Saturday, August 13, 2011

Gmail Jochannan bn Israel Bernays
Re: [HoboMurderer] Cosmic Radiatitioun Computer FrequeOut 20 KILLED bezerker MicroProCessionErCRIME?
john bernay Mon, Sep 26, 2005 at 6:55 AM
To: elijahradioprophecy@gmail.com

/Fa 2 16 df0 DIllustrative Risks to the Public

in the Use of Computer Systems

and Related Technology

Peter G. Neumann, Computer Science Laboratory,

SRI International, Menlo Park CA 94025-3493

Risks cases as of 8 October 2003, Copyright 2003, Peter G. Neumann, SRI

International EL243, Menlo Park CA 94025-3493 (e-mail Neumann@csl.sri.com;

http://www.CSL.sri.com/neumann; telephone 1-650-859-2375; fax

1-650-859-2844): Editor, ACM SIGSOFT Software Engineering Notes, 1976–93,

Assoc.Ed., 1994–; Chairman, ACM Committee on Computers and Public Policy

(CCPP); Moderator of the Risks Forum (comp.risks); cofounder with Lauren

Weinstein of People For Internet Responsibility (http://www.pfir.org).

This list summarizes items that have appeared in the Internet Risks Forum Digest

(RISKS) – which I moderate (comp.risks newsgroup) – and/or published ACM

SIGSOFT Software Engineering Notes (SEN). In this collection of mostly

one-liner summaries, (R i j) denotes RISKS volume i issue j; (S vol no:page)

denotes an issue of SEN, where there has been one volume per year, with vol 28

being the year 2003; page numbers are given regularly from 1993 on; (SAC vol no)

indicates an item in the quarterly SIGSAC Security and Control Review, where vol

16 is 1998, which was the final volume. The RISKS-relevant SEN material prior to

1995 is summarized in my Computer-Related Risks book (see below). SEN

material is now being brought on-line by Will Tracz: http://www.acm.org/sigsoft

Some incidents are well documented, while others need further study. A few are of

questionable authenticity, and are noted as such ("bogus???"). Please send me

corrections and new cases, along with suitable references. This document is

updated at least quarterly and is browsable on-line

(
ftp://ftp.CSL.sri.com/neumann/illustrative.html courtesy of

Otfried Cheong’s Hyperlatex). [Hyperlatex is wonderful Free Software:

http://www.cs.uul.nl/˜otfried/Hyperlatex).] This document is also printable in a

two-column 8-point format (illustrative.pdf and illustrative.ps).

SEN regular issues, by year, volume&number

..1976,vol 1: #1 = May; #2 = Oct

==================================

..year 1977 78 79 80 81 82 83 84 85

volume 2 3 4 5 6 7 8 9 10

---------------------------------

Jan #1 1 1 1 1 1 1 1 1

Apr #3 2 2 2 2 2 2 2 2

Jul #4 3 3 3 3 3 3 4 3

Oct #5 4 4 4 5 4 5 5 5

==================================

..year 1986 87 88 89 90 91 92 93 94

volume 11 12 13 14 15 16 17 18 19

---------------------------------

Jan #1 1 1 1 1 1 1 1 1

Apr #2 2 2 2 2 2 2 2 2

Jul #3 3 3 5 3 3 3 3 3

Oct #5 5 4 6 5 4 4 4 4

==================================

..1995,vol20: #1=Jan; 2=Apr; 3=Jul; 5=Dec

..1996,vol21: #1=Jan; 2=Mar; 4=Jul; 5=Sep

..1997,vol22: #1=Jan; 2=Mar; 4=Jul; 5=Sep

..1998,vol23: #1=Jan; 3=May; 4=Jul; 5=Sep

..1999,vol24: #1=Jan; 3=May; 4=Jul

..2000,vol25: #1=Jan; 2=Mar; 3=May; 4=Jul

..2001,vol26: #1=Jan; 2=Mar; 4=Jul, 6=Nov

..2002,vol27: #1=Jan; 2=Mar; 3=May, 5=Sep

..2003,vol28: #2=Mar; 3=May; 4=Jul, 6=Nov

Read the Risks Forum as comp.risks if you can, or send e-mail to

risks-request@csl.sri.com for a subscription, single text line "subscribe" (append

desired address only if not your From: address), or "info" for info. Send

contributions to risks@CSL.sri.com. Archives are available at http://www.risks.org,

which redirects to Lindsay Marshall’s Web site at Newcastle

http://catless.ncl.ac.uk/Risks/, including a nice search facility. Specific issues can

be read directly as
http://catless.ncl.ac.uk/Risks/I.J.html

[where I=volume#, J=issue#]. SRI’s archive is at

ftp://ftp.sri.com/risks
or by "ftp ftp.sri.com", "login anonymous", "cd

risks" (which gets the "dir" for the current volume, and "cd i" then gets you into the

subdirectory for preceding volume i). An Australian mirror is at

http://the.wiretapped.net/security/textfiles/risks-digest/. "Inside Risks" distills some

of the discussion into a monthly inside-back-cover column in the Communications

of the ACM. The list columns to date is given at the end of this list.

My book (Peter G. Neumann, Computer-Related Risks, Addison-Wesley (ISBN

0-201-55805-X) and ACM Press (ACM Order 704943), 1995) summarizes many of

these cases and provides additional analysis. (A few errata for the first three

printings are on my Web page, noted above.) Most of the (S vol no) items listed

below for i
􀀀 20 are discussed in the book; more recent items generally include the

relevant on-line (R i j) references. If you cannot find the book in a bookstore, it is

on amazon.com, or call A-W within the U.S. at 1-800-822-6339 – or if you are

outside of the U.S., 1-617-944-3770 and ask for International Orders. The book is

now also available in Japanese (ISBN 4-89471-141-9). Instead of trying to produce

a second edition in the face of a massive influx of new RISKS cases, the fourth

printing of the book gives the URL for the Addison-Wesley Web site

(http:www.awl.com/cseng/titles/ISBN-0-201-55805-X/), which includes the first

chapter of the book and an extended preface. That Web site and my own contain

further material that would otherwise have gone into the second edition. See

http://www.csl.sri.com/neumann/risks-new.html for new material and

http://www.csl.sri.com/neumann/cal.html for an excerpted summary of Y2K and

related calendar-clock problems.

Henry Petroski (among others) has noted that we rarely learn from our successes,

and must learn more from our failures. The collection of cases cited here provides

rich opportunities for reflection that could help us to avoid similar problems in the

future. Unfortunately, it also demonstrates that the same types of mistakes tend to

recur.

SEN
and RISKS also consider approaches for developing better computer systems,

e.g., safer, more reliable, more secure. There are many approaches to developing

sound systems; none is guaranteed. Whereas the emphasis in the following list is

on problems rather than on would-be solutions, the pervasive nature of the

problems suggests that techniques for the effective development and operation of

computer-related systems are frequently ignored. Worse yet, even ideal systems

can result in serious risks, through unanticipated technological problems or human

foibles. We include here primarily cases that have been publically reported,

although we know of various additional cases whose existence for one reason or

another has not seen the light of day. A few successes are also included, although

the failures seem to predominate. We are always interested in hearing more about

successes. Although I receive occasional complaints about the preponderance of

failures in RISKS, there appear to be very few real successes. Perhaps not enough

folks are heeding some of the advice that you can gather from RISKS and that are

distilled in Computer-Related Risks.

