Copyright 2005, Peter G. Neumann, SRI International EL243, Menlo Park CA 94025-3493 (e-mail Neumann@csl.sri.com; http://www.CSL.sri.com/neumann; telephone 1-650-859-2375; fax 1-650-859-2844): Editor, ACM SIGSOFT Software Engineering Notes, 1976-93, Assoc.Ed., 1994-; Chairman, ACM Committee on Computers and Public Policy (CCPP); Moderator of the Risks Forum (comp.risks); cofounder with Lauren Weinstein of People For Internet Responsibility (http://www.pfir.org).

Contents

This list summarizes items that have appeared in the Internet Risks Forum Digest (RISKS) - which I moderate (comp.risks newsgroup) - and/or published ACM SIGSOFT Software Engineering Notes (SEN). In this collection of mostly one-liner summaries, (R i j) denotes RISKS volume i issue j; (S vol no:page) denotes an issue of SEN, where there has been one volume per year, with vol 28 being the year 2003; page numbers are given regularly from 1993 on; (SAC vol no) indicates an item in the quarterly SIGSAC Security and Control Review, where vol 16 is 1998, which was the final volume. The RISKS-relevant SEN material prior to 1995 is summarized in my Computer-Related Risks book (see below). SEN material is now being brought on-line by Will Tracz: http://www.acm.org/sigsoft

Some incidents are well documented, while others need further study. A few are of questionable authenticity, and are noted as such ("bogus???"). Please send me corrections and new cases, along with suitable references. This document is updated at least quarterly and is browsable on-line (ftp://ftp.CSL.sri.com/neumann/illustrative.html courtesy of Otfried Cheong's Hyperlatex). [Hyperlatex is wonderful Free Software:
http://www.cs.uul.nl/~otfried/Hyperlatex).] This document is also printable in a two-column 8-point format (illustrative.pdf and illustrative.ps).

SEN regular issues, by year, volume&number 
..1976,vol 1: #1 = May; #2 = Oct
  ==================================
..year 1977 78 79 80 81 82 83 84 85 
  volume  2  3  4  5  6  7  8  9 10 
  ---------------------------------
  Jan    #1  1  1  1  1  1  1  1  1 
  Apr    #3  2  2  2  2  2  2  2  2 
  Jul    #4  3  3  3  3  3  3  4  3 
  Oct    #5  4  4  4  5  4  5  5  5 
  ==================================
..year 1986 87 88 89 90 91 92 93 94 
  volume 11 12 13 14 15 16 17 18 19 
  ---------------------------------
  Jan    #1  1  1  1  1  1  1  1  1 
  Apr    #2  2  2  2  2  2  2  2  2 
  Jul    #3  3  3  5  3  3  3  3  3 
  Oct    #5  5  4  6  5  4  4  4  4 
  ==================================
..1995,vol20: #1=Jan; 2=Apr; 3=Jul; 5=Dec
..1996,vol21: #1=Jan; 2=Mar; 4=Jul; 5=Sep
..1997,vol22: #1=Jan; 2=Mar; 4=Jul; 5=Sep
..1998,vol23: #1=Jan; 3=May; 4=Jul; 5=Sep
..1999,vol24: #1=Jan; 3=May; 4=Jul
..2000,vol25: #1=Jan; 2=Mar; 3=May; 4=Jul 
..2001,vol26: #1=Jan; 2=Mar; 4=Jul; 6=Nov
..2002,vol27: #1=Jan; 2=Mar; 3=May; 5=Sep
..2003,vol28: #2=Mar; 3=May; 4=Jul; 6=Nov
..2004,vol29: #2=Mar; 3=May; 5=Sep
..2005,vol30: #1=Jan; 2=Mar; 3=May; 4=Jul; 6=Nov

Read the Risks Forum as comp.risks if you can, or send e-mail to risks-request@csl.sri.com for a subscription, single text line "subscribe" (append desired address only if not your From: address), or "info" for info. Send contributions to risks@CSL.sri.com. Archives are available at http://www.risks.org, which redirects to Lindsay Marshall's Web site at Newcastle http://catless.ncl.ac.uk/Risks/, including a nice search facility. Specific issues can be read directly as http://catless.ncl.ac.uk/Risks/I.J.html [where I=volume#, J=issue#]. SRI's archive is at ftp://ftp.sri.com/risks or by "ftp ftp.sri.com", "login anonymous", "cd risks" (which gets the "dir" for the current volume, and "cd i" then gets you into the subdirectory for noncurrent volume i). An Australian mirror is at http://the.wiretapped.net/security/textfiles/risks-digest/. "Inside Risks" distills some of the discussion into a monthly inside-back-cover column in the Communications of the ACM. The list of columns to date is given at the end of this document.

My book (Peter G. Neumann, Computer-Related Risks, Addison-Wesley (ISBN 0-201-55805-X) and ACM Press (ACM Order 704943), 1995) summarizes many of these cases and provides additional analysis. (A few errata for the first three printings are on my Web page, noted above.) Most of the (S vol no) items listed below for no < 20 are discussed in the book; more recent items generally include the relevant on-line (R i j) references. If you cannot find the book in a bookstore, it is on amazon.com, or call A-W within the U.S. at 1-800-822-6339 - or if you are outside of the U.S., 1-617-944-3770 and ask for International Orders. The book is now also available in Japanese (ISBN 4-89471-141-9). Instead of trying to produce a second edition in the face of a massive influx of new RISKS cases, the fourth and fifth printings of the book gives the URL for the Addison-Wesley Web site (http:www.awl.com/cseng/titles/ISBN-0-201-55805-X/), which includes the first chapter of the book and an extended preface. That Web site and my own contain further material that would otherwise have gone into the second edition.

Henry Petroski (among others) has noted that we rarely learn from our successes, and must learn more from our failures. The collection of cases cited here provides rich opportunities for reflection that could help us to avoid similar problems in the future. Unfortunately, it also demonstrates that the same types of mistakes tend to recur, over and over...

SEN and RISKS also consider approaches for developing better computer systems, e.g., safer, more reliable, more secure, fewer cost and schedule overruns, etc. There are many approaches to developing sound systems; none is guaranteed. Whereas the emphasis in the following list is on problems rather than on would-be solutions, the pervasive nature of the problems suggests that techniques for the effective development and operation of computer-related systems are frequently ignored. Worse yet, even ideal systems can result in serious risks, through unanticipated technological problems or human foibles. We include here primarily cases that have been publically reported, although we know of various additional cases whose existence for one reason or another has not seen the light of day. A few successes are also included, although the failures seem to predominate. We are always interested in hearing more about successes. Although I receive occasional complaints about the preponderance of failures in RISKS, there appear to be very few real successes. Perhaps not enough folks are heeding some of the advice that you can gather from RISKS and that are distilled in Computer-Related Risks.

Descriptor Symbols

! = Loss of life/lives; * = Potentially life-critical or safety problem

V = Overall system or subsystem surViVability problems (with respect to diVerse adVersities, including attacks and malfunctions). Startlingly many cases fit this category; many V-unflagged cases also represent failures to continue performing properly, or delays, or other cases of misuse that could have led to much more serious survivability problems.

$ = Loss of resources, primarily financial

S = Security/integrity/misuse problem; P = Privacy/rights abuse or concern

H = Intentional Human misuse (e.g., user-administrator-operator-penetrator)

h = Accidental Human misuse or other inadvertence

a = Event attributed to animal(s)

I = Insider; O = Outsider; A = Inadequate Authentication, Access control, or Accountability

d = System Development problems

e = Improper Evolution/maintenance/upgrade. (H,h,i,f,d,e involve human foibles.)

r = Problems with Requirements for system or operation (including the overall system concept)

f = Flaws (or Features in design, or hardware/software implementation)

i = MisInterpretation/confusion/human errors at a man-system Interface; documentation problems

m = Hardware Malfunction attributable to system deficiencies, the physical environment, acts of God, etc.

M = Malfunction specifically due to electronic or other interference

+ = Beneficial; - = problematic with none of the above categories

@ = This item is also listed in another category

1 Collected Items Listed by Categories

1.1 Recent yet-to-be-merged items

*SM UK trials of GPS controlled car speeds (R 21 22-23)

V(m/f?) Canadian grocery chain Sobeys' software crash lasts 5 days (R 21 22)

Vf University of Washington server crash leaves thousands of students unable to register for classes (R 22 38)

i Risks of not-quite-identical keyboard layouts (R 21 26)

$h United Airlines Web site for one hour accidentally offered SFO-Paris round trips for cost of taxes and fees only (roughly $30 instead of $300) (R 21 24-25)

f Japanese modem misdialing seemingly at random in pulse-dial mode (R 21 25)

eh EoExchange shuts down free ad-supported services without warning; customer data lost (R 21 32)

i PC virtual-parrot squawks confuse firemen (S 26 6:10, R 21 46)

f Cable theft results in network congestion when Seti@Home screen savers are unable to access Seti servers (R 21 48,53)

fe Carefully planned seamless British Telecom BT SurfTime upgrade seemed very seamy, with premature cancellation of old service (R 21 44)

hie Risks in MacOS 10.2.4 update and httpd.conf replacement (R 22 56)

$fe UK magistrates courts staff upgrade failure requires two sets of systems instead of one, and a huge windfall for the deficient contractor (R 21 59)

fe Adobe Acrobat 5.0 pdf upgrade not backward compatible (R 21 59)

e NASA data from 1970s lost due to "forgotten" file format (R 21 56)

f California DMV sorting machine sends licenses to wrong people; 8-year-old sorting machine blamed (R 21 39)

* IBM auto dashboard system can shoot water at drivers not answering questions properly (R 21 53)

he Half of Norway's banks offline for a week: erroneous keystroke in EDB Fellesdata AS upgrade wiped out entire data warehouse instead of merely initializing 280 new disks (R 21 58)

+ OnStar GPS computer reports accident, pinpoints hit-and-run driver (R 21 46)

f* Polarized sunglasses mask LCD displays (R 21 53,54,56)

f False fatal-error report on completed atomic transaction (R 21 53,54,57)

mh Fiber cut takes out network connectivity within U. Pennsylvania (R 21 55)

i Another autoresponder loop (R 21 51,56)

$fhe Euro computer cutover risks (R 21 40)

f$ Payday delayed by one day in Belgium; once-in-five-year glitch (R 21 45)

h JDS Uniphase bad quarterly results report allegedly hacked, halting trading - but it turned out the report was Web-posted prematurely! (R 21 56)

eHS Beware of free URL-forwarding services (R 21 47)

di Custom system risk: dead men produce no documentation (R 21 47)

$h 40,000 federal tax returns and $800M payments missing at Mellon Bank processing center (R 21 63)

$fe Canada Post bills $310 million for 9 recent parcels allegedly dated from 1906 to 1928, resulting from merger of 60 different databases (R 21 50)

$f US Airways credit-card snafu: double billing due to known "programming error" (R 21 54)

$f Qwest Wireless erroneously overbills customers by thousands of dollars; one bill was for $57,346.20 (R 21 55)

$m CD-eating geotrichum fungus amongus (R 21 51)

? Singapore bans divorce by SMS (short-text messaging between cell phones), overruling Muslim authorities, after 16 divorces Apr to Jun 2001 (R 21 58)

$ Chinese divorce: fight over online Mir 2 game account characters and virtual items worth over 40,000 Yuan (R 23 93)

- Chinese Internet blind date turns out to be married couple; big spat when they finally rendezvoused! (R 21 55)

$fh New British solar parking meters give free parking in bad weather, when installed under trees, etc. (R 21 65)

$H Judge tosses out red-light camera tickets because contractor had incentives to increase the number of citations (R 21 65)

fi Poor car-wash control interface design (R 21 77)

!hi Military intelligence at its best? "As a pilot, I can do everything perfectly with a perfect weapon system, and still cannot account for every weapon going exactly where it's supposed to go." U.S. Rear Admiral John Stufflebeem was responding to the deaths of three U.S. soldiers in Afghanistan after yet another bomb went astray. (S 27 2:5, R 21 82)

he Stupid defaults in database conversion cause propane runout (S 27 2:5, R 21 89)

e Mistranslated fields and changed defaults create problems in database conversion for propane company changeover (R 21 89)

*hi(VSP also) Sometimes high-tech isn't better: discussion of doctors' dependence on computers (Laura S. Tinnel, S 27 2:5, R 21 84)

$f Japanese Yohkoh satellite loses control due to annular eclipse during invisible-orbit out-of-sight period, draining batteries; recovery possible but not clear (R 21 85)

Vm Durham NC water line break closes 911 center and police department (R 21 89)

Vf(SH?) Dutch royal chat session failed on apparent overload (R 21 89)

$f Automated debit of $21,000 on water bill: "There's nothing we can do to stop it." (R 21 87)

fi Excel cut-and-paste glitch (R 21 88) +/-? Largest prime number: Mersenne prime, 4,053,946 digits: 2^13,466,917-1; found with 130,000 volunteer participants (R 21 82-83)

??? 100:1 lossless compression hype sounds like oil (R 21 87)

h Euro cutover risks: lots of screw-ups, wrong currencies, etc. (R 21 84,86,87); Luton schoolboy profits from ATM giving 1.6£to the Euro, rather than the reverse (R 21 86)

$f UK NatWest bank turns debits into virtual credits in Quicken and MS Money .OFX format (R 21 81)

$hf Grocery self-checkout risks: duplicate charges (R 21 81)

$f Automated bus pass kiosk denies authorization but debits: previous customer's authorization screen image displayed (R 21 81)

hV Outsourcing of upgrade to automated system knocks out Australian Bureau of Statistics (R 21 90)

f Johns Hopkins researchers announced the "color of the universe" based on a weighted average of the electromagnetic frequency of emissions from all galaxies in the observable universe: it's turquoise; after discovering a software glitch, no, it's really beige (R 21 98); no, because of an algorithm error, it's really salmon (R 22 02); could there be a pot of gold at the end of the rainbow for the culler of colors?

$fe More on PayPal problems: IPO prospectus, flaws, upgrade difficulties, fraud reported, fraud holds, merchant views (R 21 92,94,98) Paypal meets the Patriot Act: eBay accused of facilitating Internet gambling, eBay rebuts (R 22 67,69; S 28 4:9-10)

$SH $1M eBay fraud scams 1000 victims for $1000 each for nonexistent laptops (R 22 77)

Vm Disk crash destroys on-line law-enforcement mug shots in Macomb County, Michigan; no backup other than some hardcopy photos! (R 22 08)

Vhie 50,000 Idaho court records erased during upgrade; no viable backup (R 22 60)

$(m/f?)V Crash of critical legacy system costs Comair $20 million (R 23 87)

V(f/m?) Year 2000 crash destroys WashDC maintenance database of 5000 trees destined for removal, causing serious subsequent problems (R 22 08)

+? Dutch city implanting chips to monitor tree health (R 22 10)

Si Risks of deceptive characters in URLs: Rob Graham (R 21 89), and note on Gabrilovich/Gontmakher's Inside Risks column on The Homograph Attack, with look-alike characters in different languages Comm.ACM 45, 2, Feb 2002 (R 21 89); confusion among lowercase L, uppercase I, number 1 (R 21 91-93); lloyds vs llyods and domain protections (R 22 11, correction R 22 12)

Shi Risks of ordinary GUI "pop-up" windows: hidden spoofing (R 23 46,49; S 30 1:13)

Risks of Unicode and WSIWYG interpreting addresses: lookalike Japanese and English modes (S 27 3:8-9:, R 21 96)

fi Undesired text alterations: Microsoft Outlook appropriates the word "begin" to denote uuencoded text; recommended solution is not to start messages with the word "begin" (R 21 90); .Net violates English rules (R 21 91); search engines give wrong site, altering punctuation (R 21 91); OCR scanning alterations as well (R 21 92); UK Waitrose strips apostrophes from message content (R 21 92) and perhaps is using SQL? (R 21 93); BAD! in Perl, apostrophes are string delimiters (R 21 93); some Web forms reject addresses containing a plus sign (R 21 93)

SV Dutch royal chat session failed; intended for 100 selected citizens, and using a site designed for tens of thousands of users, the site reportedly received 3 billion hits (which seems implausible)! (R 21 89)

e Time runs out for BBC's Domesday time-capsule discs: media unreadable (R 21 93)

$i Australian man racked up A$22,000 in fines on Melbourne toll road, not having updated his address, and not having acquired a transponder (R 21 93)

$(f?h?) Seattle City light billing disputes (R 22 05)

(f?) Two unsolved telephone mysteries: unattended mobile phone calls home, and replicated phone bills; software faults? (R 22 08-10)

$h E-commerce Web site mistakenly listed low price for Kodak cameras; automatic response constituted acceptance of sale (R 21 90);

$hi PC mail-order price typo cost Marubeni over $2 million; company honored the error (R 23 02)

$ Buy.com mispriced a monitor; automated price search promises lowest price; (R 20 21)

h (but blamed on computer) Argos retail offered Sony Nicam TV for 3£ instead of 300£ (R 20 57)

$(hi?) Oops! US Air round trip for $1.86 (R 23 85)

$h Huge $25 airfare bargains from United Airline's Web site (R 22 10)

$h Compaq issues refunds for one-cent PCs after canceling the erroneous promotion (R 22 08)

$hi Self-service gas station loses money due inadvertent low pricing: $.19/gallon instead of $1.83/gallon (R 23 72)

$hi Candy machine non-atomic transaction punishes the quick-thinking (R 22 08-10); a related story (R 22 10)

* China bans toxic American junk: computers, TVs, copy machines, etc. (R 22 14)

$ No more JPEGs: ISO to withdraw image standard in infringement case (R 22 18)

$ef Boston Big Dig overruns $1 billion (R 22 55; correction 22 56)

*m Sentinel Fire Mapping tool for Australian fire location overloaded by heavy demand by nonemergency users (R 22 58)

mef IBM's DB2 blamed for Danish banking crisis (R 22 68; S 28 4:6)

i Risks of misquoting Google hit counts (R 22 72)

ai$ Turtle tangled in discarded beacon triggers Coast Guard massive search and rescue effort (R 22 70)

f?h? Kellogg's American Airlines online sweepstakes: thousands of nonwinners erroneously notified of winning (R 22 71)

- The Googlewashing of our language: Risks of trusting Google? (R 22 67)

m?f?h? Database crash loses names of Canadians in nationwide firearms registry (R 22 77, S 28 6:9)

f Verizon's error sends customers to Massachusetts adult phone line (R 22 84)

fmV GenCon conference registration woes blamed on computer network (R 22 84)

f Guardian crossword puzzle unable to handle numbers! (R 22 82)

i(-$) Cingular sends final bill for -$3.36 after refund check, threatening late fee (R 22 88)

m Eurofighter Typhoon brake fault (R 23 02; S 29 2:9)

f FAA warns of FlightLogic EFIS system fault (R 23 12; S 29 2:9)

defm Houston 911 system prone to crashes (R 22 92; S 29 2:10)

$drfh UK MoD scraps £130-million inventory management system (R 23 05; S 29 2:10)

Sdfi Computer virus freezes 21 VMS York car park displays tracking empty spaces; one system showed 349 spaces instead of none; mass chaos (R 22 92; S 29 2:10)

$df Messed-up test run gives erroneous deposits on outsourced payroll system (R 22 96; S 29 2:11)

+ Rigorous semantics of SPARK Ada applauded (see John Barnes' High Integrity Software); also more discussions of avoiding GOTOs (R 23 02)

*m Faulty wiring in window heater led to windshield cracks in 3 Boeing 777s (R 22 94)

*m Seattle Air Traffic Control [and elsewhere] affected by fires in Southern California (R 22 98)

hi$ Continental Airlines backs off erroneous 500K free-mile winners (R 22 92)

mhe London power outage previously blamed on wrong-valued fuse due to sloppy maintenance (R 22 97,98)

m Risk of leaving devices turned OFF: electrolytic capacitors degrade chemically: new kind of bit rot (R 22 98)

*m Nokia blames mobile-phone battery explosions for nonNokia batteries (R 22 97)

e$ WBIG radio unable to pay employees after computer upgrade (R 23 01)

*fi Honda CRV 4WD electronic doors trap man in Australian flood, nearly drown him (R 23 06); try the rear window, which is not electric! (R 23 12)

*hi(f?) Driver relies on car navigation system, winds up inside a supermarket (R 22 96)

i Acura MDX and BMW 7 series (in)human interfaces (R 23 01); BMW: "When you add complexity you add risks" (R 23 02); Karcher's Law: "Don't check for error conditions you are not prepared to handle." (R 23 03)

*$f BMW series 5 flaw disables Dynamic Stability Control and ABS (R 23 60; S 30 2:18)

hi Input data error on auto registration transfer causes driver's arrest (R 23 11)

fi French weather program mistakenly interprets frost (on a spider web on a sensor) as snow (R 23 03)

$hi Trifecta race-track bet on 2003 Melbourne Cup wins AU$2.6 million despite betting operator's ten-fold error: bettor had not requested confirmation (R 23 03; S 29 2:14)

hi Goofs: Animated billboard congratulates the Chicago Cubs on winning the baseball's National League pennant - but they lost! someone hit send instead of delete (R 22 96); New York Post prepared opposite editorials, released the wrong one: N.Y. Yankees lose 2003 American League pennant - but they won! (R 22 97); Israel's YNET.co.il announced Columbia had landed safely (with Israel's first astronaut aboard, and details of what he was supposed to be doing after landing) - but the Columbia was lost on reentry (R 22 98)

hi `Technical error' blamed for dirty picture shown to Mexico's first lady (R 22 92)

f Difficulties with U.S. Census Bureau income data: Gini averages based on truncated individual data for the wealthiest, max recorded is $999,999, to protect identities? No! (R 22 93,95,97)

f Amazon's Inside the Book text search service; lacking (R 22 98)

$f Computer problem affects Mississippi liquor stores and restaurants (R 22 98)

fe South Carolina DMV software glitch costs Sumter County $164,000; car tax records vanish (R 22 98)

$hi E-ZPass returned via UPS truck keeps getting charged for Jersey Turnpike trips! (R 23 01)

$ Official self-service litigation system available in England/Wales (R 23 06)

$himf Peter Deutsch's Eight Fallacies of Distributed Computing (R 23 06)

hi NOAA training session test message warns of hotter weather as Earth nears the Sun (R 23 07)

i Southern drawls thwart voice recognition for Shreveport police (R 23 04)

hi Proper understanding of "The Human Factor" (essay by Don Norman, R 23 07, commentary on two earlier RISKS items in R 23 04 and 06); two follow-ups from Doug Jones and Peter Ladkin (R 23 08); more on Murphy's Law (R 23 09) and developers (R 23 09); similar arguments about medical records (R 23 10)

i 'Master' and 'slave' computer labels unacceptable, LA officials say (R 23 05)

m Sony recalling 550,000 CD Walkman battery packs (R 23 04)

hi Erroneous Australian banana import recommendation due to error in risk assesment input to Microsoft Project file with @Risk add-on (R 23 28)

(m/f/h?) Dispatch computer glitch grounds Delta flights for 2 hours in Atlanta (R 23 35)

f Netgear/UWisc NTP router to keep time accurate: bug causes incessant retransmissions; fascinating item (R 23 41)

d Risks of believing in testing; also a GAO report (R 23 38-43)

$f Poor fallbacks on automated systems: Paytrust SmartBalance (R 23 39)

fi Reason Magazine subscriber-customized covers messed up (R 23 39)

hi The Daily Farce online satire (Rumsfeld banning digicams in Iraq) reported as truth (R 23 39)

fi USB "square" plugs plug in backwards! (R 23 32)

fi Florida sues AT&T for billing a million noncustomers (R 23 35)

ef Canada's largest bank has "processing disruption" (R 23 43)

$m 800,000 cards overcharged at Wal-Mart stores; hardware problem (R 23 30)

$f TurboTax electronic filing option fails to send AMT Form 6251 (R 23 35)

de Risks of broadband upgrades: Cox outage affects the recommended Toshiba 1100 cable modems: bad upgrade (R 23 30)

$fm MiniDV Firewire connector fragility (R 23 33)

e On-line accounting software upgrade problem: increased ID number length breaks system, which converted to scientific notation and rounding! (R 23 51)

m Zinc whiskers from under datacenter floors can lead to high equipment failure rates (R 23 45)

m DSL problem: mice, snakes, and wiring (R 23 57)

$f Lack of sanity checking in Web shopping cart software: beware of specifying fractional items (R 23 51)

$m Gloria Estefan performance in Dallas canceled due to computer crash (R 23 49)

i Emoticon-interpreters create risks in instant messaging services: :) becomes a yellow smiley-face icon (OK), but 401(k) in e-mail to female boss becomes 401 followed by "a big pair of smoochy lips"(R 23 48)

fhi Leslie Lamport: A Comedy of Errors; TLA+ quoted character anomaly (R 23 66; S 30 2:19-20) and discussion (R 23 67)

fhi Jim Horning: Risks of lenient parsing: a tale of tracking down an HTML problem (R 23 66; S 30 2:20) and discussion (R 23 67)

fi Software is no substitute for thought: yet another instance: need for human checks for reasonableness (R 23 60; S 30 2:20)

f Bruce Tognazzini list of 130+ most common bugs (R 23 67):
http://asktog.com/Bughouse/index.html

$f Siemens software flaw in S65 mobile phones causes substantial losses (R 23 60)

$fh Belgium's Banksys cashpoints failed due to small technical errors and overload, affecting 220K bank card transactions and 60K credit card transactions (R 23 63)

$(f/h/i/m?) Strange Standard and Poor stock numbers: index fell 870 points, 73% of its value, for one day (R 23 62,63)

$f Walgreen accidentally double- and triple-charges up to 4 million customers, due to overuse! (R 23 65)

fi Unintended effects of RFID devices; RFIDing babies (R 23 62,63,65)

hi E-mail notification from Southwest Air to wrong person, with no reply possibility (R 23 61)

$hi Problems with Chicago-area toll road transponders (R 23 67)

$hi Ticket not in computer system: your insurance rates may increase, because you cannot pay the fine! (R 23 66)

fm (etc.) 130 most common bugs - and counting (R 23 67; S 30 3:29)

hi- Vatican Web page on Pope John Paul II's death on 2 Apr 2005 was prepared on 1 Apr 2005, before his death, announcing "Vacancy of the Apostolic See" (R 23 84)

*(f/m/?) Judge accepted hypothesis that Ontario Safari Park tiger triggered power window opening and entered the automobile, awarded $2M in damages (R 23 69)

m A risk of high-speed CD/DVD-rom drives in current-day PCs, and slowing them down (R 23 71,72); Macrovision DVD copy-protection (R 23 72)

END of yet-to-be-merged items .....

1.2 11 Sep 2001 and Homeland Security

!!!*VSHf$$ 11 September 2001: terrorist highjacking of four planes used as cruise missiles to destroy the World Trade Center twin towers and part of the Pentagon, with thousands of lives lost and extensive disruption of lower Manhattan infrastructures; relevant GAO reports cited (S 27 1:7, R 21 66-67)

!h Stray bomb caused by typo in coordinate digit (R 21 70,71,73);

Sf Discussion of the risks of remotely controlling airliners to prevent hostile takeovers (R 21 68-69)

SP Joke e-mail seemingly from bin Laden reportedly landed its recipient in jail, but the details were in dispute (R 21 68-70)

+ Role of amateur (ham) radio communications after land-line and cellular comms failed (R 21 68-71)

!ih Friendly fire in December 2002 caused by Special Forces GPS battery changeover resetting Taliban target confirmation to its own location!!! (S 27 3:5, R 21 98)

Sm RISKS discussion of earlier World Trade Center problems (R 21 67) and lessons of 7 WTC (R 21 80)

S The Web Never Forgets, foiling attempts to remove info later thought to be sensitive (R 21 80)

SHA Airport security: can you trust a "trusted traveler"? (S 27 3:, R 22 03)

SHfi User security, system security, DMCA, etc.: Edupage neatly juxtaposes two items: Richard Clarke (at Black Hat in Las Vegas) urges hackers to find and report bugs; HP uses DMCA against bug finders (R 22 20); FTC uses Dewie the Turtle to promote computer security through hard-to-guess passwords, antivirus software and computer firewalls, just like President's Critical Infrastructure Protection Board - which puts the onus on users, not on the need for secure systems (R 22 27); reminiscent of Bert the Turtle from Duck and Cover (R 22 28); relying solely on users to tighten security is misguided (R 22 33); attempts to rescind parts of DMCA by Rick Boucher and by Zoe Lofgren (R 22 28)

Shi Education and the National Strategy to Secure Cyberspace: a critical review of the second version of the national cyberstrategy (Rob Slade, R 22 63)

S?H?f? Ptech raided for suspected al Qaeda link? No, financial crime investigation, says U.S. attorney; their software is used by Government agencies, but possibilities of Trojan horses reportedly unfounded (R 22 42)

SPfh No-fly terrorist blacklist snares peace activists, a nun, etc. (R 22 29); More on the No-Fly List (R 22 74); people named David Nelson turned away by CAPPS II pattern matching: at least 6 in LA area, 18 in Oregon, 4 in Alaska (R 22 80); in Austin, David Nelson planned to fly as D. Austin Nelson (R 22 81)

SHfh "Homeland Insecurity": technology not foolproof; subsequent discussion on Probabilistic Risk Assessment, firearms in the cockpit, and Computer Assisted Passenger Screening (R 22 20-21,23-24,27); Real risks of cyberterrorism, related to disaster planning; large-scale events; SCADA systems, even if not Internetted; nonpublication of Gartner/ NavalWarCollege study; beware of fear-mongering (R 22 22-23,27)

SH Richard Clarke on Homeland Security, airport ID checks, etc. (R 23 78-79; S 30 3:30); "High-tech passports are not working" (R 23 73; S 30 3:31)

$ Liability risks from cyberterrorism (S 27 6:12, R 22 18)

SP American style cyberwarfare: what are the risks? (S 27 6:13, R 22 18,22)

S Federal agencies get failing grades on cybersecurity; half D or worse (R 23 73; S 30 3:30-31)

*S Security? Nuclear plants don't need no stinkin' security! (R 23 78; S 30 3:31)

[See also the sections on security and privacy.]

1.3 Space

..... Manned/Womanned [Peopled?] Space Exploration:

!!$$Vrfh Shuttle Challenger explosion, 7 killed. [Removed booster sensors might have permitted early computer detection of leak?] [28Jan1986] (S 11 2) [Probably not? See Paul Ceruzzi, Beyond the Limits - Computers Enter the Space Age, MIT Press, 1989, Appendix.] Whistle-blower Roger Boisjoly fired by Morton Thiokol after reporting O-ring problem that led to loss of the Challenger (R 5 78, R 5 80, and R 12 40)

!mhi NASA cultural failures on STS-107 leading to loss of the Columbia shuttle (reminiscent of the Challenger loss); final data unrecoverable; more discussion (R 22 54); Over-reliance on PowerPoint leads to simplistic thinking, linked to Columbia shuttle accident analysis and disaster (23 07)

* Mercury astronauts forced into manual reentry? (S 8 3)

$f STS-1 1st Space Shuttle Columbia backup launch-computer synch problem. See Jack Garman, "The bug heard 'round the world" (S 6 5:3-10) Oct. 1981. I summarize this in my Computer-Related Risks book, page 20-21, along with several of the following cases.

*f STS-2 shuttle simulation: bug found in jettisoning an SRB (S 8 3)

*f STS-2 shuttle operational simulation: tight loop upon cancellation of an attempted abort; required manual override (S 7 1)

*Vf STS-6 shuttle bugs in live Dual Mission software precluded aborts (S 11 1)

*m STS-9 Columbia return delayed by multiple computer malfunctions (S 9 1)

*f STS-16 Discovery landing gear - correlated faults (S 10 3:10)

*if STS-18 Shuttle Discovery positioned upside down; mirror to reflect laser beam from Mauna Kea site aimed upward (+10,023 miles), not downward (+10,023 feet) (S 10 3:10)

*$ STS-20 Two-day delay of Discovery launch: backup computer outage (NY Times 26 Aug 1985); Syncom 4 satellite failure as well (S 10 5)

$f SRS-36 Atlantis launch delayed [25Feb1990]; "bad software" in backup tracking computer system, but no details given. (S 15 2)

h Shuttle Discovery shutdown procedure for two computers reversed (S 16 1)

*hife STS-24 Columbia near-disaster, liquid oxygen drained mistakenly just before launch, computer output misread (S 11 5)

*f Columbia orbiter suddenly rotates, due to telemetry noise (S 15 3)

$m Columbia delayed by computer, interface, sensors; then navigation (S 16 3)

$f Shuttle Endeavour computer miscomputes rendezvous with Intelsat satellite; nearly identical values interpreted as identical; those SW problems force spec changes (AviatWkSpT 29May/8Jun1992, S 17 3 duplic S 17 4)

* Shuttle computer problems, 1981-1985; 700 computer/avionics anomalies logged; landing gear problems in STS-6 and -13; multiple computer crashes in STS-9, cutting in backup system would have been fatal; thermocouple failure in STS-19 near disaster (S 14 2)

m Atlantis spacecraft computer problem fixed in space (S 14 5)

$f Untested for change, SW delays shuttle launch; 3-min on-line fix (S 15 3)

$(m/f?)V Shuttle Atlantis launch scrubbed: "faulty engine computer" (S 16 4)

$*V Columbia launch scrubbed at T-3sec 22Mar93, leaky valve (S 18 3:A14)

$*V STS-56 Discovery launch scrubbed at T-11sec 5Apr93, main propulsion system high-point bleed valve open-indicator went to off, closed-indicator did not switch to on. Indicator problem? program error? (S 18 3:A14)

h Discovery SRB recovered with missing pair of pliers (S 18 3:A14)

*h Discovery shuttle tail speed-brake gears were installed backwards in 1984, not discovered until 2004, 30 flights later! (R 23 29; S 29 5:13)

fm Channel blocked, Discovery exhausts storage for ozone data (S 18 3:A14)

H Experimental Space Shuttle e-mail address divulged, bombarded (S 16 4)

m Woodpeckers delay shuttle launch (S 20 5:8)

*m Docking problem aboard Soviet space station Mir (S 15 5)

m Mir Space Station computer problems add to difficulties; main computer failed during docking attempt, 19 Aug 1997 (R 19 31,32), with detailed analysis by Dennis Newkirk (R 19 33)

m Mir computer failure affects steering; replacement computer fails to load (end of May 1998, just before Discovery launch) (R 19 78)

*$d GAO reports on NASA Space Station: increased safety risks, costs (S 17 4)

* Risks of junk in space much greater than previously thought (S 17 4)

*f$ Potential software nightmare for International Space Station, with considerable discussion (R 19 49-51)

*$f International Space Station software problems in 2001 predicted in 1997 (S 26 4:4, R 21 37): see (R 19 49-51)

..... Space Exploration, Satellites, Probes, Others:

$f Hubble Space Telescope problems, soaring costs, missed deadlines, reduced goals, etc. (S 15 2); sensors misdirected because of wrong sign on precession in star data; antenna # 2 limited by misplaced cable, #1 limited because software had only one limit stop, same for both (S 15 3) No system test. 1mm error in monitor program of mirror polisher (S 15 5) See M.M. Waldrop, Science 249, 17Aug1990, pp.735-736.

Vf/m Hubble Space Telescope antenna swing causes shutdown (S 17 1)

fh More Hubble SW: misloaded ephemeris table, bad macro (S 18 1:24)

$fhV $150M Intelsat 6 comm satellite failed; booster wiring error, payload in wrong bay; miscommun. between electricians and programmers (S 15 3)

$mV Canadian TeleSat Aniks die: solar coronal hole electron flux (S 19 2:3) Anik E-2 control restored, but with shorter life ($203M asset) (S 20 2:11)

$(f/m?)V Taurus rocket plunges into Indian Ocean, destroying Orbital Imaging satellie, NASA QuikTOMS, and cremated remains of 50 people (S 27 1:8, R 21 68)

fmV SOHO Mission Interruption Preliminary Status and Background Report documents apparently unconnected multiple failures that caused the satellite to lose control (R 19 87)

fhV Final report on the Solar and Heliospheric Observatory (SOHO) spacecraft failure: software flaw and improper command (R 19 90); mis-identification of a faulty gyroscope, staffing problems, inadequate training, ambitious schedule, unreviewed procedure changes, etc. (R 19 90, 94); contact finally reestablished. (S 24 1:31)

hm 5 printers off-line or jammed, Voyager 1 data lost over weekend (S 15 5)

f Voyager 2 software faults at launch, 20 Aug 1977 (S 14 6)

V$ Titan 34D, Nike Orion, Delta-178 failures follow Challenger (S 11 3)

V$* Titan 4 rocket test-stand SRB explosion; simulation missed failure mode (R 12 09, S 16 4)

V(m/f?) Final Titan 4A launch explodes with Vortex satellite; total cost over $1B, Aug 1998 (R 19 91, S 24 1:32)

mV Titan 4B leaves missile warning satellite in useless orbit (R 20 36)

Vm/f? Titan 4B with Milstar communications satellite separates four hours early, resulting in a useless low orbit, 30 Apr 1999 (S 24 4:26, R 19 36)

Vhm$ 6 successive Theater High-Altitude Area Defense (THAAD) failures, including three typos; then a "success" (R 20 43,45); Titan 4B failure (R 20 39) blamed on shifted decimal point in upper-stage software (R 20 45)

Vf,f Delta III launch ends after 71 seconds due to software flaw; two weeks later, Delta III leaves Loral Orion comm satellite in useless low orbit 4 May 1999 (R 20 38)

Vmfh Centaur/Milstar upper-stage failure due to attitude-control system software (R 20 49); roll-rate filter constant .1 factor (-0.1992476, not -1.992476) (R 20 57,59)

Vm$ Private imaging satellite Ikonos 1 disappears 8 minutes after launch (S 24 4:26, R 20 36); loss blamed on an electrical problem that prevented the aerodynamic payload cover from coming off. Subsequent Ikonos launched successfully (R 20 60):

f Terra spacecraft navigation software problems (S 25 3:18, R 20 78)

V$(m?f?) Two satellite failures (R 21 19, S 26 2:5)

Vm/f? Russian rocket blows 12 Globalstar satellites (S 24 1:32, R 19 95)

V$(f?m?) Computer blamed for Russian rocket crash (R 21 18, S 26 2:5)

$fmmm Fascinating historical case recently reported of Russian KORD N-1 rocket-engine shutdown system failures, 1969, 1971, 1973; lots of lessons to be learned (R 21 53)

h Boeing space station tanks accidentally taken to Huntsville dump (R 20 83)

Vh Space Station endangered by NASA flight controllers' blunder in maneuvering around space junk; predicted distance also way off (R 20 46-47)

SH Space Station Problem Reporting Database hacked (R 20 47-48)

$Vmf Space Station risks (R 21 14, S 26 2:5)

f "Truncation error" found in GPS code on Int'l Space Station (S 27 6:6, R 22 11)

$de NASA space station undergoing software repairs for 500 of 1000 known flaws (R 23 46; S 30 1:10)

V$ehf Canaveral Rocket lost; wrong key hit in loading guidance SW (S 16 4)

df NASA finds problems in EOSDIS Earth Observing System (EOS) spacecraft flight operations software development, expected to delay launch (R 19 67)

m+ Apollo 11 lunar module, pen used to replace circuit breaker (S 18 3:A14)

Vr* Lightning hits Apollo 12. "Major system upsets, minor damage". See article by Uman and Krider, Science 27 Oct 1989, pp. 457-464. (S 15 1)

V$m Lightning changed Atlas-Centaur program (51 sec). $160M lost (S 12 3, 15 1)

@V*$m Lightning hits launch pad, launches 3 missiles at Wallops Island (S 12 3)

V$f Mariner 1 Venus probe: HW fault plus programmer missed superscript bar in `R dot bar sub n'. See Paul Ceruzzi, Beyond the Limits - Flight Enters the Computer Age, Smithsonian, 1989, Appendix (S 14 5). (Earlier reports had suggested DO I=1.10 bug (see next item) or a garbled minus sign (or hyphen.) (S 8 5, 11 5, S 13 1)

$f Project Mercury had a FORTRAN syntax error such as DO I=1.10 (not 1,10). The comma/period interchange was detected in software used in earlier suborbital missions, and would have been more serious in subsequent orbital and moon flights. Noted by Fred Webb. (S 15 1)

*f Gemini V 100mi landing err, prog ignored orbital motion around sun (S 9 1)

V$f Atlas-Agena software missing hyphen; $18.5M rocket destroyed (S 10 5)

@VSH Lauffenberger convicted of logic bombing GD's Atlas rocket DB (S 17 1)

Vm Navy Atlas rocket places satellite in worthless orbit (S 18 3:A14)

V$f Aries with $1.5M payload lost: wrong resistor in guidance system; (S 11 5)

V*f TDRS relay satellite locked on wrong target (S 10 3:10-11)

Vm AT&T Telstar 401 satellite failure (S 22 4:26, R 18 76)

de Satellite system outage hits Associated Press (R 21 04; S 26 1:18)

Vm Ariane 5 test problems: motor failures, nitrogen leak (S 20 5:9, R 18 27,28)

V$f New Ariane 5 failure (S 21 5:15); More on Ariane 5: conversion from 64-bit floating to 16-bit signed caused Operand Error (R 18 27-29,45,47); Note: Matra made software for Ariane5 and Taipei subway system (S 21 5:15); Incidentally, Robert L. Baber, Univ. Witwatersrand, Johannesburg, suggests you browse http://www.cs.wits.ac.za/ bob/ariane5.htm - showing how a simple correctness proof could have avoided this problem. (R 18 89-91)

*Mm Cosmic rays hit TDRS, Challenger comm halved for 14hrs [8Oct1984](S 10 1)

$Mr Sunspot activity: 1979 Skylab satellite dragged out of orbit (S 13 4)

hM 1989 pulsar discovery now attributed to TV camera interference (S 16 3)

V$hfe Soviet Phobos I Mars probe lost (Sep 1988): faulty SW update (S 13 4); cost to USSR 300M rubles (Aviation Week, 13 Feb 89); disorientation broke radio link, discharged solar batteries before reacquisition. [Science, 16Sep1988] More on Phobos 1 and 2 computer failures (S 14 6)

V$? Soviets lose contact with Phobos II Mars probe. Automatic reorientation of antenna back toward earth failed. (S 14 2)

V$f 1971 Soviet Mars orbiter failed after "unforgivable" SW bug; new info (S 16 3)

f Assessment of predictions on the Russian Mars Probe crash site (S 22 2:22)

V$fm 1993 Mars Observer lost entering Mars orbit (S 18 4:11; R 14 87,89; 15 01); loss blamed on fuel line leak (Washington Post, 10 Jan 1994)

f What really happened on Mars Rover Pathfinder? David Wilner on VxWorks system resets and preemptive priority scheduling, and Glenn Reeves - first-hand commentary must be read (R 19 49,50,53,54) and further discussion of priority inversion (R 19 50,53,54,56)

fe Spirit Rover failure on Mars: software upload to delete files failed, file space exceeded, caused reboot with insufficient file space, causing reboot loop (R 23 14,15, see final summary in R 23 24); DOS file system continual growth design oversight (R 23 51) ["Spirit was willing, but its flash was weak." Jim Griffith, R 23 17]

dfe More on NASA Spirit and MS-DOS/VxWorks FAT system (R 23 51,52; S 30 1:10)

V$fm Mars Climate Orbiter lost, dipped too close to Mars due to English/Metric confusion; Mars Polar Lander reprogrammed to report back directly on 3 Dec 1999 (R 20 59-62); Mars Lander then lost entirely on landing attempt, search abandoned after a month. Crash finally blamed on software shutting engines off prematurely (R 20 84,86)

+ Mars Odyssey probe maneuver braked successfully in orbit, 22 Oct 2001 (S 27 1:8, R 21 71)

m$ Japan's Mars probe Nozomi goes off course (R 23 07; S 29 2:9)

m+/- Pioneer 10 still alive, sort of, 30 years later (R 22 44)

f+ Cassini-Huygens mission to land on Saturn's moon, Titan succeeded; software flaw detected and fixed (R 23 65,67; S 30 2:17)

$h Loss of data from the Huygens Probe: one comm channel not turned on (R 23 67; S 30 3:22)

$f/h? NASA HESSI shake test 10 times too strong, damaging spacecraft (S 25 3:15, R 20 86)

$f Sea Launch rocket drops satellite into Pacific Ocean (S 25 3:15, R 20 84,86); single line of code allowed launch with second-stage valve open, causing helium leak (R 20 97)

Vfm$ Electronics startup transient opened telescope cover prematurely, destroying Wide Field Infrared Explorer (WIRE) spacecraft (R 20 47-48)

V$m $1.4B Galileo antenna jammed, en route to Jupiter (S 18 4:11)

V$m Landsat 6 vanishes; space junk tracked by mistake (S 19 1:10)

V$f Magellan space software problems: serious design flaw fixed (S 14 5) Nonatomic setting of scheduled and active flags interrupted. See H.S.F. Cooper, Jr., The Evening Star: Venus Observed, Farrar Straus Giroux, 1993. Discussion in J.M. Rushby, SRI-CSL-95-01.

$m Magellan spacecraft manual guidance overcomes faulty computer chip (S 15 2)

V*h Soyuz Spacecraft reentry failed, based on wrong descent program, (orbiting module had been jettisoned, precluding redocking) (S 13 4)

*fh Software bug in autopilot on return sends Soyuz off course (R 22 72,74,78; S 28 4:6, S 28 6:7)

V$fe Viking had a misaligned antenna due to a faulty code patch (S 9 5)

*f Ozone hole over South Pole observed, rejected by SW for 8 years (S 11 5)

? Global-warming data confusion (R 19 91-92)

@Vfm Channel blocked, Discovery runs out of storage for ozone data (S 18 3:A14)

* Continuing trend toward expert systems in NASA (S 14 2)

f SW bug on TOPEX/Poseidon spacecraft "roll momentum wheel saturated" alarm aborted maneuver. It was recoverable, however. (S 18 1:24)

1.4 Defense

V!hhh U.S. F-15s take out U.S. Black Hawks over Iraq in Friendly Fire; 26 killed, attributed to coincidence of many human errors. (Other cases of friendly fire included 24% of those killed in the Gulf War.) (S 19 3:4) According to a seemingly reliable private correspondent who has read through at least 62 volumes of investigation reports, the public was seriously misled on this situation and there was a considerable cover-up. For now, contact me if you want further background.

!!$rhi Iran Air 655 Airbus shot down by USS Vincennes' missiles (290 dead); Human error plus confusing and incomplete Aegis interface (S 13 4); Commentary on Tom Wicker article on Vincennes and SDI (S 13 4); Aegis user interface changes recommended; altitude, IFF problems (S 14 1); Analysis implicates Aegis displays and crew (Aerospace America, Apr 1989); Discussion of further intrinsic limitations (Matt Jaffe, S 14 5, R 8 74); USS Sides Cmdr David Carlson questions attack on Iranian jet (S 14 6)

!!$rfe Iraqi Scud hit Dhahran barracks (28 dead, 98 wounded); not detected by Patriot defenses; clock drifted .36 sec. in 4-day continuous siege, due to SW flaw, preventing real-time tracking. Spec called for aircraft speeds, not mach 6, only 14-hour continuous performance, not 100. Patched SW arrived via air 1 day later (S 16 3; AWST 10Jun91 p.25-26); Shutdown and reboot might have averted Scud disaster (S 16 4) Patriot missiles misled by `accidental' decoys; T.A. Postol report (S 17 2); summary of clock drift, etc. GAO/IMTEC-92-26, February 1992 (S 17 2); reprisals against Postol for his whistleblowing (R 13 32, S 17 2); Army downgrades success to about 10% rather than 80% [4 out of 47 hits] (R 13 37, S 17 2, 17 3) GAO report documents clock problem in detail (S 17 3) 24-bit and 48-bit representations of .1 used interchangeably (S 18 1:25)

$(m/f?) Two of three Patriot missiles failed (R 21 92)

!m/f/h Friendly Fire: Patriot software again a concern: shoots down British Tornado GR4 near Iraq/Kuwait border (R 22 65-67); more discussion (R 22 67-70); confusions with numbers (R 22 69-70); Aegis (R 22 71)

!!$hV Russian airliner shot down by Ukrainian missile in errant test; earlier Ukrainian missile test killed four people in an apartment block (S 27 1:8, R 21 69)

*f Patriot system fails again (S 25 3:18, R 20 85)

!mhi Report on Patriot missile friendly fire over Iraq on 2 Apr 2003; plane mistaken for hostile missile (R 23 72; S 30 3:23)

*f Software snafu slowed critical data during Iraq raid (S 24 3:25, R 20 23)

!!V$h? Sheffield sunk during Falklands war, 20 killed. Call to London hindered antimissile defenses on same frequency? [AP 16May1986](R 2 53, S 11 3) An "official" version disputes this conclusion - see "The Royal Navy and the Falkland Islands" by David Brown, written at the request of the Royal Navy. Page 159 of that report discusses another problem with the Sea Wolf system, occurring several days later.

@SVf$ Royal Navy battle software unsafe; whistle-blower fired (R 23 56)

!V$ British Falklands helicopter downed by British missile. 4 dead (S 12 1)

!fi Software problem in Advanced Field Artillery Tactical Data System kills soldiers in training incident; unspecified altitude defaults to zero (S 27 6:10, R 22 13)

!!V$f USS Liberty: 3 independent warning messages to withdraw were all lost; 34 killed, more wounded. Intelligence implications as well. (S 11 5)

!Vhfi? Stark unpreparedness against Iraqi Exocets blamed on officers, not technology, but technology was too dangerous to use automatically (S 12 3); Captain blamed deficient radar equipment; official report says radar detected missiles, misidentified them. (S 13 1)

Vrf$ USS Yorktown Aegis missile cruiser dead in water for 2.75 hours after unchecked divide by zero in application on Windows NT Smart Ship technology (S 24 1:31, R 19 88-94); letter to Scientific American: it was an explicit decision to "stimulate" [sic] machinery casualties? (S 24 4:26, R 20 37)

$hfe Navy software problems in upgrading software on battle cruisers USS Hue City and USS Vicksburg (S 23 5:25, R 19 86-87)

$SVrfe Navy to use Windows 2000 on aircraft carriers (R 20 95)

fid Not-so-smart weapons in Kosovo (R 21 01; S 26 1:18)

*Vf 5th Bell V22 Osprey crash: assembly error reversed polarity in gyro (S 16 4); Bell V-22 Osprey - correct sensor outvoted (S 17 1)

!V$fmh Another Osprey crash April 2000 kills 19 (R 21 14, S 26 2:5); falsified maintenance records; yet another crash 11 Dec 2000 killing 4 Marines, blamed on hydraulics failure, software failure, and incompletely tested backup (Ladkin in R 21 21, 21 24, see also R 21 25,33-36, with more detailed analysis in R 21 38 and 41; summarized in S 26 4:3)

!fmH More on the Osprey (S 26 6:8): software problem identified, but downplayed in Blue Ribbon report (R 21 41); 8 Marine officers charged with falsifying maintenance records (R 21 60)

!V$fmh? Two U.S. F-15 jets disappeared over Scotland, 26 Mar 2001; U.S. Army RC-12 reconnaissance plane crashed near Nuremberg, killing two pilots - same day; German military helicopter crashed in Peppen, Germany, on 27 Mar 2001, killing four (R 21 31; S 26 4:4)

*hi Sea King helicopter crashes onto Canadian HMCS Iroquois: fire control system deployment failure (R 22 76, S 28 6:8)

*h Swiss radar controller jokingly labeling helicopter as al Qaeda almost leads to French fighter intercept of civilian craft (R 22 79, S 28 6:7)

*H Fraudulent test SW in Phalanx anti-missile system, Standard missile (S 13 4)

Hhf West German flies Helsinki-Moscow through Soviet Air Defense (S 12 3)

Hhf Soviet Air Defense penetrated again by amateur pilot (S 15 5)

$h Russian missile-site power outage due to unpaid utility bill? (S 20 1:17)

**f Returning space junk detected as missiles. Daniel Ford, The Button, p.85

** WWMCCS false alarms triggered scrams 3-6 Jun 1980 (S 5 3, Ford pp 78-84)

** DSP East satellite sensors overloaded by Siberian gas-field fire (Daniel Ford p 62); Ford summarized (S 10 3:6-7)

**f BMEWS at Thule detected rising moon as incoming missiles [5Oct1960] (S 8 3). See E.C. Berkeley, The Computer Revolution, pp. 175-177, 1962.

** SAC/NORAD: 50 false alerts in 1979 (S 5 3), incl. a simulated attack whose outputs accidentally triggered a live scramble [9Nov1979] (S 5 3)

*** Serious false 2200-missile-alert incident 3 Jun 1980 described by Stansfield Turner, mentioning thousands of other false alarms (S 23 1:12, R 19 43)

*fmh Russian early-warning system close to retaliatory strike: Norwegian weather rocket mistaken for American Trident (R 19 85)

m Report from Kommersant Vlast on Serbukov-15 base false detection of ICBMs en route to Moscow on 25 Sep 1983; human intervention stopped retaliation; system allegedly misbehaved due to radiation (R 19 97)

*$VfM Libyan bomb raid accidental damage by "smart bomb" (S 11 3) F-111 downed by defense-jamming electromagnetic interference (S 14 2) More on U.S. radio self-interference in 1986 Libyan attack (S 15 3)

* Iraq using British Stonefish smart mines, with "sensitive" SW (S 15 5)

*fh Discussion of US/UK smart bombs missing targets in Iraq (R 21 26-28)

*SP Britain bugged radio equipment sold to Iraq (S 16 4)

*SP Trojan horse implants in DoD weapons (S 16 4)

*SP Trojan horse inserted in locally netted printer sold to Iraq? (S 17 2)

*Vm Arabian heat causing problems with US weapons computers (S 15 5)

*V$m Lightning hits launch pad, launches 3 missiles at Wallops Island (S 12 3)

* Frigate George Philip fired missile in opposite direction (S 8 5)

*h? Unarmed Soviet missile crashed in Finland. Wrong flight path? (S 10 2)

*Vf 1st Tomahawk cruise missile failure: program erased [8Dec1986] (S 11 2)

*Vm 2nd Tomahawk failure; bit dropped by HW triggered abort (S 11 5, 12 1)

f/m? CALCM cruise missile software bugs revisited (S 22 2:22)

hi Accidental launch of live Canadian Navy missile: color-code mixup (S 22 1:18)

*$rf Program, model flaws implicated in Trident 2 failures; self-destruct 4 seconds into one flight caused by unexpected turbulence before leaving the water (S 14 6, R 9 12)

*VrmM RF interference caused Black Hawk helicopter hydraulic failure (S 13 1); More on Black Hawk EMP problems and claimed backwards pin (R 17 39,42)

*VSM RF interference forces RAF to abandon ILS in poor weather (R 21 17)

f Reliability risks in USB Army 'Land Warrior' soldier-of-the-future (R 21 27)

*f Sgt York (DIVAD) radar/anti-aircraft gun - software problems (S 11 5)

$f Software flaw in submarine-launched ballistic missile system (S 10 5)

V$f AEGIS failures on 6 of 17 targets attributed to software (S 11 5)

Vf WWMCCS computers' comm reboot failed by blocked multiple logins (S 11 5)

$ WWMCCS modernization difficulties (S 15 1)

*$f Gulf War DSN 20-30% call completion persists 3 mos. until SW patch (S 17 4)

$f Armored Combat Earthmover 18,000 hr tests missed serious problems (S 11 5)

$rfi Stinger missile too heavy to carry, noxious to user (S 11 5)

**V$$rS Strategic Defense Initiative - debate over feasibility (S 10 5); Pentagon says SDI complexity comparable to nuclear reactors (Newsweek, S 17 3) See Way Out There in the Blue: Reagan, Star Wars, and the End of the Cold War, Frances FitzGerald, Simon & Schuster, 2000 for a fine retrospective analysis.

$d SDI costs, budget issues, risks discussed (S 17 4)

$ StarWars satellite 2nd stage photo missed - unremoved lens cap (S 14 2)

f StarWars FireFly laser-radar accelerometer wired backwards (S 19 2:2)

*f "Faith-based" National Missile Defense system discussed (S 26 6:6, R 21 41,43,45); two of the most recent three tests failed, and the other had radar failing to indicate "success" (R 21 53); all three reportedly had GPS-based homing beacons to aid the interception! (R 21 63)

fff Alistair Cooke on National Missile Defense: among other risks, crude wobblers are harder to detect than sophisticated missiles (R 21 65)

-[VSfmde?] StarWars to be exempt from oversight, reporting, and testing requirements? (R 22 59)

h StarWars missile-defense test failure [11 Dec 2002] linked to single chip malfunction (R 22 68; S 28 4:6)

$f Missile interceptor shut down before it could leave its silo [15 Dec 2004]; too many missed messages (R 23 65-66; S 30 2:17)

$ Another missile interceptor test doesn't leave its silo [14 Feb 2005]; timing problem in ground support? 6th failure in 9 attempts (R 23 72; S 30 3:22-23)

$f Software safeguards prevent Solar Sail from separation? (S 26 6:8, R 21 55)

$* 1.7M resistors recalled. Used in F-15, Patriot, radar, comm aircr. (S 16 3)

$hd DoD criticized for software development problems (S 13 1)

$df Future Combat Systems procurement and development problems: GAO report considers JTRS, WIN-T, SOSCOE (R 23 93; S 30 4:19-20)

* US Navy radar jammers certified despite software errors, failed tests (S 17 3)

$ USAF software contractors score poorly on selections (S 14 1)

$d ADATS tank-based anti-copter missile system development problems, $5B overrun, unreliability, ... (S 16 1)

$d British air defense system ICCS SW causes ten-year delay (S 15 5)

*Sf US Army Maneuver Control System vulnerable to software sabotage (S 15 5)

$d US-supplied Saudi Peace Shield air defense software problems (S 15 5)

$d Serious software problems in UK Trident nuclear warhead control (S 15 5)

*m Russian nuclear warheads armed by computer malfunction (R 19 14)

*h Outdated codes made US missiles useless until annual inspection (S 14 5)

S Classified data in wrong systems at Rocky Flats nuclear weapons plant (S 16 4)

SPh Classified disks lost by Naval commanders on London train (R 17 54)

hi? Listing of US Navy safety problems in two-week period (S 15 1)

Vm Rain shuts down Army computers; lightning effects and prevention (S 15 1)

fh Army Automated Time and Attendance Production System (ATAAPS) loss of data for 10 days (R 20 97)

* Role of e-mail, Internet, FAX in defeating 1991 Soviet coup attempt (S 16 4); (S) power surges used to fry faxes and computers in countermeasure (S 16 4)

* Russian auto-response missile system still in place in Oct 1993 (S 19 1:10)

!!*V(f/h?) Russian nuclear submarine explosion (missile test awry) kills crew of over 100 in Barents Sea, 13 Oct 2000. Also, Izvestia reported over 507 sub crew members had died previously. (R 21 01)

*Vh Russian nuclear sub near-disaster due to utility power shutoff? (R 17 42,44)

!mh Kursk submarine sinking: 23 crewmen reached the floating rescue capsule, but it failed to disengage - it had never been tested (R 22 11)

*fV Russian remote-controlled rescue submarines failed to respond in time of urgent need due to software flaw (R 24 01, S 30 6:); British sub comes to the rescue to unsnarl the Russian sub

!! Analysis of U.S. peacetime submarine accidents http://freeweb.pdq.net/gstitz/Peace.htm

!*hi The crash of the USS San Francisco into an undersea mountain at a depth of 525 feet (8 Jan 2005) has been attributed to use of the wrong chart, although other charts on board showed the seamount. (R 24 01)

Vfm Software disaster leaves new Australian submarine unfit; wide range of pervasive hardware/software failures reported (R 20 48)

1.5 Military Aviation

!!V$f Handley Page Victor tailplane broke, crew lost. 3 independent test methods, 3 independent flaws, masking flutter problem (S 11 2-12, correction S 11 3)

!Vf Harrier ejection-seat parachute system accidentally deployed, blew through the canopy, but without ejecting the seat and pilot, who was killed (S 13 3)

f Harrier targets police radar gun; fortunately not armed! (S 21 4:14)

*V(h/m?) Japanese pilot accidentally ejected into the Pacific (S 19 4:12)

*V$h British Harrier accidentally bombs British carrier, Ark Royal (S 17 3) 5 injured. Auto aim-off SW blamed for the Ark Royal bombing (S 18 1:23) Correction noted Mar2001: it was a Royal Air Force Harrier GR3, not a Sea Harrier.

*V$f SAAB JAS 39 Gripen crash caused by flight control software (S 14 2, 14 5)

*V$fmhi 2nd JAS 39 Gripen crash 8Aug1993 blamed on pilot/technology (S 18 4:11); interface difficulties, complicated analysis (S 19 1:12)

*V$rf Software problems in B-1B terrain-following radar, flight-control; electronic countermeasures (stealth) jam plane's own signals (S 12 2); array antennas and effects on mobile phones can defeat stealth cloak of invisibility (R 21 49)

*V$h B-1B swept wing punctures gas tank on the ground; blamed on low lubricant; problem found in 70 of 80 B-1Bs inspected (S 14 2)! No computer sensors?

$fd Stealth development problems including SW miscalculation in wiring (S 15 1)

$f UHB demonstrator flight aborted by software error at 12,000 feet (S 12 3)

*V$fh F-22 prototype crash first blamed on computer SW, then on pilot (S 17 3)

$*Vhif $133M F/A-22 Raptor air-superiority fighter crashed 11 seconds after takeoff, 20 Dec 2004; momentary power loss interpreted as switch to test mode; all three rate-sensor assemblies failed, with no warning; redesign in progress (R 23 90; S 30 4:19)

*V$f F-18 crash due to missing exception cond. Pilot OK (S 6 2, more SEN 11 2)

*Vhi F-18 missile thrust while clamped, plane lost 20,000 feet (S 8 5)

fm F/A-18 jets have a severe brake failure problem due to thin electrical cable (R 24 01)

*f F-16 simulation: virtual plane flipped over whenever it crossed equator (S 5 2) More on the upside-down F-16 bug that was caught in simulation: the bug apparently led to a deadlock over whether to do a left or right roll to return to upright, and the software froze (S 9 5). ADDED NOTE: This is seemingly an example for Les Lamport's Buridan's Ass paper, where the ass halfway between two points could not decide which way to go. This case is one that still needs definitive resolution after all these years. Either (1) this was a flaw in the avionics software that was detected by the simulation, or (2) perhaps more likely it an error in the simulation program itself rather than the avionics software. Does anyone still alive know for sure?

