Subject: RISKS DIGEST 10.00 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Thus 1 February 1991 Volume 10 : Issue 86 (00) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: SUMMARY OF RISKS VOLUME 10, COLLECTED IN risks-10.00 (1 Jun 90 - 31 Jan 91) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j (where i=1 to 10, j is always TWO digits. Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- RISKS 10.01 1 June 1990 RISKS, Volume 10, and FTPing back issues (PGN) Word Perfect Software Upgrade Crashes Utah Phone System (Bill Kules) Army finds new battlefield system vulnerable to software sabotage (Jon Jacky) Caller*ID illegal in Penn (tim, Keith Bradsher via Jerry Leichter) Denial of service due to switch misconfiguration (Marc Horowitz) Equipment failure or human failure? (Henry Spencer) More on the Steve Jackson Games raid (Walter Milliken, Stephen J. Webb) Mailing list risks (John Chew) ATM range checking (Andy) RISKS 10.02 2 June 1990 Article on A320 in Aeronautique, April 1990 (Pete Mellor) [VERY LONG] RISKS 10.03 3 June 1990 Software development costs delay changes to UK doctors' funding (Ian W Moor) Hacking, Viruses, and UK Law (Pete Mellor) Re: ATM range-checking (Jim Horning) Re: Debate on SJG raid in comp.risks (Chuck Von Rospach, Kee Hinckley, Andy) Risks of moderated newsgroups and COWABUNGA (Nathan K. Meyers) Computer to track down drivers without insurance (Alan Wexelblat) Local solution to caller ID .vs. Privacy problem (Bob Estell) Re: Denial of service due to switch misconfiguration (John R. Levine) What the SJG Cyberpunk Manual Tells You to Do (J. Eric Townsend) Re: Word Perfect Software Upgrade Crashes Utah Phone System (Kyle Jones) RISKS 10.04 4 June 1990 Swiss Supreme Court sets limit to duration of data storage by police (Werner Uhrig) A U.K. View of Early C3 Systems (C.F. Reynolds) Glass cockpits (A320, etc.) (Henry Spencer) Article on A320 in Aeronautique, April 1990 (Jon Livesey) Boeing 747-400 Autothrottle problems (Martyn Thomas) Equipment failure or human failure? (ark, Julian Gomez) Re: Steve Jackson Games (Jim Harkins) Routing tables for private switches (Simson L. Garfinkel) Risks of Caller Identification (David Lesher) More sendmail woes (PGN) RISKS 10.05 6 June 1990 New computerized scoring system fails during Indy 500 (Jaime Villacorte) Nuclear hair-trigger still set (Johnson v. Chain) (Clifford Johnson) Network follies (Tim Shimeall) Re: The A320's attacks of nerves (Danny Cohen) Re: Article on A320 in Aeronautique, April 1990 (Pete Mellor, Atkielski) "Computer to track down drivers without insurance" (SeanF) Another egregious database (Mark Anacker) Risks of Caller Identification (David desJardins) Re: Denial of service due to switch misconfiguration (Larry Kilgallen) Private mail on BBSes... (David Gursky) Re: 2600 article (Henry Spencer) RISKS 10.06 7 June 1990 Bei Mir ist es nicht schoen (PGN) Re: Network follies (Carl Howe) Bitnet FTP-ing of back issues (Paolo Mattiangeli) Risk is in the eye of the beholder? (Dick Wexelblat) Re: The A320's attacks of nerves (Robert Dorsett, Steven Philipson) Re: Article on A320 (Karl Swartz) A320 - The Attacks Continue (Pete Mellor) Re: Private mail on BBSes...(and the A320?) (Pete Mellor) RISKS 10.07 8 June 1990 Europarliamentory software protection deadlock? (Herman J. Woltring) Computer Aids May Hurt in Decision Making (Brad Dolan) Re: Another egregious database (Steven Philipson, Pete Mellor, Edwin Wiles) Re: Risks of Caller Identification (Jeff Johnson) Re: Steven Jackson Games (Jerry Leichter) Glass cockpits (A320, etc.) (Steven Philipson) Stonewalling with computers (Simon Turner) RISKS 10.08 12 June 1990 Liz Taylor and ``secret codes'' (PGN) EEC `IT Security Evaluation Criteria' (Klaus Brunnstein) Re: A 320 article in Aeronautique (Francois Felix Ingrand) 2600 magazine article (Arthur L. Rubin) Self-Replicating Bugs in Floppies (Warren M. McLaughlin) Caller ID neither necessary nor sufficient to prevent crank calls (ark) Whom Caller ID benefits and whom it does not (Peter da Silva) Re: egregious database and `voluntary' data submission (Bill Janssen) Egregious Database Already Exists (William M. Bumgarner) Re: Another egregious database (L.P. Levine) RISKS 10.09 15 June 1990 Slovenly Russian Air Defense (again) (Robert Nagler) UK Hacker Goes To Jail (Anthony Appleyard ... via Robert E. Van Cleef) Programmable parking meters (Kee Hinckley) Re: New computerized scoring system fails during Indy 500 (Dave Horsfall) Re: Caller ID for dealing with anonymous callers (Marc Shannon) Re: Liz Taylor and ``secret codes'' (Randal Schwartz) EEC ITSEC adresses (Klaus Brunnstein) I APOLOGIZE (Danny Cohen) RISKS 10.10 19 June 1990 Risks of using commercial on-line fulltext