Descriptor Symbols

The following descriptor symbols characterize each entry.

! = Loss of life/lives; * = Potentially life-critical or safety problem

V = Overall system or subsystem surViVability problems (with respect to diVerse

adVersities, including attacks and malfunctions). Startlingly many cases fit this

category; many V-unflagged cases also represent failures to continue performing

properly, or delays, or other cases of misuse that could have led to much more

serious survivability problems.

$ = Loss of resources, primarily financial

S = Security/integrity/misuse problem; P = Privacy/rights abuse or concern

H = Intentional Human misuse (e.g., user-administrator-operator-penetrator)

h = Accidental Human misuse or other inadvertence

a = Event attributed to animal(s)

I = Insider; O = Outsider; A = Inadequate Authentication, Access control, or

A
ccountability

d = System Development problems

e = Improper Evolution/maintenance/upgrade. (H,h,i,f,d,e involve human foibles.)

r = Problems with Requirements for system or operation (including the overall

system concept)

f = Flaws (or Features in design, or hardware/software implementation)

i = MisInterpretation/confusion/human errors at a man-system Interface;

documentation problems

m = Hardware Malfunction attributable to system deficiencies, the physical

environment, acts of God, etc.

M = Malfunction specifically due to electronic or other interference

+ = Beneficial; - = problematic with none of the above categories

1

@ = This item is also listed in another category

Items Listed by Categories

Recent yet-to-be-merged items

*fh Discussion of US/UK smart bombs missing targets in Iraq (R 21 26-28)

f Errors discovered in Affymetrix GeneChip database (R 21 36)

$ Destia (EconoPhone) terminates all service (R 21 37)

*SM UK trials of GPS controlled car speeds (R 21 22-23)

V(m/f?) Canadian grocery chain Sobeys’ software crash lasts 5 days (R 21 22)

Vf University of Washington server crash leaves thousands of students unable to

register for classes (R 22 38)

i Risks of not-quite-identical keyboard layouts (R 21 26)

$h United Airlines Web site for one hour accidentally offered SFO-Paris round trips

for cost of taxes and fees only (roughly $30 instead of $300) (R 21 24-25)

f Japanese modem misdialing seemingly at random in pulse-dial mode (R 21 25)

eh EoExchange shuts down free ad-supported services without warning; customer

data lost (R 21 32)

f(H?) Fiji loses all year-2000 account info (S 26 6:10, R 21 50)

i PC virtual-parrot squawks confuse firemen (S 26 6:10, R 21 46)

mf Power outage causes motorized-chair shopping carts to run amok; default state

brake off, in forward gear (R 21 50)

m Brownout-lowered voltages take out computers in Livermore (R 21 51)

f Cable theft results in network congestion when Seti@Home screen savers are

unable to access Seti servers (R 21 48,53)

fe Carefully planned seamless British Telecom BT SurfTime upgrade seemed very

seamy, with premature cancellation of old service (R 21 44)

hie Risks in MacOS 10.2.4 update and httpd.conf replacement (R 22 56)

$fe UK magistrates courts staff upgrade failure requires two sets of systems instead of

one, and a huge windfall for the deficient contractor (R 21 59)

fe Adobe Acrobat 5.0 pdf upgrade not backward compatible (R 21 59)

e NASA data from 1970s lost due to "forgotten" file format (R 21 56)

f California DMV sorting machine sends licenses to wrong people; 8-year-old sorting

machine blamed (R 21 39)

* IBM auto dashboard system can shoot water at drivers not answering questions

properly (R 21 53)

he Half of Norway’s banks offline for a week: erroneous keystroke in EDB Fellesdata

AS upgrade wiped out entire data warehouse instead of merely initializing 280 new

disks (R 21 58)

e Removal of departed Washtenaw County MI employee loses supposedly unrelated

Netscape Calendar events (R 21 54)

[f=feature] Incompatibility between 1904 date in Mac Excel and 1900 in Windows

affects expert-witness report (R 21 47); cut and paste risk between WinWord and

Excel in Office 2000 (R 21 53)

+ OnStar GPS computer reports accident, pinpoints hit-and-run driver (R 21 46)

f Polarized sunglasses mask LCD displays (R 21 53,54,56)

f False fatal-error report on completed atomic transaction (R 21 53,54,57)

mh Fiber cut takes out network connectivity within U. Pennsylvania (R 21 55)

i Another autoresponder loop (R 21 51,56)

$fhe Euro computer cutover risks (R 21 40)

f$ Payday delayed by one day in Belgium; once-in-five-year glitch (R 21 45)

h JDS Uniphase bad quarterly results report allegedly hacked, halting trading – but it

turned out the report was Web-posted prematurely! (R 21 56)

eHS Beware of free URL-forwarding services (R 21 47)

di Custom system risk: dead men produce no documentation (R 21 47)

$h 40,000 federal tax returns and $800M payments missing at Mellon Bank

processing center (R 21 63)

$fe Canada Post bills $310 million for 9 recent parcels allegedly dated from 1906 to

1928, resulting from merger of 60 different databases (R 21 50)

$f US Airways credit-card snafu: double billing due to known "programming error"

(R 21 54)

$f Qwest Wireless erroneously overbills customers by thousands of dollars; one bill

was for $57,346.20 (R 21 55)

$m CD-eating geotrichum fungus amongus (R 21 51)

? Singapore bands divorce by SMS (short-text messaging between cell phones),

overruling Muslim authorities, after 16 divorces Apr to Jun 2001 (R 21 58)

- Chinese Internet blind date turns out to be married couple; big spat when they

finally rendezvoused! (R 21 55)

fhe Glitch in iTunes deletes Macintosh drives; bug detected pre-release, but wrong

version was released (S 27 1:10, R 21 74,78-80)

$fh New British solar parking meters give free parking in bad weather, when installed

under trees, etc. (R 21 65)

$H Judge tosses out red-light camera tickets because contractor had incentives to

increase the number of citations (R 21 65)

fi Poor car-wash control interface design (R 21 77)

!hi Military intelligence at its best? "As a pilot, I can do everything perfectly with a

perfect weapon system, and still cannot account for every weapon going exactly

where it’s supposed to go." U.S. Rear Admiral John Stufflebeem was responding to

the deaths of three U.S. soldiers in Afghanistan after yet another bomb went astray.

(S 27 2:5, R 21 82)

he Stupid defaults in database conversion cause propane runout (S 27 2:5, R 21 89)

*hi(VSP also) Sometimes high-tech isn’t better: discussion of doctors’ dependence

on computers (Laura S. Tinnel, S 27 2:5, R 21 84)

$f Japanese Yohkoh satellite loses control due to annular eclipse during invisible-orbit

out-of-sight period, draining batteries; recovery possible but not clear (R 21 85)

Vm Durham NC water line break closes 911 center and police department (R 21 89)

Vf(SH?) Dutch royal chat session failed on apparent overload (R 21 89)

e$ NZ healthcare-insurer computer upgrade delays payments (R 21 88)

h UK hospital tells elderly men they’re pregnant (R 21 87)

$f Automated debit of $21,000 on water bill: "There’s nothing we can do to stop it."

