Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 21.00 (), Volume 21 summary 
REPLY-TO: risks@csl.sri.com

RISKS-LIST: RISKS-FORUM Digest  29 March 2002   Volume 21 : Issue 00 (99)

        FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS 
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

  Contents:
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
SUMMARY OF RISKS VOLUME 21 (15 August 2000 to 29 March 2002) 
  (NOTE: This summary is archived in ftp file risks-21.00 at ftp.sri.com,
  cd risks, and is also at http://catless.ncl.ac.uk/Risks/21.00.html.)

----------------------------------------------------------------------

Date: 13 Dec 1999 (LAST-MODIFIED)
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) 
 if possible and convenient for you.  Alternatively, via majordomo, 
 SEND DIRECT E-MAIL REQUESTS to <risks-request@csl.sri.com> with one-line, 
   SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
   INFO     [for unabridged version of RISKS information]
 .MIL users should contact <risks-request@pica.army.mil> (Dennis Rears).
 .UK users should contact <Lindsay.Marshall@newcastle.ac.uk>.
=> The INFO file (submissions, default disclaimers, archive sites, 
 copyright policy, PRIVACY digests, etc.) is also obtainable from
 http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
 The full info file will appear now and then in future issues.  *** All 
 contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
=> ARCHIVES are available: ftp://ftp.sri.com/risks or
 ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
   [volume-summary issues are in risks-*.00]
   [back volumes have their own subdirectories, e.g., "cd 19" for volume 19]
 http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
 http://the.wiretapped.net/security/textfiles/risks-digest/ .
==> PostScript copy of PGN's comprehensive historical summary of one liners:
    illustrative.PS at ftp.sri.com/risks .

------------------------------

Subject: SUMMARY OF RISKS VOLUME 21 (15 August 2000 to 29 March 2002) 
  (archived in ftp file risks-21.00)

RISKS-21.01  Tuesday 15 August 2000
  Russian nuclear sub trapped on bottom of Barents Sea (Keith A Rhodes)
  Risks of train doors: Sydney (Simon Carter)
  Admissions mixup leaves Northeastern University struggling
    (Daniel P.B. Smith)
  Not so smart weapons in Kosovo (Lord Wodehouse)
  Private phone records on Web (Kevin L. Poulsen)
  Barclays Internet-banking security-glitch following software upgrade 
    (Pete Morgan-Lucas)
  Security hole in Netscape (NewsScan)
  The Pentagon worries that spies can see its computer screens 
    (Gregory F. March)
  Online gambler goes to prison (NewsScan)
  County blew $38 million on canceled payroll system! (Joan Brewer)
  Delays in the new UK Air traffic control system (Ursula Martin)
  Microsoft vulnerabilities, publicity, and virus-based fixes (Bruce Schneier)
  REVIEW: "NT 4 Network Security", Strebe/Perkins/Moncur (Rob Slade)
RISKS 21.02  Saturday 26 August 2000
  Hoaxes: When will they learn? (Dave Farber)
  NY State's running out of fingerprint IDs (Danny Burstein)
  Mobile phone malware on i-mode in Japan (Kevin Connolly)
  Firepower via Web interface (Anatole Shaw)
  Sydney Airport baggage system fails for second time in five days 
    (Stellios Keskinidis)
  Airline E-Ticket risks (Paul Wallich)
  Risks on public transit: mechanical and human failures in Toronto 
    (Stephen van Egmond)
  Bangkok robot security guard (Torrey Hoffman)
  Professor stole 40 student SSNs and IDs to get credit cards (Joan L. Brewer)
  Kaiser Permanente medical e-mails go astray (Sheri Alpert)
  Wake up, your TV is talking to your bracelet (NewsScan)
  SSL Server Security Survey (Monty Solomon)
  *The Globe and Mail* Web site exposing search-engine log file
    (Esteban Gutierrez-Moguel)
  Blocked e-mail and Web sites (PGN)
  Major security hole in new online organizer service (Paul van Keep)
  Hackers breach Firewall-1 (PGN)
  GAO says EPA's computer security is "riddled" with weaknesses 
    (Declan McCullagh)
  Bruce Schneier's Secrets and Lies (PGN)
  Software Risk Management Conference ISACC (Gary McGraw)
RISKS 21.03  Monday 28 August 2000
  New security vulnerability: 13-year-old 'r00ts' popular polynomial
    (Leonard Richardson)
  Pretty Good Bug found in Windows versions of PGP (Declan McCullagh)
  Two cables (Doneel Edelson)
  Four of the 13 root servers used by Network Solutions (Dave Farber)
  Court says FBI has been given too much wiretap power (NewsScan)
  "Free" e-mail accounts and passwords exposed for a month (Peter Kaiser)
  Hotmail blows it badly? (Jay R. Ashworth)
  Possible Y2K bug strikes UK Egg Bank (Ralph Corderoy)
  More risks of filtering software (David Goddard)
  Risks of Eurdora 4.x (David Sedlock)
  "Verify your age with a credit card": more than $188M fraud (Lenny Foner)
  Re: Airline E-tickets (Adam Shostack)
  Re: Hoaxes: when will they ever learn (Eric Murray)
  Re: SSL Server Security Survey (Sean Eric Fagan)
  Re: mechanical and human failures in Toronto (Mark Brader)
RISKS 21.04  Monday 11 September 2000
  Identity theft (PGN)
  Government computers at risk (NewsScan)
  Satellite system outage hits Associated Press (Keith A Rhodes)
  Puerto Rican capital without power (Doneel Edelson)
  New Pentium III chip recalled (NewsScan)
  CSX crew spots problem signal, averts collision (Chuck Weinstock)
  F-117 stealth fighter in near-miss with UAL jet (PGN)
  Fake air controllers alert in UK (Joe McCauley)
  Swissair 111, TWA 800, and Electromagnetic Interference (Fred Ballard)
  D.01: off by x100 stock prices (Bob Blakley)
  Western Union Web site hacked (Keith A Rhodes)
  FBI arrests Emulex hoax suspect in Calif. (NewsScan)
  Glitch at Amazon.com exposes e-mail addresses (Keith A Rhodes)
  Windows NT/2000 "Lock Computer" allows palm sync (Avi Rubin)
  1,000 system updates??? (Scott Rainey)
  Risks of partially updated Web pages (Daniel P.B. Smith)
  Re: Major security hole ... (Chris Adams, Michael Loftis)
  Re: Your TV is talking to your bracelet (George Weaver)
  PFIR statement on government interception of Internet data (Lauren Weinstein)
  REVIEW: "Big Book of IPsec RFCs", Pete Loshin (Rob Slade)
  2001 IEEE Security and Privacy Symposium (Jon Millen)
RISKS 21.05  Wednesday 20 September 2000
  Qualcomm CEO's laptop vanishes, containing corporate secrets (NewsScan, 
    David Lesher)
  Computers shut down aircraft engines in flight (Mike Beims)
  Russian troops block power shutoff (Doneel Edelson)
  OPEC site hacked (Mike Hogsett)
  Navy carrier to run Win 2000 (Mike Ellims)
  Re: Windows NT/2000 palm sync (Avi Rubin)
  Re: Identity theft (Carl Ellison)
  Re: D.01: Off by x100 (Terry Carroll)
  Re: New Pentium III chip recalled: typo (Gideon Yuval)
  Risks of using HTML Mail and HTTP proxy "censorware" together (Dan Birchall)
  Concorde crash report (Peter Kaiser)
  Computerized air-conditioning risks (Pere Camps)
  ``Netspionage'' is the real security threat on the Net (NewsScan)
  Hackers offered $10,000 bait (NewsScan)
  A subtle fencepost error in real life (Andrew Koenig)
  New credit-card solution? (Joshua M Bieber)
  Reconstructing Privacy - Conference Announcement (Gene N Haldeman)
RISKS 21.06  Monday 25 September 2000
  Australian online voting scores: no oohs 'n Oz? (Garry Allen)
  Youthful toothful (PGN)
  Concorde Problem Visibility (Peter B. Ladkin)
  Re: Concorde crash report (Zygo Blaxell)
  Ostrich Farming? (Pat St-Arnaud)
  Pentagon security gate goof, again (PGN)
  U.Wisconsin alters photo to add "diversity" to student body (PGN)
  Why software fails (Mike Lewis)
  Filtering, censorship, silence: Who owns the language? (Richard Schroeppel)
  Re: Decimalization and Ford Stock Splits (Timothy Prodin)
  Re: Identity theft (Martin Minow)
  Re: Qualcomm CEO's laptop vanishes (Camillo Sars)
  Re: Risks of using HTML Mail and HTTP proxy "censorware" together 
    (J.D. Abolins)
  Artificial Intelligence strikes again (Rodger Whitlock)
  SBC Calling Card PIN (Conrad Heiney)
RISKS 21.07  Saturday 30 September 2000
  California DMV fosters identity theft? (PGN)