$Vhi F-16 landing gear raised while plane on runway; bomb problems (S 11 5)

*Vfh Unstallable F-16 stalls; novice pilot found unprotected maneuver (S 14 2)

$d USAF ECM systems: software 2 years late for F-16 and F-111 (S 15 5)

*hif Accidental shootdown of one Japanese F-15 by another (R 17 65, R 18 18); controversy continues (R 18 41,57)

*V$f? F-14 off aircraft carrier into North Sea; due to software? (S 8 3)

*V$f F-14 lost to uncontrollable spin, traced to tactical software (S 9 5)

Vf YF-23 fly-by-wire prototype attempted tail corrections while taxiing. Same problem on first X-29. (AFTI/F-16 had weight-on-wheels switch.) (S 16 3) AFTI/F-16 DFCS redundancy management: ref to J.Rushby SRI-CSL-91-3 (S 16 3)

+- Historical review of X-15 and BOMARC reliability experiences (S 17 3)

$ Systems late, over budget (what's new?); C-17/B-1/STC/NORAD/ASJP (S 15 1)

V*$fd C-17 SW/HW problems documented in GAO report; 19 on-board computers, 80 microprocessors, six programming languages; complexity misassessed GAO: "The C-17 is a good example of how not to approach software development when procuring a major weapons system." (S 17 3) Chairman John F. McDonnell's reply (S 17 4)

f C-130 testbed uncovers 25-yr-old divide-by-zero bug in X-31 SW (S 16 3)

*Vmf X-31 crash, 19 Jan 1995 (R 17 45,46,47,60,62; 60=Pete Mellor)

V(f?) Unplanned 360-degree roll of NASA's X-38 in test (R 21 10)

*VM US missile-warning radar triggers accidental explosions in friendly aircraft; radar must be turned off when planes land! (S 14 2)

* AF PAVE PAWS radar can trigger ejection seats, fire extinguishers (S 15 1)

!$h 1988 RAF Tornados collided, killing 4; flying on same cassette! (S 15 3)

V$ef DarkStar unmanned aerial vehicle (UAV) crash from software change, cost $39M (S 22 1:17-18)

$V(f?m?) Helios solar-powered remote-controlled flying wing with $10M fuel-cell system lost in Pacific after severe oscillations; previously had set altitude record of 100,000 feet (R 22 80, S 28 6:9)

mM? Air Force bombs Georgia - stray electromagnetic interference? (S 14 5, R 8 72)

*hme, etc. Navigation, GPS, and risks of flying (R 19 73,75,77); Implications of the U.S. Navy no longer teaching celestial navigation (R 19 75,77-79,81-82)

*$VSf GPS vulnerabilities need attention, with increasingly critical dependence on continuous functionality; see Dept of Transportation report (R 21 67)

- U.S. National Geospatial-Intelligence Agency (NGA) proposes to withdraw all aeronautical data and products from public distribution (R 23 91)

*+/-? US Navy to drop paper charts in favor of global online digital database (R 24 01)

1.6 Commercial Aviation

hi Crew reliance on automation cited as "Top Risk" in future aircraft (R 21 35)

..... Commercial flight incidents

!!$V(hi?) Korean Airlines KAL 007 shot down killing 269 [1Sept1983]; autopilot on HDG 246 rather than INERTIAL NAV? (NYReview 25 Apr 85; SEN 9 1, 10 3:6, 12 1) or espionage mission? (R.W. Johnson, "Shootdown") Further information from Soviets, residual questions (S 16 3); Zuyev reports Arctic gales had knocked out key Soviet radars; Oberg believed Sakhalin air defense forces were "trigger-happy" following earlier US Navy aircraft overflight incursions [Reuters 2Jan1993]; Analysis of recent articles on KAL 007 (Ladkin, R 18 44)

!!Vfe Korean Airlines KAL 901 accident in Guam, killing 225 of 254; worldwide bug discovered in barometric altimetry in Ground Proximity Warning System (GPWS) (S 23 1:11, R 19 37-38)

!!Vm Alaska Airlines flight 261, 31 Jan 2000, dove into Pacific Ocean after jackscrew failure in stabilizer assembly; hearing results show loss of paper trail (R 21 15)

!!V(m?h?) TWA Flight 800 missile-test accident hypothesis causing near-empty fuel-tank explosion off Long Island widely circulated in Internet e-mail, causing considerable flap. Missile theory officially discredited. Minireview of James Sander's The Downing of TWA Flight 800 (R 19 12); speculative discussion on the downing of TWA 800 (R 19 13); possibility of EMI raised in article by Elaine Scarry, New York Review of Books, 9 Apr 1998 (R 19 64-66). Harvard Magazine Jul-Aug 1998, pp. 11-12, diagram shows TWA 800 at 13,700 feet between a P3 Orion directly overhead at 20,000 feet, Black Hawk helicopter and HC-130 at 3,000 feet both directly below (with a C-141 and C-10 nearby). But this seems unlikely. (R 19 86) Report by the late Commander William S. Donaldson III, USN Ret., 17 July 1998, claiming a hostile missile attack, with radar tracks, etc. http://www.twa800.com/index.htm.

!!V$rh Air New Zealand crashed into Mt Erebus, killing 257 [28Nov1979]; computer course data error detected but pilots not informed (S 6 3, 6 5)

!!V$f/m? Lauda Air 767-300ER broke up over Thailand. 223 dead. Cockpit voice recorder: thrust reverser deployed in mid-air. Precedents on 747/767 controlled; investigation in progress. (S 16 3, AWST 10Jun91 pp.28-30) Suitcase full of cheap lithium-battery Chinese watches exploded? Earlier lithium battery problems: South African 747 in 1987, killed 159; Cathay Pacific 1990 emergency landing (S 16 3, Sunday Times, London, 23 Jun 91) Many other planes may be flying with the same thrust-reverser defect; FAA, Boeing simulations, suggest 757 less aerostable than though (S 16 4) Ex-Boeing expert had warned of software flaw in 747/767 proximity switch electronics unit; he claims he was ordered to suppress data. (S 17 1)

!!Vhifmr Northwest Air flight 255 computer failed to warn MD80 crew of unset flaps misset, thrust indicator wrong; 156 dead (S 12 4;2); circuit breaker downed the warning system that should have detected those problems. [But who checks the checker?] Simulator, plane behave differently (S 13 1); Report blames pilot error, unattributed circuit outage (S 13 3); Report that the same pilots had intentionally disconnected the alarm on another MD-80 two days before raises suspicions (S 14 5, R 08 65); NW sues CAE over spec error in flight training simulator (S 15 5); A Federal jury ruled on 8 May 91 that the crew was to blame.

!!V$mf/h/i? British Midland 737 crash, 47 killed, 74 seriously injured; right engine erroneously shut off in response to smoke, vibration (Flight International 1 Apr 89); suspected crosswiring detected in many OTHER planes (S 14 2); low-probability, high-consequence accidents (S 14 5); random memory initialization in flight management computers (S 14 5); Kegworth M1 air crash inquest: many improvements suggested (S 15 3); Criticism of "glass cockpits" (S 15 3); UK AAIB fingers 737-400 liquid crystal display layouts (S 16 3, R 11 42); now-retired British vicar Reverend Leslie Robinson claims a witches' coven was operating under the flight path (R 20 12)

*fm Air disasters: A crisis of confidence? Phuket Air 747 aborts (R 23 83; S 30 3:23-24)

!!Vh Aeromexico flight to LAX crashes with private plane, 82 killed (S 11 5)

!!Vh Metroliner&transponderless small plane collide 15 Jan 87. 10 die (S 12 2)

!!Vh Two planes collide 19 Jan 87. Altitude data not watched by ATC. (S 12 2)

!!Vfih 1994 China Air A300-600 Nagoya accident killing 264: final report blames pilots and autopilot human-computer interface (R 18 33); (see also R 16 05-07, 09, 13-16)

!Vh Air France Airbus A320 crash blamed on pilot error, safety controls off (S 13 4); 3 killed. Airbus computer system development criticized (S 13 4); Subsequent doubts on computers reported: inaccurate altimeter readings; engines unexpectedly throttling up on final approach; sudden power loss prior to landing; steering problems while taxiing (S 14 2); reportage by Jim Beatson (R 08 49, 08 77), barometric pressure backset? (S 14 5) investigators blame pilot error; pilots charge recorder tampering (S 15 3) Pilots convicted for libel in blaming technical malfunctions! (S 16 3)

!!V? Indian Airlines Airbus A320 crashes 1000 ft short of runway; 97 die (S 15 2) A320 flight modes (S 15 3); apparent similarities in crashes (S 15 3) Air India unloading their A320s (S 15 5)

V(m?) Air India Airbus 320 autopilot failure [19Apr1999]? (S 24 4:26, R 20 32)

!!Vhmi French Air Inter A320 crash on approach to Strasbourg airport [20Jan1992]; 87 dead, 9 survivors; 2,000-foot altitude drop reported (R 13 05); crash site at 2496 feet. Report fingers mixture of human and technical error, airport ill equipped, serious failings in altimeter system, pilot unable to stop descent (S 17 2); Air Inter official charged with negligent homicide (S 18 2:9); Commission of Enquiry blamed Pilot Error (S 18 4:12); New case of A320 descent-rate instability identified approaching Orly, related to Air Inter crash (S 18 1:23); Final report blames crew training and interface problems (S 19 2:11)

!Vf 1994 Toulouse A330 accident blamed on experimental SW. 7 died (S 19 4:11)

*mf FADEC computers cause uncommanded shutdowns of aircraft engines in flight; linked to power transistor (R 21 05; S 26 1:22)

*f Airbus A300 AA587 tail "BSD" incident, dropping 3000 feet: screens blanked for 2-3 seconds; unreliable data reset Symbol Generator Unit software changes required (R 21 96)

*h/f? Misleading report on Air Transat A330 emergency landing in Azores, 24 Aug 2001, (R 21 93) addressed by Peter Ladkin; fuel leak not detected early enough, and other problems (R 21 94)

!,*m(h?) Airbus A300/310 rudder problems: Air Transat 961; AA 587 out of JFK; others (R 23 79; S 30 3:23)

* A320 flight-control computer anomalies summarized by Peter Ladkin (R 18 78)

!*(V,etc.) Compendium of commercial fly-by-wire problems (Peter Ladkin) (S 21 2:22)

@!!$hi Iran Air 655 Airbus shot down by USS Vincennes' Aegis system (above)

?h Qantas airliner challenged by US Cowpens, Aegis missile cruiser (S 17 4)

!V(f/h/i?) Varig 737 crash (12 dead) flightpath miskeyed? (S 15 1)

!V 707 over Elkton MD hit by lightning in 1963, everyone killed (S 15 1)

!V$m American Airlines DC-10 stall indicator failed; power was from missing engine (S 11 5)

!V Bird strikes cause crash of Ethiopian Airlines 737, killing 31 (S 14 2)

!V Dominican Republic 757 crash 6 Feb 1996, cause unclear (S 21 4:13, R 17 84)

!V BirgenAir crash at Puerto Plata killed 189 (R 17 87)

!!V$hi Further discussion of American Airlines Cali and Puerto Plata B757 crashes (R 18 10); in Cali crash, killing 159 of 163: same abbreviated code used for different airports (S 22 1:17); in a trial, evidence was given that 95 of 8,000 navigational beacons were not included in the airline database, including Cali's Rozo (R) - see media reports 17 Apr 2000. US Federal jury allocated responsibility 17% to Jeppessen, 8% to Honeywell, 75% to American Airlines (R 20 92; S 26 1:23)

!if American Airlines crash: simulator upset-recovery scenario predisposing pilots? (R 22 33)

!fi EFIS failure main suspect in Crossair crash (S 25 3:17-18, R 20 78)

!Vh 1996 B757 Aeroperu Flight 603: duct tape over left-side static port sensors? (S 22 2:22; R 18 51,57,59) Peru Transport Ministry verified this [Reuter, 18Jan1997]

*m Failure of Embraer Brasilia aircraft electronic displays due to icing (R 22 65; S 28 4:6-7)

*mfi Leisure International Airways A320 overran Ibiza Airport in the Balearic Islands [21 May 1998], partly due to computer failure (R 22 65-66)

*fh Airplane takes off without pilot, flies 20 miles, crashes (R 21 84,87)

Vm Migratory birds jam FAA radar in Midwest (R 17 44)

m Lovesick cod overload Norwegian submarine sonar equipment (R 20 07) [Who needs a cod peace?]

!!V Chinese Northwest Airlines BA-146 Whisperjet crashed on second takeoff attempt, killing 59; cause not available [23Jul1993] (S 18 4:12)

!V Ilyushin Il-114 crash due to digital engine control failure (S 19 1:9)

*V mi Dec 1991 SAS MD-81 crash (ice damaged engine) due to auto thrust restoration mechanism not previously known to exist by SAS (S 19 1:12)

*Vf 11 cases of MD-11s with flap/slat extension problem, including China Eastern Airline plane that lost 5000 feet on 6 Apr 1993 (S 18 4:11)

Vf/m/h? Chinook helicopter engine software implicated (S 23 3:23, R 19 51); more on the Chinook enquiry (R 21 14,18-20,22-23)

$d RAF Chinooks: over 6 year delay; still cannot fly in clouds; "radar systems and software" won't fit in the cockpit! (R 23 31) and correction: software certification, noncompliance, more testing needed, changing operational environment (R 23 32)

$*d UK MoD procurement risks and nonverifiable code; Chinook helicopters, software cannot be validated (R 23 80; S 30 3:23)

*Vrh Lessons of ValueJet 592 crash: William Langewiesche in Atlantic Monthly (R 19 62,63)

*Vf DC-9 chip failure mode detected in simulation (S 13 1)

!!V$f Electra failures due to simulation omission of gyroscopic coupling [not overflow, as originally thought] (S 11 5:9)

!V$f Computer readout for navigation wrong, pilot killed (S 11 2)

*f Apollo NAV/COM air navigation software bearing up to 50 miles and 16 degrees off (R 21 53); Garmin GPS can be interpreted as off by 180 degrees (R 21 56)

*Vhi South Pacific Airlines, 200 aboard, 500 mi off course near USSR [6Oct1984]

*Vhi China Air Flight 006 747SP 2/86 pilot vs autopilot at 41,000 ft with failed engine, other engines stalled, plane lost 32,000 feet [19Feb1985] (S 10 2, 12 1)

m/f B747-400 Electronic flight displays rendered inoperative (R 23 12; S 29 2:9)

*V Simultaneous 3-engine failure reported by Captain of DC-8/73 (S 14 2)

*Vfm Boeing KC-135 autopilot malfunction causes two engines to break off (S 16 2)

$Vfme Design change caused short-circuit causing autopilot reset, premature separation of booster from $150 million Japanese supersonic jet model at Woomera rocket range (R 22 43)

*Vf Avionics failed, design used digitized copier-distorted curves (S 10 5)

*Vf Lufthansa A320 overruns runway in Warsaw; actuator delay blamed (S 19 1:11); Logic flaw in braking system; fix required fooling the logic! (S 19 2:11)

mV A320 engine-starter unit overheats after takeoff, trips breakers, gave false thrust-reverser indications, engine control failure (S 19 2:12)

*mfhie Lufthansa Airbus A320 incident 20 Mar 2001 on takeoff from Frankfurt (R 21 48); detailed analysis of sidestick cross-wired during maintenance (R 21 96); final report April 2003 (R 23 24)

*V$f 727 (UA 616) nose-gear indicator false positive forces landing (S 12 1)

*Vhi USAir 737-400 crash at NY LGA; computer interface, pilot blamed (S 15 1)

!Vi Crash of USAir Flight 427 nearing Pittsburgh, 8 Sep 1994: see Jonathan Harr, (The New Yorker, 5 Aug 1996 (S 22 1:17)

*V Tarom Airbus automatic mode switch escaped pilot's notice (S 20 1:16)

*m Turkish Airbus false sensor indicating nose wheel not descended on landing (R 23 88)

*Vf British Airways 747-400 throttles closed, several times; fixed? (S 15 3)

*Vf JAL 747-400 fuel distribution stressed wings beyond op limits (S 16 3)

*Vf Older Boeing 747 planes suspected of diving due to autopilot design flaw; 747-400 speed reduction of 50 knots ordered; 747-200 sudden increase in thrust, another pitched upwards; etc. (S 17 3); FAA report on possible 747 autopilot faults relating to altitude losses (S 18 3:A15)

Vf 747 tail scrapes runway; center of gravity miscalculated by improper program upgrade (R 19 11)

*Vf Boeing 757/767 Collins autopilot anomalies discussed (S 19 1:10)

m Pilot fixes faulty 757 nosewheel sensor in Menorca airport (R 22 85); confusion in reporting analyzed (R 22 88-89)

**V 767 (UA 310 to Denver) four minutes without engines [August 1983] (S 8 5)

*Vf 767 failure LA to NY forced to alternate SF instead of back to LA (S 9 2)

*Vm Martinair B767 Aircraft suffers EFIS failure; instruments blank (S 21 5:15)

*V(f/m?) B777 autopilot/flight-director problems [Oct1996]? (S 22 4:29, R 18 83)

V$ Boeing 777 landing-gear weakness; strength off by factor of 2 (R 17 04)

*he Australian Ansett B767 fleet grounded due to maintenance breaches (R 21 17)

*Vf 11 instrument software failures in BA aircraft in Jul-Aug 1989 (S 15 5)

*fhi Analysis of potential risks of the Enhanced Ground Proximity Warning System (EGPWS), by Jim Wolper (R 19 56); pilots computer literacy? (R 19 57); relationship with GPS accuracy (R 19 57)

* Missile passes American Airlines Flight 1170 over Wallops Island (S 22 1:18)

m Fire alarms on Boeing 777 triggered by tropical fruit and frog cargo (S 22 1:17)

M Cell phone ringing in Adria Airways luggage alarms avionics; plane returns (R 21 20)

*m INCETE power ports in use in at least 1700 aircraft can result in exploding batteries? (R 19 94)

m* High-flying hijinks: canine passenger sinks teeth into plane (R 20 54)

SHf Air Canada "Jazz" airline grounded by computer virus in flight-planning computer, early Feb 2003 (R 22 54)

Sf/h Airline boarding pass algorithm flaw: two people with the same name (one M, one F) assigned the same seat (R 22 70)

Sh Hong Kong passenger winds up in Melbourne, despite correct boarding pass (R 22 79)

fme Continental Airlines check-in computer foul-up (R 22 77, S 28 6:9-10)

S* Risks of "soft walls" in avionics to keep hijacked planes at bay (R 22 79,80)

$f Comair cancels all flights on Christmas Day 2004: configuration changes exceeded 2¹⁵ for the month (R 23 63,64; S 30 2:21)

..... Private plane incidents

!Vrhi John Denver plane crash linked to unlabelled implementation change over spec: lever up for off, down for right tank, to the right for left tank; not very intuitive! (R 20 43)

*hi Crossing the International dateline becomes a navigational risk for a small-plane pilot: failure to reconfigure navigation computer results in flying east, not west (R 22 78, S 28 6:10)

..... Airport problems

Vm Power failure disrupts Ronald Reagan National Airport 10 Apr 2000 for almost 8 hours; backup generator failed (R 20 87)

Vmhi Lightning causes problems for lightning-detection system in Montreal airport near-disaster (R 24 01)

$def $200M baggage system seriously delays opening of new Denver airport (S 19 3:5); costly stopgap old-fashioned system planned in the "interim" (S 19 4:6); new software problems for incoming baggage (R 17 61); city overruled consultant's negative simulation results (R 18 66); baggage system only the tip of a huge iceberg of mismanagement, political infighting, etc., according to Bill Dow.

$def United abandons Denver Airport baggage system to save millions in operating costs by not using it! (R 23 89, S 30 4:19)

Vdfm$ Kuala Lumpur International Airport: Risks of being a development pioneer (R 19 68); airport opens 30 Jun 1998, but baggage and check-in systems failed for several days (R 19 84); similar events at the opening of the new Hong Kong airport a few days later (R 19 85)

Vm Amsterdam Schiphol airport computer down for 30 minutes, major delays (R 19 85); unchecked out-of-range value (R 19 93)

V$fe American Airlines' SABRE system down 12 hours; new disk-drive SW launched "core-walker" downing 1080 old disk drives, stripped file names ... (S 14 5)

Vm American Airlines' Sabre system software problem down for four hours (30 Jun 1998, evening rush hour) affected hundreds of flights across 50 airlines; second crash in a week (R 19 84)

m American Airline flights delayed due to computer crash, 29 Jan 2003 (R 22 54)

$m Independence Air computer outage for 6 hours seriously impedes operations (R 23 48)

$mh Computer failure grounds flights with day-long delays on American Airlines and US Airways coast to coast: human error? (R 23 47)

f Is Windows up to snuff for running our world? Windows alert box covered up Delta Airlines display information; also related items (R 23 57,59,61,62); similar problem in a bank (R 23 58)

*f/m/e? Computer error grounds Japanese flights 1 March 2003; flight numbers disappeared from radar screens; related to system upgrade to share flight plans with Japanese Defense Agency? (R 22 60-61)

f/m SAS new baggage system miseries at Copenhagen Airport (R 19 97)

m/f? Sydney Airport's new $43M baggage system fails for second time in five days (R 21 02; S 26 1:23)

m Total primary/secondary power outage at Sydney Airport leaves 20 planes circling (R 20 94; S 26 1:22-23)

h SAS reprinted summer airline timetables for the winter, but Internet version was correct (R 20 05)

mh Boston airport electronic display fiasco on flight to Philly (R 19 96)

m Airport security check powers up computer (R 20 55)

@hfm Two human errors silenced Los Angeles area airport communications; routine reboot forgotten, Microsoft 49.7-day flaw strikes, backup system fails (R 23 53; S 30 1:14-15)

..... Masquerading

*VSH 1986: Miami air-traffic controller masquerader altered courses (S 12 1)

*VSH 1994: Roanoke Phantom spoofed ATC, gave bogus information to pilots for 6 wks, caught (S 19 2:5); out-of-work janitor pleads guilty (R 15 39)

VSH 1996: Manchester (UK) air-traffic-controller message spoofer (UK) (R 17 44, S 21 2:21)

..... Other air-traffic control problems

*h 20-foot aircraft separation near-collision over LaGuardia Airport, 3 Apr 1998, due to controller being distracted by spilled coffee (R 19 79,84) together with increased error rates and radar dropouts results in FAA ordering retraining of air-traffic controllers (R 19 79)

mhe Aeroflot plane leaving Helsinki kept disappeared from tower radar, and had near-miss with Finnair charter, Nov 2000; newer French radar system also had other planes disappearing; problem traced to construction work at the airport! (R 21 22-23)

fe Westbury Long Island TRACON upgrade failed test, but backup to old software backfired (R 19 79)

*Vfm Radar blip lost Air Force One (S 23 4:21, R 19 63)

Vm* Air Force One disappeared from the Gibbsboro NJ radar twice on 5 Jun 1998, with President Clinton en route to MIT for the commencement speech; also reported was near-collision with a Swissair 747, missed by radar, Oct 1997 (R 19 79); Air Force Two disappeared from radar, 7 Jun 1998, and the same radar failed with AF2 overhead 17 Jun 1998 (R 19 82)

m?f? San Francisco Airport radar phantom flights (R 21 20, S 26 2:5)

*m Faulty ASR-9 radar system failures (Boston, JFK) led FAA to inspections, discovery of 23 further cases, and remediations (S 26 4:4, R 21 29)

f Air-traffic control woes (R 21 09, S 26 2:5-6)

fh 2002: Rash of british air-traffic control system outages in National Airspace System (S 27 3:5, R 21 98, 22 02-03, 22 09)

f Anecdote on a then-new European ATC center 99.99% reliable (52 minutes per year) that had already had a 20-hour down time shortly after installation: therefore it should not fail again for 25 years! It failed at 23:59 on 28 Feb (S 27 3:6, R 22 08)

Vm Aviation near-crashes in Kathmandu (R 21 09, S 26 2:6)

*V(m?f?) Indianapolis FAA route center running on generators for a week (R 21 11, S 26 2:6)

*h Delta plane 60 miles off course, missed Continental by 30 feet (S 12 4)

Vf SW fault in aircraft nondirectional beacon landing approach system (S 16 3)

V* New San Jose CA ATC system still buggy, plane tags disappear (S 14 2)

*Vf ATC computers cause phantom airplane images (S 16 3)

*fe Jeppesen GPS restricted-airspace navigation database corruption (R 22 64; S 28 4:6)

Vf West Drayton ATC system bug found in 2-yr-old COBOL code (S 16 3)

*Vh Open cockpit mike, defective transponder caused 2 near-collisions (S 12 1)

h Another open mike: couple join Mile-High Club, disrupt British air-traffic control (S 19 1:10)

*Veh ATC equipment test leads to Sydney landing near-collision (R 20 24)

*Vmf More ATC problems, fall 1998: New air-traffic control radar systems fail, losing aircraft at O'Hare (R 20 07); Dallas-FortWorth ARTS 6.05 TRACON gives ghost planes, loses planes (one for 10 miles), one plane on screen at 10,000 feet handed off and showing up at 3,900 feet! 200 controller complaints ignored, system finally backed off to 6.04 (R 20 07); near-collision off Long Island attributed to failure at Nashua NH control center (R 20 11); TCAS system failures for near-collision over Albany NY (R 20 11); two more TCAS-related incidents reported (R 20 12); landing-takeoff near-miss on runway at LaGuardia in NY (R 20 13); discussion on trustworthiness of TCAS by Andres Zellweger, former FAA Advanced Automation head (R 20 13)

*f? Automation-related Reduced Vertical Separation Minima (RVSM) AIRPROX incident over the North Atlantic, despite ACAS and TCAS (R 22 19); European RVSM safety case is flawed (R 22 22)

*def U.S. west-coast ATC woes 19 Oct 2000 (hundreds of flights affected) and 23 Oct 2000 (loss of flight plans for Northern CA and Western NV) (R 21 09; S 26 1:22)

df$ FAA Runway Incursion System: further delays in AMASS due to excessive false alarms (R 21 60,62)

$*fde STARS: Standard Terminal Automation Replacement Systems to replace ARTS - as of Feb 2002, more than 4 years late, $600 million over budget, "71 specific software problems that could prevent the system from operating as designed" and many questions (S 27 6:7-8, R 22 12)

f/m? Collapse of UK air-traffic control computer (R 20 93-94); known bugs reduced from 500 to 200 (R 21 01)

*dV Reports on UK New En Route Centre NERC for UK ATC (R 19 18,23,69); more on the NERC system crashes at Swanwick (S 27 6:9-10, R 22 12); safety and human factors (S 27 6:10, R 22 13); subsequent questions on readability of displays at the London Area Control Centre (R 22 40,44)

$e British Swanwick ATC slowdown Jun 2004; backup recalcitrant on 30-year-old system (R 23 41,42)

$ Discussion of NERC and STARS: COTS versus Bespoke ATC Systems (Ladkin, Leveson, S 27 6:8-9, R 22 12)

*Vfm Review on air-traffic control outages by Peter Ladkin (S 23 3:26, R 19 59)

*fhm, etc. UK air-traffic control problems summarized at www.pprune.org (R 21 11)

*SHA Fake air controllers alert in UK (R 21 04; S 26 1:22)

*h F-117 stealth fighter in near-miss with UAL jet (R 21 04; S 26 1:22)

V(f/m?) Faulty TCAS behavior. Australian report shows two faulty TCAS cases: Jan 1998 near Hawaii, TCAS off by 1500 feet vertically, caused false maneuvers; Jun 1999 over China, TCAS had higher plane descending toward the lower (R 20 60,62);

*Vfm Complete ATC power failure in the U.S. Northwest, 15 Jan 1999, discussion by Seattle controller, Paul Cox (R 20 19)

*Vmh Dulles radar fails for half-hour 23 Nov 1998 (R 20 10); discussion of air-traffic control safety implications (R 20 11), and ensuing comments from a controller (R 20 12)

*Vh Risks of runway crossings with tight takeoff/landing schedules (R 20 10)

f Airline clock wraparound in displays: UA Flight 63 from SFO "Delayed 1 hr 39 min, Arrive Honolulu Intl 12:01am Tues Early 22 hr 35 min" (R 20 15); More United Airlines Website flight curiosities (R 20 44)

h Accidentally enabled sex-aid vibrator in hand luggage causes bomb scare on Monarch Air flight; apparently not unusual (R 20 34)

*Vm Air-traffic control data cable loss caused close calls (S 10 5)

V$SHm Attack on fibre-optic cables causes Lufthansa delays (S 20 2:12)

VmM Display lasers affect aircraft: pilots blinded over Las Vegas (R 17 55)

*VM More on EMI and RF interference from passenger devices in aircraft systems (Ladkin) (R 19 24); still more, including discussion of Elaine Scarry article in 26 Sep 2000 The New York Review of Books( and follow-ups (R 21 04,08,11)

VSfM Case of GPS jamming of Continental flight by failed Air Force computer-based test (R 19 71) more on GPS jamming/spoofing: British Airways flight lost all three GPS systems while French military was testing jammers; Continental DC-10 lost all GPS signals while Rome Lab was experimenting with jammers (R 19 74,85)

Vf/h? GPS kills 8 in air (R 20 44-45) and radar-assisted collisions (R 20 45)

@*VM Cell-phone linked to London to Istanbul crash-landing? (R 19 34,36,37)VM Australia's Melbourne Airport RF interference affected communications, traced to an emanating VCR! (R 17 44)

*VM Osaka Int'l Airport's radar screens jammed by TV aerial booster (S 12 3)

*m Plane diverts after erroneous 4-digit hijack alert (R 23 89-91)

*M Cellular telephone activates airliner fire alarm (S 14 6)

Vfmhi? Aviation Risks using Windows NT avionics systems (S 23 3:27, R 19 46)

*Vfi Flawed ATC radars: planes disappear from screens; other problems (S 12 1)

hi Controller screwup causes NW 52 to Frankfurt to land in Brussels (R 17 38,40)

*Vdef Risks in the new Sydney airport control system (R 17 43)

*m Computer outage in Concorde leads to rocky nonautomatic landing (S 12 4)

*Ve British ATC 2-hr outage, 6-hr delays: faulty HW/SW upgrade (S 12 1) Computer problems down FL ATC, slow airline flights in Southern U.S. (S 19 1:11)

*Vfmd Air-traffic-control snafus in Chicago, Oakland, Miami, Washington DC, Dallas-FortWorth, Cleveland, New York, western states, Pittsburgh! (S 20 5:12); Another Oakland airport radar outage 28 Nov 1995, two hours (R 17 49)

V*fm Philadelphia airport radar problems, May 1999 (R 20 42) More radar glitches at Philadelphia airport 10 Mar 2000 (S 25 3:18, R 20 84)

Vhm Brief KC power outage triggers national air-traffic snarl (S 23 3:23, R 19 51)

!Vm New York air traffic slowed for 10 hrs by construction contamination (R 19 41)

*f Fall 1998 air-traffic control upgrade problems: New Hampshire (R 19 93), Salt Lake ATC (R 20 05); Dallas-FortWorth ARTS 6.05 (S 24 1:31, R 20 07), Chicago (R 20 07)

Vm Effects on automated traffic controls of plane crashing into 500Kv power line near Cajon Pass; more than 1000 traffic lights out (R 19 29,30); earlier effects of power failure in Perth (R 19 30); risks of major outages (R 19 32,33)

*Vhe Southern Cal plane crash due to software change? (S 12 1)

*Vmf Alaskan barometric pressure downs altimeters; FAA grounds planes (S 14 2)

*Vfm FAA Air Traffic Control: many computer system outages (e.g., SEN 5 3, 11 5), near-misses not reported (S 10 3:12)

*Vf ATC computer system blamed for various near-misses, delays, etc. (S 12 4)

*Vhi Air-traffic controller errors. O'hare near-miss: wrong plane code (S 12 3)

V(f/m/h?) 2 jets in near-miss approaching LAX; Brazilian VASP MD-11 pilot blames autopilot, others blame pilot (R 19 10)

*Vh F-16 incidents, TCAS: 4 separate risky military approaches (S 22 4:28, R 18 83)

*V$fm FAA report lists 114 major telecom outages in 12 months 1990-91; Secretary Pena blames air-traffic woes on computer systems (S 19 4:11) 20 ATCs downed by fiber cable cut by farmer burying cow [4May1991] (S 17 1); Kansas City ATC downed by beaver-chewed cable [1990] (S 17 1); Other outages due to lightning strikes, misplaced backhoe buckets, blown fuses, computer problems (S 17 1) 3hr outage, airport delays: Boston unmarked components switched (S 17 1) More on the AT&T outage of 17Sep91 noted below (5M calls blocked, air travel crippled, 1,174 flights cancelled/delayed) (S 17 1)

fh WashingtonDC air traffic slowed 11 Jun 1997: old wiring error (S 22 5:13)

V$fe SW bug downs Fremont CA Air Traffic Control Center for 2 hours [8Apr1992]; 12 of 50 radio frequencies died [17Apr1992], reason unspecified (S 17 3)

V$d New Canadian air-traffic control system SW problems, system late, it crashes, planes flying backwards, frozen displays, no radar,... (S 17 4)

*Vm NY Air Route Traffic Control Center computer failure (S 21 5:15)

*Vef Computer glitches foul up flights at Chicago airports (S 24 4:26,R 20 38)

@See below, general telephone problems that affected traffic control.

*$ Discussion of the implications, needs for oversight, assurance (S 17 1)

*V$m FAA ATC computers in Houston down for 3 hours; long delays (S 12 2)*

*V$rm El Toro ATC computer HW fails 104 times in a day. No backup. (S 14 6)

Vhfm Accidental power outage affects Pacific Northwest air traffic (S 21 2:21)

Vm Dallas-FortWorth ATC system power outage affects southwest (R 17 40)

Vm Las Vegas approach radar outage (R 17 41)

*V$m London ATC lost main, standby power, radar; capacitor blamed! (S 12 2)

*f London ATC goof - US ATC program ignores East longitude (S 13 4)

*f Software misdirects air-traffic controller data in Boston (S 13 4)

@d New £300 million UK air-traffic control system confronts complexity (S 22 1:18)

*Vh Commercial plane near-collisions up 37.6% in 1986; 49 critical (S 12 2)

*H Radar center controllers (So.Cal) concealed collision course info (S 12 2)

*V Jetliners in near-miss over Cleveland; wrong freq assigned, neither plane in contact with controllers (S 16 4)

*Vid Complexity of the airplane pilot's interface increasing (R 18 63)

*V Computer errors involved in plane crashes? (Aftonbladet) (R 18 65,66)

* Problems with below-sea-level aircraft altitudes (R 18 72,74)

h Plane takes off, flies for two hours, without pilot (R 19 47)

*Vf `TCAS Sees Ghosts' (see IEEE SPECTRUM, August 1991, p.58) (S 16 4); Traffic Alert Collision Avoidance System blasted by ATC people (S 17 1); See also relevant discussion on human errors by Don Norman (S 17 1:22)

Vih? TCAS related collision-avoidance mistake discussed (S 18 1:24)

*f Air-traffic controller reports on potential TCAS problem (S 18 3:A15)

Vf TCAS blamed for near collision over Portland WA; previous reports of phantom planes and misdirected avoidance maneuvers (S 19 2:12); Followup report (S 19 3:9)

*f?/+ TCAS incidents: northwestern U.S., Tehran (S 20 5:13)

? Discussion of TCAS near-miss in Southern Calif. (R 19 55,56)

!Vhimf South German mid-air collision over Lake Constance, 1 July 2002: TCAS told Russian plane to climb, Swiss controller said descend; plane crashed into DHL plane whose TCAS had prompted descent; discussion in RISKS whether to listen to TCAS or the controller! 71 dead (S 27 6:6-7, R 22 15,18, Ladkin analysis R 22 19) Listen to TCAS, not the controller (R 23 19); later analysis; air-traffic controller subsequently stabbed to death (R 23 23,25)

*m TCAS RA incident in UK airspace; faulty transponder off by 500 feet (R 23 72; S 30 3:23)

*m Analysis of automation-related AIRPROX incident: loss of separation between A330 and A340 operating under RVSM over the Atlantic, 2 Oct 2002; turbulence, TCAS limitations, etc. (R 23 19)

*Vf Chicago's O'Hare Airport radar lost planes, created ghosts (S 17 1)

*h GAO faults FAA for inadequate system planning in Los Angeles area (S 15 5)

$ FAA drops navigation system contract (S 21 5:16)

*Vhi Four 1986 British near misses described - all human errors (S 12 2)

*Vf/m? Leesburg VA Air Traffic primary, backup systems badly degraded (S 15 1)

*Ve? DFW ATC 12-hour outage after routine maintenance (S 15 1)

*V$ Computer outages force delays in So. Cal, Atlanta (S 12 2)

Vm Winnipeg rodent blows transformer, blacks out air-traffic control (R 23 61)

* Macaque reaches 747 cockpit controls; monkey loose on Cosmos 1887 (S 12 4)

$ Travicom computerized air cargo system withdrawn; £5M lost (S 12 2)

$H Computer hides discount airline seats from agents; lost sales (S 12 2)

$f Pricing program loses American Airlines $50M in ticket sales (S 13 4)

f,h,i Ordering airline tickets on-line: Nonatomic transaction gave tickets but no reservation (R 19 27); name confusions on e-tickets, with similar names (R 19 28) and identical names (R 19 29)

$d American Airlines reservation system SW woes adding cars, hotels (S 17 4)

V$m Power outage causes Australian airline reservation system "virus" (S 13 3)

f Delayed DoT airline complaint report blamed on computer (S 12 3)

$ First-day snafu at new Pittsburgh Airport; BA luggage uncoded (S 18 1:25)

Vm Hong Kong Flying Service computers corroded by hydrogen sulphide (R 19 41)

$f*h British Air 10M-pound inventory system loses parts, earnings, convictions, user confidence, nearly causes deaths, and costs legal expenses (S 18 1:9)

*?f?V? Out with pilots, in with pibots in our national airspace (R 21 96), and flocking algorithms (R 22 01)

deS? F-35 fighter jet too reliant on foreign software? (R 23 13)

hi+ Orientation of instrumentation to highlight normal operating conditions in aircraft and submarines (R 23 26,27)

*SHf Korean Airport subject to hackers, viruses, worms, etc. (R 23 53; S 30 1:12-13)

1.7 Rail, Bus, and Other Public Transit

! US railroad uses Wi-Fi to run 'driverless' trains (R 23 05; S 29 2:8); Union Pacific worker killed by locomotive he was operating remotely (R 23 07; S 29 2:8); Caltrain railroad accident results from deactivated crossing gate (R 23 08; S 29 2:8)

!Vmh Driver killed by unanchored ballast simulating passengers in test of "computer-controlled" AirTrain to JFK intentionally on manual around a curve; damage to the train and to 150 feet of concrete wall as well; blame went to the driver, not the ballast that killed him! (R 22 37)

f JFK AirTrain passengers end up at storage yard instead of airport (again) (R 23 28)

!Vh 42 die in Japanese train crash under manual standby operation (S 16 3)

!$Vm Loose wire caused Britrail Clapham train crash, 35 killed (S 14 6)

!!$Vhi Canadian trains collide despite "safe" computer; 26 killed (S 11 2) Report by A.M. Smiley of Human Factors North (Toronto) blames freight-train engineer for running red signal (TNX to Mindor Sjaastad)

*Vmh Rail Canada train derailed 3 Sep 1997; early warning alarm ignored by untrained crew, who disconnected it (R 19 94-95,97)

!Vh Southern Pacific Cajon crash kills 3; tonnage computations wrong (S 14 6)

!Vm Cannon St train crash in London, 1 dead, 348 injured, brakes failed (S 16 2)

!Vm Kings Cross passenger trapped in automatic door, killed; no alarm (S 16 2)

!V*h London commuter train crash out of Euston Station, 8 Aug 1996 (S 22 1:18)

V!*h Ladbroke British train collision, Oct 1999; driver ran red Signal 109 (R 20 59-60, 62-63)

*V(r?f?) London underground train went 4 stops with fail-safe doors open (S 16 2)

*Vrf London Docklands Light Railway crash; protection system incomplete (S 12 4)

m/f? U.K. computerized train from London halted in Chester countryside, ran through the entire set of remaining audio station announcements, tried to open the doors, issued false warning of fire; recycling all power for 10 seconds enabled the computer and train to reboot (R 21 47); new computerized Amtrak locomotives require 10 minutes to reboot, while 30-year-old Long Island RR electric trains seem fine (R 21 48);

Vfe Oyster card fault causes problems on London Underground and Docklands Light Railway; failure in system for updating revocations (R 23 79; S 30 3:29)

*f Flawed braking algorithm causes UK Pendolino trains to overrun stops in West Coast Main Line (R 23 63; S 30 2:17-18)

* Discussion of completely automated train controls (R 21 82-83)

*mfdei New `Heathrow Connect' trains do not want to go to Heathrow due to signal fault; scheduling problems with high- and low-speed trains; also braking problems, incorrect automated announcements; lengthening trains requires return to Siemens factory (R 23 91-92; S 30 4:23)

*Vh DLR unmanned trains crash under standby manual control (S 16 3)

e DLR train stopped at station not yet built to avoid changing SW (S 16 3)

*hf London Underground wrong-way train in rush-hour (S 15 3)

*fh London Underground train leaves ... without its driver (S 15 3)

*h South Wales train leaves without driver (R 22 26)

*fh Another London Underground driver leaves train, which takes off (S 19 2:2)

@SH London Underground hacked by insider posting nasty messages (R 17 36)

*h 1928 British rail interlocking frame problem revisited (S 15 2)

*f British Rail signalling software problems, trains disappear (S 15 5)

*Vm Leaves on track cause British Rail signal failure (S 17 1)

*Vf Removal of train's dead-man's switch leads to new crash cause (S 17 1)

*f/h? Severn Tunnel rail crash (100 injured) under backup controls (S 17 1)

V*fm Intercom hang-up caused 1997 Toronto train collision, 19 Nov 1997; 50 hospitalized; "dwarf signals" (R 20 49)

!f Aasta trains crashed, killing 19, 4 Jan 2000; safety-critical error; report leaves uncertainties; considerable discussion (R 21 28,30,32,36)

!Veihh Head-on train collision in Berlin killed 3, injured 20; track controls mistakenly set to one-way traffic, overseer overrode halt signal (S 18 3:A3)

!Vm German high-speed train disaster Jun 1998 and implications; automated system with inadequate sensors and overrides (R 19 80,81,83,89)

Vfm Berlin new automated train switching system (Siemens Generation C) fails from the outset of its use (R 19 77)

Vf Berlin S-Bahn stopped by switching SW stack overflow (S 22 2:19, R 18 55)

Vm Berliner S-Bahn power outage took out three switching computers, shutting down train traffic for 2:25 (R 22 53, S 28 3:5)

hi Near-disaster on a French RER commuter train (R 22 92: S 29 2:8-9)

*feh NY City subway crash due to operator, outdated parameters (S 20 5:8)

*m Runaway train on Capitol Hill (S 24 3:26, R 20 13)

*fm Runaway remote-controlled coal train plows into NIPSCO generating station; and earlier accidents; system not designed for these trains (S 27 3:6, R 21 94)

m Computer crash freezes train traffic in 8 US states (S 20 3:8)

$Vdef Stack overflow shuts down new Altona switch tower on first day (S 20 3:8)

m Paper-clip causes hard-drive overflow, triggering traffic-control computer failure stopping trains in south Finland for an hour (R 19 10)

* Train Accident in China due to safety systems known not to work (S 17 1)

*m Control faults cause Osaka train to crash, injuring 178 (S 19 1:4)

*f Sydney train system traps man's leg (R 21 01)

VMf$ Sydney's new Millennium trains put on hold by electrical signal interference problems; very complex system with other problems as well (R 22 68-70)

f/m? Computer glitch causes severe train delays in Melbourne (R 20 48)

Vm Electrocuted snake cancels 34 trains in northern Japan (R 19 88)

*h Japanese bullet-train drivers must wear hats; driver with missing hat left his seat, and train kept running (R 21 27)

*h Japanese bullet train driver falls asleep at the controls, fails to push confirmation button and brake; automatic brake worked (R 22 60)

$*f Japanese bullet trains with faulty software speed controls, not detected in test runs (R 23 84)

Vm Zürich main railway station outage due to control center failure (R 23 70; S 30 3:24)

*hi Amtrak mainline train collision in Maryland, Feb 1996 (S 21 4:13)

Vf/m? Amtrak ticket system breaks down (S 22 2:19)

$dmfhV Amtrak's high-speed Acela trains sidelined for many months; million-mile brakes don't last, just enough spare parts to keep one train going; deeper problems as well (R 23 85,87)

Vrm Hurricane Floyd had widespread effects, Amtrak operations center problems in Jacksonville affected trains in Eastern Seaboard, Chicago, Michigan; also DC commuter rail (R 20 58); ISDN lines, ATMs, EDS (R 20 62); nationwide AT&T cellphone service interruptions (R 20 59);

f CSX crew spots problem signal, averts collision; insulation problem? (R 21 04; S 26 1:20)

f/m Train-ticket vending machine bogus tickets; innocent victim harassed (R 19 20)

f Train reservation process confuses city codes and airport codes (R 21 51)

Vm Swedish central train-ticket sales/reservation system and its backup both fail (R 20 05)

e Upgrade to Guildford Station (Surrey, UK) software disables hundreds of train tickets for automated gates (R 20 94: S 26 1:20)

!i Washington D.C. Metro crash kills operator (S 21 4:13)

Vmf Washington D.C. Metro Blue Line delay 6 Jun 1997; system+backup failed (R 19 22)

$ef DC Metro discovers flag-day issues with changeover in SmarTrip payment systems (R 23 44, update in R 23 46)

Vmfe Computer crash impacts Washington D.C. Metro (S 23 3:25, R 19 50)

Vf/m? Computer problems foul up the Washington D.C. Metro system; graphics system froze (R 20 60)

fi D.C. Metro can't label rerouted holiday trains on 4 Jul 2000: confusion (R 20 95; S 26 1:20)

mf Computer graphics system crash stalls D.C. Metro (S 26 4:4, R 21 36)

mf D.C. Metro computer crash leaves disabled riders stranded (S 26 6:9, R 21 44)

*h Atlanta MARTA commuter train jumps track, injuring 19 (S 21 5:14)

*f LIRR trains fail to trigger computerized crossing gates (S 22 1:18)

m Lightning knocks down wall of an English pub, and closes fail-safe railroad crossing that blocked fire engines (R 19 72)

Vfm Computer crash shuts down Taipei subway (S 21 5:14) Note: Matra made software for both Ariane5 and Taipei subway system (S 21 5:15)

V$mf Swiss locomotives break down in cold weather; SW fails (S 20 2:11)

h Swiss train disappears from tracking system (S 26 6:9, R 21 42)

Vm Single point of failure in self-generated power paralyzes Swiss Railsystem for 3 hours 22 Jun 2005 (R 23 92; S 30 4:22-23)

*f Flaw discovered in Swedish rail control system after near miss (R 19 22)

fh Union Pacific merger aftermath: gridlock, lost trains (S 23 1:11, R 19 41)

* Japanese railway communications jammed by video game machines (S 12 3)

* Japanese train doors opened inadvertently several times; EMI? (S 12 3)

*(m/f?) Caltrain Baby Bullet train runs with door open between stops (R 23 87)

*f SF BART train doors opened between stations during SF-Oakland leg (S 8 5)

f SF BART automatic control disastrous days of computer outages (S 6 1)

*V$m BART power mysteriously fails and restores itself 5 hours later (S 12 3) battery charger short and faulty switch subsequently identified (S 12 4)

m BART ghost train, software crash, 3 trains fail, system delays (S 22 2:19)

f BART ghost trains; 567 cases in two years (R 20 31-32)

f SF Muni Metro: Ghost Train recurs, forcing manual operation (S 8 3)

f SF Muni Metro: Ghost Train reappears; BART problems same day (S 12 1)

mM San Francisco Muni adds new communicating streetcars, has to remove old ones blocking comms to increase service (R 19 95); Muni driver leaves car, which went on driverless! (R 19 95)

*fm Chunnel has ghost trains, emergency stops (due to salt water?) (S 20 3:9)

Vf Phantom trains down Miami's Metromover inner loop for 2 days (S 20 5:8)

$*H SF Muni Metro crash; operator disconnected safety controls (S 18 3:A3)

$d Washington D.C. Metro stops payments on troubled computer (S 23 4:21)

h LA Rapid Transit District computer loses bus in repair yard (S 12 2)

$f LA RTD phantom warehouse in database "stores" lost parts (S 12 2)

fhi Analysis of the Chicago train/bus crash (R 17 43)

*Vm Water seepage stops Sydney automated monorail computer controls (S 13 4)

Vfh Daylight savings time changeover halts train for an hour (S 15 3)

if Amtrak's on-line trip planner suggests Portland to Seattle via Chicago and LA (R 23 20,22)

m Risks of the modern train: lots of inconveniences (R 20 54)

@$dmf Las Vegas monorail big development delays; drive-shaft fell off; flaw in train spacing software (R 23 37; S 29 5:14)

f Sydney trains disrupted by unknown software glitch, stranding passengers for two hours (R 23 35; S 29 5:14)

mfhi UK New Southern Railway passengers trapped in trains for up to 45 minutes in new cars; software uses GPS-based detectors to detect trains stopped at station platforms with not-excessive train length; drivers apparently not trained to override (R 23 52); is GPS accurate enough for this? (R 23 53)

*mh Amtrak railroad signal failure (R 23 54)

SHVf Risks of British Rail using satnav/GPS to keep trains running on time; overkill? (R 23 71,72); related risks revisited (R 23 78,82)

1.8 Ships

$*f Puget Sound ferry computer failures - 12 crashes; settlement vs builder $7 million; cost of extra $3 million for manual controls! (S 12 2); Electronic "sail-by-wire" replaced with pneumatic controls (S 15 2)

$fi Ship runs aground; reverse-logic steering problem? (S 15 1)

m Royal Majesty runs aground due to GPS antenna failure (S 20 5:8)

*f Hard-left cruise-ship's autopilot blamed for sharp turns (S 26 6:10, R 21 41)

!$ Trawler Antares sunk by submarine; computer showed 3mi separation (S 17 4)

*$rh? QE2 hits shoal; 1939 charts off by 7 feet? (S 17 4)

M GPS on M.V. Manatoulin cargo ship failure traced to interference from the captain's TV antenna (R 19 90)

(+/-) GPS is killing lighthouses (R 23 70) [risks of trusting technology, not your own eyes]

m/h? Computer-controlled ballast tanks tip drydocked ship, both ways! (S 17 4)

*f/m Apparently uncommanded rudder movement in cruise liner injures passengers (R 22 64; S 28 4:6)

$*hhh Computer override backs Australian frigate onto rocks (R 23 71; S 30 3:24)

f Titanic photo expedition control program erratic (S 11 5)

..... Roller-coaster accidents and risks

!Vhmie Two loose screws cause death of Disneyland Big Thunder Mountain roller coaster rider (R 23 05; S 29 2:8)

*m? 42 Japanese injured in roller-coaster car crash (EMI?) (S 12 3)

*$f Computer-controlled Worlds of Fun roller coaster trains collide (S 15 3)

*$f Dorney Park roller coaster crashes; same design flaw, builder (S 18 4:2)

* Roller Coaster controls balance scariness and safety? (S 15 5)

*e Astroworld ride jams at top with reporters; untested SW change (S 16 3)

*f Blackpool roller-coaster (1) fault traps 30; (2) 2 trains collide (S 19 4:5)

*fm Malfunction shuts down computer-controlled British Airways London Eye amusement park ride; also, a carnival ride with blue screen of death just before rapid descent (S 27 3:6, R 21 93-94)

+? More on making roller coasters idiot-proof: automation (R 19 93)

*? A new approach to roller coasters: RoboCoaster Windows-based self-programmed personalized rides, with six axes, 1.4 million combinations; all safe? (R 22 89, S 28 6:8); controls separated (R 22 94)

fm Universal Orlando Incredible Hulk Coaster gets stuck (R 23 69; S 30 3:29)

1.9 Automobiles

!hi Driver kills cyclist while trying to save Tamagotchi virtual pet on her key ring (R 19 67)

!$h Wilson (draw)Bridge warnings not set, truck plows into car (S 17 1); See relevant discussion on human errors by Don Norman (S 17 1-22)

!$f? Mercedes 500SE with graceful-stop no-skid brake computer left 368-foot skid marks; passenger killed (S 11 2)

!$f? Audi 5000 accelerates during shifting. 2 deaths. Microprocessor? (S 12 1)

*SHf Auto computer systems at risk to viruses (R 23 96, 24 01)

*f? High-voltage hybrid vehicles may be hazardous to rescuers' health? (R 23 35), clarification (R 23 36)

*$f? Microprocessors in 1.4M Fords, 100K Audis, 350K Nissans, 400K Alliances/ Encores, 140K Cressidas under investigation (S 11 2)

fmM More on risks of microprocessors in cars (S 16 2)

*V(f?) Saturn auto assumption cuts off engine at high speed (R 21 10); Nissan also (R 21 13)

*fm Formula 1's string of control-system failures (R 21 48,49)

*SM Sudden auto acceleration due to interference from CB transmitter (S 11 1)

*M Sudden acceleration of Dutch bus commonplace: interference (S 23 1:11, R 19 40)

M GM sudden acceleration (31 deaths, 1121 injuries between 1973 and 1986) linked to EMI in court; Audi cases still suspected; cars less protected than aircraft (R 19 38); note from Adam Cobb in Australia (R 19 42)

*m Runaway Pontiac Sunfire racing out of control, rescued dramatically (R 23 33-34)

*fm Hour-long runaway Renault regulator, speed reaches 125mph; solution: pull out the electronic card (R 23 56)

fm 2004/early-2005 Prius cars shut themselves down at speed (R 23 87; S 30 4:24)

*i Handicapped's gas pedal on left side of car leads to 3 injuries (R 22 90)

M Remote-control car starter also controls car doors, turns on heater, defroster, or air-conditioner, up to 400 feet away (R 19 37)

*fmi The dangers of remote start on a car with manual transmission (R 22 90)

*fm MS Windows crash traps Thai politician in BMW (R 22 73, S 28 6:11)

@*fM Keyless remotes to cars suddenly useless (R 23 45)

*f/m [but not human error] Fire truck with electronically controlled all-wheel drive auto-steers itself into tree (R 23 30; S 29 5:14)

*fh Two Opticon-enabling fire trucks collide (R 23 34)

f(i?) BMW under GPS navigation driven into Havel River (R 20 14)

i?h?f? Man trusting in-car computer directions to meeting in York in NE England arrested for speeding, banned from driving; computer had directed him to small village in NW near Manchester (R 22 37)

M Swedish policeman's handheld digital radio triggered his car airbag, which hit him with the radio unit (R 19 43)

SM Cell phones can interfere with auto systems (R 19 63)

SM Czechs ban mobile phones in gas stations (interference) (R 19 68-69)

Sf Denver car-emission testing program bypass (S 21 4:17, SAC 14 3)

f Connecticut automobile emissions test readings in error; propane measured instead of hexane (R 23 28)

$f Toyota smog-warning computer lawsuit (R 20 48)

f Germany to rely on on-board diagnostics for vehicle emission checks (R 21 15, S 26 2:7)

f$ Emissions software glitch falsely fails hundreds of older cars in Atlanta (R 20 04)

*? Fly-by-wire SAAB: joystick, no mechanical linkage, keyboard, screen (S 17 3)

*Vefm Jaguar loses all power due to faulty car phone installation (S 15 5)

*f 1986-87 Volvos recalled for cruise-control glitch (S 13 3)

*f Renault cruise-control failures? car won't slow down (R 23 81; S 30 3:25)

* General Motors recalls almost 300K cars for engine software flaw (R 18 25)

f*$ General Motors recalled almost one million cars (1996-97 Chevies, 1995 Cadilacs) for undesired airbag deployments; Chevy fix involved software change (R 19 85)

*f$ GM recalling around 127,000 Chevrolet Corvettes for program flaw (R 23 18)

*f GM recalls 12,329 Cadillac SRX for anti-lock brake flaw (R 23 30; S 29 5:14)

m Sony recalls 40,000 more Vaio PCs due to defective power supply (R 22 70)

- Comments on software explosion in new automobiles (S 22 2:23)

*H Home-reprogrammed engine micro makes 1984 Firebird into race car (S 12 1)

SH Hacking of car engine computers reaches Australia (S 13 4)

*f Anti-skid brakes and computer controlled race cars? (S 12 1)

*Vrf Car with computerized steering loses control when out of gas (S 12 4)

*Vf Non-fail-safe power-outage modes - car locks (S 13 1)

*Vrm Experimental semi-truck micro died (EMI) when near airport radar (S 12 1)

*$f El Dorado brake computer bug caused recall of that model [1979] (S 4 4)

i?m?f? Ford/VW/Nissan cars with Microsoft dashboard Windows PCs (S 23 3:25, R 19 54)

*$f Ford Mark VII wiring fires: flaw in computerized air suspension (S 10 3:6-7)

*Vf Cadillac recalling 57,000 cars for headlights-out computer problem (S 12 3)

* Computerization of the automobile continues apace (R 23 76; S 30 3:27)

V$f Oldsmobile design lost: hard disk wiped, backup tapes blank! (S 12 4)

f GM blames smelly Astros and Safaris on faulty computer fuel mix (S 13 4)

*mh Computer blamed for unbalancing of tires (S 14 6)

$drf Computer traffic/revenue model problems delay Denver highway (S 17 3)

m True Value 500 lap-counters in 5 cars fail during race; no time for backup (S 22 5:13)

*m Automated Pentagon car barrier hoisted limousine, injuring Japanese Defense Minister and five others, Sep 1998; faulty sensor (R 19 97); same gate malfunctioned, Aug 1990, injures German defense attaché and American aide (R 21 06; S 26 1:26)

*f Problems with the Wide Area Augmentation System (WAAS) (S 25 3:17, R 20 84)

f Amusing parts inventory system overshoot: bits needed to remove spot welds from one car by one person required purchase of entire stock of drill sets each weekend for 3 months; result: predictive system ordered many hundreds! (S 27 3:10, R 22 05)

$(+/-) Integrated Project Control System: the smart highway (R 22 01)

1.10 Motor-Vehicle and Related Database Problems

!!h Bus crash kills 21, injures 19; computer database showed driver's license had been revoked, but not checked? Also, unreported citation (S 11 3)

!P Stalker obtained address of TV actress Rebecca Schaeffer from Calif DMV DBMS, and murdered her, July 18, 1989; new regulations on DB access: notify interrogatee, then delay response for two weeks (S 14 6, R 9 18)

Vfm Elbtunnel computer crash causes monster traffic tie-ups (R 23 95; S 30 4:23-24)

$SP Misused (25% of sample) computerized Calif auto registration info (S 16 4)

SHI 24 California DMV clerks fired in fraudulent license scheme (S 23 1:14, R 19 27)

SP California DMV online database reveals too much (S 27 3:13, R 22 05)

@California DMV fosters identity theft: 100,000 of 900,000 duplicate license requests in 1999 were fraudulent! (R 21 07; S 26 1:34)

*SH California Ex-DMV worker admits altering driving records for money (S 17 1)

$SH Personal misuse of motor vehicle data by London policeman (S 17 1)

$SPH Iowa theft ring misusing license plate info, busted (S 18 1:19)

*SH British auto citations removed from database for illicit fee (S 11 2-4)

$SH Father's desktop publishing used for bogus drivers' licenses (S 18 3:A8)

P Risks of stored digitized photos on drivers licenses (S 19 1:9)

$f California DMV computer bug hid $400 million fees for six months (S 11 2)

$f Toronto motor vehicle computer reported $36 million extra revenue (S 11 3)

Vef NJ DMV computer system upgrade crashes on first live use (R 19 80)

hP NY State DMV accidentally cancels auto registrations (R 21 15, S 26 2:7)

hi Audit shuts down Minnesota car license website; previous warnings ignored (R 23 85; S 30 4:24)

V(m?e?) Massachusetts Motor Vehicle computer down after maintenance (S 14 6)

ef Massachusetts new online renewal system issues ID cards instead of drivers' licenses to 3,600 drivers (R 22 35)

f Alaskan DMV program bug jails driver [Computerworld, 15Apr1985] (S 10 3:13-14)

f? Parisian computer transforms traffic charges into big crimes (S 14 6)

$ Georgia vehicles stopped as stolen; new tags match old ones (S 15 3)

$f New California DMV computer system issues large erroneous bills (S 16 1)

$e SW patch adds $10-30 to 300,000 auto tax bills in Georgia (S 19 3:5)

$ Chicago cars get erroneous tickets for illegal parking (S 15 3)

$h 1000 IL residents dunned for bogus parking violations (S 15 3)

$f NYC parking violations computer issues many bogus bills per year (S 15 5)

f Computer glitch mails Mass. driver's licenses `en masse' (S 22 4:29, R 18 83)

f NJ DMV computer changes drivers' names to "Watkins Leasing Co." (S 12 3)

$ NSWales computer deregisters ALL police cars; unmarked car scofflaw (S 15 2)

i Mileage input default problem in Ill. exhaust emission enforcement (S 17 2)

$fd California DMV system upgrade botched; $44.3M deadend (S 19 3:5)

m Computer crash caused loss of scheduled taxi cab pickups (R 20 98; S 26 1:20)

*f Fire engine startup risks: computer-controlled engine requires minutes to reset (R 23 50)

..... Automated highways:

* Human risks in IVHS automated vehicles (R 19 08,10,11)

1.11 Electrical Power (nuclear and other) and Energy

..... Nuclear power:

!!!V$rh Chernobyl nuclear plant fire/explosion/radiation [26Apr1986] (S 11 3) Misplanned experiment on emergency-shutdown recovery procedures backfired. Fatal (at least 31), serious cases continue to mount. Wide-spread effects. (The town of Chernobyl is now being dismantled.) [Vladimir Chernousenko, director of exclusion zone, estimates already 7-10K deaths among the clean-up crew, according to San Francisco Examiner, 14Apr1991, p. A-6.] 500,000 contaminated, 229,000 in clean-up crew (San Fran. Chron, 17Apr91); 8,500 in clean-up crew dead, many others (San Fran. Chron,14Apr91,p.A10)

*V$f 14 failures in Davis-Besse nuclear plant emergency shutdown (S 11 3)

*$hrmi Three Mile Island PA, subsequently recognized as very close to meltdown (S 4 2), with 4 equipment failures plus misjudgement. SW flaw noted (S 11 3)

*$h Three Mile Island accident revisited on 22nd anniversary: Loss of Comprehension, not just Loss of Coolant; typical of software development as well! (R 21 31)

!!V,$ Various previous nuclear accidents - American (3 deaths SL-1 Idaho Falls) Soviet (27-30 deaths on Icebreaker Lenin, three other accidents) (S 11 3)

*mfh Restarting the Salem nuclear reactor with a flawed part; sensors moved to avoid detection! (R 23 63; S 30 2:17)

*r Subsequent to Chernobyl, US Nuclear Regulatory Commission relaxed fire isolation guidelines, enabling a fire to wipe out two systems (S 11 3)

f* US-lent Russia Microsoft nuclear monitoring software, which lost track of nuclear materials (R 21 50)

*$ Crystal River FL reactor (Feb 1980) (Science 207 3/28/80 1445-48, S 10 3:11-12)

*Vrf Bug discovered in Shock II model/program for designing nuclear reactors to withstand earthquakes shuts down five nuclear power plants (S 4 2)

* Nuclear power-plant safety (S 12 4)

Sfi U.S. nuclear powerplants may not have firewalls (and not supposed to be linked to the Internet!) (R 22 90)

*$f? British nuclear reactor software safety disputed (S 14 6)

*d Untested risk management system for UK nuclear power stations? (S 18 2:10)

*$hf? Sizewell B nuclear computer safety software complexity causes concern; Sellafield reprocessing plant computer error adds further concerns (S 17 1) Official report summarized. Maintenance work underway. Two shield doors left open. Waste raised. Plant still shut down, more study. (S 18 1:27) See also Dolan (R 15 58) and Parnas (R 15 59) on software testing.

fff Czech Temelin nuclear plant problems: vibrating turbine causes three-month shutdown; restart again shut down due to software flaw; 23rd shutdown since beginning of operating tests (R 21 64)

*$f? French nuclear power software safety considered error-prone (S 15 1)

*Vm Oswego NY Nuclear reactor offlined by 2-way radio in control room (S 14 5)

VSMr Interference downs Iowa nuclear power plant (2nd time) (S 18 1:12)

*f SW error at Bruce nuclear station releases radioactive water, and raises questions about Darlington (S 15 2); more on Darlington, shutdown SW difficult to modify, verify (S 16 2); still more (R 22 87)

* Fuzzy control in nuclear reactor startup/shutdown (Omron FZ-1000) (S 16 3)

*r Nuclear Regulatory Commission Emergency Response Data System vulnerability: only one modem (R 20 11)

*hhf Report by Chiaki Ishikawa on Japanese nuclear accident, with significant radiation release: a case study of bad design (R 20 61)

*f Grenoble neutron reactor 10% over limit; equations wrong and instrument miscalibrated, ordinary not heavy water assumed in both cases! (S 15 2)

$df New French reactor's distributed computer system abandoned (S 16 2)

*$VSH Lithuanian nuclear power-plant logic bomb detected (S 17 2)

Vhi 20 of 59 Soviet N-Plant shutdowns 1st half 1991 due to `human error' (S 16 4)

f (Assumed) false alarm at San Juan Capistrano nuclear plant (S 16 4)

*Vf Power surge shuts down 9 Mile Point nuclear station Oswego NY; uninterruptible backup power fails as well; site area emergency triggered (S 16 4)

$* Tolerability of Risks from Nuclear Power Stations (report) (S 18 1:11)

* Northeast Util. Millstone 2 nuclear power problems, underreporting (S 19 4:7)

Vhi Xerox machine caused nuclear-power plant emergency halt (S 21 5:16)

VSH Florida nuclear controls "vandalized"? Switches glued (R 18 35)

*H More than 150 cases of falsified reports on welds in nuclear-power plants. (R 19 39)

@eh Pilgrim nuclear plant Y2K readiness questioned by NucRegComm (R 20 40)

*+/- California's Diablo Canyon 1 nuclear reactor auto shut down releases some radioactive steam; shutdown worked properly (R 20 89)

*f Australia's Beverly uranium processing plant software bug blamed in radioactive spill (S 27 3:6-7, R 21 90)

h Accidental alert spooks Vermont Yankee nuclear plant neighbors (R 22 44)

Mmf Peach Bottom nuclear plant shut down by lightning strike (R 23 05; S 29 2:9-10)

*h Nuclear reactor guard asleep on the job (R 22 92; S 29 2:10)

..... Nonnuclear power:

!m,h Electrocution leads to more deaths (R 21 15, S 26 2:7)

hd Grid-lock: Software missing, California electric power deregulation delayed (S 23 3:25, R 19 52)

VSHO Calif. PG&E power substation damaged; note links attack to McVeigh verdict (R 19 21)

mf$ "Heading off emergencies in large electric grids" (IEEE Spectrum article, April 1997, pp.43-47) (R 19 09)

@$* Risk: Analysis, Perception and Management (report), assessing the worth of a human life around £2M to 3M, .5M in Transport Dept. (S 18 1:11)

*V$r 9 Nov 1965 Northeast power blackout (NY, PA, VT, Conn, Mass) due to set-too-low threshold being exceeded; roughly 13 hours to recover

*V$r 13 Jul 1977 power blackout (lower NY state) took twice as long to recover from as 1965: up to 26 hours

*$Vhmfir 14 Aug 2003 massive northeast power-grid overload blackout; recovery took up to 44 hours to get most but not all power back (R 22 85-86, S 28 6:6; also R 22 96); computer failures led to NE US blackout (R 22 90); pithy analysis of the bigger picture of critical infrastructure vulnerabilities: The Road to Vulnerability, Patrick Lincoln (R 22 86, S 28 6:6-7); blackout computer failure analysis found a race condition, failures in the alarm system causing alarm queues to back up, crashing a computer (R 23 31; S 29 5:13-14)

$*f Latent software bug in GE XA/21 energy management system contributed to the 14 Aug 2003 northeast blackout (R 23 18)

*V$f Power blackout of 10 Western states, propagated error [2Oct1984] (S 9 5)

*V$mh Western U.S. power blackouts, more propagated effects [2Jul1996] (R 18 25, S 21 5:13); apparently, initial report of outage from tree touching a power line was not relayed: operator could not find the phone number to call!