(R 21 87)

fi Excel cut-and-paste glitch (R 21 88)

+/-? Largest prime number: Mersenne prime, 4,053,946 digits:
􀀀


;

found with 130,000 volunteer participants (R 21 82-83)

??? 100:1 lossless compression hype sounds like oil (R 21 87)

h Euro cutover risks: lots of screw-ups, wrong currencies, etc. (R 21 84,86,87); Luton

schoolboy profits from ATM giving 1.6£to the Euro, rather than the reverse (R 21

86)

$f UK NatWest bank turns debits into virtual credits in Quicken and MS Money

.OFX format (R 21 81)

$hf Grocery self-checkout risks: duplicate charges (R 21 81)

$f Automated bus pass kiosk denies authorization but debits: previous customer’s

authorization screen image displayed (R 21 81)

*m Computer controller crane goes unstable, forcing evacuation of nearby apartments

for at least two days, Jan 2002 (R 21 91)

hV Outsourcing of upgrade to automated system knocks out Australian Bureau of

Statistics (R 21 90)

f Johns Hopkins researchers announced the "color of the universe" based on a

weighted average of the electromagnetic frequency of emissions from all galaxies

in the observable universe: it’s turquoise; after discovering a software glitch, no, it’s

really beige (R 21 98); no, because of an algorithm error, it’s really salmon (R 22

02); could there be a pot of gold at the end of the rainbow for the culler of colors?

$(+/-) Integrated Project Control System: the smart highway (R 22 01)

$fe More on PayPal problems: IPO prospectus, flaws, upgrade difficulties, fraud

reported, fraud holds, merchant views (R 21 92,94,98) Paypal meets the Patriot

Act: eBay accused of facilitating Internet gambling, eBay rebuts (R 22 67,69; S 28

4:9-10)

$SH $1M eBay fraud scams 1000 victims for $1000 each for nonexistent laptops (R

22 77)

e Mistranslated fields and changed defaults create problems in database conversion

for propane company changeover (R 21 89)

Vm Disk crash destroys on-line law-enforcement mug shots in Macomb County,

Michigan; no backup other than some hardcopy photos! (R 22 08)

Vhie 50,000 Idaho court records erased during upgrade; no viable backup (R 22 60)

V(f/m?) Year 2000 crash destroys WashDC maintenance database of 5000 trees

destined for removal, causing serious subsequent problems (R 22 08)

+? Dutch city implanting chips to monitor tree health (R 22 10)

Si Risks of deceptive characters in URLs: Rob Graham (R 21 89), and note on

Gabrilovich/Gontmakher’s Inside Risks column on The Homograph Attack, with

look-alike characters in different languages Comm.ACM 45, 2, Feb 2002 (R 21 89);

confusion among lowercase L, uppercase I, number 1 (R 21 91-93); lloyds vs

llyods and domain protections (R 22 11, correction R 22 12)

Risks of Unicode and WSIWYG interpreting addresses: lookalike Japanese and

English modes (S 27 3:8-9:, R 21 96)

fi Undesired text alterations: Microsoft Outlook appropriates the word "begin" to

denote uuencoded text; recommended solution is not to start messages with the

word "begin" (R 21 90); .Net violates English rules (R 21 91); search engines give

wrong site, altering punctuation (R 21 91); OCR scanning alterations as well (R 21

92); UK Waitrose strips apostrophes from message content (R 21 92) and perhaps

is using SQL? (R 21 93); BAD! in Perl, apostrophes are string delimiters (R 21 93);

some Web forms reject addresses containing a plus sign (R 21 93)

SV Dutch royal chat session failed; intended for 100 selected citizens, and using a site

designed for tens of thousands of users, the site reportedly received 3 billion hits

(which seems implausible)! (R 21 89)

2

e Time runs out for BBC’s Domesday time-capsule discs: media unreadable (R 21 93)

$i Australian man racked up A$22,000 in fines on Melbourne toll road, not having

updated his address, and not having acquired a transponder (R 21 93)

$(f?h?) Seattle City light billing disputes (R 22 05)

(f?) Two unsolved telephone mysteries: unattended mobile phone calls home, and

replicated phone bills; software faults? (R 22 08-10)

$h E-commerce Web site mistakenly listed low price for Kodak cameras; automatic

response constituted acceptance of sale (R 21 90);

$h Huge $25 airfare bargains from United Airline’s Web site (R 22 10)

$h Compaq issues refunds for one-cent PCs after canceling the erroneous promotion

(R 22 08)

$hi Candy machine non-atomic transaction punishes the quick-thinking (R 22 08-10);

a related story (R 22 10)

* China bans toxic American junk: computers, TVs, copy machines, etc. (R 22 14) *f

Non-mercury replacements for blood-pressure cuffs may be unreliable (R 22 13)

$ No more JPEGs: ISO to withdraw image standard in infringement case (R 22 18)

$ef Boston Big Dig overruns $1 billion (R 22 55; correction 22 56)

*m Sentinel Fire Mapping tool for Australian fire location overloaded by heavy

demand by nonemergency users (R 22 58)

mef IBM’s DB2 blamed for Danish banking crisis (R 22 68; S 28 4:6)

i Risks of misquoting Google hit counts (R 22 72)

ai$ Turtle tangled in discarded beacon triggers Coast Guard massive search and

rescue effort (R 22 70)

f?h? Kellogg’s American Airlines online sweepstakes: thousands of nonwinners

erroneously notified of winning (R 22 71)

- The Googlewashing of our language: Risks of trusting Google? (R 22 67)

m?f?h? Database crash loses names of Canadians in nationwide firearms registry (R

22 77, S 28 6:9)

f Verizon’s error sends customers to Massachusetts adult phone line (R 22 84)

fmV GenCon conference registration woes blamed on computer network (R 22 84)

f Guardian crossword puzzle unable to handle numbers! (R 22 82)

i(-$) Cingular sends final bill for -$3.36 after refund check, threatening late fee (R 22

88)

END of yet-to-be-merged items .....

Items Related to 11 Sep 2001 and Its Aftermath

!!!*VSHf$$ 11 September 2001: terrorist highjacking of four planes used as cruise

missiles to destroy the World Trade Center twin towers and part of the Pentagon,

with thousands of lives lost and extensive disruption of lower Manhattan

infrastructures; relevant GAO reports cited (S 27 1:7, R 21 66-67)

!h Stray bomb caused by typo in coordinate digit (R 21 70,71,73);

Sf Discussion of the risks of remotely controlling airliners to prevent hostile

takeovers (R 21 68-69)

SP Joke e-mail seemingly from bin Laden reportedly landed its recipient in jail, but

the details were in dispute (R 21 68-70)

+ Role of amateur (ham) radio communications after land-line and cellular comms

failed (R 21 68-71)

!ih Friendly fire in December 2002 caused by Special Forces GPS battery changeover

resetting Taliban target confirmation to its own location!!! (S 27 3:5, R 21 98)

Sm RISKS discussion of earlier World Trade Center problems (R 21 67) and lessons

of 7 WTC (R 21 80)

S The Web Never Forgets, foiling attempts to remove info later thought to be sensitive

(R 21 80)

SHA Airport security: can you trust a "trusted traveler"? (S 27 3:, R 22 03)

$ Liability risks from cyberterrorism (S 27 6:12, R 22 18)

SP American style cyberwarfare: what are the risks? (S 27 6:13, R 22 18,22)