  Single points of failure and backup plans (William P.N. Smith)
  Control of Olympics news coverage (NewsScan)
  Tighter security poses a security threat (Ray Randolph)
  Cochise County election computer errors (Nicky L. Sizemore)
  The risk of identity theft (Amrith Kumar)
  De Fault is in Default (Charlie Shub)
  Re: AI strikes again (Perry Bowker, Zygo Blaxell)
  REVIEW: "CyberShock", Winn Schwartau (Rob Slade)
RISKS 21.08  Wednesday 11 October 2000
  50 million adults at risk for 'net illiteracy' (NewsScan)
  China announces new rules for Internet content (NewsScan)
  Italian police stop digital bank robbery (Meine van der Meulen)
  Computer-related sewage release into Massachusetts Bay (Jonathan Drummey)
  ISP whacks game fan with $24,000 bandwidth fine (Doneel Edelson)
  I've been dropped from a life-time membership (Leonard X. Finegold)
  Carnivore review team information leaked (PGN)
  What Bloatware is Not (Rick Downes)
  EMI, TWA 800 and Swissair 111 (Peter B. Ladkin)
  ABC newsradio network blocked during Olympics (Phillip Musumeci)
  The need for functioning IT environments (Thomas Roessler)
  Re: Why software fails (Jurek Kirakowski)
  Intel hasn't learned... (Steve Bellovin)
  Test Practitioner Syllabus: 17 Oct deadline for comments (Dorothy Graham)
  REVIEW: "Storming Heaven", Kyle Mills (Rob Slade)
RISKS 21.09  Friday 3 November 2000
  Air-traffic control woes (PGN)
  Aviation near-crashes in Kathmandu (Phil Carmody)
  Typo + "strange glitch" = private files world-readable (Michael Froomkin)
  Risks of an `uninterruptible power supply' (Ross Anderson)
  How to upset your customers (John Pettitt)
  Did I *really* request my password in plaintext? (Matt Stupple)
  Over capacity @Home (Dave Isaacs)
  Minister racks up $50,000 phone bill (Fergus Henderson)
  EZ-Pass discovers risk of sending URLs instead of actual text 
    (Danny Burstein)
  Yet another daylight savings time problem... (Gordon Henderson)
  I'm falling back, and I can't get up. (Richard Glover)
  Worm risk multiplier (Jeremy)
  Re: Carnivore review team information leaked (Rob Warnock)
  Re: AI strikes again (Chris Meadows, Marcos)
  Re: U. Wisc altered photographs: They're not the only ones (Fredric L. Rice)
  Re: 50 million adults at risk for `net illiteracy' (K Parker)
  CFP: Risk Assessment & Policy Assoc. International Conference 
    (John M. Gleason)
RISKS 21.10  Tuesday 7 November 2000
  Pennsylvania county wins $1M for faulty computer voting machines
    (David Banisar)
  Thoughts on computers in voting (Douglas W. Jones)
  Security of electronic voting in public elections (Avi Rubin)
  Saturn made a bad assumption in my engine (William Colburn)
  I crashed because my phone was ringing (Scott Gregory)
  Unplanned roll in NASA's X-38 (James H. Paul)
  *Lack* of barcode causes train to trap passengers (Jeff Stieglitz)
  No security in Internet-connectable laboratory instrument controller 
    (Stephen D. Holland)
  Risk of using 'meaningful' file names (Charles Bryant)
  Re: Typo+"strange glitch"=private files world-readable (Steve Summit)
  REVIEW: "Virus Proof", Phil Schmauder (Rob Slade)
RISKS 21.11  Wednesday 8 November 2000
  Did a human factors problem affect the U.S. presidential election?
    (Steve Bellovin)
  More on Florida in this and previous elections (PGN)
  E-voting as a panacea for Florida count? (Jeremy Epstein)
  CNN: E-voting could have prevented U.S. election chaos (Evan McLain)
  "REALITY RESET": "Hacking the Vote" (Lauren Weinstein)
  Web sites report exit poll results before networks do (NewsScan)
  Political dirty tricks, cyber-style (NewsScan)
  Vote auction Web site moves operations overseas (NewsScan)
  UK air-traffic control problems (PGN)
  Indianapolis FAA route center running on generators for a week
    (Nathan Brindle)
  Raccoon power outage over the weekend (Dan Ellis)
  Researchers able to defeat digital music security measures (NewsScan)
  Verisign and MS authenticode (Carl Byington)
  Microsoft Web site vandalized (NewsScan)
  The latest in anti-spam technology (Greg Compestine)
  Re: EMI, etc. (Pete Mellor)
  2001 USENIX Annual Technical Conference - Call For Papers (Andrea Galleni)
RISKS 21.12  Saturday 11 November 2000
  Sanity in the Election Process (Lauren Weinstein and Peter Neumann)
  Statement by Don A. Dillman on Palm Beach County Florida Ballot (Rob Kling)
  Florida vote counts (PGN)
  The end of the Multics era (PGN)
  Excessive bounce activity and lost messages (PGN)
RISKS 21.13  Sunday 3 December 2000
  Perspective on election processes (PGN)
  A better election process? (Dave Stringer-Calvert)
  Australian Internet cable severed (Dave Farber)
  CIA secret chat room investigated (PGN)
  McAfee VirusScan update crashes Windows (PGN)
  Ticking time bomb in buffer overflow (Jonathan Hayward)
  Re: The end of the Multics era (Tom Van Vleck)
  I am glad about the quality of my driver's license photo (Joel Garry)
  Re: Engine cutouts (Paul Nowak)
  REVIEW: "Practical Firewalls", Terry William Ogletree (Rob Slade)
RISKS 21.14  Tuesday 12 December 2000
  Internet and Electronic Voting (PGN Rebecca Mercuri Lauren Weinstein)
  Re: Perspective on election processes (Ben Laurie)
  Arizona Motor Vehicle counterfeiting rings (Paul Nowak)
  Seattle Hospital Hacked (Lauren Gelman)
  A new Chinook inquiry? (Mike Ellims)
  Another Osprey crash (PGN)
  Space Station risks (Ben Hines)
  comp.risks considered harmful -- by some (Thomas Roessler)
  REVIEW: "Hack Proofing Your Network", Ryan Russell et al. (Rob Slade)
RISKS 21.15  Weds 20 December 2000
  Wells Fargo computer network outage (PGN)
  ATM network for voting: a non-starter (David Jefferson)
  Re: Voting by machine (Fred Cohen)
  Alaska Airlines flight 261 (Jim Horning)
  NY State DMV canceling auto registrations (Danny Burstein)
  Another DMV Break-in, in Oregon (PGN)
  Healthcare data bank contains inaccurate and flawed information (Mike Beims)
  Germany to rely on on-board diagnostics for vehicle emission checks 
    (Bernd Felsche)
  High reliability (Adam Shostack)
  Electrocution leads to more deaths (Martin Minow)
  Spam as a denial of service attack? (Steve Bellovin)
  Re: Seattle Hospital Hacked (Lynda Ellis)
  Computers, Freedom, and Privacy CFP2001 Call for Participation (HIIP)
RISKS 21.16  Tuesday 26 December 2000
  Power cut blocks emergency calls (Stuart Lamble)
  Important message from egghead.com CEO (Egghead.com)
  Security advisories becoming less open? (Chris Adams)
  Another tidbit about the new Microsoft advisory format (Richard M. Smith  
    via Brian)
  Making something look hacked when it isn't (Richard J. Barbalace)
  The risk of a seldom-used URL syntax (Rob Warnock)
  Intelligence risks of e-mail auto-responses (Dan Birchall)
  Re: Voting by machine (Tony Finch)
  Re: ATM network for voting: a non-starter (Jeremy Epstein, Barry Margolin,
      Bill Stewart)
  Re: High Reliability (Matt Jaffe)
  Re: Another DMV Break-in, in Oregon (Simson L. Garfinkel)
  Re: Seattle Hospital Hacked (Todd Wallack, Kevin L. Poulsen, 
      Jonathan Thornburg)
RISKS 21.17  Tuesday 26 December 2000
  Martin Minow (PGN)
  Australian Ansett B767 fleet grounded due to maintenance breaches (Mike Martin)
  Interference forces RAF to abandon ILS (David Kennedy)
  Risks of automatic firmware upgrades (Marc Roessler)
  IBM and Intel push copy protection into ordinary disk drives (John Gilmore)
  CERT's ActiveX security report (Richard M. Smith)
  Privacy/quality risks in Quicken Online Billing (Clay Jackson)
  Credit report lists ex-spouse's address (Beth Roberts)
  Wanna know my salary ? (John C Haselsberger)
  Re: Spam as a denial of service attack? (Steve Wildstrom)
  Armageddon scenario near-miss (Scott Rainey)
RISKS 21.18  Thursday 4 January 2001
  Revenge of Y2K, Norwegian trains halted 31 Dec 2000 (Jan L)
  7-Eleven unable to process credit cards since 1 Jan 2001 (Steve Hutto)
  Y2K+1 bug in Sharp Organizer? (Philip Berman)
  Power cut hits hundreds of millions in India (Edelson Doneel)
  Repeated computer outages for Swedish bank (Ulf Lindqvist)
  Telephone outage caused by water-main break (Glenn C. Lasher Jr.)