databases (Peter D. Junger) canopus.stanford.edu goes nova (Joe Dellinger) Re: UK Hacker Goes To Jail (Pete Mellor) Air India votes no confidence in A320 (Andrew Klossner) A320 near-disaster (Gregory Travis via Robert Dorsett) RISKS of computers in medical offices (Arthur L. Rubin) More Space Telescope Problems (Karl Lehenbauer) Invisibly long lines (Wilson H. Bent, Jr.) Water problems (Gene Spafford) RISKS 10.11 25 June 1990 The Risks of Reading RISKS (Keith Dancey, PGN) "Artificial Life" out of control (Nathaniel Borenstein) Update on Alcor/email case (H. K. Henson) "Unbreakable Math Code Finally Broken" (J. A. Brownlee via jbr) A (rather old) risk of new technology (Clive Feather) Risk submitting papers by e-mail! (Jonathan Bowen) Re: The Hubble Telescope (Tony Ozrelic) Re: DEC RA90 disk failures: correction/update (David Keppel) RISKS 10.12 27 June 1990 747-400 computer problems cause excess departure delays (Jon Jacky) Two 747-400 computers fail during landing approach; recall denied (Jon Jacky) Re: The A320's attacks of nerves (Robert L. Smith) Riskier Risks of Reading Risks (Michael Barnett) Re: "Unbreakable Math Code Finally Broken" (Y. Radai) Risks involved in DEC RA90 firmware upgrade procedure (Geoffrey Brunkhorst) Info on carpal tunnel syndrome (Andrea Frankel via Jim Meyering and Werner Uhrig) RISKS 10.13 28 June 1990 The F9 factoring result (Ron Rivest via J.Bidzos/S.Kent/S.Crocker/TMPLee) Risks from using laptops with cellular phones (Jan I Wolitzky) Re: carpal tunnel syndrome (Mike Tanner, Henry Spencer) Re: The Hubble Telescope (Steve Bellovin, Henry Spencer) My A320 "Article" (Gregory Travis) Re: The A320's attacks of nerves (Gimli) (Robert Dorsett, J.G. Mainwaring) Virus experiences in GDR (Klaus Brunnstein) A misdirected letter or Chain mail (Greeny) RISKS 10.14 29 June 1990 RISKS WILL BE ON VACATION (RISKS Forum) Hubble (Dimitri Mihalas via Mark Bartelt) Re: "Unbreakable Math Code Finally Broken" (Richard A. Schumacher) More on the Risks of searching the Lexis fulltext database (Peter D. Junger) Re: info on carpal tunnel syndrome (Terry Kane) RISKS 10.15 26 July 1990 Benefits and Risks of Knowledge-Based Systems (Brian Randell) CB "Traffic Advisory Channel" petition (Mark Draughn via Peter Jones) New Bank Software => Problems (Jeff Johnson) Viper and its Formal Verification (Brian Randell) Cellphone risk to ABS? (Martyn Thomas) Car phones and electronic systems (Tim Duncan) Washington State Ferries slide into home (Joe Dellinger) Pentagon Pizza (Jim Harkins) Logica Code Slows Trident (Mark Smith) GAO slams FAA computer systems (Rodney Hoffman) BMW Drive-by-wire (Rodney Hoffman) British air defense computer suffers a "nervous breakdown" (Walt Thode) British Rail signalling software problem (Pete Mellor) Call for Papers on Testing, Analysis and Verification (Nancy Leveson) RISKS 10.16 31 July 1990 Etalfried Wedd's Loan Authorization (John W. McInroy) Pilots vs. automation (Henry Spencer) Widespread use of computer simulations as evidence in court (Jon Jacky) Oklahoma computer system foulup (Steve Bellovin) Big Brother getting bigger (Clifford Johnson) RISKS of Publicly-conducted Benchmark Demonstrations (Richard Busch) Citibank, ATM, electronic transactions (Melik Isbara) USAF ecm systems: software 2 years late (Martyn Thomas) A320 FADEC Software Diversity?? (Pete Mellor) Hubble problems (Eugene N. Miya) Re: Pentagon Pizza (Henry Spencer) More on carpal tunnel syndrome/RSI (Blake Sobiloff) CTS info requested (Alan Wexelblat) Risk Management in the public sector (Request for info) (Mark A. Yedinak) RISKS 10.17 2 August 1990 A Tough Roach to Ho-Ho Your PC; more on bugs in sendmail (PGN) BMW's 'autopilot' (Chaz Heritage via Richard Busch) SIGSOFT '91, conference on critical systems preliminary announcement (PGN) European Symposium on Research in Computer Security, program (Yves Deswarte) Pilots vs. automation (Bob Sutterfield) Altitude violations and TCAS (Andrew Koenig) Risks of Research vs Errors (Hubble) (Dave Davis) Re: Hubble Trouble (Brinton Cooper, Bryce Nesbitt) RISKS of slanting computer related excerpts (pigeons) (Jay Schmidgall) RISKS 10.18 9 August 1990 Roller Coasters scarier - but safer - than ever (Bob Felderman) Risks of de facto standards (Michael L. Littman) Re: 90% of research experiments fail, Risks of Statistics (Jeremy Grodberg) Re: British Rail signalling software problem (Clive Feather) Re: A Tough Roach ... (David Collier-Brown) RISKS 10.19 10 August 1990 Computers as counterfeiters? (Will Martin) Computer voice recognition monitor for gang members (Rodney Hoffman) U.S.