SHfh "Homeland Insecurity": technology not foolproof; subsequent discussion on

Probabilistic Risk Assessment, firearms in the cockpit, and Computer Assisted

Passenger Screening (R 22 20-21,23-24,27); Real risks of cyberterrorism, related to

disaster planning; large-scale events; SCADA systems, even if not Internetted;

nonpublication of Gartner/ NavalWarCollege study; beware of fear-mongering (R

22 22-23,27)

SHfi User security, system security, DMCA, etc.: Edupage neatly juxtaposes two

items: Richard Clarke (at Black Hat in Las Vegas) urges hackers to find and report

bugs; HP uses DMCA against bug finders (R 22 20) FTC uses Dewie the Turtle to

promote computer security through hard-to-guess passwords, antivirus software

and computer firewalls, just like President’s Critical Infrastructure Protection Board

– which puts the onus on users, not on the need for secure systems (R 22 27);

reminiscent of Bert the Turtle from Duck and Cover (R 22 28); relying solely on

users to tighten security is misguided (R 22 33); attempts to rescind parts of DMCA

by Rick Boucher and by Zoe Lofgren (R 22 28)

Shi Education and the National Strategy to Secure Cyberspace: a critical review of

the second version of the national cyberstrategy (Rob Slade, R 22 63)

S?H?f? Ptech raided for suspected al Qaeda link? No, financial crime investigation,

says U.S. attorney; their software is used by Government agencies, but possibilities

of Trojan horses reportedly unfounded (R 22 42)

SPfh No-fly terrorist blacklist snares peace activists, a nun, etc. (R 22 29); More on

the No-Fly List (R 22 74); people named David Nelson turned away by CAPPS II

pattern matching: at least 6 in LA area, 18 in Oregon, 4 in Alaska (R 22 80); in

Austin, David Nelson planned to fly as D. Austin Nelson (R 22 81)

SPfm Unsupervised biometric scanners more toys than serious security measures

(Markus Kuhn, citing c’t article, R 22 37); US ARO seeking odortype detection (R

22 43)

Space

..... Manned/Womanned [Peopled?] Space Exploration:

!!$$Vrfh Shuttle Challenger explosion, 7 killed. [Removed booster sensors might

have permitted early computer detection of leak?] [28Jan1986] (S 11 2) [Probably

not? See Paul Ceruzzi, Beyond the Limits – Computers Enter the Space Age, MIT

Press, 1989, Appendix.]

!m NASA cultural failures on STS-107 leading to loss of the Columbia shuttle

(reminiscent of the Challenger loss); final data unrecoverable; more discussion (R

22 54)

* Mercury astronauts forced into manual reentry? (S 8 3)

$f STS-1 1st Space Shuttle Columbia backup launch-computer synch problem. See

Jack Garman, "The bug heard ’round the world" (S 6 5:3-10) Oct. 1981. I

summarize this in my Computer-Related Risks book, page 20-21, along with

several of the following cases.

*f STS-2 shuttle simulation: bug found in jettisoning an SRB (S 8 3)

*f STS-2 shuttle operational simulation: tight loop upon cancellation of an attempted

abort; required manual override (S 7 1)

*Vf STS-6 shuttle bugs in live Dual Mission software precluded aborts (S 11 1)

*m STS-9 Columbia return delayed by multiple computer malfunctions (S 9 1)

*f STS-16 Discovery landing gear – correlated faults (S 10 3:10)

*if STS-18 Shuttle Discovery positioned upside down; mirror to reflect laser beam

from Mauna Kea site aimed upward (+10,023 miles), not downward (+10,023 feet)

(S 10 3:10)

*$ STS-20 Two-day delay of Discovery launch: backup computer outage (NY Times

26 Aug 1985); Syncom 4 satellite failure as well (S 10 5)

$f SRS-36 Atlantis launch delayed [25Feb1990]; "bad software" in backup tracking

computer system, but no details given. (S 15 2)

h Shuttle Discovery shutdown procedure for two computers reversed (S 16 1)

*hife STS-24 Columbia near-disaster, liquid oxygen drained mistakenly just before

launch, computer output misread (S 11 5)

*f Columbia orbiter suddenly rotates, due to telemetry noise (S 15 3)

$m Columbia delayed by computer, interface, sensors; then navigation (S 16 3)

$f Shuttle Endeavour computer miscomputes rendezvous with Intelsat satellite; nearly

identical values interpreted as identical; those SW problems force spec changes

(AviatWkSpT 29May/8Jun1992, S 17 3 duplic S 17 4)

* Shuttle computer problems, 1981–1985; 700 computer/avionics anomalies logged;

landing gear problems in STS-6 and -13; multiple computer crashes in STS-9,

cutting in backup system would have been fatal; thermocouple failure in STS-19

near disaster (S 14 2)

m Atlantis spacecraft computer problem fixed in space (S 14 5)

$f Untested for change, SW delays shuttle launch; 3-min on-line fix (S 15 3)

$(m/f?)V Shuttle Atlantis launch scrubbed: "faulty engine computer" (S 16 4)

$*V Columbia launch scrubbed at T-3sec 22Mar93, leaky valve (S 18 3:A14)

$*V STS-56 Discovery launch scrubbed at T-11sec 5Apr93, main propulsion system

high-point bleed valve open-indicator went to off, closed-indicator did not switch to

on
. Indicator problem? program error? (S 18 3:A14)

h Discovery SRB recovered with missing pair of pliers (S 18 3:A14)

fm Channel blocked, Discovery exhausts storage for ozone data (S 18 3:A14)

H Experimental Space Shuttle e-mail address divulged, bombarded (S 16 4)

m Woodpeckers delay shuttle launch (S 20 5:8)

*m Docking problem aboard Soviet space station Mir (S 15 5)

m Mir Space Station computer problems add to difficulties; main computer failed

during docking attempt, 19 Aug 1997 (R 19 31,32), with detailed analysis by

Dennis Newkirk (R 19 33)

m Mir computer failure affects steering; replacement computer fails to load (end of

May 1998, just before Discovery launch) (R 19 78)

*$d GAO reports on NASA Space Station: increased safety risks, costs (S 17 4)

* Risks of junk in space much greater than previously thought (S 17 4)

*f$ Potential software nightmare for International Space Station, with considerable

discussion (R 19 49-51)

3

*$f International Space Station software problems in 2001 predicted in 1997 (S 26

4:4, R 21 37): see (R 19 49-51)

..... Satellites, Probes, Others:

$f Hubble Space Telescope problems, soaring costs, missed deadlines, reduced goals,

etc. (S 15 2); sensors misdirected because of wrong sign on precession in star data;

antenna # 2 limited by misplaced cable, #1 limited because software had only one

limit stop, same for both (S 15 3) No system test. 1mm error in monitor program of

mirror polisher (S 15 5) See M.M. Waldrop, Science 249, 17Aug1990, pp.735-736.