  Computer blamed for Russian rocket crash (Peter Neumann)
  Chinook: key facts ignored by those who want to clear pilots (John O'Connor)
  CIOs: "What, Me Worry?" (NewsScan)
  Automatic firmware upgrades in home electronics (Andrew Klossner)
  Hackers hack science exam (Winn Schwartau)
  Re: Seattle Hospital Hacked (Daniel Theunissen)
  Re: IBM and Intel push copy protection ... (Patrick P Gelsinger)
  Re: IMPORTANT MESSAGE FROM EGGHEAD.COM CEO (Gary Lawrence Murphy)
  Re: The risk of a seldom-used URL syntax (Crispin Cowan)
  The top 10 privacy stories of 2000 (Richard M. Smith)
  Stefan Brands: PKI, digital certificates, and privacy (PGN)
  Submission Deadline for USENIX Security Symposium, 1 Feb 2001 (Monica Ortiz)
  Call For Papers - RAID'2001 (Giovanni Vigna)
RISKS 21.19  Tuesday 9 January 2001
  Security at UK nuclear power stations (Brian Randell)
  Re: Revenge of Y2K, Norwegian trains halted 31 Dec 2000 (Bob Dubery)
  Motorola flex non-non-non-leap year (Dan Jacobson)
  Millennium error in Postscript calendar (Eric Lindsay)
  Two satellite failures (Peter B. Ladkin)
  Teen intercepts MD's pages, makes medical orders (Terry Carroll)
  Dutch Railways to introduce electronic access/ID card (Marcus de Geus)
  Risks of "upgrades" and network-centric applications (Jay R. Ashworth)
  Re: Chinook (Phil Payne, Ryan O'Connell)
  Re: CIOs: "What, Me Worry?" (Mark Hull-Richter)
  Re: Egghead.com (Jonathan Kamens, Mark Hull-Richter)
  Re: Y2K+1 bug in Sharp Organizer (Philip Berman, Jonathan Kamens)
  Re: IBM and Intel push copy protection (David Collier-Brown)
  Security white paper (Gene Spafford)
RISKS 21.20  Saturday 13 January 2001
  Dell, Unisys and Microsoft -- DUMvoting 1.0! (Gene N Haldeman)
  San Francisco Airport radar phantom flights (PGN)
  Cell phone in luggage alarms avionics (David Kennedy)
  Testimony before the U.S. Civil Rights Commission (Douglas W. Jones)
  No human finger will actually pull a trigger... (Daniel P. B. Smith)
  Swiss debit-card system broke down (Andre Oppermann)
  Subject: Re: The Chinook Crash (Peter B. Ladkin, Mike Beims)
  Armchair Chinook RISKS analysis is misplaced (Nathan K. Pemberton)
  Since when is Northern Ireland considered a war zone? (Chris Warwick)
  Oregon Jurors summoned for 1901 (Aydin Edguer)
  Y2K bug in Millennium clock (Mike Palmer)
  Re: 54 weeks in a year? ('o-Dzin Tridral, Paul van Keep)
RISKS 21.21  Thursday 25 January 2001
  RISKS moved to new mail server and list server program (Mike Hogsett)
  Look ahead + Cache == oops (Lindsay Marshall)
  QP -> UL? (Mark Brader)
  Osprey: A Spree? Us pray? (PGN)
  Travelocity exposes customer information (Monty Solomon)
  Network Solutions exposes e-mail addresses (Name withheld by request)
  Microsoft websites blacked out -- but what happened? (Declan McCullagh)
  401k mixup (Jeremy Epstein)
  Risks of owning a cute domain name (Griffith)
  Interesting Web risk (Lindsay F. Marshall)
  Re: Organiser Bugs (Peter B. Ladkin)
  Two-billion-dollar theft (S Harris)
  Another Y2K+1 glitch -- sorta (George C. Kaplan)
  Re: Millennium error, or "something like that" (Amos Shapir)
  Re: 54 weeks in a year? (Espen Andersen, Bob Dubery, Markus Kuhn, Stan Sieler)
RISKS 21.22  Friday 26 January 2001
  Software crash hits Canadian grocery chain (Aaron PooF Matthews)
  Aircraft had near-miss in Finland (Michael Walsh)
  UK Trials of GPS controlled car speeds (Steve Loughran)
  Theft of vehicle leads to robbery at home (D. Joseph Creighton)
  Bank robber nabbed by GPS (Roger H. Goun)
  B of A Visa Y2K glitch? (Ethan McKinney)
  Risks of shortcuts in user interfaces (Austin Donnelly)
  Cross-site scripting still a threat (Michael Sims)
  HotMail blocking users from e-mailing Peacefire (Bennett Haselton)
  Network vandal attacks Microsoft sites (NewsScan)
  Hacker indicted for network vandalism (NewsScan)
  Sex-offender Web sites are insecure (Monty Solomon)
  Remote disabling of satellite TV receiver smart cards (Jeremy Epstein)
  Shoppers seize unauthorized discounts at Macys.com (Monty Solomon)
  Re: Palm Pilot Security (Mitch James via Dave Stringer-Calvert)
  Clone phones with help from AT&T (Nikita Borisov)
  Re: Chinook (Lloyd Wood, Ken Garlington)
  Expanding on an urban legend (Danny Burstein)
  Re: "Security holes protect your equipment from theft" (Daniel P. B. Smith)
  Re: Risks of mail auto-reply (Jerrold Leichter)
  Hotmail declines to accept new users with reserved words in last names
    (Robert Rossa)
  ACM1 Message for RISKS Subscribers (Lillian Israel)
RISKS 21.23  Tuesday 30 January 2001
  Satellite strike blows away DirectTV pirates (PGN)
  Senators critical of videogame violence (NewsScan)
  Could someone die from spam/relay rape? (Sanner)
  Hackers hit U.S., U.K., Australian government sites (Keith A Rhodes)
  Risks of pharmacy computer systems (Isaac Hollander)
  Receipts for Voting Machines (Douglas W. Jones)
  Flight data recorder in your car's airbag (David Collier-Brown)
  Re: Aircraft had near-miss in Finland (Michael Walsh)
  Re: The Chinook Crash (Simon Pickin)
  Re: Organiser Bugs (Tyler, Mike Cepek)
  Re: Risks of owning a cute domain name (Terry Carroll)
  Seeing Y2K bugs everywhere (Andrew Klossner)
  Re: 54 weeks in a year? (Lawrence K. Chen, Nick Brown))
  Re: UK Trials of GPS controlled car speeds (Derek Ziglar, Brian Clapper, 
      Andres Zellweger, Harlan Rosenthal, Peter Houppermans)
  Symposium on Requirements Engineering for Information Security (Gene Spafford)
RISKS 21.24  Thursday 15 February 2001
  Calligraphy, computers, and Chinese culture (NewsScan)
  Lost pet fees cost Toronto $700,000 (Perry Bowker)
  Network Solutions Sells Out -- Domain Info For Sale to Marketers
    (Lauren Weinstein)
  Hacker defends his vandalism, blames the victims (NewsScan)
  AnnaKournikova worm (rcooper)
  It's the wolf! It's the wolf! (David G. Bell)
  Osprey crash involved "software fault" (Peter B. Ladkin)
  Privacy on New Zealand golf Web site (Gavin Treadgold)
  Risks of outsourcing: you can bank on it! (Cris Pedregal Martin)
  Microsoft Hotfix undoes previous good (Graham Bell)
  SiteGuest.com: Unauthorized e-mail address capture whilst browsing
    (Stewart C. Russell)
  The very friendly skies of United? (Steve Bellovin)
  Risks inside my Jan 2001 American Express bill (Thomas Maufer)
  Domain name mismatch family feud (James Ryan)
  RISKS of anticipating computer problems (Eric Nickell)
  Satellite strike blows away DirectTV pirates (Serguei Patchkovskii)
RISKS 21.25  Wednesday 21 February 2001
  Millennium bug in travel agent system (Debora Weber-Wulff)
  Again: German government plans extensive surveillance (Stefan Kelm)
  Are free ISPs free? Juno says users must donate processor time (Lenny Foner)
  The old ones are the best ones: Hidden info in MS Word documents (Paul Henry)
  Modem misdialing seemingly at random (Chiaki Ishikawa)
  On paper-size standards (Andrew Klossner)
  More on the Friendly Skies of United (Steve Bellovin)
  Re: Risks inside my Jan 2001 American Express Bill (Paul Green)
  Re: SiteGuest unauthorized address capture (Jean-Jacques Quisquater)
  Re: Organiser Bugs (Dennis Parslow, Peter B. Ladkin)
  Re: It's the wolf! It's the wolf! (Martin Jost, Andrew Jackson)
  When will they EVER learn? (Geoff Kuenning)
  REVIEW: "Building Internet Firewalls", Zwicky/Cooper (Rob Slade)
RISKS 21.26  Monday 5 March 2001
  Smart bombs miss again (Lord Wodehouse)
  Air gaps (Bruce Schneier)
  Bibliofind exposes lots of credit card data they shouldn't have had
    (Lenny Foner)
  TurboTax potential overstatement of gross income (Richard Mason)
  Risks of buggy cell phone networks (Kragen)
  SETI@Home felled by a Single Point of Failure (Malcolm Pack)
  Passwords don't protect Palm data, security firm warns (Yves Bellefeuille)
  Risks of laptop anti-theft devices (Tony Yip)
  Where does NAVSTAR say we are, again? (James Paul)