*V$mhf West-coast summer power losses: 10 Aug 1996 affected 8 million accounts in 8 states, parts of Canada and Baja, with major outages, air-traffic effects; many interlinked causes. 13 Aug outages included Palo Alto shutdown due to erroneous signal (S 22 1:16); Palo Alto outage fried the Cable Co-op Playboy channel scrambling chip, programs went out in the clear (S 22 1:17); Stanford outage 10-11 Oct 1996 takes down Silicon Valley Internet connectivity, newpaper Web sites; caused by rats, explosion (S 22 1:16) (R 18 27-29,34); Claims that the 2 Jul 1996 outage could not happen again (R 18 32)

VSH(O?) 3.5-hour San Francisco power blackout 23 Oct 1997 blamed on sabotage (S 23 1:13, R 19 42)

V$m Downtown Chicago hit by electrical blackout, 12 Aug 1999; 3 of 4 transformers down, plus high-voltage cable (R 20 55)

$Vh Power-plant apprentice's mistake melted down $500,000 transformer, blacking out Palm Beach; west-bus switch turns on cooling system; east-bus switch closed first, in another room (R 22 22)

*V$hm Another San Francisco power outage: SFO Airport, Pacific Stock Exchange, rapid transit down, 1 million customes affected (S 24 3:25, R 20 11)

$me Huge 2003 London blackout caused by using 1-amp fuse instead of 5-amp fuse (R 22 91)

m Scotland Yard power-outage chaos: all phones out, police emergency call logs failed (R 22 77)

*$Vm Auckland NZ without power for weeks; El Nino drought affects cables (R 19 61); Auckland major power supply failure (4 power-cable failures): analysis report released (R 19 88)

Vm$ New Zealand cable service disruptions due to (1) digging, (2)rodent, shut down stock exchange and other enterprises (R 23 91; S 30 4:22)

m Remote line break leaves San Juan Puerto Rica without power (R 21 04; S 26 1:21)

Vm Power cut in northern India hits 226,000,000 people (R 21 18)

Vm Power cut blocks emergency calls (R 21 16)

*V$ Don't forget the 6-week power outage in Quebec in winter 1996-97 due to massive collapse of heavily iced transmission towers, which had massive effects. Although it was not directly computer related, whoever designed the towers certainly did not allow for reality as the weight of the ice was way over the designed load.

*Vrfm Maine Emergency Broadcast System fails: no emergency power (R 19 55)

V$m Intel shut down by power-company software bug, 5-hour outage (R 18 02)

*m Jan 1994 L.A. earthquake power failure affects Pacific NW (S 19 2:3)

Vm$$ Chicago Loop tunnel flood blows power, computers, comm 13Apr92 (S 17 3)

m 22-state PULSE ATM network completely disabled by Houston computer center flooded by Tropical Storm Allison (R 21 47)

*Vf Ottawa power utility loses working three units to faulty monitor (S 11 5)

V$fdmh $25M Australian power system runs amok; damages = $1.5M (S 20 2:11)

*VSi Misdirected phone call shuts down local power (S 20 3:7)

m Boa constrictor triggers blackout in Honduras (R 23 39)

*V$rma Squirrel arcs power, downs computers in Providence RI (S 12 1)

V$rma SRI attacked by kamikaze squirrel who downs uninterruptible power (S 14 5)

Vrma 4th SRI squirrelcide causes 8-hour outage, surges, system rebuild (S 20 1:17)

V$rma 5th SRI squirrelcide causes 18.5-hour institute outage, knocking out cogeneration power and disconnecting from utility power (R 19 96); earlier cases: see (R 17 91, R 18 52-53).

Vm 6th SRI-wide power outage "caused when Cogen staff pressed the wrong button and took the facility off-line." (S 27 1:9, R 21 72)

Vma Another squirrelcide: San Jose Airport power cut (R 20 87)

V$rma Squirrel attack brings down Walla Walla (S 21 2:17)

Vrma Squirrel knocked out Trumbull Connecticut infrastructure computer center (S 22 1:17)Vma Racooonoitering causes power outage at UC Santa Barbara (R 21 11)

Vrma Snail causes Liechtenstein's cable TV system to fail (S 22 1:17)

Vrma Kamikaze raccoon downs cold fusion experiments (S 14 5)

Vrma Rat bridging connector downs U.C. Berkeley campus power (S 19 4:6) @Also, see Nasdaq squirrel outages (S 13 1) and (S 19 4:5-6)

Vrma Rat-induced short-circuit at Barranquilla airport closes airport (R 19 38)

Vrma Rat-patrol cat in Dhaka, Bangladesh, shorted out power station control room (R 19 74)

Vra* House cat kills power to commercial district in Dhaka Bangladesh (R 19 67) ("Un chat" in the dark?)

Vmr Fire ants enjoy the comfort of electrical equipment (R 19 17-19)

Vrfh Vacuum cleaner interrupts uninterruptible power (S 19 3:8)

*Vm Reactor overheating, low-oil indicator; two-fault coincidence (S 8 5)

Vhi Trainee raises false alarm on utility emergency printer (S 12 3)

Vmf Fire risks compounded by loss of residential power; alarms and cordless phone ran off house power (R 19 82)

- Booming computer firms are running out of power (R 20 98)

- Russian troops override power shutoff for unpaid bill affecting missile base (R 21 05; S 26 1:21)

!h Illinois man dies after utility cuts power for arrears (R 20 95; S 26 1:21)

$*m/h? Swedish power company system sent excessive voltage to customers, causing fire in one house, destroying heating systems (R 23 56)

m Hydroelectric plant in Nova Scotia shut down when humpback whale breached underwater gates and neared turbines (R 23 51)

fh Don't get stuck in the dark: not much improvement a year after the 2003 power outage (R 23 50)

$mmf Australia's Channel 7 off-air due to multiple system failures; power outage, backup failure took down national phone system; (R 23 84,85; S 30 4:24)

mf Power outage causes motorized-chair shopping carts to run amok; default state brake off, in forward gear (R 21 50)

m Brownout-lowered voltages take out computers in Livermore (R 21 51)

..... Natural Gas

Vm One-meter ice block in main gas supply knocks out 1/4 of gas in Victoria, Australia, with secondary power losses (R 19 81)

V*hm UK Cable-and-Wireless employee accidentally cut gas line while repairing phone line (R 19 96)

V*m Esso natural gas plant explosions in Victoria, Australia, killed 2, requires 5M people to shut off gas, despite three other plants (R 20 01)

1.12 Medical, Health, and Safety Risks

See http://www.iatrogenic.org/index.html for cases in which the supposed cure is worse than whatever the cure is intended to remedy. There are many such cases among the following items.

..... Various hospital and health-care problems

!hrife Therac 25 therapeutic accelerator programming and operational flaws; 2 [now 3] killed, 3 injured (S 11 3, 12 3); see also Ivars Peterson, Science News, 12 March 1988; Jon Jacky, The Sciences, NY Acad. Sci Sep/Oct 89. See the definitive article by Leveson/Turner, An Investigation of the Therac-25 Accidents, IEEE Computer, July 1993, pp. 18-41: 2 deadly flaws: a nonatomically edited command line whose effect did not complete within 8 seconds, a six-bit counter that when zero bypassed the collimator check. Hardware interlock in Therac 20 eliminated.

!h Therac-like failures: Data-entry errors kill five patients in Panama (S 26 6:8, R 21 49)

!(ei?) Zaragoza Spain cancer radiation mistreatment; at least 3 died (S 16 2)

*hHfm Medical Usability: How to Kill Patients Through Bad Design; 22 ways that automated hospital systems can result in wrong medication (R 23 84,87)

*hi Cancer therapy missed tumor sites in 10 Australian patients (R 22 78, S 28 6:9)

*(!?)hf 77 cancer patients exposed to excessive radiation (R 23 83; S 30 3:22)

!hi Duke Hospital surgeons transplant mismatched organs; fail to check blood type (R 22 58-59)

*f Brit. hospital radiation underdoses by 30% due to SW bug (S 17 2, 19 1:3)

*Vm Possible Varian radiation therapy risks: run by 3 Windows 2000 PCs, crashes, schedule delays (S 27 1:8-9, R 21 74)

*i X-ray machine risk due to mm vs cm units confusion (R 21 67)

!*h Flying oxygen tank kills MRI exam subject (R 21 55) - 16 safety lapses subsequently cited in internal report; earlier case also reported of police officer's gun yanked out of his hand and fired (R 21 55); Hospital fined $22,000 (R 21 67); New England Journal of Medicine article cited (R 21 68)

!h$ 3 patients die when Russian hospital omits utility payments (R 20 25)

!(f?)(h?)(i?) Robot malpractice? da Vinci robot remotely controlled by doctor from screen accidently cut aorta and other blood vessel; patient died (R 22 36)

*f/m? Robot runs riot at California hospital (R 23 92; S 30 4:20)

fh Urology medical student residency "matching" process failure: one criterion misapplied (R 23 71, lengthy followup R 23 75)

* The Downside of Wired Hospitals: contaminated computer keyboards (R 23 87)

*Vm Risks of an `uninterruptible power supply' that wasn't: baby born by torchlight (R 21 09)

*Vm Fuse caused a hospital to disconnect from the power grid (R 20 11)

$V Cost-cutting endangers hospital power (R 22 26)

Vrm Power outage leaves hospitals in the dark; inadequate backup (S 24 4:26-27, R 20 25)

!fh Woman killed daughter, tried to kill son and self; "computer error" blamed for false report of their all having an incurable disease (S 10 3:8)

!Vhri Girl electrocuted by heart-monitor plugged into electrical outlet (S 12 1)

!fm MLKing/DrewMedicalCenter $411,000 new patient monitor system failed to alert nurses, disconnected following 2 deaths (R 23 20)

m Seizure-inducing video hospitalizes 650 Japanese youths (R 19 51)

[!h bogus] Report of cleaning person inadvertently killing patients (R 18.28,29); story later apparently debunked (R 18 72) mfhi "When Doctors Make Mistakes" (The New Yorker, 1 Feb 1999) considers user interfaces on defibrillators, design variations in anesthesia controls (R 20 18)

*hi FDA warns Hitachi Medical about MRI systems; failures not properly reported (R 23 95)

*f Flaw is found in software used to accredit hospitals (R 23 92; S 30 4:21)

*fhi? 2,000 patients hit by lab test mix-up in Calgary, Alberta; results mixed up patients (R 23 94; S 30 4:21)

*fhiV? Information system for Lisbon hospitals stopped for (at least) ten days; master patient index inaccessible (R 23 94; S 30 4:21)

*fmV Frozen Windows system in hospital delivery room (R 23 92; S 30 4:21)

*fhi Too many features in blood-glucose meter; mode confusion (R 23 95-96; S 30 4:20-21)

rfhm Computer-based patient monitor problems: improvements still needed in anesthesiology (R 20 49-50)

*+/- Open-source anesthesia software (Salon, R 20 52)

*hi Bar codes identifying prescriptions cut 7000 hospital deaths due to medication error in half (R 23 21)

*VmM? Medical monitors reboot in mid-surgery due to EMI? (R 20 49); other medical risks (R 20 51-52)

*fV Laser eye surgery risks (S 26 6:8-9, R 21 59)

*f The benefits and risks of robot surgery; hip/knee replacement robot criticized (R 22 90, S 28 6:7)

V*m Clinical disruptions following loss of telephone service (R 20 50)

h* Medical paper retracted following discovery of programming error (R 20 48); Statistical errors in medicine (R 20 49); Misplaced priorities with electronic hospital records (R 20 50)

*fmd Life-threatening flaw in implantable cardioverter-defibrillator and other life-threatening medical equipment failures (R 20 48); Complexity and Safety in Medical Electronics, Dr. John Doyle (R 20 53)

*$f Defibrillator maker AED issues recall, goes out of business (R 23 61; S 30 2:20-21)

*fh Clinac 1800/2100C interlock boards switched, some calibrations x2 (S 16 4)

*fi Risks of false alarms in medical systems; disconnected alarms (S 19 2:3)

@*SHI Hacker-nurse unauthorisedly changes prescriptions, treatments (S 19 2:5)

h Bremen hospital computer uses financial bottom-line whether to give intensive care; local government objects (R 18 84)

$ Walter Reed Hospital health care system botches prescriptions, lab orders; access to narcotics not secure; increases doctors' workloads (S 17 3)

mf California outage causes prescription mix-up (R 22 64; S 28 4:6)

$f NY Blue Cross system confuses patients with same gender, birthdate (S 17 3)

m Harvard Pilgrim HMO scheduling system creates chaos (S 21 4:13)

@f/h? Empire Blue Cross/Shield glitches necessitate $50M write-off (S 18 3:A5)

i Infirmary patient mistook painkiller button for call button (S 18 2:5)

*rf Blood test for man born in 1889 "normal" (for 1989 birth!) (S 15 2)

*f Medical SW fails to identify high cancer risks in British women (S 17 3)

!$dfh London ambulance service SW development woes; major test fails (S 17 3) Complicated system, incomplete training, "wartime action room" (S 18 1:26) Up to 20 deaths from delays, worst case 11 hrs (S 18 1:28); LAS made `virtually every mistake in the book' in implementation. (S 18 2:9)

*Vf 100 US hospital computer systems die; 2**15 days after 1/1/1900 (S 14 6)

$ Computer delays cost Nottingham Hospital over £300K (S 17 1)

*f Three medical product recalls due to software errors (S 14 5)

*f Overseeing dementia patients by computer: conflicting advice (S 16 4)

*f Multipatient monitoring system recalled; mixed up patients (S 11 1)

*f Diagnostic lab instrument misprogrammed (S 11 1)

*fi AI medical system in Nevada gave wrong diagnosis, overdose (S 11 2)

$* 2nd mammogram after first botched causes health insurance denial (S 16 3)

f Doctor phone analysis skewed by inability to register long waits (S 18 2:13)

*h Nondial emergency phone gives recording to DIAL another number! (S 15 2)

*SHi Rochester General Hospital disowns Web site heart-attack info (R 20 83-84)

f/m/h/i/+/- Fascinating article on reducing risks to hospital patients; only 1 in 20 involved human error with most of the rest being caught in time; computer program cuts mistakes; only 1 in 80 adverse drug events reported (R 21 69)

*fh Hospital's drug-error risks tied to computers; 22 types of mistakes identified (R 23 78; S 30 3:25)

*hi Computerized Physician Order Entry Systems; bad doctor interface design; risks of relying on technology; also thoughtful pieces by Bob Morrell and Don Norman (R 23 79,81; S 30 3:25-27); more (R 23 82)k

*m Helsinki Health Department Pegasos computer system down; hand-written recording slows down treatment (R 22 55)

*Hi Large surgical tool left in woman's stomach for 4 months, equipment audit ignored (R 22 44,46)

*hi Inappropriate human-machine interface on medical device: suction pump to remove fluid from infected wound (R 22 62)

*m$ Computer crashes threaten Beth Israel Deaconess Medical Center operations (R 22 62, S 28 3:5); caused by research effort flooding the local network (R 22 64)

m/h? Toronto public health computer accidentally erases many immunization records (R 22 62, S 28 3:5)

*m Girl suffers 2nd-degree burns after laptop explodes (R 22 50)

*(!)m Failure of electronically controlled of operating table during heart surgery (R 22 60)

* Deep-vein thrombosis case results from 18-hour days of computer use (R 22 53,58)

SM TETRA radios pose some risk to hospital equipment (R 22 55)

*hi Pharmacists worry about automated drug vending units (R 23 44)

hi Search Engine Dependence Syndrome as a neuropsychological disorder of physicians (R 23 89; S 30 4:26)

..... Pacemakers, interference, etc.

!SrfM Arthritis-therapy microwaves set pacemaker to 214, killed patient (S 5 1)

!SrfM Retail-store anti-theft device reset pacemaker, man died (S 10 2, 11 1)

!*f$ Heart pacemaker and implantable cardioverter defibrillator recalls and alerts involve 520,000 devices (S 26 6:8, R 21 60)

*VSrfM Electrocauterizer disrupts pacemaker (S 20 1:20)

*Vrif Pacemaker locked up when being adjusted by doctor (S 11 1)

+M Improved designs (including sealed titanium cases) have reduced the likelihood of RF interference. See Design of Cardiac Pacemakers, John G. Webster (ed.), IEEE Press, 1995, pp. 207-211.

*Mi Japanese woman's rice cooker reprograms her pacemaker (R 22 67)

!VrSM Cellular/radio RFI affects medical equipment; defibrillator fails; TV-RFI-altered diagnosis leads to unneeded pacemaker (S 19 4:7)

SMVf Digital mobile phones can phreak pacemakers (R 22 77)

+M RF risk turns pacemaker failure into accidental life-saver (S 19 4:7)

*Vf Risks of flaws in programmable defibrillators (R 19 50,52,53)

i Heart-monitoring software interface problem (R 18 49,50)

*SM Stereo speaker risk to heart device (S 14 5)

*Vm Failed heart-shocking devices due to faulty battery packs (S 10 3:7-8)

*VrM Medical electronics RF susceptibility: triggers hospital alarms respirators failed because of portable radio interference (S 14 6)

VrSM New HDTV signal shuts down Baylor heart monitors on same frequency (R 19 62)

!SrM Miner killed by radio-frequency interference (S 14 5)

*VSHP Risks of Internet-connected heart devices (R 20 78)

..... Chemical health hazards

! Higher miscarriage rate for women in computer-chip manufacturing (S 12 2)

!* Reports on miscarriages in U.S. chip workers, Finnish VDT users; effects of Nintendo and other games on epilepsy (S 18 2:10)

* "Dirty Secrets" of chip industry: hazardous chemicals (R 19 55)

*f(h?) Computer flaw drops chlorine level, makes water undrinkable in Lewiston ME (S 24 1:32, R 19 92)

*f Non-mercury replacements for blood-pressure cuffs may be unreliable (R 22 13)

..... Electromagnetic and other occupational hazards

*f/h US occupational hazards much worse than in Europe? (S 14 6)

*m Video display terminal health safety a continuing concern (S 11 3, 11 5); Series of three articles in The New Yorker by Paul Brodeur, 12-19-26 June 1989 Article on VDT Radiation, Paul Brodeur in MacWorld (S 15 5); VDT health effects discussed in K.R. Foster book chapter (R 14 70, S 18 4:5)

*m Scandinavian study shows magnetic fields increase leukemia risks (S 19 1:3)

? Mobile phones cause memory loss? (R 20 23); Italian hospitalized for "acute Internet intoxication" (R 20 24) Studies continue to show possible health hazards from cell phones.

* Computer noise linked to stress, especially in women (S 15 5)

*f Killer terminals -teletypes (old) and Televideo 910s (S 14 1)

* Repetitive strain injury, other risks in video terminal use (S 12 2)

$ British Telecom pays £6000 for repetitive strain settlement (S 17 1)

$ Apple settles RSI claim, after lawyer's error; IBM off the hook (R 16 86)

$i Three awards (largest $5.3M) for arm, wrist, hand injuries attributed to Digital LK201 keyboard (R 18 66); references on RSI (R 18 68); Judge overturns all but smallest verdict in Digital keyboard case (R 19 14); a New York jury ruled Digital was not responsible for 9 workers' RSI cases (R 19 82)

* Carpal tunnel syndrome (R 10 12,10.14), ulnar nerve syndrome (R 10.13)

*$ Long Island county legislation on VDT Use (S 13 3)

* VDTs and dermatology: rosacea, acne, seborrheic dermatitis, poikiloderma of Civatte. Medical article, useful references. (S 13 4)

* VDTs and deterioration of eye focusing (S 13 4)

* Health risks from dusty computer displays (R 18 21,23)

* Glass cleaner causes static sparks, PC fires (S 13 2)

!$ 2 Compaqs (Portable II) exploded after battery circuits rewired (S 12 1)

*m UK office building evacuated after 30 computers exploded (R 22 96)

*m 83 reports of exploding cell phones: bad batteries and chargers (R 23 61)

* Exploding cell phone shocks 911 dispatcher (R 23 71)

*V GPS receiver explodes; PLGR violent venting at Fort Irwin (R 18 32)

* Health hazards attributed to laser printers (S 12 1)

@m Display lasers affect aircraft: pilots blinded over Las Vegas (R 17 55)

*f Dangers of computerized robot used in surgery (S 10 5)

* Computer use and extension phones linked with weight gains (S 15 3)

m*? Risks of computerized Japanese toilets (R 20 51-52)

f/m Bug in Windows-operated vacuum-operated toilet system fails throughout London's One Aldwych Hotel (R 23 20)

*!h Trash compactor kills shoplifter; original story on automatic initiation incorrect (R 20 90-91)

..... 911 and related emergency system problems

@!Vhi Death of 5-year-old boy due to SF 911 computer equipment failure (S 12 2) Ultimately blamed on terminal operator failing to press a button.

!f CADMAS 911 dispatch SW problem contributed to woman's death (S 16 1)

@!f Emergency dispatch EMS SW truncates address, man dies (R 11 55,57,60)

@!f 911 software discarded updated address in fatal Chicago area fire (S 17 1)

!Vfmh NYC 911 system crash during backup generator test: backup failed for an hour, main for 6 hours (R 20 19)

m Los Angeles 911 system with no alternative power fails for 17 hours, but backup system worked! (A novelty in RISKS archives!) (R 20 03,07)

m Wet cable leads to 120 false 911 calls (R 20 10)

h? Fort Worth TX police computer makes 1,300 invitational calls in the wee hours: "reverse 911" (R 20 23)

Vm* Small fire escalates into major disruption for 113,000 Toronto phone lines, with resulting protracted outages including 911 services (R 20 49,51)

Vf/m/h? Glitch misroutes Nevada 911 calls to San Diego CHP (R 20 62)

Vm Water line break closes 911 center & police department (S 27 3:7, R 21 89)

hf 911 computer fails to find "street address" for stricken tourist at DC FDR Memorial (R 21 40)

!fh Botched 911 call led to man's death: incomplete database (R 22 87)

e Laptop configuration screwups and accidental 911 dialing (R 21 57,59); more on accidental 911 calls (R 21 92)

!hi 911 emergency operators drop call from rowboat occupants with unrecognizable location (Long Island Sound) (R 22 58-59)

*f Emergency 911 call from cell phone can be routed to wrong service (R 22 67)

fmM Flat-screen TV emits international distress signal (R 23 57,59); similar story related to NY Civil Air Patrol Emergency Locator Transmitters (R 23 58)

mi Man trapped for hours by finger stuck in payphone slot (R 23 05)

..... Database and system issues

fe Risks in SEVIS foreign students database: files accidentally or `misplaced' block re-entry, inability to do upgrades, random crashes (R 22 81)

*f More on computer glitches and laboratory result reporting (R 23 64; S 30 2:21-22)

SP Kaiser Permanente medical e-mails go to wrong people (R 21 02; S 26 1:38)

*f 14,000 radiology reports not sent to doctors, patients not notified over one-year period (R 23 63; S 30 2:21)

*hi Automated medication system worse than the disease (iatrogenic)? Many new potential risks (R 23 62,64)

SPh,h URL typo + Web glitch = private Florida Health Dept files world-readable (RISKS 21.09-10)

*P$ US Government's healthcare database contains inaccurate and flawed information (R 21 15)

Sf Sensitive health data on PrecisionRX.com Web sites reflects lack of security awareness (R 22 75,76)

h UK hospital tells elderly men they're pregnant (R 21 87)

$de Old data systems a health-care burden; one-third of health-care costs in adminstration (R 22 54, S 28 3:5)

@$deh $35M San Mateo California health system upgrade is a downer; receivables backlog over $40M; blame scattered (R 20 98)

e$ NZ healthcare-insurer computer upgrade delays payments (R 21 88)

SHI DMV security code disclosed at hospital in New Haven (R 18 28)

$SHAI Mass. hospital technician accessed ex-employee's account, accessed 954 files, harassed former patients, raped girl (R 17 07, SAC 13 3)

SHI 6000 AIDS records stolen from Miami hospital PCs and diskettes (S 19 2:9); bad prank follows (S 20 5:10)

SHI 4000-person AIDS database leaked to press, Pinellas County, FL (R 18 48,53); former Health Dept employee and roommate charged (Reuters, 15 Feb 1997)

f SW error almost doubled apparent death rate in St. Bruno, Canada (S 15 3)

P Confidential medical records sold at auction (S 16 4)

fe Hospital computer listed 8,500 discharged patients as dead, and informed insurance companies and Social Security Admin; mapping error in database conversion (R 22 55-56)

e Combatting data extinction resulting from unreadability caused by dead technologies (R 22 89)

@hi Proper understanding of "The Human Factor" (essay by Don Norman, R 23 07, commentary on two earlier RISKS items in R 23 04 and 06); two follow-ups from Doug Jones and Peter Ladkin (R 23 08); more on Murphy's Law (R 23 09) and developers (R 23 09); similar arguments about medical records (R 23 10)

SP Case of pharmacy mixing up confidential records (R 19 53)

SP Surplus computer in Kentucky held supposedly deleted AIDS files (R 22 55)

@SP+ New California Online Privacy Protection Act requires posting of privacy policies, effective 1 Jul 2004 (R 23 46)

See other sections on privacy problems for additional related database privacy issues.

..... More safety risks

! Man dies after playing computer games non-stop for 86 hours in Internet cafe (R 22 30)

*f New UK Millennium Bridge closed after one day: alarming instability despite extensive simulation; resonant frequencies at walking speeds! (R 20 93,95)

*fe Risks on Auckland harbour bridge: no signal defaults to "lane open"; wait for a power outage! (R 22 27)

*f Risks in scuba equipment (S 26 6:10, R 21 41)

*f$ Product recalls and class action lawsuit against Uwatec, Scuba Pro and Johnson Outdoors over faulty assumption in 1995 model Aladin Air X Nitrox scuba-dive computer (R 22 57); further discussion (R 22 76)

- Internetomania: psychology of net usage (S 23 5:26, R 19 78)

*fm? Medical image compression problems discussed (S 16 2)

S Actress Margot Kidder's breakdown reportedly triggered by computer virus' lost files (R 18 46)

h EverQuest game program is the "digital version of crack": highly addictive? (R 20 52)

!h Woman electrocuted in hotel; faulty air-conditioning? (S 20 5:9)

!f [bogus] 2 dead, 1 brain-dead from Chilean bank terminal [Weekly World News] (S 12 2)

mf? Baby death due to software-controlled air bag deactivation? (R 20 28)

* Computer CPU falls on man's foot (S 12 4)

* High-power laptop injures lap: hot stuff! (R 22 39)

+ E-mail between Bordeaux and Minneapolis rescues a suicide attempt (S 18 1:6)

+ Microchip in dog tag identifies Australian boy (S 19 1:3)

$SHAP FDA approves use of implantable ID VeriChip in humans (R 22 32-33)

1.13 Other Environmental Risks

!*$hi Indian Ocean Tsunami: Natural Disaster Imminent: Whom to tell? How? E-mail! (R 23 64,65; S 30 2:21)

@*SH Tsunami warnings and spam (R 23 65; S 30 2:23-24)

!Vem(SA?) June 1999 fatal 16-inch pipeline rupture in Bellingham WA spilled 237,000 gallons of gasoline, which ignited; blamed on unexplained unreproducible SCADA system slowdown just after new database records added; one account for all operators; modifications performed directly on live system; error logs apparently not watched (R 22 36,40)

(!)*$$hif Exxon Valdez oil tanker on autopilot runs aground with captain absent; worst oil spill in US history; computer records deleted (S 14 5)

f Exelon Power monitor misprogrammed by vendor for wrong standards, air quality suffers (R 23 93; S 30 6:)

*fh Automatic speed reduction causes New Orleans Bright Field crash (S 22 2:19)

*f/h Computers blamed each time, 3M, 5.4M, 1.5M gallons of raw sewage dumped into Willamette River in three separate incidents (S 13 3, 13 4)

(f/m/h?) Computer-related sewage release into Massachusetts Bay (R 21 08; S 26 1:18)

h GPS setup error affects dredge dumping in California (S 24 4:27, R 20 30)

rfh 1993 Midwest flood-warning problems; operations, models flawed (S 18 4:5)

*m Warning system failed during Southern Maryland fatal tornado; number of counties to be warned exceeded programmed limit (S 27 6:10, R 22 17)

h/f? Orlando newspaper forces stormwater tax delay; computer blamed (S 17 2)

* Smoke ban in India brings back mosquitos, malaria (nontech risk) (S 19 4:7)

@*f Ozone hole over South Pole observed, rejected by SW for 8 years (S 11 5)

@fm Channel blocked, Discovery runs out of storage for ozone data (S 18 3:A14)

1.14 Robots and Artificial Intelligence

$Vfme All 15 entries fail relatively quickly in DARPA robot desert race; 7-mile maximum over expected 150-mile course (R 23 27)

@fe Spirit Rover failure on Mars: software upload to delete files failed, file space exceeded, caused reboot with insufficient file space, causing reboot loop (R 23 14,15, see final summary in R 23 24) ["Spirit was willing, but its flash was weak." Jim Griffith, R 23 17]

@SH Abuse of electronic copyrights: humorous piece on Mars Pathfinder landing was reported from the Martian point of view; later adapted by someone else for Spirit, without attribution (R 23 18)

@!(f?)(h?)(i?) Robot malpractice? da Vinci robot remotely controlled by doctor from screen accidently cut aorta and other blood vessel; patient died (R 22 36)

* Battlefield Robotics are risk to the world public (R 23 58-60)

+? What the world needs is more lawyer-bots (R 23 57)

!m Japanese mechanic killed by malfunctioning Kawasaki robot (S 10 1, 10 3:7) (Electronic Engineering Times, 21 December 1981)

!m At least 4 more, possibly 19 more robot-related deaths in Japan (S 11 1)

!mM? 6 of these deaths due to stray electromagnetic interference? (S 12 3)

!m Michigan man killed by robotic die-casting machinery (S 10 2, 11 1)

! [bogus] Chinese `AI' computer electrocutes its builder (S 10 1) [WWN]

!f [bogus] Computer electrocutes chess player who beat it! (WWN) (S 14 5)

* Two cases of robot near-disasters narrowly averted by operators (S 11 3)

V(!) Budd Company robot commits suicide by dissolving its electronics (S 13 3)

$hi Programmed tunnel-digging robot runs amok (a-muck), $600,000 to fill hole (S 22 5:13)

f Servant robot runs amok, winds up in court (S 11 5)

f NBC network-news robot camera runs amok during broadcast (S 13 3)

$S Risks of on-line robotic SW repair: SoftRobots (S 12 4)

Vmf? Stanford robot veered off course, fell down stairs (S 18 1:7)

V$m Fiber cable snap ends Dante robot only 21 ft into Mt Erebus volcano (San Francisco Chronicle, 3 Jan 1993, p.B-6)

V$m Dante II robot explores Mt Spurr plagued by problems: bear chews on antenna; power loss; topples over; tether snaps; finally helicoptered out (S 19 4:5)

f Hospital delivery robot blocks exit from elevator (R 20 42)

*Sr Thai robot has Web interface controlling a gun; risky! (R 21 02; S 26 1:19)

SHh Texas officials wary of plan to hunt animals by Internet (R 23 60)

*Sr(f?) USAF self-triggering robotic weapon system: airborne laser on a Boeing 747 (R 21 20, S 26 2:5)

*fm Tourist balloon stuck over Baltimore, stranding 17 for 2 hours; automatic shutdown of control equipment impairs rescue (R 23 46; S 30 1:10)

1.15 Other Control-System Problems

!!$r,h? 1983 Colorado River flood, faulty data/model? Too much water held back prior to spring thaws; 6 deaths, $ millions damage [NY Times 4Jul1983]

* Fishermen rescued after Vancouver area dam malfunction (S 27 6:11, R 22 14)

f?h? Computer glitch causes false dam failure warning (R 22 75, S 28 6:7-8)

*m Topeka KS water treatment outage (S 26 6:9, R 21 43)

!mfV In emergency override during Tropical Storm Allison, elevator in the BofA building in Houston goes down, drowning its occupant even before reaching the bottom; perhaps a good strategy in a fire, but not good in a flood (R 21 47) [Apparently not quite correct, drowning occurred after walking down to the garage. ] Alan Wexelblat's Law cited in an article by Joel Garreau in The Washington Post, 31 Aug 2001: "When it comes to technological arrogance, nature has a nasty sense of humor." (R 21 65)

!mfV MIT elevator stopped moving on a floor at which there was a fire, roasting the occupants (early 1970s, noted by Henry Baker)

*mV Computer malfunction floods Boulder garages and basements (S 23 1:11, R 19 34)

!fe 2 Ottawa elevator deaths; interlock logic bug; flaw unfixed after first death (S 14 5): first death (R 8 48-50,52-54); second death (R 8 77); failure to fix known problem (R 9 01); third death noted (R 22 89)

!m Man decapitated after being caught by Houston hospital elevator door (R 22 87,89, S 28 6:7)

*m Computer controller crane goes unstable, forcing evacuation of nearby apartments for at least two days, Jan 2002 (R 21 91)

hi Off-by-one error in data entry during weekly emergency system test: Evacuate the entire state of Connecticut! (R 23 70; S 30 3:29)

*MV RFI and elevators (R 8 57,58,61,63

* Safety risk in elevator door closing algorithm (R 10 74)

*SPe Woman locked in Newcastle-upon-Tyne computerized Cyberloo rescued by fire brigade ripping off the roof; elevator escape hatches welded shut to prevent dangers to children (R 21 35)

!mV Computer-controlled computer-room door kills South African woman (S 14 2)

!f ALCOA worker killed in interaction with automated guided vehicle (S 16 1)

*$fm Computer-related British chemical industry accidents: watchdog program fails; other SW errors; operator overloads; maintenance error (S 14 2)

*$rh Union Carbide leak (135 injuries) exacerbated by program not handling aldicarb oxime, plus operator error [NY Times 14 and 24Aug1985] (S 10 5) [This was after the 3 Dec 1984 Union Carbide Bhopal pesticide plant incident, which killed more than 3000 people and injured 200,000; many others have died since of gas-related illnesses.]

*$h Dutch chemical plant explodes; input error gives wrong mix (S 18 2:7)

*m Power surge ignited high-voltage transformer; ensuing fires caused evacuation of Australian steelworks (R 19 48)

*$fe During SW maintenance Alta Norwegian flood gates open in error (S 12 4)

!? Automated toilet seat in Paris killed child??? (S 12 2)

V$f 3 computer crashes rupture Fresno water mains, 50 plumbing systems (S 14 1)

V$f Stanford collider shut down due to innate complexity (S 13 4)

$f "Redundant" air-conditioning system with a single thermostat (S 14 2)

f Computerized air-conditioning bugs chill employees (R 21 05; S 26 1:26)

$f Computer controls tear movable Olympic Stadium roof in Montreal (S 13 4)

$f Toronto SkyDome movable roof open and shut case: software problems (S 14 5)

*$m 8080 control system dropped bits and boulders from 80 ft conveyor (S 10 2) (Someone later suggested it was really 2 wheelbarrowfuls of gravel!)

*f Automatic doors lock up Amsterdam patrons in new building (S 14 1)

$h Welland Canal Bridge (not remotely controlled) lowered too soon, clips off top of wheelhouse of freighter Windoc, which caught fire (R 21 61); incidentally, in 2002, Windoc broke loose from its mooring in 130-kph winds, drifting 5km (R 21 95)

*m Shorts open Seattle drawbridge without warning in rush-hour (S 15 2)

f Dover DE drawbridge computer failure blocks traffic for 1 hour (S 18 1:8)

df Seattle drawbridge control: manual automatic system for safety! (S 20 1:16)

fm Automated bridge in Kupio Finland sticks in the up position (R 17 32)

*m Ghost bridge traps motorist in Kropswolde (R 20 43)

$f Restaurant orders on-line; computer crash overcooks steaks (S 12 2)

h Sydney Restaurant computer data wrong, menu items transformed (S 13 4)

m Saab Story: Cars rolling off the assembly line in empty factory (S 19 1:4)

..... Theatricks:

*$f Computer-controlled turntable for huge set ground "Grind" to halt (S 10 2)

*$f Computer stops "Les Miserables" set; 4600 refunds, $60,000 lost (S 12 2)

*$M Secret Service phone interference plunges theater into darkness (S 12 2)

$SM Mobile-phone interference moves Sunset Boulevard sets (S 18 3:A10)

V$m Computer problems cancel Boston premiere of The Who's Tommy (S 19 2:2)

V$f Prolonged Theatre Royal booking computer outage blocks tickets sales (S 12 2)

*m Computerized theater winch goes berserk (full-speed-up and crash) (S 12 2)

1.16 Other Computer-Aided-Design Problems

!f 98-foot section of Paris Airport new $890M terminal vaulted roof collapsed, killing five (R 23 38; S 29 5:14)

*rh Hartford Civic Center Roof collapse: wrong model (S 11 5, ref. 14 5)

*f Salt Lake City shopping mall roof collapses on first snowfall (S 11 5)

@Vm Computer-center roof collapses in snow, downs 5000 ATMs (S 18 3:A4 and 5)

$rf America's Cup Stars&Stripes misdesign due to modeling programs (S 12 1)

*f John Hancock Building in Boston - problems in "active control" (S 12 1)

*f Potential building collapse: the 59-story building saga in New York (S 20 5:10)

hdi Bridge construction mismatch: Upper Rhine Bridge half 54 cm lower (R 23 29); 27 cm roadway difference recognized but corrected in the wrong direction (R 23 30); Similar differential in Australia's Wallerawang Power Station (R 23 30)

1.17 Accidental Financial Losses, Errors, Outages

$eh Largest computer error in US banking history: US$763.9 billion (S 21 5:13)

*$h Oct 1987 Dow-Jones index losses amplified by program trading (S 13 1); Side-effects of saturated computer facilities; brokerage sued (S 13 1); Losses over 100 points truncated to two digits by Signal service (S 13 1); Program trading halted by Wall Street firms for own stability (S 13 3)

$f L.A. County's pension fund loses $1.2B over 20 years due to programming error (R 19 66)

$fe New £170M system gyps British pensioners of up to £100 each week (R 20 05)

V$m U.S. national EFTPOS system crashed on 2 Jun 1997 for two hours, 100K transactions were "lost". One CPU failed, backup procedures to redistribute the load also failed. (R 19 21)

e$ Canadian Imperial Bank upgrade affected half the transactions (S 22 2:22)

fh? Canada's Bank of Commerce glitch delays 85,000 transactions (R 19 72)

$e Fidelity Brokerage computer problems from new system installation (S 22 2:22)

$h Mistyped password put two brokers in the same computer files (S 13 1)

$f Investment program turns into selling-only doomsday machine (S 19 1:5)

$f $32 Billion overdraft at Bank of New York (prog counter overflow) (S 11 1)

$fe Ent Federal Credit Union misprocessed multiple same-day transactions for over a year, retroactively deducted $1.2 million from accounts (R 18 53)

$h Franklin National Bank earlier lost $50M in speculation, led to demise (R 18 54)

$f UK bank SW glitch hands out extra £2B in half hour (S 15 1)

$hi $2 Billion goof due to test tape being rerun live (S 11 2)

$m Mag-snag hits Reserve Bank of India's clearing operations (S 19 3:6)

$d UK paid SD-Scicon £7.3M for scrapped IBM 3090 SW system (S 18 1:11)

$dh BofA MasterNet development blows $23M; backup system gone(S 12 4) Two BofA executives leave after DP problems costing $25M (S 13 1); $60M more spent in botched attempt to fix it (S 13 2)

($) Barclays Bank almost transfers £14 billion to Greece (S 17 1)

$def $18M new system hinders collection of $10M in L.A. taxes (S 16 2)

$h British woman overdrawn by £121 billion, due to typing error (R 20 04)

$f $100M overdraft plus daily interest in Sydney - "computer error" (S 13 1)

$rih $.5M transaction became $500M due to "000" convention; $200M lost (S 10 3:9-10)

$hi? California bank deposited $1M instead of $100K; it was spent (S 19 3:5)

$$ High stakes: Wall St bank wires average over $1.2 trillion/day (S 12 2)

$h Slow responses in Bankwire interface SW resulted in double posting of tens of $millions, with interest losses (S 10 5)

$f Australian Comm. Bank doubled all transactions for a day (S 13 2)

$h Some French civil servants get paid twice, others not at all (S 21 2:17)

$h Teacher receives $7.9M for 18-minute job; employee number entered in hourly wage field; payroll fail-safes "didn't work" (R 22 28)

$(f/h?) Double posting of credit-card charges (S 19 3:6)

- ISP whacks game fan with $24,000 bandwidth fine (R 21 08; S 26 1:26)

$fi NYC subway fare cards double-deduct; user interface at fault (S 19 3:6)

$fe Extra line in Chemical Bank program doubles ATM withdrawals (S 19 3:6)

$h Doubled payroll run surrounds Thanksgiving, run before and after (S 20 2:9)

he National Australia Bank operational goof: payroll program not restored after test, payroll missed (R 19 97)

$h $98,002 refund check based on zip code, not correct amount $1.99 (R 19 16)

$f German Bundesbahn (railway) software messes up payrolls (S 20 2:9)

$h Computer blunders blamed for $650M student loan losses (S 14 2)

$h Unvetted software patches threaten $26B federal retirement fund (S 20 3:7)

f/h? Empire Blue Cross/Shield glitches necessitate $50M write-off (S 18 3:A5)

$f California state computer wrote $4M checks accidentally (S 11 5)

h? 75,000 duplicate Calif. unemployment checks issued accidentally (S 18 3:A5)

$f Farmer receives $4M US Government check instead of $31 (S 17 3)

$f Canadian Pacific stock price sanity check rejects legitimate data (S 12 4)

$(hi?) New York City school system accidentally issues check for $8.6 million for settlement of $86,000 (R 23 85); forgotten decimal point?

$h Australian man can keep $335,000 windfall from computer data error (S 12 4)

$f/i/h? Howard Jenkins receives accidental $88M; bank system error (S 19 4:8)

SHI Dutch electronic-banking direct-debit scandal: Friesian church minister discovers surprise privileges (R 18 81)

$f SW errors blamed for £71,000 VAT misdeclared; £21,000 fine results (S 16 3)

$h First Boston loses $10M to $50M on computer securities inventory (S 13 2)

$f New software system blocks commercial loans in California (S 14 5)

$f $2B (3M bank transactions) stalled when computer rejected posting (S 13 2)

rf More on ATM range checking. $999,999,999 deposit test goes through (S 15 5)

$f Computer system refuses deposit of $200K; max just under $100K (S 17 4)

f Bank's Exchange network overloads in Oregon and Wash, ATMs act up (S 15 5)

mh Computer aspects of Credit Lyonnais Fire discussed (R 18 14)

Vm Computer-center roof collapses in snow, downs 5000 ATMs (S 18 3:A4 and 5)

$fi Chase Manhattan computer glitch affects thousands (S 21 4:12)

$m 2000 Toronto-Dominion ATMs crashed for a weekend (S 22 2:22)

$m 2001 Toronto-Dominion Bank system outage affected debit-card users (S 27 1:9-10, R 21 72-74)

$h Codelco loses $207M on mistyped instruction (buy, not sell) (S 19 3:5)

$f Ben & Jerry's expects first-ever loss, partly due to SW problems (S 20 2:11)

$f NZ Databank computer error withholds funds for many accounts (S 16 2)

$m European ATM repeated debit (S 14 2)

Ve Chemical Bank's ATMs go down after botched file update (S 19 4:6)

Ve 1529 Bank of America ATMs down after maintenance goof (R 19 16)

Vfe Bank of Montreal card functions paralyzed by software flaw (R 20 01)

e Non-U.S. Bank ATM users' debited, get no money; botched upgrade (S 18 2:12)

$mf Haywire Fargo ND ATM spits out no cash for some, and extra cash for subsequent users; cold weather affected cash doors (R 22 64; S 28 4:8)

SHf Diebold Opteva 520 ATM crashes, exposing Windows XP Inside! (R 23 28)

$ Norwegian bank ATM gives 10 times the requested cash; long lines (S 15 3)

$h European bank mounted wrong tape redid monthly transfers (S 14 2)

$he Wells Fargo deposits slip - another software glitch (S 14 5)

$f Wells Fargo 1987 IRS forms stated 100-times-salary for employees (S 15 1)

V(m?f?) Wells Fargo computer network outage (R 21 15, S 26 2:6)

fh Citibank ATM network outage due to software problems; online Internet service crashed also (R 21 65)

Vf/m? Repeated computer outages for Swedish Nordbanken, affecting 3.5M customers; cause not reported (R 21 18)

V$fei Mizuho online banking system 3-way merger huge failure, outages, incompatibilities (S 27 3:7-8, R 22 03,05)

h? Resolution Trust Corp badly overreports to IRS on interest paid (S 18 2:11)

$f 120,000 long addresses mess up British building society computer (S 14 6)

$f Program bug permitted auto-teller overdrafts in Washington State (S 10 3:13)

h 2,000 Texans get false overdraft notes from Bank One in Y2K test (R 20 13)

$h Glitch causes 4 billion euro overdraft (S 24 4:27, R 20 30)

$h New Zealand student grants debited instead of credited (S 14 5)

fm More nonatomic ATM transactions: account debited, no cash (R 19 40)

$h Brown University senior's account mistakenly given $25,000 (S 12 2)

$f $80,000 bank computing error reported - by Ann Landers (S 12 4)

e? Lisbon ATM gives receipt in esperanto instead of espanol (S 18 2:11)

$dem Brit. Foreign Office accounting computer outage off by £458M (S 16 2)

$f $40M Pentagon foreign military sales computer misses $1B (S 13 3)

hi British audit missing £37M (16M `usual errors', 21M lost) (S 18 3:A6)

$fe Minnesota PR firm cut over to untested system, bills months behind (S 13 4)

f$ San Jose system stops issuing garbage bills (S 22 2:20)

$fe IRS COBOL reprogramming delays; interest paid on over 1,150,000 refunds (S 10 3:12)

$fh IRS overbills 1000 people by $68M in five flood-damaged states (S 18 4:4)

$h IRS audit turns up $752 VDT valued at $5.6M; $36K payment for idle mini; 32 duplicate payments, overpayments worth $.5M, $17.2M undocumented (S 18 4:4)

$SP IRS computer modernization problems: privacy and security, cost (S 18 4:4)

$f Variances in up to 25% of adjustable-rate mortgage bills (S 16 1)

$f British retail price index 1% off, costs £121M, testing (S 16 1)

V$h San Jose library lost two weeks of records. Books, fines lost. (S 11 3)

V$fm Los Alamitos racetrack lost $26K in excess payoffs; betting halted (S 16 2)

fi Risks of banks' not retaining data between Quicken runs (R 19 39)

$h Fire-control test backfires in midst of bank's end-month processing (S 15 5)

$fm Newly centralized Sendai postal/banking computer crash effects (S 16 3)

+ NY Federal Reserve bank Fedwire EFT survives power outage, no loss (S 15 5)

$m LA Federal Reserve computer snafu delays bank deposits (S 17 3)

V$f SW flaw freezes Barnett Banks (Florida) computer for one day (S 17 4)

$fh 5M NWB credit-card users get erroneous bills (S 17 4)

@SH World Bank virus ("Traveller 1991") (S 16 4)

S$e Barclays Internet-banking security-glitch following software upgrade enables access to accounts of others (S 26 1:37; R 21 01)

Vm Barclays' BACS payment system failure (S 27 3:8, R 22 02)

m Barclays outage of 1,500 ATMs on 27 Mar 2005 originally attributed to manual Daylight Savings cutover, subsequently to a hardware fault; (R 23 82-83; S 30 3:24-25:); earlier days the changeover required a manual switch! (R 23 84)

f Risks of financial planning engines with bogus results (R 20 48)

$(h?) $59,500 home assessment recorded as $200,059,500 resulted in 6.5% overstatement of the total county property value, and a more than $2.3 million shortfall in tax revenues (R 22 20)

$f Holiday Inn decimal point disappearance overbills 26,000 people by factor of 100, blowing many credit limits (R 22 33)

f (begets f) Visual Basic problem with decimal points and commas affects vehicle tracking software (R 23 27-28)

$mh Operating under huge backlog, human error resulted in monthly Swedish child stipend deposit of roughly $10 billion (instead of 950 SEK per child); error corrected the next day, backing off 15 million SEK in interest as well (R 22 32)

..... Lottery, Gambling, etc.:

$SHIA Autotote ex-programmer hacks winning Breeders' Cup Pick Six horse-race bets and more; Drexel frat buddies implicated (S 28 2:13; R 22 33,38-40); programmer Chris Harn got only a year and a day in jail, because he helped the authorities; his buddies get two- and three-year terms (R 22 65)

$mSHf Glitch lets gamblers beat Nova Scotia video lottery terminals due to chip flaw (R 22 64; S 28 4:8)

$f Sacramento woman denied $2.8 million casino jackpot by fail-safe mode (S 27 1:9, R 21 65)

($) Connecticut lottery computer accidentally gave backdated tickets (S 13 3)

$ShH Proprietor tries to cash 5 extra winning lottery tickets (S 18 4:3)

$f(H?) SW enables winning tickets purchased after lottery drawing (S 16 1)

f/m Maryland Lottery software glitch distributes wrong winning numbers (S 22 1:20)

$f,h California Lotto computer crash and its costly effects (S 14 1)

$m Computer problems delay California Lotto payouts (twice) (S 15 3)

h Calif. lottery computer gets ahead of itself; sales halted early (S 20 5:10)

Vm U.K. lottery terminals downed by satellite network breakdown (S 20 5:10; R 17 18)

f$ Arizona Lottery Pick 3 random number bug: 9 never picked; not so random after all (R 19 83)

H Cooperative database develops winning combinations for Dutch soccer scatchables with 1445 alternatives; competition cancelled (S 22 1:21)

$15.2M Pennsylvania lottery scam - post-fabricated ticket (S 13 3; R 6 77)

$h Programmer unauthorizedly limits sale of certain lottery tickets (S 15 3)

$f California lottery delayed; Daily 3 had flawed pseudorandom program (S 17 3)

h Oregon lottery coincidence (reported by Infobeat) caused by computer crash: winning numbers published before they were drawn by editor mistakenly using Virginia numbers after a crash! (R 20 94)

$f One-armed bandit chips "incompatible"; 70.6%, not 96.4% payoff (S 17 4)

$f Electronic Keno game beaten; pseudorandom sequence gets reset (S 19 3:10)

fS Unlosable casino game: browser click on back to undo loss; risk of negative bets for intentional losses subtracted from losses! (S 22 1:20)

@$Hhi Greyhound racetrack takes bets after race; NZ$7,000 payout (S 18 2;4)

$em Racetrack betting seriously impaired by degraded computer system (S 12 2)

$Vf Saratoga Race Track parimutuel computer down on opening day (S 14 6)

V$m Dog-track computer outage costs bettor $17,000 (S 19 2:2)

$ Breeders' Cup tote-board display crashes, reduces betting take (S 22 2:21)

Vm 1996 Melbourne Cup off-course betting computer fails (S 22 2:21, R 18 58))

$SH Russian cockroach race swindle involved altered computer files (S 22 2:21)

+/- U.S. Senate bans Internet gambling (R 19 89); U.S. House rejects bill restricting Internet gambling (R 20 95)

+ Co-owner of offshore online gambling business goes to prison (R 21 01; S 26 1:30)

+? Use of `unpredictable auditable random numbers' in casino/gaming systems, possibly relevant in elections? (R 22 57)

S? New cell phones well suited to wireless gambling (resembling the voting machine situation?)! (R 22 55)

$Vfmde Three Canadian Banks experience computer software screwups within one month: RBC account balances off for three days; CIBC untested upgrade crashes system, recovery caused double postings; TD Canada Trust two-hour outage disabled ATM/Web services (R 23 48; S 30 1:11)

1.18 Financial Frauds and Intentionally Caused Losses

$SHA See Bruce Schneier article on the Future of Fraud (R 20 08)

$SHOf TILT! Counterfeit pachinko cards send $588M down the chute (S 21 5:19); Pachinko cards suggested by a CIA briefing to hinder money laundering (S 22 1:18)

$SHI Volkswagen lost $260M to computer based foreign-exchange fraud (S 12 2) 5 people (4 insiders, 1 outsider) convicted, maximum sentence 6 years.

$SH Computer problems at BCCI; records "confused"? (S 16 4)

($)H Four financial frauds, each foiled (e.g., by luck) $70M Chicago First National, $54.1M Union Bank of Switzerland (S 13 3) 250M kroner Norwegian clearing house Bankenes Betalingsentral BBS (S 13 3) $15.2M Pennsylvania lottery scam - post-fabricated ticket (S 13 3)

$SH $70 million bank scam attempt; bogus request overdrew account (S 17 3)

$S Risks in CHIPS clearinghouse handling $1M/sec. $20M stolen in 1989, distributed widely; culprits caught but only $8M recovered (S 18 1:10)

$SHI Salomon Brothers scandal aided by misuse of database confirmations (S 16 4)

$SHO FBI arrests Emulex securities and wire fraud suspect in stock manipulation hoax (R 21 04; S 26 1:27) with stock plummeting 62% in one day; Mark Simeon Jakob pleads guilty, 29 Dec 2000, surrendered $54,000 in cash to court; sentenced on 7 Aug 2001 to nearly four years in prison.

$SHO Jason Diekman settlement: $272,826 for perpetuating false information on the Internet and profiting from stock fluctuations in Just Toys Inc. and The Havana Republic (R 21 04; S 26 1:27-28)

$SHOA/I Russian hacker Vladimir Levin breaks Citibank security (S 20 5:13), sentenced to 3 years in jail (R 19 61) $10 million transferred, but most of it recovered

$SH $15.1M fraud accidentally foiled because of a computer error (S 13 2)

$SH $9.5M computer-based check fraud paid legitimate DCASR invoice (S 13 2)

$SH Czech hackers allegedly rob banks of $1.9M (S 22 2:22)

$H European Community study of fraud on the Internet (R 19 13)

$SHI Olympia WA HealthDept check scam detected; four indicted (S 18 1:12)

$SHI Military pay fraud nets $169,000 using bogus account (S 23 1:14, R 19 26)

$SHO Plot to tap British bank/credit-card information by higher-tech gang revealed by coerced software expert in jail (R 18 70)

SHAO Chinese hackers who transferred 720,000 yuan to their own bank accounts sentenced to death (R 20 14)

@SHI Massachusetts welfare fraud investigators fired: tax-record misuse (S 22 1:20)

@$S Risks of Conn. fingerprinting system to catch welfare recipients (R 18 69) Also, note earlier NY Medicaid proposal (R 13 40)

fe Software incompatibility hinders Florida fingerprint system (R 20 02)

$SHI Teller embezzles $15K, caught by computer audit-trail (S 19 3:10)

$SH Brussels BNP branch hit by BFr 245M computer fraud (S 19 1:6)

$SHI Joseph Jett, Kidder Peabody, created $350M phantom profits, got bonus of $9M; scheme undetected by KP oversight (double meaning not a pun) (S 19 4:12)

$SH U.K. computerized bank fraud nets £1M (S 14 2)

$SH 1993 Prague computer crime up 75.2% including a $1.2M transfer (S 19 1:7)

$SH $1.2M Czech computer fraud culprit gets 8 years in jail (S 19 2:7)

$SHI Japanese bank workers steal 140 million yen by PC (S 20 2:12)

$SHI Bank executive in Malaysia transfers $1.5M (S 15 5)

$SHI $550,000 Tokyo bank fraud suspected in funds transfers (S 19 2:6)

$SHI Beijing Hotel managers embezzle $9K by rigging billing records (S 19 4:13)

$H Chemicals cause checks to disappear, bogus checks clear and vanish (S 13 3)

$SHA Foiled counterfeiting of 7,700 ATM cards using codes in database (S 14 2); five admit automated teller scam (Mark Koenig) (S 14 5)

SHO Italian thieves use bank cards, PINs, captured with bogus machine (S 17 4)

$SHf Is a cleared check really like money in the bank? NO! Another scam (R 22 44-45)

$SHAOei Bogus Yahoo e-mail gathers credit-card numbers from unsuspecting people (R 22 31)

$SH Bogus ATM used to steal PINs, withdraw $100,000; two arrested (S 18 3:A9) 2 arrested; 300 accounts hit at 50 banks; $12M in fraud activity (R 14 85)

$SHP UK stolen ATM captures IDs/PINS, enables 250K-pound theft (S 19 4:12)

SH$ Phony ATM installed on High St in London, nets £120K (R 17 34)

SH Theft of entire ATM bungled in British Columbia (R 19 20)

$fSH Instant money: Bogus deposit exploits ATM flaw (S 22 2:21)

$SHAOei NY Municipal Credit Union victim of massive ATM fraud following 11 Sep 2001 outage; unchecked access (R 22 19)

$SHO Polish gang carries out ATM fraud in Israel (S 22 2:23)

@$SH 1994 UK National Audit Office report on computer misuse in government: 140% increase; 655 cases, 111 successful; £1.5M defrauded; misuse; 350% increase in viruses; 433 computer thefts, worth £1.2M (S 20 3:11)

$SH European cyberfraud: $150K phone calls, $400K Dell losses (SAC 13 3)

$SH Cybercrime losses double to $10 billion; 485,000 credit-card numbers stolen from e-commerce site; hacking credit cards is preposterously easy; (Credit-card fraud worldwide is reportedly just under $1 billon a year, at about .7 percent of gross. It represents only about 2% of banking losses. PGN) (R 20 85)

$SP Professor stole 40 student SSNs and IDs to get credit cards (R 21 02; S 26 1:38)

$S International credit-card fraud growing. On-line fraud is estimated at $24 million per day (R 21 36)

$SHfe Stolen ATM card nets $346,770; limits inoperative (S 20 2:12)

$SH Health cards used to rip off ATM for $100K (S 20 3:12)

SH Bogus card reader opens ATM door and helps capture IDs and PINs (S 19 3:10)

@$SP Barclays credit system voice-mail hack gives sensitive info (S 18 1:20)

@$SH U.Texas Dean's conferred password used to misappropriate $16,200 (S 17 3)

$H Two charged with computer fraud in jewelry store credit scam (S 18 2:14)

$SH Reservation computer fraud nets 50M AA frequent flier miles (S 14 1)

$SHI Frequent flier computer scam nets 1.7 million bonus miles (S 14 2); Prison terms for travel agents in AA FreqFlyer ticketing fraud (S 16 2)

$SH $Millions of bogus airline ticket sold in Phoenix (S 14 6)

$fH Reversing air return/depart dates fakes out reservation computers (S 14 6)

$SH Bogus computer message nets 44 kilos of gold from Brinks (S 14 2)

$H `Credit doctors' sell clean credit records to high-risk clients (S 13 4)

$SPH ASIS seminar reported $15M in 1991 Medicare fraud penalties (S 18 1:21)

SH Wall St audit trail off enables $28.8M computer fraud (S 12 4) [bogus???]

$H Hertz computer system kept two sets of books for accidents (S 13 2)

$h Hertz charged $5 for gas if < 50 miles driven and tank filled (S 18 2:9)

$H Value Rent-A-Car system charged for bogus 5 gallons (S 18 2:9)

$SH NYC gas pumps rigged to deliver less fuel than charged (S 18 4:3)

$SH Harrah's $1.7 Million payoff internal fraud - Trojan horse chip? (S 8 5) 11 indicted (17 riggings in 3 yrs); `winner' later found dead (stoolie?)

$SH Computer-generated Dartmouth graduation tickets sold for $15 (S 19 4:12)

$h Manual card-swipe gains weeks in taxi charge float (R 20 02)

SH States (MO, NJ, TX) crack down on "cyberfraud" (S 19 4:10)

SHOI Italian police stop digital bank robberies with bogus shadow system; 21 arrested (R 21 08; S 26 1:25)

SHOA Linear search nets 17,000 bank records from GST Startup certificate suppliers (R 20 94)

..... Tax fraud and tax data misuse:

$SHAI Massive NY City tax fraud wipes out $13M in taxes; many implicated (S 22 2:23,R 18 63)

$SH Dublin tax collectors faked VAT repayments by spoofing computer (S 12 4)

$SH 45 phony computerized IRS tax returns net $325,000 in refunds (S 14 6)

$SH Computer-filed tax returns net $100K in refunds from bogus W-2s (S 18 1:14)

$SH Tax preparer accused by IRS of $1.1M fraud, 431 false electronic claims; Congressional hearing discloses inmates creating bogus returns; 61,000 bogus returns in 1st 10 months of 1993 totalling $110M (S 19 2:5-6)

$HI Store owner hid $17.1M sales, avoided $6.7M in taxes; cost: $15M (S 18 4:7)

$H Point-of-sale tax evasion via software data diddling in Quebec (S 23 3:25, R 19 48)

SHI IRS agent accused of giving defendant tax data on judges/jurors/... (S 16 3)

SH Thief nabs tax preparer's computer, generously returns floppies (S 13 3)

SPI Risks of IRS outsourcing processing of tax returns (R 18 81,82,87)

mfP Off-by-one error reveals other people's tax details (S 18 3:A6)

fP Connecticut unemployment insurance folks mail out "off by one" tax letters with information on other people (S 27 3:9, R 21 90)

..... ATM and credit-card fraud:

$SH US Coast Guard accessed Customs' computer to transfer $8M (S 12 3)

$SH ATM money dispensers blocked and emptied later by youths (S 11 5)

$SH Barclays Bank hacked for £440,000? (S 11 5)

$SH 5 British banks penetrated, blackmail attempt to disclose method (S 16 1)

?$SH Cyberterrorists blackmail banks and financial institutions (this was in an article with considerable hype) (R 18 17,24)

$SH MasterCard lost $381M in 1991, Visa lost $259M in 1989 to card fraud; Credit-card fraud investigations of computer misuse in San Diego (S 17 3)

$SHI Visa victim of PC theft with info on 314,000 credit-card accounts (R 18 62)

@SH Nasty scam exploiting Y2K card authorization expirations (R 18 68)

$SH Risks of credit-card numbers being sniffed (R 17 69,71,76, S 21 4, SAC 14 3)

$S FBI sting nabs man trying to sell 100,000 credit-card data items for $260K (S 22 5:14)

$SPH 2,300 credit-card numbers stolen from ESPN Sportszone, NBA.com (R 19 24)

$SHI Tower Record credit-card info offloading; 2 convicted (S 21 4, R 18 02)

SHI Time Inc. employee peddles credit-card information (to detectives) (S 17 4)

$SHI NJ car dealership in theft of 450 credit-card numbers, almost $4M (S 19 2:7)

$SHIO 40 arrested (9 postal workers) in massive D.C. credit-card fraud (S 19 2:7)

$SH 3 Britons charged with 2.5M pound European credit-card fraud (S 19 2:8)

$SHO 2 computer crackers sentenced for $28M MCI credit-card fraud (SAC 13 3)

$SH ATMs gave $140,000 on Visa card over weekend - software glitch (S 11 2)

fSA SW failure in UK credit-card authentication system (S 21 2:18)

$VmA Diner's Club authentication in Belgium out; Royal Bank transmission failure in Canada affects many (R 20 02)

$SHOf Thief gets $63,900 with stolen ATM card&PIN, ATM program error (S 17 2)

$SHAf Security Pacific ATM theft bypasses PINs, limits, nets $350,000 (S 14 1)

$SHfe Australian Westpac ATMs big losses (IMS 2.2 installed untested) (S 12 3)

$ef Australian Westpac Internet Banking upgrade problems lock out customers over the weekend (R 23 59)

$SHA $1800 card maker and spied PIN numbers nets $86K from ATMs (S 12 3)

$SHA PC spoofed Italian bancomat ATM, ate cards after capturing PINs (S 14 1)

$SHI UK Clydesdale Bank cash machine fraud; insider job suspected (S 16 2) bank engineer records ATM PINs, fabricates cards, takes money (S 17 3)

$SHrf ATM accepted lollipop cardboard as $1M (New Zealand) deposit (S 11 5)

$Hhf Two cases of erroneous deposits $95,093.35 and $520,000 (R 17 32,35)

$ 525K Smith Barney customers credited temporarily with $19M each (S 22 5:13)

$SH ATM scam gets PINs for stolen cards in Boulder (S 13 4)

$SH UK banks suffer phantom ATM withdrawals, ATM removals! (S 17 3)

@$SH 550 felonies in 1991 for SSN misuse; 12 people adopt a single SSN; $10,000 charge loss; 5 people cleaned out someone else's benefits (S 16 4)

$H Scholarship scam used to gain SSNs, bank and credit-card numbers (S 18 1:14)

$SHI Social (In)Security employees sold 11,000 SSNs to activate cards stolen in the mail (S 21 4),(R 18 02)

SPhi US POWs in Iraq have their Social Security numbers revealed; implications discussed once again (R 22 67-70)

P Virginia appeals court bans use of SSNs in voter registration (S 18 3:A11)

SH Japanese department-store credit-card fraud case; incidents are increasing (R 20 77)

$H Japanese BBoard fraud traps passwords, gains money; culprit caught (S 17 4)

$Hhi Greyhound racetrack takes bets after race; NZ$7,000 payout (S 18 2;4)

$SHf Firmware bugs in Dutch gambling machines easy to exploit (S 13 4)

$f Bug in Queensland gambling machines scrambles checking facility (S 17 2)

$SHO Sierra On-Line gaming site cracked (R 19 52)

$SHOIA Risks of offshore Internet gambling (S 23 1:14, R 19 27)

$SH Hackers and others win big in attacks on CryptoLogic Internet casino one rigged for $1.9 million (S 27 1:12-13, R 21 67,69)

+ Federal prosecutors indict offshore Internet gambling operators (R 19 63)

@+/- Senate bans Internet gambling (R 19 89)

$H Video quiz game scam - teams of "experts" with right answers (S 11 5)

$fH Students cheat Brit.Telecom, gain £68,000 in contest (S 17 4)

$H West German crackers use knowledge of Poker game machine programs for big payoffs. 160,000 machines at risk. (S 12 3)

$SPH Brazilian bank reserve data disappears; political link? (S 18 2:15)

$SPH Kuwait Investment Off. diskettes stolen from Spanish Govt. (S 18 2:16)

$$H Nick Leeson's Barings losses predate new risk-management system (S 20 3:7)

$H Savings and Loan defaults linked to internal fraud, creative mismanagement. What could computers have done for S&Ls to prevent fraud/abuse? (S 14 2)

$SH 1987: FBI estimates average computer fraud $650K, total $3B-$5B/year (S 12 3) and $1.5M average for computer frauds in financial institutions [old data as of then?]