Vf/m Hubble Space Telescope antenna swing causes shutdown (S 17 1)

fh More Hubble SW: misloaded ephemeris table, bad macro (S 18 1:24)

$fhV $150M Intelsat 6 comm satellite failed; booster wiring error, payload in wrong

bay; miscommun. between electricians and programmers (S 15 3)

$mV Canadian TeleSat Aniks die: solar coronal hole electron flux (S 19 2:3) Anik

E-2 control restored, but with shorter life ($203M asset) (S 20 2:11)

$(f/m?)V Taurus rocket plunges into Indian Ocean, destroying Orbital Imaging

satellie, NASA QuikTOMS, and cremated remains of 50 people (S 27 1:8, R 21 68)

fmV SOHO Mission Interruption Preliminary Status and Background Report

documents apparently unconnected multiple failures that caused the satellite to lose

control (R 19 87)

fhV Final report on the Solar and Heliospheric Observatory (SOHO) spacecraft

failure: software flaw and improper command (R 19 90); mis-identification of a

faulty gyroscope, staffing problems, inadequate training, ambitious schedule,

unreviewed procedure changes, etc. (R 19 90, 94); contact finally reestablished. (S

24 1:31)

hm 5 printers off-line or jammed, Voyager 1 data lost over weekend (S 15 5)

f Voyager 2 software faults at launch, 20 Aug 1977 (S 14 6)

V$ Titan 34D, Nike Orion, Delta-178 failures follow Challenger (S 11 3)

V$* Titan 4 rocket test-stand SRB explosion; simulation missed failure mode (S 16 4)

V(m/f?) Final Titan 4A launch explodes with Vortex satellite; total cost over $1B,

Aug 1998 (S 24 1:32, R 19 91)

mV Titan 4B leaves missile warning satellite in useless orbit (R 20 36)

Vm/f? Titan 4B with Milstar communications satellite separates four hours early,

resulting in a useless low orbit, 30 Apr 1999 (S 24 4:26, R 19 36)

Vhm$ 6 successive Theater High-Altitude Area Defense (THAAD) failures,

including three typos; then a "success" (R 20 43,45); Titan 4B failure (R 20 39)

blamed on shifted decimal point in upper-stage software (R 20 45)

Vf,f Delta III launch ends after 71 seconds due to software flaw; two weeks later,

Delta III leaves Loral Orion comm satellite in useless low orbit 4 May 1999 (R 20

38)

Vmfh Centaur/Milstar upper-stage failure due to attitude-control system software (R

20 49); roll-rate filter constant .1 factor (-0.1992476, not -1.992476) (R 20 57,59)

Vm$ Private imaging satellite Ikonos 1 disappears 8 minutes after launch (S 24 4:26,

R 20 36); loss blamed on an electrical problem that prevented the aerodynamic

payload cover from coming off. Subsequent Ikonos launched successfully (R 20

60):

f Terra spacecraft navigation software problems (S 25 3:18, R 20 78)

V$(m?f?) Two satellite failures (R 21 19, S 26 2:5)

Vm/f? Russian rocket blows 12 Globalstar satellites (S 24 1:32, R 19 95)

V$(f?m?) Computer blamed for Russian rocket crash (R 21 18, S 26 2:5)

$fmmm Fascinating historical case recently reported of Russian KORD N-1

rocket-engine shutdown system failures, 1969, 1971, 1973; lots of lessons to be

learned (R 21 53)

h Boeing space station tanks accidentally taken to Huntsville dump (R 20 83)

Vh Space Station endangered by NASA flight controllers’ blunder in maneuvering

around space junk; predicted distance also way off (R 20 46-47)

SH Space Station Problem Reporting Database hacked (R 20 47-48)

$Vmf Space Station risks (R 21 14, S 26 2:5)

V$ehf Canaveral Rocket lost; wrong key hit in loading guidance SW (S 16 4)

df NASA finds problems in EOSDIS Earth Observing System (EOS) spacecraft flight

operations software development, expected to delay launch (R 19 67)

m+ Apollo 11 lunar module, pen used to replace circuit breaker (S 18 3:A14)

Vr* Lightning hits Apollo 12. "Major system upsets, minor damage". See article by

Uman and Krider, Science 27 Oct 1989, pp. 457-464. (S 15 1)

V$m Lightning changed Atlas-Centaur program (51 sec). $160M lost (S 12 3, 15 1)

@V*$m Lightning hits launch pad, launches 3 missiles at Wallops Island (S 12 3)

V$f Mariner 1 Venus probe: HW fault plus programmer missed superscript bar in ‘R

dot bar sub n’. See Paul Ceruzzi, Beyond the Limits – Flight Enters the Computer

Age, Smithsonian, 1989, Appendix (S 14 5). (Earlier reports had suggested DO

I=1.10 bug (see next item) or a garbled minus sign (or hyphen.) (S 8 5, 11 5, S 13 1)

$f Project Mercury had a FORTRAN syntax error such as DO I=1.10 (not 1,10). The

comma/period interchange was detected in software used in earlier suborbital

missions, and would have been more serious in subsequent orbital and moon

flights. Noted by Fred Webb. (S 15 1)

*f Gemini V 100mi landing err, prog ignored orbital motion around sun (S 9 1)

V$f Atlas-Agena software missing hyphen; $18.5M rocket destroyed (S 10 5)

@VSH Lauffenberger convicted of logic bombing GD’s Atlas rocket DB (S 17 1)

Vm Navy Atlas rocket places satellite in worthless orbit (S 18 3:A14)

V$f Aries with $1.5M payload lost: wrong resistor in guidance system; (S 11 5)

V*f TDRS relay satellite locked on wrong target (S 10 3:10-11)

Vm AT&T Telstar 401 satellite failure (S 22 4:26, R 18 76)

de Satellite system outage hits Associated Press (R 21 04; S 26 1:18)

Vm Ariane 5 test problems: motor failures, nitrogen leak (S 20 5:9, R 18 27,28)

V$f New Ariane 5 failure (S 21 5:15); More on Ariane 5: conversion from 64-bit

floating to 16-bit signed caused Operand Error (R 18 27-29,45,47); Note: Matra

made software for Ariane5 and Taipei subway system (S 21 5:15); Incidentally,

Robert L. Baber, Univ. Witwatersrand, Johannesburg, suggests you browse

http://www.cs.wits.ac.za/ bob/ariane5.htm – showing how a simple correctness

proof could have avoided this problem. (R 18 89-91)

*Mm Cosmic rays hit TDRS, Challenger comm halved for 14hrs [8Oct1984](S 10 1)

$Mr Sunspot activity: 1979 Skylab satellite dragged out of orbit (S 13 4)

hM 1989 pulsar discovery now attributed to TV camera interference (S 16 3)

V$hfe Soviet Phobos I Mars probe lost (Sep 1988): faulty SW update (S 13 4); cost to

USSR 300M rubles (Aviation Week, 13 Feb 89); disorientation broke radio link,

discharged solar batteries before reacquisition. [Science, 16Sep1988] More on

Phobos 1 and 2 computer failures (S 14 6)

V$? Soviets lose contact with Phobos II Mars probe. Automatic reorientation of

antenna back toward earth failed. (S 14 2)

V$f 1971 Soviet Mars orbiter failed after "unforgivable" SW bug; new info (S 16 3)

f Assessment of predictions on the Russian Mars Probe crash site (S 22 2:22)

V$fm 1993 Mars Observer lost entering Mars orbit (S 18 4:11; R 14 87,89; 15 01);

loss blamed on fuel line leak (Washington Post, 10 Jan 1994)

f What really happened on Mars Rover Pathfinder? David Wilner on VxWorks system

resets and preemptive priority scheduling, and Glenn Reeves – first-hand

commentary must be read (R 19 49,50,53,54) and further discussion of priority

inversion (R 19 50,53,54,56)