  Beware assumptions about keyboard layouts... (Perry Pederson)
  Re: On paper-size standards (Gideon Sheps)
  REVIEW: "Tangled Web", Richard Power (Rob Slade)
RISKS 21.27  Thursday 15 March 2001
  Stockholm power outage hits high-tech companies (Ulf Lindqvist)
  New USB Army 'Land Warrior' tech connects the next cybertoys (Bob Frankston)
  In Japan, do trains check for drivers? (Joyce K Scrivner)
  UCITA implements DoS and DDoS Vulnerabilities (Warren Pearce)
  Moon-landing-hoax hoax (Dave Stringer-Calvert)
  Mistaking list for scalar context brings cops (Jamie McCarthy)
  Fairfax, VA Police records public (Dan Graifer)
  Risks of would-be copper thieves (Gregory Soo)
  Yahoo! Mail translates attachments (Bob Frankston)
  More on Bibliofind (Lenny Foner)
  Re: Air Gaps (M.S. Jaffe)
  Re: Smart bombs miss again (Dave Aronson, Randy Davis)
  Re: NAVSTAR (PGN)
  Re: SETI@Home felled by a single point of failure (George C. Kaplan,
      Mary Schafrik)
  Re: When will they EVER learn? (Gideon Sheps)
  Re: Palm passwords aren't... (Peter Houppermans)
  Don't risk missing the Parnas Symposium at ICSE 2001! (David Weiss)
RISKS 21.28  Tuesday 20 March 2001
  Arsta train crash might have been caused by a safety-critical error 
    (Anton Setzer)
  Lax security found in IRS electronic filing system (Dave Stringer-Calvert)
  Dow Jones Industrial Average reported at 0.20 (Lindsay F. Marshall)
  More on the importance of safeguarding private crypto keys (David Kennedy)
  Risks of self-induced false alarms (Graystreak)
  Using automation software without accounting for possible scenarios 
    (Tony Yip)
  Another "secure" e-book seems unlikely (Moz)
  The risks of accidentally becoming a customer for life (Jim Youll)
  NSF study: "Internet Voting is no 'Magic Ballot'" (Terry Carroll)
  On-line elections (Sarr Blumson)
  Smart Bombs - Old Story (Bruce E. Wampler)
  Re: Smart bombs miss again (Richard Schroeppel, Christophe Augier, 
      Pekka Pihlajasaari, Michael Nelson, Bill Stewart, Wm. Randolph Franklin)
RISKS 21.29  Friday 23 March 2001
  Identity theft: Forbes-ing a head?
  Indiana University penetration raises fears of identity theft 
    (Keith A Rhodes)
  Serious new CA Drivers License ID RISK (Peter V. Cornell)
  Faulty radar prompts FAA inspections and remediations (Keith A Rhodes)
  Bogus Microsoft Corporation digital certificates from Verisign (Jeff Savit)
  Your PGP E-Hancock can be forged (Monty Solomon)
  Czech PGP flaw tech details (David Kennedy)
  Politically correct: DoE is slow to warn of computer virus (David Farber)
  Nokia cell phone trivially easy to unlock (Eric Hanchrow)
  Hacker sentenced to hacking (Jeremy Epstein)
  Government, school sites link to porn (Dave Stringer-Calvert)
  Yahoo! Mail translates attachments (Matt Curtin)
  Re: Air gaps (Fred Cohen)
  Re: MIT/Caltech voting study (Paul Terwilliger)
  German armed forces ban MS software, citing NSA snooping (Pete McVay)
  MS Word: Ohm, SaveAs Watt (Kevin Rolph)
  Workshop CfP: Security and Privacy in Digital Rights Management 2001
    (Tomas Sander)
RISKS 21.30  Monday 26 March 2001
  Electronic tax filing problems blamed on 'user error' (PGN)
  Cyber surfers caught by fishing nets (Tin Tin)
  RISKS of rodent teeth (Gregory Soo)
  Identity Theft -- a personal experience (name withheld)
  Re: California Drivers License as ID for banks (John McCalpin)
  Re: "Internet Voting is no 'Magic Ballot'" (Douglas W. Jones)
  Verisign certificates problem (Roy Sinclair)
  When security is based on trust (Michael Sinz)
  Re: Aasta train crash ... safety-critical error (Tor-Einar Jarnbjo, 
      Dave Aronson)
  IEEE *Software* Special Issue on Building Software Securely (Anup Ghosh)
RISKS 21.31  Sunday 1 April 2001
  Windows 2000 source code (Mark Thorson)
  Foot-and-mouth virus propagation (PGN)
  Upcoming time-change risks (Alan Wexelblat)
  More self-inflicted defense difficulties (PGN)
  Classification of the Three Mile Island accident (Andrew Raybould)
  Re: German armed forces ban MS software (Ralf Bendrath)
  What they can do with your SSN (Ian Macky)
  Re: Serious new California drivers license ID risk (Tom Goltz, John Noble)
  Book: Security Engineering, Ross Anderson (PGN)
  Invitation to the First "PFIR Future of the Internet Workshop" 
    (Lauren Weinstein)
RISKS 21.32  Monday 2 April 2001
  Future Mac Viruses? (PC Rescue)
  The cost of Windows virus (Joaquim Baptista)
  Risks of auto-updating software (Alan Wexelblat)
  Dutch police fight cell theft with text 'bombs' (Thomas Dzubin)
  Cellphone text bombs (Conrad Heiney)
  Approved posts to large listservs (Paul Hessels)
  MSN "upgrade" creates long-distance calling (Steve Holzworth)
  Re: Hidden info on MS Word documents (Joaquim Baptista)
  Hidden highway robbery within Terms of Use contracts? (Michael Sinz)
  EoExchange shuts down services without warning, customer data lost
    (Derek Ziglar)
  Re: "Internet Voting is no 'Magic Ballot'" (Jay R. Ashworth, Jurek Kirakowski)
  Re: Bogus Microsoft Corporation digital certificates (Peter da Silva, WBH)
  Re: Verisign certificates problem (Camillo Sars)
  Re: Aasta train crash (Dag-Erling Smorgrav)
  Re: Serious new CA Drivers License ID RISK (Jim Horning, John Rickenbrode)
RISKS-21.33  Sunday 8 April 2001
  Software direct cause of December 2000 Osprey crash (Peter B. Ladkin)
  Computer cords used in escape from police custody (Ulf Lindqvist)
  WRQ/Reflection and DST (Marc W. Mengel)
  Dutch government report on privacy (Peter Fokker)
  Proposed "open" development of voter data standards launched (David Marston)
  Re: MS Word: Ohm, SaveAs Watt (Markus Peuhkuri)
  Re: Windows 2000 source code (Dave Aronson)
  Re: April Fools items (Ursula Martin)
  Re: When security is based on trust (Ken Cox)
  What's in you server room? (Audun Arnesen Nordal)
  Re: tax returns (Wendy Grossman, Paul Ward)
  Re: identity theft (Chris Viles)
RISKS 21.34  Wednesday 11 April 2001
  MIT'S cathedral of learning: online and free (NewsScan)
  Modern Times, II (jhaynes)
  Careful with that e-mail! (Lord Wodehouse)
  Risks of appearing in rec.humor.funny (Jim Griffith)
  Re: Risks of auto-updating software (L. P. Levine)
  More on Yahoo mail's anti-virus attachment translation (Kirrily Skud Robert)
  Re: Bogus Microsoft Corporation digital certificates (Nick Brown)
  Summertime blues (Lord Wodehouse)
  Re: Upcoming time-change risks (Derek Ziglar)
  Another Silly Date Problem (Peter B. Ladkin)
  Re: Dutch police fight cell theft ... (Zygo Blaxell, Christian Bartsch)
  Re: Cellphone text 'bombs' (Peter Chuck)
  Re: Future Mac Viruses? (Craig S. Cottingham, Paul Hessels)
  Re: "Internet Voting is no 'Magic Ballot'" (Julian White, Jay R. Ashworth)
  Bathtub Burnout (Rebecca Mercuri)
  Auto-updating and ReplayTV (Alan Wexelblat)
RISKS 21.35  Monday 23 April 2001
  Reliance on Automation "Top Risk" (Peter B. Ladkin)
  Kew Public Records Office data input problem (Pete Mellor)
  Never rely entirely on technology... (Peter Houppermans)
  You've Got Mail ... From The Admissions Office! (David Tarabar)
  Server 54, Where Are You? (Jack Burke)
  Hi-tech toilet swallows woman (Gareth Randell)
  Denial of Tax Service (Rebecca Mercuri)
  E-mail address ID theft (A.E. Brain)
  Sabotaged phone lines + stolen credit cards = safety in theft (Simon Carter)
  Security flaw found in Alcatel's high-speed modems (Monty Solomon)
  Alcatel admits more than they meant to (Mike Bristow)
  Web-enabled air conditioners (Alpha Lau)
  Risks of sorting time alphabetically (Marcos H. Woehrmann)
  Using Palm VII's to give traffic tickets (Ian Jordan)
  More on UCITA (Warren Pearce)
  Re: Aasta Train Crash (Magne Mandt, Merlyn Kline)
  Re: Risks of Hidden highway robbery ... (Will Fletcher)
  Viewers lament incredible shrinking Ultimate TV (Monty Solomon)
  Do prescription records stay private when pharmacy stores are sold?