$SH 2002: U.S. Computer crime way up, says FBI (S 27 3:11, R 22 03)

$H Customs Service back-dates computer clock at end of fiscal year (S 14 5)

$H Alleged fraud in computer billing services (S 14 5)

SH Risks in check forgery (S 15 1)

1.19 Stock-Market Phenomena

$hi UBS Warburg trader's error causes multi-million-dollar loss on Tokyo Stock Exchange in trading Dentsu Inc. (S 27 2:5, R 21 81)

$h German stock exchange bond futures goof: wrong buttons (S 24 3:25, R 20 09)

$f Multiple stock transactions result from blocked confirmation (S 13 1)

$f Midwest Stock Exch 13-yr error redirected $Millions in broker fees (S 17 1)

$HI Bre-X Minerals gold scam (Indonesian no-gold) causes unprecendented trading, crashing Toronto Stock Exchange computer system (R 19 09); Bre-X, stock from $200 to .06, files for bankruptcy (news item, 9 May 1997)

$ Computer-induced big stock-market swings (S 11 2, 11 5)

$rf Vancouver Stock Index lost 574 points over 22 months - roundoff (S 9 1)

$f Wild stock trade swing reports suppressed on 13 Oct 89 (S 15 1)

$f Quotron SW problem gives wild swings in Dow Jones Industrial Ave (S 15 1)

f E*Trade Market Watch shows Dow Jones average at $1, down $10936.88 (R 20 56)

f Another D10K problem? DATEK reports Dow Jones Industrial Average at $0.20, down $10031.08 (presumably instead of $10000.20, down $31.08) - perhaps a result of earlier D10K fixes? (R 21 28)

$f London Stock Market index quotes down for 2 1/3 hrs [23Jan1990] (S 15 2)

$hi Reuters/ZDNet typo (TMCO instead of TMCS) causes wild stock fluctuations (R 20 11)

f(h?) NYSE and derived sites temporarily reported Motorola stock drops 99.95% to one penny (R 21 56)

f/h? Stock listing error: IBM at 0 1/16, down 88 1/2; implications? (S 17 1)

$h Milano stock falls 20% due to typing error (S 19 1:5)

f$ Dutch price index wrong due to software error (R 22 84)

e Bureau of Labor Statistics Producer Price Index delayed significantly by upgrade complexities (R 23 27)

$f Computer malfunction causes panic selling at Hong Kong stock exchange (S 22 2:20)

V$m NY Stock Exch. halted for 41 minutes; drum channel errors killed primary and backup computer systems [24Feb1972]

V$fe SW update halts NY Stock Exchange for one hour [18Dec1995] (S 21 2:16)

V$m(h?) Voltage-dip power glitch downs NYSE for 24 minutes [22Oct1991] (S 17 1)

Vm NY Stock Exchange computers crash for about an hour [26Oct1998] (R 20 05)

he$ Software upgrade disables half of NY Stock Exchange stocks (S 26 6:9, R 21 46)

V$m London Stock Exchange computer system crashes [23May1986]

$hfe London Stock Exchange horrors on cutover to new system (S 12 1)

$S London Stock Exchange "Taurus" problems in paperless authorization (S 17 2)

$df Chicago's Globex trading system delays, critical test fails (S 17 3)

V$m Hurricane Gloria in NY closes Midwest Stock Exchange (S 11 1)

$eV Missing full-stop (.) in software change crashed New Zealand's stock exchange for five hours (R 22 87)

mf Stock market problems in 27-28 Oct 1997 fluctuations (S 23 1:10, R 19 29)

V$m Nasdaq OTC stock trading halted for 3 hours (S 12 1)

V$f E-Trade computers crash repeatedly (S 24 3:25,R 20 20)

V$ef Schwab's e-brokerage crashes (S 24 3:25, R 20 23)

V$ma Squirrel arcs power, halts Nasdaq computers (S 13 1)

V$ma Another Nasdaq squirrel 34 min outage, backup power fails (S 19 4:5-6)

V$de/m SW upgrade downs Nasdaq for 2.5 hrs, backup fails (S 19 4:5-6)

$Vhe Network Solutions goof bumps Nasdaq off the Internet (S 23 1:10, R 19 34)

$Vrih NASD loses records on 20,000 brokers (S 22 4:26, R 18 82)

V$df Alberta Stock Exchange shuts down again, 3rd time in 1997 (S 22 4:25, R 18 89)

V$m Telstra's Haymarket exchange overloaded, crashing bank computers, data/fax lines for an hour in Sydney; 1000 manual resets needed (R 19 90)

V$rfh Singapore Stock Exchange outage crashed repeatedly due to interaction with backup system (R 20 47)

ef DB upgrade causes crash of Italian online stock trading (R 20 95)

$Vdfh Johannesburg Stock Exchange computer fails, again (S 22 1:17)

$V$m Toronto Stock Exchange down 3 hours; multiple disk failures (S 14 6)

SH Toronto Stock Exchange virus scare causes all-night search (S 18 2:16)

V$m Five NY futures market shut down; uncertainty over cause (S 15 3)

$S GAO finds computer security at stock exchanges vulnerable (S 15 2)

$S Stock Exchange network security flawed, lacked risk analysis (S 16 4)

$H Chicago Bd of Trade automating commodities markets to hinder fraud (S 16 4)

$h Salomon accidental stock sale, value in $ entered in shares column (S 17 3)

h Elbow on keyboard causes 145 sell orders (for 14,500 government bonds) on French futures exchange (R 20 04)

$reh Spanish bank accidentally buys many shares because of bounds check missing after Euro cutover (R 20 20)

$h Bear Stearns' erroneous order to sell $4B stock instead of $4M (R 22 28)

$ Euro changeover computational problems (R 21 70-71); bank assets disappear during Euro changeover (R 21 73); bank credits 300,000 euros instead of pesetas (R 21 78)

$h Iomega stock volatility blamed on AOL postings (R 17 91)

$h Computer glitch on Citicorp merger alters Dow Jones industrial average (R 20 03)

*SH Spoofed press release on Aastrom Biosciences Web site announcing merger with Geron caused stock rumbles (R 20 81)

$h Leaving a field blank temporarily wipes out 13.2B£ in stock selloff (R 20 57)

i$ Mistaken order on Chicago Board of Trade's E-Mini Dow Jones Industrial Average Futures caused wild market swings: 10,000 contracts instead of 100 (R 22 79-82)

e Risks of Dow-Jones over 10,000: D10K (R 19 64,73); no big deal - nothing adverse happened.

reh Berkshire-Hathaway 1st NYSE stock to exceed $10,000 per share (S 18 1:9); Warren Buffet's never-split NYSE Berkshire Hathaway stock quotes BRK.A reach $32768 per share, must be entered by hand, blowing on-line databases (R 19 64); similar events in Australian stock market (R 19 70)

if$ Software allows SEC stock-ownership limit violation (R 22 83)

1.20 Telephone Frauds

$SHOA Increasing phone fraud, switch cracking (E.Andrews, NY Times, 28Aug91) Mitsubishi lost $430,000 in 1990, P&G lost $300,000 in l988. NY City Human Resources Administration lost $529,000 in 1987. WRL lost $106,776 in 3 wks. CIA PBX cracked as well... (S 16 4)

$SH $4B phone fraud per year reportedly due to organized crime rings (S 18 3:A7)

$SHO Nevada teens `blue-box' $650,000 in phone calls (S 13 4)

$SHO Canadian $500K phone fraud from altered voice-mail messages (S 19 2:8)

SHAO Pacific Bell voice-mailboxes hacked, bogus messages and passwords (S 19 2:8)

$SHAO Zotos switchboard cracked for $75K in calls (S 13 4)

$SHA Phone credit-card numbers stolen from computer. $500M total? (S 12 3)

$SHO Netfill porn access scams 900,000 credit cards (R 20 37)

$SH Bogus cellular phone chip permitted free calls ($100M/year?); Secret Service developed SW patch, blocking 5000 calls the first day! (S 16 3)

$SH Buyers of hot cracked Italian portable phone pay seller's calls (S 17 2)

$SH US Sprint, computer penetrations, free calls, arrests (S 12 4)

$SHA Crackers attack phone information systems and switches; arrests (S 13 4)

$SHAO AT&T computers penetrated by Herbert Zinn, Jr. (`Shadow Hawk'); $1M program previewed (S 12 4); sentenced; more background (S 14 2)

$SHAO Pac*Bell System computer attacker Kevin Mitnick arrested (S 14 1); further background (S 14 2); sentenced to year in prison (S 14 6); Leonard DiCicco pleaded guilty to aiding Mitnick in DEC SW theft (S 15 1); Kevin Mitnick arrested again after hi-tech tracking (S 20 3:12)(SAC 13 3); Mitnick's Defensive Thinking Web server vandalized twice (R 22 55)

$SH Corte Madera CA teenagers arrested for $150,000 in phone calls (S 13 3)

$SH Milwaukee computerized phone phreaking (S 14 2)

Sfh Risks of modern PABXs and digital phones (R 19 52)

SHAO Many telephone answering machines remotely accessible by anyone (S 13 3)

Sf Security problems in Deutsche Telekom T-Net-Box answering machine (R 19 29)

Sf Remote-access phone security discussed; serious risks (S 18 4:8)

S Sprint account balances freely accessible; potentials for misuse (S 16 3)

$hH NY Telephone free long-distance calls due to software glitch (S 14 5)

$SHf Ringback number glitch in Ireland permitted free calls for 2 wks (S 16 4)

$S Computer intruders access NASA phones. $12M in calls? (S 16 1)

$SH Staten Island youths arrested for voice-mail misuse (S 16 1)

$SH WA prison inmates phreak Fone America via collect-call indirection (S 17 1)

$SH Swedish phone system free call-back from payphones (S 17 1)

$(f/h) Canada's Bell Millennium payphones give free calls to anywhere; flaw widely known and exploited for 6 days before being fixed (R 21 41)

$f SW flaw in payphones allowed free phonecard calls (S 16 1)

$SH Customer-owned payphones Trojaned to steal credit-card numbers (S 16 3)

f Software bug downs half of New Zealand Telecom's payphones (R 22 86-87)

$SH Japanese Daiwa Bank hit by prison inmates' phone fraud (S 18 2:16)

$SH $85,000 phone fraud on Minnesota Representative's account (S 18 3:A7)

$SHO Phone calls to Moldova result from porn scam (R 18 80,83,84,87); 38,000 customers get credits or refunds totalling $2.74M (R 19 45)

$SH Prisoner gets free calls by spoofing victim's call forwarding (S 18 4:6)

$SH Plumber call-forwards his competitors' phones (S 20 2:12)

SH$ Emergency call-boxes ripped off, cell-phone serial nos. reused (R 17 35)

SH$ German telephone card system cracked, many free calls made (R 17 36)

SHf$ British Telecom replaces payphone software after flaw exploited (R 17 36)

SH Rigged phone trapdoor enabled priority NBA playoff tickets (S 18 4:7)

@$SH Aussie Cracker charged with phone fraud, accessed US computers (S 16 4)

- Connecticut Dept of Public Utility Control gets slammed (long-distance carrier changed) (R 18 69)

1.21 Other Telephone and Communication Problems

!hi Death of 5-year-old boy due to SF 911 computer equipment failure (S 12 2) Ultimately blamed on terminal operator failing to press a button.

@!f CADMAS 911 dispatch SW problem contributed to woman's death (S 16 1)

!f Emergency dispatch EMS SW truncates address, man dies (R 11.55,57,60)

!f 911 software discarded updated address in fatal Chicago area fire (S 17 1)

!e Computer delays response to fatal fire; faulty reload blamed (S 18 2:13)

!f Incorrect 911 call redirection blamed in Massachusetts murder (S 18 2:13)

h Role of 911 in Atlanta Olympics bombing aftermath: see transcript (R 18 35)

VSH Swedish cracker disrupts 11 north Florida 911 Systems (R 18 90)

*V$f Nationwide AT&T congestion [Martin Luther King Day, 15Jan1990] The official AT&T report with further comments (R 9 63): fault-recovery fault propagates [See Telephony, 22Jan1990, p.11.]; attributed to "switch"..."if"..."break" in SS-7 (S 15 2); Relation of AT&T congestion with SDI testimony of Sol Buchsbaum (S 15 2); Cf. 1990 ARPAnet collapse: PGNeumann, Risk of the Year, COMPASS 1990.

*V$fe Signaling System 7 protocol implementations again cause extensive phone outages: WashDC (6.7M lines), Los Angeles, 27Jun91; Pittsburgh (1M lines): SW flaw: DSC Comm small patch installed without regular testing. (S 16 3) FCC report implicates typing mistake (6 instead of D), faulty data, clock failures, and other triggering events (S 17 1)

*V$h AT&T standby generator accidentally not configured, backup batteries drained, 4-hour outage in 4 ESS closes 3 NY airports, 17Sep91. The two knowledgeable people were in a class on the power-room alarms! Alarms had been disconnected because of construction triggering them (S 16 4); FAA review concludes: 5M calls blocked, air travel crippled, 1,174 flights cancelled/delayed (S 17 1)

Vfe$ AT&T frame-relay network interruption (S 23 4:21); "unique sequence of software flaws" (R 19 72)

Vm Lucent loses all connectivity in Allentown PA; AT&T lost over 400 T3 lines, forcing rerouting and a further outage; fascinating propagation case (R 20 05)

V$hm AT&T Canada fibre-optic frame-relay link cut affects computers, phone lines, Bank of Nova Scotia, southern Ontario (S 24 3:26, R 20 13)

Ve MCI WorldCom frame-relay network problems, 5 Aug 1999, due to Lucent hardware/software upgrade; CBoT, ATMs, etc. affected (R 20 54)

Vfe Phone system outage on 925/510 split cutover; cable modem good backup (R 19 95)

Vm Most of Schenectady NY telephone exchanges downed for 24 hours by water-main break (R 21 18)

m Heavy rains take out State Department phone service for 2 hours, backup batteries out because of earlier fire (R 20 93; S 26 1:21)

$mh Drop of welding material causes fire that affected 27 cables, telephone service for 25,000 (R 20 93; S 26 1:21)

m Algeria earthquake cuts Internet connectivity of major Greek ISP (R 22 75, S 28 6:8)

Vm Australian largest undersea Internet cable severed, disrupting 60% of Telstra international traffic (R 21 13)

*m$ Backhoe takes down Telstra service in New South Wales from North Sydney to Queensland border (R 21 41,44)

!f 320K calls in hour for Garth Brooks concert tickets block 911 (S 17 4)

*VH Toronto 15-yr-old paralyzes 911 emergency system (S 18 1:14)

*mf Complaints on failed Dutch newspaper presses saturate phone system, which converts 650611 calls into 0611, national emergency number (S 18 1:12)

*VSH Ex-employee Trojan-horses emergency system, which fails (S 17 4)

i Accidental redial phones and alarms mother, who calls police (S 19 4:5)

Vm Blown fuse takes out Iowa 911 system (S 22 2:21)

Ve Bell Atlantic 411 outage for several hours; backup failed also (S 22 2:21)

Vhm Cut telephone line induces emergency response (R 20 11)

*V$H Thieves steal live Sprint telephone switching equipment (R 20 15)

V(f/m?) Swedish telephone outage (S 24 4:27, R 20 29)

fh C&P Tel glitch converts not-in-service messages to circuits-busy (S 18 4:5)

*Vh Chicago phone cable cut, 150K people and O'Hare flights affected (S 16 1), and subsequent discussion by R.I.Cook on multiple failures (S 16 1)

VSH Vandals cut cable in Newark, slow NY-DC MCI service for 4 hours (S 20 1:21)

$*Vhe AT&T fiber-optic cable cut in removing old cable [4Jan1991], affecting commodities markets, NY air traffic ctl, flights, phone calls (S 16 1,2)

$*Vh 2 fiber cables severed in Annandale VA, 14 Jun 1991, 80K circuits affecting AP, UPI, Pentagon (R 11 92, S 16 3)

*$Vm Sprint long-distance out for 3.5hrs, 15 Jul 1991, due to fiber-optic cable cut in San Fran East Bay Area; AT&T saturated by rerouting (S 16 3)

*Vm Portland OR area suffers fiber-optic phone cable cut, incl. 911 (S 17 1)

m Sliced fiber-optic cable in Lancaster PA disrupts local and long-distance phone service NY to MD (R 20 93; S 26 1:20-21); another outage in Massachusetts (R 20 97)

$Vhme Ground-cable removal blows Iowa City phone system upgrade (S 20 2:8)

Vm WorldCom cable cut near Jacksonville affects telephones, ISPs (R 19 88)

V$hm Massive fiber cut near Cleveland 29 Sep 1999 resulted from gas-company workers during construction, affected east-west traffic; various ISPs still down hours later (R 20 61-62)

V$m Baltimore train tunnel fire damaged fiber-optic cables, derailing Internet service, postponing Orioles games (R 21 54)

Vm Fire in Stockholm tunnel blacked out 50,000 people and high-tech companies (R 21 27)

Vm Deja vu: Stockholm power outage hits high-tech companies (S 27 6:10, R 22 11)

@$VSHm Attack on fibre-optic cables causes Lufthansa delays (S 20 2:12)

Vh Oregon Garbage truck worker wipes out telephone service (S 21 4:13)

*V(f/e?) Philadelphia 911 crash (S 19 3:8)

*me San Francisco 911 system still not working properly (S 21 2:19)

V(h/H) Merit (NSF) T3 fiber cable cut by backhoe; RISKS story bogused (S 18 1:6)

Vmh NY Tel cable cut causes extensive three-day disruptions (S 18 4:5)

Vm Campfire melts fiber-optic telephone cable in Connecticut (S 19 1:4)

Vm Severed MCI fiber-optic cable in NY cripples East Coast Internet and phones (R 19 82)

V$m Los Angeles fire knocks out phone service (S 19 3:7)

Vm MFS Communications switch fails, with widespread effects (S 23 1:10, R 19 39)

$Vm Mud slide cuts East-Coast MCI fiber, phones (S 19 3:7)

*m Optic fibre fragment kills Australian Telecom worker (S 19 1:4)

*$Ve SanFran outage 1Jul91: faulty clock maintenance; another a few days later (S 16 3)

*$Vmf Stamford CT 18-hour telephone switch outage affects 27,000 phone customers; two-minute atomic action atomizes #1A to #5 ESS cutover (S 15 3)

f Software fault prevents 76,000 Telstra customers in Brisbane from receiving phone calls (S 25 4:8, R 20 87)

Vde Netcom database upgrade indexing error makes half of Norway's cellphones go offline, after promotion of all-wireless service (R 23 90; S 30 4:24)

Vm Utility outage downs phone system, San Jose airport (S 19 4:9)

Vfm UMASS/Amherst has week-long phone degradation (S 19 4:9)

Vm 100,000 without phone service in Plano TX for 9 hrs (R 20 50)

Vf Motorola cell-phone software bug: accidental denials of service (R 17 26)

*Vhi SpaceCom technician omits <CR>, disables millions of pagers (S 20 5:8)

$Vfe Word Perfect upgrade crashes Utah phone system (S 15 5)

$Vf Software bug cripples Singapore phone lines (S 20 1:16)

V(h/f?) Cyprus village telephones disconnected: "computer error" (S 21 2:18)

Vmh Tele Denmark Internet downed by truck delivering Uninterruptible Power Supply (UPS) crashing into power cabinet (R 20 56)

fm UPS backup system burns up, cutting off power (R 20 91)

Vmfm Power coming back on causes UPS to lose power (R 20 55); more UPS problems (R 21 36,40,41)

f Sensors for load-shedding and for UPS start-up in conflict (R 21 49)

fe Brazilian telephone network upgrade for two extra dialled digits results in chaos (R 20 47)

re Fixed-length fields strike again: Israel Defense Forces automated systems need 10th digit for cell-phone numbers (R 23 21)

*h(V to others) Intentional total Moroccan communications blackout for 4 hrs after Hassan II died (R 20 50)

*$V(f/m/e/h?) British Telecom computer failure cuts off 42,000 (S 16 4)

$Ve East-coast 800 telephone numbers disabled by flaky SW upgrade (S 17 1)

Veh Upload of flawed AT&T SS7 translation database took out 800 service (R 19 39)

Vf The IBM "Gerry Johnson Bug" downs IBM global net (R 17 38-41,47)

$Vf ISDN SW bug causes half-day telephone outage in Hamburg (S 19 1:3)

Vmf Diagnostics stymied by loss of 37K lines due to tape malfunction (S 18 2:12)

Vm 42K Ohio Bell lines disrupted for 45 min due to CPU failure (S 18 2:12)

Vm 54K Ohio Bell lines disrupted for most of day by blown fuse (S 18 2:12)

$*Vm 21-hr Pacific Bell SF "Message Center" double HW failure (S 16 4)

Ve PacBell uploads corrupted database, disabling PCS digital telephone service (R 19 84)

$VSHm MacNeil/Lehrer reported on phone system risks, 20 Jan 1992 (S 17 2)

$(f/m/h?) One customer's telephone problems include nonoriginated two-party calls, false billings, incorrect numbers even when correctly dialed, multiple phone conversations on the same line, nonoriginated emergency calls. This saga prompted discussion of numerous other horror tales, plus hacking possibilities. (S 15 3)

h Erroneous Skytel paging network broadcast mushrooms, deluges 100,000 customers, some of whom received 300 calls an hour (R 18 75)

$f Pac Bell loses $51 million on lost phone-call charges (S 11 3)

$h AT&T goof disrupts toll-free calls; switchover botched (S 15 2)

$h Bell Canada misbills for 17,000 calls; exchanges exchanged (S 15 2)

$fe US West overcharges users by factor of 10 (S 16 4)

$h Illinois Bell bills customer for $8,709,800.33, not $87.98 (S 16 1)

$f 400 pay phones in Hackensack lost charges for half of the calls (S 11 3)

$fh 2M free long-distance calls blamed on "programming error" (S 17 4)

$fe GTE Sprint incomplete SW changes lost $10-$20M in Feb-Apr 1986 (S 11 3)

$fe GTE Sprint billing errors from botched daylight savings cutover (S 11 5)

$f 4,800 customers billed in error for telephone calls to Egypt (S 13 2)

$f 2M AT&T customers billed twice (S 13 2)

$f Hangups lost, calls billed at 999 minutes (average overcharge C$2,450) (S 13 4)

$f Bell Atlantic forgets AT&T charges in phone bill for 400K customers in D.C. area (R 19 57)

$f Brisbane telephone accounting - erroneous $900 bill (S 21 5:18)

$f/h? Computer error costs MCI $millions (S 21 5:13)

f Northern Telecom DMS-100 billing errors result from upgrade (R 19 38)

hd Utrecht phone-book database problems prevent publishing (R 17 38)

$Vm Sharks munch out on fiber-optic phone cables. $250,000/bite (S 12 3)

$Vm Fiber optic cables can self-destruct at high temperatures (S 17 1)

Vmfh April First 1998, a bad day for high tech in Holland: cable cut downs phone service, BeaNet transaction system down, Postbank maintenance problem (S 23 4:21)

*he Vodafone Spain's network down for almost 7 hours after botched "basic maintenance" (R 22 59)

*f U.Iowa phone system program limitation - ringing forward to busy, phones incompatible: explosion or fire if misconnected (S 12 3)

*$Vfe Michigan Bell ESS office, 2 long outages. SW updates in progress. (S 11 3)

*$V 707 area code (above San Fran.) shut down completely for 5 hours (S 11 5)

$*V Atlanta telephone system down for 2 hours (S 11 5)

*$V C&P computer crashes 44,000 DC phones (S 11 1)

*$V Dallas 4-ESS, backup down for most of day, area code 214 isolated (S 12 2)

$Vf Program glitch disrupts PacBell 619 calls (So.Cal) for most of day (S 12 4)

*V(f?) Computer `bug' downs 1000s of phones in Vancouver for an hour (S 13 4)

$Vfe Improper SW upgrade disrupts NY Tel Poughkeepsie-area for 21 hrs (S 12 4)

*Vfe 30,000 phone lines in San Luis Obispo out due to faulty upgrade (S 16 1)

$Vfe SW upgrade glitch shuts down phones for 4 hours in Minneapolis (S 12 4)

Vm Snowstorms cause telecommuting phone-line tie-ups (R 17 61)

$Vf Week-long voice-mail snafu in Boulder (US West) (S 16 2)

Vm/f? PacBell voice-mail system failure 25 Jul 1998 due to cable cut or software upgrade? (R 19 89)

(h/f/m?) 60,000 Demon Internet e-mail messages go astray/delayed (S 21 2:18)

$f C&P computer "tape flaws" delay 100,000 bills by two months (S 11 5)

f(h?) Bell Atlantic sends mistaken notices of area-code change (S 20 5:10)

$Vf 1979 AT&T program bug downed phone service to Greece for months (S 10 3:8)

*V World Series ticket orders block phone exchanges, 911 for 3 hrs (S 13 1)

Vh France '98 World Cup soccer ticket massive telephone overload (R 19 71,73)

Vm$ Qwest overload problem: 500,000 calls per hour blocked (R 22 24)

@Vh Star Wars Phantom Menace tchatchkis bring down eBay server on 3 May 1999; Amazon had no troubles (different system types) (R 20 38)

!Vfm 41-year-old died while NYC's 911 system was down due to test-induced failure (R 20 39)

*Vm Los Angeles computer blamed for 911 system crashes (S 14 2)

Vdf Tacoma, WA 911 computer system problems (S 23 4:22)

$fM Ghost phone calls to 911 from cordless phone interference (S 11 2)

mMe More ghost phone 911 calls resulting from phone system changes (R 18 71,72) and related number compatibility issues (R 18 72).

SfM More cordless phone problems; interference again calls 911! (S 18 4:6)

+=- US West discovered its 911 lines were too silent, added noise (R 19 41); similar problem with Lexus engines (R 19 42)

m North Yorkshire UK emergency call-center power-supply problem (R 22 20)

*im Communications errors delay response to San Francisco fire (R 18 68)

*S Telephone sales pitch computer calls emergency broadcast number (S 12 2)

VSh Ross Perot's high voice tone shuts down newspaper phone hotline (S 19 2:10)

$hi Swedish phone bill of $2600 - program error plus human error (S 11 5)

$ Salem OR library computer racks up $1328 in phone calls (S 12 1)

$i Some risks of reaching someone else's phone number (S 12 4)

i Canadian government toll-free number for safe boating recycled to phone-sex line (R 23 84)

fh Computer blamed; Yorkshire cricket fans reach sex hot-line (S 15 1)

i One-run computer discrepancy in India-WestIndies cricket score causes critical confusion (R 22 11)

$a Dog trained to reach out and touch 911 dials 900 numbers (S 16 1)

i Risk of snowbound east-coast bookstore phones forwarded west (R 18 65)

f SOUNDEX algorithm for directory enquiries fails for Gaelic, French (S 17 4)

fi Calling Number ID (CNID) ghost calls (S 20 3:10)

@SP CNID: negative ruling in California, free per-call blocking in Vermont; approved in 20 states, Washington D.C., and Canada (S 17 2)

P Anonymous-call rejection to "balance" the effects of calling number ID blocking (R 19 83)

f CNID fails to block in 510, 415 for four weeks (S 22 4:31, R 18 82)

fh Monitoring systems cause unintended changes in Bell Canada operator behavior [and Metro Toronto Police] (S 18 2:6)

- Bezeq (Israeli telco) writes form letter to a public payphone (S 18 2:13)

+ Fax services for prayer, confession; beeper for Messiah arrival (S 18 2:13)

+ Success: SW permitted AT&T to reconfigure after Hurricane Andrew (S 18 1:5)

..... Communication satellite problems

fh Satellite transmission snafu leads to diplomatic incident (S 23 1:11, R 19 26)

$Vm* Galaxy IV malfunction causes massive pager outages, with backup also failing (S 23 5:25, R 19 75-77); two other Hughes HS601 satellites failed, but backup worked: Galaxy VII's primary control processor on 14 Jun 1998, and another satellite used by 3.7 million subscribers of DirecTV, on 4 July 1998 (R 19 85); overdependence on satellites and pagers (R 19 76,78,81); primary failure still unknown, backup failure due to crystal buildup in switch (R 19 93)

Vm GE-3 satellite spin cuts news services incl. AP, 12 Mar 1999 (R 20 25)

Vm Indian satellite power failure leads to abandonment (S 23 1:11, R 19 41)

@Vm U.K. lottery terminals downed by satellite network breakdown (S 20 5:10; R 17 18)

..... Other computer network and ISP problems

Vrf ARPAnet ground to a complete halt; accidentally-propagated status-message virus [27Oct1980] (S 6 1: Reference - Eric Rosen, "Vulnerabilities of network control protocols", SEN, January 1981, pp. 6-8)

Vrfd ARPAnet loses New England despite 7-trunk "redundancy"; one accidental cable cut in White Plains knocks out all 7 links, 12 Dec 1986 (S 12 1)

Vhef Internet routing black hole cuts off ISPs; MAI Network Services routing table errors directed 50,000 routing addresses to MAI; InterNIC goof as well, 23 Apr 1997 (S 22 4:25, R 19 12)

Vm Explosion causes Internet blackout in New England (S 23 1:10, R 19 29,30)

Vhe DNS upgrade causes e-mail black hole (R 20 25)

Ve Internet nameserver problem affects .com and .net, 16-17 Jul 1997 (S 22 5:13)

fh "Unfixable" error in InterNIC Whois database with name confusion: another Catch-22 (R 19 77)

- ICANN takes hits from lawmakers (R 22 90)

Vm UK ISP suffers three-fold power loss: public grid, backup generator, and standby batteries (R 22 69; S 28 4:6)

m Added note on risks of systems maintenance taking place in a different time zone (re: .COM, .NET DNS tables) (R 19 35)

Vf "Redundant" Finnet virtual circuits both fail (S 22 4:27, R 18 76)

@Vhef Internet routing black hole cuts off ISPs; MAI Network Services routing table errors directed 50,000 routing addresses to MAI; InterNIC goof as well [23Apr1997] (S 22 4:25, R 19 12)

VSH Network Solutions blocks bulk accesses to whois database (R 19 96)

m/f/h? Root servers used by Network Solutions failed (R 21 03; S 26 1:18-19)

@Vhe Network Solutions goof bumps Nasdaq off the Internet (S 23 1:10, R 19 34)

f Nasdaq glitch duplicates reports for stocks starting with 'M' or 'N', inflating daily volume figures (S 27 6:10, R 22 18)

$f Nasdaq temporarily reports incorrect pricing, down 98% (R 22 86)

Vh Minneapolis homeless burn out US West Internet fiber cables (R 17 23)

Ve Bad upgrade disconnects much of Minnesota (MR.Net/InternetMCI) for 12 hours (R 18 46,47)

h AOL Long Distance electronic (non)billing (S 23 4:22)

$(h/m?) Erroneous AOL stock charts attributed to "malfunction" (R 19 66)

Vh Star Wars Phantom Menace tchatchkis bring down eBay server on 3 May 1999; Amazon had no troubles (different system types) (R 20 38)

Ve eBay embarrassed by crash and 22-hour outage, plunge of stock (R 20 45); traced to absence of upgrade (R 20 47)

$ei MSN "upgrade" creates long-distance calling charges (S 26 4:6, R 21 32,40,54,56)

ff Swisscom Mobile GSM network breaks down for 10 hours, due to two independent software flaws (S 26 6:9-10, R 21 60)

(m/f?) Long blackout of mobile phone service in greater Frankfurt (R 22 90)

m Cingular wireless goes down in heat wave (S 26 6:10, R 21 60)

1.22 Election Problems

We have reported election problems in Software Engineering Notes and RISKS for many years. Many of these problems are summarized below. More recently, in the 2000 election, particularly in Florida, the chickens of neglect have come home to roost, exemplifying everything we have been saying all these many years - and more. Similar to the 1988 fiasco where a 210,000-ballot undervote occurred in the Senate Race in four counties run by BCR/Cronus, 19,000 votes were disqualified for the presidential race in Palm Beach County, and many more in Broward County - perhaps because of the confusion raised by the butterfly ballots. There are also some reports of the left-hand and right-hand pages being improperly aligned, so that a vote for one candidate actually counted for another candidate. Dimpled chad became important - perhaps resulting in part from blocked and never-cleaned chad trays (and there was a lot of extra chad resulting the invalidated multiple votes!). There were many irregularities involving improper voter disenfranchisement, with at least 91,000 voters being unable to vote because of a largely erroneous list of supposed convicted felons - including one election commissioner who found herself incorrectly on the list, and was apparently the only one to block use of the list in her region.

Also, see the November CACM Inside Risks articles from 1990 (PGN), 1992, 1993, 2000 (Rebecca Mercuri), and January 2001 (http://www.csl.sri.com/neumann/insiderisks.html). Numerous problems are noted in the on-line RISKS, along with various commentaries (R 21 10-14). We note that punched-card systems are inherently flaky (!), and that even optical scanning is problematic, but that direct-recording electronic systems tend to be subject to serious potentials for fraud and manipulation. Internet voting is a disaster waiting to happen in light of the inadequate security of the Internet, personal computer systems, and subvertible servers. For example, the SERVE system appears to be seriously flawed. Proposals to vote from automated teller machines (R 21 15-16) are also problematic, and basically undesirable. Election 2000 demonstrated once again that we need to reexamine the entire election process objectively, and devise less-easily subvertible checks and balances that can provide much greater assurance. Election 2002 still had vastly too many problems, many of which have not been eliminated for Election 2004.

Integrity throughout the election process is essential. And yet we repeatedly hear about unexplained anomalies (enumerated below, including the 1985 articles by David Burnham noted below) and various suspicions of fraud - some with convictions. For example, Ransom Shoup II (purveyor of the ShoupTronic election machines) was convicted of two felony counts - election fraud and conspiracy to commit election fraud. In 1996, Senator Chuck Hagel was CEO of the election company (now a part of ES&S) used by most of Nebraska in his first-term election (e.g., see Thom Hartmann, If you want to win an election, just control the voting machines, The Hill, 31 Jan 2003 - R 22 55); this may not have affected the outcome, but the early denial of the association is certainly ethically curious. In 1999, 22 people were indicted in Louisiana and 9 admitted guilt in a huge bribery/kickback election scam involving the acquisition of Sequoia voting systems.

Numerous Web sites are springing up with timely information in addition to mine and Rebecca's. For example, see David Dill's Voter Verification Newsletter and subscribe: www.VerifiedVoting.org Also, see Lynn Landes's Web site www.ecotalk.org/VotingSecurity.htm and particularly www.ecotalk.org/VotingMachineErrors.htm for considerable detail on election fraud and irregularities. Another useful site is http://www.epic.org/privacy/voting/.

If you are seriously interested in what might be needed for a high-integrity election process, and a further study of the inherent risks, see the outstanding University of Pennsylvania PhD thesis http://www.notablesoftware.com/evote.html of Rebecca Mercuri (mercuri@acm.org), Electronic Vote Tabulation Checks and Balances, 2000. What we are calling the Mercuri Method involves voter-verified paper ballot-images that become part of the official records. Useful URLs for various other relevant organizations are included at the end of that Web site. See also "Explanation of Voter-Verified Ballot Systems" (Rebecca Mercuri, S 27 6:15-16, R 22 17). See also my later comments (S 28 2:16-17) based on R 22 36 and R 22 38.

If the risks of voting concern you, including potential conflicts of interest among owners, you might find some provocative information at http://www.ecotalk.org/VotingSecurity.htm, clicking on Ownership - privatizing, monopolizing, and politicizing the voting process. You can report voting irregularities you see for posting at http://www.VoteWatch.us/.

S Role of standards (Roy Saltman)(S 18 1:17); see also (R 14 08-11) [Roy has retired from NBS/NIST, and was evidently the government person most knowledgeable about punched-card systems. He is still active.] See "Accuracy, Integrity, and Security in Computerized Vote-Tallying, Roy G. Saltman, National Bureau of Standards (now NIST) special publication, 1988, for a definitive report.

+/-? US Federal Election Commission Voting Systems Standards update: draft available (R 21 51); the final version is on the FEC Web site at http://www.fec.gov. It still fails to address some of the most important integrity issues.

..... U.S. election events, 1984 and before:

1982: Elkhart, Indiana, program failed in midstream, programmer rebooted or patched the system on the fly during the election process. (S 10 3:8); more in (S 10 4)

SH 1984: Series of articles by David Burnham in The New York Times, (29Jul, 30Jul, 4Aug, 21Aug, 23Sep, 24Sep, 18Dec 1985) documents vulnerabilities to tampering in Computer Election Systems (then the dominant electronic vendor); elections with their machines challenged in Indiana, WVirginia, and Maryland, with rigging suspected in the 1984 election in the first two states; Federal Election Commission standards inadequate; Texas also investigated numerous discrepancies, involving Business Records Corporation (which subsequently was involved in the Florida fiasco of 1988) - formerly known as Computer Election Systems; NSA asked to investigate if CES systems were open to fraud; California and Florida also investigated; Michael Shamos quoted - CES systems equipment "is a security nightmare open to tampering in a multitude of ways." The Burnham articles are a startling warning shot that was almost completely ignored. [Most lawsuits later thrown out: not guilty or lack of evidence, particularly in the absence of audit trails!].

1984: McCloskey McIntyre Congresional election in Illinois long questioned, with only a few votes making the difference depending on which were thrown out in which recount. Other problems in Dade County in 1984, West Virginia, St. Louis (S 10 3:8)

S[H?] Election frauds, lawsuits, spaghetti code, same memory locations used for multiple races simultaneously, undocumented GOTOs, COBOL ALTER verb allowing self-modifying code, calls to undocumented/unknown subroutines, bypassable audit trails (S 11 3); Report from the Computerized Voting Symposium, August 1986 (S 11 5)

h Clerical error blamed for election computer program mishap (S 11 5)

SHrf System designs, bad software engineering, standards (Eva Waskell, S 11 3)

S[H?] Alabama, Georgia election irregularities (S 12 1)

Sh Texas beefs up security of computerized voting (S 12 1)

..... 1988 U.S. election events:

SH Computers in Elections (see the excellent article by Ronnie Dugger, The New Yorker, 7 Nov 1988, and several cited reports); 1988 problems in Florida - 210,000 votes fewer for Senate race (Connie Mack vs. Buddy Mackay) than for President in 4 counties administered by Business Records Corporation, part of Cronus Industries of Dallas, Texas (The New York Times, 12 Nov 1988, S 14 1:20, R 7 78); jammed chad slots? post-election multiply punched ballots? at least one disappearing ballot box reported? other possible scenarios?

..... 1992 U.S. election events:

m Misaligned Votomatic in Berkeley caused mispunched cards (S 18 1:15)

S? Sandia helps NM develop "uncrackable" phone voting system (S 18 1:15)

hf Oregon computer error reversed election results (S 18 1:16)

hf Programming error reverses DistAtty election landslide in Oregon (S 18 1:16)

h Ventura Cty CA votes reversed on 13 state propositions (S 18 1:16)

h/H? Another voting machine misaligned, biased toward Bush (S 18 1:16)

..... 1996 U.S. election events:

+ Hanging chad removal in punch-card ballots overturns Massachusetts primary election (S 22 1:21)

? Louisiana results questioned because of evidence of misrecorded votes

Ethics? Senator Hagel of Nebraska was CEO of the company whose voting machines got him elected, and had denied the connection (R 22 55)

..... 1998 U.S. election events:

h ABC News accidentally posted test election results before the election (they were correct in 61 out of 70 Senate and Governor races!); Fox TV did a similar thing for a Yankee-Padre World Series game (R 20 05)

..... 2000 U.S. election events:

hifm(H?) U.S. and Florida Presidential race complexities discussed (S 26 2:7-9), relating to RISKS items and others (R 21.09-15) [noted at the beginning of the section]. Sanity in the Election Process (Lauren Weinstein and PGN, R 21 12). Statement by Don Dillman on Palm Beach ballot layout (R 21 12). The early recount process showed many irregularities (R 21 12). Perspective from PGN (R 21 13) reminds us of many earlier warnings from 1985 (David Burnham) and 1988 (Ronnie Dugger, who quoted Willis Ware: "There is probably a Chernobyl or a Three Mile Island waiting to happen in some election, just as a Richter 8 earthquake is waiting to happen in California.") (R 21 13). Discussions on Internet and electronic voting by PGN, Rebecca Mercuri, and Lauren Weinstein (R 21 14), and others (R 21 13-14). Criteria for voting systems (Rebecca Mercuri's PhD thesis, http://www.notablesoftware.com), also Fred Cohen (R 21 15-16). Testimony of Doug Jones before U.S. Civil Rights Commission (R 21 20). DUMvoting 1.0, Gene N. Haldeman's parody on Dell/Unisys/Microsoft consortium (R 21 20). Later study by Doug Jones shows certain specific slots were more likely to jam and result in pregnant chad in Votomatic machines used in Florida (S 27 1:17, R 21 70-71), which could be relevant to the 1988 Florida Senate race as well. (See Mack/Mackay election, noted above.) Discussion of the Caltech/MIT report and what Los Angeles County is doing about it in attempting to upgrade to all-electronic systems (S 27 1:17, R 21 70)

h Exit polls blamed for misleading results in disputed Florida counties, although those polls seemingly correctly reflected the intent of voters whose ballots were invalid! (R 21 11, S 26 1:17)

f(h or H?) Florida election erroneous disenfranchisement of thousands of voters also traced to bogus Choicepoint data; Choicepoint blames its data aggregator, DBT (R 21 42)

fmhH 4 to 6 million votes uncounted in 2000 U.S. election (S 26 6:15, R 21 51)

Sfh Broward County FL officials consider letting students hack election systems, but later overruled (S 26 6:15, R 21 61)

fe New voting protocol and new ballot tally system in Cochise County AZ special election resulted in miscounting (R 21 07; S 26 1:21)

S Vote auction Web site moves overseas after being outlawed (R 21 11, S 26 1:18)

..... Other year 2000 items:

fS? Contribution from Douglas W. Jones, Chair of Iowa State Board of Examiners for Voting Machines and Electronic Voting Systems (S 26 1:15-16, R 21 10). This updates his earlier report on risks in electronic voting in Iowa (R 18 15).

dfeiSPHh NSF workshop on feasibility of e-voting, commentary by Avi Rubin and others (S 26 1:16-17, R 21 10-11)

Sf House Science Committee hearings on electronic and other voting systems, 22 May 2001: testimony by Stephen Ansolabehere, Rebecca Mercuri, Roy Saltman, Douglas Jones (R 21 44)

SP Risks of receipts for voting machines (R 21 23); potential risks in "open" development of voter data standards (R 21 33)

fHh Discussion of the use of ATMs for voting (R 21 15-16)

f$ Also in 2000, Pennsylvania county wins $1M for faulty MicroVote computer voting machines (R 21 10)

SHA Minnesota election fraud accused in e-mail sent by Christine Gunhus (using a Hotmail alias) disparaging her husband Senator Rod Gram's opponent; identity revealed by X-Originating-IP: header sent from a campaign computer, and by GUIDs included in Word documents! (But Gram lost.) (R 21 50)

Shmf New Mexico: at least 678 votes lost in 2000 early voting, greater than the presidential margin (R 23 50, correction R 23 51);

..... 2001 U.S. election events:

f Programming error scrambles San Bernadino election results (S 27 1:15, R 21 74)

VSm Implications of power outage during Nov 2001 Pennsylvania election (R 21 80)

m Mercer County NJ voting problems 2001 due to Anthrax scare delaying Internet voting info (S 27 1:16, R 21 74)

h Election problems before the election in Virginia result from 2000 census redistricting; electronic rolls lost 18,000 voters (S 27 1:17, R 21 74)

@hP Erroneous law-enforcement data from Choicepoint: Privacy Foundation's Richard Smith discovered he had been dead since 1976, and had aliases with Texas convicts; Chicago woman misidentified as shoplifter and drug dealer, and fired. (Florida election erroneous disenfranchisement of thousands of voters also traced to bogus Choicepoint data; Choicepoint blames its data aggregator, DBT.) (R 21 42)

..... 2002 U.S. election events:

h Compton California Mayoral election screwup from lack of randomization of candidate ordering (S 27 3:16, R 21 91)

SP Miami-Dade OKs touchscreen voting for Nov 2002 (S 27 3:16-17, R 21 90,92,93)

SAf Palm Beach's new electronic voting machines have problems (S 27 6:15, R 22 16) and more on lack of accountability (S 27 6:16, R 22 17)

fmiSP(HI?) Florida Primary 2002 problems: touchscreen machines not working, showing the wrong candidate, or nonworking authorization cards; some huge voter delays, Governor authorized two-hour extensions although some already shut-down machines could not be restarted; lame testing; purchase contract makes it a felony violation if any devices provided for internal examination; serious reliability problems reported in Georgia and Maryland; comments from the Georgia Secretary of State (R 22 25); comments from Mercuri on MIT/Caltech press release (R 22 26);

fmiSP(HI?) U.S. general election 2002: Glitches widely reported in FL, TX, AL, NV, GA, CA, SC, NE, NJ; Voter News Service outage (R 22 38); iVotronic machines lose 294 votes in Wake County NC (R 22 33); 2-3 hour waits in Florida early voting result from voter anticipation of election day problems! (R 22 34); factual errors reported in CNN article, particularly regarding use of old FEC standards, not new, and still voluntary; other errors (R 22 36); in FL Palm Beach and Broward counties and Georgia, voters found touch-screen machines that showed votes for untouched candidates; Broward programming error omitted 34,000 votes; 70,000 absentee and Spanish-language ballots missing from turnout but (supposedly) included in counts; Houston voters in 5 precincts had straight-party votes rejected; half of the Pulaski County AK had not been assigned precincts after redistricting, were not allowed to vote; NE long-shot candidate was given a premarked ballot for his opponent (R 22 36); more on exit polls (R 22 35,37); Broward County vote total short by 104,000 votes (R 22 36-37); 67 memory cards misplaced in Georgia, representing 2,180 ballots (R 22 37); "The right to have the vote counted is infringed, and we have lost the integrity of our voting system, when the ease with which ballots can be manipulated is greater than the ease with which the manipulation can be detected." (Kevin Craig, 2000) www.electionguardians.org (R 22 37); chip glitch hands victory to wrong candidate in Nebraska (R 22 38); Voters can report election irregularities at VoteWatch.us (R 22 38); problem in White Plains NY with sticking lever machine (R 22 44); vote only by mail in Oregon (R 22 35)

Sm?f?H? 2002 unofficial election results in Alabama reversed, cause still unexplained: electronic results wrong, hardcopy results correct (R 22 60-61, S 28 3:10)

fiSP(HI?) Columns by Lynn Landes on questionable ownership of voting machine companies (felons, etc.), also citing VoteScam, 1992 book by James and Kenneth Collier; interactive modems capable of controlling voting machines in real-time (R 22 25,37-38); ideal voting systems? (R 22 34); further discussion of the Mercuri Method, alternatives, and butterfly ballots again, and other discussions (R 22 27-31,38)

SHPfi Boston gets Diebold AccuVote marked-paper reader systems, seemingly lacking in assurance of correct tabulation (but at least recounts by independent systems are possible - if requested) (R 22 39)

SH? Diebold AccuVote system integrity questioned in Georgia because of the use of an unprotected FTP site for storing election software, election results files, upgrade files, etc. (for example, see The Register, 8 Feb 2003; surprising Max Cleland defeat linked?

SPH Powervote electronic vote machines open to tampering: bogus ballot face (R 22 44)

*m Explosion of nickel-cadmium batteries used in electronic voting (R 22 28)

Sf Panel reports DoD SERVE System fatally flawed; bureaucrats in denial (R 23 14-15)

SHf How to Hack an Election; Maryland (R 23 17); Physical security of voting machines (R 23 20); blank page anomaly (R 23 24)

SH Online poll rigging (R 23 13)

S+/- Avi Rubin's experiences as an election judge: http://www.avirubin.com/judge.html (R 23 25)

S(Denial of Service!) Many new e-voting machines won't boot in San Diego County (California) primary election (R 23 25)

fh Lost e-votes could flip Napa County race: Sequoia Optech optical scanner failed to record votes, detected by random 1% recount (R 23 27)

m Many California voters turned away in Alameda and San Diego Counties in 2004 primary; Diebold DRE authorization machines failed, supply of paper ballots ran out; 200 calls for help from poll workers (R 23 27)

..... 2003 U.S. election events:

SH Chief of Diebold voting machine company writes Republicans in fund-raiser he is "committed to helping Ohio deliver its electoral votes to the President next year." (R 22 89, S 28 6:11)

SH "According to election industry officials, electronic voting systems are absolutely secure, because they are protected by passwords and tamperproof audit logs. But the passwords can easily be bypassed, and in fact the audit logs can be altered. Worse, the votes can be changed without anyone knowing, even the County Election Supervisor who runs the election system." (R 22 83)

fS(H?) Avi Rubin et al. analyze serious flaws in Diebold electronic voting systems (R 22 82)

mh Voting tech problems galore in Mississippi: locked precincts, machine malfunctions, erroneous ballots, voters given wrong ballots (R 22 83)

f?m?SH? (who knows?) NYCity: Blank ovals sensed as votes, legitimate votes disqualified as overvotes (R 22 75)

H? UC Riverside student arrested for allegedly derailing student election, casting 800 votes for a fabricated candidate (R 22 78)

f?m?SH? Boone County Indiana's MicroVote election software returned about 144,000 votes with only 19,000 registered voters; final review counted 5,352 votes (R 23 03)

f More voting snafus in Palm Beach and Broward Counties: Florida House District 91, 6Jan2004, winner Ellyn Bogdanoff by only 12 votes over Oliver Parker, out of 10,844 cast ballots, with 137 supposedly blank ballots in the only item in a special election; no mandated recount possible with ES&S touch-screen voting (R 23 12)

m?f? Report of Diebold voting machines in Volusia County FL registering -16,022 votes! (R 22 93,94)

Sie Data transfer Excel-COBOL loses voter data in 2003 Greenville Mississippi election (R 22 95)

hi$ Grant Parish, Louisiana, election results reversed by doubled absentee counts; new election to be held (R 23 02)

SH Hackers break in to VoteHere (which claims "best-of-breed security") (R 23 12)

ei Pleasanton CA school board election displays instructions for the previous election (R 23 01)

SHfe At least eight Fairfax County VA WinVote machines failed, seals were broken, and machines fixed (!) for reuse (R 23 01,02); more problems in Fairfax CO: WinVote machines subtract one in each hundred votes for a particular candidate (R 23 02)

S(m/f/H) Analysis of California recall data confirms doubts about voting systems (R 22 94-96)

Se California halts e-vote certification of Diebold machines after uncertified software installed in Alameda County CA (R 23 01,03); also, outsiders could make changes to vote-counting software (R 23 03); Diebold machines in 17 California counties had not been state-certified, three had not been Federally certified; changes after certification commonplace! (R 23 07); At least FIVE convicted felons among Diebold voting subsidiary employees (R 23 07)

SHhfme California Secretary of State requires voter-verified paper audit trail by 2006 (R 22 04)

Smf$ Broward County FL considers dumping $17 million in touch voting machines or retrofitting voter-verified audit trails, after serious errors (R 22 93)

SHfm Avante Vote-Trakker voter-verified ballot printout mechanisms disabled by registrar when discrepancy occurred (R 23 03); What if DRE and paper trail disagree? DISABLE the system immediately (R 23 06)

SHfm Congressional Research Service report raises more questions about electronic voting machines (R 23 03)

S$ Nevada to apply slot-machine security to e-voting hardware? (R 23 06)

SH(I/O) Another case of electronic vote-tampering? IEEE standards process broken (R 22 92); unsecure wireless communications would satisfy draft IEEE standards (R 23 02)

SP Sensitive voter information publicly up for grabs (R 23 07,09,10)

Hm Mechanical voting machines also risky (R 23 03); Why not just mark a piece of paper? Much of the rest of the world does. (R 23 06-08,10-12)

SHf VoteHere reports computer break-in (R 23 10)

+/- Essay on social aspects of electronic voting (R 23 10)

..... 2004 U.S. election events:

$f California bans Diebold e-vote machines (R 23 35)

$fh Republicans walk out on Federal civil rights hearing on voting machines (R 23 32)

SPhie Florida's list of felons ineligible to vote in 2004 is still full of eligible voters (R 23 44)

Sfd eVoting standards and testing (R 23 40)

Sfi Washington State primary irregularities (R 23 53)

SHVfmie Some thoughts on the November 2004 U.S. election process: almost everything in the election process was a potential weak link. (S 30 1:15-17) Numerous anomalies were reported: Palm Beach County logged 88,000 more votes than voters; A Franklin County Ohio machine error gave Bush 3,893 extra votes; Broward County FL balloting for Amendment 4, software counted backwards after reaching 2¹⁵ - 1, in signed 16-bit field, in tabulating absentee ballots; numerous reports of screens "jumping" votes from Kerry to Bush; many cases of long lines and long waits only in certain politically skewed precincts, legitimate voters who were disenfranchised, special optical scan pens that were not capable of being tallied, and so on. Many other problems include weak standards and secret system evalutions, partisan oversight, inadequate funding for NIST and Election Assistance Commission, poor training, dirty tricks (S 30 1, elaborating on R 23 58,59); Better standards needed for elections (R 23 59; S 30 1; more in R 23 61)

rfmhiSHPV etc. More on election standards, voting anomalies, and the electoral process (R 23 61,62)

f Preferential voting software breaks down in San Francisco (R 23 58-59; S 30 1:17)

SHPhi Perils of database matching on voter purges (R 23 45; S 30 1:17-18)

SPHhmf, etc. Rebecca Mercuri's challenge at Black Hat Convention (R 23 47); The Mr Micawber Syndrome relating to incidents (R 23 47); Al Kolwicz evicted for submitting real accuracy/logic tests in Boulder County (R 23 48); Obion County Tennessee vote counting problems, failing to count early votes (R 23 49); Sequoia's new paper audit-trail system demo failed to record test votes cast by California State Senators (R 23 50); that Sequoia system used in Nevada in 2004 (R 23 52,53); Maryland rules against opponents of e-voting machines (R 23 53); Robert Heinlein scenario in "The Moon is a Harsh Mistress" (1966): computerized voting with no audit trail or ability to recount (R 23 53) Touchscreen voting spawns glitches (R 23 58)

SHA Ohio: Columbus Ohio voters report fake elections board calls as election 2004 neared (R 23 57); Thieves steal campaign computers with sensitive information in Toledo (R 23 57);

SHf Diebold GEMS central tabulator contains a stunning security hole: two-digit code alters results; this is a real doozer (R 23 52)

SPfff (you-gotta-be-kidding department) Missouri military absentees in 2004 could have absentee ballots scanned, sent by unencrypted e-mail to Omega Technologies (partisan "trusted third party"), which then faxes the printed version to the appropriate precinct! Signed waivers of your privacy rights required. (R 23 52)

S+ California Secretary of State Kevin Shelley (who mandated voter-verified paper trail by 2006) established more stringent requirements for touch-screen machines (R 23 45); Gov. Schwarzenegger signs California paper trail bill into law (R 23 55)

SHhmf etc. Lost records of 2002 Florida vote raise 2004 concern (R 23 46); Alabama 2003, ES&S machines reversed the governor's race, not detected until long afterward! Bev Harris records 51 cases in which voting machines recorded the wrong outcomes, including Wayne County NC (reversed in time); 100% error in Orange County in 1998 bond issue (yes/no reversed) (R 23 51; more on Bev Harris's crusade, R 23 45 [her predictions were fairly prescient])

SHf Multiple security vulnerabilities in Diebold Optical Scan 1.94w used to tally 25M votes in 2004 (R 23 94-95; S 30 4:27-28)

..... 2005 U.S. election events:

SH Ballots "enhanced" by L.A. City Clerk (R 23 79; S 30 3:37)

mfhH? Seven voting machines under scrutiny in Wayne County PA; 211 votes counted with 163 cast (R 23 90; S 30 4:27)

..... Other election items in the U.S.:

Sfde Voting machine engineer sues, alleges machine design flaws (Bev Harris via Susan Marie Weber, R 22 59, S 28 3:10)

S(H?) Senator Frist's on-line poll on Iraq removed, claiming tampering (R 22 62, S 28 3:10-11)

Sfm Electronic voting: computer reliability aspects (R 23 11)

h Missouri legal decision questions automatic ballot counting (S 13 2)

m Computer miscounts StarWars (Strategic Defense Initiative) vote in the House of Representatives (358 ayes & 237 nays, which adds up to much more than 435!!!) (S 13 3)

Electronic voting on CAFTA in the U.S. House: decisive pledged no vote not recorded because Congressman's "electronic voting card failed." (R 23 96; S 30 4:28)

*h Computer data-entry error in vote tallying (2828, not 28) (S 13 4)

f/h? 8 Durham NC precincts had correct totals counted twice (S 15 1)

f/h? Virginia governor's race also had totals counted twice (S 15 1)

h Undeleted leftover test data reverses Yonkers NY election results (S 15 1:12)

rf Manual districts required live fudging of Michigan election system (S 15 1)

f Another experience with voting machines in Fairfax County VA (S 15 1)

SHAO Absentee ballot fraud detected in Colorado since 1984 (S 18 1:18); 11 indicted in Costella Cty CO; 2536 voters with pop. 2278 (R 15 41)

fh Other risks in unaccountable computerized elections (S 19 1:6)

m CMU elections suspended because roster database system was down (S 19 2:8)

SH Cat registered as voter to show risks (no pawtograph required) (S 20 1:16)

m Static electricity affects ballot counting (S 22 1:18)

VSH San Jose State voting computer crashes, "fixed". (S 18 1:18)

$f NY City electronic voting machines still unaccepted after spending $20M (R 19 06) (Note: 1940s lever machines still in use in 2000 election!)

+? A little humor: use of "fixed" vs "repaired" (S 18 1:18)

m Computer disk crash gives ballots with 2 candidates omitted (S 20 1:17)

hfm 1995 San Francisco elections (S 21 2:19)

mfie Problems in Montgomery County election, 7 Nov 1995: anti-moisture spray effects, delays, bad operator initialization, phantom votes (R 17 50,56)

h Risks of global editing in voting context: name `Pollack' changed to `Turnoutack' (S 14 5)

Sm A. Appel and S. Govindavajhala, "Using Memory Errors to Attack a Virtual Machine, it IEEE Symposium on Security and Privacy, 2003. (R 23 48) [Not specific to voting systems, but relevant!]

..... Internet and remote voting:

Internet voting systems are potentially even riskier than electronic voting systems, especially if you (and everyone else) can vote from anywhere in the world on a PC with inadequate security using code that you have downloaded from some supposedly trustworthy site on the Internet. The California Commission studying Internet voting suggested that the risks were too high for such a balloting method to be used, although it considered using such a scheme under carefully controlled physical surroundings. See http://www.pfir.org/statements/2000-02 for a discussion by Lauren Weinstein of risks in Internet voting, and later by PGN, Rebecca Mercuri, and Lauren Weinstein (S 26 2:, R 21 14), and others (R 21 13-14).

SPf More on risks in Internet voting: NSF report (R 21 28-30,32,34)

rSH Garciaparricide in 1999 All-Star balloting? 25,259 on-line votes cast by a Perl devotee; 22-vote max detected: same e-mail address; needed IP spoofing (R 20 47-48)

SAOf Vote early, vote often for your favorite California quarter design - via the Internet (R 22 49)

SP 2000 Arizona Democratic primary allows Internet voting (R 20 83) and more people voted that way than all votes in the 1996 election. Needs for privacy and anonymity difficult to meet (R 20 84); crypto for voting (R 20 85);

fSH Problems with Australian ABC TV show online voting scores (R 21 06; S 26 1:33)

f? College election.com online voting glitch (R 21 28)

SH Large-scale fraud in Dutch election choosing new name for merged towns of Leidschendam and Voorburg (S 27 1:16, R 21 70)

SPH E-voting and international law (S 27 2:11-12, R 21 81)

SH 1998 People Magazine Most Beautiful People poll winner Hank the Angry Drunken Dwarf! 1998 Kesmai employees instructed to vote early vote often for Kesmai game award (S 27 3:18, R 21 90)

SH Microsoft "astroturf" campaign stuffing an e-ballot box (S 27 2:12, R 21 87)

SH Vivendi suspects electronic vote fraud (S 27 3:18, R 22 05)

SP UK tries remote voting in Liverpool and Sheffield in May 2002, using SMS (R 21 90, R 22 03,05); Web voting in Wybunbury and Maw Green (R 22 04)

Sf Internet voting: in the Netherlands (R 23 48,55); in Canada (R 23 53); in Switzerland (R 23 55); Internet voting contrasted with voter-verified paper audit trails (R 23 55); "Internet voting should not be considered secure until the electoral authorities are confident enough to give immunity from prosecution to anyone hacking the election, and to offer a substantial prize for anyone who can produce evidence that they have attacked it successfully." Martyn Thomas (R 23 56; comments 58,59)

..... Other Election Problems:

f Quebec election prediction bug: wrong pick [1981] (S 10 2 pp 25-26, 11 2)

fh Votes and candidates misaligned in Calgary 2001 election through misalphabetization of d'Arras as Arras (S 27 1:16, R 21 70) mH? Philippines election power failure affected only the area of the computer center; on reboot, the computer immediately declared the underdog to be the winner (S 10 3:8, The Washington Post 10 Jun 1985)

$f Votes lost in Toronto (S 14 1, 14 5); Toronto district finally abandons computerized voting; year-old race still unresolved (S 15 2)

SHm SQL Slammer DDoS attack disrupted the 25 Jan 2003 NDP leadership convention voting in Toronto (election.com) (R 22 59)

hfi Alberta vote-by-phone fiasco (S 20 2:8)

h 6000 moved Australian voters lost from computer election rolls (S 14 6)

h Read-ahead synchronization glitch and/or eager operator causes large data entry error, giving wrong winner in Rome Italy city election (S 15 1)

fm DB and WWW on one machine mess up 2001 Australian Capital Territory election (S 27 1:15, R 21 71-72); see earlier anticipation (R 21 67)

fh Risks with automated counting of preferential ballots in 2001 Australian Senate elections (S 27 1:15-16, R 21 77)

f/h/H? Computer error in Cape Town election affects results (R 18 17)

f German parliament election: program rounds up Greens' 4.97%, but 5% needed to count; corrected error gives Social Democrats one-seat majority (S 17 3)

h Wrong result in German Bundestag elections due to FAX of double-sided results pages (R 20 04)

f Swedish election results delayed by computer errors, 140% returns (S 17 1)

$h Mis-set parameter invalidates Oslo parliamentary election (S 19 1:5)

SH Election fraud in the UK? (R 21 50,51)

S? Tampering blamed for lost Peruvian candidacy signatures (S 20 1:18)

SH Electronic ballots eschewed in India due to rigging fears (S 16 3)

+? Church of England has certified software for its elections (S 17 1)

fSAP New Zealand electoral Web site for registering and updating; authentication consists of full name and date of birth! (R 21 41,44)

SAfe Electronic voting systems: more on system integrity and accountability (R 22 66); New South Wales forced to hand-count poll result after inadequately tested computer upgrade (R 22 69); crash of Will County, Illinois, Web site for tallying and publishing election results after being deluged with bogus requests (R 22 69)

Sfi Bulgarian parliament e-voting authentication based on member's weight (S 27 2:12, R 21 88-89)

SP Electronic voting in Ireland in spring 2002 (S 27 3:16, R 21 93)

Sf Irish Labour Party urges suspension of e-voting until flaws addressed (R 23 01)

Sf Ireland scraps electronic voting plans (R 23 35) and The Netherlands accepts the same technology despite secret evaluation (R 23 39)

S Injured technician's inability to provide the password delays vote count in Mali (S 27 3:18, R 22 05)

SHf Olympics' ice skating judging rigging leads to strange proposal for nonaudited electronic randomized voting scheme! (S 27 3:18, S 21 92)

m Mice chew up paper ballots in Bangkok election (S 27 3:18, R 21 98)

h How to rig an election by clever redistricting (R 22 05)

hi Brazilian computer blocked twins, like-named siblings from voting (S 12 1) (This problem may still have existed in 1994, unless new report was old.) (R 16 45)

fe Voting machine inflexibility causes postponement of Brazil's standard time cutover from daylight time because law requires 8 to 5 voting (R 22 33); Brazil modified 3% of their machines to use the Mercuri Method (R 22 24) - see article in November 2002 IEEE Spectrum.

