The Risks Digest Index to Volume 25 Search RISKS using swish-e Forum on Risks to the Public in Computers and Related Systems ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Index to Volume 25 Forum on Risks to the Public in Computers and Related Systems ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Volume 25 Issue 00 () Subject: SUMMARY OF RISKS VOLUME 25 (ongoing) (archived in ftp file risks-25.00) Volume 25 Issue 01 (Monday 7 January 2008) Fire! Works! oops, too slow (Mark Brader) Boeing 787 networking issues (Martyn Thomas) Feds Release Pass Card details (Brock N. Meeks via David Farber) Has chip-and-pin failed to foil fraudsters? (Pere Camps) Sears exposes customers' information via its web site (Rich Kulawiec via IP) User Data Stolen From Pornographic Web Sites (David Lesher) Election Computers Stolen in Tennessee (David Lesher) Er, Airline Captains Do What, Again? (Rick Moen) Risks of embedded javascript (Paul Wallich) Mercedes console display with conflicting information (Henry Baker) Mac Quickbooks update deletes user desktop (Bonnie Packert) No more loose lithium batteries in checked luggage (Peter Gregory) Risks of believing what you see on the WayBack Machine (Fred Cohen) Re: Computer Failure Causes Closure of Seattle Downtown Transit Tunnel (Stanislav Meduna) Re: Satnav: Nope, you can't get there from here. (Craig DeForest) Re: Satnav (Martyn Thomas) Re: Drunk a better guide than sat nav (Ross Younger) Passing of Computing and Information Security Pioneer: Jim Anderson (Gene Spafford) Volume 25 Issue 02 (Monday 14 January 2008) Coffee Grounds Qantas (Charles Wood) Computer problem suspected in erratic Airbus flight (Antonomasia) Metal structure beneath runway affects aircraft instruments (David Dixon) Polish teenager uses city trams as train set (Peter Houppermans) Novel approach to reducing electoral fraud (Peter Mellor) Risks of believing a GPS system (Paul Karger) GPS in a tea shop anecdote (Mark Brader) More GPS mishaps (Paul Saffo) Nightmare on VoIP Street (Ed Ravin) http://catless.ncl.ac.uk/Risks/25.00.html[2011-06-10 11:28:26] The Risks Digest Index to Volume 25 A risk of static analysis tools -- and refereeing (Peter Gutmann) Bank gives money to fraudster posing as its chairman (David Dixon) REVIEW: "Managing Knowledge Security", Kevin C. Desouza (Rob Slade) Volume 25 Issue 03 (Tuesday 29 January 2008) Data entry error leads to incompatible transplant (Mark Brader) London Heathrow plane crash (Colin Stamp) "Butterfly Award": French Bank Says Trader Hacked Computers (Henry Baker) Henhouses, guarding of, by foxes: Kerviel Kerfuffle (Steve Summit) Problems with the German tax software "Magpie" (Debora Weber-Wulff) Florida computer problems halt early voting (PGN) The risks of upgrading software (Clive D. W. Feather) Charter Cable deletes 14,000 e-mail accounts. No backups. (Danny Burstein) IRS: Kansas City lost our tapes. Lots of personal info.... (Danny Burstein) Automated parking garage reopens (Rich Mintz) Blue Screened Asphalt Jungle... (David Lesher) Windows virus protection on NASA Linux machines (David Lesher) Authors, pseudonyms, and software (Steven M. Bellovin) Re: Metal structure beneath runway affects aircraft instruments (Roderick A Rees) Re: Boeing 787 networking issues (Mark Siegel) Re: Coffee Grounds Qantas (Brian Hayes) Re: More GPS mishaps (Joel Maslak, Dag-Erling Smørgrav, Paul Saffo) REVIEW: "Fuzzing", Michael Sutton/Adam Greene/Pedram Amini (Rob Slade) Volume 25 Issue 04 (Saturday 2 February 2008) Transplant patient has NEW kidney removed after NHS computer blunder (Richard I. Cook) Tachometer error caused 2005 runway overrun (Mark Brader) Mideast submarine cable disruptions (David Lesher) Empire State Building car e-interference mystery (David Chessler) Technology Review: Stopping cars with microwaves (David Chessler) Manufacturer Blames Bankruptcy on Failed ERP Implementation (Ken Dunham) 2008 meltdown margin player blames s/w for failure to complete trades (George Michaelson) Fifth Amendment: Passphrase cannot be forced (David Lesher) British software pirate sells GBP 12K package at 1/1000 (Peter Mellor) DTV vs USPS (Peter Zilahy Ingerman) Voting Machine Usability Testing (Ken Dunham) Impersonating armored car personnel (Craig Partridge) Another public data loss in the UK (Robert Klemme) Automated calling system glitch locks down school (Steve Eddins) Re: Air Canada A319 upset (Peter Ladkin) Re: Coffee Grounds Qantas (Preston de Guise) Re: Metal structure beneath runway ... (Neil Youngman) Hoist by one's own petard: data security: UK Child Benefits (Adrian Cherry) REVIEW: "Software Testing Practice: Test Management", Spillner et al. (Rob Slade) Volume 25 Issue 05 (Monday 18 February 2008) L.A. School payroll system's spectacular failure (Richard I. Cook) FBI mistakenly receives supposedly protected e-mail (Steven M. Bellovin) Canadian Government Mails Out Confidential Data (Ken Dunham) JAL cabin crews sue over personal info (PGN) JAL near miss on attempted takeoff (PGN) Future of e-voting in doubt in Japan (PGN) http://catless.ncl.ac.uk/Risks/25.00.html[2011-06-10 11:28:26] The Risks Digest Index to Volume 25 Computer Error Strands Tanker off Massachusetts (Lee Rudolph) Bell Canada Data on 3.4 Million Customers Stolen (Ken Dunham) Royal Canadian Mounted Police Censured for Privacy Violations (Ken Dunham) Re: Lost Kansas City IRS tapes with personal info. (Danny Burstein) Critics chuck MS 'friendly worm' plan on the compost heap (Chris Leeson) Another BlackBerry Outage Caused by System Upgrade? (Ken Dunham) Vulnerability info suppressed by criminals paying to hide it (Ken Dunham) New GAO Report on IRS Information Security Pervasive Vulnerabilities (Diego Latella) The GPS miracle (Rich Mintz) 'Woman Says Being Declared Dead Ruins Life' (PGN) A reminder: Eric Sevareid's Law (Ken Knowlton) Ah yes, just what you need!!! (David Lesher) Volume 25 Issue 06 (Monday 25 February 2008) Securing The Wrong Spaces: A Lesson (Paul Ferguson via Gregory Hicks) Software problem at London Heathrow Terminal 4 affects baggage (Peter Mellor) YouTube outage blamed on Pakistan (Amos Shapir) One way not to conduct Internet voting (Peter Kaiser) Being declared dead ruins life (Andrew Koenig) New RFID ticketless bus system in Brisbane goes live... with glitches (George Michaelson) US Treasury "TreasuryDirect" Web site security enhancements (Jonathan Kamens) EU money for 4 small businesses IT risk mgmt pilot (Patrick O'Beirne) Cold Boot Attacks on Disk Encryption (Jacob Appelbaum, Declan McCullagh) Illegal drag race kills eight (John Curran) Free-to-download password cracker (Peter Mellor) Re: the GPS miracle (Steven M. Bellovin) Volume 25 Issue 07 (Saturday 1 March 2008) Risks of Leap Years and Dumb Digital Watches (Mark Brader) Risks of Leap Years and Dumb Airline Software (PGN) $1.2 billion up in smoke (Paul Saffo) Southeast Florida Massive Power Outage (Steven J. Greenwald) FL power failure triggered by human error (Lauren Weinstein) Competent? We can't even archive our own e-mail reliably! (Jim Horning) DreamHost Accidently Bills Customers $7,500,000 (Dan Jacobson) IT Project Failure Blog (Ken Dunham) Is the "law of unintended consequences" biting W3C DTD reference? (George Michaelson) Pakistan, YouTube, Google, and No Simple Answers (Lauren Weinstein) Re: YouTube outage blamed on Pakistan (R A Lichtensteiger, Richard Grady, Jay R. Ashworth) Cold Boot Attacks: Vulnerable While Sleeping (Ed Felten via Monty Solomon) Citibank needs a clue (Rich B. Astaird) Re: Hoist by one's own petard: data security: UK Child Benefits (Merlyn Kline) REVIEW: "Better Ethics Now", Christopher Bauer (Rob Slade) Volume 25 Issue 08 (Friday 14 March 2008) Wind Power Risks (Charles Wood) FBI Found to Misuse Security Letters (lynn via Dave Farber's IP) RFID hack could crack open 2 billion smart cards (Sharon Gaudin) Nasty scanner attack: AccuBasic malware (PGN) Hacking a pacemaker (Gadi Evron) More on pacemaker risks (PGN) Stopping cars with microwaves (Matthew D. Healy) http://catless.ncl.ac.uk/Risks/25.00.html[2011-06-10 11:28:26] The Risks Digest Index to Volume 25 It's too easy to access the "off" switch (Robert P Schaefer) UK ISPs to sell users' private browsing information (Mike Scott) TSA can't believe MacBook Air is a real laptop; owner misses flight (Paul Saffo) Deja Vu all over again (Andrew Koenig) CAPTCHA attacks (Monty Solomon) Safari "beachball" black on black (Richard A. O'Keefe) Risks of Leap Years and Dumb Digital Watches (Clive D. W. Feather, Amos Shapir) USENIX Announces Open Access to Conference Proceedings (Lionel Garth Jones) Volume 25 Issue 09 (Thursday 27 March 2008) Billion-dollar IT failure at Census Bureau (eekid via David Farber) A Heart Device Is Found Vulnerable to Hacker Attacks (Barnaby Feder via Monty Solomon) FL power outage NERC updates (Catherine M Horiuchi) Vandals halt some hybrid buses using external 'off' switch (Rick Damiani) Flight Service Software Crashes; Pilot Briefings Delayed (Gabe Goldberg) Substantial supermarket breach affects millions (Robert Heuman) Man arrested by mistake over phone system bug (Rick Damiani) Hoax on Craiglist causes duped victims to steal property (Mark Brader) Payment by fingerprint disappears (Jon Van and Becky Yerak via Paul Saffo) Cute e-mail leak (Steve Summit) Search engine bait? (Steve Schafer) Volume 25 Issue 10 (Tuesday 1 April 2008) A modest proposal for the improvement of Daylight Saving (Tony Finch) A Current Affair: Lauren Weinstein, Inside Risks, CACM April 2008 (PGN) Chaos Computer Club publishes