    (Monty Solomon)
  New flashlight sees through doors as well as windows (Monty Solomon)
  Windows patchwork (Jay Levitt)
  REVIEW: "Securing Windows NT/2000 Servers for the Internet", Norberg
    (Rob Slade)
RISKS 21.36  Wednesday 25 April 2001
  Computer system crash stalls D.C. Metro (PGN)
  UPS Shutdown (Kent Borg)
  Trial by CCTV (M Taylor)
  Risks of fabricating funny data (Bill Hopkins)
  Foreign Flimflam (Keith A Rhodes)
  Wireless Spam (NewsScan)
  Slack goes when California DMV gains access to SSA database (Elizabeth Weise)
  U.S. Government cyberdefense lacking (Dave Stringer-Calvert)
  Errors in AFFX GeneChip Database (Gregory Soo)
  35,000-pound hacking challenge cracked (Jay Anantharaman)
  Microsoft's wonderful solution for Outlook security (Dave Stringer-Calvert)
  Re: Amtrak 'Sharing' Information With D.E.A. (John Noble)
  Re: Aasta train crash (Dag-Erling Smorgrav)
  Re: V-22: Titanium properties (Edwin M. Culver)
  Bathtub Burnout (Jan Verbrueggen)
  Re: Hidden highway robbery within ... contracts? (Norman Gray)
  Risks of using filtering proxies (Marc Roessler)
  Power safety (Marcus L. Rowland)
  First Workshop on Information Security System Rating and Ranking 
    (Jack Holleran)
RISKS 21.37  Thursday 3 May 2001
  Microsoft Is Set to Be Top Foe of Free Code (David Farber)
  DMCA: It's Like ... an Analogy Fest! (Monty Solomon)
  Recording industry threatens researcher with lawsuit (NewsScan)
  Hack attacks from China? (NewsScan)
  Space Station software problems predicted four years ago (Philip Gross)
  Incompatibility shuts down Xerox corporate network (Nelson H. F. Beebe)
  Destia shuts down service (Doneel Edelson)
  Mobile phones to prevent car theft? (Yerry Felix)
  CNN censors profane Webby nominee (Jim Griffith)
  Another problem with the DNS (Bob Frankston)
  MS security updates infected with virus (Dave Stringer-Calvert)
  Microsoft error message (Jean-Jacques Quisquater)
  Using calendar reminder service to remember anniversary of sad event (Elinsky)
  Risks of Net-connected appliances (Robert J. Woodhead)
  Re: MSN "upgrade" creates long distance calling (Steve Holzworth)
  The follow-on to James Bamford's *Puzzle Palace* (David Farber)
  Definitions for Hardware and Software Safety Engineers (Meine van der Meulen)
RISKS 21.38  Wednesday 9 May 2001
  Partial Causal Analysis of the December 2000 Osprey Accident (Peter B. Ladkin)
  Lucent workers charged with selling secrets to Chinese (NewsScan)
  Citibank's meaningless privacy notice (Vassilis Prevelakis)
  Fox... hen house... (Hendrik)
  Bluetooth risks airline safety? (Tom Worthington)
RISKS 21.39  Friday 11 May 2001
  U.S. Air Force blasts Outlook security patch (Yves Bellefeuille)
  Univ. Virginia prof uses computer to catch cheaters (Richard Kaszeta)
  Potential timestamp overflow on 9 Sep 2001 (Don Stokes)
  Excel-lent leaks (Christophe Augier)
  Foolish wireless network access policies and spam engines
    (Thor Lancelot Simon)
  Cops say teen concocted radio calls (Steve Hutto)
  The RISKS spam crossover has finally taken place! (RISKS)
  DMV screws up on licenses (PGN)
  To drive or to avoid identity theft: mutually exclusive? (Brett Glass)
  Re: Recording industry threatens researcher (Douglas W. Jones)
  16th Annual Software Engineering Symposium 2001 (Carol Biesecker)
RISKS 21.40  Sunday 13 May 2001
  Word file turns into two disjoint texts (Clive Page)
  Check everyone's Vodafone voicemail (Andrew Goodman-Jones)
  Car 54, where are you? (David Lesher)
  Euro risks, part 1 (Paul van Keep)
  Euro risks, part 2 (Paul van Keep)
  Thieves R Us (Mike Godwin via Dave Farber)
  Re: Citibank's meaningless privacy notice (Zygo Blaxell)
  Re: Using calendar reminder service ... (Nikita Borisov)
  Re: MSN "upgrade" creates long distance calling (Bob Frankston)
  Risks of not monitoring field-deployed systems (John Connor)
  Re: UPS Shutdown (Diomidis Spinellis, Chris Smith)
RISKS 21.41  Wednesday 23 May 2001
  A Hard Left-Cruise Ship's Autopilot blamed for sharp turns
    (Kelly Bert Manning)
  Another backhoe reminder (Bernd Felsche)
  New Bell Canada service: free calls (Dave Isaacs)
  The Faith-Based Missile Defense (What's New via David Farber)
  Time to bury proposed software law (Dan Gillmor via Monty Solomon)
  NZ Electoral Web Site (Richard A. O'Keefe)
  Osprey, cont'd (Peter B. Ladkin)
  Our software is *never* wrong (Erann Gat)
  Risks in scuba equipment (Carl Page)
  More on that college network/spam (Danny Burstein)
  Apple Powerbook 'bomb' shuts Burbank airport (Monty Solomon)
  Re: Space Station software problems predicted four years ago (Bob Frankston)
  The new Taiwan $1000 bill got the globe backwards (Dan Jacobson)
  Police frequencies and fake calls (William Colburn)
  Power safety (Marcus L. Rowland)
  Ship to Internet (Donn Parker)
  2002 ACM Symposium on Applied Computing: SAC '2002 (Cliff Jones)
RISKS 21.42  Friday 25 May 2001
  Thought-provoking book on software: David Parnas (Jim Horning)
  Software Engineering, Dijkstra, and Hippocrates (Michael L. Cook)
  Lost train (Debora Weber-Wulff)
  Aimster vs. the recording industry (NewsScan)
  Converting Pi to binary: DON'T DO IT! (Keith F. Lynch via Russ Perry Jr.)
