 PST From: RISKS FORUM (Peter G. Neumann -- Coordinator) Subject: RISKS DIGEST 7.99 Sender: NEUMANN@KL.SRI.COM To: RISKS-LIST@KL.SRI.COM Message-ID: <12456574101.28.NEUMANN@KL.SRI.COM> RISKS-LIST: RISKS-FORUM Digest Thursday 22 December 1988 Volume 7 : Issue 99 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: SUMMARY OF RISKS VOLUME 7, COLLECTED IN RISKS-7.99 (1 June - 22 Dec 1988) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM) For Vol i issue j / ftp kl.sri.com / get stripe:risks-i.j ... . Summaries in (i.maxj) = (1.46),(2.57),(3.92),(4.97),(5.85),(6.95),(7.99) ---------------------------------------------------------------------- RISKS 7.1 1 Jun 88 RISKS of Evolution and Evolution of RISKS (PGN) Re: Risks of automatic test acknowledgement (Paul Traina) Computing Down Under (Willis H. Ware) Computer Tampering Case to go to Trial (Joe Morris) Software can destroy hardware (Willis Johnson and John B. Nagle via danno) Cash on the Nail, by Daedalus (Brian Randell, Jacob Oestergaard Baekke) Re: Down in the Dumps (Stan R.Z., Mark W. Eichin, Dan Klein, Dan Franklin) RISKS 7.2 2 Jun 88 Happenstance and $70 Million (Patrick A. Townson) Re: Optimisers too tacit, perhaps? (Tim McDaniel) Re: Optimisers; Telecommunications Redundancy (Michael Wagner) Major security hole in some sun systems (Pete Cottrell and Steve Miller and Jim Purtilo and Chris Torek) RISKS 7.3 3 Jun 88 OTA Report: Science, Technology, and the First Amendment (Jan Wolitzky) Disasters and computer facilities (Rodney Hoffman) Running as root; Hinsdale redundacy; Daedelus (David Herron) Optimizing PL/I (Bard Bloom) Re: Auckland cable cars (Richard A. O'Keefe) My experience with metal balloons (David J. Edgerton) Halon (Romain Kang) Virus collection (Robert Slade) RISKS 7.4 6 Jun 88 Review article on privacy/civil liberties risks in CACM (Jon Jacky) RISKS of wrong numbers and tigers (Steve Nuchia) Academic Assignment of Viruses (Bill Murray) Peter J. Denning on Terminology (Bill Kinnersley) COMPASS '88 PROGRAM (Frank Houston) Halon agreement and the ozone models (Rob Horn) RISKS 7.5 7 Jun 88 Re: Auckland cable cars (in Wellington) (Mark Davies) Perfect computers (Hugh Cartwright) Assigning viruses (Ian G Batten) Programmer sabotage (Bob Devine) First Interstate disaster planning and the L.A. fire (Jeff Lindorff) Telecommunications redundancy (Joel Kirsh) Look and Feel Copyright Issue (Karl A. Nyberg) Risks of root typos (Tim Pointing) Access to DEC VMS 5.0 technical seminar (Claude Barbe) Risks of bank ATM cards (Karl Denninger) Re: Australia Card (Greg Bond) RISKS 7.6 8 Jun 88 Buggy ATC Software (Paul Fuqua) The Challenger and visionary software architects (Kent Stork) How To Stop A War (Henry Spencer) UK Poly; another root typo (Matt Bishop) Re: The Australia Card (Amos Shapir) Re: Risks of bank ATM cards (John Pershing) ATM risks - the figures in UK (Alasdair Rawsthorne) RISKS 7.7 10 Jun 88 Accidental breach of software security (Martin Minow) "Sewage flows into river; Computer Failure Blamed" (Randal L. Schwartz) Canadian Public Service warned against SINing (John Coughlin) Betting network crash in Australia (George Michaelson) John Pershing on ATMs (David Thomasson) A typo in "UK Poly; another root typo" (Matt Bishop) Re: The Challenger and visionary software architects (Eugene Miya) COMPASS '88 CONTACT (Frank Houston) RISKS 7.8 16 Jun 88 New Jersey wants computer audit trails disabled (Joe Morris) Bunkers (C H Longmore) More on Blackhawk helicopter (Dave Horsfall) Root typos (Ken Yap) Costs/risks of impregnable telephone booths (Geoff Goodfellow) Science, Journalism, and Whistle-Blowing (HENRY SPENCER) Shrink Wrap (BILL MURRAY) Hard-disk risks from vendors (Jerry Harper) An old CTSS virus (Tom Van Vleck) RISKS 7.9 22 Jun 88 Risks of ATM manufacturers (Philip E. Agre) Risks of bank ATMs (Mary-Anne Wolf, Larry E. Kollar) Yet more on the Blackhawk helicopter Jan Wolitzky) Re: root typos (Dave Curry, nyssa) Notice to the OTA mailing list (Eric Roberts) Challenger Payoff? (Richard Outerbridge) RISKS 7.10 27 Jun 88 Four killed as Airbus crashes (Duncan Baillie) Laziness as an excuse (Matthew P Wiener) Privacy vs. Security (Larry Hunter) Re-using government databases (Amos Shapir) Root Bloopers (Doug Krause) Problems with VARs (Hal Norman) Fail-safe ATMs (Steve Philipson) Malicious Code Reports (Joseph M. Beckman) RISKS 7.11 29 Jun 88 Risks of answering machines (Dave Horsfall) Airline reservation crash (Dave Horsfall) Updates on Airbus crash (Duncan Baillie, Klaus Brunnstein, Laura Halliday) root typos (Joe Eykholt) "large-scale" disasters (Hinsdale, Ill.) (Tom Perrine) RISKS 7.12 30 Jun 88 Airbus 320 (Steve Philipson) Background on the A-320 incident (Willis Ware) Fly-By-Wire (John O. Rutemiller) Airbus 320 (H.Ludwig Hausen) $40 million Pentagon computer system failure (Rodney Hoffman) Re: Another "silent fault tolerance" example: DWIM (Tim Budd via Mark Brader) RISKS 7.13 1 Jul 88 "Scratch-and-win"? Try "X-ray-and-win"! (PGN) SDIO computers stolen (PGN) Did DWIM DWYW (Do what you wanted)? (Stephen D. Crocker) Directions and Implications of Advanced Computing - DIAC-88 (Douglas Schuler) Grocery Store Barcodes: Another game you don't win (David A. Pearlman) ATM "receipts" (Mark Brader) Re: Risks of bank ATM cards (Dan Franklin) Risks of ATMs and the people who unload them (Rob Austein) More problems with VARs (Joe Morris) Re: Hard-disk risks from vendors (George Pajari) RISKS 7.14 1 Jul 88 The Eyes Have It (unique driver's license numbers) (Woody) New UK Virus (Will Martin) Australia Card - more details (Chris Maltby) Re: The Challenger and visionary software architects (Jerry Hollombe) Academic Assignment of Viruses (John Gregor) RISKS 7.15 5 Jul 88 "The target is destroyed." (Iranian Airbus) (Hugh Miller) Clarifications on the A320 Design (Nancy Leveson) Virus aimed at EDS gets NASA instead (Dave Curry) RISKS 7.16 6 Jul 88 Air France Airbus A320 Crash Story In Aviation Week (Karl Lehenbauer) Common failure path in A320 (Lee Naish) Reply to Hugh Miller about Iran Flight 655 (Michael Mauldin) The Iranian airliner tragedy (Bob Estell) Aegis and the Iran Airbus (PGN) The "F-14" attacking the Vincennes... But the F-14 is for air defense (Jonathan Crone) It's easy to make decisions if you don't have the facts (Martin Minow) Re: A300 using F14 transponder (Bruce O'Neel) Iran Flight 655 and the Vincennes (James P. Anderson) Lockpicking (Randy D. Miller) Re: The Eyes Have It (Tracey Baker) RISK of PIN's - PNB calling card (Scott Peterson) RISKS 7.17 8 Jul 88 Politics and Risk (Gary Chapman) Iranian Airbus ([mis]quotation from the SFO Chronicle) (David Parnas) Re: Iranian Airbus and the "facts" (Sue McPherson) Threshold probability for declaring a radar blip "hostile" (Clifford Johnson) Iran Airline Incident and meaningful real-time data (Chris McDonald) A320 Airbus: Air conditioning; monitoring traffic control; F-14s (Steve Philipson) Iranian Airbus Blame? (Chaz Heritage) Re: "The target is destroyed." (Henry Spencer) An epilogue to this issue (PGN) RISKS 7.18 8 Jul 88 N-Version Programming (Jim Valerio, Nancy Leveson) Physical hazards (Henry Spencer) Accu-Scan inaccuracies (Robert Steven Glickstein) The Eyes Have It (Don Watrous, Evelyn C. Leeper) Lockpicking (Geoff Kuenning, Henry Schaffer, Lee Hounshell) Another "silent fault tolerance" example: DWIM (Mike O'Brien) ATM receipts (Joe Beckenbach) RISKS 7.19 10 Jul 88 Iranian Airbus discussion (Philip E. Agre, Tracy Tims, Hugh Miller) RISKS 7.20 11 Jul 88 "Computers may be at root of jet downing" (PGN) Iran Airbus tragedy (Chris Moss) Shooting down Flight 655 (Herb Lin) Ignoring the wolf (Andy Freeman) Air France Airbus crash (Henry Spencer) Re: Physical hazards - poorly designed switches (John Robert LoVerso) PIN on PNB calling card (Mark Mandel) Lockpicking (Henry Spencer, Robert Mathiesen, Doug Faunt, Chaz Heritage) RISKS 7.21 13 Jul 88 $54.1 million embezzlement foiled (Dave Curry) Aegis (DAve Curry) Iran Air Incident (Bob McKay) "Binary thinking" misses a lot (Bob Estell) Automatic Air Traffic Control (Eldred) Aviation units of measure (Joe Morris) Mouse trap (James H. Coombs) Threshold probability for declaring a radar blip "hostile" (Mike Wellman, Clifford Johnson) RISKS 7.22 14 Jul 88 A-320 Airbus Crash Inquiry (Brian Randell) User interface problem in the Aegis system? (Kee Hinckley) Radar cross sections, Flt. 655, and F-14s (Eugene Miya) GM Blames Computer for Smelly Vans (PGN) Lockpicking at Los Alamos (Gary McClelland) Supposedly-unique id. no. from non-unique personal characteristics (Larry Margolis) NJ Driver's license number coding (Scott Robbins) Colwich Junction, England, 1986 (Mark Brader) Shades of Fantasy in Real-Life -- group games (acwf?) IQ measurement by machine? (Mark Brader) Aviation units (Richard S. D'Ippolito) RISKS and PGN Saturation! (PGN) RISKS 7.23 16 Jul 88 Policy Chief Indicted in Computer Misuse (Owen Blevins) Data for Iran airliner discussion (Dave Fiske) Re: Data "viruses" (Peter J. Denning, PGN) Invitation to visit Disaster Research Center (DRC) Passwords on networked systems (Steve Oualline) Other ways to manage risks (Dave Fiske) Colwich Junction, England, 1986 (Blair P. Houghton) Oops -- risks of writing -- SI prefixes (Richard S D'Ippolito) RISKS 7.24 18 Jul 88 The IRS Illinois Experiment (Patrick A. Townson) Aegis testing data withheld from Congress (Gary Chapman) "Man in the loop" (Rodney Hoffman) Aegis (Charles Daffinger) Lightning strikes... (again?) (Don Mac Phee) RISKS 7.25 20 Jul 88 Possible reason for unexpected Audi 100 acceleration (Lars Lindwall) Bell blames computer error as $4 calls are billed for $400 (David Sherman) Programming BART (Bay Area Rapid Transit) (Eugene Miya) Re: The IRS Illinois Experiment (Michael L. McLean, Lars J Poulsen) Error rates in barcode data (John Colville) PIN on PNB calling card (Nathan K. Meyers) Re: Risks of bank ATM cards (George H. Feil) RISKS 7.26 24 Jul 88 Misuse of the UK Data Protection Act (Brian Randell) Risks of not running new software in parallel with old (Jon