-supplied Saudi air defense software not working (Jon Jacky) Hubble Trouble: `Astonishing' error of about 1 mm (Lauren Weinstein) Re: British Rail signalling software problem (Pete Mellor) Re: "compress" and the Unisys patent (Anonymous) Re: Design for the real world (Robert Biddle) Computer Security Applications Conference (Marshall D. Abrams) RISKS 10.20 14 August 1990 NYC Parking Violations Computer called "Rogue" (Dave Davis) Computer noise linked to stress -- computers vs. women (Allan Meers) Response to Computers as Counterfeiters (Sanford Sherizen) Re: 90% of research experiments fail, Risks of Statistics (Jeremy Grodberg) Freedom to write programs (Richard M. Stallman) Re: Risks of de facto standards (Bernie Cosell) Risks of inflation (Mark Brader) Firing (of[f]) the Fire-Control (anonymous) US Department Of Education --Student Loan Nightmares (Steven Blair) Error blamed on human (!) (Geoff Kuenning) Re: Computer voice recognition monitor for gang members (smv) Virus: cautionary tale (Paul A J) RISKS 10.21 16 August 1990 Space Shuttle O-Rings NOT the real problem (S. Klein) RISKS of preventive maintenance (P.J. Karafiol) Computer-personalized scams (Allan Meers) Compress patent (Richard Stallman, Bill Davidsen, D.E. Sill, Henry Spencer) Credit "doctors" (King Ables) Computerized monitoring of detainees (Will Martin, Paul Shields) Edison and workplace drugs (Gordon Letwin) RISKS 10.22 22 August 1990 Re: NYC Parking Violations Computer ... "Rogue" (Christopher Jewell) Debt collector proposes "total knowlege" credit database (PH) More on Computerized Monitoring of "House Arrest" Detainees (Li Gong) Thailand computer system (Simson L. Garfinkel) A backup that worked (Steve Bellovin) NCSC to be shut down (Dave Curry) How to Lie with Statistics (N H. Cole) Something good about Automatic Bank Tellers (Pete Mellor) 13th National Computer Security Conference, October 1-4, 1990, Washington DC (Jack Holleran) RISKS 10.23 22 August 1990 ATMs act up; software blamed (kjd) Formal Verification of Safety-Critical Systems (Brian Randell) Article on VDT Radiation (Jeff Johnson) Terminally dumb -- substitutions (Tony Scandora) Useful credit-related addresses (Simson L. Garfinkel) Software patent issues (John Bruner) Re: compress (David Paul Hoyt) New Book in Computer Ethics (Perry Morrison) RISKS 10.24 23 August 1990 E-mail lawsuit (Sean) Re: Electronic house arrest units (D. King) Proposed ban on critical computerized systems (Cameron, PGN) Object Code Copyright Implications (Robert Biddle) Discover Card (Brian M. Clapper) Total Knowledge about all individuals (Clifford Johnson, Alan J Rosenthal) Re: Useful credit-related addresses (Henry Mensch) "Rogue Programs: Viruses, Worms, and Trojan Horses" (Gene Spafford) RISKS 10.25 27 August 1990 Justice Department computers vulnerable (Rodney Hoffman) A Step Backward (Interactive Phone Service) (Theodore Lee) How to Lie with Statistics [once again] (Jerry Hollombe) Re: Something good about Automatic Bank Tellers (Jerry Hollombe, Mark Lomas) Re: Electronic house arrest units (Philip L Harshman, Jim Campbell, Amos Shapir, Brinton Cooper, Brian Tompsett, Mike Bell, Willis H. Ware) Re: Object Code Copyright Implications (Willis H. Ware, A. Harry Williams, Lars Poulsen, Gene Spafford) Re: Proposed ban on critical computerized systems (Pete Mellor) Comment on Markoff article on NCSC (Robert H Courtney via Bill Murray) RISKS 10.26 29 August 1990 Stonefish - the software strikes back? (Pete Mellor) Computers at the Campus Bookstore (Gary McClelland) Reverse Engineering - not always a copyright issue (Joe Morris) Re: Electronic house arrest units (Martin Minow) Re: Proposed ban on critical computerized systems (Perry Morrison MATH) Caller ID Discussion List Started (Bruce Klopfenstein) RISKS 10.27 30 August 1990 Lawsuit over specification error (Martyn Thomas) Hacking Illegal in UK - Official! (Pete Mellor) NSA Press Release on NCSC reorganization (Jack Holleran) No computers on Washington State ferries (David B. Benson) Re: Discover Card (Will Martin) Re: proposed ban on critical computerized software (Al Arsenault) RISKS 10.28 31 August 1990 Re: Lawsuit over specification error (Pete Mellor, Martyn Thomas, PM) Computer Unreliability and Social Vulnerability: synopsis (Pete Mellor) Computer Unreliability and Social Vulnerability: critique (Pete Mellor) Copyright Policy (Daniel B Dobkin) Re: Discover Card (Brian M. Clapper, Gordon Keegan) RISKS 10.29 1 September 1990 What is "safety-critical"? (Nancy Leveson) Re: Computer Unreliability and Social Vulnerability (David Gillespie) Risks of selling/buying used computers (Fernando Pereira) Accidental disclosure of non-published telephone number (Peter Jones) RISKS 10.30 4 September 1990 Business Week on High-Tech Amusement Parks (Karl Lehenbauer) Arabian heat causing problems with US weapons computers (Jon