SP Nigerians to use fingerprint scanning technology in elections; lower-level officials hoard registration forms (R 22 30)

SP(+/-) UK publishes security requirements for e-voting (Cuddy and Mercuri response, R 22 40)

SH BBC Website article on risks with e-voting: Yet every time we get to look inside a piece of software or a security system that has been developed in secret, and built on the top of a compromise between acceptable levels of risk and the cost of doing it properly, we find holes and errors. (R 22 83)

SHf Phantom voting in Israeli Knesset; no security (R 22 76,79)

SP+ The shape of elections to come in England: paper ballots continue, electronic voting considered (R 22 95)

SHPhfi Secret-ballot e-voting in Tel Aviv University (R 23 11)

Sf Calgary Online student election; software flaws mix up voters, block some from voting (R 23 29)

SM Cosmic ray blamed for failure of 2003 Belgian voting system adding extra 4,100 votes! (R 23 46, with discussion R 23 47)

S+/- Electronic voting in Canada: intelligent report on Access, Integrity, and Participation (R 23 53)

S+ Voter-verified e-voting in Venezuelan election deemed sound (R 23 52)

SH Election candidates' Web pages hacked during Finnish election (R 23 58)

..... Related technology problems

@+? Use of `unpredictable auditable random numbers' in casino/gaming systems, possibly relevant in elections? (R 22 57)

@S? New cell phones well suited to wireless gambling (resembling the voting machine situation?)! (R 22 55)

h? Counting error on SMS poll evicts wrong contestant from 'Big Brother'; caught in audit! (R 23 46)

1.23 Insurance Frauds

$SH Possible fraud on reinsurance - message time stamp faked??? (S 10 5)

$H N-step reinsurance cycle; software checked for N=1 and 2 only (S 10 5)

1.24 Security Problems

in computers and communications: Penetrations, Trojan Horses, Viruses, Time-bombs, Scams, Blackmail, and Other Problems:

..... Recent yet-to-be-merged security items:

***** Apologies. I am way behind in coping with the pervasive occurence of these cases and trying to distribute them sensibly within the subtopics. PGN

SH UK Sunday Business reported intruders seized control of a British military satellite, and demanded blackmail (R 20 23)

Sf Security flaw with frames in browsers (R 20 09); risk of coopted back - not just in JavaScript (R 20 11-12)

SAO 3Com security advisory admits to undocumented backdoor for CoreBuilder and SuperStack II switches (R 20 07)

Sf Seeming SecurID flaw granting root access on login (R 20 10) actually NIS client code flaw (R 20 11)

fS Excel 4.0 and Excel 98 mixes up hard disk and floppy, with nasty potential consquences (R 20 08); Excel messes up large numbers (R 20 14)

Sf Internet Explorer 4.01 Son of Curatango cut-and-paste flaw (R 20 09)

Sf NT server worm attacks 10 MCI Worldcom networks (R 20 13)

S Win98 Trojan Horse in installation of Java/Y2K upgrade (R 20 13)

SAO PalmPilots can scan remote-control infrared codes (R 20 10,13); risks of RF garage-door openers, infrared alarm systems, etc. (R 20 13)

SM Auctioning of frequency spectrum undermines Pentagon's ability to counter interference risks on cruise missiles (AW&ST item) (R 20 07)

SM Sweden recommends banning mobile telephones on ships; Norwegian man consistently caused ship rudder to swing despite vessel on autopilot (R 20 08)

SM Security risks of laptops in airline cockpits (R 20 12)

SH Risks of Internet vote rigging: BBC Sports Personality of the Year (R 20 11)

SH Rhode Islander sentenced for intentional damage and unauthorized access (R 20 23)

M Man's cell phone interferes with all traffic in GTE Wireless tower (R 20 18)

S Viruses spread in Sea Launch documents (R 20 16)

VSH Smurf denial-of-service attack on Ozemail ISP (R 20 16)

SH Unsuccessful cracker takes it out on challenge creator (R 20 19-20)

$SHO German bank being blackmailed by putative cracker (R 19 56)

- High-school student expelled for writing article on hacking (R 19 56)

SH Ransom note on Yahoo demands freeing Kevin Mitnick (R 19 50)

S(not-H?) Matthew Bevan (a.k.a. Kuji) cleared of unauthorized access charges; also reference to GAO report on Rome Lab breakins (R 19 48)

$S Wells Fargo issues ATM/Check cards, which are actually debit cards; analysis by Lauren Weinstein (R 19 49)

Sf Security vulnerabilities in Common Desktop Environment (CDE): faulty argument check (R 19 57)

Sf Potential risks associated with Mobil Speedpass at gas pumps: replay attacks with RF and no PIN in TI's TIRIS (R 19 52)

SHm 4-watt GPS/Glonass jammer from Russian Aviaconversia (R 19 54)

*M? Australian air-safety report gives 30 cases of possible in-flight electronic interference (R 19 55)

+ Lufthansa combats mobile phone risk with detector (R 19 48)

Si Risks of new Motorola car-control-via-pager system (R 19 50)

+ Discussion of IEEE/ACM Code of Ethics (R 19 57)

$H Oregon DMV lost $15K photo licensing equipment (R 19 16)

m Report that "hackers get into Ramsay case computer" (R 19 23) is false; it was a dead CMOS battery!! (R 19 24)

Sfi Security flaw in Rogers Cablesystems Wave gives access to other users' data (R 19 43)

m Mobile-phone electromagnetic radiation causes short-term memory loss; related to talkers' road accidents? (R 19 39)

S PBS and TV "Barney & Friends" signal to activate interactive Barney doll via Microsoft ActiMates set-top box (R 19 39)

? Satanic Risks with GPS in every mobile phone? Comments on Lucent, Limbo, Styx, 666 5th Ave. in NY, from the Fortean Times (R 19 51)

- Computer system implicated in need for death-penalty review (R 19 29)

S Discussion of leaked report on Mondex security flaws (R 19 38)

- Gerber net hoax (R 19 43)

S+$ "Crack a Mac" contest server cracked; winners get 100,000 Swedish kronor each (R 19 31)

? Encoded circuit board missing from Chinese rocket (R 19 84) Chinese suspected of extracting it, later report it must have burned up on reentry

H? Three alleged Quebec hackers accused of posting bomb recipes (R 19 81)

SHO Department of Energy discovers security vulnerabilities, with 1400 Internet systems having classified or sensitive information (R 19 81)

SHO German phone-cards cracked by Dutch crackers (R 19 77)

ShHOA Dutch ISP WorldOnline security failures (R 19 85)

SHOA CzERT group of hackers ravage Czech & Slovak cyberspace (R 19 77-78)

Sfi Excite referer-log security hole (R 19 78-79, 19 90)

SH/h/f/etc. Discussion of defining the line between hacking and Web surfing, by Eli Goldberg (R 19 84-85)

SP Burglars foiled by cordless-phone interception (R 19 80)

S SPA/BSA report: computer industry lost $11.4 billion in piracy.

*VM Electromagnetic interference on defense systems such as Patriot, Predator, radars, telephones, etc. (S 24 1:34, R 20 04)

M Sensormatic Ultra-Max shoplifting gate in bookstore interfered with 72-year-old man's defibrillator (R 20 05)

SH Malaysian unrest; broadcasters' reports censored; satellite communications intercepted and blacked out (R 20 01)

SH Irish gang physically takes out telephone exchange (R 20 01)

fS JavaScript flaw in Netscape allows reading of other caches (R 20 02)

Sf Cult of the Dead Cow Windows 95/98 BackOrifice Backdoor (R 19 90)

Sf NT security flaw allows impersonation of admins (R 19 90); further discussion on the old days, C2 certification, etc. (R 19 95-96, 20 01-02)

Sf Windows NT 5.0 reportedly about 48M lines of source code (R 19 90)

SHAO AOL-official masquerader changes aol.com domain-name entry, takes AOL off the Net (R 20 04)

SHO Computer consultant-hacker investigated for using 2,585 computers and 10.63 computer-years in prime-number search; detected by US West intrusion response team (R 19 97)

SHf Small credit unions easy targets for debit-card fraud (R 19 93)

Sf BankBoston and USTrust ATM teller machines truncate PINs to four digits! (R 19 89)

SH Custom alarm decoders break electronic car systems quickly (R 19 93)

ffffSH Frequent security break-ins at the Pentagon (R 20 24)

Sh Sweep detects 31 secret files in former CIA Director John Deutch's PC (R 20 30)

SH JavaScript eBayla virus infects eBay auction (R 20 32-33)

SH Fake Swedish ATM front panel copies cards and PINs (R 20 31)

$H 13-year-old makes $3M in bids on eBay auctions, wins a few and messes up others (R 20 35)

SH Military-strength version of Windows NT certification problems: NT 3.5 is C2 (when standalone), NT 4 is not certified for the networked use NATO uses it for (R 20 36)

Sf Woody's Office Watch reports virus-infected documents on MS Web site. (R 20 34)

S Shamir's TWINKLE machine could increase speed of factoring by 3 to 4 orders of magnitude, threatening 512-bit public-key crypto keys (R 20 38)

Sf False virus detection: searching for Melissa (R 20 40); HotMail and the happy99.exe infection; Virus Scan misses it (R 20 40)

Sfff Discussion by Bruce Schneier on Why Computers are Not Secure (S 25 2:18, R 20 67,69)

Sf GSM cell-phone encryption cracked by Birykof and Shamir (R 20 67,69) See http://www.crypto.com/papers/others/a5.ps

SHf Pirate broadcasters overtake Radio Data System (R 20 74)

Sf BlackICE Defender security product opens up gaping flaw (R 20 64)

$Sf U.K. bank (Halifax) suspends on-line share trading over security flaw enabling you to trade for others (R 20 66)

$SH Hacker redirected browsers from Staples to Office Depot (R 20 66)

SH "Anonymous" Hotmail e-mail threat traced to AOL user (R 20 66)

Sf Defective crypto in Netscape e-mail password saver (R 20 68,70,74)

S Netscape mail confounds two accounts for one user (R 20 70)

Sf Installing IE 5.0 changes the OS topology! (R 20 66)

Sf No bounds checking in Microsoft RTF controls (R 20 66, 68-69)

Sf Mini-Zip virus (R 20 66)

SH Canadian debit-card fraud: doctored swipe readers transmit mag stripe info and PIN (R 20 69)

$S Sanity.com allows CD orders without payment, in attempt to avoid credit-card risk (R 20 68)

P Sanity.com violates its own privacy policy by divulging e-mail addresses (R 20 71)

Sf Further CERT Advisories 99-15,16 on buffer overflows (R 20 69)

SHV Dell loses five days' production time in Ireland to FunLove Virus (R 20 66)

$SA Automated money laundering: counterfeit Japanese 500-yen coins made from Korean coins worth about 50 yen accepted by coin machines; coin return yields a genuine coin! (R 20 67-68)

Si Risks in MS Outlook 98: sensitive attachments missent (R 20 67); trying to delete e-mail: embedded html executes OpenWindow to remote site (e.g., porn, which is logged) (R 20 69)

SH Various risks of Conducent/TimeSink ads in software (R 20 65)

*Sfi ATM user trapped for 9 hours by automatic 9pm lock, with no escape (R 20 66)

SH$ Salary payment diskettes intercepted and manipulated (R 20 54)

VS* If payments are delinquent, car might not start, or could stop while running (R 20 54)

SHA Web users "page-jacked" by pornographers (R 20 60)

SHA "United Loan Gunmen" attack on NASDAQ, AMEX, previously C-Span, ABC, Matt Drudge sites (R 20 58)

h Stray faxes for U.S. Embassy go to Auckland NZ chicken farmer (R 20 56)

SHA Author of false e-mail arrested for starting panic (R 20 47-48)

SHAO Yet another ATM scam: Trojan-horsed keyboard (R 20 46)

S New ICQ Trojan as JPEG (R 20 57)

Sf Hotmail Trojan horse captures passwords (R 20 57)

Sf Race condition flaw in Microsoft JVM / Java library with IE4 and IE5 (R 20 55); further flaw in MS bytecode verifier (R 20 62)

Sf Microsoft "fixes" the macro virus vulnerability in MS Office (R 20 42); also problems in Word 97 (R 20 57,59)

Sf*$ Vulnerability in Windows SSL server and common browsers: private key with exponent 1 (R 20 41)

Sff ActiveX security problems in IE (R 20 44), in Windows 98 (R 20 50-51); Richard M. Smith's test page for dangerous ActiveX controls, recommendation to turn off ActiveX in IE5 (R 20 56)
http://www.tiac.net/users/smiths/acctroj/axcheck.htm

Sf More risks of Internet Explorer 5 (R 20 54); more flaws in Internet Explorer 5.0 interactions with ActiveX (R 20 61) plus further flaw in MS Java VM (R 20 62)

Srf Security vulnerability in Netscape: <title> of bookmarked page is executed! (R 20 42)

SHf Allaire/ColdFusion firewall vulnerabilities (R 20 43)

SHOA Hackers breach Firewall-1 (R 21 02; S 26 1:29)

Sf Critical Path has serious security hole affecting many including NSI (R 20 59)

S Security flaw in Texas Hold 'em Poker program (R 20 56)

S Auto-Fix feature for Dell PCs opens up security hole (R 20 55)

SH$ eBay scam results from last-minute withdrawal of ridiculously high bid (R 20 51)

S-ethics Clinton's Executive Order on Unlawful Conduct on the Internet (R 20 53)

Sm,h,rf Maldesigned Baltimore computer system CCMS slows Pentagon background checks (R 20 46)

? Supreme Court upholds CDA barring indecent speech online (R 20 45)

ShA DoD password management policies questioned (R 20 50)

SA Security risks in "Treasury Direct" (R 20 50)

SH Microsoft employee apparently posted aliased message falsely blaming AOL for a security flaw (R 20 54)

SHf London Underground sequence rollover: certain 2-year-old Travelcards work again! (R 20 48)

SM*? Cell phones and aviation electronics; One year in jail for cell-phone use on a plane (R 20 50-52); Chinese jet driven off course (R 20 53)

Hhm Cell-phone hoax takes down Lebanon's phone networks (R 20 43)

* Possible victims of Iridium demise: Pacific rower, Norwegian transpolar skiers (S 25 3:18, R 20 85); Iridium flames out (R 20 87)

$h Reserve Bank of Australia (RBA) announced an unexpectedly larger interest rate hike at at 9:30 a.m. on 2 Feb 2000, but accidentally sent 64 people e-mail 6 minutes earlier. In those 6 minutes, approximately AUD$3 billion worth of bill and bond futures were dumped on the market. (David Shaw, R 20 78)

f U.S. Census prepends extra digit to house numbers in mass mailing (R 20 83)

$hf UK woman dunned for underpayment of four pence (R 20 75); other small debts (R 20 76)

f Letter from Jim Allchin, Microsoft on Windows 2000 bugs (R 20 80) and comments (R 20 81-82)

f More on MS Outlook Express feature: line begins with "begin ", following which everything is an attachment (R 20 75-76); more risks with pine bug (R 20 78-79,81)

f Risks of Authenticode in Windows 2000 (R 20 81 after R 18 89)

fi Computer-truncated flower-delivery message brings police (R 20 83)

hi National Weather Service tests leak out live (R 20 82)

f Weather.com leaves visitors in the cold, with erroneous temps (R 20 85)

SHO Feb 2000 distributed denial-of-service attacks disable Yahoo, Amazon, eBay, CNN.com, Buy.com, ZDNet, E*Trade, and Excite.com for a few hours each. (S 25 3:19, R 20 79)

$SHAO Credit-card data used for extortion (S 25 3:20, R 20 75)

*fff Rhode Island computer arrested innocents (S 25 3:20, R 20 76)

$SHAO Global Hell hackers steal 63,000 passwords (S 25 3:20, R 20 76)

SHAO Judge sends message to network vandals: "go to jail" (S 25 3:21, R 20 83)

+S U.S. removes most restrictions on encryption software (S 25 3:21, R 20 76-77)

+S U.S. government abandons Bernstein restrictions (S 25 3:21, R 20 82)

SP China to require encryption information (S 25 3:21, R 20 78)

SH Online prankster distorts Clinton chat (R 20 80)

SHOf Junk e-mailer uses closed e-mail list as a relay (R 20 79)

Sf UK ISPs leave themselves wide open to potential abuse (R 20 83)

Sf CERT Advisory http://www.cert.org/advisories/CA-2000-02.html on malicious html tags embedded in client Web requests; (R 20 78)

$- Offshore online gambling operator convicted in NY placing illegal wagers over phone lines (R 20 84)

Sfi Risks of a hyperactive anti-viral immune system (R 20 84)

SHh etc. Computer Security: Will We Ever Learn? (Bruce Schneier, S 25 4:8-10 and R 20 90)

S Peter Junger case: encryption code protected by First Amendment (R 20 87-88)

SHf Code protecting Stephen King e-book Riding the Bullet cracked (R 20 87); Stephen King's not scared of trusting online readers (R 20 98)

SHAO Love Letter Worm affects Microsoft Outlook users; See CERT Advisory CA-2000-04, http://www.cert.org/advisories/CA-2000-04.html, summarized in (R 20 88); See related items (R 20 88-89), security patch to disable attachments (R 20 89), and risks of antiviral software (R 20 90); Microsoft Outlook 2002 will enable restriction of 30 types of file attachments (R 21 36)

Sf W32/ExploreZip.worm "virus" and user interfaces (R 20 44)

VSHf,etc. Risks of e-mail borne viruses, worms, and Trojan horses, by Bruce Schneier (R 20 45); security sites vandalized (R 20 53)

S Commentary from Bruce Schneier on Back Orifice 2000 (R 20 57)

Sf CERT Advisory CA-99.06 ExploreZip worm (R 20 44); See http://www.cert.org for background.

SHfe SQL Slammer/Sapphire worm slows Net, grounds South Korean surfers, disables most of Bank of America's ATMs (R 22 52); various Canadian banks affected (R 22 52), plus Canadian NDP leadership convention Internet election in progress (R 22 59); Microsoft's own unpatched servers victimized as well (R 22 53); Who is to blame? (R 22 52-53, 58); advent of network risk insurance (R 22 53); Caida analysis shows worm doubling in size every 8.5 seconds (R 22 54); side problem of Virginia furnace fuses blowing, causing file system corruption (R 22 53); parametric worm warning (humor, R 22 53)

Sf Risks of reading zipped Microsoft text including .exe files (R 20 90-91)

SHf Peacefire: Eudora "Stealth Attachment" security hole discovered (R 20 88)

SHf Netscape Navigator improperly validates SSL sessions, CERT Advisory CA-2000-05: http://www.cert.org/advisories/CA-2000-05.html, summarized in (R 20 88); see also Misleading warning (R 20 89)

SHf Microsoft Office 2000 UA ActiveX Control Incorrectly Marked "Safe for Scripting": CERT Advisory CA-2000-07, http://www.cert.org/advisories/CA-2000-07.html, summarized in (R 20 89)

SHAO Canadian teen (Mafiaboy) held in February 2000 Web attacks on Yahoo, CNN.com, eBay, Amazon (R 20 87)

Sf Web server displays admin password on failures (R 20 87)

SHP The Mirror reports recovery of top-secret stolen UK laptop with Strike Stealth fighter data (R 20 89)

Shm Venezuela postpones election due to computer problems (R 20 89)

*Sf Discussion of 2 devices allowing police to stop arbitrary cars (R 20 89) GM's OnStar for location, but also may allow remote hacker activities (R 20 90)

S? India considering use of railroad communications for Internet connectivity (R 20 90-91)

S?f?h?i? More risks of networked home appliances (R 20 88, R 21 37)

M Study shows mobile phones do interfere with old-generation avionics (R 20 89)

SV Scientists spot Achilles' heel of the Internet; critical nodes (R 20 98)

SHI During a Verizon strike, 2 NY employee saboteurs cut a power cable next to a telephone cable, suffering burns (R 21 03; S 26 1:28)

Sf NATO antivirus developers accidentally create Anti-Smyser1 virus that spills secrets (R 20 93; S 26 1:28)

Sf Major security hole in Anna annapa.com online organizer service (R 21 02; S 26 1:28-29)

Sfh "Verify your age with a credit card": more than $188M fraud (Lenny Foner, R 21 03; S 26 1:30)

SH Cyber-extortion increasing (R 20 94; S 26 1:30)

*m Microsoft software can damage your hardware! Plastic CD-ROM fragments and frags (R 20 92); hairline fractures in center hole dangerous (R 20 94)

f Another Win95/DOS interaction (R 20 93)

Sf Outlook buffer-overflow bug on date allows self-executing Trojan horses (R 20 97)

SHOAi Fake PayPal site (PayPaI.com) collects user IDs and passwords (R 20 97); PayPal victimized by seemingly legitimate fraudulent e-mail (R 22 78,79,85)

S (not-for-kids) Burger King gives away CD-ROM with porn addresses (R 20 93)

f Edmonton man finds security hole in video slot machines, gets sued (R 20 93)

Sf Risks of using HTML Mail and HTTP proxy "censorware" together (R 21 05-06; S 26 1:32)

Sr Tighter security at Los Alamos may actually decrease security (R 21 07; S 26 1:32)

Sf SSL Server Security Survey: 32% dangerously weak (R 21 02; S 26 1:32-33)

Sfde? New Navy aircraft carrier to run Win 2000 for critical functions (R 21 05)

Sf Windows NT/2000 "Lock Computer" allows palm sync (R 21 04-05)

Sf Pretty Good Bug found in Windows versions of PGP for "trusted" third parties (R 21 03); another flaw in PGP plug-ins for MS Outlook distributed by Network Associates (R 22 15)

fS Norton Antivirus 2000 defect on Win2000 content (R 20 94)

Sf Security hole in Netscape infects computers, opens access (R 21 01)

SH? (no) Report of hacker endangering astronauts in 1997 (R 20 93) disclaimed by NASA (R 20 94)

SHA Risks of automated boarding passes for airline e-Tickets (R 21 02)

e NY State running out of fingerprint IDs (R 21 02)

[S-spoof] New security vulnerability: 13-year-old `r00ts' popular polynomial, crypto-spoof article by Leonard Richardson (R 21 03)

S+ The end of the Multics era (R 21 12, S 26 2:9)

S+ CERT's ActiveX security report (R 21 17, S 26 2:9)

*SH$ Arizona Motor Vehicle counterfeiting rings (R 21 14, S 26 2:9)

*SH Another DMV Break-in, in Oregon (R 21 15, S 26 2:9)

Sf No security in Internet-connectable laboratory instrument controller (R 21 10, S 26 2:9)

VSHI Security at UK nuclear power stations (R 21 20, S 26 2:9)

SP How to upset your customers (R 21 09, S 26 2:10)

$SH Hacker seemingly extracts large number of credit-card records from egghead.Com (R 21 16,18-19); egghead says maybe none of those cards was compromised; however, lots of people's cards were cancelled as a precaution.

SHAO Florida 8th-graders penetrated school system and copied final science exam (R 21 18)

SHAO 11-year-old boy charged with felony for computer tampering, changing grades (R 22 56)

Shi Report on hacker altering MIT grades false; spreadsheet missorted (S 25 3:16-17, R 20 84-86)

SP Report that Dutch hacker offloaded patient records from Seattle Hospital; U. Wash denies it (R 21 14-16,18)

SHAO Microsoft Web site vandalized; Trojan horse sent company passwords to Russian site (R 21 11)

S(f) Researchers able to defeat SDMI digital music security measures (R 21 11)

$SH Poll of CIOs reveals confidence in their network security despite $billions in losses; over half of respondents did not report breaches (R 21 18); skepticism needed concerning loss figures (R 21 19)

Sf Verisign and MS authenticode time-stamp errors (R 21 11)

i Devious URLs making something look hacked when it isn't (R 21 16)

ShHA Australian government minister has $50,000 phone bill on telephone card given to his son and used widely by others (R 21 09)

SPf NJ EZ-Pass discovers risk of sending URLs instead of actual text (R 21 09)

Sf Buffer overflow in Outlook Express allows execution of arbitrary code (R 21 13)

Sf McAfee VirusScan update (4.0.4102) crashes Windows 95, 08, NT (R 21 13)

S+/-? Bugtraq discussion: Security advisories are becoming less open (R 21 16)

SP Dutch Railways to introduce electronic access/ID card (R 21 19)

Sf Microsoft advisory format buggy (bugtraq item, Richard M. Smith, R 21 16)

S Risks of automatic firmware upgrades in Dolby digital sound processors (R 21 17) and DVD (R 21 18)

Sf More on ActiveX security limitations (R 21 30)

Sf SiteGuest.com sends unauthorized e-mail during browsing (R 21 24,25)

S(H?) Der Spiegel reports German armed forces banning MS software, citing NSA snooping (R 21 29); correction: Bundeswehr using hardware encryption - see original German text (R 21 31)

h, then SH Millions of people were prevented from visiting dozens of Microsoft Web sites on 24 Jan 2001 (R 21 21), result of human error; flooding attack the next day jammed network, with four DNS all linked to a single network (R 21 22)

f Microsoft's UltimateTV set-top box hard-drive storage space shrinks, reducing record-time max (R 21 35)

H Over 5 months, HotMail blocked e-mail to peacefire.org, with delayed fake error message blaming peacefire outage (R 21 22)

HHS Sabotaged phone lines and stolen credit cards allowed thieves to safely rob a Sydney shopping centre (R 21 35)

SHO Hackers hit U.S., U.K., Australian government sites (R 21 23)

SHO Hacker attacks from China peaked in May 2001 (R 21 37)

SH Creator of Anna Kournikova virus claims intent to warn sites to tighten their Internet security (R 21 24); the virus blamed for fax machine blowing up! (R 21 24); damages assessed at $166,827; J. de W sentenced to 150 hours of community service (R 21 67-68)

Sf Palm Pilot security; passwords not adequate (R 21 22,26,27)

Se DirectTV remote updates enable remote disabling of old satellite TV receiver smart cards; newer hacks already emerging (R 21 22-24)

Se ReplayTV auto-updated itself, disabling a valuable feature (R 21 32)

S Dutch police send text bombs to stolen cellphones (R 21 32,34)

SP Risks of outsourcing in banking (R 21 24)

$ Technology exodus: 10% of U.S. computer service/software jobs moving overseas by 2004 (R 22 83)

Sf Czechs discover flaw in OpenPGP to reveal private keys in digital signatures (R 21 28-29)

SHAO Penetrator gets OS/COMET source code used in NAVSTAR GPS guidance (R 21 26), but code not classified as first reported (R 21 27)

SHAO Former U.Wisconsin student Jerome Heckenkamp indicted in Jan 2001 for 1999 network vandalism at eBay, Exodus, Juniper, eTrade, Lycos, and Cygnus, and more than $900,000 in damage (R 21 22)

SHAO NASA Web site hacked, replaced with conspiracy-theory moon-landing hoax hoax (R 21 27)

SH Copper thieves knock out SETI@Home fiber-optic cable and Web site for 24 hours cut (R 21 26-27)

$hm Chinese cybersurfers caught by fishermen's anchor nets, snagging cables (R 21 30)

+ Bank robber nabbed by escape-taxi's GPS (R 21 22)

SH Teenager convicted of defacing Web sites sentenced to programming jail computers (R 21 29)

SH Computer cords used in escape from police custody (R 21 33)

Sf Nokia 8260 cell phone trivially easy to unlock (R 21 29)

$SPi Seattle police using Palm VIIs to give traffic tickets (R 21 35)

SP IBM and Carrier will offer Web-controllable air conditioners (R 21 35)

Sf Risks in e-gaps: they are not air gaps between networks (R 21 26-27,29)

S- DoE warning about "Naked Wife" virus blocked by politically correct mailer (R 21 29)

H FBI director's home security system false alarms due to his young sons (R 21 28)

SH California power grid hacked over 17-day period (S 26 6:12, R 21 46)

S ebates.com installs Java program on user's computer (R 21 49)

S$? Blaming the victim: vandalized sites could be liable for damages (R 21 64)

SH Danish police break "Safeguard" encryption program in tax case? (R 21 58); no, they hacked the system and guessed some passwords (R 21 59)

$SAOf Serious flaw in Wireless Encryption Protocol (WEP) link-layer security used in IEEE 802.11 wireless LANs; attack described by Fluhrer, Mantin, and Shamir (R 21 55); attack implementation described by Stubblefield, Ioannidis, and Rubin (R 21 57); AirSnort, WEPCrack, and other 802.11b-defeating sniffers (R 21 62); Bill Arbaugh and Arunesh Mishra present "session hijacking" and "man-in-the-middle" scenarios for cracking Wi-Fi security (S 27 3:11-12, R 21 92)

Sf The New York Times article on 19 Aug 2001 on Avi Rubin discovering that Morristown NJ hospital wireless network is unprotected (R 21 62)

S War-chalking wireless networks for Internet access (S 27 6:13-14, R 22 18,23)

SHA Insecure wireless access points mushrooming (R 22 65; S 28 4:8)

SHA Wireless hacking on the increase (R 23 32; S 29 5:16)

SAOh ISP employee Brian West who notified Oklahoma's Poteau Daily News that their Web site security had no authentication was threatened with felony conviction; discussion of law that specifies "exceeding authority" when there is no authentication (R 21 62); however, in court West plead guilty to copying proprietary PERL scripts and obtaining passwords (R 21 67)

Sf Flaw in SSL encryption on Experimental Aircraft Association Web site (R 21 53,54,56)

Sf Kaiser Permanente self-service Web site SSL vitiated by return e-mail! (R 21 62)

*SH Firefighter's phone lines disrupted because of a report of free SMS calls (but originally thought to be a hoax) (R 21 55,59)

Sfe U.S. Air Force authors blast Outlook security patch (R 21 39)

Sfi Renewal of BT Trustwise digital certificate impeded by secure passphrase with non-alphameric characters (R 21 54)

Sf Security risks in Passport Single Sign-on: Kormann and Rubin (R 21 58)

SHf Stealing MS Passport's Wallet, credit-card numbers, etc. with browser and Passport flaws (S 27 1:12, R 21 74)

SHAO($?) Microsoft admits Passport was vulnerable (R 22 72; S 28 4:8)

$ Microsoft and Federal Trade Commission settle complaint that MS had violated its own privacy policy (R 23 19)

SHf SirCam virus spreads widely, including inside FBI (R 21 55); U.S. Air Force officer mailing confidential information to 4400 cadets (R 21 62); sounds like just another SirCam example (R 21 63); more like MS Outlook and wrong distribution list (R 21 65)

SHf Code Red worm (R 21 54); cyanide for Code Red: passive worm infecting the attacker (R 21 57); Warhol Worm variant discussed (R 21 59) several systems hosting the MSN Hotmail service infected by Code Red worm variants (R 21 58,62); avoid programming languages that don't check buffer lengths (R 21 62,64); yet another MS Hotmail risk (R 21 62)

Sf Hotmail hackable with one line of code (R 21 63)

Sf Norton Anti-Virus 2001 interprets backup script as a virus (R 21 57)

SHP Software is called capable of copying any human voice (R 21 55)

SHA Forged county-clerk stamp and chief-judge signature used in attempt to gain release of triple murderer (R 21 44)

SHAf European Commission "safer Internet" site invaded by hackers (R 21 48)

SHO Intruder crashes United Arab Emirates' only ISP (R 21 50)

SHA Determining the age of Internet users, especially minors, the age of virtual porn characters, and differences between real and virtual (R 21 45,47,49)

SHA 16-year-old boy concocted radio calls, adapted police alias, misled police and helicopter pilots, for over a month - despite "security codes" (R 21 39,41)

H+/-? U. Virginia prof uses computer text comparison to identify cheaters (R 21 39)

S? Publisher of $3,000 industrial reports uses ROT13 for protection! (R 21 58); of course, utterly trivial to break (R 21 39); when U.S. Army outlawed encryption software on SIMTEL20, ROT13 was removed! (R 21 59)

$ Appeals court overturns ruling blocking publication of "The Wind Done Gone", an obvious parody of "Gone With the Wind" written from the point of view of black slaves; parodies tend to be exempt from copyright violations! (Good news for RISKS contributors of April Fools' spoofs!) (R 21 42)

SH Abuse of electronic copyrights: humorous piece on Mars Pathfinder landing was reported from the Martian point of view; later adapted by someone else for Spirit, without attribution (R 23 18)

h Apple Titanium Powerbook xray-nondeterminism 'bomb' scare shuts Burbank airport (R 21 41)

Sf Denial of service possibility in FAA airport traffic Web site e-mail notification software (R 21 42)

SHAO Gas-shutoff requests require minimal authentication and no verification (R 21 54)

S? Weatherbug software security questioned in evaluation (R 21 42,44)

Sf McDonald's testing cashless payments using speed-pass to make fast food faster; lots of risks discussed (R 21 43,46,49,58)

Shi Sloppy use observed in PCs used as cash registers (R 21 49)

Sf Flaws in swimming-pool changing cubicle motion-detector security (R 21 44)

Sh? Implications of a Gullibility Virus: delete all your files, on the honor-system (too late for April Fool prank R 21 45)

S DoD declares unclassified hard drives no longer need be destroyed (R 21 47)

Sf EarthBrowser developer reports e-mail scam with Russian URL mimicking legitimate business Web pages, capturing credit-card info, etc. (R 21 47)

SH New technology for sneaky advertising: fastclick.com masks source (R 21 47,48)

SMf Car-door lock remote control activates another car's alarm (R 21 56)

Sfh Many Federal computers fail hacker test (S 27 1:11, R 21 76)

SHAIf Security hole in cash machines (S 27 1:12, R 21 74)

SP Virgin Mobile security/privacy risk on archived mobile-phone usage records (S 27 1:12, R 21 74)

S Risk of monocultures and exponential false anti-virus positives (S 27 1:13, R 21 73)

*f British BSE crisis; misplaced trust in third-party analysis: wrong samples (S 27 1:13, R 21 71)

$ Sony uses DMCA against Aibo Enthusiast's site (S 27 1:13, R 21 73)

$SH Feds make record counterfeit software seizure (S 27 1:14, R 21 75)

Sf GForce Pakistan crackers deface U.S. Defense Test and Evaluation dtepi.mil, after which rival Pakistani vigilanties retaliated (R 21 71)

SH Jilted Michigan boyfriend convicted of hacking into ex-girlfriend's Internet bank account (R 21 73)

SH Oklahoma man who reported access vulnerability to the Poteau Oklahoma News (R 21 62) guilty of copying proprietary files and stealing passwords (R 21 67)

Sf Yahoo! news stories can be altered without authorization (R 21 67-68)

Sf Hotmail Web site hackable by javascript exploits (R 21 67)

Shfi Norton Personal Firewall security problems (R 21 65)

Shf Consumer Reports password policy risks (R 21 65)

SHh Hackers could face life imprisonment under "USA PATRIOT" anti-terrorism act (R 21 67); U.S. House approves life sentences for crackers (S 27 6:14, R 22 16)

Sf Nasty Redesi virus (Dark Machine, Ucon) (R 21 71)

*Sf Nimda worm patching problems in IIS (R 21 67); public hospitals in Gothenburg Sweden crippled by nimda (R 21 67)

S Swedish national radio bans SETI software from office computers, fearing Trojan horses (R 21 74,77)

Sf New class of wireless attacks against the Address Resolution Protocol gains unauthorized access to WEP-protected systems (R 21 69)

$SH Playboy says hacker stole customer credit-card and other info (R 21 78)

SAOf Insecure on-line promotion from American Express (R 21 73)

S Black Hat Conference demo of how to disable a mobile phone by SMS (R 21 80)

SP Ziff-Davis Media exposes credit-card info for 12,500 subscribers (R 21 77)

SP Google freely giving out your phone number and home address (R 21 75,77)

SHP($?) Financial records stolen from New Zealand Funds Management in Auckland (R 21 80)

SH 800 "directory assistance" slamming redirects calls to third-party wholesaler unbeknownst to correct recipient (R 21 76-78)

SP Ernst & Young reportedly terminated kids' learning game site moneyopolis.org, which became porn site (R 21 73); story is either bogus or else E&Y has reacquired the domain (R 21 74); related cases, one involving acquisition of 2000 expired domains (R 21 75)

SPf Continuing SirCam activity leaks UCLA radiation safety document with dummy fields for names, SSNs, DoBs of personnel, but illustrative of the risks (R 21 69)

SP U.S. court shuts down deceptive Web sites with spelling variants, etc. (R 21 67)

SP Australians voice anger over online spying (R 21 67)

Si Risks of deceptive characters in URLs: Gabrilovich/Gontmakher, (S 27 2:13, R 21 89, Inside Risks column http://www.csl.sri.com/neumann/insiderisks.html#140)

SH Risks of bouncing e-mail forgery (S 27 2:13, R 21 89)

SHf AOL Instant Messenger Buddy-Hole fix has backdoor (S 27 2:13-14, R 21 87)

$SH Credit-card cloners' $1B scam (S 27 2:14, R 21 86)

$Sf Risks of mag-stripes on retail gift cards (S 27 2:14, R 21 86)

SH Latest Windows versions vulnerable to unusually serious attacks involving plug-and-play (R 27 2:15, R 21 83)

Sfi HTTPS secure in, insecure out (S 27 2:15-16, R 21 83)

S Lotus Notes silently losing data (S 27 2:16-17, R 21 88)

Sf Facial recognition technology doesn't work (S 27 2:17, R 21 87)

SPi Answering machine provides door entry code (S 27 2:18, R 21 88)

Sf Risks of Georgia Tech anti-cheating software (S 27 2:18, R 21 88)

Sfi SAS Institute software to detect e-mail untruths (S 27 2:18-19, R 21 88-89)

SH Swedish police reportedly doctor video evidence, admit it (R 21 81-82)

Sf Lawrence Livermore National Laboratory bans all wireless networks. Proponents say technology is secure. Experts say 90% of all Wi-Fi nets improperly installed, not secure (R 21 89)

Sf Wireless carriers offer products that tunnel insecurely through firewalls (R 21 89)

Sf Fingerprint scanner interfaces with built-in wireless LAN network card, defeating intended security (R 21 83)

SHI$ Former Cisco accountants sentenced to 34 months and restitution of $8M for unauthorized computer access, fraud (R 21 82)

*SHh Risks of remotely triggerable exploding chips in cell phone to foil thieves (R 21 87)

SAOf Security hole at WorldCom left internal computer networks accessible at AOL Time-Warner, BoA, CitiCorp, NewsCorp, JPMorgan, McDonald's, Sun Microsystems (R 21 81)

Sf Windows update server glitch blocks downloading of security patches (R 21 87)

Sf Risks of Internet Reconfigurable Logic: FPGAs upgradable from anywhere based on IP address (R 21 87)

Sf SMS phone crash disabling messages a risk in older Nokias (R 21 82)

ShV Swisscom sends SMS test messages that delete roaming information on SIM cards (R 21 89)

hi Risks of using SIM Cards with GPRS (R 23 91)

Sm Anthrax postal mail irradiation can affect electronic devices (R 21 88)

Sf A VeriSign Secure customer site isn't using https/SSL properly, resulting in failure of end-to-end security (R 21 84)

Sf VeriSign's NetSOL vs. PGP: Risks of a crypto company owning a registrar? (R 21 82); similar problem discussed (R 21 86,88)

f Bogus dates for McAfee virus alerts: sloppy programming (R 21 85,88)

S$ "Don't Touch That Dial-Or You're Under Arrest!" Some entertainment industry folks insist that if you skip TV commercials, you are a thief. See a www.factsquad.org/radio piece by Lauren Weinstein (R 22 05), and article in the San Jose Mercury by Dan Gillmor (R 22 05)

S(-?) Lifetime jail sentences proposed for reckless hacking (R 21 94)

SM Lightning storm caused power outage and failure of jail's cell locks, defaulting to open (R 22 02-03)

SA Iceland places trust in face-scanning for airport screening (R 21 89)

Sf Face recognition kit fails in Fla airport experimental use: success rate less than 50%, false-positive extrapolations about 50 per day per checkpoint (R 22 10); Tampa police disband face recognition (R 22 87)

Sf Unsecure wireless used for remote-controlled New Zealand water supplies (R 22 04)

SH CIA warns of Chinese plans for cyber-attacks on U.S. (R 22 05); preparedness (R 22 06)

Sf Security risks of programs that automatically update: http://schram.net/articles/updaterisk.html (Scott Schram, R 21 92)

SHAO Fingerprint authentication: study shows all of the tested machines could be spoofed, 80% or more of the time (R 22 08-09)

SHIe Remote mobile phone configuration changes made via Swisscom SMS service (R 21 89)

fi ezmlm used for moderated e-mail lists responds erroneously, interfering with certain virus scanners and vacation programs (S 27 3:13-14, R 22 06)

Sf Windows XP disables own firewall (R 21 98)

Si Windows XP speech recognition feature: random words inserted in text, picking up ambient sounds (even if the mike is supposedly off) (R 21 95)

hi Deleting rows in Excel scrambles the rows (R 21 88,90); another Excel "feature" changes your input: A grades changed to A- after A- entered previously, with prompted completion (R 21 94-95) and Word miscorrecting [College of the] Cariboo to Caribou and replacing asterisks (R 21 95)

Sf BlackICE Defender and BlackICE Agent buffer overflows (R 21 91)

Sf Security flaw in Sony Vaio computers (R 21 91)

SHf Sony's "Copy-proof" CDs cracked with $0.99 marker pen; will marker pens be outlawed? (R 22 08)

Si Apple: break your new PC with a nonstandard copy-protected CD, it's not Apple's fault (R 22 07-10)

SPf Privacy risk in Netscape 6: Google use tracked by Netscape (R 21 93)

SPf IE 6 Privacy features open users to attack (R 22 05)

SPf$ VeriSign doesn't encrypt credit-card info (R 22 07)

Sf Domain hijacking easy for AUDA/AUNIC Internet registration services (R 21 94)

Sf US Navy suffers domain hijacking: NavyDallas.com taken over by porn site, NavyBoston.com by eBay auction site (R 22 10,13,15); Louisiana Attorney General site reused (R 22 15)

SVhi Citibank Visa woes resulting from system outage (R 22 04)

Sfi 714 newsletter items on Windows 2000 bugs, clarifications, etc., since release of Service Pack 2 (R 22 01)

SHi Risks of spoofing, bouncing e-mail in Strasbourg, supposedly from the mayor (R 21 89)

Shf Secret American Telstar 11 live spy photos broadcast unencrypted over satellite TV and Internet for over 6 months! (R 22 13)

ShAi Sun's misguided instructions on installing StarOffice 5.2 (R 22 11)

Si Apple computers trigger anti-shoplifting alarms? (R 22 11,13)

Sh Norwegian history database password lost, then retrieved in contest (R 22 13)

Sf FreeBSD Scalper worm (R 22 15)

Sf New virus Perrun can infect picture files (R 22 13)

$S Royalty fees may be the death of Internet radio (NewsScan, R 22 17)

$SP Windows Media Player security update EULA gives MS permission to keep you from using "other software" on your computer (R 22 14-16)

Sf Security flaw in Excel XP spreadsheets enables arbitrary code execution (R 22 12)

Sf IIS e-mail flaw transforms server into open relay (R 22 16)

Sf Security problem: Apple OSX and iDisk and Mail.app (Bugtraq, R 22 18,20)

Sf SSH Protocol weakness advisory (R 22 17)

Sf More on 802.11 wireless networks and security (R 22 17)

S+ Hackers/crackers seem to provide the most useful information! (R 22 17)

S Calculators OK in exams, not handheld computers (R 22 13)

SHV Hacker attack targets 9 of the 13 Internet root servers (R 22 32)

Sf San Jose access point for Southern Cross Cable Network co-located with MAE West, representing something like 70% of the Internet traffic from the Western U.S., 40% of the world Internet traffic. Worldcom (albeit owning only 10% of SCCN) is still a corporate weak-link for the Internet. (R 22 20-21)

$Sf ATM operational flaw relating to transaction noncompletion (R 22 44)

SHAI$ Former Drug Enforcement Agency employee sentenced to 27 months for selling protected data (R 22 44)

SHAI Former UBS PaineWebber programmer faces U.S. fraud charge in virus attack (R 22 44,46)

SH L.A. woman gets 9-year prison term and $11 million restitution penalty in counterfeit software ring (R 22 41)

S Deceptive password complexity in building key codes (R 22 31-32)

h VeriSign error mistakenly transfers immigrationdesk.com to site in India, with sensitive e-mail vanishing (R 22 21)

$SA Australian automated toll collection charges auto owners for bikes with the same license plate ID but different color, irrespective of ownership (R 22 39)

$f Web browser incompatibilities cost business (R 22 45)

Sf Risks of automated law-enforcement responses, equivalent to vigilante actions (R 22 47);

SHf GTech finds winning lottery tickets can be identified before purchase, unscratched, from bar codes (R 22 36)

SP Credit agencies provide information on your relations under UK Data Protection Act (R 22 46)

Sd Understanding the Windows 2000 Common Criteria EAL4 evaluation, Jonathan S. Shapiro (R 22 41) and Rick Smith (R 22 42); must-reading for serious developers

Sh MS court ruling leaked early through security blunder - posted on open server (R 22 34)

Sf Software leaves encryption keys and passwords lying around in memory; optimizer removes memset() (R 22 35)

SPf Internet home banking unsafe (R 22 37)

Sfe Patch slip-up raises security questions: Robert Lemos article (R 22 40-41)

S Retrospective ACSAC Karger/Schell paper on Multics Security Evaluation (R 22 25-26)

S Throttling Viruses: Restricting propagation to defeat malicious mobile code, by Matthew Williamson, HP Labs at ACSAC 2002 (R 22 42-43)

$SHA Crackers steal University of Oslo password file with 52,000 users (R 22 39); MS SQL security patches not installed (R 22 44)

SHP Sensitive backup tapes stolen from Japanese national system of citizens' private information (R 22 45)

SHP FBI bugging Hartford Public Library? (R 22 35) or not? (R 22 38); Libraries Say Yes, officials do quiz them about users (R 23 91)

SHP How mobile phones let spies see our every move; U.K. Celdar project (R 22 31)

$SHA NSF Fastlane proposal submission system: privacy problem for co-investigators (R 22 39) and PIN exposure problem (R 22 41)

$ShA Internet eBay auction scam (R 22 41); also, eBay sends plaintext password changes (R 22 40-41)

SHAO$ Canal Plus accuses NDS Group of breaking its smart-card secret key, giving it to counterfeiters; Cadence Design suit against Avant Corp for stealing programs results in verdicts against seven with ties to Avant; in 1999, Internet bookseller Alibris paid $250,000 to resolve federal charges that it had unlawfully intercepted thousands of e-mail messages to its customers from Amazon.com. (R 22 22)

$SHAI Turin credit-card duplicating machine (R 22 19)

Sf Are you bothered by telemarketing? It's a $270 billion industry (R 22 35)

Sf Spoofability of Calling-Number-ID (R 22 46-48)

f More e-mail content filtering: the word "fugue" causes censorship for music group (R 22 20); "klezmer" blocked by "klez" scan (R 22 20)

SPf A little bit of anti-porn filtering can go a long way; more may not be appropriate (R 22 42)

- Ironic filtering example from rec.humor: "Congress shall make no law abridging the freedom of sxxxch, or the right of the people peaceably to xxxemble, and to pexxxion the government for a redress of grievances." (R 22 42)

S? Greek Law Number 3037 bans electronic games (R 22 23); later found unconstitutional? (R 22 24); Greek consulate clarifies that ban extends only to games that can be used for gambling purposes (R 22 26)

SHVif Risks of Georgetown Law Center exam software supposedly limiting laptop functionality (R 22 34)

S,P,f,etc. Prediction: e-mail will become double-trouble in 3 years (R 22 29)

SPHh$* etc. Concerns over Total Information Awareness (TIA) widely discussed in the media during November-December 2002. See various RISKS items (R 22 44-47); Total Information Awareness renamed to Terrorist Information Awareness; privacy advocates doubt Pentagon promises on spying (R 22 74, S 28 6:13)

SPH Don Norman essay on the risks of risks, including social engineering, citing Mitnick and Simon, The Art of Deception: Controlling the Human Element of Security, Wiley, 2002; book also reviewed by Rob Slade (R 22 43); follow-up from Norman (R 22 44) and Fred Cohen (R 22 45)

SP "Scopeware" as universal structure 3D stream of e-document. David Gelernter quote: "Operating systems are lapsing into senile irrelevance." (Risks not noted.) (R 22 36)

SP Castro Valley nurses refuse to wear locator devices (R 22 24)

SPHh$* etc. Automation increases anxiety - with cause; abuse, blacklists, blackmail, privacy; in Japan, a proposed family-registry database, a national ID, and various misuses (R 22 21); Japanese phones vulnerable to hackers (R 22 22)

P U.S. transport worker ID, privacy rights, funding at issue (R 22 22)

SP(+/-) U.S. Senate closes its proxy server's accidental anonymizer capability (R 22 43)

$?SP? U.S. Navy searches for at least 595 missing computers, then only 187 after further checking; two top-secret laptops disappeared (R 22 32)

SPfh French Kitetoa group discovered U.S. Navy Web sites leaking information via Lotus Domino, e.g., trouble tickets since 1989 (R 22 37)

Sf? Opportunities for Trojan horses in StealthChannel music? (R 22 28)

SHP RIAA orders U.S. Navy to purge computers of illegally downloaded MP3s (R 22 40)

SPh Defense Information System Agency leaves shopping list and requisition info online (R 22 28)

SPh Website personal-data security flaw costs Ziff-Davis Media $500 per subscriber (R 22 22)

SPf Wireless keyboard radiates 150 meters away (R 22 38)

SP Quote from a book review: Writing a book on wireless security is like writing a book on safe skydiving - if you want the safety and security, just don't do it. (R 22 23)

P Car goes airborne for 110 feet; airbag spills the beans: driver going at 124 mph in 40-mph zone (R 22 21); such information suspect? (R 22 22)

P Pacific Bell (now SBC) will share info, with almost invisible opt-out notice; SBC Yahoo will request personal info to "customize" your account (R 22 43)

SHAO/SP$ UK Government under digital attack: security breaches revealed (R 22 41); UK police offer anonymity to cybercrime victims (R 22 42)

+/-? Quantum cryptography for secure global communications over increasing distances; interceptions self-evident (R 22 28) But what about denials of service?

SH Weak encryption or poor design leads to killing of wolves fitted with transponders; hunters might say "tri-angu-later, alligator?" (R 22 29-31)

+/- Court welcomes e-mailed excuses/explanations for traffic tickets (R 22 28)

*SA Automakers block crash data-recorder standards (R 22 47)

Sfm Dishplayer and digital phone don't play well together (R 22 30)

VHh Microsoft rashly gets entire site shuts down for alleged copyright infringement, based on reader feedback (R 22 62, S 28 3:8)

SHVf Windows root kits a stealthy threat (R 22 62, S 28 3:8)

eSV MS says Upgrade! HP says Don't Upgrade! (R 22 54, S 28 3:6) HP advises customers to "check back frequently", but the notice has been up for 4 months.]

$SHA Attempt to buy BMW over the Net results in $55,000 scam (R 22 58)

Sf+ Sendmail flaw tests new Dept. of Homeland Security (R 22 62)

SH Feds pull suspicious AONN.gov cyberwarfare site (R 22 54)

SH$ Feds charge 17 with stealing satellite TV signals, 6 of them for violating DMCA (R 22 55)

SPH Indiana University Center's computers breached by hacker; identities of 7,000 patients potentially compromised (R 22 61)

SPAOfi Risks of using Tax IDs for other things: Internet banking exposes Princeton University's accounts (R 22 61)

$SHI Australian security firm forced to close after insider sabotage (R 22 62)

$SHI Danish credit-card fraud: mailman intercepts postal mail (R 22 61)

$SH Credit company's 15,000-customer list leaked to an underground gang, which demanded 200 million YEN in blackmail (R 22 61)

$SH 16M Yen stolen from sniffed bank passwords at Japanese Internet Cafe (R 22 61)

$SH Israeli Post Office/bank break-in results from Trojan horse sniffer capturing passwords (R 23 13)

$S Lexmark DMCA lawsuit temporary restraining order against rejuvenated toner cartridges (R 22 50); Lexmark wins injunction (R 22 60)

$S DMCA case: garage-door opener company Chamberlain Group levels claim against Skylink, maker of universal remotes (R 22 50)

Sf Citibank seeks gag order on disclosure of ATM vulnerabilities (Ross Anderson, R 22 58)

Sf FirstUSA/BankOne sends login ID and PW as clear text (R 22 62)

$SH UK cash machine error goes unchecked, gives unlimited money; error reported, but left unfixed, then exploited (R 22 50)

SH Computer sabotage against Venezuela oil? (R 22 49)

SHAO Boston College student reprograms his ID card, getting other students billed for his books, meals etc. (R 22 55)

SH Up for drunk driving, man hacks court computer (R 22 51)

SH Welsh computer virus writer gets two years in prison (R 22 52)

SH 12 University of Maryland students accused of high-tech cheating (R 22 53)

Sfhi DoD inadvertently offers admin privileges on .mil Web sites (R 22 51)

SI Matt Blaze's discussion on long-hidden lore of master keys for mechanical locks (R 22 51) with subsequent comments - including he's a hero (R 22 52)

Sf A. Guadamuz: Trouble with Prime Numbers: DeCSS, DVD, and the Protection of Proprietary Encryption Tools (R 22 51,52,54)

Sf TurboTax 'activation' restricts subsequent use (R 22 51); online registration works on Windows only if security parameters reduced to lowest (unsecure) setting (R 22 55)

*+/-? Bugsplat: military collateral damage simulator (R 22 59)

SH- Lawyers say convicted hackers are getting comparably harsher sentences (R 22 58)

$SHP Crooks harvest customer details and perpetrate fraud from Birmingham England Internet bank kiosk (R 22 52)

S(f?h?H?) Smut interrupts 'Army Newswatch' program on Webster NY cable channel (R 22 49)

SHAO Text message can disable Siemens mobile phones (R 22 65; S 28 4:9)

SH-SH Automated denial-of-service attack using the U.S. Post Office (R 22 69; S 28 4:10)

S? 2003 Stupid Security Awards include some doozers! (R 22 68)

$Si Risks of bank deposit-only ATM displaying MS NTDetect 4.00 prompt and boot with live keys with interface wider than intended (R 22 69-70)

Shi Draft legislation on using crypto in commission of a crime: extra five years in prison (R 22 67); but, if encryption is treated like arms, does that violate the Second Amendment? (old argument, repeated in R 22 67)

SHAO Cracking of small Nevada hospital system hack traced to Russia (R 22 69)

SHO Bogus Internet domain-name renewal offers spoof NSI (R 22 71)

SH NASCAR fan faces prison time for flooding Fox with angry e-mails (R 22 70)

SH Website hoax on killer SARS virus triggers Hong Kong panic (R 22 67)

Sh CNN reveals pre-prepared obits for living people (R 22 70)

Sf Software patching gets automated (William Jackson) (R 22 84-85, S 28 6:11-12)

$SH Ukrainian crime `kingpin' cracker arrested in Thailand; counterfeited MS, Adobe software; fraudulent schemes worth $1 billion (R 22 74)

$SH Man fined $180 million for piracy conspiracy stealing satellite TV signals (R 22 79)

$SH Ex-student fined more than $500,000 for stock fraud on Net (R 22 74)

SHf The Great Capacitor Scare of 2003; Chinese corporate stole incomplete electrolyte formula, resulting in his new employer's capacitors failing after 250 hours instead of 4000 (R 22 73)

$SH BestBuy.com e-mail swindle uses bogus fraud alert about a swindle (R 22 78)

$SH ATM electronic spying and camera scam nets $623,000 Australian (R 22 85)

SHAO Free Software Foundation GNU/Linux source site hacked (R 22 86)

SAOf California state Web site accepts completely unverified updates of statement by domestic stock corporation; also tends to crash browsers (R 22 88)

SAf Denver school student information system on the Internet; protection questioned (R 22 85)

SAf Biloxi schools have cameras in classrooms, pictures on Internet (R 22 85)

SHA Safe-cracking via telephone (R 22 74)

Shf Pilots hear baby's cries instead of air-traffic controllers' guidance; baby monitor set on wrong frequency (R 22 73)

SHAO More on deceptive URLs (R 22 85,86)

SHAOf Walk-by hacking: more unprotected wireless access in Midtown Manhattan (R 22 80)

SH Acxiom's FTP Server compromised by (now former) client (R 22 84)

S Incompatibilities and incomparabilities among 802.11a, b, g (R 22 89)

SH SCO wants licensing fees from corporate Linux users (R 22 82); Denial-of-service attack cuts off SCO Web site (R 22 89)

Sf Adobe Acrobat and PDF security flaws: no improvements for 2 years (R 22 80)

Sf Hand-held computer devices easy to hack (R 22 83)

SH Jolitid: Downloading data can turn your computer into a server (R 22 77)

SH Network vandals hijack Internetted PCs to spread pornography (R 22 80)

SHI Nova Scotia worker deletes her speeding ticket, gets fired (R 22 84)

SH ISP Charter Communications' DHCP servers infiltrated (R 22 78)

Sf Internet Bank Egg advises customers that ActiveX is a security product! (R 22 80)

SV John C. Dvorak estimates 30 billion Windows crashes each year (R 22 84)

Shf U.Michigan center advises ignoring ssh key change warning (R 22 80)

SH SRI firewall reject rates show dramatic peaks (R 22 87)

S Risks of TheftGuard remotely disabling PCs as an anti-theft measure (R 22 80)

S- Reassembly of shredded Stasi documents outs informant (R 22 81)

SH Man steals home-detection tracking transponder, which tracks him down (R 22 89)

SHA Customer passwords stolen from Kinko's in Manhattan for two years (R 22 82)

SHf Student hacks high-school computers, erases class files; the fix: change passwords every 60 days! (R 22 76)

SA Lack of Abbey National telephone banking security (R 22 81)

Sf Microsoft withdraws security update for XP; it would knock 600,000 users off the Internet (R 22 74)

SA New method cracks Windows passwords in seconds (R 22 82)

Sf Denial of service via algorithmic complexity attacks, Crosby and Wallach (R 22 76)

S Chips that can self-destruct: add gadolinium nitrate (R 22 89)

Sf Hardware to avoid buffer overflows? (R 22 74,75)

hf Pentium 4 hyperthreading/shared cache vulnerability (R 23 88)

Sh Owner of stolen 'sex.com' can sue VeriSign (R 22 82)

i White House puts up obstacle course for e-mail; critics cite burden of additional steps (Markoff, R 22 82)

SH Slammer worm hits system within Davis-Besse nuclear power plant (R 22 88,89)

SH LoveSan/Blaster/MSBlaster wreaks havoc, targets W32, MS security site, includes RPC DCOM exploit to insert payload (R 22 85); risks of believing MS advisory (R 22 86) and MS patch management (R 22 86)

SH$ Sobig virus affects CSX railroad, Amtrak freight and commuter service (R 22 87,89), Air Canada operations (R 22 88); sobig forges FROM: addresses from innocent victims who get rampant bounces (R 22 87,88); huge load increases (R 22 87) and side-effects (R 22 87); further analysis (R 22 88,89); organized crime link? (R 22 88)

SH Covert virus channels? (R 22 90)

Sf CCIA trade group tells DHS don't use MS (R 22 90)

S-? Curtailing online education in the name of homeland security (R 22 90)

SH$ etc. Some observations on e-mail phenomenology (Peter B. Ladkin, R 22 88)

SH "Good" worm supposedly fixes infected computers (R 22 87,89)

SH Palyh/Mankx Internet worm disguised as e-mail from Microsoft (R 22 73)

S Risks of teaching virus writing (R 22 75-77)

SHf DCMA strikes again; student sued for publishing SunnComm CD protection bypass - the shift key! (R 22 95; S 29 2:13)

S(H?)f UK Teen rides Trojan Horse defense (R 22 97; S 29 2:13)

Sf Feds admit error in hacker convicted for notifying customers of a security flaw! (R 22 97; S 29 2:13-14)

$SH Microsoft puts a price on the heads of virus writers: $5M Anti-Virus Reward Program, $250,000 bounties [still won't fix the problems!] (R 23 01; S 29 2:14); Microsoft patches their patched patches (R 23 01; S 29 2:14)

SHef Discussion of security patching: a story from the trenches (R 23 03,05)

Sf Risks of self-adjusting firewalls in Longhorn: auto patches (R 23 28)

*M Loss of Mitsubishi bus braking due to nearby illegally modified transceivers and electromagnetic interference (R 23 09; S 29 2:14)

$SH Internet fraud tripled in 2002 (R 22 98); Cybercrime more than doubled in 2003 (R 23 10); Reliability of network vulnerability testing is decreasing (R 23 10)

$SH Jury convicts Florida man (JungleMike) of selling DirectTV unscramblers in first jury-trial DMCA conviction (R 22 93)

SHAI Acxiom database cloner busted (R 23 08)

SHi New Windows CD antipiracy mechanism disabled by shift key (R 22 94)

Sh$ Crypto screwup: Sensitive Israeli missile test inadvertently broadcast (R 23 01)

Sf$ Linux backdoor exploit detected in kernel.kbits.net server (R 23 02)

SH$ Credit cards used as IDs! (R 22 93)

S VeriSign temporarily suspends Site Finder (R 22 92) $SHf Diebold ATMs hit by Nachi worm; MS operating systems being upgraded! (R 23 04,06,07,09)

M Illinois School district sued over WLAN planning lacking EMF radiation considerations (R 22 94)

Sm Risk of trusting computer-free security? Dog trainer sentenced to 6.5 years for defective bomb-sniffing dogs! (R 22 94)

P- = S+ Telephone evidence connects armed robbers with robberies (R 22 94)

*SH Tanker truck shutdown via satellite; risks considered (R 23 05)

*SHfmi Israeli government suspends purchases of Microsoft software (R 23 11)

*SHfmi, etc. Microsoft Windows in every automobile? (R 23 05)

SHf Risks of USPS/Microsoft digital signatures for permanent records (R 22 97)

Sf "Openness" in Government: DROS gun-purchase verification system security flaws include ActiveX (R 23 09)

$SH Kalispel casino near Spokane victimized by barcode forgery (R 22 98)

$SH The Future of Surveillance; gas station employees record ATM transactions; Kinko's keystroke loggers; analysis (Bruce Schneier, R 22 96)

$SH Captured logins enabled dumping of losing Cisco stock options onto victims, distributing the losses; SEC filed civil charges (R 22 95); Drexel student charged with securities fraud, using Beast to monitor keystrokes to access TD Waterhouse brokerage account (R 22 96)

SH Discover cancels 60,000 possibly compromised accounts (R 22 97)

$SH Nigerian scam nets $400,000 from Florida man (R 23 04); older folks especially vulnerable to scams (R 23 06)

SHi Bank scam with spaces in trick URL (R 23 03)

SHf Debian project security breach and forensic analysis (R 23 05)

Sf Deadlock in Dell licensing agreement; shrink-wrapped agreement could not be read without first agreeing! (R 22 96)

Shi Detained kidnapper mistakenly freed after April Fool's e-mail (R 23 07)

SH Driver arrested wardriving child porn piggybacked of nearby wireless net (R 23 04)

SH Burger King wireless speaker spoofed: drive-through customer told he/she is too fat to order a Whopper! (R 23 12)

SH New definition of "Fish 'N Chips": microchips implanted in fish break illegal poaching operation (R 23 03)

Sf Coping with buffer overflows, and looking back on Multics, Burroughs/Unisys, VMS (R 23 20,22,24,27)

$Sfm Firms look to limit liability for online security breaches (R 23 26)

SH U.S. Senate security shenanigans: Republican clerk mines Democrat database (R 23 26)

SH Google Bombs influence search order; "unelectable" turns up "Biography of President George W. Bush" (R 23 15; still the case at least two months later)

$SH More risks of word filtering: C. O'Kane (R 23 19); ci*lis in many words such as speci*list, multiraci*alism, soci*lism, commerci*lism, commerci*lise (R 23 20) [Asterisks replaced the letter "a" in RISKS to retard blocking of e-mail and Web versions.]