V$fm Mars Climate Orbiter lost, dipped too close to Mars due to English/Metric

confusion; Mars Polar Lander reprogrammed to report back directly on 3 Dec 1999

(R 20 59-62); Mars Lander then lost entirely on landing attempt, search abandoned

after a month. Crash finally blamed on software shutting engines off prematurely

(R 20 84,86)

+ Mars Odyssey probe maneuver braked successfully in orbit, 22 Oct 2001 (S 27 1:8,

R 21 71)

m+/- Pioneer 10 still alive, sort of, 30 years later (R 22 44)

$f/h? NASA HESSI shake test 10 times too strong, damaging spacecraft (S 25 3:15,

R 20 86)

$f Sea Launch rocket drops satellite into Pacific Ocean (S 25 3:15, R 20 84,86);

single line of code allowed launch with second-stage valve open, causing helium

leak (R 20 97)

Vfm$ Electronics startup transient opened telescope cover prematurely, destroying

Wide Field Infrared Explorer (WIRE) spacecraft (R 20 47-48)

V$m $1.4B Galileo antenna jammed, en route to Jupiter (S 18 4:11)

V$m Landsat 6 vanishes; space junk tracked by mistake (S 19 1:10)

V$f Magellan space software problems: serious design flaw fixed (S 14 5) Nonatomic

setting of scheduled and active flags interrupted. See H.S.F. Cooper, Jr., The

Evening Star: Venus Observed, Farrar Straus Giroux, 1993. Discussion in J.M.

Rushby, SRI-CSL-95-01.

$m Magellan spacecraft manual guidance overcomes faulty computer chip (S 15 2)

V*h Soyuz Spacecraft reentry failed, based on wrong descent program, (orbiting

module had been jettisoned, precluding redocking) (S 13 4)

*fh Software bug in autopilot on return sends Soyuz off course (R 22 72,74,78; S 28

4:6, S 28 6:7)

V$fe Viking had a misaligned antenna due to a faulty code patch (S 9 5)

*f Ozone hole over South Pole observed, rejected by SW for 8 years (S 11 5)

? Global-warming data confusion (R 19 91-92)

@Vfm Channel blocked, Discovery runs out of storage for ozone data (S 18 3:A14)

* Continuing trend toward expert systems in NASA (S 14 2)

f SW bug on TOPEX/Poseidon spacecraft "roll momentum wheel saturated" alarm

aborted maneuver. It was recoverable, however. (S 18 1:24)

Defense

V!hhh U.S. F-15s take out U.S. Black Hawks over Iraq in Friendly Fire; 26 killed,

attributed to coincidence of many human errors. (Other cases of friendly fire

included 24% of those killed in the Gulf War.) (S 19 3:4) According to a seemingly

reliable private correspondent who has read through at least 62 volumes of

investigation reports, the public was seriously misled on this situation and there

4

was a considerable cover-up. For now, contact me if you want further background.

!!$rhi Iran Air 655 Airbus shot down by USS Vincennes’ missiles (290 dead); Human

error plus confusing and incomplete Aegis interface (S 13 4); Commentary on Tom

Wicker article on Vincennes and SDI (S 13 4); Aegis user interface changes

recommended; altitude, IFF problems (S 14 1); Analysis implicates Aegis displays

and crew (Aerospace America, Apr 1989); Discussion of further intrinsic

limitations (Matt Jaffe, S 14 5, R 8 74); USS Sides Cmdr David Carlson questions

attack on Iranian jet (S 14 6)

!!$rfe Iraqi Scud hit Dhahran barracks (28 dead, 98 wounded); not detected by Patriot

defenses; clock drifted .36 sec. in 4-day continuous siege, due to SW flaw,

preventing real-time tracking. Spec called for aircraft speeds, not mach 6, only

14-hour continuous performance, not 100. Patched SW arrived via air 1 day later (S

16 3; AWST 10Jun91 p.25-26); Shutdown and reboot might have averted Scud

disaster (S 16 4) Patriot missiles misled by ‘accidental’ decoys; T.A. Postol report

(S 17 2); summary of clock drift, etc. GAO/IMTEC-92-26, February 1992 (S 17 2);

reprisals against Postol for his whistleblowing (R 13 32, S 17 2); Army downgrades

success to about 10% rather than 80% [4 out of 47 hits] (R 13 37, S 17 2, 17 3)

GAO report documents clock problem in detail (S 17 3) 24-bit and 48-bit

representations of .1 used interchangeably (S 18 1:25)

$(m/f?) Two of three Patriot missiles failed (R 21 92)

!m/f/h Friendly Fire: Patriot software again a concern: shoots down British Tornado

GR4 near Iraq/Kuwait border (R 22 65-67); more discussion (R 22 67-70);

confusions with numbers (R 22 69-70); Aegis (R 22 71)

!!$hV Russian airliner shot down by Ukrainian missile in errant test; earlier

Ukrainian missile test killed four people in an apartment block (S 27 1:8, R 21 69)

*f Patriot system fails again (S 25 3:18, R 20 85)

*f Software snafu slowed critical data during Iraq raid (S 24 3:25, R 20 23)

!!V$h? Sheffield sunk during Falklands war, 20 killed. Call to London hindered

antimissile defenses on same frequency? [AP 16May1986](R 2 53, S 11 3) An

"official" version disputes this conclusion – see "The Royal Navy and the Falkland

Islands" by David Brown, written at the request of the Royal Navy. Page 159 of

that report discusses another problem with the Sea Wolf system, occurring several

days later.

!V$ British Falklands helicopter downed by British missile. 4 dead (S 12 1)

!fi Software problem in Advanced Field Artillery Tactical Data System kills soldiers

in training incident; unspecified altitude defaults to zero (S 27 6:10, R 22 13)

!!V$f USS Liberty: 3 independent warning messages to withdraw were all lost; 34

killed, more wounded. Intelligence implications as well. (S 11 5)

!Vhfi? Stark unpreparedness against Iraqi Exocets blamed on officers, not technology,

but technology was too dangerous to use automatically (S 12 3); Captain blamed

deficient radar equipment; official report says radar detected missiles, misidentified

them. (S 13 1)

Vrf$ USS Yorktown Aegis missile cruiser dead in water for 2.75 hours after

unchecked divide by zero in application on Windows NT Smart Ship technology (S

24 1:31, R 19 88-94); letter to Scientific American: it was an explicit decision to

"stimulate" [sic] machinery casualties? (S 24 4:26, R 20 37)

$hfe Navy software problems in upgrading software on battle cruisers USS Hue City

and USS Vicksburg (S 23 5:25, R 19 86-87)

$SVrfe Navy to use Windows 2000 on aircraft carriers (R 20 95)

fid Not-so-smart weapons in Kosovo (R 21 01; S 26 1:18)

*Vf 5th Bell V22 Osprey crash: assembly error reversed polarity in gyro (S 16 4);

Bell V-22 Osprey - correct sensor outvoted (S 17 1)

!V$fmh Another Osprey crash April 2000 kills 19 (R 21 14, S 26 2:5); falsified

maintenance records; yet another crash 11 Dec 2000 killing 4 Marines, blamed on

hydraulics failure, software failure, and incompletely tested backup (Ladkin in R

21 21, 21 24, see also R 21 25,33-36, with more detailed analysis in R 21 38 and

41; summarized in S 26 4:3)

!fmH More on the Osprey (S 26 6:8): software problem identified, but downplayed in