Jacky) Re: Stonefish mine (Chaz Heritage via Richard Busch) Flight simulator certification (Henry Spencer) Glass cockpits (Martyn Thomas) "Wild failure modes" in analog systems (Kent Paul Dolan) Faultless Software (Robert L. Smith) Comment on Software Reliability Synopsis (Martin Minow) Database searches and counseling center confidentiality (Derek Beatty) RISKS 10.31 5 September 1990 March 1989 British Rail Train Crash (Brian Randell) Complexity, safety and computers (Martyn Thomas) Software bugs "stay fixed"? (Martyn Thomas) Re: Stonefish mine (Mark Lomas, Bill Davidsen, Bill Ricker) Reply to "Computer Unreliability" Stars vs Selves (Dave Davis) "Wild Failure Modes" in Analog Systems (Jim Hoover, Richard D. Dean, Will Martin, Pete Mellor) RISKS 10.32 6 September 1990 New Roque Imperils Printers (Robert E. Van Cleef) Floating Point Emulation required for Ultrix systems (Dave Wortman) Re: Software bugs "stay fixed"? (Dave Parnas) Re: Wild failure modes and COMPLEXITY (Rochelle Grober) Re: Lawsuit over specification error (Brinton Cooper) Re: Flight simulator certification (Steven Philipson) Re: Lawsuit over simulator specifications (Robert Dorsett) Computers and Safety (Bill Murray) RISKS 10.33 7 September 1990 Critical military computer systems (Clifford Johnson) Complexity, reliability, and meaningless arguments (Nancy Leveson) Re: "Wild Failure Modes" in Analog Systems (Jan Wolitzky) Analog vs Digital Controls (Martin Ewing) Chaos (Peter da Silva) Re: Software bugs "stay fixed"? (Bruce Hamilton, K. M. Sandberg, Andrew Koenig, Michael Tanner) Boot camping (Timothy VanFosson) RISKS 10.34 8 September 1990 Risks of shutdown? (PGN) French prisoners use "smart cards" (Robert Nagler) Instrument Software failure in BAe aircraft (Sean) BMW's 'autopilot' (Michael Snyder) Re: "wild failure modes" in analog systems (Henry Spencer) Re: Dealing with software complexity (Martin Minow) Re: Software bugs "stay fixed"? (Robert L. Smith) Re: Computers and Safety (John (J.G.) Mainwaring) Re: Object Code Copyright Implications (Dan Bernstein, Randall Davis) Re: Accidental Disclosure of non-published phone numbers (Jeff Johnson) RISKS 10.35 10 September 1990 Robustness of RISK architectures (Martin Minow) RISKS of relying on hardcopy printers (Voyager) (Tom Neff) Analog vs digital failure modes and conservation laws (Jerry Leichter) Analog vs digital reliability (Jack Goldberg) Re: Software bugs "stay fixed"? (Tom Neff, Stephen G. Smith, Martyn Thomas) Simulator classification as safety-critical (Martyn Thomas) Re: New Rogue Imperils Printers (Henry Spencer) Re: Postscript virus (Robert Trebor Woodhead) Re: Computers and Safety (Robert Trebor Woodhead) SafetyNet '90 Conference Announcement (Cliff Jones) RISKS 10.36 12 September 1990 Railway Safe Working - large analogue systems (Skillicorn) Re: BMW Heading Control System (A. L. Bangs) Re: Robustness of RISC architectures (Andy Glew, Dave Sill, Andrew Taylor, Henry Spencer, Peter Holzer, Robert Cooper, Dik T. Winter) Re: Computers and Safety (Peter Holzer) Re: Software doesn't wear out? (Bob Estell) Re: Software bugs "stay fixed" (Peter da Silva) RISKS 10.37 13 September 1990 Expert system in the loop (Martyn Thomas) Re: Railway Safe Working - large analogue systems (Dave Parnas) Re: Analog vs digital reliability (Rob Sartin, David Murphy) The need for software certification (John H. Whitehouse) ZIP code correcting software (Richard W. Meyer) Software Bugs "stay fixed"? (Jeff Jacobs) RISKS 10.38 14 September 1990 The Weakest Link (Amos Shapir) Relatively Risky Cars (Martin Burgess) Re: The need for software certification (Theodore Ts'o) Re: Expert System in the loop (Steven Philipson, Brinton Cooper) Re: Computer Unreliability and Social Vulnerability: critique (Dan Schlitt) Large analog systems and NSW railroads (David Benson) Analog vs Digital reliability (Bill Plummer) Re: ZIP code correcting software (Bernard M. Gunther, Dave Katz) RISKS 10.39 18 September 1990 Poetic Justice in a Machine Crash (Andy Glew via Paul Eggert) Re: Expert system in the loop (Clifford Johnson, Peter G. Rose, Jeff Johnson) I'm 99% Sure You're A Crook!!! (mmm) A Nightmare: Security compromise with SUN's C2 package (Caveh Jalali) Another risk of phone systems [anonymous] Desktop Publishing Fraud (Sanford Sherizen) Data cowboys and database abuse - applicant screening (Rodney Hoffman) Inside risks of INSIDE RISKS (PGN) RISKS 10.40 18 September 1990 Software Unreliability and Social Vulnerability (Perry Morrison) DTI/SERC Safety Critical Systems Research Programme (Brian Randell) Canadian Transportation Accident Investigation (Brian Fultz) Risk of Collision (Brian Fultz) Knight reference: `Shapes of bugs' (Pete Mellor) RISKS 10.41 18 September 