$SH Scams: Finally! 52 Nigerian e-mail scammers caught (R 23 15); e-mail scam attacks on AT&T Worldnet (R 23 13); More spoofs of PayPal, eBay (R 23 13,15), Postbank (R 23 15); mortgage scams (R 23 20); UK: Vital e-crime evidence often destroyed (R 23 17)

$SH Perfect copies of 4000 credit cards made in Turin restaurant (R 23 19)

SHm Massive ATM fraud on NY Municipal Credit Union after security problems due to 11 Sept attacks; 4000 people took $15M in ATM overdrafts; one person withdrew $18,000 in 54 transactions (R 23 19)

SH BBC reports ATM card-cloning scam in Wales (R 23 26)

Sf Intentionally faulted IT design in support of the cold war (R 23 21,23)

Sf Microsoft withdraws support of Java Virtual Machine (R 23 20,22,23)

SH Raleigh NC school/business closing Web site wide open for misuse (R 23 23)

Si Chris Meadows printed a file at Kinko's, wirelessly; but Kinko's did not have a wireless net! (R 23 16)

*SH Risks of stolen heart monitor with dedicated pacemaker link (R 23 22) and unauthenticated remote reprogrammability (R 23 24)

Sf Roadside camera speeding notice for Peugeot 406 supposedly going 406 mph (R 23 14)

MSHAO Drunk mistakenly unlocks police car with own key, and other cases (R 23.16-18,20); More on garage-door openers (R 23 19,20,22)

SM Air Force Motorola radios jam garage-door openers in FL Panhandle (R 23 39)

$ Theft detection system misfires in cold weather (R 23 17)

$(-?) Smartcards weren't so smart after all, says Target: limited use (R 23 26)

Sf British review: Flaws threaten Voice over IP networks (R 23 21)

$- "The history of IT is littered with companies that lost substantial leads in this fast-changing field. I see no reason why it couldn't happen to countries." (IT forecast from ACM President, Dave Patterson (R 23 87, S 30 4:32)

$S(P) Risks of outsourcing and offshoring (R 23 14)

$de Forrester analysis of white-collar offshoring (R 23 37); GAO analysis of DoD and offshored software: GAO-04-678, 25 May 2004 (R 23 38)

$deP India's outsourcing business in trouble (R 23 42)

S "Special Skills draft" for computer and foreign-language skills (R 23 28)

SH$ Cable-modem hackers conquer the co-ax: Sigma program downloaded over 350 times daily (R 23 18)

S+ P2P legal defense by separation of content and key? Song scrambled, key must be obtained separately (R 23 27)

SHf Swedish social insurance computers disabled by virus, affecting all 9M Swedes (R 23 43)

SP GPS-enabled Coca-Cola promotional cans seen as privacy threat (R 23 44)

S+/-? Toyota music-playing robot and possible spinoffs (R 23 29, PGN April Foolishness); malicious code problem in MIDI instruments/robots (R 23 30)

Sfi Australian News24's not-very-restrictive access restrictions: turning off JavaScript bypasses security (R 23 30-31)

$SHI Time records altered to reduce payroll! (R 23 30)

$SH April Foolproof: AT&T Alerts Consumers About the Latest Scams (R 23 29-30)

$SH Scams: Bank spoofed (R 23 29); Latest Citibank scam and card compromise (R 23 30,32); Net hoaxes snare fools all year (R 23 30);

$SH AOL unveils spam-victim sweepstakes (R 23 29)

SH Who's in charge of the e-mail virus war, and are we losing? (R 23 30,32)

SHH Attacking the attackers: maybe not a good idea (R 23 43-44)

SHi Edison Utility employees rig customer-satisfaction survey (R 23 29)

hi- Wrong number dialed leads to woman's arrest (R 23 29)

Sf More on buffer overflows, iAPX432 (R 23 30-31) +/-? Network Solutions' 100-year domain registrations (R 23 29)

SP Risks in Network Solutions' domain information masking (R 23 31)

SHP AOL worker sold list of 92-million AOL customers to spammer (R 23 43)

SPHI 4.6-million DSL subscribers' subjected to data leakage in Japan (R 23 30-31)

SPfh French authority forbids "DIDTHEYREADIT?" service (R 23 44)

$SP* RFID could cost 4 million jobs by 2007 (R 23 44)

SP Risks in Google's New "Gmail" Service (R 23 31)

SPH Outsourced data on stolen laptop includes SSNs and other data on 95,000 (R 23 38)

SPH Shocking laptop horror stories: UCLA laptop stolen with 145,000 blood donors' data, after earlier laptop stolen with another 62,000 (R 23 43)

SPH Israeli Police losses laptop with critical agents' information (R 23 44)

Sf Queensland researchers find WiFi flaw (R 23 37)

SH UK firms increasingly facing security attacks (R 23 34)

Sf Shamir-Tromer, breaking RSA by acoustic means (R 23 37)

SAO Risks of automatic software updates (R 23 33)

Sf Autorun considered evil (R 23 41-44)

SV Vivendi Automated Copyright Notice System disables Net access for supposed copyright offenders (R 23 34)

Sfi Radar gun follies; Belgian ticketed for driving at Mach 3!!! (R 23 32,33,38); speed camera glitches in Australia (R 23 35,36,38); Automotive "black box" data used in Canadian trial (R 23 34)

SHi Computer glitch gives out free gasoline if driver's license swiped instead of credit card, but drivers traceable (obviously!) (R 23 36)

SHAO At least 20 University supercomputers attacked by vandals (R 23 33)

SHAO Network vandal penetrates South Korean defense systems (R 23 43)

SA Are passwords passé? Scandinavia opting for two-factor authentication (R 23 40)

Sfe, etc. Users, learning from history, social engineering, planning (Gadi Evron); mentions nuclear silo password 00000000 (R 23 40)

SH 'Pirate Act' raises civil rights concerns (R 23 39)

SMi Radiation treatments for cancer set off airport detectors (R 23 33)

Sf? Terror over Voice over Internet Protocol? (R 23 43)

SHf Canadians warn of North American critical infrastructure cybersecurity risks (R 23 57); South Korea vulnerable to cyber attacks from North (R 23 57)

SHf 3/4 of biggest Australian banks vulnerable to Web attacks (R 23 48)

Sef Cahoot Internet banking upgrade security issue (R 23 59)

SHf Virus disables Colorado DMV for nearly a week (R 23 56); Maryland MVA disabled earlier by Blaster (R 23 57)

Sf Trojan horse for handhelds (albeit not self-propagating) (R 23 48)

Sf JPEG/GDIplus security vulnerability (R 23 55)

$SH 36% of the world's software is pirated, costing $29B in lost revenue (R 23 45,46,48)

$SH Pirates see video games before paying customers do (R 23 59)

$SH Music industry on the wrong course with the INDUCE Act (R 23 59)

S Java programs at risk from decompilers (R 23 54); once again, risks of believing in security by obscurity (R 23 55): risks of Nuclear Regulatory Commission lab info on Web? (R 23 58)

S Risks of using open forums for disaster recovery (R 23 52)

Sf Risks of third-party Windows Buffer Overflow Protection Programs (R 23 49)

Sf Buffer Overflow in "I'm Away" feature of AOL Instant Messenger (R 23 49)

Sf More risks of using MS Internet Explorer (R 23 45)

SH Nonexistent would-be fictitious URL used in comic strip springs to life with "questionable content"! (R 23 57)

$SH San Carlos (California) software company sues Mumbai police for not investigating alleged code theft by Indian subsidiary (R 23 56)

Sfhi British Customs and Excise electronic returns for VAT collection; certificates vs passwords; confusion (R 23 56)

SH Sabotage-induced power outage in Wisconsin: bolts removed from 80-foot tower (R 23 56)

*Shi U.K. passport guidelines: You may not smile! (R 23 49,50); Stupid airline security measures (R 23 54)

not-M Airbus and AA/Qualcomm tests show cell phones don't disrupt navigation systems (R 23 54)

$SHf Internet attacks jump significantly in 2004 (R 23 54; S 30 1:11-12)

*SH Tsunami warnings and spam (R 23 65; S 30 2:23-24)

*Shi Screener error not supposed glitch reponsible for scare that evacuated Midway airport (R 23 61; S 30 2:24)

SHP f Flaw in Google's new desktop search program (R 23 63; S 30 2:24)

SP EPIC's New Year's Privacy Resolutions (R 23 64; S 30 2:24)

S- Why adding more security measures may make systems less secure (R 23 63; S 30 2:24-25)

*$SH $1 million theft of telco equipment disrupts 911 service for 7 hours for 25,000 customers (R 23 60)

SH Thieves steal a remote device that allows woman to sleep by switching off an implant in her brain (R 23 65)

S Ars Team Prime Rib finds fourth-largest prime number ever: 28433 * 2^7830457 + 1 (R 23 65)

Shi US has plans for shutting down GPS "during national crisis", with huge seemingly unforeseen consequences (R 23 62,63)

Shi French motorist obeys GPS navigation, makes U-turn into traffic (R 23 62)

$h T-Mobile cripples the Blackberry by disallowing outbound port 90 (R 23 64)

SHf Remote cell phone eavesdropping (R 23 64,65)

SHfi German bank teller machine escapes to command level, plays chess! (R 23 62)

Sf More on new and unpatched Windows flaws (R 23 63)

$SH Wal-Mart stung in $1.5 million scam with bogus bar-codes (R 23 66)

S Cellery worm plays games with victims (R 23 67)

SHAOf Raleigh NC: hacking of live television banner for store closures (R 23 62)

SHP Attack on T-Mobile compromises personal data on 400 customers (R 23 66)

SHAO Carjackers swipe biometric Mercedes, plus Malaysian owner's finger (R 23 83; S 30 3:31)

SHf Mobile phone Cabir virus infiltrates U.S. (23 74; S 30 3:31)

SH Cellery worm plays Tetris with victims, spreads (R 23 67; S 30 3:31-32)

SH (or h)? Michigan highway message board says speed limit 100 mph (R 23 84-85; S 30 3:32)

SH?hi? Some business schools won't admit applicants who sought website on acceptances (R 23 78; S 30 3:32)

Sf An example of vulnerable OS creating havoc in new/unexpected locations: bluetooth-enabled cellphone virus corrupts automobile software (R 23 70; S 30 3:32); more (R 23 72; S 30 3:32-33)

SHAOf Risks of networked homes compromising consumer electronics (R 23 75; S 30 3:35)

$SHAO Risks of unvetted changes of California corporation information (R 23 77; S 30 3:35)

$SHAO Website hijackings, 302 redirects, and security issues ( R 23 78; S 30 3:35-36)

SHf Secret Service Distributed Networking Attack (R 23 83; S 30 3:36)

$SHhifm PITAC Cybersecurity report released: http://www.nitrd.gov/pubs/ (R 23 81)

$SHhifm Discussion of James Fallows' article Risk Analysis and the War on Terrorism (R 23 68)

S(f/m) Essex County NJ Jail locking failure in touchscreen access control system - again (R 23 81)

SH$ Police foil £220M cyberattack on Sumitomo bank (R 23 81)

SH$ VisaBuxx: Risky US Bank Visa product (R 23 81)

Sf `Thief-proof' car key cracked (R 23 69,70)

SHf RSA finds more flaws in RFID (R 23 81)

SH Marketscore proxy service: Man-in-the-middle attack on SSL? (R 23 79)

SHf Users of AOL Instant Messenger and other services beware! (R 23 79)

SHf Why IE is insecure: flawed logical thinking... (R 23 81-83)

SHA Amazon's goofy account identification (R 23 70)

$SH Risks of grocery-store robot scanner a royal pain (R 23 69,75)

Sf High-risk vulnerabilities in Eudora for Windows (R 23 71)

Sf UK gets official virus alert site; potential security problems (R 23 75-77)

SHi International Domain Name (IDN) makes spoofing of URLs easier and hinders identity uniqueness (R 23 71)

Shi Kafka-esque Québec Govt Online PAC ID system makes system use very difficult (R 23 95; S 30 6:)

Sf GAO survey on US e-government security risks: 79-page enumeration of oblivious agencies (R 23 91)

SH$ Big problem: fraud using VoIP (R 23 94); Phil Zimmermann's approach (R 23 95)

Sf When Crypto/Signature Plans Go Wrong: Sony PSP Exploit (R 23 90,92)

Shi Use of encryption declared illegal in Minnesota? (R 23 90,92); NO! (R 23 93)

S(f?) U.K. firm boasts totally "hacker- and thief-proof" biometric ID card system (R 23 92)

SH$ UK Government statistics show Home Office leads in stolen computers (R 23 94)

Sf New Microsoft anti-piracy program circumvented (R 23 95, 24 01)

Sf Wool and Shaked discover method for cracking Bluetooth security (R 23 89)

SH Wide-scale industrial espionage using Trojan horses in Israel (R 23 89)

SH($) "World's biggest computer hacker" arrested in London; attacked Pentagon and NASA "secure" systems! (R 23 89)

$SHO Asian hackers blamed for attacks on U.K., U.S. computer networks (R 23 91)

SHAOf Breach tracking by Adam Shostack (R 23 92)

SHf Rumplestiltskin worm (R 23 88,89,92)

Sfhi Challenge/response e-mail filtering failure modes (R 23 89,90)

..... End of recent yet-to-be-merged security items ..... Security flaws:

*SHAf Many known security flaws in computer operating systems and application programs. Discovery of new flaws running ahead of their elimination. Flaws include problems with passwords, superuser facilities, networking, reprogrammable workstations, inadequate or spoofable audit trails, ease of perpetrating viruses and Trojan horses, improper handling of line breaks, etc. Lots of internal fraud and external penetrations.

rfhie$ U.S. House Panel Slams Federal IT Security; attacks quintuple from 2002 to 2003 (R 23 28)

f Stanford sendmail buffer overflows saturated systems (S 15 1)

Sf Security flaw (buffer overflow) in popular e-mail programs and the programming language implications (R 19 90-93)

Sf More on buffer overflows: CERT Advisories (S 24 3:27, R 20 21) Note: Steve Bellovin remarks that 8 out the 13 CERT Security Advisories for 1999 involved buffer overflows!

Sf Extensive discussion of buffer overflows, causes, methods of prevention, etc. (S 27 2:7-11; R 21 83-86 plus an excellent analysis and response to further comments, by Earl Boebert (S 27 3:13, R 21 87,89)

Sf More on eliminating buffer overflows: OpenBSD (R 22 71,72,74,75)

fi Student mistaking list for scalar causes truncated Web info, brings police (S 26 4:7, R 21 27)

Sf Ross Anderson et al. responded to MobilCom challenge (R 18 45) to hack GSM for 100,000 DMarks, found flaw, but discovered the offer had been withdrawn. (R 19 48)

Sf Argus' PitBull £35,000 hacking challenge cracked in 24 hours (R 21 36)

Sf SDMI Secure Digital Music protocol challenge cracked; RIAA threatened to sue Princeton prof Ed Felten's team if the results were published; the paper presentation was withdrawn (R 21 37,39)

f GSM phones recalled for software upgrade (R 19 27,30)

@Sf Crypto-based security in 90 million GSM phones cracked by Silicon Valley "cypherpunks" (R 19 67) $SHf CERT Advisory, IP spoofing attacks, hijacked terminal connections; Robert T. Morris, Tsutomu Shimomura, John Markoff, Kevin Mitnick (S 20 2:13)

S Security flaw in NCSA httpd phf (R 18 69,70); CERN httpd (R 18 71)

S Sun's Hot Java executes its code on your Web browser (S 20 3:9)

Sf Netscape had a rough time securitywise: 40-bit crypto breakable, random number generator crypt seed breakable, bounds-check flaw (S 20 5:13)

SO More risks of allegedly random numbers: spoofability (R 18 89)

S Andrew Twyman reduces cost of cracking Netscape's 40-bit crypto to $584 (from $10K) (S 21 4:18, SAC 14 3, R 17 65)

S Risks of Trojan horses with HotJava and Word (R 17 39-41,43,45,46,52); see particularly Marianne Mueller in (R 17 45)

Sf More browser/server security problems in Java/JavaScript/Netscape (S 21 4:18, SAC 14 3): Dean, Felten & Wallach, Princeton, in (R 17 77); others (R 17 65,66,77,79,80,83-91,93-95, R 18 01,02); Abplanalp and Goldstein (R 18 06); David Hopwood (R 18 08), including a summary of Java-related bugs, with a pointer to John LoVerso's JavaScript bug list (R 18 08); further problems were reported in Java and JavaScript (R 18 09), in Netscape 2.02 (R 18 13,14), and again in Java (Hopwood, R 18 18). Princeton team finds Java security bugs in Microsoft Internet Explorer 3.0beta3 and Netscape Navigator 3.0beta5 (R 18 32); More on Java security (Mueller, R 18 50); Flaws in and Microsoft's warning on Internet Explorer 3.0 (R 18 36,38); ActiveX security risks (R 18 69)

Sf More Java woes: Princeton team finds new flaw in Java ClassLoader that disables security controls in Netscape Navigator 4.0x (S 23 5:27, R 19 86)

- Appropriateness of Confutatis Maledictis in MSIE advertisment? (R 19 23)

VSf Land Attack (land.c) denial of service on TCP implementations; Microsoft implications; also see BUGTRAQ (R 19 48,49)

f Microsoft Office 97 e-mail gives sight to blind copies (R 19 08)

Sf Ruminations on MS security (S 23 4:24)

SH Enumeration of over 100 holes in Windows NT (R 19 65)

f Incompatibility between Cisco 5000 routers and Windows XP beta shuts down Xerox corporate network, draws ban on XP betas (R 21 37)

f Another privacy bug in Netscape Navigator 2.0 (S 22 4:31, R 18 74)

SP More on risks in Netscape browsing histories (R 18 79)

SOf Netscape flaw allows reading of entire hard drive (R 19 22,23)

SAf Netscape Communicator 4.01 for Windows 95/NT risks include forgeable digital signatures (R 19 30)

Sf Netscape Communicator 4.02 and 4.01a allow disclosure of passwords (R 19 34)

$Sf Risks in Secure Electronic Transaction (SET) protocol (R 19 31-36,48)

SHP Security hole in Shockwave Web browser exposes e-mail (R 18 91)

Sf More on Java security (R 18 77,79,87); Another Java security flaw (R 19 11)

f Discussion of local classes in Java, flaw and fix (R 19 41,42)

Sf Good Java security vs good network security (R 18 61)

S More on Java performance (R 19 77) and applet security (R 19 78-79,81); vendors unite against bad applets (R 19 84), but Li Gong reminds us of the pervasiveness of mobile-code risks: CD-ROM, zip drive, Lisp code, Java applet, Word document, agent software, browser plugin, postscript file, removable storage, ActiveX components, articles posted to newsgroups, any number of scripting languages, attached e-mail components (MIME), floppy disk (demo disks you receive in the post), someone over the phone asking you to run a program, ... (the list goes on and on) (R 19 85)

f Security hole reported in Java 2 (JDK 1.2) (R 20 30), fixed in JDK 1.2.1

Sf Security problems in ActiveX, Internet Explorer, Authenticode (R 18 80-86,88-89); in particular, see detailed comments from Bob Atkinson (R 18 85) and subsequent responses (R 18 86-89); Paul Greene at Worcester Poly finds IE flaw (R 18 85); EliaShim notes two more IE flaws (R 18 88); Another ActiveX flaw (R 19 06,09)

i ActiveX controls - You just can't say no! (S 23 3:26, R 19 55)

SOf Internet Explorer runs arbitrary code: MIME type overridden (R 19 14)

Se Misleading Internet Explorer security patch (S 26 4:8, R 21 35)

Sf IE security bug with Active Scripting (R 20 80)

SOf More on Web browser risks (R 19 18)

Sf More on NT security (R 18 82,84,86-88); Another Windows NT security flaw (R 19 02)

Sf NT passwords bypassable by overwriting hashed password (R 18 62)

Sf Making good ActiveX controls do bad things (R 18 61); more risks (R 18 62)

Sf Chaos Computer Club demonstrates ActiveX/Quicken flaw on TV (R 18 80,81)

SHO Beware of offer of remote ActiveX-enabled antivirus scanner (R 19 30)

Se Microsoft Java/COM integration support does automatic upgrades (R 18 64)

@SP Discussion of security and privacy implications of "cookies" (squirreled information in browsers) (R 18 19,20, 63,65,67,68,70,72,78,79,88,92); residues in Internet Explorer 3 (R 18 68);

Seh Over 10,000 sites running nonsecure versions of NCSA Web server (S 21 4:17, SAC 14 3)

Sf SATAN anticracker software; discussion; version 1 flaw (S 20 3:12)(SAC 13 3)

Sf Master password generation algorithm uses program bug in LOGIN (S 12 3)

Sf Flaw in Sun 386i - argument that bypassed authentication (S 14 5)

Sf DEC/Ultrix 3.0 breakins using tftpd, weak passwords, and known flaws (S 15 1)

Sf SunOS 4.0.x rcp problem, exploiting /etc/hosts.equiv , /.rhosts (S 15 1)

Sf Password Snatching? RS-232 data tap advertised for $29.95 (S 12 3)

S Flaws in Kerberos version 4 and 5 (S 21 4:17 SAC 14 3, CERT Advisory CA-96.03)

Sf Security hole in SSH 1.2.0 permits remote masquerading (R 17 66,68, SAC 14 3)

Sf Trojan horsing electronic countermeasures? Def.Electr. Oct 89 (S 15 1)

SH Risks of infrared-reprogrammable parking meters (S 15 5)

Sf Risks from using laptops with cellular phones (S 15 5)

SHf Justice Department computers vulnerable remotely (S 15 5) @ $S GAO finds computer security at stock exchanges vulnerable (S 15 2)

S PRODIGY security and integrity problems discussed (S 15 2)

Sf CTSS raw password file distributed as message-of-the-day; editor temporary file name confusion. See Morris and Thompson, CACM 22, 11, Nov 1979. (S 15 2) Also FJCorbató, 1991 Turing Award Lecture, CACM 34, 9, 1991, pp. 73-90.

SPf Bad pointer dumps encrypted passwords as message-of-the-day (R 17 44)

SH Dictionary-based password cracking (Morris-Thompson) happening (S 15 2)

$Sh NZ Kiwinet posts new default password (S 16 4)

$Sf RISC architectures crashable from user mode (S 15 5)

Sf SunOS SPARC integer division grants root privileges divide&conquer (S 16 4)

S Hitachi's dynamic microcode download facility (S 16 2)

S Root console spoofable by function-key remote reprogramming (S 16 4)

S Security breach in UK Government Whitehall computer (S 17 2)

SH Crackers of Boeing and Seattle US District Court fined $30K (S 18 4:9)

f FAX in send mode receives someone else's FAX instead (S 19 2:3)

i Wrong fax code sends antiQuebec message to French-language papers (S 19 3:9)

SP IRS checks mailed with visible SSNs and amounts in 1994 (S 19 4:10); City of Detroit MI did the same 400,000 tax forms in 2002 (R 21 91); new law will prohibit federal agencies from doing so, effective 2004 (R 21 92)

SP Lexis-Nexis P-Trak database includes unselectable SSNs (R 18 43-45,47-49)

Sf Univ. California computerized retirement system flaw (S 21 4:17, SAC 14 3)

SAf Authentication in Lotus Notes has security flaws (S 20 3:9, R-17.10)

Sh? Randal Schwartz finds security flaws in Intel, convicted (R 17 23,28)

Sf More on Windows security bugs (R 17 62)

Sf Windows 95 security hole: file names beginning with extended-ASCII 229 (S 21 4:17, SAC 14 3)

f File name bug in Windows 95 (S 21 5:18)

i File name problems in Unix (R 21 80,82)

Sf Win 95 Microsoft TCP/IP flaw freezes system (R 19 26)

i Risk of renaming a Windows 95 computer on a network (R 19 56)

i Windows 95 renaming problem (R 19 66)

f Warning! NT 4.0 utility wipes system configuration (R 18 49)

f Windows NT 4 corrupting filespace and deleting directories (R 19 63)

Sf Password unsecurity in NT cc:Mail release 8 (R 19 37)

Vmf Massive NT outage due to registry corruption (R 19 60)

f Bug in DoD Common Operating Environment screen-lock consumes resources (R 19 42); NT screen savers also risky (R 19 43)

$f Reliability of NT in embedded applications (R 20 41)

f Microsoft Word footnote problems irks federal appeals court: Word does not count words correctly (R 20 52)

i Risks related to Ctl-Alt-Del (R 19 28,29,31,32)

Sf Paper by Avi Rubin on Microsoft Passport flaw (R 20 85)

Sf Bug in Microsoft Word 6.0, 6.0a releases unintended info (S 20 1:19)

Sf More on Microsoft WORD macro security problems (R 18 70-72,75-77,79-89)

Sf Microsoft again distributes a Word Macro Virus: WAZZU.A (R 18 53)

Sff Microsoft vulnerabilities, publicity, and virus-based fixes (good analysis by Bruce Schneier, R 21 01)

Sf Microsoft Windows Update Corporate Web site "features more than 1,000 system updates and drivers for the Windows 2000 platform"!!! (R 21 04)

(f=feature)i Microsoft Word file holds two separate texts (R 20 40,45; MS response R 20 43); more on hidden old edits (R 21 45)

(f=feature)i Office XP modifies what you type, changes links to point to MS sites, overrides corrections, without notification; you'd better read these items if you use Office XP! (R 21 42,43,45,46,48); Smart Tags in WinXP (R 21 46) later killed by MS (R 21 51); Comments on XP = smiley face = chi-rho = Cairo monogram (R 21 44, 46,48,51)

f Uncleared disk space visible: MS Visual C++ or operating system problem? (R 21 50,51)

$ Insurer considers NT high-risk (R 21 44,45)

Sf,e,H,$,etc. More Microsoft problems and security flaws: Win32 API (R 22 19); Klez (R 22 20-21) and BugBear (R 22 29,31-32); OFfice/IE risks (R 22 22); Internet banking and e-commerce risks (R 22 22); certificate validation flaw (R 22 23); MS recommends preventive measures: eliminate blank or weak administrator passwords, disable guest accounts, run up-to-date antivirus software, use firewalls to protect internal servers, and stay up to date on all security patches (R 22 24,26); Microsoft EULA asks for root rights - again (R 22 19); risks of chaining substitutions in Outlook (R 22 30-31); more on risks of automated updates (R 22 29,31); MS says 1% of bugs cause half of software errors (R 22 29); UC Santa Barbara bans Win/2K (R 22 31); King's College, London, bans Unix/Linux on their network (R 22 32); switch-from-Mac-to-MS ad bogus (R 22 31); more on Windows daylight savings cutover, including a dual boot problem (R 22 34-35, previously noted in R 18 3, 18 96, 19 6, 19 11-12, 19 64); Windows quietly deletes Unix files (R 22 40); nine related Internet Explorer flaws reportedly leave systems vulnerable (R 22 32); Transportation Security Administration Word password protection easily compromised (R 22 45)

Se Microsoft Hotfix erroneously undoes previous Hotfix (R 21 24); other fix files on MS Web sites infected with FunLove virus (R 21 37)

Sf Bogus Microsoft Corporation digital certificates from Verisign (R 21 29,32,34); problem with revocation lists (R 21 30,32)

Sf UK Government Gateway certificates block non-MS browsers (R 21 44); same system used for UK's agriculture department MAFF (R 21 45)

SH Windows XP vulnerable (R 21 45,46,48); Release Candidate 2 has driver block preventing some programs from running, because vendors write bad code! (R 21 57,58); more Outlook security problems (R 21 46)

Sf Freeware Password Recovery recovers Windows lost passwords saved in IE (R 21 56,59)

Sf Microsoft Reader e-books broken (R 21 64)

Shf Microsoft's PGP keys don't verify for several months, so MS security bulletins look forged! (R 21 56); WindowsUpdate Service Pack 2 for IE have questionable certificates as well (R 21 63)

SHA Bogus letter-writing campaign opposing Microsoft anti-trust actions includes mail from dead people (R 21 63)

fi Microsoft SMB protocol: Risks of undocumented `standards' (R 21 69)

i- MS Front Page 2002 license agreement forbids use on disparaging sites (R 21 68)

SP Security and privacy risks of Microsoft Hailstorm/Passport and Project Liberty alternative (R 21 70,72)

Sf Windows XP accounts default to administrator with no password (R 21 76,78)

Sf Remote tricking of users with Outlook XP with X-Message-Flag (R 21 76)

Sf Windows XP hacked in hours, black-market copies shortly thereafter (R 21 76)

-(S) Despite Connecticut's MS monopoly case stance, CT Attorney General's Web site requires JavaSoft to browse (R 21 80)

Sf Microsoft IE Javascript cookie disclosure vulnerability (R 21 76)

Sf "Beale Screamer" cracks Microsoft anti-piracy software (R 21 71)

SA Microsoft using predictable passwords for Passport (S 27 2:18, R 21 88)

Sf Microsoft C++ feature against buffer overflows is itself vulnerable (R 21 91)

*Sfff? Windows NT html products basis for Interim Brigade Combat Force (R 21 94) Windows CE palmtops to be used to direct air strikes (R 21 94);

SOf Security flaw in Microsoft Office for Macs leaves OS wide open via HTML feature (R 22 04)

SHf W32/KLEZ.H polymorphic MS Outlook e-mail virus (R 22 05-08,10); and after-effects - bogus mail, spoofing, mail loops, etc. (R 22 11)

Shf Microsoft invokes national security in not sharing information on MSMQ protocol, Windows File Protection API, anti-piracy and digital rights management; also, "some Microsoft code was so flawed it could not be safely disclosed." (R 22 13); more on MS's secret plan to secure the PC, Palladium, viruses, etc. (Peter da Silva, R 22 14; Cringely, Mellor on Palladium, R 22 15)

Sf MSNTV WebTV virus dials 911 (R 22 17)

Shf Microsoft sends Nimda worm to South Korean developers in Visual Studio .Net software (R 22 13-14)

SPfh Tower Records reports customer information "leak" from Windows Active Server Page (R 22 43)

SP FTC/Microsoft settlement: Passport violates its own user-ID privacy policy (R 22 19)

Sf Macro virus lists from Klaus Brunnstein, ftp://agn-www.informatik.uni-hamburg.de/pub/texts/macro/ and ftp.informatik.uni-hamburg.de/pub/virus/macro/macrolst.* (R 19 24)

S+ After October 1997 Macro Virus contamination and Eligible Receiver demonstration of significant vulnerabilities, NASA requested DoD to attempt penetration exercises (R 19 74)

Sf New Word macro virus WM/PolyPoster posts Word documents to 23 Usenet newsgroups (R 19 85)

$SHO Chernobyl CIH virus hits on 13th anniversary, attacks Windows 95/98; damage reportedly worst outside U.S., especially South Korea (R 20 34) and Sri Lanka, with usual rumors that it was created by an anti-virus supplier (R 20 37)

Sf OS/2 Warp TCP/IP misfeature (S 21 5:19)

SHA Another risk of reusable passwords: sharing them to avoid Web fees (R 18 85)

@SHI Dutch electronic-banking direct-debit scandal: Friesian church minister discovers surprise privileges (R 18 81)

Sf Security flaw found in Alcatel's high-speed modems (R 21 35)

..... Penetrations and misuse by "nonauthorized" personnel:

!SH China executes hacker for embezzling £122,000 (S 18 3:A12)

SPH British Telecom's Prestel Information Service - demonstration for a reporter read Prince Philip's demo mailbox and altered a financial market database [London Daily Mail 2Nov1984] (S 10 1) Break-in being prosecuted (1st such prosecution in Britain) (S 11 3) Conviction reversed by Appeal Court and House of Lords (S 13 3)

SHAfe W.German crackers plant Trojan horses, attack NASA systems, exploit flaws in new OS release (S 12 4, 13 1); perpetrator arrested in Paris (S 13 2). See also (R 08 36,37 [response from `pengo'],38).

$SHAOf Lawrence Berkeley Lab computer break-ins by Markus Hess; Stoll planted phony computer file; file requested (S 13 3, Cliff Stoll, CACM May 1988); see Cliff Stoll, `The Cuckoo's Egg: Tracking a Spy ...', Doubleday 1989. Hess and others accused of KGB computer espionage (S 14 2); Three of the Wily Hackers indicted on espionage charges (S 14 6), `mild' convictions on espionage, not `hacker' attacks [15Feb1990] (S 15 2)

S Report from the Chaos Computer Club Congress '88 (S 14 2)

SHf Hacker enters Lawrence Livermore computers (S 14 1)

SH South German hackers hack TV German Post dial-in poll (S 14 6)

SH Discussion of Dutch Intruders breaking in to U.S. systems (S 16 3)

SH Dutch Hackers H.W., R.N. arrested; reportage from Rop Gonggrijp (S 17 2)

SH First Dutch computer hacker arrested under new Dutch Law (S 18 3:A12)

$SH Kevin Poulsen (Dark Dante) arrested (S 16 3); accused of rigging radio contests by phone hacking (S 18 3:A13) tapes, other evidence seized from locker ruled inadmissible (S 19 2:9); espionage charges dropped; Poulson pleads guilty to other charges (S 21 2:20)

$SH Leonard Rose (Terminus) guilty of unauthorized possession of UNIX source and distributing access-capturing Trojan horses (S 16 3)

$SHA 5 NY Master of Disaster hackers' Federal 11-count indictment (computer tampering/fraud, wire fraud, wiretapping, conspiracy; phones, computers, credit) (S 17 4); Phiber Optik (Mark Abene) sentenced to 1 year + for conspiracy, wire fraud (S 19 1:8)

S? Feds arrest hackers nationwide in Operation Sun Devil; Steve Jackson Games investigated for cyberpunk fantasy game rules (S 15 3); Secret Service rebuked for Steve Jackson Games investigation (S 18 3:A8)

$SH "Sun Devil" indictments: "Doc Savage" arrested for tel/credit fraud (S 16 3)

$SH FtWorth programmer Donald Gene Burleson plants time-bomb, deletes 168,000 brokerage records; convicted, fined (S 13 3, 13 4)

SH University of Surrey hacker arrested ... and released; Edward Austin Singh penetrated 200 systems (S 14 1)

SH UK "Mad Hacker" (Nicholas Whiteley) goes to jail (S 15 5); appeal fails (S 16 2); new British Computer Misuse Act (S 15 5)

SH Intruder hacks into Cambridge University systems (R 18 09-10)

SH UK hacker "Datastream" finally arrested (S 20 2:13)

SH Hackers break into Macedonian Foreign Ministry phones (S 23 3:24, R 19 46)

SH R.G. Wittman accused of felonies in hacking NASA computers (S 17 1); sentenced to 3-year probation, mental health treatment (S 17 3)

$SH 2 Norwegians fined for fraud; telephone fraud, browsing ignored (S 19 1:8)

@SH$ Russian hacker Vladimir Levin breaks Citibank security (S 20 5:13, R 17 27-29,61); Levin pleads guilty (R 17 61), sentenced to 3 years, with $240,015 restitution; 4 accomplices previously pleaded guilty (R 19 61)

SHOA 3 Croatian teenagers cracked Pentagon Internet systems. Classified files allegedly stolen (?). Zagreb Daily suggests damaging programs could cost up to $.5M (?) (R 18 84)

SH Pentagon computers hacked ("most organized and systematic" according to John Hamre); Cloverdale high-school kid blamed (R 19 60); in blaming "hackers", DoD seems to be oblivious to its own bad security

SPH Carlos Salgado Jr. pleads guilty, max up to 30 years, $1M fines (R 19 34)

SH Wendell Dingus sentenced to 6 mos home monitoring for cracking USAF and NASA computers from Vanderbilt U. (R 19 35,36)

SH Former IRS employee indicted for fraud, illegal browsing (S 20 5:13)

SH* NY Police Department phone system cracked (S 21 5:19)

SH British man (Black Baron) convicted as malicious virus writer (S 20 5:14)

S Cancelbot derails online promo (WSJ via Edupage 20 Dec 1994) (S 20 2:11)

$SH Criminal hacker arrested in Winnipeg (S 20 2:12)

SH 16-year-old boy cracks university computer security (S 21 2:20)

@SH DMV security code breached at hospital in New Haven (R 18 28)

@SH AIDS database compromised in Pinellas County, FL (R 18 48,53)

SH Geraldo show demonstrates how to break into tracer.army.mil (S 17 1)

SHA Milwaukee 414s broke into many computers (some with guessable passwords)

SHAO Australians use dictionary attack on various U.S. computer systems (S 15 2)

$SPH Thieves ransack 55 government computers in Australia (R 18 14)

SH St. Louis teenager Christopher Schanot arrested for computer fraud (R 18 01)

SPH Two convicted: 1,700 Tower Record credit-card numbers offloaded (R 18 02)

$SH U.Texas Dean's conferred password used to misappropriate $16,200 (S 17 3)

S References to CERT memo and Dave Curry article on countermeasures (S 15 3)

fH Fudging a poll on program(med) trading? (S 15 1)

SH USAF satellite positioning system, others cracked by 14-yr-old (S 14 6)

Sf Sony satellite dishes remotely reprogrammable? (R 17 33)

SH CerGro voice-mail hacked, mailboxes used for illicit purposes (S 13 4)

SP Olympics e-mail misuses affect Tonya Harding and Cathy Turner (S 19 3:10)

$SP Barclays credit system voice-mail hack gives sensitive info (S 18 1:20)

SH Voice-mail phreaking alters recorded message (S 19 3:10)

@$SH AT&T computer break-ins (Herbert Zinn) (S 12 4)

@$SH Pac*Bell System computer attacker Kevin Mitnick arrested (S 14 1); arrested again after hi-tech tracking (S 20 3:12)(SAC 13 3)

SHAO Computer crackers arrested in Pittsburgh, West Coast (S 12 4)

SH Argentine Hacker encounters computer wiretap (S 21 4:17, SAC 14 3)

$SH Computer intrusion network in Detroit (Lynn Doucett) (S 14 5)

$SH Fired computer engineer caught downloading proprietary software (S 13 2)

*SH Ex-employee arrested in file theft via Internet (S 19 3:10)

$SHI Two Lucent scientists charged with selling PathStar Access Server software to Chinese firm (R 21 38)

$S MIT student arrested for running BBS used for pirate software (S 19 3:11)

$H Australian hackers face jail or fines (S 13 2)

$SH Australian intruder fined $750 for copying programs (trespass) (S 15 3)

$SH Aussie Cracker charged with phone fraud, accessed US computers (S 16 4)

*SH Australian computer hacker jailed for two years; caused release of thousands of liters of raw sewage on Queensland coast (S 27 1:14, R 21 74)

$SH Phone cracker tried for Palomar Hospital felony wiretap/eavesdrop (S 17 2)

*SHAO Hospital intruder captures password, alters drug protocol (S 19 3:10)

*SH Tampered heart monitors, simulating failure to get human organs (S 19 2:5)

SH 16yr-old Brit (Jamie Moulding) tried to sell cracked MoD files (S 16 4)

$SPH Brit. Min. of Defense computers penetrated by 8LGM; 3 arrested (S 18 3:A9), hacked into NASA, ITN's Oracle, ... 2 given 6-month sentences (S 18 3:A12)

SH TV editor raids rival's computer files (S 14 2)

SH Fox TV computers hacked, access to news stories in progress (S 15 3)

$SH TRW Credit information bureau breakins - one involved gaining information on Richard Sandza (Newsweek reporter who wrote "anti-hacker" articles) and running up $1100 in charges (S 10 1)

$SH 14-yr-old cracks TRW Credit, orders $11,000 in merchandise (S 15 1)

$S 12-yr-old boy arrested for tapping TRW credit files (S 15 3)

$SH Risks of unauthorized access to TRW credit database (S 15 3)

$SHAO U.S. Reps Zschau, McCain computers penetrated, mailings affected (S 11 2)

VSH/h? Ross Perot's computers lose 17K names; intruder or inadvertence? (S 17 4)

SPHA NJ Republican staffer breaks into Democrats' computer (S 16 1)

SHAO Bogus e-mail says Dartmouth prof cancels exam; 1/2 noshows (S 19 4:12)

SHAO Grade-changing prank at Stanford (around 1960) (S 8 5)

SHAO More class grade changes: Alaska, Columbia U., U. Georgia (S 16 3); Berkeley High School, despite requiring two passwords! (R 20 92)

S Remote student tests by push-button phone; Psych 519, Gov's State (S 16 1)

$SH Southwestern Bell computer penetrated: free long-distance calls (S 11 3)

$SPH British Airways dirty tricks tapping into Virgin Air data (S 18 2:15)

$SH Bloodstock Research thoroughbred genealogy computer system break-in

SHf Systematic breakins of Stanford UNIXes via network software (S 11 5) Brian Reid, "Lessons from the UNIX Breakins at Stanford", pp 29-35, Oct 1986

SHAO UK's MI5 phone recruitment hotline spoofed by KGB impersonator (R 19 20)

SH Masquerader acts as Liz Taylor's publicist, hacks answering machine (S 15 5)

$S Laser printer counterfeiting and new US legislation (S 15 5)

SH Free Software Foundation trashed, added passwords for integrity (S 16 4)

$SH Remote-control automobile locks opened by signal replay attacks (S 18 4:7)

$SH GM charged VW with industrial espionage (S 18 4:8); settlement eventually reached: VW agreed to pay GM $100M and buy $1B in parts over 7 years [Wall Street Journal, 10Jan1997, A3]

SPf Risks of presumed anonymity in tar files, e-mail (S 18 4:10)

@$SH Foiled counterfeiting of 7,700 ATM cards using codes in database (S 14 2)

@*H Prison escapes via computer manipulation (S 10 1, 12 4)

@*$H Masquerading spoof of air-traffic control comm altered courses (S 12 1)

SH Dan Farmer's security survey [2Jan1997] catalogs attacks on government sites, banks, credit unions, etc. See http://www.infowar.com. (R 18 74)

$SH 1994 UK National Audit Office report on computer misuse in government: 140% increase; 655 cases, 111 successful; £1.5M defrauded; misuse; 350% increase in viruses; 433 computer thefts, worth £1.2M (S 20 3:11)

$SHO Computer breakins cost businesses estimated $800 million worldwide in 1995 (R 19 47)

SHOA Stanford Linear Accelerator Center (SLAC) computer system penetrated 2 Jun 1998 using LAN sniffers (R 19 80-81)

SHOA Canadian charged with breaking into U.S. government computer (R 19 74)

SHOA Woman cracker gets five-month prison sentence for deleting info from Coast Guard personnel database (R 19 84)

SHO Milw0rm crackers penetrated India's Bhadha Atomic Research Center (BARC), copied 5MB, relating to India's nuclear research, altered BARC Web site, deleted files, in protest of nuclear testing (R 19 78)

SHf Critical mass or critical mess at Los Alamos? Lax security (S 23 4:21)

SH Jonathan James (cOmrade) sentenced to six months detention for having penetrated DoD and NASA computer systems, intercepting 3,300 e-mail messages and stealing passwords when he was 15 (R 21 06; S 26 1:27)

SH Jason Diekman, 20, charged with cracking into university computers and NASA, stealing hundreds of credit-card numbers to buy thousands of dollars of clothing, stereo equipment, and computer hardware (R 21 06; S 26 1:27-28)

SHOA Raymond Toricelli charged with breaking into NASA computers, capturing passwords, running porn ads (R 20 95)

..... Web site hacks and risks:

VSH Justice Department's Web site is infiltrated (S 22 1:21, R 18 35)

VSH CIA disconnects home page after Web site hacked (S 22 1:21-22)

VSHAO Air Force Web page hacked (S 22 2:23, R 18 64)

VSHOA NASA's Web site http://www.nasa.gov hacked on 4 Mar 1997 (S 22 2:23, R 18 88)

VSHf Three Army Web sites hacked (S 23 4:24, R 19 63)

VSHf Hackers claim major U.S. defense system cracked (S 23 4:24)

f Art Money (when nominee-to-be for U.S. AsstSecDef) was quoted in Federal Computer Week at an AFCEA meeting as saying that hackers had changed troops' blood types on a DoD Web site, reportedly causing DoD to revisit what info to put on its Web pages (R 19 97); however, the following issue of FCW said that no such attack had occurred, although the possible scenario had been identified by a red-team exercise (R 20 02)

VSHOA National Collegiate Athletic Association (NCAA) Web site hacked, racial slurs posted; 14-year-old high school freshman? (R 18 90)

VSHOA ACLU's AOL Web site cracked (R 19 77,81); further notes on AOL security (R 19 87)

VSHAO NY Times Web site attacked in support of Kevin Mitnick, and suggestions of what could have been worse in insidious misinformation (R 19 96)

VSHAO Lost World Web site hacked into Duck World: Jurassic Pond (R 19 20,21)

VSAO Swedish meat packer Web site penetrated and replaced (R 19 14)

SHAO Swedish 16-year-old arrested 3 hours after Web attack on Swedish National Board of Health and Welfare; discussion by Ulf Lindqvist (R 20 87)

SH Teenage hacker Raphael Gray arrested in Wales, hacked 9 e-commerce sites, stole Gates' credit-card info (R 20 87)

SHAO Man (Max Vision) indicted for vandalizing NASA, Argonne, Brookhaven, Marshall Space Center, DoD computers (R 20 87)

SH National Hockey League Web site denial of service attack: down over 5 days, due to lack of admin expertise (R 20 89)

V$SH Many New Zealand IHug Web sites wiped out by cracker (R 20 09)

SH Internet vandals Trojan-horse USIA Web site (R 20 18)

VSHf Hackers take down FBI and Senate Internet sites, 27 May 1999 (retaliation for Zyklon?), Dept of Interior and Govt facility at Idaho Falls hit on 31 May 1999 (R 20 43); Crackers do for U.S. gov't what critical infrastructure report couldn't (R 20 43); US GAO report found serious security gaps in 24 agencies' systems (S 26 4:7, R 21 36)

VS Critical infrastructure DCS/SCADA security: dependence on the Internet! (S 27 6:6, R 22 14)

Sf EPA Web site shut down in response to Congressman's threat to divulge vulnerabilities (S 25 3:20, R 20 79-80); GAO says EPA's computer security is "riddled" with weaknesses (R 21 02; S 26 1:28)

SHOA George W. Bush's campaign Web site hacked, photo replaced (R 20 64)

SHAO Gallup Web site hacked just before primary election (S 25 3:21-22, R 20 83)

SH Zyklon admits attacks on NATO, USIA, Gore Web pages (R 20 58)

SH Japanese Government Web sites hacked: Science and Technology Agency penetrated, census info erased (R 20 77)

SHAO OPEC Web site hacked protesting oil prices (R 21 05)

S Risks of Web sites from computer fraud (R 19 44)

Sf Air Force thinks push-pull technology (e.g., Web browsers, PointCast) too risky (R 19 57); added risks from Netscape or anyone else giving away source code? (R 19 57-59)

SHPA Federal Web sites lack privacy safeguards (S 23 1:13, R 19 35)

$H Fake Web page cause 20% stock surge and then retreat in PairGain (R 20 30)

SHO Western Union Web site hacked, with info on 10,000 customers' cards (R 21 04; S 26 1:28)

..... Trap-doors, Trojan Horses, logic bombs, worms, viruses:

$$SHhf Internet worm attack 2-3 Nov 1988 on BSD-derived Unix systems, an intended constructive experiment that went awry (editor's discussion on software engineering implications; exploitations of sendmail debug option, finger, .rhosts, some dictionary-attacked encrypted passwords; references to detailed reports by Spafford, Seeley, Eichin/Rochlis) (S 14 1); Robert Tappan Morris indicted on felony count (S 14 6) Jury declares Morris guilty, Jan 1990; motions, sentencing pending (S 15 2) RTM sentencing and some implications (S 15 3); appeal fails (S 16 2)

$SHI Taco Bell register reprogrammed to redirect funds (S 22 4:31, R 18 76)

SH Unauthorized Internet activity; TELNET Trojan horsed (S 14 6)

SH New rash of Internet break-ins with Trojan-horsed net software (S 19 2:5)

SHA Another Trojan-horse bogus cash dispenser in Finland (R 20 03)

SH Trojan Horse infests 15,000 Internet Relay chat users with Back Orifice (R 20 03)

SH CERT alert: Trojan horse planted in TCP wrapper acquired by at least 52 sites (R 20 18)

Sf html e-mail or Web page can launches Excel Trojan horses (R 20 15)

SH Discussion of write-protectable hard drives as one way to defend against Trojan horses (R 20 21-22,24)

SH Two Penn State Hackers arrested, service theft, etc. (S 15 2)

SH C compiler Trojan horse for UNIX trapdoor (Ken Thompson, "Reflections on Trusting Trust", 1983 Turing Award Lecture, CACM, 27, 8, August 1984)

SH? Rhode Island "disgruntled employee" arrested for "e-mail virus" (R 18 50)

$SH PC Graphics program Trojan horse (ArfArf) wiped out users' files (S 10 5)

SH PC-Prankster Trojan horse on PCs (S 12 4)

SH Another Trojan horse trashes DOS - NOTROJ (S 11 5)

SH Trojan turkey program deletes files (S 13 3)

Sf Microsoft Network e-mail binaries can contain executables (R 17 31,32,33)

SHOA Microsoft Network (MSN) fraudulent e-mail credit-theft risks (R 19 08)

VS AOL alerts users to e-mail Trojan Horse that crashes hard drives (S 21 2:20)

S Intel CD-ROM hoses hard drives (S 21 2:20)

*SH Software time-bomb inserted by unhappy programmer (extortion?) (10 3:15)

*SH Los Angeles Water&Power computer system software time-bomb (S 10 3:15-16)

$S Booby-trapped contracted software "destroys data"; unpaid blackmail? (S 15 3)

SH Lauffenberger convicted of logic bombing GD's Atlas rocket DB (S 17 1)

SH NY law consultant plants logic bomb (claim 56789), seeks repair job (S 17 4)

H Man accused of Trojan horsing his ex-wife's computer (S 18 2:4)

$H Typesetter disabled system, demanded arrears; bankrupted corp sued (S 17 4:7)

$SH Logic bomb allegedly planted in nonpaying customer's system (S 19 1:7)

SH UK Logic Bomb displays Margaret Thatcher picture when triggered (S 13 3)

@*SH Ex-employee Trojan-horses emergency system, which fails (S 17 4)

SH Trojan horse Christmas-greeting message contains saturating virus (S 13 1)

SH Apple II virus, Amiga virus, a chain letter; Canadian logic bombs; computer terrorism; voice-mail misuse (S 13 1)

SH Pandair Freight (UK) logic bomb case (S 13 1); backfires (S 13 2)

VSH Viruses halted government computers in south China (S 16 4)

SH World Bank virus ("Traveller 1991") (S 16 4)

SH Lehigh time-bomb virus propagates four times, wipes disk (S 13 2)

SH Israeli 13th-of-month PC time-bomb, would delete files 13 May 88 (S 13 2) Jerusalem Virus bet declared a draw (S 13 3) Time-bomb warning on SunOS for 13 May 1988 (S 13 3)

SH Jerusalem-B virus infects GPO library disk (S 15 2)

SH Jerusalem-B virus infects Chinese computers widely [13Apr1990] (S 15 3)

$S Fri 13th Virus found in a game software on the market (S 15 3)

SH Anticipation of time-bomb causes accidental clock bomb (S 13 3)

SH Various Macintosh Viruses/time-bombs - trap handler, INIT32 nVIR - Brandow/MacMag 2 March peace message, infected Aldus commercial software DREW, FreeHand (in shrink-wrap). (S 13 2)

Sd Apple distributes a CD-ROM with a "Trojan Horse" (S 19 2:10)

Sdh Ford Motor Co promotional floppy disk contains monkey virus (R 17 23)

Shf Cardiff software shipped self-destruct timebomb in Teleforms 4.0 (R 17 36)

SH More on viruses dangers of virus construction sets, propriety of assigning virus development in courses, plus more on the Atari ST virus, the (c) Brain virus and the Providence Journal attack, the Scores virus and the "ERIK" and "VULT" attacks, Elk Cloner, Disease DOS, and the growing anti- virus business - including contaminated versions of FLUSHOT that contained Trojan horses. (S 13 3 refers to on-line RISKS, VIRUS-L.)

SH (c) "Brain" Virus at eastern universities (S 13 2)

$SH Michelangelo - hype, preparation, and attack on 6Mar1992; Leading Edge shipped 6000 infected systems; Intel shipped 800 infected LANSpool 3.01; DaVinci shipped 900 infected eMAIL 2.0 disks (S 17 2) Various Michelangelo attacks were reported (in New Zealand, Australia, Japan, China, Poland, Germany, South Africa [where bootleg SW is prevalent], Canada); various US hits also noted (S 17 2) Norton's free antiviral utility more dangerous than Michelangelo (S 17 2)

f(S) Intel says Itanium 2 error can crash servers (R 22 73)

SH Novell shipped a stealth virus, Stoned III, to 3800 customers (S 17 2)

$SH 2 Cornell students arrested for spreading Macintosh game virus (S 17 2) 10 hrs/wk for a year public service required as punishment (S 18 2:15)

$SH The Trojan horse named `AIDS', from `PC Cyborg Corp' (S 15 1); Joseph Popp accused on 11 charges, computer blackmail of medical institutes, attempting to obtain £6M (S 17 2)

@*$SH Lithuanian nuclear power plant logic bomb detected (S 17 2)

SH The "Twelve Tricks" Trojan horse (S 15 2)

SH DECnet `WANK' Worm on SPAN affected DEC VMS systems (S 15 1)

SH PC pest programs in China and Japan (S 15 1)

S Soviets claim unprecedented computer-virus shield (S 14 1)

SH "Virus" removes security barriers in Italian judicial computers (S 17 3)

SH Self-invoking RUNCOM self-propagates as virus on MIT's CTSS (S 13 3)

$H Use of a virus excuse for nondelivery of software (S 13 2)

$SHf Portable terminals for Hong Kong horse betting spoofable? (S 14 2)

$SH [Bogus] "Big Red" Trojan horse reported (as virus) in Australia (S 12 3); Hackwatch `expert' Paul Dummet [alias Stuart Gill] claims exposed (S 15 1)

SH Japanese PC-VAN network `Virus' posts passwords of NEX PC9800s (S 13 4)

SH Virus aimed at EDS infects almost 100 NASA computers instead (S 13 4)

S `Computer Virus Eradication Act of 1988' (S 13 4)

*S Virus hits hospital computers in Michigan, creates bogus patients (S 14 5)

$S "Virus" arrest in New Jersey (Chris Young) (S 14 5)

SH Black Baron gets 18-month sentence for virus activities (S 21 2:21)

S Prank "Virus" Warning Message in government service system (S 14 5) @SH Toronto Stock Exchange virus scare causes all-night search (S 18 2:16)

SH Trojan horses implantable by active electronic jamming? (S 15 1) @$mSe Minn. 9th Federal Reserve Bank vulnerability during recovery (S 16 3)

SH? Aum Shinri Kyo affiliate develops Japanese government software (R 20 83)

Sh(H?) U.S. State Dept embassies' Mission Performance Plan software written by Russians! (R 20 81)

S? Fantasy Baseball Journal errors attributed to a computer virus (S 18 3:A11)

SH Contact krvw@first.org for access to the VIRUS-L on-line newsgroup, documenting, cataloging, discussing innumerable virus problems!

NOTE: We long ago stopped reporting run-of-the-mill new viruses. Klaus Brunnstein reported the number of distinct strains has grown from five in early 1988 to over 1000 by early 1992. The number is now huge, over 10,000. See the VIRUS-L newsgroup for ongoing activities... But we must include two 1999 manifestations that result from the absence of meaninful PC security:

ffSH Melissa Macro Virus. See my article (S 24 4:28, R 20 26) and my Web site (http://www.csl.sri.com/neumann/house99.html) for testimony for the 15 Apr 1999 hearing of the House Science Committee subcommittee on technology, in which I consider Melissa as the tip of a very large iceberg - the abysmal state of computer and communication security. See also other items in RISKS on Melissa: Report by Robert M. Slade (R 20 26); hidden risks (R 20 28); effect on a UK bank (R 20 30); Risks of monocultures (R 20 26) and more virulent macro viruses (R 20 26); further analysis (R 20 30); Role of the GUID in identifying David Smith as the purported culprit (R 20 26,28,30-34), with wrap-up from Richard M. Smith (R 20 33); Smith faces five years in prison; claimed to have caused $80M damages and infected over 100,000 computers (R 20 68); further discussion of GUIDs accepted in court (R 20 70); Mainframe viruses (R 20 30-32) and origin of virus vulnerabilities (R 20 29)

SH CIH virus (26 Apr 1999) recalls Chernobyl (R 20 33)

$SHf Sasser worm (R 23 35); Antivirus software prolongs viral life! (R 23 35,36); Sasser implicated in Australian train outage, stranding up to 300,000 commuters (R 23 35); Sasser hits unpatched Delta flight software in Atlanta (R 23 36); creator turned in for $250,000 reward from Microsoft (R 23 37)

..... Password and authentication violations:

SH John-the-Ripper software finds 48,000 passwords (R 19 91)

S Password problem on Bloomberg Web site (R 20 08)

SHAOhe Stanford e-mail system passwords stolen by sniffer attack on un-upgraded systems, reportedly from Sweden and Canada (R 20 05)

SHA Organized e-mail theft in Seattle: compromised master key (S 24 3:27, R 20 09)

SH Strange case of Instant Messaging scam involving password on AOL (R 20 24); another scam on AOL using hyperlinks (R 20 28)

@$h Mistyped password put two brokers in the same computer files (S 13 1)

@$H Japanese BBoard fraud traps passwords, gains money; culprit caught (S 17 4)

..... Biometrics

SPfm Unsupervised biometric scanners more toys than serious security measures (Markus Kuhn, citing c't article, R 22 37); US ARO seeking odortype detection (R 22 43)

SA Biometrics technology: not yet ready for primetime (R 22 82)

SP DoT linking DMV databases and biometrics on driver's licenses; risks of false arrest, internal abuse, disclosure, etc. (S 27 2:17, R 21 87)

SPfmi Biometric systems more like toys than serious security measures (R 22 15,37); face recognition found lacking at Boston's Logan Airport (R 22 16)

S Reports on biometrics for controlling borders, airports, and seaports (R 22 60)

S$ Biometrics: retina scans used for automating English school lunch payments (R 22 49)

SHAPf* More on biometrics, including iris scans (R 20 41-43); Thumbprints in Malaysian smart cards (R 20 43)

SP UK Home Office identity infrastructure: Risks of diverse identification documents vs national identity card, biometric database, etc. (Markus Kuhn, R 22 47)

*$fhi False-positive risks in fingerprints: lawsuits against Identix for multiple assignments of same ID, system flaw known since 1996, uncorrected into 2004 (R 23 37; S 29 5:15); false negatives (R 23 86)

*hi FBI fingerprint screwup: Brandon Mayfield no longer a suspect for Madrid train bombing; misidentified from partial print (R 23 38-39; S 29 5:15-16)

*hi Problems due to misfiled fingerprints (R 23 40; S 29 5:16)

..... Risks in voice-recognition systems

SH Risks of computer voice recognition monitoring gang members (S 15 5)

VSh Ross Perot's high voice tone shuts down newspaper phone hotline (S 19 2:10)

Sfi British discover Texas accent is needed for voice recognition system for UK criminals (R 19 78)

Sf Risks of voice-controlled human interfaces (R 19 25)

S Potential for Trojan horses in voice software (R 20 10) and remote controls (R 20 10)

S Trojan horses embedded in voicemail (R 20 10) and risks of turning on audio and video, e.g. Back Orefice (R 20 11-12)

VShi NCR phone instruction for Tower Star multiport removal: "execute rm -r star" (R 19 65)

VSi Voice-recognition software Format c: Return and Yes, Return (R 20 24)

Sf- Seagull squawks consistently interpreted by speech recognizing software as "Aldershot" (R 20 36)

..... Internal perpetrations and insider misuse:

ShI CIA Director Deutch and multilevel security (S 25 3:20-21, R 20 78)

ShAI DoE weak password policy on nuclear secrets (S 25 3:21, R 20 77)

$SPHI Man charged with counterfeiting Japanese bank ATM cards, based on insider access (R 20 34)

$SHI/O AOL tech support volunteer sentenced to year in jail (R 20 74)

SHI FAA programmer destroyed only copy of source code for flight-control data transfer; authorities recovered encrypted copy at his home (R 20 64)

SHI ISP/bookseller intercepted Amazon messages, trying to get competitive advantage; fined $250,000 (R 20 66)

SHI+O Hackers penetrated Russian Gazprom, controlled pipeline flow; Russian police noted twelve-fold increase in computer crime in 1999 over 1998 (R 20 87)

SHIf Rogue code in Microsoft software, dvwssr.dll, includes password to access thousands of Web sites (R 20 87-89)

*SHI Hacker-nurse unauthorisedly changed prescriptions, treatments (S 19 2:5; R 15 37,39)

$SHI $1M internal computer fraud at Pinkerton (S 16 4)

@$SHI NY police chief indicted for misuse of confidential database (S 13 4)

@SHI 3 police officers sentenced for misusing Police Nat'l Computer (S 14 2)

@$SPHI 45 LA police cited for searching private computer records (S 18 1:21)

@SHI IRS agent accused of giving defendant tax data on judges/jurors/... (S 16 3)

@$SHIO Harrah's $1.7 Million payoff scam - Trojan horse chip? (S 8 5) and San Francisco Examiner/Chronicle, 18 Sep 1983

$SH Nevada slot-machine ripe for $10 to 15 million phony payoffs? (S 11 2)

$H Amusement game machines have covert gambling mode (S 13 4)

@$f One-armed bandit chips "incompatible"; 70.6%, not 96.4% payoff (S 17 4)

*SPHAf San Fran. Public Defender's database readable by police; as many as 100 cases could have been compromised [Feb1985] (S 10 2)

$SHI Browsing by IRS employees: curiosity to fraud (S 19 4:13)

SHA Sabotage of Italian newspaper source text without access controls (S 17 1)

$SH Sabotage of Encyclopedia Brittanica database (S 11 5)

$S(H?) Forbes accuses former employee of sabotage; NY programmer accused of sabotaging Art Assets computer (R 19 47)

$SH Prescott Valley Arizona computerized financial records wiped out (S 12 2)

SPH LLivermoreNL system used as repository 50Gb 90K erotic images (S 19 4:6); Employee acquitted; pictures thought related to engineering! (S 20 3:11)

@SH Election frauds by vendor or staff charged? ... [see above]

@*SHI British auto citations removed from database for illicit fee (S 11 1)

S Reporting and misreporting on successful Internet penetration of Navy battleship in exercise by U.S. Air Force (R 17 56-58)

$SHI Trojan-horsed chips in gas pumps enable charging scam (R 20 03)

SHI Mars Bars fraud via data diddling (S 24 3:27, R 20 09)

..... Other intentional denials of service:

SHI David Salas, former subcontractor on a Calif. Dept of Info.Tech., was arrested on 3 felony charges for "allegedly trying to destroy" the Sacramento computer system (R 18 75,76)

H Mail-merge program used to generate 12,000 amendments for Ontario legislature in blocking attempt (R 19 06,08,09)

SH Bogus cable chips zapped, possessors bringing them in apprehended (S 16 3)

*$SH Sabotage causes massive Australian communications blackout (S 13 1)

SH Former estimator destroys billing/accounting data on Xenix (S 15 1)

SH DC analyst in dispute with boss changed password on city computer (S 11 2)

SH Insurance computer taken hostage by financial officer (S 12 3)

*SH Cancer database disabled; 50K bogus calls, 10K-pound phone bill (S 18 2:17)

@SH Swedish cracker disrupts 11 north Florida 911 Systems (R 18 90)

SAO Swedish teen-aged hacker fined for U.S. telephone phreaking etc. (R 19 13)

SHf Vandalism disrupts service at Stirling University for days (S 19 4:13)

VSH Denial-of-service attack with e-mail flooding (S 21 2:20)

$VSHI Disgruntled Reuters computer technie brings down trading net (S 22 2:23)

@!$$Hm World Trade Center blast and outages discussed (S 18 2:17)

@SH Vandals cut cable in Newark, slow NY-DC MCI service for 4 hrs (S 20 1:21)

H? Workmen strike at CERN; beer bottles halt accelerator reopening (S 21 5:16)

VSH Update on Windows NT denial-of-service attacks, Bonk/Boink, New Tear (S 23 4:24)

..... More on information warfare and terrorism:

VSH Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, GAO/AIMD-96-84, in Senate hearings (R 18 15)

SH+H Pentagon uses offensive information warfare against Electronic Disruption Theater attacks beginning 9 Sep 1998 against DefenseLink Web site; EDT says it was illegal! (R 20 03)

S Pentagon to take stronger computer security measures; Eligible Receiver results indicate pervasive vulnerabilities (S 23 4:24)

$VS* Canadians assess risks of computer terrorism (S 16 1)

$S Cyber-terrorists blackmail banks and financial institutions (article with considerable hype) (R 18 17,24)

VS GAO report: Government computers at risk (R 21 04; S 26 1:27)

$Shi CSIA urges Government to focus on cybersecurity (R 23 61; S 30 2:23)

S- Cyberspace activism: screensaver chokes spam servers (R 23 61; S 30 2:24)

SHO Information Warfare in Israel (R 19 77)

..... Internet Service Provider outages and security problems:

Vhfme Internet "dark address space" leaves 100 million hosts unreachable (S 27 1:9, R 21 75)

Vf/m Problems with on-line services: Prodigy "comm error" shown live on ESPN; AOL downed by flood; traffic chokes MCI inbound Internet gateways (S 19 4:8)

Pf Prodigy misdirects 473 e-mail messages, loses 4901 others (S 20 3:9)

SH Racist cracker trashes BerkshireNet (R 17 83, S 21 4, SAC 14 3)

$Vfh 14-hour Netcom crash due to extra & in code (S 21 5:14)

$e Microsoft, AOL, and AT&T also have netwoes (S 21 5:14)

VSHAO PANIX denial-of-service syn flooding attack (R 18 45); more on syn floods, IP spoofing, and how to defend (Fred Cohen, R 18 48)

VSHAO Major denial-of-service syn attack on WebCom in San Francisco area (S 22 2:23, R 18 69)

$e Bad upgrade gets America On-Line off-line for 19 hours 7 Aug 1996 (S 22 1:17, R 18 30-31)

Vfe More AOL outages: 2 Dec 1996; bad upgrade, 5 Feb 1997 (S 22 4:28, R 18 81)

Vfe E-mail volume brings down Microsoft Network (MSN) servers for C-E and T-Z names; Microsoft shut down entire service for several days to upgrade (R 19 09)

Sf WorldNet security flaw (R 19 19, correction in R 19 20)

Vh Telehouse `reliable' backup center in London downed by accidental power shutoff, downing most of the UK Internet (R 19 13,14)

VSH PING-of-death attacks from Serbia on NATO Web server, counterattacks on www.gov.yu (R 20 31)

SH Copper thieves hit Rogers@Home cable Internet service in Canada (R 21 27); exposed cables chewed by rodent during repairs take out 300,000 customers

$fSHA Internet MSN Cyberseat park bench gives free international telephone service (R 21 59)

..... Other Internet-related security problems:

SHAO Princeton admissions office caught breaking into Yale computers (S 27 6:13, R 22 18)

..... Stolen equipment and computers - including sensitive data: [See also Piracy, below.]