  ``The Wind Done Gone'' ban done gone -- with abandon, gone (PGN)
  FBI arrests dozens for Internet fraud (NewsScan)
  What they know or don't know about you! (Monty Solomon)
  EU considers retaining *all* telecom traffic (Dave Weingart)
  CERT subjected to "just another attack" (NewsScan)
  Great DoS attack for cell phones (Robert Moskowitz)
  Office XP modifies what you type: Peter Deegan in Woodyswatch 
    (via Jonathan Arnold)
  Weatherbug (James Garrison)
  37% of programs used in business are pirated (NewsScan)
RISKS 21.43  Tuesday 29 May 2001
  Xcel Energy wants to close Denver call center (William Kucharski)
  Topeka KS water treatment outage (Jerry James)
  WA public schools switching to risky new system? (Phil Kos)
  The World Bank meets on the Internet (Andres Silva)
  Eurocops want seven-year retention of all phone, Net traffic (Hawkins Dale)
  McDonald's testing cashless payments (NewsScan)
  Re: The Faith-Based Missile Defense (Brian Clapper)
  Re: Parnas's book on software (John Graley)
  Bugless = utopia (Andrew Fleisher)
  Another fear of Risks (Bob Frankston)
  Re: Word file turns into two disjoint texts (Jeanne Sheldon)
  REVIEW: "Demystifying the IPsec Puzzle", Sheila Frankel (Rob Slade)
RISKS 21.44  Monday 4 June 2001
  House Science Committee hearings on voting systems (Douglas W. Jones)
  Swimming-pool changing cubicles (Alan Barclay)
  Insurer considers Microsoft NT high-risk (Oleg Broytmann)
  UK Government Gateway blocks non-MS browsers (Chatan Mistry)
  The risks of clueless marketing (Greg Searle)
  Computer-generated mail -- too easy to fake? (David G. Bell)
  Forgery attempt -- risk of identity theft (David Lesher)
  Sex-offender database risks (RISKS)
  Crash leaves disabled riders stranded (Jeremy Epstein)
  BT upgrade: The best laid plans... (John Sullivan)
  Re: Software Engineering, Dijkstra, and Hippocrates (Scot Wilcoxon,
      Richard I Cook)
  Re: EU considers retaining *all* telecom traffic (Michael Weiner)
  Re: NZ Electoral Web Site (Richard A. O'Keefe)
  Re: Another Backhoe Reminder (Arthur Marsh)
  Re: WeatherBug and Gator (David Crooke)
  Re: 37% of programs used in business are pirated (Jurek Kirakowski, 
      Merlyn Kline)
  More SMS SPAM (Simon Waters)
  Re: Lost train (Mark Brader)
RISKS 21.45  Wednesday 6 June 2001
  Ed Felten and researchers sue RIAA, DoJ over right to publish 
    (Declan McCullagh)
  Billboard error message (Phil Agre)
  California bill prohibits online gambling (Jim Griffith)
  Dutch government to act against virtual child pornography (Marcus de Geus)
  Payday delayed by one day in Belgium (Kris Carlier)
  Mobile phones to manage truancy - and other free publicity (Nick Brown)
  Inevitability of risks (Mick Topping)
  Re: The Faith-Based Missile Defense (S. Alexander Jacobson)
  Re: Eurocops want seven-year retention of all phone, Net traffic 
    (Morten Norman)
  Re: Our software is *never* wrong (Scott E. Preece)
  WSJ/Word change tracking/"MS Tool Lifts Veil on Spin" (Daniel P. B. Smith)
  Re: Word file turns into two disjoint texts (Lloyd Wood)
  Steve Gibson: Windows XP Vulnerable; Big ISPs just don't care (Chris Meadows)
  Re: Office XP modifies what you type (Bear Giles, LShaping)
  Re: "Hacker Insurance" charges higher rates for Windows systems! (Elana)
  Re: UK Government Gateway blocks non-MS browsers (David G. Bell)
  10th USENIX Security Symposium (Tiffany Peoples)
  Announcement -  16th Annual Software Engineering Symposium 2001
    (Carol Biesecker)
RISKS 21.46  Tuesday 12 June 2001
  Another NY Stock Exchange outage (PGN)
  California power grid hacked (PGN)
  PC parrot drives firemen crazy (Merlyn Kline)
  Computer reports unreported wreck (Chris Norloff)
  U.K. plans mandatory IP indoctrination for children (Cluebot via 
    Declan McCullagh)
  Re: Billboard error message (Robert Meineke, Rick Prelinger, John Dallman)
  Re: Risks of clueless marketing (Jamie McCarthy)
  Re: Steve Gibson: Windows XP Vulnerable; Big ISPs just don't care (Mike Nuss)
  Re: Steve Gibson's report and Windows XP "Vulnerabilities" (David Crooke)
  They're at it again: Internet Explorer Smart Tags in WinXP (Stef Maruch)
  Re: Office XP modifies what you type (Andy Newman, Jay Jennings)
  Microsoft, 'Mitigating Factors' and Public Relations (Jackson Ratcliffe)
  Broken shopping carts (Steve Loughran)
  How to avoid Internet interruption at AAS meeting (Clive Page)
  There's no such thing as software `piracy' (Fred Gilham)
  Re: Another fear of Risks (James K. Huggins)
  Re: McDonald's testing cashless payments (Jeffrey Jonas, John R Levine)
  Credit where it isn't due (William Paul Fiefer)
RISKS 21.47  Wednesday 13 June 2001
  Computer train trauma (Lord Wodehouse)
  Elevator emergency override drowns woman (Daniel Norton)
  ATM network center flooded (Daniel Norton)
  Supreme Court ruling on thermal-imaging scanners (PGN)
  And you thought Keith Lynch was kidding! (PGN)
  DoD declares unclassified hard drives no longer need be destroyed (PGN)
  Risks of URL-forwarding services (Justin Mason)
  New technology for sneaky advertising (Greg Searle)
  ScanMail's "sophisticated" filtering blocks PRIVACY Forum Digest 
    (Lauren Weinstein)
  Risks of heuristics and marketers (Dan Birchall)
  Re: Dutch government to act against virtual child pornography 
    (George Dinwiddie)
  Security notice for recent EarthBrowser purchasers (Matt Giger via
    Ben Laurie)
  Excel date munging: what a difference --four years and-- a day makes
    (Tom Walker)
  Dead men produce no documentation (Kirt Dankmyer)
  REVIEW: "Inside Internet Security", Jeff Crume (Rob Slade)
RISKS 21.48  Monday 18 June 2001
  Unexpected network congestion: remote consequences of Seti@Home 
    (Steve Loughran)
  Site puts private cell calls on Web (Bruce Hamilton)
  European Commission "Net-security" site invaded by hackers (Declan McCullagh)
  Formula 1's string of control-system failures (Stellios Keskinidis)
  A320 Incident (Peter B. Ladkin)
  Re: Computer train trauma (Philip Nasadowski)
  Lincolnshire University offers first course on rail disasters (Tom Van Vleck)
  NYSE: "Throw up your hands and reboot" (Chris Norloff)
  Re: Billboard error messages (David M Chess)
  Response to LWN's statement about Linux security costs (Kevin Postlewaite
      via Gerrit Muller)
  Windows XP adds its own links (George C. Kaplan)
  Re: Office XP modifies what you type (Andy Newman, Gerard A. Joseph)
  Re: Steve Gibson's and Windows XP (Chris Dodd)
  Re: The risks of clueless marketing (Tony Martin-Jones)
  Re: And you thought Keith Lynch was kidding! (Phil Carmody, Paul Ward, 
      Ken Knowlton)
  On the deceptiveness of pop-under ads (ocschwar)
RISKS-21.49  Monday 18 June 2001
  Passive radar?  Removing the cloak of invisibility 
    (What's New via Dave Farber)
  Therac Returns: Data-entry errors kill five patients in Panama
    (Allan Noordvyk)
  WashingtonPost.com real estate database (Nick Laflamme)
  ebates.com installs Java program on users computer (Bill Tolle)
  Risks of peer-to-peer in the office (Alpha Lau)
  PCs used as cash registers (Nick Brown)
  Software "worm" searches your computer for pornography (NewsScan)
  Conflicting sensors placed on different parts of the line (Robert Gordon)
  New world disorder? (Mike Coleman)
  Security vulnerability databases (Uwe Ohse)
  Yet another e-commerce error (Leonard Erickson)
  Re: PC parrot: telephone bird vs. real phone ring (Dan Jacobson)
  Re: Banning virtual forms of entertainment ((Gerard A. Joseph)
  Re: Formula 1's string of ... failures (Bob Dubery, Chris Kantarjiev)
  The magic, fast-food, wand (Rob Slade)
  QWE2001: Call for Papers and Presentations (SR/Institute)
RISKS 21.50  Thursday 12 July 2001
  Microsoft bug causing serious nuclear risk? (Dudi Feuer, Michael D. Levi,
    John Lowry)  
  Fiji has to relive Y2K? (James Paul)
  Intruder crashes United Arab Emirates' only ISP (Dave Stringer-Calvert)
  $480,000,000 for sending 9 parcels (Mark Brader)
  Uncleared disk space and MSVC (David Winfrey)
  Berlin Bank shows sensitive information (Debora Weber-Wulff)