1990 Software Certification (Michael J. Konopik, Joe Marshall, Jerry Glomph Black, Martyn Thomas, Phil Windley, GaryFostel, Theodore Ts'o) RISKS 10.42 22 September 1990 Arbitration Myths (Peter Denning) Re: Security compromise with SUN's C2 package (Li Gong) Re: Expert system in the loop (Henry Spencer [2], Steven Philipson [2], Walt Thode) Railway Safe Working - large analogue systems (Peter Jones) Re: I'm 99% Sure You're A Crook!!! (Jerry Hollombe) Book suggestion: Apollo, The Race to the Moon (Martin Minow) Re: Knight reference: `Shapes of bugs' (Nancy Leveson) ACM Conference on Critical Issues in Computing (Harold S. Stone) RISKS 10.43 22 September 1990 Certification (Richard Platek, Paul Tomblin, John H. Whitehouse, Alan R Kaminsky, Russell C. Sorber, John H. Whitehouse, Frank Houston, BC Tompsett) Applicability of software curricula (Jeffrey Mogul) Occupational Licensing (Book Review) (Tony Harminc) RISKS 10.44 24 September 1990 Arbitration Myths (Leslie Lamport, Mark S. Day) Overbilled by 6 orders of magnitude (Jeff Johnson) Risks of "automated guided vehicles" (Brad Dolan) Field commanders using UNIX? (Tom Beattie) Expert system in the loop (Matt Jaffe, Clifford Johnson, bahn_pr) Apollo, The Race to the Moon (R.I. Cook) Failed mail ("after 246 days"!) and comment on long header lines (PGN) RISKS 10.45 26 September 1990 Computergate in New Jersey? (Steve Bellovin) Whitehall rebuked for 121 million pound Retail Price Index blunder (Dorothy Graham) Hi-tech advertising (Dave Turner) Students taking exams by remote hookups (PGN) Sun C2 system (Stephanie Zakrzewski) Arbiters (Brian Randell) Re: Expert system in the loop (Amos Shapir, Jim Horning, R Horn) Reliability of the Space Shuttle (Peter da Silva) Illinois Bill (Mark Brader) RISKS 10.46 28 September 1990 Sellers Use Computer Glitch to Buy Illegal Winning Lottery Tickets (Nathaniel Borenstein) Safer to Fly or Drive? (David Levine) Re: Expert system in the loop (Matt Jaffe (2)) Bookkeeping error begs for machine help -- maybe (Jim Purtilo) Re: Hi-tech advertising (Brinton Cooper) Re: Reliability of the Space Shuttle (Chris Jones, Henry Spencer) Automated vehicle guidance systems (Will Martin) Computer 'error' in the British RPI (Chaz Heritage via Richard Busch) RISKS 10.47 4 October 1990 California DMV and their new computer (Cecil Lee (2)) Report of Nat Semi clock chip flaw (Martyn Thomas) BA 747-400 Engine Failure (Martyn Thomas) Novel on corporate computer espionage (Philip Brewer) CERT Advisory - NeXT systems (Edward DeHart) Fair Information Principles (Jeff Johnson) Television rating (nee universal listening) device (Tim Wood) From under a Rock??? (Subliminal message lawsuits) (Ed Hall) Operation Sun Devil invades the InterNet? (Ed Luke via Michael Packer via John M. Chapin) RISKS 10.48 9 October 1990 Global warming or bad hardware? (Bob Campbell) Equinox on A320 (Pete Mellor) Ada and multitasking (Erling Kristiansen) Re: Arbitration Myths (Bernie Cosell) California DMV and Italian publicity (Jon) Government routinely ignores Privacy Act (Clifford Johnson) Computer sound editors are appropriate technology, not deceipt (David A. Honig) Operation Sun Devil invades the InterNet? (Jonathan I. Kamens) Loving Little Egypt - phone freaks (Dick Karpinski) CERT Advisory Update - NeXT Systems (Ed DeHart) RISKS 10.49 11 October 1990 Programmer error kills phones for 30 minutes (John R. Dudeck) Answering Machine Cheats at Phone Tag (Ed McGuire) Discovery misprogrammed (Fernando Pereira) Airliner story (Rich Epstein via Gene Spafford) An IBM interface glitch & RISKS masthead FTP instructions (Lorenzo Strigini) Automobile Computer RISKS - A Real Life Experience (Marc Lewert) Re: BA 747-400 Engine Failure (Jerry Hollombe) Re: Equinox on A320 (Ken Tindell, Henry Spencer) Re: Ada and multitasking (Stephen Tihor, Henry Spencer) RISKS 10.50 15 October 1990 Hackers blackmail UK five banks (Pete Mellor) Equinox on A320 (Robert Dorsett) Re: A320s and Northwest Airlines (Chris Davis) Re: Ada MultiTasking (Chet Laughlin) Re: Expert system in the loop (Randall Davis) Announcement of CPSR annual meeting (Lesley Kalmin) RISKS 10.51 16 October 1990 A Schaching Development in Kasparov-Karpov (anonymous) Software problem contributes to woman's death (Mike Overstreet) Airliner story (Christopher C. Stacy, Richard Neitzel) Re: A320s and Northwest Airlines (Craig A. Finseth) Technophilia-induced problem at Educom? (R. Aminzade) RISKS 10.52 17 October 1990 Re: "Pilot error" and Human Factors (P.F. Spelt) Be careful of what you give away! (M. Freeman) Re: Technophilia-induced problem at Educom? (Benjamin Ellsworth) Passwords and chess (Steve Bellovin) "Expert Systems in the Loop" explained (Martyn Thomas) RISKS 