Reeves) Computer Error causes bills to be mailed to wrong address (Todd Medlin) Penetrating the Phone System (John Markoff via Geoff Goodfellow) Electronic IQ Testing (Stephen Colwill) Re: IRS and Electronic Filing (Bill Bohrer) Re: The IRS Illinois Experiment (Henry Spencer) Re: "Man in the loop" (Will Martin) RISKS 7.27 25 Jul 88 A Fishy Story (John Colville) Inconsistent Data Taxes Vancouver Woman (Don Chiasson) Computer Viruses and RETROVIRUSES (Peter J. Denning) Hacking central office switches - too easy? (John T. Powers Jr.) "Man in the Loop" (Bill Murray) AEGIS (Herb Lin) Journal of Computing and Society (Gary Chapman) Barcodes (Jerome H. Saltzer) The IRS Illinois Experiment (Lenoil) "Scratch-and-win"? Try "X-ray-and-win"! (Fred Baube) PIN on PNB calling card (Mark Mandel) RISKS 7.28 26 Jul 88 Pentagon testing (Mike Trout) Re: "Man in the Loop" (Rodney Hoffman) NOVA on risks of fighter technology (Dave Curry) Re: Hacking central office switches (Laura Halliday) Law student sues micro sysop under ECPA (John Gilmore) Scanning instant-win lottery cards (Rich Kulawiec) Wanted: Info on Ergonometrics (Emily S. Bryant for Michael Whitman) RISKS 7.29 27 Jul 88 Comparison of hazards (Henry Spencer) NASTRAN and the order-of-magnitude bug (David E. Bakken, via Mark Brader) "Person In The Loop" (Clifford Johnson) "Person In The Loop" -- A BarCode example (David A. Honig) Security vs. Cost of Breakin (David A. Honig) Hacking central office switches - too easy? (Skip Montanaro) Re: PIN on PNB calling card (Roy Smith) Re: IRS Illinois Experiment (Allan Pratt) RISKS 7.30 29 Jul 88 NASTRAN and ship steel (Lindsay F. Marshall) Is vibration a known A300 problem? (Eric Roskos) Business Week article on computer security (Woody Weaver) Computers can increase privacy, too! (Robert Weiss) Viruses - a medical view (John Pettitt) Apple viruses -- don't go through the ZLINK (Practor Fime, Dr. Logic, The Byter -- via Greg Prevost via Eric Haines) On IRS direct computer access (Steven C. Den Beste) Re: doing away with privileged users (Alan Silverstein) RISKS 7.31 8 Aug 88 Software failures cost Britain $900M per year, study claims (Jon Jacky) Lightning strikes (twice) (PGN) Computer failure delays flights at Logan Airport (PGN) A320 & A300 safety, risks of so-called experts (Michael Pilling) RISKS of Electronic Cash-registers (Robin Kirkham) Computer terminals and dermatology (richard welty) Computer System Vulnerabilities (Rodney Hoffman) Disaster Exposition (Cliff Stoll) RISKS 7.32 9 Aug 88 Privacy in computer age (no place to hide) (Sayed Banawan) Follow-up to legal hypothetical (CEReuben) Preliminary A320 Inquiry Results (Martin Harriman) Computer terminals and dermatology (Steve Philipson) RISKS 7.33 10 Aug 88 Cascaded Inference and the Vincennes affair (CFEEHRER) "Virus" Bill (Joseph M. Beckman) More RISKy ATM's (Dave Horsfall) Keeping Autos and Drivers in Suspense (Joseph M. Beckman) Airbus Cockpit Alarms (Fred Baube) A-320 investigation (Steve Philipson) Federal charges brought against accused teen-age hacker (Mike Linnig) Orbit 100,000 self-guided "brilliant" weapons, Reagan advised (Jon Jacky) RISKS 7.34 12 Aug 88 "Eye focusing found to be VDT hazard." (Denis Haskin) Privacy (Again) (Willis Ware) "Virus" Bill (Jerome H. Saltzer, Steven C. Den Beste, Steve Kovner) A Visit To the Clinic (Brian Ellis) Aegis beaten by binoculars? (Trusting computers and/or people?) (Andy Coupland via Martyn Thomas) Airbus (George Michaelson) SDI rationalizations (Steve Summit) Re: Misidentification of persons as criminal by computers (Haynes) RISKS 7.35 15 Aug 88 Re: Privacy (difficulty of witholding "private" information) (Jon Jacky) Re: Keeping Autos and Drivers in Suspense (Win Treese) Re: Cascaded inference (G.L.Sicherman) Re: "Eye focusing found to be VDT hazard." (Brint Cooper, Anthony G. Atkielski, Jeremy Grodberg) Can current CAD/simulation methods handle long-term fatigue analysis? (John R. Galloway) ATMs and PIN protection: twice silly victims in Boulder (Gary McClelland) Re: Orbit 100,000 self-guided "brilliant" weapons ... (Amos Shapir) RISKS 7.36 17 Aug 88 Package-deal arguments about VDT's (Philip E. Agre) Blue Cube new software problems (Randy Neff) Zero-balance dunning letter (Jerome H. Saltzer) Chicago Disaster Conference (Lee S. Ridgway) Car Electronics sensitive for atmospheric interference (Martin Minow) 1 in 10 NATO software modules reported incorrect (Jon Jacky) Mathematical Error Puts Deficit off by $1.2 billion (PGN) RISKS 7.37 19 Aug 88 Virus insurance (Rodney Hoffman) Blind faith in overly electronic locks (Leonard N. Foner) Fewer Charges Now Require a Signature (Kian-Tat Lim) Re: Danger of Sensitive Car Electronics (Hugh Davies) RISKS 7.38 22 Aug 88 British vs American safety rules (Henry Spencer) Another boundary case bug (Tom Lane) Retired couple jolted by $5 million electric bill (David Sherman) Hotel could get soaked in lawsuit? (Don Chiasson) RISKS contributions (PGN) Risks of CAD programs (Alan Kaminsky) Can current CAD/simulation