  Power outage means wheel chairs on the go (Ray Todd Stevens)
  Electoral fraud (Tony Finch)
  Risks in inept election fraud (knhaw)
  Yet another e-mail filter effect (Jurjen N.E. Bos)
  Re: Billboard error message (Ben Morphett, Markus Peuhkuri)
  REVIEW: "Fundamentals of Network Security", John E. Canavan (Rob Slade)
  16th Annual Software Engineering Symposium 2001 (Carol Biesecker)
RISKS 21.51  Monday 16 July 2001
  CD-eating fungus amongus (Gary Stock)
  The computer is taking over the train (Hanan Cohen)
  Trains Ain't Planes, it's plain to see (Daniel P Dern)
  Eli Lilly e-mail snafu reveals identities of Prozac users (Jeremy Epstein,
    Allan Noordvyk)
  Brownouts take out computers in Livermore (Fred Cohen)
  Phoenix BIOS phones home? (Merlyn Kline)
  Hacked caller ID? (Alexandre Pechtchanski)
  Anatomy of an Internet scam (NewsScan)
  Who watches the watchdog? (Gary Barnes)
  Autoresponder goes haywire (Joshua M Bieber)
  Auto-banner ads (Mark Richards)
  Microsoft pulls controversial Smart-Tag feature (NewsScan)
  Yearly siren test ... (Marco Frissen)
  4 to 6 *million* votes uncounted in 2000 election (PGN)
  US Voting Systems Standards - available for public comment (Thom Wysong)
  Re: Electoral fraud (David Hedley, Lindsay Marshall)
  Re: WashingtonPost.com real estate database (Tramm Hudson)
  Re: Uncleared disk space and MSVC (John Sullivan, Peter da Silva)
  Re: The risks of clueless marketing (Toby Riddell)
  10th USENIX Security Symposium (Tiffany Peoples)
RISKS 21.52  Tuesday 17 July 2001
  Re: WashingtonPost.com real estate database (PGN)
RISKS 21.53  Thursday 19 July 2001
  Dashboard can fire water at sleepy drivers (John Arundel)
  Polarized sunglasses and car LCD displays don't mix (Henry Baker)
  Missile defense test radar glitch (PGN)
  Historical Risk: KORD, and N-1 Engine Failures (Ami Abraham Silberman)
  Software gives erroneous air navigation reading (Bill Hopkins)
  Even a fatal error can't kill it (Jim Haynes)
  Gaffe gives away minister's secrets (Paul Cornish)
  SSL encryption that isn't (Ron)
  FBI arrests Russian hacker visiting U.S. for alleged DMCA breach
    (Declan McCullagh)
  Savings Bank software upgrade goes awry (Jonathan Kamens)
  Risk when using "Cut and Paste" (Enrique G. Sauer)
  Re: The computer is taking over the train (Mark Lomas)
  Re: Unexpected network congestion: remote consequences of Seti@Home 
    (Eric J. Korpela)
  Re: "It's public data, so why not a public database"? (Geoff Kuenning)
RISKS 21.54  Monday 23 July 2001
  Tunnel fire derails Internet service (NewsScan)
  Calendar software and departed employee (Lawrence Kestenbaum)
  U.S. Tax refund inspires Home Depot snail-mail spam (Dawn Cohen)
  Renewal of digital certificate impeded by secure passphrase (Philip Bragg)
  Security system update leads to insecurity (Bob Van Cleef)
  Did download failures increase Code Red's success? (Scott Renfro)
  "This e-mail doesn't contain any viruses" (Aaro J Koskinen)
  The risks of moving and identity theft (Harry Erwin)
  Concerns for identity theft are often unheeded (Monty Solomon)
  What a gas! (William Paul Fiefer)
  "Know Your Customer" USPS style (Alex Wexelblat)
  US Airways credit-card snafu (Jed Graef)
  Bad domain name? (Gene Wirchenko)
  Banking and Internet broadcast technologies (Daniel Chalef)
  Re: Polarized sunglasses and LCD frustration (Stephen A. Boyd)
  Re: Even a fatal error can't kill it (Phil Anderson)
  Re: SSL encryption that isn't (Jacob Ofir)
  MSN security upgrade forces new e-mail address (Ami A. Silberman)
  ISW-2001 - Call for Participation (Howard Lipson)
RISKS 21.55  Tuesday 31 July 2001
  Oxygen tank kills MRI exam subject (PGN)
  Software is called capable of copying any human voice (PGN)
  Software safeguards prevent Solar Sail from separation? (Stanislav Shalunov)
  Firefighter's phone lines disrupted because of a SMS hoax (Stanislav Meduna)
  New results on WEP (Adi Shamir via Matt Blaze)
  FBI hit with Sircam virus that distributes files on your HD 
    (Declan McCullagh)
  Super-accurate atomic clock hates Sundays (Ken Knowlton)
  Risks of relationships online (Gary Stock)
  Apple DNS Entry hacked (Greg Searle)
  University of Pennsylvania cable cut (Rebecca Mercuri)
  Cell phones overload 911 in Denver (Richard J. Barbalace)
  Qwest Wireless erroneously overbills customers by thousands of dollars 
    (Richard Kaszeta)
  Re: FBI arrests Russian hacker visiting U.S. for alleged DMCA breach 
    (Bill McGonigle)
  More on the risk of moving and identity theft (Harry Erwin)
  REVIEW: Bruce Schneier, "Secrets and Lies: Digital Security in a 
    Networked World (Rob Slade)
RISKS 21.56  Thursday 2 August 2001
  NASA data from 1970s lost due to "forgotten" file format (Aaron Dickey)
  Motorola Stock Drops 99.95%! (Daniel Norton)
  JDS Uniphase quarterly results hacked?  NO! (Dave Isaacs)
  Freeware app to retrieve passwords from Internet Explorer (Lyle H. Gray)
  Totally Hip with spyware (Michael F. Maggard)
  Medical records via e-mail (William Colburn)
  AS IF: draft-ietf-dnsext-ad-is-secure-03.txt (John Gilmore)
  Microsoft's PGP keys don't verify (Brian McWilliams)
  Telling all to the police (Norm deCarteret)
  Identity theft (Jack Holleran)
  Risks of profanity filtering (Paul Bissex)
  Car-door lock remote control activates another car's alarm (Mark Brader)
  S-not-SL (Mike Albaugh)
  Re: MSN security upgrade forces new e-mail address (Robert J. Woodhead)
  No Appleplexy needed (Dave Stringer-Calvert)
  Re: Autoresponder goes haywire (Richard Johnson)
  Re: Erroneous air navigation reading (Mike James)
  Re: Polarized sunglasses and LCD frustration (Chris J Dixon)
RISKS 21.57  Tuesday 7 August 2001
  WEP insecurity (Avi Rubin)
  European Union strives for openness (Stephen A. Boyd)
  WinXP blocks some versions of some programs (B. Elijah Griffin)
  Cyanide for Code Red (Jeremy)
  I am virus generator? (Bob Frankston)
  AT&T Worldnet exposes all user passwords (Una Smith)
  Password changes -- SIGH! (Jim Horning)
  The risks of online order tracking (Darryl Smith)
  Mixing advertising and credit-card activation (Bob Green)
  Techs must report child pornography (Brien Webb)
  Re: Dutch government and virtual child pornography (Christian Reiser)
  Re: Super-accurate atomic clock hates Sundays (Phil Kos)
  What is your area code, really? (Andrew Koenig)
  Online advertising: Fraud, false positives and a novel DOS attack 
    (John O'Connor)
  Re: Even a fatal error can't kill it (Terry Brugger, Joe Thompson, 
    John M. Hayes)
RISKS 21.58  Thursday 9 August 2001
  Half of Norway's banks offline for a week: erroneous keystroke 
    (Nicolai Langfeldt)
  Danish police break "Safeguard" encryption program in tax case 
    (Bo Elkjaer and Jay D. Dyson via Declan McCullagh)
  E-Divorce banned in Singapore (Dave Stringer-Calvert)
  Omron uses GPS to catch a car thief (Monty Solomon)
  Corrupt Michigan cops abuse police database to stalk, harass 
    (Ed Walker via Declan McCullagh)
  OT: rot13, practical uses of (Joe Manfre)
  GA scholarship info exposed (Rachel Slatkin)
  DoCoMo and thttpd: i-mode DDoS attack! (Jef Poskanzer via Dug Song)
  Low-grade cryptography (Gene Wirchenko)
  Automated traffic-camera system has flaws (Dave Kinswa)
  Risks of the Passport Single Signon Protocol (Monty Solomon)
  Hotmail catches Code Red (Brian McWilliams via Dave Farber)
  Toll Road Transponders used to steal food at McDonald's (Arthur Kimes)
  More Adobe plastering (Peter Wayner)
  Re: WinXP blocks some versions of some programs (Michael Loftis)
  Workshop on Trustworthy Elections (David Chaum)
  REVIEW: "Computer Security Handbook", Hutt/Bosworth/Hoyt (Rob Slade)
RISKS 21.59  Friday 10 August 2001  Volume 21 : Issue 59
  Laser eye surgery (Henry Baker)
  "You Can't Hide Those Lying Eyes in Tampa" (Adam Shostack)
  The Internet park bench (Richard Jay Solomon via Dave Farber)
  PDF backward compatibility failures (Marc Auslander)
  A lucrative fiasco (Brian Randell)
  Risks of automatic verification (Geoff Kuenning)
  Possibility of a Warhol Worm: Complete infection in 15 minutes! 