10.53 17 October 1990 Lies, damn lies, and statistics... computer cabin-safety (Robert Dorsett) Ada MultiTasking (Edward V. Berard, Bertrand Meyer, Robert Firth, Ray Diederich, Brian Hanafee) Re: Technophilia-induced problem at Educom? (Miles R. Fidelman) RISKS 10.54 18 October 1990 Flawed computer chip sold for years (Al Stangenberger) The slippery slope of personal identification and tracking (Jerry Leichter) Technology Meets Dog; Dog Wins (Sanford Sherizen) Pilot error and human factors (ark) RISKS 10.55 23 October 1990 Malfunction on Gambling Machine delivers $300,000 Jackpot (John Colville) Risks of Modernization (Chuck Weinstock) Airliner story (Ellen Cherniavsky) Summary of A320 report on W5 (Wayne Hayes) Boeing 777 to use fly by wire (Robert R. Henry) Re: Technology Meets Dog; Dog Wins (Dan Sandin) Stick-up At Banks (Paul Johnson) Re: Kasparov's sealed move (Peter Rice) Computerized cars and ham radio interference (Rich Wales) Programmer error, not language flaw (Stuart Friedberg) RISKS 10.56 29 October 1990 Disabling software by remote control leads to law suit (Jerry Leichter) Cellular phone snooping (Alan Wexelblat) Access to gov't computer files (John Sullivan) DTP and fraud (Robert Slade) Funny Bible update (Paul M Dubuc via Fred Gilham) Re: "Risks of modernization" -- train/pipeline accident ... (Martin Minow, Bill Davidsen, Roy Smith, Peter Amstein) RISKS 10.57 4 November 1990 $6.3 million electric bill (Mark W. Schumann) Drug RISKS to software ?? (Simon Rosenthal) More of what really goes wrong (John Rushby) Automotive electronic engine control failure modes (Dave Davis) Re: Laxness, not modernization, at fault in train wreck (Chuck Weinstock) Train Wreck and Weight Estimates (anonymous) Re: Risks of Modernization (Gerald Stafleu) Re: Access to gov't computer files (Brinton Cooper) Call for papers -- ACM SIGSOFT '91 (Nancy Leveson) RISKS 10.58 4 November 1990 Canadian Auditor-General fears computer sabotage (David Sherman) U.S. Sprint new calling card system (Jim Morton) Chilling Advertisement (Cindy Tittle) Prodigy Censors Users (Dave King) "Expert Systems in the Loop" explained (Randall Davis) Re: Airliner story (Christopher C. Stacy) RISKS 10.59 9 November 1990 "Software fault hits payphones" (Martyn Thomas) Plain paper faxes keep copy of received material (Jan Christiaan van Winkel) Customers limiting programmer access to their systems (Jim Kimble) Student hackers arrested (Dave King) Sprint's new calling card (anonymous) Employer's use of credit reports (Jerry Leichter) Computers lead to greater monopolization? (Jim Griffith) Risks when computers replace humans (Martyn Thomas) Villanova University Computer Ethics course Group Project (J. Gacad et al.) "The Devouring Fungus" at a bookstore near you (Gene Spafford) 4th Annual Computer Virus & Security Conference (Gene Spafford) RISKS 10.60 14 November 1990 Computer Mishap Forces shift in Election Coverage (bahn_pr) Voting electronically from home (revisited) (John Roe) Barclays' security: apologies! (Pete Mellor) Juicy 911 RISKS (Steve Smaha) Re: UK Software Engineer Certification (Brian Tompsett) Software Protection Tool (Dave Erstad) Sprint's voice-card system (Steve Elias, Jerry Glomph Black) Re: Carbons (Douglas W. Jones) Your Flood Stories, Please (Lindsay F. Marshall) Corrected version of Virus Conf announcement (Gene Spafford) RISKS 10.61 16 November 1990 Police technology; mailing list hyperstacks (Lotus) (Jerry Leichter) Privacy concerns about Lotus "Marketplace" (Jeff E. Nelson, Rick Noah Zucker) Kuwaiti citizen database (Jonathan Leech) Gas pump inaccuracies? (Paul Schmidt) "It's the computer's fault" (Andrew Klossner) Re: Voting electronically from home (Li Gong, Frank Hage, Dan Sandin) Re: Computer Mishap Forces shift in Election Coverage (Tom Perrine) Election coverage software (Gary Cattarin) Re: Juicy 911 RISKS (Amos Shapir) Ada Remarks (Paul Murdock) RISKS 10.62 19 November 1990 Playboy jammer who jammed Hefner's 'jamas gets jammed (PGN) Telephone cable cut eliminates O'Hare tower communications (Richard I. Cook) Tomatoed 911 (Rob Boudrie) Computer-Aided Gerrymandering (Steve Summit) GOES mirror problems caused by oversimplified analysis (Henry Spencer) Re: Privacy concerns about new Lotus "Marketplace" product (Dan Aronson) AFCEA's 2nd Annual Military / Government Computing Conf/Exp (Jack Holleran) RISKS 10.63 21 November 1990 Lotus Marketplace cont'd (Marc Rotenberg, Eric Dittman) Insurance Perfidy (Sharon Cregier) [anonymous] author identifies anonymous referee (anonymous) Reuters Holdings PLC and shouldering the blame? (Sameer Mithal, PGN abstracting) MD-11 test flights over the pole (Henry Spencer) Soc.Sec.No. on Driver's Lic. in Mass. (William Ricker) Tomatoed 