methods handle long-term fatigue analysis? (Henry Spencer) Vincennes and Cascaded Inference (Carl Feehrer) RISKS 7.39 24 Aug 88 Computers and Gambling (George Michaelson) Car engines become target for hackers (George Michaelson) Vincennes and Non-Computer Verification (David Collier-Brown) Shades of War Games (Doug Mosher) Emissions testing risk (Levy) Re: British vs. American safety rules (Jon Jacky) Re: Structural analysis programs (Stephen D. Crocker) Re: Danger of Sensitive Car Electronics (Will Martin) RISKS 7.40 25 Aug 88 Car engines become target for hackers (Jerome H. Saltzer) Re: IL car emissions testing process and enforcement errors (Will Martin) Re: Danger of Sensitive Car Electronics (Henry Schaffer) Automobile computer modifications (George Tomasevich) Statistical reliability estimation criticized (Jon Jacky) Can current CAD/simulation methods handle long-term fatigue analysis? (Gerry Kokodyniak) Boundary Cases (James Peterson, John Bruner) Mother's maiden name == arbitrary password (Walter Smith) Risks of EFT agreements (Doug Claar) Chile con backbones (Joe McMahon via Martin Minow from VIRUS-L) An item by Mark Garvin on SoftGuard and the Trojan horse "SUG" (from VIRUS-L) RISKS 7.41 31 Aug 88 The Marconi Deaths (Brian Randell) $300,000 Automatic Teller Theft (Sort Of) (Henry Cox) Car engines become target for hackers (Jeffrey Mogul) Blinker failure in 87 Ford Mustang (Tim Thomas) Risks of locking systems (Andrew Birner) Electronic 1040s (Rodney Hoffman) Water seepage stops Computer controlled monorail (George Michaelson) Re: Fewer Charges Now Require a Signature (David Sherman) Continental Bank Drops Retail Accounts (Patrick A. Townson) RISKS 7.42 1 Sep 88 "Pizzamation" traces phone calls, matches addresses (Jon Jacky) Skylab and Sunspot Activity (PGN) Denial of Service in Wembley-on-the-Motown (Behrooz Parhami) Re: Calculations with wrapped numbers (Mike Linnig) Meter reading follies (Chris Jones) Re: abnormal bills (Ted Lee) Risks of CAD programs (Mike A. Gigante) Re: Risks of CAD programs (Sam Crowley) Can current CAD/simulation methods handle long-term fatigue analysis? (Henry Spencer) Re: Vincennes and Non-Computer Verification (Henry Spencer) Re: Computers and Gambling (Jim Frost) Automatic Bank Procedures (David A. Honig) RISKS 7.43 2 Sep 88 Statistical reliability estimation criticized (Brian Randell) Calling party identification (Mark W. Eichin, TMPLee, anonymous) Automotive EMI - a personal experience (Scott C. Crumpton) The mental tyranny of a cash register (Steven C. Den Beste) Intoximeter risks (Andrew Vaught) SSNs, Passports (Chris Hibbert) RISKS 7.44 5 Sep 88 Re: "Pizzamation" and Call Tracing (Bob N. Mayo, Edwin Wiles, Patrick A. Townson) COMPASS REPORT in RISKS 7.40 (Bev Littlewood via Brian Randell) Statistical reliability estimation (Lance J. Hoffman) Re: Calculations with wrapped numbers (Bruce Karsh) RISKS 7.45 7 Sep 88 Cheater software (Rodney Hoffman) Re: COMPASS REPORT (Nancy Leveson) Re: Risks Digest 7.44 (Jerome H. Saltzer) Display of telephone numbers (Bruce O'Neel) Telephones and privacy (C.H. Longmore) Gambling with video arcade machines (Mike Blackwell) Video Games (Ed Nilges) Wembley-on-the-Motown (Jeffrey R. Kell) RISKS 7.46 7 Sep 88 Airbus vs U.K. MOD development standards (Lorenzo Strigini) Vincennes: Rules of engagement violated by AI heuristic? (Clifford Johnson) Re: Statistical reliability estimation and "certification" (Jon Jacky) A Computer Virus Case Goes to Trial (Joe Morris) Computers and guns (Gary Sanders) Automatic Call Tracing and 911 Emergency Numbers (Gary McClelland) Automatic Number ID: Bad Idea! (Andrew Klossner) RISKS 7.47 8 Sep 88 COMPASS report in RISKS 7.40 (Jean-Claude Laprie, Nancy Leveson) Calling number delivery (ANI) (John (J.) McHarry) More on Automatic Call Tracing and 911 Emergency Numbers (Robin j. Herbison, Al Stangenberger Another ANI scam (Brent Laminack) RISKS 7.48 9 Sep 88 COMPASS 88 (Bev Littlewood) Safety Engineering (WHMurray) Technical naivete revealed by responses to VINCENNES incident (Jon Jacky) Vincennes: Rules of engagement violated by AI heuristic? (Clifford Johnson) ANI Response (Patrick A. Townson) Proposed ANI Enhancement (Rob Boudrie) ANI blocking defeats purpose (Bob Philhower) Credit Card Loss Woes (Clay Jackson) RISKS 7.49 11 Sep 88 Firmware bugs in Dutch gambling machines (P. Knoppers) Soviets See Little Hope of Controlling Spacecraft (Gary Kremen) Disinterest in disaster not based on probability estimates (Clifford Johnson) What a Ticonderoga Combat System "records" (John Allred) High-tech toilets (Robert Dorsett) ANI/911 Misconceptions (Dave Robbins) Re: Display of telephone numbers on receiving party's phone (Henry Spencer) Social content of computer games (Eric Postpischil, Henry Spencer) "Viruses Don't Exist" and the Marconi Mysteries... (Mark Moore) RISKS 7.50 12 Sep 88 Computer glitch costs AA $50M ..." (Ken Calvert) Risks of Motel Computers (Brint Cooper) IFF and the Vincennes (Geoff. Lane.) "Single keystroke" (Philip E. Agre) `Credit