Blue Ribbon report (R 21 41); 8 Marine officers charged with falsifying

maintenance records (R 21 60)

!V$fmh? Two U.S. F-15 jets disappeared over Scotland, 26 Mar 2001; U.S. Army

RC-12 reconnaissance plane crashed near Nuremberg, killing two pilots – same

day; German military helicopter crashed in Peppen, Germany, on 27 Mar 2001,

killing four (S 26 4:4, R 21 31)

*hi Sea King helicopter crashes onto Canadian HMCS Iroquois: fire control system

deployment failure (R 22 76, S 28 6:8)

*h Swiss radar controller jokingly labeling helicopter as al Qaeda almost leads to

French fighter intercept of civilian craft (R 22 79, S 28 6:7)

*H Fraudulent test SW in Phalanx anti-missile system, Standard missile (S 13 4)

Hhf West German flies Helsinki-Moscow through Soviet Air Defense (S 12 3)

Hhf Soviet Air Defense penetrated again by amateur pilot (S 15 5)

$h Russian missile-site power outage due to unpaid utility bill? (S 20 1:17)

**f Returning space junk detected as missiles. Daniel Ford, The Button, p.85

** WWMCCS false alarms triggered scrams 3-6 Jun 1980 (S 5 3, Ford pp 78-84)

** DSP East satellite sensors overloaded by Siberian gas-field fire (Daniel Ford p 62);

Ford summarized (S 10 3:6-7)

**f BMEWS at Thule detected rising moon as incoming missiles [5Oct1960] (S 8 3).

See E.C. Berkeley, The Computer Revolution, pp. 175-177, 1962.

** SAC/NORAD: 50 false alerts in 1979 (S 5 3), incl. a simulated attack whose

outputs accidentally triggered a live scramble [9Nov1979] (S 5 3)

*** Serious false 2200-missile-alert incident 3 Jun 1980 described by Stansfield

Turner, mentioning thousands of other false alarms (S 23 1:12, R 19 43)

*fmh Russian early-warning system close to retaliatory strike: Norwegian weather

rocket mistaken for American Trident (R 19 85)

m Report from Kommersant Vlast on Serbukov-15 base false detection of ICBMs en

route to Moscow on 25 Sep 1983; human intervention stopped retaliation; system

allegedly misbehaved due to radiation (R 19 97)

*$VfM Libyan bomb raid accidental damage by "smart bomb" (S 11 3) F-111

downed by defense-jamming electromagnetic interference (S 14 2) More on U.S.

radio self-interference in 1986 Libyan attack (S 15 3)

* Iraq using British Stonefish smart mines, with "sensitive" SW (S 15 5)

*SP Britain bugged radio equipment sold to Iraq (S 16 4)

*SP Trojan horse implants in DoD weapons (S 16 4)

*SP Trojan horse inserted in locally netted printer sold to Iraq? (S 17 2)

*Vm Arabian heat causing problems with US weapons computers (S 15 5)

*V$m Lightning hits launch pad, launches 3 missiles at Wallops Island (S 12 3)

* Frigate George Philip fired missile in opposite direction (S 8 5)

*h? Unarmed Soviet missile crashed in Finland. Wrong flight path? (S 10 2)

*Vf 1st Tomahawk cruise missile failure: program erased [8Dec1986] (S 11 2)

*Vm 2nd Tomahawk failure; bit dropped by HW triggered abort (S 11 5, 12 1)

f/m? CALCM cruise missile software bugs revisited (S 22 2:22)

hi Accidental launch of live Canadian Navy missile: color-code mixup (S 22 1:18)

*$rf Program, model flaws implicated in Trident 2 failures; self-destruct 4 seconds

into one flight caused by unexpected turbulence before leaving the water (S 14 6, R

9 12)

*VrmM RF interference caused Black Hawk helicopter hydraulic failure (S 13 1);

More on Black Hawk EMP problems and claimed backwards pin (R 17 39,42)

*VSM RF interference forces RAF to abandon ILS in poor weather (R 21 17)

f Reliability risks in USB Army ’Land Warrior’ soldier-of-the-future (R 21 27)

*f Sgt York (DIVAD) radar/anti-aircraft gun – software problems (S 11 5)

$f Software flaw in submarine-launched ballistic missile system (S 10 5)

V$f AEGIS failures on 6 of 17 targets attributed to software (S 11 5)

Vf WWMCCS computers’ comm reboot failed by blocked multiple logins (S 11 5)

$ WWMCCS modernization difficulties (S 15 1)

*$f Gulf War DSN 20-30% call completion persists 3 mos. until SW patch (S 17 4)

$f Armored Combat Earthmover 18,000 hr tests missed serious problems (S 11 5)

$rfi Stinger missile too heavy to carry, noxious to user (S 11 5)

**V$$Sr Strategic Defense Initiative – debate over feasibility (S 10 5); Pentagon says

SDI complexity comparable to nuclear reactors (Newsweek, S 17 3) See Way Out

There in the Blue: Reagan, Star Wars, and the End of the Cold War, Frances

FitzGerald, Simon & Schuster, 2000 for a fine retrospective analysis.

$d SDI costs, budget issues, risks discussed (S 17 4)

$ StarWars satellite 2nd stage photo missed – unremoved lens cap (S 14 2)

f StarWars FireFly laser-radar accelerometer wired backwards (S 19 2:2)

*f "Faith-based" National Missile Defense system discussed (S 26 6:6, R 21

41,43,45); two of the most recent three tests failed, and the other had radar failing

to indicate "success" (R 21 53); all three reportedly had GPS-based homing

beacons to aid the interception! (R 21 63)

h Missile-defense test failure 11 Dec 2002 linked to single chip malfunction (R 22 68;

S 28 4:6)

- StarWars to be exempt from oversight, reporting, and testing requirements? (R 22

59)

fff Alistair Cooke on National Missile Defense: among other risks, crude wobblers

are harder to detect than sophisticated missiles (R 21 65)

$f Software safeguards prevent Solar Sail from separation? (S 26 6:8, R 21 55)

$* 1.7M resistors recalled. Used in F-15, Patriot, radar, comm aircr. (S 16 3)

$hd DoD criticized for software development problems (S 13 1)

* US Navy radar jammers certified despite software errors, failed tests (S 17 3)

$ USAF software contractors score poorly on selections (S 14 1)

$d ADATS tank-based anti-copter missile system development problems, $5B

overrun, unreliability, ... (S 16 1)

$d British air defense system ICCS SW causes ten-year delay (S 15 5)

*Sf US Army Maneuver Control System vulnerable to software sabotage (S 15 5)

$d US-supplied Saudi Peace Shield air defense software problems (S 15 5)

$d Serious software problems in UK Trident nuclear warhead control (S 15 5)

*m Russian nuclear warheads armed by computer malfunction (R 19 14)

5

*h Outdated codes made US missiles useless until annual inspection (S 14 5)

S Classified data in wrong systems at Rocky Flats nuclear weapons plant (S 16 4)

SPh Classified disks lost by Naval commanders on London train (R 17 54)

hi? Listing of US Navy safety problems in two-week period (S 15 1)

Vm Rain shuts down Army computers; lightning effects and prevention (S 15 1)

fh Army Automated Time and Attendance Production System (ATAAPS) loss of data

for 10 days (R 20 97)

* Role of e-mail, Internet, FAX in defeating 1991 Soviet coup attempt (S 16 4); (S)

power surges used to fry faxes and computers in countermeasure (S 16 4)