911 (Tim Steele) RISKS 10.64 21 November 1990 Re: Voting from home electronically (Alan Jeffrey, Steve Bellovin, Brad Templeton, Henry Spencer, Peter da Silva, P.J. Karafiol, Barbara Simons, Joseph R. Beckenbach, Alan Marcum, K.M. Sandberg, Chris Maltby, R. Simkin, Flint Pellett) Re: Election coverage software (Gregory G. Woodbury) RISKS 10.65 6 December 1990 A fondness for turkeys (Pete Mellor) Heads-up "Holograms" of Runways to assist in landings? (Richard Wood) Airline safety (John Sullivan) As the spacecraft turn (Steve Bellovin) NeXT microphone problem? (E. Loren Buhle, Jr.) Risks of global networking (Hank Nussbacher) Technological Risk, by H.W. Lewis (Jake Livni) Hackers Accessed NASA's Phones (anonymous) Hacker view of the "Legion of Doom" sentencing in Atlanta (EmmanuelGoldstein) RISKS 10.66 7 December 1990 COMPUTERS AT RISK: Safe Computing in the Information Age (Marjory Blumenthal) COMPUTERS UNDER ATTACK (Peter Denning) Re: ``Hackers Accessed NASA's Phones'' (Jerry Hollombe) Responses to article on "Legion of Doom" sentencing (Gary Cattarin, King Ables, Brinton Cooper, Mark E. Levy) RISKS 10.67 7 December 1990 Airline safety (Donald A Norman) Voter identity and Dial-A-Vote (Lauren Weinstein, Glen Overby, Paul Peters, Andrew Klossner, Dan Sandin, Frank Kuiper, Adams Douglas) "Little pitchers have big ears": yet another ATM RISK (zowie) Billing software wastes money (Phil R.M.) RISKS 10.68 14 December 1990 Recent RISKS Mail to CSL.SRI.COM (PGN) Many Bills Are Found Incorrect on Adjustable Rate Mortgages (Saul Tannenbaum) Loughborough (Rob Thirlby via Brian Randell) Gender and computer anxiety (Rob Gross) Computerized USA Phone Directory (Allan Meers) Getting out of Lotus' "Household Marketplace" (TDN) Re: a fondness for turkeys (Haynes) Call for Papers - 14th National Computer Security Conference (Jack Holleran) RISKS 10.69 18 December 1990 "Computer Models Leave U.S. Leaders Sure of Victory" (Jon Jacky) Re: Airline safety (Jim Rees) The Incredible Lightness of Reference (Jerry Leichter) Unexpected effects of PC's (Jerry Leichter) Long-distance printing, or the risks of being well-known (Jerry Leichter) Covert communication through public databases (Larry Hunter) RISKS 10.70 18 December 1990 Telephone Voting (Bill Murray) Voting Technology (William W. Plummer) Re: Hacked NASA phones (Barton Christopher Massey) Re: "Legion of Doom" (Irving Wolfe, Mike Black) Computer Virus as Military/Political Weapon? (Sanford Sherizen) Request for Info on Undergraduate Computer Security Classes (Al Arsenault) RISKS 10.71 19 December 1990 Re: "Computer Models Leave U.S. Leaders Sure of Victory" (Marcus J. Ranum, Karl Lehenbauer, Bob Estell) Compass Airlines disrupted by possible computer attack (Sarge) Punny user interface [anonymous] Process control risks discussed in IEEE Software (Andy Oram) Unexpected effects of PC's (P.J. Karafiol, ark) Missing reference (Jerry Leichter) A semi-folk tale on the risks of being well-known (Daniel P Dern) Re: the risks of being well known (Scott Schwartz) Re: Organizational Aspects of Safety (Charlie Martin) RISKS 10.72 19 December 1990 Re: Computer Models Leave U.S. Leaders Sure of Victory (Richard Schroeppel) Re: Voting Technology ... (Brian Rice, Jerry Leichter, Michael J. Chinni, Lauren Weinstein) Re: Legion of Doom (John Boyd, K. M. Sandberg, Brendan Kehoe) Value of data integrity (Mahan Stephen) RISKS 10.73 21 December 1990 HERO - Hazard of Electromagnetic Radiation to Ordnance (Rodney Hoffman) Washington (state) E-mail Privacy Suit (Peter Marshall) Re: Process control risks discussed in IEEE Software (Nancy Leveson) Re: "Computer Models Leave U.S. Leaders Sure of Victory" ... (P.G. Capek, Jerry Hollombe, Neil Galarneau) Risks of Automated Collections and a Happy Ending (L.J. Hoffman) Re: The topic that wouldn't die: telephone voting (Gregory G. Woodbury) RISKS 10.74 3 January 1991 Vicious elevator door failure recovery (Curtis Jackson) Dehumanization by old Cobol programs; how to get more junk mail (Darrell Long) Computer data putting history out of reach (Jay Elinsky) Re: Computer Age Causes Key U.S. Data To Be Lost Forever (Joe A. Brownlee) Re: computer "warfare" (John Abolins) Re: "Computer Models Leave U.S. Leaders Sure of Victory"... (Jeff Griffen, David Holland, John C Slimick, David Wright) Trojan in MS-DOS 4.01? (John Chapman Flack) Re: Organizational Aspects of Safety (Nick Szabo) A RISKy video store kiosk (R. Aminizade) Call for papers, VDM '91 (Hans Toetenel) RISKS 10.75 7 January 1991 NY area fiber-optic telephone cable severed; extensive effects (PGN) British military information stolen (Charles Bryant) Wargames and Reality (Robert Firth) Re: Vicious elevators (Tom Lane, Mark Brader, Roland