doctors' (Donn Seeley) Scientific Safety (WHMurray) Bev Littlewood's message in RISKS-7.48 (PGN) Calculations with Wrapped Numbers (Mark Brader, Bennet Yee, Jan Wolitzky, Roger Goun) RISKS 7.51 13 Sep 88 Single Character Errors (Geoff. Lane) Soviet Mars Probe and single character errors (PGN) Stanford Collider Shut Down (PGN) Destructive remote controls (Jim Williams) Re: computer follies (Michael Greim via Mark Brader) IFF and the Vincennes (Dennis Brantly) Re: Disinterest in disaster not based on probability estimates (Amos Shapir) ``MS-DOS "virus" programs do not exist.'' (David Dyer-Bennet) Hiding payoff slot (Peter da Silva) Citation for "car engines become target for hackers" (karl) RISKS 7.52 14 Sep 88 Tom Wicker column on computers, Vincennes and SDI (Gary Chapman) Computer error in vote tallying (Gary Chapman) Risks of Using Computers in Elections (PGN) Soviet Space Probe (Dave Feldmeier) Re: "Single keystroke" (Matthew P Wiener) London Underground problem (Lindsay F. Marshall) Re: Destructive Remote Controls (William Curtiss) An ANI Compromise (Mike Linnig) +++ RISKS Guidelines revisited +++ [<<>>] RISKS 7.53 15 Sep 88 Hurricane Gilbert (Richard A. Schafer via Matthew P Wiener) Phobos I details (Dave Fiske, Jack Goldberg) Computers and Elections (Lance J. Hoffman) The First "Virus" on Japanese PC (Yoshio Oyanagi) Another one-key mishap (Larry Nathanson) Re: "Single keystroke" (Warren R. Carithers, Paul Dubuc) More computer follies -- how not to design a console (Seth Gordon) GNU Emacs & Security (A.Gaynor via Eliot Lear and Geoff Goodfellow) Complex phones (Dave Fetrow) ISDN/ANI - What one switch vendor told me (Allen L. Chesley) RISKS 7.54 16 Sep 88 CerGro voice mail hacked (John Sheneman) Re: Computer error in vote tallying (Andy Frake) IEEE approval voting (Don Chiasson) Reminder -- ROM is not necessarily nonalterable (Andrew Klossner) Colwich Junction (Mark Brader) Smoke Inhalation on Amtrak's "Crescent" (Mike Trout) Computer assigned hotel rooms (Bruce Wampler) RISKS 7.55 17 Sep 88 The Ethics of Conflict Simulation (Mike Trout) Re: Social content of video games (Tim Wood) Re: Credit Doctors (Dave Robbins) Virus in ROM on commodore 64 (Jurjen N.E. Bos) Re: Destructive remote controls (Henry Spencer, Jurjen N.E. Bos) Another one-key mishap (Russ Nelson) Call for Papers, Invitational Workshop on Data Integrity (Zella Ruthberg) RISKS 7.56 21 Sep 88 Runaway mouse problem in popular commercial WP program (Jon Jacky) Wrapping Britain round the Greenwich meridian (Jack Campin) Crime and (indifferent) Punishment (Glen Matthews) Software Mixup on Soyuz Spacecraft (Karl Lehenbauer) RISKS of (Suspected) Crooks Running Dinosaur-DOS (Fred Baube) Multiple reservations and single bills (Jacob Hugart via Markus Stumptner) Complete info on the Phobos 1 (Kaj Wiik via Ritchey Ruff) `Computer programmer convicted of creating "virus"' (Mike Linnig) RISKS 7.57 24 Sep 88 Faulty locks delay prison opening (Henry Cox) In the future, risks of purchasing handguns (Alan Kaminsky) Olympian RISKS (Henry Cox) [Another Willamette] Sewage Spill Linked to Computer (Nike Horton) Keep backups, risk job (James F. Carter) Computer failure shuts down several thousand telephones (Vince Manis) LA Times photo of humorous credit card maybe not so funny (Michael Coleman) Risks of Cellular Phones? (Chuck Weinstock) Auto Computer Risks (Chuck Weinstock) Volvo's and Electromagnetic Interference (Bill Welch) Scientific Safety (B.Littlewood) Computer Defaults (The Mental Tyrrany of Cash Registers) (Stephen Rickaby) RISKS 7.58 26 Sep 88 Computers in local govt - a burning issue? (Dave Horsfall) North Cornwall water supply polluted (Paul Mansbacher via Willie Smith) Re: Risks of cellular telephones (Alan Kaminsky, John Gilmore) Other voice mailbox risks reported (Bahn) Auto Computers vs. radios (Steve Jay) State Records via Computer (William Curtiss) Damage by Disney 3-D glasses (Andrew Klossner) Re: more on killer remote controlls (Greeny) RISKS 7.59 29 Sep 88 Arthur Miller, Assault on Privacy: Computers, Data Banks and Dossiers (Barry C. Nelson) EPROM is not necessarily programmed for life (Mike Linnig) The Wobbly Goblin (a.k.a. Stealth fighter) (Alan Kaminsky) Re: Stanford Collider Shut Down (Matthew P Wiener) Re: Is Uncle Sam selling your name to mailing lists? (Greg Pflaum via Mark Brader) CPSR 1988 Annual Meeting (Gary Chapman) RISKS 7.60 3 Oct 88 Diving Computers (Brian Randell) The Perils of PCs in Public (Dave Horsfall) A New Portal for the Offensive -- FAX ATTACKS (Scott Rose) Is Uncle Sam selling your name? -- Maybe not. (Mark Brader) Re: Is UMASS selling your name to mailing lists? (Andrew Klossner) Write your credit card number on a business reply card? (David Sherman) Killer terminals (Michael Fischbein, Bill Witts, both via Mark Brader from comp.misc) This train didn't need a fireman (earl via Chuck Weinstock) RISKS 7.61 5 Oct 88 Program Verification: The very idea (Brian Randell) RISKS of EPROMS (Daniel Klein) Poor user interface -- police system (rpg) Cash registers and tax (J Eric Townsend) Re: Cash registers (PGN) Fly-by-wire, absence thereof [MiG-29] (Henry Spencer) Re: A New Portal For The Offensive -- FAX ATTACKS (Greeny) Re: Is Uncle Sam selling your name to mailing lists? (Matthew Huntbach) More on monitoring Cellular Phones (Mike Linnig) RISKS 7.62 7 Oct 88 Re: Assault on Privacy (Anthony G. Atkielski) Interesting article in PCW (Hugh Davies) Bridge over troubled pseudo-random generation (PGN) Reach Out and Touch Someone... for $650,000 (Henry Cox) Computer Security and Voice Mail ... $150,000 (Davis) Re: Risks of Cellular Phones (Wes Plouff) Self-correcting (obliterating?) time (Jeffrey R Kell) Risks in ATMs, Parking, Power outages (Steve Philipson) RISKS 7.63 10 Oct 88 Re: Killer terminals (Steve Wilson) Can't Happen and Antilock Braking Systems (Marcus Barrow and Robert Allen, via Mark Brader) ATM's credit check (Amos Shapir) Dive Computers (Terry S. Arnold, Henry Spencer) Emergency Access to Unlisted Telephone Numbers (Dave Wortman) Re: Risks of Cellular Phones (Wes Plouff, Peter Robinson, Walter Doerr) Computers, Copyright Law, and the Honor System (a talk) (Mark Mandel) RISKS 7.64 13 Oct 88 100 digit primes no longer safe in crypto (Dave Curry) Risks of computer controlled doors (Piet van Oostrum) NSFnet Backbone Shot (Gene Spafford) Intersection of ANI and Voice Mail Risks (Gary McClelland) New Feynman book (Eugene Miya) High `Rev'ing Volvo (Hartel) Stevie Wonder gives an Ear-itating Performance (Marshall Jose, PGN) OMB "Blacklist"? (Hugh Miller) Re: Ethics of Conflict Simulation (Scott Wilde) RISKS 7.65 15 Oct 88 Vendor introduces "safe" Ada subset (Jonathan Jacky) Re: ethics of conflict simulation (Sean Malloy) Re: Assault on Privacy (Ronni Rosenberg) Software warranties and Trade Practices in Australia (B L Coombs annoted by "cbp", via Lee Naish) RISKS of EPROMS (George Sukenick) RISKS 7.66 20 Oct 88 British computer calls Northern Ireland a "Region Unknown" (John Murray) "Brain" virus shows up in Hong Kong (Dave Horsfall) A Credit Card Fraud (Brian Randell) Nausea-inducing propellor (Mike Trout) Re: Ear-itating performance (Jan Wolitzky, Ken Johnson) RISKS 7.67 25 Oct 88 Unplugged Cable Plugs Orlando Traffic (Scot E Wilcoxon) Airbus A320 in service (Henry Spencer) Computer Literacy (Ronni Rosenberg) Belgian PM's email tapped (Rodney Hoffman) Police find hacker...and release him (Henry Cox) Aegis user interface changes planned (Jon Jacky) Programmable Hotel Locks (Allen J. Baum via John Rushby) Nausea-inducing frequencies (David Chase) Risks in Foundations of Numerical Analysis (John Cherniavsky) Takeoff warning systems to be tested (Henry Cox) RISKS 7.68 31 Oct 88 Conspiracy to Defraud (Martyn Thomas) `Runaway' Computer Projects (Rodney Hoffman) Perceived risk (James F. Carter) "TCA pushes for privacy on corporate networks" (Jerry Leichter) Risks in Answering Machines (Andy Glew) Ear-itation (Ed Ravin) RISKS 7.69 3 Nov 88 Virus on the Arpanet - Milnet (Cliff Stoll) More on the virus (Gene Spafford, PGN, Matt Bishop) A320 update (Robert Dorset via Steve Philipson) Re: Conspiracy to Defraud (Dan Franklin) Re: Telephone answering machines (Vince Manis) RISKS 7.70 3 Nov 88 Updated worm report (Gene Spafford) A worm "condom" (Gene Spafford) A cure!!!!! (Gene Spafford) Computer Network Disrupted by `Virus' (John Markoff via Geoff Goodfellow) "Annals of Democracy -- Counting Votes" in the New Yorker (Daniel B Dobkin) Comments on the New Yorker article (PGN) RISKS 7.71 6 Nov 88 Send us your Arpanet Virus War Stories (Cliff Stoll) Suspect in Virus Case (Brian M. Clapper) Internet Virus (Mark W. Eichin) RISKS of getting opinions from semi-biased sources (Brad Templeton, PGN) Worm/virus mutations (David A. Honig, PGN) Worm sending messages to ernie.berkeley.edu? (Jacob Gore) Re: "UNIX" Worm/virus (Peter da Silva) Comments on vote counting ("Bill Stewart and/or Shelley Rosenbaum") Re: A320 update (Henry Spencer) RISKS 7.72 8 Nov 88 The Worm/Virus -- and an Unlearned Lesson (PGN) Airline Reservation System Vulnerabilities (Rodney Hoffman) Computers in the oldest profession (Dave Horsfall) Auto Privacy (Dave Robinson) Computer science unencumbered by fears about cutting safety margins (Jeffrey Mogul) Re: Risks in Answering Machines (revisited) (Amos Shapir, Gordon Meyer, Bob Felderman, Greeny, William Curtiss) Re: CRT noise (Ed Ravin, Geoffrey Welsh) RISKS 7.73 9 Nov 88 The Computer Jam -- How it came about (John Markoff via Geoff Goodfellow) Single-bit error transmogrifications (Robert D. Houk) New news from Hacker attack on Philips France, 1987 (Klaus Brunnstein) Re: Telephone answering machines (William Curtiss) Fly by Light (Martyn Thomas) WORM/VIRUS DICUSSION: Decompiled viruses (Dave Pare) Worms/viruses/moles/etc. and the risk of nuclear war (Clifford Johnson) The Worm (Vince Manis) RISKS 7.74 10 Nov 88 Air traffic control and safety margins (Steve Philipson) UK vehicle-identification systems (Chaz Heritage) Re: The Computer Jam -- How it came about (Mark W. Eichin) The