    (Nicholas C. Weaver)
  Adobe clarification on spyware article (Gunar Penikis)
  Danish police: Safeguard Easy not broken; passwords were weak (Bo Elkjaer)
  Re: OT: rot13, practical uses of (Rich Wales)
  Re: Georgia scholarship info exposed (Phil Kos)
  Re: Freeware app to retrieve passwords from Internet Explorer (Marc Roessler)
  Mutual authentication - not! (Michael Bacon)
  Re: What is your area code, really? ((Declan McCullagh)
  Is your phone bill private?  Think again... (Ted Lee)
  Re: Firefighter's phone lines disrupted ... SMS hoax (Stanislav Meduna)
  Caller ID "hack" not a hack at all (William Kucharski)
  ANI is NOT Caller ID (Danny Burstein)
  DoCoMo thttpd is not all.net thttpd (Fred Cohen)
RISKS 21.60  Friday 17 August 2001
  Heart-device recalls (PGN)
  Runway incursions (Andres Zellweger)
  Cingular wireless goes down in heat wave (PGN)
  Swisscom Mobile breaks down for 10 hours (Andre Oppermann)
  Marines face charges in Osprey records falsifications (PGN)
  Woman stalked by Michigan cop via police databases is murdered
    (Declan McCullagh)
  Video crypto standard cracked? (Monty Solomon)
  Free hotel reservations canceled (Steve Bellovin)
  Interstate car tags to be photographed and tracked (Steve Holzworth)
  Hacked caller ID? (Andrew Hilborne)
  Risks of letting MS not-so-Hotmail do your junk filtering... (Michael Loftis)
  GPS-guide in car going nuts? (Martin Schulze)
  The risks of not verifying e-mail addresses (Doug Winter)
  Re: Mixing advertising and credit-card activation (Sam Garst, Joel Garry)
  REVIEW: "The Internet Security Guidebook", Juanita Ellis/Timothy Speed 
    (Rob Slade)
  Dependability and "Open Source" development (Cliff Jones)
  CFP2002: Call for Proposals (Lance J. Hoffman)
RISKS 21.61  Friday 17 August 2001
  Censorship in action: why I don't publish my HDCP results (Niels Ferguson)
  Florida relies on students, not experts (Adam Shostack)
  PDAs increasingly vulnerable to hackers (Monty Solomon)
  Welland Canal Bridge runs into ship (Chris Smith)
  U.S. Web sites fall short of global privacy standards (NewsScan)
  DejaGoogle rides again (Dave Weingart)
  Risks to lose sleep over (Mike Knell)
  Re: AT&T Worldnet exposes all user passwords (Dylan Northrup, Mike Tuffs)
  Telephone "*" codes (Alan Miller)
RISKS 21.62  Saturday 25 August 2001
  Oklahoma whistleblower asked to accept felony conviction (Deborah Weisman)
  Follow-up on Oklahoma whistleblower (PGN)
  Wireless security vulnerabilities (PGN)
  AirSnort! (PGN)
  Kaiser Permanente (identity withheld by request)
  Air Force officer mails confidential information to all cadets (Jim Griffith)
  Re: Avoiding prosecution of the DMCA (David Petrou, Fred Cohen)
  Re: Why I don't publish my HDCP results (Bill Weitze, David Gillett)
  Re: rot13 (Mike Perry)
  Hack the vote? Not in Broward County! (James Paul)
  Re: Runway incursions (Bill Hopkins)
  Code Red 9? Code Crimson (Alistair McDonald)
  AT&T - the computer MUST be right! (Sharon Mech)
  Re: DejaGoogle rides again (Geoffrey Leeming)
  Re: Risks of automated junk/spam filters (AlphaLau)
  Yet another MS Hotmail risk (Kimmo)
  REVIEW: "SSL and TLS", Eric Rescorla (Rob Slade)
  Dependable Systems and Networks DSN-2002 Call for Contributions (Anup Ghosh)
RISKS 21.63  Saturday 1 September 2001
  The Heavens at War: NMD assessed (Pete Mellor)
  SDI chief says system may not be reliable (PGN)
  Federal tax returns missing in Pennsylvania (PGN)
  Hotmail hackable with one line of code (NewsScan)
  Even dead people use Microsoft software (Jeremy Epstein)
  More interesting MS certificates (Stuart Prescott)
  Directory service based on car license plate (Ulf Lindqvist)
  Re: Air Force office mails confidential information ... (Jay D. Dyson)
RISKS 21.64  Saturday 1 September 2001
  Temelin nuclear plant software problem (Pete Mellor)
  Blame the victim: vandalized Web sites may be liable for damages (NewsScan)
  More risks when driving (Martin Cohen)
  Risks of "pre-owned" computers (Nick Brown)
  Microsoft Reader e-books broken (David Farber)
  AOL silently dropping mail (Simon Waters)
  eBay fails to protect email addresses of users (Vassilis Prevelakis)
  Re: Avoiding prosecution of the DMCA (A J Stiles)
  Risks and madness on the BT Cellnet site (Mike Perry)
  Not such an equal opportunity (Bill Lamb)
  Re: Code Red 9? Code Crimson (Bob Frankston)
  Risks of outsourced check verification (Peter Simpson)
  Can't hold room, but can bill (Sandy Antunes)
  Caller ID vs. ANI confusion, again (William Kucharski)
  Re: Mixing advertising and credit-card activation (John Clarke)
  REVIEW: "Information Security Management Handbook", Tipton/Krause (Rob Slade)
RISKS 21.65  Saturday 8 September 2001
  More about Star Wars 2: "Letter from America" (Pete Mellor)
  The Heavens at War: NMD assessed (Leonard Erickson)
  Getting the Facts Out - Announcing "FACT SQUAD" (Lauren Weinstein)
  Citibank ATM network outage (Joshua L. Weinberg)
  France Telecom inadvertent disclosure blamed on "computer error" 
    (Peter Campbell)
  Photo tickets dismissed in San Diego (Jim Griffith)
  Web filter considered harmful (Thomas Roessler)
  Early morning phone call angers citizens (Barry Hurwitz)
  New software lets managers search e-mail (Jonathan Leffler)
  Consumer Reports password policy risks (Bill Bumgarner)
  Norton Personal Firewall (Ben Laurie)
  Solar parking meters are a bad idea in wet Britain (David Mediavilla Ezquibela)
  Sacramento woman denied $2.8 million jackpot (Max)
  Accidental disclosure (Gene Spafford)
  Re: Air Force office mails confidential information (Maj. John Robinson)
RISKS 21.66  Monday 17 September 2001
  11 September 2001 in retrospect (PGN)
RISKS 21.67  Monday 1 October 2001
  Aftermath of 11 September 2001 (PGN)
  GAO reports on terrorism (Monty Solomon)
  Warding off cyberterrorist attacks (NewsScan)
  Hackers face life imprisonment under 'Anti-Terrorism' Act (Monty Solomon)
  Gartner "Nimda Worm shows you can't always patch fast enough" 
    (Alistair McDonald)
  Hacker re-writes Yahoo! news stories (Gary Stock)
  YAHA: Yet Another Hotmail Attack (Alistair McDonald)
  Hackers and others win big in Net casino attacks (Ken Nitz)
  Creator of Kournikova virus gets 150 hours of community service (Abigail)
  "Good Samaritan" hacker pleads guilty to breaking and entering 
    (Declan McCullagh)
  U.S. court shuts down deceptive Web sites (Jim Griffith)
  Report on vulnerabilities of GPS (Joseph Bergin)