G. Ouellette, Jake Livni) Re: Dehumanization by old Cobol programs (Karen Ward) Re: "Computer Models Leave U.S. Leaders Sure of Victory" (Henry Spencer) Re: "Computer Age Causes Key U.S. Data To Be Lost Forever" (Rick Smith) Re: "Little pitchers have big ears": ATM Risk (Michael McKay) Cars and Automation [again] (Balakumar) RISKS 10.76 9 January 1991 Suit says Nissan Fired 2 After reading e-mail (Rodney Hoffman) Email flash from the past (Paul Eggert) Re: Cars and Automation: Yes, a computer problem! (Gregory G. Woodbury) Another train crash in London (Olivier M.J. Crepin-Leblond) Re: NY area fiber-optic telephone cable severed (Tony Scandora) Re: Vicious elevator door failure recovery (David Magnay, Olivier M.J. Crepin-Leblond, Michael J. Chinni, Russell McFatter) Journal of Computer Security, Call for papers (Sushil Jajodia) RISKS 10.77 11 January 1991 Computer program gives police a bum rap (David A Smallberg) Unusual distance metric could waste consumers' time and gas (David A Smallberg) Computers Stolen in the USSR (Sanford Sherizen) Re: British military information stolen (Stephen Carter) Vicious Subway Cars (Ed Ravin) Vicious Doors on London Underground/Network South-East (Pete Mellor) Defence of British Rail/Network SouthEast (David Green) RISKS of computer-assisted emergency dispatch systems (Ed Ravin) 2nd IFIP Dependable Computing Conference (Rick Schlichting) First Conference on Computers, Freedom & Privacy (Dorothy Denning) RISKS 10.78 22 January 1991 (No) Viruses in Iraq's EXOCET? (Klaus Brunnstein) Risks of NOT believing war game models (Bob Estell) Re: MoD computer stolen in UK (Olivier M.J. Crepin-Leblond) Re: Computer program gives police a bum rap (William H. Glass) Voting by Phone (Evan Ravitz, PGN) (More) word processor atrocities (Pete Mellor) RISKS 10.79 23 January 1991 Lotus Marketplace (various sources) UK firms poor on computer health (Olivier M.J. Crepin-Leblond) Data privacy abuse in Australia (Phil Clark) MasterCard policy opens door to crooks (Marv Westrom) RISKS 10.80 25 January 1991 7th Chaos Computer Congress, Hamburg, 27-29 Dec 1990 (Klaus Brunnstein) San Francisco taxes its computer people rather than its property owners (PGN) Not risk versus convenience, but risks of conveniences (Jack Campin) [Loo-Hoo!] Re: Computer program gives police a bum rap (Mark Hull-Richter) Re: Lotus Marketplace (Richard A. Schumacher) MasterCard policy opens door to crooks (Steve Pozgaj, anonymous) RISKS 10.81 28 January 1991 Risks in forensic use of dental and medical records (Sanford Sherizen) Kinking Foreign-sold Military Equipment (Karl Lehenbauer) Patriot missiles (Phil Agre) Electronic cash completely replacing cash (David 'Witt') Re: San Francisco taxes its computer people ... (Bill Davidsen) Re: Random Voting IDs and Bogus Votes (Vote by Phone) (Li Gong, Kathy Vincent) Re: Lotus Marketplace (Samuel Bates) Re: Superloo (Lars-Henrik Eriksson) RISKS 10.82 29 January 1991 Re: Patriots: SDI, etc. (Dave Parnas, Nathaniel Borenstein, Phil R. Karn, Hans Mulder) Re: Patriots and electronic cash (Karl Kluge) Re: Electronic cash completely (David Lamb, Larry Nathanson, Randal L. Schwartz, K. M. Sandberg, Peter da Silva, Richard A. Keeney) RISKS 10.83 29 January 1991 Risks of automatic flight (flying at low level) (Olivier M.J. Crepin-Leblond) Broadcast local area networks are a'comin (Tom Lane) Re: Risks in forensic use of dental and medical records (Jim Purtilo) Re: Patriots (Clifford Johnson, Donald L. Wegeng) Re: Random Voting IDs and Bogus Votes (Raymond Chen, Colin Plumb) Call for Papers, 7th Computer Security Applications Conference (Daniel Faigin) Call for papers, Theorem provers in circuit design (Victoria Stavridou) RISKS 10.84 30 January 1991 It's not always pilot error" - Official! (Pete Mellor) IRS overbills for $1B interest (PGN) Re: Patriots (Dave Parnas) Re: Risks of automatic flight (flying at low level) (Brinton Cooper) Automated brokerage service (Kent M Pitman) Re: Broadcast local area networks are a'comin (Brinton Cooper, P.J. Karafiol) Re: Electronic cash (Bob Stratton, Rick Smith, Stephen Perelgut, Art Medlar, who-news?, Ed Ravin, Leslie DeGroff) RISKS 10.85 31 January 1991 Benefits of Computers, Valentine's Day Edition (Jay Elinsky) Re: Auto Pilot Problems (David B. Horvath) Re: Risks of automatic flight (Gordon D. Wishon) Re: Patriots (Alex Bangs, Jerry Leichter, Martyn Thomas, Henry Spencer, Frank Ritter, David B. Horvath) Re: Broadcast local area networks are a'comin (Russ Housley, Frank Letts, Rich Rosenbaum, Ian Clements) RISKS 10.86 1 February 1991 SUMMARY OF RISKS VOLUME 10, COLLECTED IN risks-10.00 (1 Jun 90 - 31 Jan 91) ------------------------------ End of RISKS-FORUM Digest 10.86 ************************