worm and the debug option (Steven Bellovin) Risks of unchecked input in C programs (Geoff Collyer) Worms/viruses/moles/etc. and the risks (Scott E. Preece) Nonsecure passwords/computer ethics (Christine Piatko, PGN) Phone-answerer/ voicemail security & voice-encryption (David A. Honig) University computing (James A. Schweitzer) RISKS 7.75 11 Nov 88 Re: Risks of unchecked input in C programs (Bob Frankston) NY Computer Laws and the Internet Worm (Dave Bozak) Ethics (Stan Stahl, Christine Piatko) Comments sought on proposed computer ethics course (Bob Barger) UK vehicle-identification systems (Douglas Jones) UK vehicle-id systems... Big Brother's new eyes? (Mike Hadjimichael) Re: Phone-answerer/ voicemail security & voice-encryption (Jonathan Kamens) Re: Ultrasonic emissions a real problem (Travis Lee Winfrey) RISKS 7.76 12 Nov 88 Computer Literacy #2 (Ronni Rosenberg) A Report on the Internet Worm (Bob Page in VIRUS-L) NSA attempts to restrict virus information (Jon Jacky) Who is responsible for the sendmail fiasco? (Bob Frankston) RISKS 7.77 14 Nov 88 WORM/VIRUS: UNIX InSecurity (beyond the Virus-Worm) (Klaus Brunnstein) Unauthorized Access (Dennis G. Rears) re: NY Computer Laws and the Internet Worm (Forrest Colliver) Re: NSA attempts to restrict virus information (Steven Bellovin) Risks of unchecked input in C programs (Bill Stewart, Bob Frankston) Worms & Ethics (Don Wegeng) One count, or multiple counts? (Richard Wiggins) The RISKS of jargon (Dave Horsfall) OTHER CONTRIBUTIONS: University of Surrey Hacker (Brian Randell) Re: UK vehicle-identification systems (Steven C. Den Beste, Franklin Davis) RISKS 7.78 15 Nov 88 Computers in Elections (PGN) Risks in econometric models (Ross Miller) Report on SAFECOMP '88 [long] (Tim Shimeall) RISKS 7.79 16 Nov 88 Vote Count Error(Kenneth R Jongsma) Computer Ethics Class (Leslie Chalmers) Teaching "Ethics" (Eric Roskos) Re: NSA attempts to restrict virus information (Theodore Ts) The FBI Wants You (if you were virus-ized) (Tom Zmudzinski via Dave Curry) Access and authorization (Joe Morris) Laws of computer evidence (Barry C. Nelson) Call for comments on uniformity legislation for software (Conleth S. O'Connell via Alan Kaminsky) RISKS 7.80 18 Nov 88 Computer glitch causes Fresno `flood' (Ira Greenberg via PGN) Election Computing (PGN) Re: Vote Count Error (Brint Cooper) Casiers numeriques! (Digital lockers!) (Marc Vilain) Re: Toll Road information collection (David Phillip Oster) Risks of non-technologists' reactions to technological failures (Fred McCall on Al Fasoldt) RISKS 7.81 21 Nov 88 Computerized voting problems in Toronto (Amit Parghi) NH State Republican Convention Computerized Voting Standard (Kurt Hyde) Ethics (Hugh Miller) Re: Teaching "Ethics" (Brint Cooper) Decompiled Source (Phil Karn) Re: Risks of unchecked input in C programs (Henry Spencer) Smart Roads (Robert Brooks) IFF & UK Toll Roads (Nigel Roberts) Re: "Electronic number plates" (Allan Pratt) Re: UK vehicle-identification systems (John Haller) RISKS 7.82 23 Nov 88 Troubles with automatic vote counting in Toronto (Mark Brader) Risks of remote registration (anonymous) The risks of using CACM inserts (Eric Hughes) Computer Breakin article [San Antonio] (Maj. Doug Hardie) Ethics and Software (Brian Kahin via Ezra Zubrow and Bruce O'Neel) Teaching Children Ethics (Homer W. Smith) Re: toll road speed checking (Brent Laminack) Privacy vs UK vehicle-identification systems (Andrew Klossner) RightTouch service (Scott C. Crumpton) Cordless Telephones (Walker) RISKS 7.83 28 Nov 88 19:17:04 PST Tech Report on the Internet Worm (Gene Spafford, PGN) Congress plans hearings on the Internet Worm (Jon Jacky) Computer Literacy #3 (Ronni Rosenberg) More on misuses of computers (PGN) Chain letters = next net disaster ? (Ira Baxter) Computerized Parking Meters (James Peterson) Data verification (Rob Gross) RISKS 7.84 29 Nov 88 "Program Verification: The Very Idea", by J.H. Fetzer (Nancy Leveson et al.) Internet Worm Tech Report (Gene Spafford) [Risks of Offering Popular Reports] Purchasers of computer systems as causes of the Internet worm (Brandon S. Allbery) Bank of America ATMs Hit a Glitch (PGN) Corps of Software Engineers? (Henry Spencer) Software Uniformity Legislation (Colin M Thomson) Zapping shoplifters in Minnesota (Scot E Wilcoxon) (Counter-)corrective control systems (Jeffrey R Kell) RISKS 7.85 1 Dec 88 Security Pacific Automated Teller Theft (PGN and Stan Stahl) Re: Corps of Software Engineers? (Dave Parnas) Telecommunications, Data Entry and Worker Exploitation (Larry Hunter) Milnet Isolation (John Markoff via Geoff Goodfellow) RISKS 7.86 3 Dec 88 Mix-up Impedes Romance (Kevyn Collins-Thompson) California Lotto computer crash (Rodney Hoffman) Telecommunications, Data Entry, ... - and "Security" (Henry Schaffer) Re: Toll Road information collection (Dave Nedde) Manufacturers' responsibilities for security (Keith Hanlan) Computer Malpractice (David J. Farber) Interesting Sidebar on worm and liability (Charles J. Wertz) Unfortunate