$SH Computers stolen from SDI Office (S 13 3)

S Stolen laptop contains sensitive British military data (S 16 2)

SHO Sensitive customer data in stolen CalTrain ticket-by-mail computer (R 19 02,05)

SHO Stolen Levi Strauss personnel computer contains 40,000 SSNs and other identifying info, also bank account into for retirees (R 19 12)

SH Laptop with unspecified data stolen from London police car (R 18 24)

$SPH Thefts of doctors' computers lead to blackmail in Cheshire UK (S 18 1:22)

SH Stolen computer contains ophthalmology certification exam (R 18 53)

@SHI 6000 AIDS records stolen from Miami hospital PCs and diskettes (S 19 2:9); bad prank follows (S 20 5:10)

SHP 30,000 personal records stolen in GMU server compromise (R 23 66; S 30 2:24)

H May 1995 theft of $10M in Pentium chips; Asian syndicate indicted (R 19 21)

$H Armed theft of $800K in chips thwarted (R 19 23)

Hm Russian harvests 60 meters of cable in Ulan-Ude, disabling external phone service in Russia [19Jun1997]. Previously, 2 thieves in eastern Kazakhstan were electrocuted trying to steal high-voltage copper wires. (R 19 23)

Hm Backup system failure: cable stolen at Korat Royal Thai AFB, 1973 (R 19 24)

..... Piracy and proprietary software rights:

SH 37% of programs used in business are pirated (S 26 6:12, R 21 42)

- Risks of arbitrary binary representations (e.g., pi) infringing copyrights (S 26 6:12-13, R 21 42)

Sf Ed Felten and coauthors (backed by Usenix and EFF) sue RIAA and DoJ over right to publish paper on Secure Digital Music Initiative flaws and constitutionality of DMCA (R 21 45)

SHrf DVD CSS encryption algorithm cracked with 2¹⁶ attack with 6 bytes of known plaintext, with 40-bit key; freeware software remove copy protection (R 20 64-65,67,69), with detailed analysis by Bruce Schneier (R 20 66); jail for possessing a debugger? (R 20 74) DVD lawyers make "trade secret" public in unsealed lawsuit against Norwegian teen (R 20 77); Lawsuit against 2600.com for posting DVD security crack DeCSS (R 21 37); DeCSS source code is ruled speech; object code is not speech (R 21 73,74); 'DVD Jon' acquitted by Norwegian court; Supreme Court rescinds emergency stay barrying Matthew Pavlovich from distributing DVD lock descrambler (R 22 48)

SH Russian programmer Dmitry Sklyarov wrote program to unrestrict encrypted Adobe Acrobat e-book files; gave talk at Defcon in US, arrested for Digital Millennium Copyright Act violation, jailed, eventually released on bail (R 21 53,55); Elcomsoft and Dmitry Sklyarov cleared (R 22 44); an e-book publisher apparently uses utterly trivial rot13 for cryptographic protection! (R 21 58); extradition laws (R 21 62,64)

SHf More discussion on DMCA, RIAA, DVD Crack (R 21 42,47,48,54,61,62); negative effects on forensic analysis (R 21 62); UCITA implications as well (R 21 54); use of rot13 as "encryption" (R 21.58-59,62); UCITA support fading (R 22 84)

Shi Use a Firewall, Go to Jail! DMCA broadening: New U.S. state legislation in Mass, Texas, Michigan, and other states would ban the possession, sale, or use of technologies that "conceal from a communication service provider ... the existence or place of origin or destination of any communication." Also would ban encryption, Network Address Translation, home routers, remailers, wireless, Linux/*BSD for reading DVDs, etc. Horrendous legislation! (Ed Felten and others, R 22 66); effects on electronic voting and the Internet community (Doug Jones, R 22 67); further discussion (R 22 67-69) This reminds PGN of the California computer crime law that in essence makes it illegal to read, write, alter, or delete information!

SA The Internet vs. the recording industry (R 22 66; S 28 4:9)

SA$ Music piracy violations: fines up to $150K a song (R 22 67; S 28 4:9)

SA-? Radio stations unable to play copy-protected CDs (R 22 68; S 28 4:9)

? Acacia owns patent on digital audio and streaming video; goes after small sites, including (R 22 67; S 28 4:9)

Sf Very weak HDCP content protection broken - by various people (R 21 60-62)

$dP Microsoft documents leaked on the perceived threats of open-source software, and desired MS countermeasures; see the "Halloween Documents" annotated by Eric Raymond (http://www.opensource.org/halloween.html http://www.opensource.org/halloween2.html) (R 20 04-05) Microsoft preparing campaign to counter open-source movement (R 21 37)

$SH FBI raid "Davy Jones' Locker" (400-customers pirated-SW BBoard) (S 17 4)

@SH Leonard DiCicco pleaded guilty to aiding Mitnick in DEC SW theft (S 15 1)

$SH Captain Blood, software pirate, nabbed in L.A. (S 21 2:21)

$SH Irish rock band U2 unreleased songs pirated from demo video, distributed on the Internet (R 18 62,63)

SH$ Finnish executives jailed for software piracy (S 20 5:13)

$SH Software piracy considered enormous, Hong Kong, worldwide (R 18 12-13)

S U.S. No Electronic Theft Act may criminalize non-profit software copying (R 19 52)

$S Software theft statistics: $7.4B losses in 1993, $9.7B in 1992; greatest increases in India, Pakistan, Korea, Brazil, Malaysia (S 19 3:11)

S British Visa source code compromised, ransom sought (R 20 75-76)

..... Incomplete deletions and other security residues:

!S,H? Mystery death of NZ man who bought old Citibank disks reportedly containing details of overseas accounts & laundering activities (S 18 1:13)

fSP Footnotes in the Starr report that had been deleted in WordPerfect reappeared in the House-translated html version; this is the old mark-as-deleted but don't-really-delete residue problem; also, some text was lost in the translation. (R 19 97)

Sf Effects of data residues in Microsoft Word (R 17 78,80) and Netscape Navigator 2.0 (R 17 79); incorrect text replacements in WordPerfect (R 17 80)

SPf More on the MS Word deleted residue feature (R 20 83)

SPf Microsoft Word residue reveals author of document from California's Attorney General on attacks on makers of peer-to-peer software: it was a Senior VP of the MPAA! (R 23 27)

SHf Windows NT storage residue in supposedly deleted files (R 20 88)

SP Microsoft Word hits Tony Blair: Web-posted document residues shows names of four employees involved in the plagiarized dossier on Iraq (R 22 79, two items)

SPfh NZ Health Commissioner's anonymised case reports not so anonymous, including Word residues (R 22 81)

hi Web site devoted to Word documents with unintended strikeouts (R 23 29)

SP Discussion of security and privacy implications of "cookies" (squirreled information in browsers) (R 18 19,20, 63,65,67,68,70,72,78,79,88,92); residues in Internet Explorer 3 (R 18 68);

Sf Alcatel Word document includes deleterious document history (R 21 35)

SP Residue problem in frequent-flier miles on number reissue (R 18 65)

*Sh Air Force sells off unerased tapes with sensitive data (S 11 5)

SP Used UK Bristol University computer contains identities of pedophiles and victims (R 21 64)

*S White-house backup computer files bypass shredders on Irangate (S 12 2)

Sf Sex, lies and backup disks: more D.C. risks in (non)deletion (S 21 2:17)

Sh Leftover sealed-indictment data on sold-off surplus computers (S 15 5)

Sh Secret FBI files sold off inside $45 surplus computers (S 16 3)

H Residual Gulf war battle plans incriminate $70K computer thefts (S 17 4)

S Deleted files still on disk give evidence vs Brazilian president (S 18 1:7)

SP Used hard-disk contains unerased confidential personnel files (S 18 4:9)

Sh UK cabinet secrets on National ID card found in surplus store (S 20 2:12)

P Czech intelligence computer stolen, with sensitive data (R 19 31)

+*H US charges man planned to kill 4,000 travelers; laptop evidence (S 21 5:16)

S More risks of core dumps (R 18 42,43,44)

Shi Sloppy HTML in MS Outlook reveals supposedly hidden Microsoft comments when viewed in emacs or non-MS browsers; missing endif (R 22 49)

SP Google search finds cached password-protected pages (R 22 49)

SPf U.S. military Web sites offer a quarter million Microsoft Word documents, including deleted info (R 23 50)

..... Satellite takeovers and TV screwups:

VSH "Captain Midnight" preempted Home Box Office program (S 11 3, 11 5)

VSH Another satellite TV program interrupted (S 12 1)

$VSH Playboy Channel disrupted with bogus program "Repent Your Sins" (S 12 4); CBN employee convicted, facing up to 11 years in prison and $350,000 fines (S 16 1, R 10 62)

(m/f) Playboy Channel video appeared in the Jeopardy time-slot in the Chicago area for 10 minutes, due to a screwup (R 18 22)

SH AsiaSat Satellite TV broadcast pirated for 4 hours, replaced with outlawed material (R 23 62); reminder of the Playboy spoof (R 23 64)

e Upgrading Cartoon Network Channel gives Playboy video, Flintstones' audio (S 22 4:26, R 18 77)

SH WGN-TV and WTTW in Chicago overtaken by pirate broadcast (S 13 1)

SH Video pirates disrupt L.A. cable broadcast of 1989 Super Bowl (S 14 2)

..... Other cases:

SH British businesses suffer 30 computer disasters/year (S 12 1)

SH UK computer security audit estimates £40M fraud in 1987 (S 12 1)

S Accidental breach of Rockwell security bares shuttle software (S 13 3)

$SH Debit card copying easy despite encryption (DC Metro, SF BART, etc.)

$SH Thieves profit from $240,000 in debit-card transaction adjustments (R 19 42)

$SHO Counterfeit debit cards hit Burns National and others (R 19 53)

@$SHf TILT! Counterfeit pachinko cards send $588M down the chute (S 21 5:19)

$SH ATM cards altered by in-car home computer net $50,000 (S 12 1)

$SH Microwave phone calls interceptable; cordless, cellular phones spoofable

$SH Church cordless phone abused (piggybacked dialtone) (S 20 3:12)(SAC 13 3)

$SPH More cellular phone eavesdropping cases: Private call on saving the SF Giants (broadcast on TV frequency); Dan Quayle call from Air Force 2 on Gorbachev coup; Seabrook control-room calls including one on bad valve karma, heard by an antinuclear activist; Green Bay Packer football player calling a male escort service; intimate conversation allegedly with Princess Diana ("my darling Squidge") (S 18 1:20)

$SH Unsecure cellular phone fraud: $482M in 1994 (3.7% of revenue) (S 20 2:13)

$SH Massive cell-phone identifier interception (S 21 5:19)

$SH Callback security schemes rather easy to break (S 11 5)

$SHA 18 arrested for altering cellular mobile phones for free calls (S 12 2)

HS San Jose CA men arrested for altering, selling cellular phones (S 20 1:21)

+ E-mail tap nets German cell-phone fraudsters (S 21 2:19)

SH Risks of lap-top computers being permitted in exams (S 13 3)

$SH Embezzlements, e.g., Muhammed Ali swindle [$23.2 Million], Security Pacific ($10.2 Million), City National Beverly Hills CA [$1.1 Million, 23Mar1979] Marginally computer-related, but suggestive of things to come?

S On-line BBS bug fix downloaded to an M1 tank in Saudi Arabia (S 16 2)

1.25 Cryptography

..... Limitations of encryption and related problems (recent):

SP National Research Council study report (CRISIS) on U.S. cryptography policy available from National Academy Press (http://www2.nas.edu/cstbweb) (R 18 14,17)

Shi Robert Litt's comment on National Research Council crypto study (http://www2.nas.edu/cstbweb): it was written before he came on board and therefore he didn't feel obliged to read it. (S 23 5:27, R 19 80)

SP Hal Abelson (MIT/HP), Ross Anderson (Cambridge Univ.), Steven M. Bellovin (AT&T Research), Josh Benaloh (Microsoft), Matt Blaze (AT&T Research), Whitfield Diffie (Sun Microsoft), John Gilmore, Peter G. Neumann (SRI International), Ronald L. Rivest (MIT), Jeffery I. Schiller (MIT), and Bruce Schneier (Counterpane Systems), The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption, May 27, 1997 (ftp://research.att.com/dist/mab/key_study.txt or .ps; http://www.crypto.com/key_study). This report considers the technical implications, risks, and costs of `key recovery', `key escrow', and `trusted third-party' encryption systems. (R 19 17, discussion R 19 18) It has appeared in various places, including the World Wide Web Journal, volume 2, issue 3, Summer 1997, O'Reilly & Associates, pp 241-257. This report was reissued in the summer of 1998 with a new preface: "One year after the 1997 publication of the first edition of this report, its essential finding remains unchanged and unchallenged: The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs. These risks and costs may not be appropriate for many applications of encryption, and they must be more fully addressed as governments consider policies that would encourage ubiquitous key recovery." [http://www.crypto.com/key_study]

SP McCain-Kerrey Senate bill seeks crypto key-recovery infrastructure (R 19 23)

SP Cryptography Policy and the Information Economy, Matt Blaze (R 18 71)

+/- The Net Never Forgets (R 20 09-10), although the UK Labour Party removed its earlier promises against encryption controls from its Web site (R 20 11)

SP 33 nations sign Wassenaar Arrangement on crypto export controls (R 20 11); some exemptions considered for open-source crypto software (R 20 11,12) and public-domain software (R 20 13)

+/- French announcement on changes in liberalizing crypto policy (R 20 17-18), legal quirk (R 20 20)

Sf Report on timing cryptanalysis of RSA, DH, DSS (Paul C. Kocher) (S 21 2:21)

SfmM($?) Many new crypto-related results: Crypto implementations, particularly in smart-cards, under theoretical attack by interference-induced faults: Boneh, DeMillo, and Lipton (Bellcore) on public-key crypto (R 18 50); Ross Anderson on smart-cards (R 18 52); Biham and Shamir on differential fault-induced analysis of symmetric crypto - DES, triple DES, RC4, IDEA, etc. (R 18 54, 56); also Paul Kocher (R 18 57) and Ross Anderson (R 18 58); retrospective research note on crypto fault analysis, J.-J. Quisquater (R 18 55); role of replication? (R 18 58); history - note on Bletchley Park Colossus breaking Fish ciphers (R 18 59); practical tampering attacks, Ross Anderson and Markus Kuhn, Usenix Electronic Commerce paper (R 18 62); more from Quisquater (R 18 64)

SHOA Paul Kocher provided information on three related attacks: Simple Power Analysis, Differential Power Analysis, and High-Order Differential Power Analysis, applicable particularly to devices such as smart cards. See Introduction to Differential Power Analysis, by Paul Kocher, Joshua Jaffe, Ben Jun, Cryptography Research (R 19 80)

SP RSA crypto challenges: Ian Goldberg cracks 40-bit RC5 in 3.5 hours, using 250 machines to exhaust 100B would-be keys per hour (R 18 80); Germano Caronni cracks 48-bit RC5 in 312 hours, using 3,500 computers to search 1.5 trillion keys per hour (R 18 82); RSA's DES-I challenge broken after 4 months (http://www.rsa.com) (R 19 23); RSA's RC5-56 challenge cracked by Bovine Cooperative (S 23 1:14, R 19 43); DES-II-1 challenge cracked: 63 quadrillion keys, 90% of keyspace (R 19 60)

SO DES Cracked: "EFF DES Cracker" Machine Brings Honesty to Crypto Debate; Electronic Frontier Foundation Proves DES Is Not Secure announcing the Deep Crack machine. See Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design, published by O'Reilly and Associates. (http://www.eff.org/descracker) (S 23 5:27; R 19 87); review of Cracking DES (R 19 90); implications on cracking passwords, including L0phtCrack (R 19 91-92)

+ Deep Crack (part of Distributed.Net's 100,000 PC attack) cracks RSA's DES Challenge III in less than a day, Jan 1999 (R 20 17-18)

S Elliptic curve 97-bit challenge broken in 40 days with 740 computers in 20 countries (R 20 61)

SH Lucent cracks SSL e-commerce encryption code (R 19 84)

S Cryptanalysis of Frog, a not-very-strong AES candidate to replace DES (R 19 92)

SP Implications of outlawing concealed messages: ban the Bible, smiley faces, foreign languages (Navaho used in WWII), on-line card catalogs, random numbers, what else??? (R 19 37-41); use of steganography, e.g., in graphical images (R 19 40,41); Feynman's censors in WWII objected to math! (R 19 39)

SP(f?) More on risks of key recovery: see also PGN testimonies before the Senate Judiciary Committee and House Science Committee subcommittee on Technology, with written responses to questions as well (http://www.csl.sri.com/neumann/).

S "Private doorbells" proposed alternative to key-recovery (R 19 85)

Sf More on cryptographic hashing and MD5, Paul Kocher (R 19 26)

S John Gilmore publishes strong crypto code for authentication (R 19 52)

Sf? Discussion of alleged weak RSA keys in PGP (R 19 50)

SP New attack on PGP keys with a Word Macro (R 20 19-20)

Sf Exchange/Outlook plug-in for PGP bypasses crypto (R 19 81-83)

S Why cryptography is harder than it looks, Bruce Schneier (R 19 61)

SH Cypherpunks break GSM digital cell-phone encryption in 90M units (R 19 67-68); response from GSM Alliance (R 19 69)

SP More on the key-recovery crypto discussion, including the Denning-Baugh report on crypto impediments to law enforcement (R 19 62,63,65,67,72)

S Discussion of smart-card security, responding to Card Technology Magazine declaring, "The smart card is an intrinsically secure device." (R 18 91)

S Commerce Secretary calls U.S. encryption policy a failure (S 23 4:25, R 19 68)

SP Ron Rivest's nonencryptive Chaffing and Winnowing (S 23 4:25, R 19 64); natural-language example (R 19 65)

SP Cellphone CMEA 64-bit encryption effectively only 24 or 32 bits (R 18 92)

S Myths about digital signatures discussed by Ed Felten (R 18 83,84)

S Leevi Marttila program translates C to English and back; used for crypto, what is free speech and what is not exportable? (R 19 92)

Sfi Microsoft Outlook e-mail glitch discloses unencrypted message; cancelled message not cancelled (R 19 74,76)

mh Risk of not backing up PGP Key Ring files (R 20 30)

hei Risks of running a public-key infrastructure (R 20 32-33)

SH Adi Shamir reports design of special-purpose machine to factor RSA prime products (R 20 37)

$SH Parisian programmer Serge Humpich makes his own smartcards; cracked 640-bit crypto key (R 20 77); despite negotiations to reveal the technique, he was convicted of fraud, but given suspended sentence (R 20 82).

VSH Stephen King's on-line-only eBook taxes Web sites on opening day, 14 Mar 2000, representing unintended denials of service! (R 20 85); it was rapidly reverse engineered, decrypted, and pirated; ISPs forced customers to delete it, but was still available elsewhere (e.g., a Swiss bulletin board); developers blame export controls for weak crypto! (R 20 86)

..... Limitations of encryption and related problems (less recent):

S 100-digit numbers factorable; crypto implications [as of 1988] (S 14 1)

SP DES vulnerabilities claimed by Shamir and Biham (S 16 4, R 12 43); requires large amounts of known plaintext, ADDS credibility to DES!

S 56-Bit Encryption Is Vulnerable, Says Phil Zimmermann (S 21 5:19)

S Discussion on the strength of 56-bit crypto keys (R 18 26,27)

SP Potential problems with NIST-proposed Digital Signature Standard (DSS) and DSA (based on ElGamal and Schnorr): Bidzos (R 12 37); Rivest, (R 12 57,58); others (R 12 33 to 35); Hellman, (R 12 63).

$SP Risks of export controls on workstations, cryptosystems (R 12 30-35); See also Clark Weissman, Inside Risks, CACM, 34, 10, p.162, Oct 1991.

SP Sun exploits loophole in crypto ban for SunScreen SKIP E+ (R 19 17)

SP MD5 weakness and possible consequences (R 19 14,16,24,26)

$SP Computer Systems Policy Project estimates $60 billion market-share loss in year 2000 resulting from current U.S. export controls on crypto products (R 17 61)

$SP Crypto export licenses issued to Apple, Adobe, RSA (S 17 3)

$SP U.S. encryption export control policy softens somewhat (S 17 4)

S U.S. program export controls ruled unconstitutional by Northern California federal judge, Marilyn Hall Patel (R 18 69)

SP Charges dropped relating to PGP export and Phil Zimmermann (S 21 2:20)

SP Daniel Bernstein case involving export controls for crypto programs, snuffle and unsnuffle (R 19 05, 18 69, 19 52)

SH Forged "PGP has been cracked" message (not from Fred Cohen); pursuing the given URL could lead to your ISP disabling you! (R 19 08,09)

$SP NSA, FBI, cryptosystems: J. Abernathy, Houston Chron. 21Jun92 (S 17 4)

SP Escrowed Key Initiative (Clipper, Capstone, and Skipjack) discussed (S 18 3:A12, R 14 51-59, ff.); Skipjack Review by Dorothy Denning (R 14 81); more on Escrowed Keys, SkipJack, Clipper, and Capstone (R 15 46, ff.)

S NSA declassified 80-bit Skipjack encryption algorithm and its 1024-bit key-exchange algorithm (R 19 84)

S Comments on the U.S. Government Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure (TACDFIPSFKMI) (R 19 84-86).

SP "Key Recovery" replaces "Key Escrow" in U.S. encryption plan (R 18 50,54)

S Palisades Park NJ school employs 16-yr-old to break into locked-up computer system - need for key recovery mechanisms? (R 18 70,71)

$S Nov 1995 report on minimal key lengths for symmetric ciphers (R 17 69)

SPH FBI digital phone tapping, see M.G. Morgan, IEEE Institute, Sep/Oct 92

SP Police can't crack crypto used by Basque terrorist organization (S 17 3)

! Bank robber foiled by security screen (S 20 1:16)

..... Other topics related to cryptography:

- Discussion over who discovered public-key crypto first: UK's CESG, or NSA, prior to Diffie-Hellman? (R 19 51)

Sf Microsoft Crypto Service Provider confusion over "NSA" key discussed (R 20 57-58,60)

1.26 April Foolery and Spoofs

..... April Fool's Day items

+- April 1984 special section of the Communications of the ACM edited by PGN: A Further View of the First Quarter Century, pages 343-357, including The Complexity of Songs (Donald Knuth), The Telnet Song (Guy Steele, Jr.), A Linguistic Contribution to Goto-less Programming (R. Lawrence Clark - the famous Come-From paper), CLOG: An Ada Package for Automatic Footnote Generation in Unix (Preet J. Nedginn and Trebor L. Bworn), Languages: Three Interviews (Peter Brown), and a classic, The Chaostron: An Important Advance in Learning Machines (J.B. Cadwallader-Cohen, W.W. Zysiczk, and R.B. Donnelly).

SH 1984: Chernenko at MOSKVAX: network mail hoax by Piet Beertema (S 9 4)

SH 1988: Self-referencing forged April Fool warning message, seemingly from Gene Spafford (S 13 2,3; R 6 52)

+- 1990: Transmission of IP Datagrams on Avian Carriers (S 15 3)

$S 1995: Internet cybergambling (R 17 02)

Microsoft will NOT acquire the Catholic Church! (S 20 2:7)

1997: French immune to Y2K: quatre vingts dix neuf (4x20+10+9) will increment to cinq vingts (5x20); Windows ninety-ten will adopt similar strategy (R 19 01)

1997: Proposal to lengthen the second by 0.00001312449483 to eliminate leap years (R 19 01) or slow down the earth's orbit accordingly (R 19 02)

1997: Microsoft buys Sun in order to kill Unix (R 19 01)

1997: Hale-Bopp solar wind (cosmic radiation) causes ticking and buzzing in computer mouse; problem worsened by Internet acting as giant antenna (R 19 02)

1998: Funding for a new software paradigm, removing rarely used code producing routinely ignored diagnostics, to combat software bloat (R 19 64)

1998: Quantum computer cracks crypto keys quickly (R 19 64)

1998: The Computer Anti-Defamation Law protecting developers against criticism (R 19 64)

1999: The Y9Z problem, Mark Thorson; 99 rolls over to 9A; 199Z (the year 2025) rolls over to 19A0; then 19ZZ can roll over to "2000" (R 20 26)

1999: Y2K bug found in human brain (R 20 26)

1999: Vatican announces all computer systems ready for new millennium; Roman numerals are the answer! (R 20 26)

1999: Historical retrospective analysis of the Y10K problem, dated 1 Apr 9990 (R 20 26)

1999: RFC2550 - Y10K and Beyond: marvelous RFC on solving the Y10K problem by Steve Glassman (R 20 27)

1999: Linus Torvalds starts for-profit LinusSoft; open-source advocates SlashDot launch SlashDot Investor; Richard Stallman of the Free Software Foundation now Senior Vice President for Ideology (R 20 26)

1999: Professor wants Y2K jokes banned on the Net (Edupage item, R 20 28)

1999: Congress votes to move Daylight Savings cutover to Monday to avoid Easter confusion (R 20 28)

1999: Tuxissa Virus creator (Anonymous Longhair) modifies Melissa to download and install Linux on infected Microsoft systems (R 20 29)

1999: Running out of time on Y2K? Add a month to the calendar (Martin Minow)

1999: Zurich loses citizens files on 31 Mar 1999 after Y2K upgrade test crash (R 20 29); was this real or April Foolish? Doesn't matter. The lesson is the same: keep backups (R 20 30)

1999: Australian Securities & Investment Commission's April Foolery: Millennium Bug Insurance (R 20 37)

2001: Windows 2000 source-code access to top MS customers protested by smaller customers; spoof on it being written in Microsoft Basic with obscure variable names (S 26 4:11, R 21 31) and follow-up comment (R 21 33)

2001: Foot-and-mouth virus propagation: "first virus unable to spread through Microsoft Outlook" (Copyright, http://www.satirewire.com/news/0103/outlook.shtml) (R 21 31, with serious follow-up in R 21 33); also, roles of computers and bureaucracy in real spread (R 21 76)

2001: Bogus movie description created by techies at The New York Times in test development in 1998 showed up accidentally in the paper - on 1 Apr 2001! (S 26 4:11-12, R 21 36)

2002: ARF reconstituted as the Bureau of Alcohol, Tobacco, Firearms, and Software (ATFS), in an attempt to regulate the software industry, with penalties for possession of unlicensed products (R 22 01); discussion of this and the following 2002 spoofs (R 27 04)

2002: Review of a bogus book, "Hacking for Dummies"; also two older pieces revisited, If GM build computers and if Microsoft built cars, and a SatireWire item on splitting up Microsoft into two companies, one to make software, the other to make patches (R 22 01)

2002: Parody, "If General Motors had kept up with the technology like the computer industry has, we would all be driving $25.00 cars that got 1,000 miles to the gallon." Also, followup parody of would-be GM response, e.g., cars that crash twice a day, press start to stop the engine, airbags asking for confirmation, and overloaded single control interface (R 22 01); interesting discussion of the actuality of several of these (R 22 02-03)

2002: Splitting Microsoft into two companies, one to make software, the other to make patches (R 22 01)

2002: Spoof after warning to New South Wales students to watch out for 1 April (R 22 04)

2002: The Scandanavian "nation" of Ladonia draws thousands of requests for citizenship! (R 21 96)

2003: The Security Flag in the IPv4 Header, the Evil Bit (Steve Bellovin, R 22 66); alternative: The Angelic Bit (Drew Dean, R 22 66)

2003: Recycling of old programs (R 22 66)

2004: Coincidental Risks - related to electronic voting systems (Jim Horning, R 23 29, S 29 5:17-18)

..... Other spoofs and pranks:

VSHOA See the various Web site hacks above, in which the Justice Department, CIA, Air Force, NASA, Army, and other Web sites had bogus pages installed.

VSHO 1984 Rose Bowl hoax, scoreboard takeover ("Cal Tech vs. MIT") (S 9 2)

H CNN nearly broadcast bogus on-line report of Bush's death in Japan (S 17 2)

SH Bogus report, BritTelecom NOT hacked for intelligence secrets (S 20 2:13)

SH AOL4FREE.COM virus report started out as yet another hoax, but such a virus was actually created within 24 hours (R 19 11)

SH Moynihan Commission report on Penpal virus hoax (R 19 04)

SH E-mail hoax at University of Maryland: canceling classes (R 22 72; S 28 4:8-9)

SH Washington DC street message board displays bogus message (S 15 1)

SHA Caltrans freeway off-ramp sign spoofed (S 21 2:20)

SHAO Bogus computer-generated draft notices swamp Univ. Minnesota (S 16 2)

SHAO Bogus e-mail submits Univ. of Wisconsin official's resignation (S 19 1:7)

SHAO German intruder forges White House messages (R 17 31,32)

$SH "Goodbye, folks" software prank costs perpetrator £1000 (S 11 3)

- [bogus] First cybersex pregnancy Weekly World News (R 19 60)

- Reactions to Mary Schmich's parody of Kurt Vonnegut on the Internet (R 19 29)

SHI London Underground hacked by insider posting nasty messages (R 17 36)

SH Risks of digital video editing - authenticity question (S 14 2)

S Risks in altered live video images: L-vis Lives in Virtual TV (R 18 18-21)

$SH Beeper messages to call back result in $55 900-number charges (S 16 3)

SH Password attack as e-mail root spoof demanding password changes (S 16 3)

$SH Houston City Hall voice-mail pranked; no passwords needed! (S 16 4)

S Stolen account used to send hate e-mail at Texas A&M (S 20 1:21)

- Computer system tracks school assignments and automatically calls home on students who cut classes until someone/something answers; spoofable (S 17 1)

- Bogus element 118 un-discovered. Phonium? Phakium? Phorgium? Phudgium? Mike Hogsett suggested Itaintium (It-ain't-ium or I-taint-ium) and Unscrupulum. With elements 102 and 101 being Nobelium and Mendelevium, Stephen Poley suggested 118 would be Nobelievium. (R 22 31-32)

+/- Computer-generated gibberish conference paper accepted (R 23 84; S 30 4:26)

1.27 Privacy Problems

..... Recent yet-to-be-merged privacy items: SPf Privacy flaw in CyberCash 2.1.2 discussed by Steve Crocker (R 19 47)

SP Discussion of Easter Eggs (hidden features) in commercial software (R 19 53,55)

P Ontario removes privacy controls on students' personal information (R 19 48)

SP Swedes discover Lotus Notes (64-40 or fight?) has key-escrow crypto (R 19 52)

$SHPOe Japanese bank records stolen; aftermath of flawed upgrade (R 19 53)

P China cracks down on Internet access (R 19 54)

P Navy discharge case based on violation of don't-ask don't-tell, illegally gained AOL data (R 19 55); ruling reversed

PfSoftware flaw causes Virginia to misidentify 2300 people as child-support deadbeats (R 19 58)

+/- Response to West Virginia 'deadbeat-dad' glitches: woman builds system to counter effects (R 19 73)

S?P? Discussion of possible risks of interpreting robots.txt (R 19 57-59)

SP? Furby off-limits at NSA as security risk (R 20 16,20)

SP win.tue.nl ftp site hacked, login/uid info forwarded to Hotmail (R 20 18-19)

SP Serious security breach in Canadian consumer-tracking database (R 20 18)

P Furor over Intel's Pentium III processor ID discussed by Bruce Schneier (R 20 19); German report of flaw re-enabling override of ID disabling (R 20 23)

hPi U.S. Bureau of Labor Statistics posts official tables one day prematurely (R 20 05); another premature data release: Producer Price Index (R 20 16); Australian budget press release follows suit, blamed on "technical and human errors" (R 20 39)

SP Markus Kuhn and Ross Anderson's Soft Tempest, Microsoft, and copy prevention (R 19 59-60)

SP American Bar Assn OKs unencrypted Internet e-mail for client documents (R 20 34)

P? DejaNews feature on surreptitious URL link manipulation (R 20 34-36)

P IWC Watch Company site publishing visitors e-mail addresses (R 20 35); wrong URL posted! (R 20 36)

SP SingNet surreptitiously scans customer PCs: "looking for CIH virus" (R 20 40)

SP* Bank United of Texas to use iris scanners (R 20 40)

SPH MI6 agents "outed" on Web by disgruntled employee (R 20 39)

P Conflict between UK libel law and U.S. free speech on usenet items written in the U.S. (R 19 79)

SP Cell phones can be instant bugs! (R 20 53)

SP Electronic wiretaps on wireless devices outnumber those on wireline phones (R 20 41)

P Distributed cooperating Smart Dust particles as spies? (R 20 58)

P Proposal for Secret Service national ID database (R 20 57)

SPh Canadian spy secrets leaked on Web (R 20 55)

SP+/- NCIC 2000 began 11 Jul 1999, with remote mugshots, fingerprint searches, expanded coverage (probation, parole, sex offenders, in prison); risks of false positives, accuracy/timeliness of new entries, no probable cause; cost overran x2 (US$183M vs US$80M), took 7 years not 3; accuracy requirement relaxed; risks of use on ordinary folks? (R 20 53); Mass. requires mugshots/fingerprints for firearm owners with no law enforcement records, forwarded to Feds (R 20 54-55)

SPhi NCIC database accuracy requirements relaxed (R 22 65,67,69,71)

P California wants to sell confidential wage data (R 20 43)

SP Man recording police abusiveness sentenced for violations of wiretap statute (R 20 47)

P DoJ seeks wider access to computer data (R 20 55)

P Risks of sharing files via Yahoo (R 20 53)

Ph Risks of unexpected cell-phone redials (R 20 46)

P Minnesota Bank sued over client data sale (R 20 44)

SP Zero-Knowledge Systems allows five pseudonymous identities, but restricts number of messages (R 20 69)

SP Steganographic IDs in color copier/printer images (R 20 68)

SAPi Risks in ResearchIndex, digital library of CS papers (R 20 70)

SPhe Northwest Airlines may have leaked credit-card numbers after maintenance (R 20 74)

$SHP Small-town Italian postman intercepts PIN codes for more than 100 new credit cards (R 22 68)

SPf TWA e-mail includes others' addresses (R 20 85)

SPH Stolen MI5 laptop contains sensitive info (R 20 85)

SPf Breach 12-13 Feb 2000 exposes H&R Block customers' tax records, Block shuts down 15 Feb, 2nd time in two weeks (R 20 80)

SP On-line confessional Web site promises privacy! (R 20 76)

SP Great West bank reveals personal info (R 20 80,82)

P Georgetown Univ. study criticizes health sites for privacy intrusions (R 20 78)

P Lawsuit against Yahoo! for collecting cookies (R 20 78)

P Doubleclick saga: Michigan files "notice of intended action" over cookies (R 20 81)

*P Cybersex compulsives represent hidden health hazard (S 25 3:22, R 20 84)

P Havenco, data haven offshore from UK (R 20 91)

P Julia Roberts gains access of her named domain, and other cases of domain-name hijacking (R 20 91)

P Pac*Bell publishes 400,000 phone books with Cox Communications customers' unlisted phone numbers, including names and addresses; Cox blamed for not pruning its own list (R 20 90-91)

SP Powergen: 7000 customers' Credit-card info exposed on the Web (R 20 97)

SPf Glitch at Amazon.com exposes e-mail addresses (R 21 04; S 26 1:37)

SPf "Free" e-mail accounts and passwords exposed for a month (R 21 03; S 26 1:37)

SPh Mix-up sends Spanish bank e-mail to Virginia BBoard (NewsScan, R 20 94)

SP Verizon's 28M private phone records exposed on Web (R 21 01; S 26 1:38)

SP British law would allow police to intercept e-mail (R 20 95)

SP(+/-) White House revised encryption policy (R 20 95)

SP Hotel telephones give identity of called room occupants (R 20 93)

SP+/- People For Internet Responsibility (PFIR) Statement on Government Interception of Internet Data, 7 Sep 2000 http://www.pfir.org/statements/interception (R 21 04); Statement on Internet Policies, Regulations, and Control (http://www.pfir.org/statements/policies) (R 20 96)

P Internet content for 2000 Olympics restricted to protect TV (including diaries, chats, streaming video) (R 21 07)

SPH CIA secret off-color chat room undetected for five years (R 21 13)

P Richard M. Smith's top 10 privacy stories of 2000 http://www.privacyfoundation.org/release/top10.html (R 21 18)

P Intelligence gathering risks from some over-informative e-mail auto-responses (R 21 16,22)

SP IBM and Intel push copy protection into ordinary disk drives: various views (R 21 17-19)

P Privacy/quality risks in Quicken Online Billing Service (R 21 17)

Phf Credit report full of errors - and ex-spouse's address (R 21 17)

hiP Misidentification: recorded on CCTV, UK citizen arrested after making normal transaction immediately following cash-machine thief (R 21 36)

SP Dutch government advised to give citizens Web access to Civil Registry 'digital vault' with their personal information; risks issues (R 21 33)

SPh Kew Public Records Office using British prisoners for data input of old census data; they made changes such as "wardens" to "bastards"; subsequent corrections being outsourced to "cheap labor" in India (R 21 35)

P Amtrak 'sharing' passenger information with Drug Enforcement (R 21 36); later backs down

SSN problems in mortgage info database (R 21 31)

SP 9 states have insecure sex-offender Web sites; 2 have insecure criminal history records (R 21 22)

SP GAO finds lax security in IRS electronic filing system, ability to read and change other people's returns (R 21 28)

SPf Network Solutions exposes e-mail addresses, enables unauthorized deletions (R 21 21)

Sh Porn site took over domain of widely used agricultural resource center, causing unfortunate links from government and school sites; faulty Network Solutions record-keeping blamed (R 21 29)

SPf Bibliofind exposes credit-card info for 4 months (R 21 26-27)

SPH Theft of RCMP officer's vehicle gives home address, and robbery of home computers and property (R 21 22)

P Police can read event data recorders in auto air-bag systems (R 21 23)

Pf 401(k) mixup sends statements to off-by-one recipients, disclosing personal info (R 21 21)

SPe Travelocity exposes 51,000 customers' information for up to a month (R 21 21)

P Lax customer information privacy policies: Network Solutions (R 21 24), Amazon changes end-game policy, WebVan, ...

P Lawsuit challenges "file buying" of prescription records when pharmacy stores are sold (R 21 35)

SPf More on hidden info in MS Word documents (R 21 25,32)

SP Fairfax Virginia police records are posted online (in MSWord), but never updated to include case dispositions (R 21 27)

SP New flashlight sees through doors as well as windows (R 21 35)

P Hidden highway robbery within Microsoft Terms of Use contracts? (R 21 32,35)

SP U.S. Web sites fall short of global privacy standards (S 26 6:14, R 21 61)

P Woman stalked by Michigan cop via police databases before being murdered (S 26 6:14, R 21 60)

SPhe Georgia's HOPE scholarship program passwords and personal info exposed on the Web and cached on search engines for many months; deletion of one file blamed (R 21 58,59)

SP Washington State public schools putting student information on the Internet; security and privacy questioned (R 21 43)

P Council of the European Union considering storing all telecom traffic for at least 7 years - for "public safety and law enforcement"? (R 21 42-45)

P Totally Hip's Mac "Livestage Pro" covert http tracking; Adobe similar (R 21 56,58)

Se Building alarm-monitoring security-system update leads to insecurity: configuation database and backups deleted (R 21 54)

Sfei Peoples Federal Savings Bank software upgrade goes awry: PINs inadvertently reset to obvious default; account linkages disabled; other changes (R 21 53); things not improved months later (R 21 82); retraction after bank explanation five months later (R 21 86)

SP World bank, seeking safer place to meet, chooses the Internet! (R 21 43)

Ph Illinois Registered Sex Offender database rife with consequential errors (R 21 44)

SP More than 90 Michigan cops abused police database to stalk women, threaten motorists, settle scores (R 21 58)

P(+/-) Omron Corp anti-theft device intended to stop stolen car outside police station and lock driver inside (R 21 58)

SPH Software worm VBS.Noped.a searches your computer for pornography (R 21 49)

SP Leakages of sensitive information: Excel (R 21 39); Berlin Bank (R 21 50); Eli Lilly Prozac users list (R 21 51); UK Consumers' Association Web site (R 21 51); UK cabinet minister's draft changes (R 21 53); medical records transcribed by 3rd-party, sent by unencrypted e-mail (R 21 56); AT&T Worldnet exposes all user passwords (R 21 57,61)

SP FTD.com security hole leaks personal customer information (R 22 58)

SP NASTAR Web site provides personal skier information to anyone (R 22 51)

SHP Theft of 9 sports-club lockers followed by bogus phone calls from "police fraud department" asking for credit info, SSNs, etc.; several duped victims (R 21 56)

SP Web site streams live audio from private Ottawa cell calls (R 21 48)

P Supreme Court rules 5 to 4 in Kyllo case against thermal-imaging scanners (R 21 47)

SP Scottish newspaper archive in contempt of court (S 27 2:13, R 21 88)

SP Judge ordered hack of Interior Department trust fund system for Native Americans (R 27 2:13, R 21 81)

SP Gwinnett County GA keeps prison inmates list online (S 27 2:14, R 21 81)

SP FBI may not appreciate the risks with Carnivore sniffing e-Mail (S 27 2:15, R 21 82)

SPH Wiretapping equipment compromised: FBI, CALEA (R 27 2:15, R 21 83)

SP Web site about PC security asking to lower PC/browser security (S 27 2:16, R 21 86)

Sf US ARO seeking odortype detection (R 22 43)

SPi Iceland places trust in face-scanning (S 27 2:17, R 21 89)

SP An outrageous violation of privacy in composite picture of WTC helper (S 27 2:17-18, R 21 87)

SPhi ATT ignores its own privacy policy with cleartext bypass of SSL (S 27 2:18, R 21 86)

SP Office XP, Windows XP can send sensitive info to Microsoft in debugging information following crashes (R 21 82)

SP P3P privacy filters in IE6 present legal liability; in 1999, Bancorp paid $7.5 million for misstatements in posted privacy policy (R 21 82)

SP Virginia county recalls 11,000 student laptops to retrofit security against porn, grade changing, game/music downloading, in-class messaging (R 21 88)

SP German government bans porn (worldwide) except from 11pm to 6am German time! (R 21 81-82)

SP RSA Conference e-mail newsletter has tracking bugs (R 21 89)

SPA$ Official self-service litigation system available in England and Wales (R 21 89)

SPf Wireless Nanny-Cam broadcasts hundreds of yards away, easy to intercept (R 22 04-05); wireless network eavesdropping can be done with an antenna made from an old Pringles tube (R 21 96)

$SPHI Brisbane ISP in court for intercepting e-mail and fraudulent debits (R 21 89)

SPH Theft of 30,000 Experian credit reports by masquerading as Ford Motor Credit office (R 22 09-10)

SP Teale Data Center's California personnel files were breached for all 265,000 state workers (R 22 10)

SP RSA Conference html-ized e-mail has tracking bugs (R 21 89)

SPf Risks of hotel STSN Internet access (R 21 91)

SP New official self-service litigation system available in England & Wales (R 21 89)

SP LED light content reportedly can be detected remotely (R 21 94-96,98)

SP Security leak in Dutch Internet sexshop (R 22 01)

$SP Saab USA Web site leaks customers address, offers extra discounts (R 22 01)

SP Gillette's Mach3 includes MIT antitheft tracking microchip (R 22 02)

SPi UK govt wants to make Internet "e-filing" compulsory by 2010 for tax returns, with £3,000 fines (R 22 07)

SPf E-mail subscription link gives full access to other people's personal details (R 22 01)

ShP Midwest Express Airlines Web site leaks customer information (R 22 05)

SP Photocopier stores document for later printing; confidentiality risk (R 22 01)

P British Telecom publishes list including confidential ex-directory telephone numbers (R 22 01)

Pi BBC monitoring policy states that any response whatsoever constitutes consent to e-mail being monitored; e-mail opt-out impossible! (R 21 95); This is a requirement of the UK "Regulation of Investigatory Powers Act". (R 21 96); more on copyright implications (R 21 98)

$P CT Dept of Consumer Protection questions speeding fines levied by rental-car companies (R 21 91)

SP Risks of SafeWeb anonymizer: tunneling too close to the person you're trying to protect (S 27 3:12-13, R 21 93)

SPA Privacy risks in MSN Messenger 4.6 (R 22 13)

SP Risks of identity-theft Web site (R 22 13)

SPA 54% of U.S. schools use students for computer tech support (R 22 11)

SPA Japanese service links ATMs to cell phones (R 22 16)

SPH Enron/Anderson types of problems reach into information technology: the Big 5 accounting firms also audit information assurance and security (R 22 13)

SP Tracking subway users by electronic fare cards (R 22 12)

SP Finger-printing children in schools, without parental involvement (R 22 18)

SPfi Kazaa users inadvertently share their private files (R 22 12)

SPf Web glitch exposed 300,000 Canadian accounts at Fidelity Investments (R 22 12)

P Are we legally obligated to watch commercials? (R 22 12)

P Citibank's third-party e-mailing raises privacy concern (R 22 23)

SP Federal appeals court overturns its own Web site privacy ruling (R 22 23)

P$ Tough EU privacy rules influence U.S. Web practices (R 22 22)

VSHPm Rube Goldberg strikes again: man damages cruiser; police use pepper spray, restraints, place him in jail cell; he jumps up, hitting light and microphone, destroying the light, tripping a circuit breaker, causing the police dispatch room lights to go out and messing up the phone systems (R 22 22)

$SPf New Jersey E-ZPass transponders wearing out, causing bogus citations and necessitating 900,000 replacement devices (R 22 31)

$h Problems with Chicago-area toll road transponders: Activating I-PASS hits a roadblock; Online demand blamed for delay (R 23 67)

SPf? Lying Lie Detectors, William Safire article quotes National Research Council study: "No spy has ever been caught [by] using the polygraph." (R 22 30)

$SP$ etc. The Underground Web: illegal activities so easy (R 22 24); fake Internet bank bilked two people out of $100,000 (R 2 29)

SP Oregon proposing to tax in-state car mileage via GPS (R 22 46)

P Privacy Journal ranks states on privacy; California and Minnesota best (R 22 32)

P(h/f?) BSA Accuses OpenOffice ftp sites of piracy (R 22 60-62)

SP+ Good example: seriously protected patient data with real deletion (R 22 60,62)

SHP New $40 telemarketing tool makes caller ID fakery easy (R 22 60)

SHP Bogus Hotmail password change page captured 120 user accounts (R 22 57)

SHP Information on 5 million U.S. credit-card accounts hacked (R 22 56)

SP+ eBay Sting locates stolen Fluke inline network tester (R 22 56)

SP eBay privacy policy wide open to investigators (R 22 59)

SP Junked hard drives yield lots of personal data (R 22 50)

SP Hong Kong gym pulls plug on camera cell phones (R 22 49)

SP Alcala University developing electronic system to monitor and remotely control elevators over the Internet (R 22 58)

SP Judge suspends Washington State telephone privacy regulations; constitutionality? (R 22 55)

P Scientology critic fined under French law for Web site (R 22 59-60)

SPA T-Mobile Hotspot uses SSN for passphrase (R 22 72)

SP- Use of satellite cell phones among embedded media folks in Iraq: Risks of not being lost! (R 22 69)

SP Cisco's eavesdropping enables undetectable lawful interception (R 22 71)

SPfh Search engines making sensitive information easy to locate (R 22 64)

SP Benetton clothes to include tracking chip (R 22 64); later rescinded

SP Federal privacy rules for medical information (R 22 69); rules let marketers see sensitive patient data (R 22 70)

SP- Secrecy and the Patriot Act: library records, wire transfer blocked because of spouse's name, law suits, etc. (Amy Goldstein, NYT, R 22 90)

Shi 193 innocent Brits erroneously labelled as criminals due to erroneous records (R 23 34)

SP Self-referential Patriot Act suppression of law suit against Patriot Act (R 23 35)

P MIT Web site provides dossiers on government officials, turning the tables (R 22 79)

SP QinetiQ "intelligent" airplane seat to detect nervousness in passengers and alert airline staff (R 22 78)

SP FTC increases focus on privacy; serious vulnerability on Guess Inc.'s Web site revealed 200,000 customer credit-card numbers (R 22 79)

SP WhereWare tracks your location (R 22 90)

SP Wall Street trading scandal uses instant messaging evidence (R 22 91)

SHPIi VeriSign's Site Finder captures all nonexistent .com and .net addresses, breaks all sorts of Internet services, causes significant controversy (R 22 91); VeriSign temporarily suspends Site Finger (R 22 92)

SHAOP Men steal computers from high-security Sydney Airport facility (R 22 90)

SP Resold BlackBerry contains sensitive Morgan Stanley data (R 22 88)

SP Confidential hospital records in memory stick (re)sold-as-new (R 22 83)

SP Microsoft Word hits Tony Blair: Web-posted document residues shows names of four employees involved in the plagiarized dossier on Iraq (R 22 79, two items)

SPfh NZ Health Commissioner's anonymised case reports not so anonymous, including Word residues (R 22 81)

SP Metadata residues in Photoshop files (R 22 83,84)

P Indiana man charged in e-mail stalking of TV anchorwoman (R 22 80)

SHP+ Inadvertent cellphone redial leaves burglars' conversation on victim's girlfriend's voicemail (R 22 79)

SP U.K. man proves he was victimized by network porn vandals (R 22 84)

SP Pentagon's plans for terrorism futures market attacked, perhaps led to John Poindexter's resignation from DARPA (R 22 83); America Action Market offers wagers on political events (R 22 83,84)

SP New laws induce greater corporate surveillance (R 22 80)

SP Coplink software helps police draw crime links (R 22 81)

SP+(!) Cell-phone log retention finds missing IRS employee's body (R 22 78,79)

SP Samsung Electronics bans camera phones from key factories (R 22 81)

SP Tiny RFID tracking chips surface in retail use (R 22 77); RFID site security gaffe uncovered by CASPIAN consumer group (R 22 79); nuking of RFID chips (R 22 80,81)

SPA UK: Sign someone else up to be an organ donor! No authentication. (R 22 77)

SP Credit agencies sending our files abroad (R 23 01; S 29 2:15-16)

SPf 'Unfixable' Word password hole exposed (R 23 12)

SPf Danish PM's private communications disclosed by Microsoft Word residues (R 23 12)

SPf Justice Department censors report on workplace diversity, but releases pdf version made from Word version with recoverable deleted text (R 22 97)

SPh AOL filters based on whether they like embedded URLs (R 23 09)

*SPfm, etc. 9 out of 10 computer users stressed; may be bad for your health, including spam, lost files, time wasted (R 22 97)

SP Identity Denial: Chinese woman wins damages for daughter-in-law canceling her identity registration, making her nonexistent! (R 22 93,95)

SP DoD RFID policy: friend and foe, with a note on risks in biometric passports (R 22 98)

SP Biometrics: 'Not your father's fingerprints' win out (R 23 10)

SP Security versus liberty? Cronkite: zero-sum; Ben Franklin, no (R 22 93,94,96)

SPf Victoria's Secret reaches a data privacy settlement; security flaw exposes everyone's orders (R 22 97)

SPh AP accidentally distributes celebrity phone numbers (R 23 12)

P Outsourcing risks: Pakistani tries to blackmail UCSF Medical Center threatening to reveal private medical records (R 22 97)

SHOP E-mail contains 'Lover Spy' software, reporting on Web site visits (R 22 96)

SPfi DoD on-line security clearance process seriously problematic (R 23 04-06)

SPf Holes in online job-search privacy (Brian Berstein) (R 23 03)

SPi France Telecom: a heavily used risky Web site (R 23 03)

SP FBI's reach into records is set to grow (R 23 03); MATRIX (Multistate Anti-Terrorist Information Exchange) deemed 20-billion record "largest database on the planet" collecting info on everyone in the U.S. (R 23 03)

SHPf Minnesota's CriMNet hacked, then shut down (R 23 03)

SHP Supposedly private bank balances easily available on the Internet (R 23 11)

SP Car-monitoring service allows you to be your own Big Brother (R 23 11)

SHPI FBI employee snoops through confidential police databases, sentenced to 12-month prison term (R 23 23)

SHP 4.6-million DSL subscribers' data leaked in Japan? 3 men arrested for extorting 3 billion yen (R 23 22)

SHP Theft of Client Information at Israeli Bank's "Information Fortress" (R 23 21)

!hiP UK data protection laws and the Law of Unintended Consequences: Database check missed record of Cambridgeshire caretaker, who later murdered two schoolchildren; couple froze to death after gas improperly shut off (R 23 14,15,18)

$SPdehi Dept of Homeland Security protects vendors of anti-terrorism technologies from liability (R 23 14)

SPhi Discussion of lie-detector glasses, claimed 90% accurate! (R 23 14,16)

$P Some rental cars keep tabs on drivers, charge hugely for driving out-of-state (R 23 13)

P TiVo watches TiVo watchers, who are uneasy after monitoring of recordings of Janet Jackson's Super Bowl performance showed it was viewed more than three times more than anything else (R 23 18)

SHP Victoria Australia police: ongoing misuse of privacy information (R 23 18)

SHP Programmer three levels indirected from supervision posted sensitive community college child care database on the Internet (R 23 18)

SP Federal court rules no privacy for e-mail passing through ISP servers; eavesdropping okay (R 23 44)

SP Selling Web bugs to detect whether e-mail has been read (R 23 41,44)

SP Privacy and Security Risks in Rampell's E-Mail Surveillance Service (R 23 41,42)

SPA France Telecom voice mail espionage (R 23 41)

SP Risks of digital cameras re: prisoner abuse (R 23 36)

SP New UK driving licence puts identity at risk (R 23 37-39)

SP GAO report on data mining: http://www.gao.gov/new.items/d04548.pdf: Verity K2 Enterprise; * Analyst Notebook I2; PATHFINDER; Case Management Data Mart (R 23 39,40,42)

SPf U.S. plan to allow Net users in China, Iran to bypass national site blocking, but adds keyword blacklists (R 23 36)

SPm Gas explosion creates confidential litter (R 23 35)

SPhi DidTheyReadIt operations and security concerns (analysis by Rob Slade, R 23 49)

SPf Security cavities in Bluetooth in mobile phones allow offloading of personal information (R 23 48)

$SH eBay sellers fined by NY Attorney General for bidding up prices on online auctions: (R 23 59)

Shi U.S. air travel without government identification (two sagas, from Dan Wallach, R 23 50, and Kathy Gill, R 23 53)

SP Federal judge strikes down part of PATRIOT Act (R 23 55)

SP+ New California Online Privacy Protection Act requires posting of privacy policies, effective 1 Jul 2004 (R 23 46)

SP Privacy concerns over Australian e-mail law that allows easy access to information (R 23 51)

SP Social security info breach on Utah State University campus (R 23 56)

SP California schools warned of identity theft, via lost laptops (R 23 52)

$SHP Identity theft: FBI bust (R 23 59)

SPh Published password opens access to foster-care records in Florida (R 23 56)

SP Google aids spammers via error pages (R 23 45); Google bot cache is back door for pay-per-view information (R 23 50)

Sf iPod security risk (R 23 46)

SHf VoIP vulnerabilities can lead to compromised Calling Number ID (R 23 45); VoIP = Voyeurism over IP? Tapping into servers and hard drives easy (R 23 47)

SPi Star38.com Web site offers VoIP CNID falsification service (R 23 51)

SP U.S. Government to alter RFID passport regulations, after complaints from privacy advocates (R 23 87)

SPfhi REAL ID: planned national ID card is a bad idea, and will make things worse not better: analysis by Bruce Schneier (R 23 87; S 30 4:30); More on risks of REAL ID: tripled fees, longer lines, unfunded mandate (R 23 95; S 30 4:30-31)

SP What Search Sites Know About You (R 23 87; S 30 4:32)

!SPhi PDF not a good format for redacting classified documents; blacked out portions of classified report on Calipara/Sgrena incident revived by cut-and-paste (R 23 86-88)

$SHPhi E*TRADE Complete Security System security problems discussed at considerable length (R 23 84-87)

SP TSA finds data on air passengers lacked protection (R 23 81); TSA kept passenger information it promised not to (R 23 91)

SHPif Even some major corporations don't understand domain names: Hertz information can be compromised by bogus domain (R 23 82)

SHP List of reportedly aggressive drivers open to misuse (R 23 69)

SP RFID tagging of Sutter California elementary school children (R 23 71)

SHP More on risks of national driver's license standards and centralized driver information, and countermeasures (R 23 71); `Smart' driver's licenses a Trojan horse? (R 23 72)

SP The UK Land Registry data now easy to access (R 23 70)

SP MS Word marginal info leak in press release relating to Vioxx risks (R 23 71)

SP GPS used to arrest snowplow driver (R 23 67); correction and further discussion (R 23 80);

*SP DEA agent shoots self while demonstrating gun safety; a year later home video on the Web exposes the agent! (R 23 80)

SP San Francisco police officer accused of using airport cameras to ogle women (R 23 85)

SP Pentagon hires BeNow Inc. to creating database of high-school students to aid military recruiting (R 23 93)

SHP New Hampshire self-service photo kiosk retains images, leads to prosecution (R 23 89)

..... End of yet-to-be-merged privacy items

..... Government Surveillance:

SP Court says FBI has been given too much wiretap power (R 21 03; S 26 1:34-35)

SP FBI's Carnivore monitors Internet traffic; summary of House Judiciary oversight hearing, by Lina Tilman (R 20 97; S 26 1:35-36); sloppy pdf usage allows expurgated information on review team identities to be uncovered (R 21 08-09, S 26 1:36)

SPhi FBI's Carnivore unintended overcollection hampered anti-terror probe (R 22 11; S 27 6:11-12)

SPHAOf FBI targets suspects' PCs with Trojan-horse spy (R 21 77; S 27 1:11)

SP(H/h?) FOIA-obtained memo reveals FBI national security wiretap violations (R 22 32)

+- DoJ does not support FBI on CALEA-amendment roving wiretaps (R 19 90)

SPAHO Unencrypted Secret Service pagers intercepted, despite demos of the vulnerabilities 3 years before at Hackers on Planet Earth (S 23 1:13, R 19 39,40)

P Germany still planning law-enforcement surveillance on ISPs (R 21 25)

SPfh Software failure billed 50 German phone-tapped suspects for the eavesdropping connections, blowing secrecy; almost 20,000 lines currently under surveillance in Germany (R 22 33)

SPH Risks of concentrated power and the surveillance state: Chicago Chief of Detectives insider information used for thefts (at least $5M) (S 27 1:13, R 21 73)

SP French spies listen in to British business phone calls (S 25 3:20, R 20 77)

P UK Regulation of Investigatory Powers Bill requires ISP to record all traffic; use of crypto can put you in jail if you cannot produce the key! (R 20 90)

SPf Automated traffic-camera system has flaws, citing driver of Honda CR-V for speeding in a sporty coupe (R 21 58); Honolulu citations 80% unenforceable due to human errors (R 21 87); police officers being cited for speeding to emergencies (R 21 81)

SHP Global Positioning Satellites (GPS): Surveillance to keeping convicts out of jail (R 22 31); commercial satellite security needs improvement (R 22 31)

SHf Yugoslav forces intercepted unencrypted NATO air communications and thwarting attacks; consequence of ITAR export-control regulations? (R 20 37)

SHP Abuse of intercept capabilities: Australia's `Tampa' affair (S 27 3:12, R 21 92)

SP ACLU sees a growing Big Brother 'surveillance monster' (R 22 50)

..... Other surveillance, electronic monitoring, tracking:

SHP Anonymous e-mailer convicted of cyberstalking (R 21 73)

*SPH Hazards on the Superhighway: Woman cyberstalked by Vito; man receives fax from bogus lawfirm with false accusations; girl harassed; Chicago man sends obscene messages in someone else's name; Boston boy runs away to meet on-line Texas man (S 19 3:8)

*SH Cyberstalking on the rise (R 22 70)

*SH More on risks of surveillance (R 22 64-65); Is our TV watching you? (R 22 67)

SP+ California making it harder for prying eyes: ISPs to inform customers of requests for their identities (R 22 72)

P Norwegian brothel surveillance camera broadcasts live on WorldWideWeb (R 19 13)

P Sex, Truth and Videotaping: risks of monitoring your baby-sitter (R 22 11; S 27 6:12-13)

Sf Electronic card designed to spot football hooligans (S 14 5)

@fh Monitoring systems cause unintended changes in Bell Canada operator behavior and Metro Toronto Police (S 18 2:6)

SP Satellite monitoring of car movements proposed in Sweden (R 18 81)

SP Swedish narcotics police demand telephone card database (R 19 07)

P Location-tracing service of handy phones starts in Tokyo (R 19 58)

SHAO Teen intercepts MD's pages, makes medical orders (R 21 19)

$SHI Brisbane ISP in court for intercepting e-mail and debiting customer credit accounts (R 21 89)

P Published demonstration photo from Ybor city surveillance camera recognized deleteriously by ex-wife in Tulsa (R 21 59); Charlotte NC will photograph license plates to analyze freeway travel (R 21 60)

SP EPIC urges colleges not to monitor peer-to-peer sharing, as requested by recording industry (R 22 38)

SPAHO New Jersey company intercepts pager messages, sells them to media (S 23 1:13, R 19 35)

..... Spyware:

$SHA South Africa bank Internet spyware and fraud (R 22 82)

SHP Two million scans uncover 55 million instances of spyware in six-month SpyAudit (R 23 48)

SHP Spyware epidemic threatens to stall computer industry; MS blames rogue software for 1/3 of application crashes (R 23 58)

S+ Microsoft AntiSpyware beta - quick review by Rob Slade (R 23 66)

SHP Survey results: Most dangerous types of spyware increasing (R 23 70)

SHP Florida court rules wife broke law in using spyware to secretly monitor her husband's computer (R 23 72)

SHP(+/-) U of Calgary adding spam and spyware to its curriculum (R 23 70,71)

SHP Microsoft's Antivirus and antiSpyware software (R 23 79)

SH Spyware increasing: 8by screening service (R 23 95)

SPf MarketScore spyware product exploit and other concerns (R 23 88,89)

..... Accidental data releases:

For further privacy violations relating to accidental release of information, see some of the `SP' descriptor entries in the subsection on Incomplete deletions and other security residues, toward the end of the Security section above.

HSPO Newt Gingrich's teleconference compromised by cell phone (R 18 75,76; S 22 4:30-31)

SHP Qualcomm CEO's laptop vanishes, containing corporate secrets (R 21 05; S 26 1:28)

SPfh France Telecom inadvertent disclosure blamed on computer error, actually MS Office history: risks of e-mail compounded with the notes/comments/change-tracking features (R 21 65); see also article by Gene Spafford on protecting information, in Computing Research News (URL in R 21 65)

SPf Handspring hands out names and springs out numbers (S 27 6:14, R 22 18)

SP U of Montana releases children's psychological records on the Web (R 21 74)

..... Other privacy violations:

For further privacy violations relating to intentional misuse of information, see some of the `SHP' descriptor entries in the subsection on Penetrations and misuse in the Security section above.

S?h?+? Controversy surrounding Dallas Morning News posting news of alleged Timothy McVeigh "confession" on their Web site. Item obtained via computer breakin? Early Web posting to stave off injunction? (R 18 85) Bogus memo allegedly planted in attempt to trap a witness?

Phi Risks of errors in Calif Megan's Law CD of sex offenders (R 19 25)

$SHP Crackers access University of Texas database, accessing over 50,000 SSN/name pairs (R 22 62)

P Discussion of Whitewater Filegate security/privacy issues involving FBI, Secret Service, White House (R 18 21)

S GAO criticizes White House for inadequate database controls (S 22 1:19)

SH Privacy risks in telephone company voice-mail archives (S 16 3)

SPH Civil liberties issues in National Crime Information Center (S 14 2)

SP Calif. to permit prisoner access to confidential drivers' records? (S 14 2)

SHI Database misuse by 11 prison guards in Brooklyn (leaking names of informants to prisoners, warning about searches, etc.) (R 19 20)

SP Justice Dept wants to scrutinize parolee computer use (R 18 70)

P Texas driver database on the Internet (R 19 22)

P Kansas sex-offender database full of incorrect entries (R 19 14); Also true in California DB: 2/3 of entries incorrect (R 19 24)

P Virginia's online sex-offender database not up-to-date (R 20 17)

SPH Bryant Gumbel's on-line critique stolen, given to Newsday (S 14 2)

SPH Belgian Prime Minister's e-mail tapped by penetrator (S 14 1)

SP Oliver North private e-mail appears in New York Times (S 18 2:17)

P? In-flight video privacy risks (S 18 4:9)

SPH Are your medical records adequately protected? Probably not. (S 14 2)

$PH Personal data being sold illegally by Nationwide Electronic Tracking (S 17 3); somewhat duplicated material in notes indictments (S 18 1:21)

@SHI 6000 AIDS records stolen from Miami hospital PCs and diskettes (S 19 2:9); bad prank follows (S 20 5:10)

SH AIDS database compromised in Pinellas County, FL (R 18 48,53)

@$SHAI Mass. hospital technician accessed ex-employee's account, accessed 954 files, harassed former patients, raped girl (R 17 07, SAC 13 3)

SPH Medical privacy violation reported by victim, U.S. congresswoman (S 19 2:9)

P Australian insurance company builds household database from electoral rolls (R 18 02)

$P Proctor&Gamble matched telco call records after WSJ news leak (S 16 4)

SPH 2 Nissan employee firings allegedly based on eavesdropped e-mail (S 16 2)

SPH Washington State monitored e-mail; privacy lawsuit filed (S 16 2)

P 8 convicted killers sue to prevent Mass from monitoring phones (S 19 4:12)

SPf Undelivered `private' e-mail message returned, but NOT to sender (S 14 1)

SPH$ E-mail privacy rights vs company property lawsuit against Epson (S 15 5)

SPH Proliferation of spy viruses predicted (S 21 2:21)

$SP Risks in the British Data Protection Act (S 12 1)

SP Concern over privacy of Swedish Databank (S 11 5)

SP Discussion on computer privacy and search-and-match in Canada (S 15 1)

SP Canada's Privacy Commissioner issues report warning about EDI (S 18 4:9)

SP Thailand establishes centralized database on its 55M citizens (S 15 5)

SP Risks of being indexed by search engines (R 18 15)

SP Use of databases for investigative checks on would-be suitors (S 15 1)

P 4-star General Griffith's SSN posted on Internet site (R 19 28)

P Washington State posts criminal history records on the Net; legal issues (R 19 28)

P Alaska exposes its rascals on Web site (R 19 30)

SPH 30 implicated in selling Equifax credit records, bill histories (S 17 2)

SPHI Illegal sales of confidential SocSecurity and FBI data in 9 states (S 17 2)

SPHI Anaheim police employee leaks address of antiabortion target (S 18 3:A12)

SPH 2 women accused of selling confidential adoption information (S 18 3:A11)

SPH Ross Perot's campaign accused of stealing credit data (S 18 2:15)

P Privacy implications of Ohio school. child abuse records (S 18 2:17)

P Privacy concerns with Lotus Marketplace database of 80M households (S 16 1); Lotus Marketplace database withdrawn after 30,000 protest letters (S 16 2)

P Australian government bungles private data on 6000 households (S 17 2)

P Citicorp proposed marketing info on its 21M customers (S 16 4)

P AOL announces its intent to share data with telemarketers (R 19 26) and ads on private e-mail (R 19 40); eventually modified in response to objections

P Risks of aggressive marketing (R 22 06)

$SPH TRW settles lawsuit with FTC, 19 states, over privacy violations and erroneous data; improvements required, $300K payment (S 17 1)

+- L. Tribe proposes computer freedom/privacy cyberspace amendment (S 16 3)

S Privacy Act vs. Justice Dept. file matching on One Big File... (S 16 3)

$P Discrimination and privacy issues in insurance database (S 16 1)

SP Calling Number ID: negative ruling in California, free per-call blocking in Vermont; approved in 20 states, Washington D.C., and Canada (S 17 2)

$SPH Personal attack on USENET raises issues of privacy, ethics (S 12 3)

P Big flap over German request that CompuServe remove offensive material; in response, CompuServe disabled some newsgroups (R 17 59,61,62)

SPH NY Met's 1986 World Series parade: brokerage printout augments ticker-tape (S 12 1)

SP New York Yankee 1996 World Series parade; in absence of stock-market ticker tape, confidential records from NYC Housing Authority and Dept of Social Services rained down (R 18 55)

SP San Diego School payroll printouts appear as Xmas gift-wrap (S 12 2)

SP Public pleasure-boat database could help thieves (S 14 5)

SP Baby-monitor system bugs house, broadcasts to neighborhood (S 13 1)

? Pay-per-view failure lets adult station go unscrambled (S 19 3:8)

h/f? Free porn-in-the-morn hits San Francisco cable channel due to early scrambler time-out (R 19 60)

f Norwegian class gets porno image because of cache problem (R 19 48)

i Recycled URL leads to porn site (R 19 47)

- User-friendly Netscape transforms placeholder xxxx.htm in a developing Web site into URL www.xxxx.com for porno site (R 19 54)

H World Wide War on Wonderland Club of child pornographers (R 19 94)

? "MP3" second-most-searched-for string (popular compression program with no anti-piracy protection) after "sex" (R 19 95); meta tags (R 19 96-97, 20 01) used to force search-engine hits, although that situation may be improving (R 20 02)

SPH Teenage radio hams detect collusion in Los Angeles in 1911 (S 18 3:A11)

S William Gibson's Book of the Dead supposedly on uncopyable diskette! (S 17 3)

@* CA notifies licensee before responding to data requests (S 14 6)

..... Other items on privacy and related rights:

SP Risks of reverse telephone directories (R 19 62)

SP Risks of proposed universal CV database for everyone in the UK (R 19 67)

P Lexis-Nexis archives don't match print versions; near-lawsuit over false information (R 19 67)

SP On-line confession in Poland (R 19 70-71)

SP Idaho State rules Boise city e-mail subject to FOIA (R 19 63)

SP Clandestiny? Intuit TurboTax clandestinely uploading INTUPROF.INI? (R 19 71); Software clandestinely uploading names and e-mail addresses: Blizzard's Starcraft, and Virgin's Subspace (R 19 70)

f TurboTax potential overstatement of gross income (R 21 26)

SHP Proposal to make fake IDs a federal offense (R 19 85)

SP Risks of Federal healthcare insurance database regulation (R 19 88)

P- New Swedish personal information handling law makes most of the Internet illegal (R 20 05)

P FTC charges Geocities with misleading customers, selling private info without permission; Engage system to track individual Net usage (R 19 92)

$P Nancy Kerrigan settles X-rated lawsuit over faked porno images (R 19 97)

SPH Social Security claims agent takes revenge on woman by entering her death date in SSA database (R 20 01)

SP Security risks delay online registration system at U.Va. (R 20 09)

SP Discussion of Northwest frequent-flyer database privacy and integrity (R 20 12-13)

P Supreme Court rules against software filters for sexually explicit materials (R 20 10)

P Swedes outlaw naming an individual on the Internet (R 20 05,09)

P Shanghai entrepreneur Lin Hai tried in China for providing e-mail addresses (R 20 11)

P Windows 98 Registration Wizard may violate European Privacy Laws (R 20 25)

fSP IE 5.0 browser Favorites bookmarks graphic favicon.ico (R 20 31)

SP Privacy risk in "shopping-cart" software (R 20 33)

SP Major flaws in the WIPO domain name proposal, A. Michael Froomkin (R 20 24)

SP Raytheon probes e-mail moles, subpoenas Yahoo! (R 20 30)

..... Inference used in deriving protected data:

- Evident symmetry in scoring mask used to guess test answers (S 16 3)

+- Joe Klein's computer-detected authorship of Primary Colors (S 21 4:14) confirmed by handwriting analysis of typescript annotations, then finally acknowledged by publisher! (R 18 26,27)

1.28 Spamming, Phishing, Junkmail, and Related Annoyances:

..... Spam:

- Maryland attempting to outlaw `annoying' and `embarrassing' e-mail (R 18 81)

- Nevada contemplating outlawing unsolicited junk e-mail (R 18 87)

SHOA Vineyard.NET used as spam conduit for 66,000 messages (R 18 79)

SHOA More risks relating to spamming and spam blockers (R 19 02,05,10,13); legal implications (R 19 10)

SPf Overzealous spam blocking (R 20 49), and IMRSS (R 20 51-53); delivery of RISKS-21.44 blocked by overzealous Melissa detector at health.gov.au (R 20 45); even more overzealousness (R 21 89)

SP Porn spammers send cybergreeting with hidden URL (R 20 77)

SH FAX Attacks - risks of junkmail spamming saturation (S 14 1)

+/-? Discussion of whether U.S. Code Title 47, Section 227 applies to spam (R 19 33-36,42,44)

SHf Risks of reading Trojan-horsed spam mail (R 19 49,50) and accidentally clicking on wallpaper icon (R 19 46)

SHAO Spammer Craig Nowak used Tracey LeQuey Parker's from: address; she received 5,000 bounces, and sued - along with EFF and Texas ISPs Assoc. (R 19 19,20); Travis County court fines Craig Nowak $19,000 for his spam activities (R 19 46)

SHi MCI Mail spam blocker and account-name changes may make things worse (R 19 53); further risks of overzealous anti-spam measures (R 19 55)

SHO Spammers blackmail AOL, threaten release of 1M addresses (R 19 53)

Shf More NSI woes; spamming its own customers with weak password scheme (R 20 58-59)

S Spam causes major ISP delay in e-mail (R 20 53)

- AOL enables blocking of 53 domains in attempt to reduce junkmail (R 18 56,62)

SHA Cyber Promotions: spam and get spammed, plus restraining orders (S 22 4:28, R 18 81, 19 13); Cyber Promotions spamming restrained by Earthlink injunction; CP agrees to pay CompuServe $65,000; CP hit by 20-hour retaliatory spam attack (R 19 13); CompuServe blocks some multiple-address mailings? (R 19 21)

SHAO Spammer retaliates against NJ ISP block by Beth Arnold, using her e-mail address and 800 number; she was ping stormed and flooded with calls (R 19 21)

SHA More spamming: Newmediagroup anti-spam measures draw retaliation (R 19 16,17,21); Anti-spam bills in U.S. House and Senate (R 19 18,21);

S Spam filtering (R 19 24)

SH Spams and associated risks (R 19 25,27,31-34); laws (R 19 35-36); $125 million lawsuit to stop striptease advertising via Strong Capital Management (R 19 27); Hewlett-Packard scanner spam (R 19 38); Pacific Bell Internet spammed with forged QueerNet address, causing Pac*Bell to misdirect its retaliation (R 19 44); Samsung spam and reverse-spam (R 19 32,33)

SH Spam continues to increase: 300% from 2001 to 2002 (R 22 51, S 28 3:7)

SP SPAMMING: 6100 Cornell University students spammed with entire list in TO: field; 9 gigabytes (R 19 64); Rice University (R 19 66); Natl Assoc of Broadcasters deluges its own members with spam (R 19 62)

hf NASAA spams investors by mistake (S 24 3:25-26, R 20 07)

SPf Is your spam e-mail watching you? worse than cookies! (S 27 3:12, R 22 03)

m Hospital e-mail delayed 84 hours, spam problems (R 21 23)

S(H?) Verizon bombarded with spam; denial of service attack? (R 21 15,17)

SHOA Effects of porn spam from spoofed e-mail address (R 21 35)

SP Discussion of spammers getting sneakier, avoidance, and smtp as a root of problems (R 21 71,72,76,78,80)

SHf$ MORE ON SPAM: Earthlink awarded $16M in spamages (R 22 73); EarthLink sues to stop Alabama and Vancouver spammers (R 22 89); California court rules against Intel in spam case (R 22 81); how about refusing to accept e-mail? (R 22 74); spam blocking and 'challenge-response' cures may be worse than the spam problem (R 22 74,76); more risks of spam filters (R 22 78); AOL blocking e-mail from other ISPs (R 22 81); easynet.nl is causing serious e-mail disruption with its overzealous blacklist (R 22 86); another credit-card scam spam (R 22 82); Who profits from spam? Surprise! (R 22 84); spam for new Jamie Oliver cookbook contains 121-page MS Word document, with fictitious title, Naked Chef 2 (R 22 82); Why are spammers backing spam-control laws? (R 22 81)

SH Viruses, spam, phishing, etc.: Long-disused address hit by spam attack (R 23 13); MyDoom virus infects PCs, whacks SCO (R 23 14,17,18); other MyDoom effects (R 23 15); password-protected viruses (R 23 25,28); US-CERT warns of worm, forgets to mention operating system (R 23 15); AP blames viruses on users (R 23 15); nasty competition among Bagle, Netsky, MyDoom virus authors (R 23 25); DoomJuice (R 23 18); Sober.D worm masquerades as Microsoft update (R 23 26); FDIC phishing attempt (R 23 16,17); SSL is being severely stressed by phishing expeditions (R 23 27,28); Defeating phishing scams with SPF = Senders Permitted From (R 23 16); more on SPF, pro and con (R 23 17,18,21,23,27) and SRS = Sender Rewriting Scheme (R 23 21) More risks of virus scanners (R 23 15,17,18) and spam filters, with spam now over 50% of all e-mail (R 23 19,22,24); anti-spam lawsuits (R 23 28); risks of removing cryptographic signatures as attachments (R 23 28); captchas (R 23 17,19,20); Beagle virus scam asks for response because your mail system will be down (R 23 27); more on countermeasures (R 23 25); need for constant vigilance: analysis by Rob Slade (R 23 26); yet another Microsoft Windows flaw announced (R 23 18); Win32 API utterly and irredeemably broken (R 23 19); Microsoft EULA license agreement allows Windows to install updates (R 23 19)

$SH SPAM: Perils of challenge-response autoblacklisting (R 23 36-38); Two-thirds of all e-mail is reportedly spam; 80% in USA (R 23 39); Florida law bans deceptive subject lines in e-mail (R 23 38); Maryland governor signs tough anti-spam law (R 23 39)

P $SP African e-mail spam scams inspire "Special Forces Commando" in Afghanistan who wants to share $36 million in drug money (R 22 09)

!S Nigerian consul in Prague slain by spam scam victim (R 22 59); new scam involves allegedly frightened Iraqis trying to move money (R 22 62)

SH Internet spam mogul Alan Ralsky can't take what he dishes out (R 22 43)

SH More spam tricks at hotmail (R 22 20,21); new spammer trick using forged received header (R 22 39)

$ FEC OK's SMS spam without saying who paid for it (R 22 22)

efi Invisible ISP spam separator gives "mailbox full" for seemingly empty mailbox (R 22 42)

Sf The pinnacle of chutzpah in spam filtering by ISP: ISP rejects complaints! (R 22 24,26)

SH How to spam a closed mailing list (R 22 60)

S$ Allegedly disgruntled NetGaming Casino ex-developer posts spam of would-be attack (R 22 59)

Sfi Spam filtering stops the democratic process in Parliament, blocking distribution of Sexual Offences Bill, paper on censorship, etc. (R 22 54)

SH$ Microsoft sues bulk e-mailers over spam to harvested Hotmail users (R 22 58)

SHO Spammers use viruses to hijack computers (R 22 71)

SP Anti-spam legislation passed in the House (R 20 95)

SP Google allows anonymous spam (R 20 95)

..... Phishing Attacks:

$S Phishing scams: Phishees include Barclays (R 23 33-34), Australia/NZ Banking Group (R 23 34); Cooperative Bank (R 23 37); more (R 23 39); Barclays also victim of data robbery (R 23 44)

$SHP Phishing: CitiBank assists scammers (R 23 46); CitiBank fraud/Phishing hotline address emailspoof@citibank.com blocks e-mail! (R 23 55); CitiBank spoof: Please confirm your account (R 23 57)

$SH Increasing sophistication of phishing spammers, discussion with Dan Wallach and others (R 23 60,62); ACM message looks like Phishing (R 23 62); eBay open invitation to phishing scammers (R 23 66,68)

SH$ Hundreds of thousands of Visa customers hit by phishing expedition seemingly from Bank of England; at least 5% victimized? e-mail scams rise by 400% (R 23 11, correction in R 23 12)

$SH J.K. Rowling denounces Internet phishing fraudsters; organized crime gangs in Eastern Europe? (R 23 70)

SHf Payment via MSN and viruses in MSN (and other) chat programs; phishing risks! (R 23 79)

$SH Yet another phishing scam, aimed at PayPal (R 23 83)

SP Fighting spam: raise the bridge or lower the water? Authentication instead of filters, other approaches, laws? (R 22 92,93); Senate Can Spam bill (R 22 97, 23 12)

$SHP "Can Spam Act" seems to be no-can-do; spam still 80% of all e-mail (R 23 69)

SHP Spammers try a new tack: routing through ISPs (R 23 70)

h Spam-blocker blamed for missed court date in wrongful-death suit (R 23 75-77)

SPH Instant messenger spam ("SPIM") ready to explode? (R 23 11); more on SPIM (R 23 38,41)

SHP 1/3 of instant messaging is SPIM (unsolicited IM); first arrest of a SPIMmer (R 23 75)

Sh Foolish wireless network access policies provides safe harbor for spam, etc. (R 21 39,41)

S- Utterly amazing spam/scam offers heroin, "Tomohawk" [sic] missiles, cocaine, (sex) slaves, counterfeit currency, and child pornography

S FAA.gov spam relay (R 21 73)

Sh Human error leads to AT&T anti-spam gaffe (R 23 04; S 29 2:14)

Sfi Apple Computer's hidden spam-filtering on POP3/IMAP mac.com addresses (R 22 07)

SH Use of unclaimed British bank Web site by West African spam scammers cons victims (R 22 34); Paypal scams (R 22 34,43); phishing on AOL for passwords and credit-card numbers (R 22 35); imposter eBay site (R 22 42)

SHfhi eBay users redirected to phishers by compromised eBay's site (R 23 73,80; S 30 3:34-35)

..... Other related problems:

fh Monster accidental e-mail blitz (S 23 5:26, R 19 74)

f Matsushita's Panasonic Interactive Media filter spews out vulgarities (S 23 3:26, R 19 82-83)

SHO AOL hit by e-mail scam and Trojan horse URLs (R 19 34)

S Trojan horse: 5-yr-old installs AOL CD-ROM from Chex Quest box (R 19 26)

Sfff LLNL bans all wireless networks, including Wi-Fi, because of technology vulnerabilities, with only about 10(R 21 89); risks in wireless carriers tunneling through firewalls (R 21 89)

Sf Minneapolis-St.Paul airport offers free wireless network; great opportunity for launching spam and security attacks (R 21 89)

SH Bogus "Internet security update" spam seemingly from Microsoft (R 21 94)

SPHi SPAM and the RISK of ignoring permission letters (R 21 94,95,98; R 22 02)

iP Yahoo changes default marketing preferences, encouraging spam, require cookies to change (R 22 02-03)

SPf Over 160,000 join Massachusetts Do-Not-Call Registry to block telemarketers (R 22 47); Do-not-call list preventing 911 notifications in Massachusetts, pruned list purchased! (R 22 75); Glitches hit FTC `do-not-call' list (R 22 79); effects of new state laws on privacy for anti-spam and do-not-call (R 22 78,79); further problems (R 22 79); Canadians cannot register home phones, but their 800 numbers are OK! (R 22 80); EchoStar sued for `No-Call List' breach (R 22 89); FTC says Do-Not-Spam list effort will be futile (R 22 87)

$SH Iowa Judge slams spammers with $1-billion judgment (R 23 62)

S Screensaver tackles spam websites: Lycos sponsored denial of service attacks against spammers used, and then withdrawn (R 23 62, two items)

..... Censorship, porn, and risks of filtering - or not:

SP Spam prevention gone too far (R 21 89); Risks of using anti-spam blacklists (R 22 01); Use of SpamAssassin effective for the time being (R 22 08-10)

S+? A better approach to spam filtering? Try bogofilter, based on paper by Paul Graham and Bayesian statistics (R 22 22)

i Risks Forum blocked by SmartFilter under Criminal Skills category (R 21 14)

SP U.S. Supreme Court rules Communications Decency Act unconstitutional (S 22 5:14, R 19 23)

fi White House Web pages off-limits to Surfwatch: photo of first couple and second couple triggers filter (R 17 79); Surfwatch also blocked NYNEX's Web page named iixxxpg1.html because of the "xxx" (R 17 81)

i Adult content filter considers MSDN Flash 6, 2, 22 Jan 2002, as "Unwanted adult spam"; it contained the string "over 18' in the text "Plus, VSLive! San Francisco provides over 180 hours of content in three technical conferences." (R 21 90)

Sf AT&T's e-mail filter filters AT&T's e-mail (R 22 08)

SP? No laptops on the Senate floor: fears of surfing, lobbyists, spamming, real-time on-line influence, etc., ignoring such possible benefits of being able to read pending legislation and to communicate! (R 19 29,32,33)

rfi AOL's Scunthorpe saga: risks of string-based censorship (S 21 5:17, R 18 07-08); more on AOL filtering of Internet e-mail (R 17 65, 18 18,41,42,44,46,48)

rfh SW filters sex, blocking access to NJ counties Sussex, Essex,... (R 19 24)

Si Risks of filtering randomly generated 4-letter words in sendmail queue-ids (R 22 13,15); and other filtering risks (R 22 16); a Yahoo admits changing e-mail text to block hackers (R 22 16-17); more on filters and, in particular, dirty-word filters (R 22 17-18)

fi The "finger" command and "Paul Hilfinger" (S 21 5:18)

rfi CyberSitter censors "menu */ #define" because of the string nu...de; binary equivalents of bad words (R 19 56-58); more on dimwitted naughty-word filtering (R 20 39-40, R 21 03); e-mail with Don Beaver's name filtered (R 21 50); more overzealous filtering problems (R 21 47), and combatting them (R 21 47)

- Applied Micro Technology Inc. device censors closed-captioned broadcasts, e.g., turning Dick Van Dyke into Jerk Van Gay (R 19 63)

P China strengthens control over "cultural rubbish" on the Internet (R 18 73); Draconian controls on Chinese Internet usage (R 19 23)

SP German Cabinet approves Internet privacy, censorship regulation (R 18 69)

P South Korea clamps down on Canadian home page on North Korea (R 18 21)

P BUGTRAQ may be banned by Australian censorship (R 20 43)

$SHO Hackers sued by software-filtering company (S 25 3:20, R 20 84-86)

fiP XXX Web filters take out Superbowl XXXIV sites as porn (R 20 77)

f/h Name filtering causes revocation of police officer C. O'Kane's badge (interpreted as "cocaine") (R 22 19)

rS Web anti-surfing filter prevents Palm Support Germany from doing its job! (R 21 65)

Sh/h/h? Ed Felten's Web log at www.freedom-to-tinker.com shut due to questionable SpamCop listing (R 22 19); fascinating summary of responses on whom to blame (R 22 21-22); e-mail envelope filters blocking NDN and DSN (R 22 20); SpamAssassin (see R 22 08-10) blocked RISKS-22.20 (R 22 21)

S Risks of junk-mail filtering (R 20 89, and see nondistributed issue RISKS-20.89x which would have been filtered!); Microsoft content-based spam Bcc: filtering (R 20 90-91)

f/h Harvard admissions e-mail bounced by AOL's spam filters (R 21 84-86,88)

i Police chief: don't permit certain file types (gif, pjg, ...) to stop porno (S 22 1:19)

SH? Gateway 2000 issues promo video tapes with mysterious insertion of offensive and objectionable materials (R 18 90)

- CompuServe German ISP indicted for transmitting porn content; former manager given suspended 2-year sentenced, 100,000DM fine (R 19 73,77)

+ U.S. Supreme Court rules ISPs not liable for content (R 19 83)

fi Royal Court, UK theatre group aiming to "shock and offend", gets new computer system that filters its own specialties! (R 20 84)

h USAF Space Command blocked San Francisco Exploratorium Yahoo site because of baking-soda/vinegar recipe (R 21 02)

Marc Rotenberg reviewed Ray Bradbury's Fahrenheit 451 from the perspective of censorship and the banning of digital copies (R 22 03)

fi CNN (but not the San Jose Mercury News censored Webby nominee with a questionable URL (R 21 37)

SP Microsoft censoring blogs in China (R 23 90)

hi Cabbage Patch doll with six-character serial ID considered obscene (R 23 66)

1.29 Other Unintentional Denials of Service:

..... Recent cases (see also telecomm problems)

Vm PGN's Univ. Maryland Fall 1999 course on survivable systems and networks beset with survivability problems: hurricane, lightning, teleconference circuit outages! (S 25 1:) See http://www.csl.sri.com/neumann/umd.html for the course notes.

Vm Weather-predicting Cray C90 supercomputer lost in fire, weather predictions reduced (R 20 62)

Vm Netcom file-server hardware outage loses half of the e-mail customers, depending on first letter of name (R 20 49)

h White House admits over one year of VP's e-mail lost forever (S 25 4:8, R 20 91)

$fm Greek tax information system experiences blackout (S 25 3:15-16, R 20 75)

f U.S. National Archives loses 43K e-mail messages, backup failed also (S 25 3:, R 20 76)

f/h? NSA system inoperative for four days (S 25 3:16, R 20 78)

$f/h? AT&T Business Internet Service major outage of primary and backup DNS systems (S 25 3:16, R 20 78)

$f Computer glitch cancels 86 America West flights (S 25 3:16, R 20 80)

$Vhm Northwest Airlines grounded for 3.5 hours after cable cuts off main and backup fibre (S 25 3:16, R 20 85)

$m Week-long outage in NE San Jose after cable cut downs 11,000 phone lines (S 25 3:16, R 20 84)

m Fire takes out Nottingham phones (S 25 3:16, R 20 80)

m Senate Web site dies as Clinton stresses Net-reliability (S 25 3:16, R 20 81)

i Online broker blames outages on software maker; incompatibility, not hacker attack! (S 25 3:16, R 20 83)

mfhi Georgia's computer systems down for 16 hours; warnings of need for replacement batteries ignored (R 23 55)

mfhi Illinois Secretary of State computer outage, blocked state business (R 23 52)

mf Nationwide Radio Shack computer outage affects all 7000 stores (R 23 55)

ef UMass: students cannot register for classes; system upgrade botched (R 23 53)

..... Older cases

(!)$V Amsterdam air-freight computer crashes, giraffes die (S 12 1)

@*Vf ARPAnet ground to a complete halt; accidentally-propagated status-message virus [27Oct1980] (S 6 1: Reference - Eric Rosen, "Vulnerabilities of network control protocols", SEN, January 1981, pp. 6-8)

@*Vf ARPAnet loses New England despite 7-trunk "redundancy" (S 12 1)

Vm Network crash halts Larry Ellison's OpenWorld demo (S 23 1:11, R 19 40)

mh Judge Zobel's awaited e-mail in "au pair" case delayed over an hour by Boston Edison Electric workers in a manhole disconnecting his ISP (R 19 45)

-/+ Estimates of the effects of the Starr report on the Internet (R 19 95): loc.gov, house.gov, and gpo.gov were essentially inoperative, but proliferation of mirrored sites eased the burden substantially (R 19 96); many comments that the Communications Decency Act I (ruled unconstitutional) would have had to penalize the Starr Report. with fines of $250,000 and 5 years in prison to anyone posting it on the Internet. AP estimated almost 6 million people browsed the report via the Internet.

V$he Computer collapse wipes out British Social Security NIRS records; manual payments prone to fraud (S 24 1:32, R 20 01)

- ACM's ISP cuts off service for late payment of fees (R 19 15)

Vmh Computer crash loses CBC radio listeners' requests (R 20 17)

f New Haven cable viewers see "SW Failure. Press left mouse. ..." (S 19 4:8)

*$Vm Weather Service phone circuit failure downs forecasts for 12 hours (S 17 1)

*$Vm Weather computers down for 12 hrs, blocking AFSS flight service (S 19 1:9)

Vm Cold weather impairs fiber-optic performance (R 19 41)

@he Computer test residue generates false tsunami warning in Japan (S 19 3:4)

Vm California Dept. of Labor computer system crash blocks labor certifications (R 20 25)

$fe Government computer withholds benefits from British widows (R 20 19-20)

*fh UK Serbian sanctions unenforced; Yugoslav breakup unprogrammed (S 18 1:9)

demi DEC SRC Topaz rendered useless by multiple interacting events (S 16 2, a new classical saga in article by John DeTreville, pp. 19-22)

m Hundreds of duplicate computer-mail copies due to errant gateway (S 12 1)

$f 3 e-mail problems give extra copies: Internet, UUCP, MCI (S 14 6)

mfh Part of the duplicate RISKS mailings problem resolved (S 15 3)

f Posting to vmsnet.announce.newusers unmoderated newsgroup returned half- hourly nasty messages; `announce' implies moderation! (S 15 1)

m Computer failures in automated GMAT testing (S 23 3:25, R 19 50)

!Vm Remote clock comm, 22 traffic lights down. 1 killed, 1 injured (S 14 2)

*f Playing Russian Roulette with traffic lights: flawed conversion from four-way flashing red to normal patterns (R 22 57-58);

*f Lakewood CO traffic system fails; single disk drive, no redundancy (S 15 2)

*Vm Austin TX auto traffic-light computer crashes; 2 lights out (S 11 5,12 1)

*Vef Another traffic light outage in Austin TX (S 15 3)

f/h German computerized traffic-light stuck on morning rushhour (S 19 3:5)

*imM Traffic lights don't work in the snow (R 22 62,65,70)

Vef Massive failure of Washington DC traffic lights (S 21 5:16)

Vhe Dublin traffic lights out 28 Sep 1998: massive congestion (S 24 1:32, R 20 01)

Vfe Gridlock as 800 London traffic lights seize (S 27 6:10, R 22 18)

*m More on traffic signals going four-way green (R 20 48)

m(*?) Finnish computer glitch causes traffic light malfunctions; date leaps from morning 30 May 2003 to night time in 1991; cause unknown (R 22 76, S 28 6:8)

$f Overloaded Ontario transit computer delays commuters (S 14 2)

*Vh Unplugged cable plugs Orlando traffic light computer system (S 14 1)

*$Vh Hinsdale IL fire seriously affected computers and communications (S 13 3)

$mSe Minn. 9th Federal Reserve Bank flooded as air-cooling pipe bursts; serious security vulnerability left open in backup operation (S 16 3)

$V Rhine flooding disrupts computer networks for two days (S 13 3)

$hV Noisy air conditioning shut off by mayor; downs computers (S 13 4)

h GPS lost time synch when first activated when cleaning crew unplugged the master time source! (R 19 30)

VSIh Nando.net shut down for three hours by custodian vacuuming, electrical overload, data server crashes (R 19 48)

hi German Bundestag sound system disabled by misplaced book (S 18 2:5); microphones still not working, months later! (S 18 4:4)

m Gobblings of legitimate automatic teller cards (S 9 2, 10 2, 10 3, 10 5)

m Mass swallowing of falsely expired ATM cards (S 12 2)

fmi ATMs swallow 400 bank cards; retry after no diagnostic that interconnection was broken (S 22 1:21)

h Australian ATMs snatch 921 cards. "Human error" (S 12 4)

$Vf&m Bank of America outage shuts down Cal ATMs, nationwide links (S 14 1)

$Vm Wells Fargo, BofA ATMs out of service (S 14 2)

$Vfm French ATM-authorizing computers down for 30 hours (S 18 4:3)

@$f 1992 leap-year-end clock bug blocks ATM machines 1 Jan 1993 (S 18 2:11)

Vf 1200 Citibank ATMs down four hours due to `software glitch' (S 18 2:11)

$m Swiss debit-card system broke down (R 21 20, S 26 2:6-7)

Vm Royal Wedding side-effect shuts down computer machine room? (S 11 5)

$Vm CMU library computer power outage; no catalogues (S 12 2)

Vfm Santa Cruz High computer crashes on opening day; no schedules (R 17 34)

m Blown transformer disables automated library card catalog (S 18 2:7)

$Vfmh Palo Alto library computer system errs increasingly, collapses (S 18 4:3)

$Vrm NY Public Library loses computerized references; no backup (S 12 4)

Vhe Sun Valley ski area forgets to back up access database (S 23 3:25, R 19 53)

$mhmh Fear of not enough backups (S 21 2:19)

Vhe Stanford Grad School of Business storage addition causes years of work to be lost for some people; upgrade failed to check backups first (R 19 66)

$Vm Computer crashes stop gasoline pumps, other businesses (S 11 5)

$ Other problems with fast-food computers as well (S 12 1)

$Vm Aylesford new supermarket checkout failure closes store (S 17 1)

$f UNICEF loses thousands of orders for greeting cards (S 14 1)

hi Fred Cohen's saga of HP200 data integrity woes (R 19 68,69)

$f US Gov't computer password check flaw results in crossed orders (S 16 3)

$m 1017 dipsticks ordered instead of 17 due to ASCII 0-to-1 error (S 16 3)

$h M.Ward warehouse dropped from database, cut off from shipments; employees paid for 3 yrs anyway by different computer system! (S 16 3)

* Hospital gets computerized Reagan vote calls, 20/hr for 6 hours (S 12 1)

$V Broker's phone tied up 3 days: errant computerized sales pitch (S 12 1)

f Phone call deluge from program bug in computerized Coke machines (S 10 2)

h Another Coke machine phones home for help, gets Ft. Bragg number (S 17 2)

? Potential risk of latest wireless and cashless Coke machines (R 20 38)

fh More machines phone home: summary notes cold drink dispensers, lonely oil tank, faulty public lavatory, medical insulin fridge alarmed because of low temperature (R 19 31,33); multiple autodial illegal (R 19 36)

rh Vending machine default phone number 000 (Australian emergency number) yields hundreds of false alarms (R 20 47)

hi Abandoned oil-tank phone harasses MA woman for 6 months (R 17 34,36,37)

$H? Compass Airlines jammed with 25,713 calls; computer generated? (S 16 1)

f Phone machines call each other; switchhook-flash glitch (S 19 3:8)

fh Stray signal loops beeperless remote answering machine (S 14 6)

Sfm Hare Krsna chant triggers answering machine remote (R 17 91-93)

m Sony TV remote control turns Apple Performa 6300 on/off (R 17 95)

$Vm Computer network node hit by lightning; down for weeks (S 11 5)

V$m Lightning strikes drawbridge controls (twice!!), out for days (S 13 4)

Vm Lightning disables lightning-strike-monitoring system (R 20 42)

Vm Lighting triggers automated meeting-announcement messages half a day early, and repeats them for 6.5 hours (R 21 65)

VH Green-Card law firm uses the Internet to broadcast ads; volume of protest traffic shuts down systems (S 19 3:9)

Vm Basketball scoreboard clock fails as reporters PCs overload power (S 13 3)

$Vf Australian betting network downed after software inconsistencies (S 13 3)

$V Betting computer crash invalidates winners; class-action suit wins (S 19 4:9)

(h) Fire destroys on-line (sole) copies of secret ice cream flavors (S 13 3)

Vm NY Times omits op-ed page due to "computer breakdown" (S 20 5:9)

$Vh IRS has no contingency plans for computer disasters (GAO report) (S 11 2)

$Vhf Software can burn out PC monochrome monitor (0 horizontal sweep) (S 13 3)

f Hewlett-Packard recalls personal organizers, battery change loses data (S 21 2:18)

*m Product safety recall for Textronix TDS210/220 oscilloscopes (R 19 88)

Vf VMS tape backup SW trashed disk directories dumped in image mode (S 8 5)

Vf VAX UNIX file system disk purge runs amok at various locations (R 5 04)

m Disk failures after extended shutdown, bearing seal problem (S 15 3)

$m Electronic flash of BBC documentary crew hangs tape drives (S 12 4)

m EPROMS susceptible to ultraviolet, bright lights (S 14 1)

Sf Spreadsheet program destroys database (S 13 1)

m Rats take a byte out of Ugandan exam computers (R 20 05)

..... Other accidental denials of service due to interference:

$SM Computer interference from McDonalds toasters; paychecks higher (S 15 1)

$SfM Sputnik frequencies triggered garage-door openers (urban legend? or real? (revisited in R 23 19)

$SfM Pres.Reagan's Air Force One jams 1000s of garage-door openers (S 11 2)

SfM Fort Detrich communications jam garage-door openers? (S 13 1)

SM Garage door interference again - Mt Diablo and the Navy (S 14 5)

M EMI from USS Carl Vinson opens garage doors in Hobart (R 20 31)

SfmM Risks of Army ordnance being autozapped by EM radiation (HERO) (S 16 2)

SMi C-Guard antijam system jams cellular communications (R 19 73-74)

$VSmM Sunspots disrupt communications, Quebec power station, ... (S 14 5)

mM? Effects of Leonid meteor shower in 1998-99 on satellites? (R 19 23)

fmM Faulty car alarm jams S-band downlink for Lewis satellite (R 19 24)

*fM Keyless remotes to cars suddenly useless (R 23 45; S 30 1:12)

SM Johnny Carson loses his hat to electronic interference (S 14 6)

mM Clocks leap forward gradually. Power line interference! (S 16 2)

*SM Airlines ban in-flight mouse use: interference with navig. systems (S 17 3)

*mM More on risks of RF interference in aircraft: cell-phone linked to London to Istanbul crash-landing? (R 19 34,36,37)

*SM Electronic interference affects airplanes, car brakes, robots (S 18 3:A10)

*SfmM More on risks of electromagnetic interference: medical devices (R 18 47) and airplanes (R 18 47,52)

SmM Interference effects of the next cycle of solar activity (R 18 62,63)

*SM Opel Corsa stops for mobile phones (S 18 3:A10)

*SM Interference from mobile telephones affects hearing aids, cars (S 18 3:A10)

@VMf$ Sydney's new Millennium trains put on hold by electrical signal interference problems; very complex system with other problems as well (R 22 68-70)

VmM Mobile phone interference dependably crashes Netware servers (S 22 2:20)

SM Football coach-to-QB-helmet transmission interference problems (S 20 1:19)

SM RFI affects Kroll K-154 building-construction cranes in Toronto (S 20 1:20)

SM Microwave interference affects construction cranes in Seattle (S 20 1:20)

SM Accidental EMI observed during Emergency Response seminar! (S 20 1:21)

MH? Oral hackers could disrupt voice-operated systems (S 20 2:13)

SM British hospitals ban portable phones because of interference (S 20 3:10)

M* Studies of high-altitude cosmic-radiation effects on memory loss (R 18 79,81)

SM Risks of erasable "cash" in SmartCards? (R 20 25)

$mM? Damages awarded after Sleepezee Beautyrest high-tech bed controls went berserk. Electromagnetic interference? (R 19 11)

@!!M Sheffield (20 deaths), pacemakers (2 deaths), @SfM Electrocauterizer disrupts pacemaker (S 20 1:20)

@*SfM Air Force bombs Georgia - stray EMI?; @*M$ Challenger communications, CB auto interference, Ghost phone calls; @*M Fail-unsafe effects of microprocessor controlled autos; @*M Nuclear reactor knocked offline by 2-way radio in control room; @$M telephone outages, stock exchange outages, Tomahawk 2, Black Hawk; @$M "Grind" and "Sunset Boulevard" sets; and other cases noted here; @M Display lasers affect aircraft: pilots blinded over Las Vegas (R 17 55); @M Melbourne Airport VCR RF interference affects communications (R 17 44)

@VSM New HDTV signal shuts down Baylor heart monitors on same frequency (R 19 62)

@SfM Case of GPS jamming of Continental flight by failed Air Force computer-based test (R 19 71) more on GPS jamming/spoofing: British Airways flight lost all three GPS systems while French military was testing jammers; Continental DC-10 lost all GPS signals while Rome Lab was experimenting with jammers (R 19 74,85)

@SM Cell phones can interfere with auto systems (R 19 63)

@*SM Sudden auto acceleration due to interference from CB transmitter (S 11 1)

@*M Sudden acceleration of Dutch bus commonplace: interference (S 23 1:11, R 19 40)

@SM Czechs ban mobile phones in gas stations (interference) (R 19 68-69)

@mM? Air Force bombs Georgia - stray electromagnetic interference? (S 14 5)

@*$VfM Libyan bomb raid accidental damage by "smart bomb" (S 11 3) F-111 downed by defense-jamming electromagnetic interference (S 14 2) More on U.S. radio self-interference in 1986 Libyan attack (S 15 3)

@VM Australia's Melbourne Airport RF interference affected communications, traced to an emanating VCR! (R 17 44)

1.30 Law Enforcement Abuses, False Arrests, etc..

..... Database and audit-trail abuses:

!P Stalker obtained address of TV actress Rebecca Schaeffer from Calif DMV DBMS, and murdered her, July 18, 1989; new regulations on DB access: notify interrogatee, then delay response for two weeks (S 14 6, R 9 18)

!*$SHI Arizona ex-law-enforcement officer tracks down and kills ex-girlfriend; GAO report on NCIC itemizes that and many other flagrant misuses (S 18 4:7)

!SHh Woman shot by former classmate who used Internet broker to gain information (R 22 46);

!SH Man allegedly stalks ex-girlfriend with help of GPS (SmartTrack?) under her hood (R 22 46)

$SHI NY police chief indicted for misuse of confidential database (S 13 4)

SHI 3 police officers sentenced for misusing Police Nat'l Computer (S 14 2)

S Risks of STOVEACT, phone-enabled STOlen VEhicle [de]ACTivation (R 19 66)

*SHI SanFran police officer charged with deleting a warrant (S 17 1)

$SPHI 45 LA police cited for searching private computer records (S 18 1:21)

$SPHI Theft of 8.5K criminal records; investigator, 2 police indicted (S 18 2:16)

SH Maryland defense lawyers hustling clients from database of arrest warrants, sometimes tipping off defendants prior to arrest! (R 19 48)

$SPH Police frame sisters on murder charge with bogus ATM evidence (S 18 4:9)

P Victim ordered to surrender computer and passwords (R 19 43)

@S Risks in altered live video images: L-vis Lives in Virtual TV (R 18 18-21)

@P 8 convicted killers sue to prevent Mass from monitoring phones (S 19 4:12)

@$SHAI Mass. hospital technician accessed ex-employee's account, accessed 954 files, harassed former patients, raped girl (R 17 07, SAC 13 3)

The New York Times Web site exposes CIA agents (R 20 93)

SPhi Risks of automated pedophilia detection (R 23 28)

..... False arrests and hassles resulting from mistaken identities

$Phi Repeatedly detained (S 10 3:14 quoting David Burnham in The New York Times; S 11 1) for actions of an impersonator, Terry Rogan wins rights violation case (S 12 4); settles for $55,000 from LAPD (S 13 2)

$Phi Other cases of false arrest due to computer database use: C.R. Griffin license not suspended; Sheila Jackson Stossier mistaken for Shirley Jackson; two Shirley Jones, diff birthdays, 6", 70 lbs diff (S 10 3:14)

SPH John Munden, UK policeman, acquitted after having his bank account cleaned out and false fraud accusation. Must read this one. (R 18 25)

VHm Computer crash falsely blamed on San Mateo Dist.Atty computer chief by would-be successor (S 22 5:14)

Phi Richard Sklar falsely apprehended three times because of impostor (S 14 2)

$Phi Roberto Hernandez falsely jailed twice; won $7000 first time! (S 14 5)

$Phi Joseph O. Robertson in for 17 months despite contrary evidence (S 14 5)

*Phi Martin Lee Dement 2 yrs LA County jail; fingerprint sys not used (S 14 6)

*$H Another bogus identity: someone with fake ID obtained a duplicate driver's license for Teresa Stover from the Virginia DMV license; `perhaps thousands' of fraudulent licenses `bought', often by illegal aliens (S 16 3); ring of bogus license sellers

Phi Donny Ray Boone spent 41 days in jail because his name was similar to one mentioned on The Osgood File (noted in Computer-Related Risks)

Phi Wrong Neil Foster arrested on incomplete database match (S 13 2)

Phi More computer-inspired false arrests, libel, etc. (S 12 3)

*hi Nonupdated stolen-car database; one owner shot, one roughed up (S 21 4:14)

*P(f/h?) Driver arrested in computer muddle: two cars with same plates (S 17 1)

*i Police raid wrong house (twice), due to uncorrected database typo (S 17 1)

hP Two Russ Hamiltons with same birthdate; wrong one jailed (S 19 3:6)

*$h Rented car falsely listed as stolen leads to false incarceration (S 16 4)

*h ATM photo of wrong person sent as rapist/robber; `downloading error' (S 16 4)

- Motorist gets citation based on photo, responds with photo of money (S 16 4)

hi Ex-worker falsely arrested for deleting files; files were there! (S 20 2:8)

fh? Man jailed erroneously because of computer glitch (S 23 3:23, R 19 58)

hi Mistaken identity: Going to jail innocently over a speeding ticket (R 19 69,71)

Ph Bank robbery "wanted" poster of wrong person due to unchecked match (R 19 29)

Pi 70-yr-old black woman Johnnie Thomas mistaken for erstwhile FBI-top-ten man aliased as John Thomas Christopher while he was in jail; Oregon still would not remove her name from their computers (S 27 04:, R 22 07)

Phi Ed Felten's sister-in-law victim of name confusion with Ponzi schemer (S 27 3:8, R 21 90)

*$SPhie More false arrests based on bad law-enforcement data and sloppy law enforcement checks, failure to remove expired warrants (R 22 61, S 28 3:7-8)

*fh ATM time-synchronization errors lead to mistaken arrests (R 22 73,76,78,79, S 28 6:13)

*hi Wyoming woman falsely arrested on cruise ship under federal charges (R 23 43; S 29 5:16)

..... Effects of false database information

False entry for felony arrest hinders job seeking (R 20 92: S 26 1:29-20)

hP Erroneous law-enforcement data from Choicepoint: Privacy Foundation's Richard Smith discovered he had been dead since 1976, and had aliases with Texas convicts; Chicago woman misidentified as shoplifter and drug dealer, and fired. (Florida election erroneous disenfranchisement of thousands of voters also traced to bogus Choicepoint data; Choicepoint blames its data aggregator, DBT.) (R 21 42)

..... Prison problems:

!m Busy Philippine phone lines prevent stay of execution; ultimate denial of service in unreceived death reprieve (R 20 47)

hi Philadelphia jail keeps 100 despite case dispositions (S 21 4:13, R 17 80)

*SHA Santa Clara prison data system (inmate altered release date) (S 10 1)

*SHA Drug kingpin escapes LA County prison via bogus release message (S 12 4)

SHA Convicted forger released from Tucson jail via bogus fax (S 17 1)

SHA Another phony-fax get-out-of-jail scheme: Richard Foster (S 23 1:14, R 19 27)

*f Seven Santa Fe inmates escaped; prison control computer blamed (S 12 4)

*hi Oregon prisoner escaped; frequent-false-alarm alarm ignored (S 12 4)

*ref New Dutch computer system frees criminals, arrests innocent; old system eliminated, and no backup possible! (S 12 4)

Semh Another computer-miscontrolled jail enables escape (S 23 1:14, R 19 44)

hf Prisoner released due to program design flaw (S 23 3:23, R 19 59)

Sf Kenton County KY Detention Center cell doors opened spuriously, remained open for 9.5 hours (R 20 24)

Sf New Southeastern Ohio Jail emergency evacuation system malfunctions, unlocks doors prematurely, prisoner walks out! (R 20 83)

df New Tulsa County jail system development woes set back operation (R 20 39)

f New El Dorado jail cell doors won't lock - computer controlled (S 13 4)

Sf San Joaquin CA jail doors unlocked by spurious signal; earlier, inmates cracked Pelican Bay State Prison pneumatic door system (S 18 2:4)

fm Oklahoma power outage freezes jail doors (S 18 2:4)

f Northern Calif. jail-door openings due to software errors (S 19 3:11)

S Limon (Colorado) prison is claimed to be escape-proof! (S 18 4:10)

fmh Multitude of new Pittsburgh Jail system woes (S 20 5:9)

hi Data entry omission extends prisoner's sentence (S 21 5:17)

hifm Baltimore (MIS)throws the book(ing database) at criminals (S 21 5:17)

@SP Justice Dept wants to scrutinize parolee computer use (R 18 70)

HSP Texas prisoner convicted of rape employed to enter Metromail survey results, harasses respondents (R 19 13)

..... Other law enforcement problems:

fh$ UCITA, the Uniform Computer Information Transactions Act (Schneier, S 25 4:8 and R 20 87, and Simons in August 2000 CACM Inside Risks); UCITA allows vendors to have total immunity from liability; bar use of proprietary interfaces; inhibit constructive reverse engineering, even for debugging and patching; install trapdoors that enable them to disable installed software remotely! (electronic self-help); forbid publication of criticism! OUTRAGEOUS. Already passed state legislatures in Maryland and Virginia. UCITA encourages DoS and DDoS Vulnerabilities (S 26 4:4-5, R 21 27); more on UCITA (R 21 35); It's time to bury UCITA (S 26 6:10-11, R 21 41)

@Sf SDMI Secure Digital Music protocol challenge cracked; RIAA threatened to sue Princeton prof Ed Felten's team if the results were published; the paper presentation was withdrawn (S 26 4:5, R 21 37)

@Sf Lawsuit against 2600.com for posting DVD security crack DeCSS (R 21 37)

@f Digital Millennium Copyright Act (DMCA) problematic as well (S 26 4:5, R 21 37)

P WIPO Copyright legislation, HR 2281; amendment permits reverse engineering for crypto research and security evaluation (R 19 88)

m FBI Interstate Identification Index database system crashed on 11 May, for three days preventing background checks of some 100,000 would-be gun purchasers, and use of the NCIC 2000 Integrated Automated Fingerprint Identification System (R 20 88)

m*(!?) Inacessible database leads to police friendly fire in Spain (S 22 4:29, R 18 88)

$f New Dutch system fails to cope with police ticket writing (S 16 4)

* Undercover police use CHAOSNet BBoards in `snuff' film bust (S 14 6)

fi INS suspends immigration process due to EDS fingerprint data format incompatibility (R 20 10)

f Fault in electronic leg tag indicates false-alarm escape (S 14 6)

*mf System fails to report movements of murderer with electronic anklet (S 17 3)

fh Monitoring systems cause unintended changes in [Bell Canada operator behavior and] Metro Toronto Police (S 18 2:6)

f Long Beach CA crime statistics affected by program error (S 16 2)

- Old bounced checks jail hotel employee on visit from Barbara Bush (S 17 3)

$h Fees on unused account overdraw, generate felony arrest warrant (S 18 1:15)

- Swedish court fines parents for son's overly long name (S 21 5:17)

i Australian court emulates Swedes (S 21 5:17)

@SH "Virus" removes security barriers in Italian judicial computers (S 17 3)

@$ NSWales computer deregisters all police cars; unmarked car scofflaw (S 15 2)

@SP Police can't crack crypto used by Basque terrorist organization (S 17 3)

@SH* NY Police Department phone system cracked (S 21 5:19)

- Woman on murder charge blames chip implanted in brain by ex-husband (S 17 3)

fi Computer-generated will rejected by court (R 17 95)

fe When it was automated, Paris police computer mismatched split-out Corsican city code with postal code, and was unable to collect motorists' fines (R 19 41,42)

i Risks of Florida's automating traffic citations (R 19 34)

- Computer glitch turns traffic ticket into sex conviction (R 19 73)

..... Law enforcement successes:

+ Forensic use of GPS to catch murderer (S 23 3:26, R 19 83)

1.31 Identity Theft, Internet Fraud, Mistakes, Related Problems

..... Identity theft:

@$Phi Repeatedly detained (S 10 3:14 quoting David Burnham in The New York Times; S 11 1) for actions of an impersonator, Terry Rogan wins rights violation case (S 12 4); settles for $55,000 from LAPD (S 13 2)

$HP Imposter usurps Clinton Rumrill's existence (S 19 3:7)

$HhP New license sent to imposter who plagued Charles Crompton (S 19 3:7)

$SH 550 felonies in 1991 for SSN misuse; 12 people adopt a single SSN; $10,000 charge loss; 5 people cleaned out someone else's benefits (S 16 4)

SP Impersonator transfers numerous traffic citations to victim (S 17 2)

SHA Masquerader's name collision lands robbery victim in jail (S 23 1:14, R 19 28)

SHA NC identity theft defeated by victim's wife (R 20 08)

SP Report on identity theft (S 25 3:22, R 20 77)

SPh Actor Jerry Orbach sues eBay for auctioning off a contract containing his SSN, leading to fraud (R 20 85); new identity theft case (R 20 86)

SPHh Serious increases reported in identity theft (R 20 95, 21 04-05; S 26 1:34) See http://www.calpirg.org for possible assistance if you have been had.

SPH California DMV fosters identity theft: 100,000 of 900,000 duplicate license requests in 1999 were fraudulent! (R 21 07; S 26 1:34); Identity theft risks with California driver's licenses as primary IDs (R 21 29-32,36); and supermarket discount cards (R 21 30); video rental aftermath (R 21 30)

SP Indiana University system penetration detected offloading of student info files; fears of identity theft (R 21 29)

SH$ Pair held in plot to steal thousands of mortgage identities (R 22 72; S 28 4:9)

SHA Bogus computer-generated letters sent out in Bradford UK requesting original birth certificates (suitable for identity theft!) so that local council could recreate lost computer records (R 21 44)

SP More identity thefts: To drive or to avoid identity theft: mutually exclusive? SSNs, laws, etc., nice analysis by Brett Glass (R 21 39); concerns for identity theft often go unheeded (R 21 54); risks of identity theft resulting from moving, DMV, SSN, etc. (R 21 54,55); huge identity theft uncovered: chat-room files with SSNs, drivers' license numbers (R 21 56)

$S FBI arrests dozens for Internet fraud, growing problem (R 21 42); Internet Ponzi scam nets $50M (R 21 51)

$SH U.S. cracks down on Internet fraud; 130 people charged, 90 investigations involving 89,000 victims, losses at least $176M (R 22 73, S 28 6:11); Gartner Group estimates 3.4% of U.S. consumers suffered ID theft in 2002; arrests in only one out of every 700 cases (R 22 82, S 28 6:11); identity theft victimizes 3.3 million in 2002, costs billions: businesses $32.9B, consumers $3.8B; 6.6 million victims of account theft (R 22 90)

$SHAO 18-yr-old Brazilian arrested for thefts using the Internet, with $3 million in his account, stolen credit-card info, etc. (S 27 6:13, R 22 15)

SH Internet fraud complaints triple in 2002, including auction fraud, nondelivery of goods, credit fraud, fake investments (R 22 71)

SP California birth records acquired by RootsWeb.com, placed on the Internet; increasing risks of identity theft? Opt-out only (R 21 80); PGN attempted to opt out. The response was that they have removed the entire databases for California and Texas (R 21 81)

SP Identity theft without prior knowledge of SSN (S 27 2:14-15, R 21 82,83)

SHhH Another case of identity theft; identity hijacker reversed the corrective changes! (R 21 93)

SHP Dictionary attacks can result in eBay identity theft (R 21 98); eBay lack of security facilitates fraud, locks out legitimate user (R 22 01)

SPH Bogus "IRS Form W-9095" not issued by the Gov't, with considerable identity theft potential, renounced by Secret Service (R 22 02)

SP Stiffer penalties sought: 2 to 5 years in jail for aggravated identity theft (R 22 06)

SHAI/O Massive identity theft ring broken up misusing Ford Motor Credit credentials, with 30,000 victims (R 22 40; S 28 2:13)

SHAI/O? Theft of information on 500,000 military-related from TriWest Healthcare Alliance on 14 Dec 2002 (R 22 46; S 28 2:14)

SP Identity thefts: Alleged ID thief accused of identity theft on 12 Boston lawyers, using birth certificates and credit reports, evaded authorities for a year; previously convicted of fraud (R 22 20); Online job listing leads to ID theft scam via bogus `background check' (R 22 35); 4MyEmergency.com gathers personal info in case of disaster, ripe for misuse (R 22 26); Busboy pleads guilty to ID theft (R 22 28) [follow-up on (R 21 29)] Potential ID theft risk in X-Box gamezone (R 22 39); Identity thieves create change-ebay.com with a stolen credit card, scam obtains eBay user names and passwords (R 22 40,43); Yet Another eBay-Spoofing Scam (R 22 98); H&R Block employees suspected of identity theft against 27 customers (R 22 46)

SP+ Virginia Identity Theft Passport identifies theft victims as victims, (R 22 80,81) and risks of its being forged! (R 22 83)

SHPf Virginia grievance system online, except SSN is all that is needed to access the file (R 22 77)

$SHP Identity thefts doubled from 2001 to 2002 (R 22 52; S 28 3:7)

$SHP 19 charged in identity theft that netted $7 million in tax refunds (R 22 54, S 28 3:7)

$SHP Identity theft evidently based on spoofing AOL (R 22 56, S 28 3:7)

SP Canadian Centre for genealogical information might become a Centre for Identity Theft! (R 22 51)

SHP Fake job listings on Net fostering identity theft (R 22 60)

$SHP Identity mixup: NZ teacher identified as prostitute (R 22 62, S 28 3:7)

*$SHPh The darkest side of ID theft: victim being arrested (R 22 62, S 28 3:7)

*$SHPh Wrong man arrested after identity theft (R 22 62, S 28 3:7)

@*$SPhie More false arrests based on bad law-enforcement data and sloppy law enforcement checks, failure to remove expired warrants (R 22 61, S 28 3:7-8)

*SPhie Security holes at DMVs nationwide lead to identity theft and safety concerns (R 23 16)

$SHP Most identity theft occurs offline; computer crimes only 12% of all ID fraud cases (R 23 69)

SPh BofA loses unencrypted backup tapes in transit with data for 1M federal employee customers (R 23 76,77)

$SHAOP ID thefts: ChoicePoint warns 145,000 people of ID theft concerns (R 23 73; S 30 3:33-34) Paris Hilton wireless phonebook compromised (R 23 76; S 30 3:34; masquerader posing as cell-phone operative, R 23 90); DSW Shoe Warehouse customer information compromised (R 23 78; S 30 3:34); Breakin at SAIC risks ID theft for tens of thousands of past/present employees (R 23 73; S 30 3:34); Boston College loses SSNs and other data on up to 100,000 alumni (R 23 80; S 30 3:34); University of Cal Berkeley laptop theft compromises 98,369 alumni, grad students and applicants; new California law requires disclosure (R 23 82; S 30 3:34) 310,000 Lexis-Nexis records accessed by identity thieves (R 23 84; S 30 3:34)

SPh Time Warner backup tapes lost with 600,000 records (R 23 86; S 30 4:31)

$SHPI 48,000 Wachovia customers. 600,000 Bank of America customers, and others from Commerce Bank and PNC Bank of Pittsburgh notified that their financial records were potentially compromised by insider operation; laptop with information on 16.500 MCI employees stolen (R 23 88)

SHP$ Citibank: Japanese division lost mag tape on 120,000 customers, and in the U.S. lost a box of tapes on 4,000,000 American customers sent by UPS. Also 10 million consumers victimized by identity theft each year; quote from Mike Gibbons: "I think there are some people who dismiss this as a sky-is-falling problem. But the sky has already fallen and it's just a matter of when a piece hits you in the head." (R 23 90)

SHPO$ Colorado Attorney General John Suthers victim of identity theft; hecks issued by a credit card company for a cash advance promotion were stolen from his home mailbox (R 23 90)

SHPAO Penetrator accesses files at Equifax (R 23 91)

SHI$ Virginia DMV fraud again; illicit licenses cost up to $3,500 each (R 23 94); many years ago, the bribe was only $25 for a notorious Virginia DMV office.

SHPI Indian call centre 'fraud' probe: info on 1000 customers sold (R 23 93)

SP Private, personal medical info on hundreds of people faxed to wrong location; HIPPA hotline not interested (R 23 90)

SPf Programming error leaves USC application system wide open (R 23 93,95)

SHhiP CardSystems' noncompliant practice compromises credit information (R 23 91; S 30 4:29-30)

SHhP The ChoicePointSyndrome: Robert Ellis Smith's Privacy Journal provides a compendium of recent breaches of sensitive personal information, including CMU Business School, Tufts Univ. (106,000 alums), ChoicePoiint (sold data on up to 500,000 people), DSW Shoe Warehouse (1.4M customers), HSBC (180,000 GM MasterCard holders), Ameritrade (200,000), Canadian Imperial Bank of Commerce, four state DMVs, Iron Mountain (lost Time Warner backup tapes - fourth such loss in first half of 2005), Cal State Chico, U.Cal Berkeley (100,000 SSNs), Kellogg School of Management at Northwestern (21,000), Colorado State Health Dept. See www.privacyjournal.net. (R 23 88; S 30 4:28-29) They all add up to more opportunities for Identity Theft!

..... Risks of identifiers, particularly as authenticators:

SPHfm Risks of national ID cards and supporting infrastructures, and risks of belief in identities (S 27 1:11-12, R 21 74-75); see also
http://www.csl.sri.com/neumann/insiderisks.html#138

SPIOA Risks involved in Social Security Admin PEBES database (R 19 05,06,09,12); legislation to bar use of personal information (R 19 10); See PGN's U.S. House testimony on PEBES and identity theft (http://www.csl.sri.com/neumann/ssa.html), subsequent extended position paper for an SSA panel (http://www.csl.sri.com/neumann/ssaforum.html); more on PEBES database problems (R 19 16); SSA restores PEBES service, with opt-in and a few other safeguards (R 19 37)

SHA Knowledge of SSN sufficient to convince SSA falsely of Kirsten Phillips' death (R 19 39)

SP Risks of SSNs: Chris Hibbert's SSN FAQ (http://cpsr.org/cpsr/privacy/ssn/ssn.faq.html) (R 19 12);

SP CALPIRG Theft Identity Guide for protecting your identity http://www.pirg.org/calpirg/consumer/privacy/toi/prevent.htm (R 18 91)

$Phi Discussion of identity cases, Inside Risks, CACM, 35, 1, Jan.1992.

P Identity theft risks with California driver's licenses as primary IDs (R 21 29-32,36); and supermarket discount cards (R 21 30); video rental aftermath (R 21 30)

$P Abraham Abdallah arrested while picking up equipment for making bogus credit cards, had data-mined SSNs, addresses, birthdates, et