Use of Term "cracker" (T. Andrews) Re: "crackers" and "Crackers", " 'jackers", and "snackers" (PGN) RISKS 7.87 5 Dec 88 Value for money? (Jerry Harper) Corps of Software Engineers (Gary Chapman) DEC Enet and "denial of service" attacks (Willie Smith) Re: Nonsecure passwords/computer ethics ( /dev/*mem and superuser ) (Paul E. McKenney, Kendall Collett, PGN) "Hackers," "crackers," "snackers," and ethics (Frank Maginnis, PGN, FM, Darrell Long, Alex Colvin) Computer Risks Revisited (John Markoff) RISKS 7.88 6 Dec 88 Summary of Software Uniformity Legislation issue (Conleth OConnell) Exploiting workers (Dale Worley) Re: Automated teller theft (Dr Robert Frederking) Speeding detectors (Dave Horsfall) Report of hardware "virus" on chips (Gary Chapman) Re: Corps of Software Engineers? (Richard Rosenthal) Vendor Liability, and "Plain Vanilla" configurations (Bob Estell) Talk by Tom Blake on Computer Fraud (Mark Mandel) Defining "hackers and crackers" (Gordon Meyer) RISKS OF GREATER GARBLE (somewhere in netland) RISKS 7.89 6 Dec 88 Computer Literacy #4 (Ronni Rosenberg) Privacy versus honesty/equality (Jerry Carlin) Computerized speeding tickets? (Clifford Johnson) Subways that "know" who's on board (Marc J Balcer) Automatic toll systems -- Dallas (Andrew R. MacBride) "Hackers", "crackers", "snackers", and ethics ("Maj. Doug Hardie") `hacker' is already a dictionary entry (Joe Morris, Douglas Jones) Re: /dev/*mem and superuser (Jeff Makey) RISKS 7.90 8 Dec 88 "Glass cockpit" syndrome / Vincennes (Rodney Hoffman) VDTs and premature loss of ability to focus eyes (Rodney Hoffman) NEW YORK TIMES reviews novel about computer sabotage (Jon Jacky) "hacker" et al. (RAMontante, Russ Nelson, Douglas Monk, Andrew Klossner, Kenneth Siani, Don Mac Phee) Unquestioning belief in expert testimony (Matt Bishop) RISKS 7.91 11 Dec 88 More on Proper British Programs (Nancy Leveson) Re: Vendor Liability, and "Plain Vanilla" configurations (Jay Elinsky) Manufacturers' Responsibilities for Security (Lynn R Grant) Hacker enters U.S. lab's computers (George Wood via Werner Uhrig) Computer Virus Eradication Act of 1988 (Don Alvarez, from VIRUS-L) They did it: Speed-Thru Tollbooths (Robert Steven Glickstein) Re: Toll Road information collection (Brint Cooper, Scott E. Preece, John Sullivan) Re: Subways that "know" who's on board (Chris Hibbert) RISKS 7.92 12 Dec 88 Glass cockpits (Randall Davis) "Proper British Programs" (Steve Philipson) Information available for a price (Curtis Keller and Bruce O'Neel) Toll Road information collection (Steve Philipson) Big Bother and Computer Risks (Dennis L. Mumaugh) Re: Computer Virus Eradication Act of 1988 (Jonathan Sweedler, Vince Manis) Re: Vendor Liability and "Plain Vanilla" configurations (Andy Goldstein) Re: "Hackers", "crackers", "snackers", and ethics (Andy Goldstein) Hackers (Shatter) RISKS 7.93 13 Dec 88 Overrides of train controls in Japan (Jeff Schriebman) Re: Vincennes and over-reliance on automation (Victor Riley) Fake ATMs (Rick Adams) `Trapdoor' -- War by Computer Virus (Rodney Hoffman) Re: "Hackers", "crackers", "snackers", and ethics (Douglas Jones) Hacking the etymology (Nigel Roberts) Re: design intent of worm (Rich Thomson) It's NOT a computer! (Martin Minow) There's no excuse (Aaron Harber via Martin Minow) RISKS 7.94 15 Dec 88 Vincennes: conclusively, a computer-related error (Clifford Johnson) Ethics (Dennis G. Rears) "It's already in the computer" (David Sherman) RISKS of Tightening Security (F.Baube) RISKS 7.95 16 Dec 88 Armed with a keyboard and considered dangerous (Rodney Hoffman) Value for money? (Part 2) (Jerry Harper) USAF software contractors score poorly (Henry Spencer) Reasoning about software (Nancy Leveson) Hacking the etymology (Nigel Roberts) [Shattering revelations] (Shatter) RISKS 7.96 20 Dec 88 Soviets Claim Computer-Virus Shield (PGN) UNICEF Belated Greetings (David Andrew Segal and Chris Koenigsberg) Computer Ethics or just Ethics (David Clayton) Those Who Do Not Learn From History (F. Baube) Re: Armed with a keyboard and considered dangerous (F. Baube) Re: Computer Virus Eradication Act of 1988 (David Keegel) Manslaughter caused by computer error (Herman J. Woltring) New EMI Shielding Material (Earl Boebert) RISKS 7.97 21 Dec 88 Software Safety report in UK (Jane Hesketh via Philip Wadler) Over-reliance on a single source of data (Cory Kempf) Computers vs Scandanavian Design (Bob Frankston) Supercomputer used to "solve" math problem (Henry Cox) Re: Armed with a keyboard and considered dangerous (Dan Franklin) Another article on the dangerous keyboard artist (Jerry Leichter) Virus article debunked (Stephen Page) RISKS 7.98 22 Dec 88 The Fetzer Paper in CACM (Brian Randell) Computers in mathematical proof (Dale Worley) Teaching students about responsible use of computers (Jerome H. Saltzer) Responsible use of computers (PGN) RISKS 7.99 22 Dec 88 SUMMARY OF RISKS VOLUME 7, COLLECTED IN RISKS-7.99 ------------------------------ End of RISKS-FORUM Digest 7.99 ************************ -------