* Russian auto-response missile system still in place in Oct 1993 (S 19 1:10)

!!*V(f/h?) Russian nuclear submarine explosion (missile test awry) kills crew of over

100 in Barents Sea, 13 Oct 2000. Also, Izvestia reported over 507 sub crew

members had died previously. (R 21 01)

*Vh Russian nuclear sub near-disaster due to utility power shutoff? (R 17 42,44)

!mh Kursk submarine sinking: 23 crewmen reached the floating rescue capsule, but it

failed to disengage – it had never been tested (R 22 11)

!! Analysis of U.S. peacetime submarine accidents

http://freeweb.pdq.net/gstitz/Peace.htm

Vfm Software disaster leaves new Australian submarine unfit; wide range of

pervasive hardware/software failures reported (R 20 48)

Military Aviation

!!V$f Handley Page Victor tailplane broke, crew lost. 3 independent test methods,

3 independent flaws, masking flutter problem (S 11 2-12, correction S 11 3)

!Vf Harrier ejection-seat parachute system accidentally deployed, blew through the

canopy, but without ejecting the seat and pilot, who was killed (S 13 3)

f Harrier targets police radar gun; fortunately not armed! (S 21 4:14)

*V(h/m?) Japanese pilot accidentally ejected into the Pacific (S 19 4:12)

*V$h British Harrier accidentally bombs British carrier, Ark Royal (S 17 3) 5 injured.

Auto aim-off SW blamed for the Ark Royal bombing (S 18 1:23) Correction noted

Mar2001: it was a Royal Air Force Harrier GR3, not a Sea Harrier.

*V$f SAAB JAS 39 Gripen crash caused by flight control software (S 14 2, 14 5)

*V$fmhi 2nd JAS 39 Gripen crash 8Aug1993 blamed on pilot/technology (S 18

4:11); interface difficulties, complicated analysis (S 19 1:12)

*V$rf Software problems in B-1B terrain-following radar, flight-control; electronic

countermeasures (stealth) jam plane’s own signals (S 12 2); array antennas and

effects on mobile phones can defeat stealth cloak of invisibility (R 21 49)

*V$h B-1B swept wing punctures gas tank on the ground; blamed on low lubricant;

problem found in 70 of 80 B-1Bs inspected (S 14 2)! No computer sensors?

$fd Stealth development problems including SW miscalculation in wiring (S 15 1)

$f UHB demonstrator flight aborted by software error at 12,000 feet (S 12 3)

*V$fh F-22 prototype crash first blamed on computer SW, then on pilot (S 17 3)

*V$f F-18 crash due to missing exception cond. Pilot OK (S 6 2, more SEN 11 2)

*Vhi F-18 missile thrust while clamped, plane lost 20,000 feet (S 8 5)

*f F-16 simulation: plane flipped over whenever it crossed equator (S 5 2)

*f F-16 simulation: upside-down, deadlock over left vs. right roll (S 9 5)

$Vhi F-16 landing gear raised while plane on runway; bomb problems (S 11 5)

*Vfh Unstallable F-16 stalls; novice pilot found unprotected maneuver (S 14 2)

$d USAF ECM systems: software 2 years late for F-16 and F-111 (S 15 5)

*hif Accidental shootdown of one Japanese F-15 by another (R 17 65, R 18 18);

controversy continues (R 18 41,57)

*V$f? F-14 off aircraft carrier into North Sea; due to software? (S 8 3)

*V$f F-14 lost to uncontrollable spin, traced to tactical software (S 9 5)

Vf YF-23 fly-by-wire prototype attempted tail corrections while taxiing. Same

problem on first X-29. (AFTI/F-16 had weight-on-wheels switch.) (S 16 3)

AFTI/F-16 DFCS redundancy management: ref to J.Rushby SRI-CSL-91-3 (S 16

3)

+- Historical review of X-15 and BOMARC reliability experiences (S 17 3)

$ Systems late, over budget (what’s new?); C-17/B-1/STC/NORAD/ASJP (S 15 1)

V*$fd C-17 SW/HW problems documented in GAO report; 19 on-board computers,

80 microprocessors, six programming languages; complexity misassessed GAO:

"The C-17 is a good example of how not to approach software development when

procuring a major weapons system." (S 17 3) Chairman John F. McDonnell’s reply

(S 17 4)

f C-130 testbed uncovers 25-yr-old divide-by-zero bug in X-31 SW (S 16 3)

*Vmf X-31 crash, 19 Jan 1995 (R 17 45,46,47,60,62; 60=Pete Mellor)

V(f?) Unplanned 360-degree roll of NASA’s X-38 in test (R 21 10)

*VM US missile-warning radar triggers accidental explosions in friendly aircraft;

radar must be turned off when planes land! (S 14 2)

* AF PAVE PAWS radar can trigger ejection seats, fire extinguishers (S 15 1)

!$h 1988 RAF Tornados collided, killing 4; flying on same cassette! (S 15 3)

V$ef DarkStar unmanned aerial vehicle (UAV) crash from software change, cost

$39M (S 22 1:17-18)

$V(f?m?) Helios solar-powered remote-controlled flying wing with $10M fuel-cell

system lost in Pacific after severe oscillations; previously had set altitude record of

100,000 feet (R 22 80, S 28 6:9)

mM? Air Force bombs Georgia – stray electromagnetic interference? (S 14 5, R 8 72)

*hme, etc. Navigation, GPS, and risks of flying (R 19 73,75,77); Implications of the

U.S. Navy no longer teaching celestial navigation (R 19 75,77-79,81-82)

*$VSf GPS vulnerabilities need attention, with increasingly critical dependence on

continuous functionality; see Dept of Transportation report (R 21 67)

f "Truncation error" found in GPS code on Int’l Space Station (S 27 6:6, R 22 11)

Commercial Aviation

hi Crew reliance on automation cited as "Top Risk" in future aircraft (R 21 35)

..... Commercial flight incidents

!!$V(hi?) Korean Airlines KAL 007 shot down killing 269 [1Sept1983]; autopilot on

HDG 246 rather than INERTIAL NAV? (NYReview 25 Apr 85; SEN 9 1, 10 3:6,

12 1) or espionage mission? (R.W. Johnson, "Shootdown") Further information

from Soviets, residual questions (S 16 3); Zuyev reports Arctic gales had knocked

out key Soviet radars; Oberg believed Sakhalin air defense forces were

"trigger-happy" following earlier US Navy aircraft overflight incursions [Reuters

2Jan1993]; Analysis of recent articles on KAL 007 (Ladkin, R 18 44)

!!Vfe Korean Airlines KAL 901 accident in Guam, killing 225 of 254; worldwide bug

discovered in barometric altimetry in Ground Proximity Warning System (GPWS)

(S 23 1:11, R 19 37-38)

!!Vm Alaska Airlines flight 261, 31 Jan 2000, dove into Pacific Ocean after jackscrew

failure in stabilizer assembly; hearing results show loss of paper trail (R 21 15)

!!V(m?h?) TWA Flight 800 missile-test accident hypothesis causing near-empty

fuel-tank explosion off Long Island widely circulated in Internet e-mail, causing

considerable flap. Missile theory officially discredited. Minireview of James

Sander’s The Downing of TWA Flight 800 (R 19 12); speculative discussion on the

downing of TWA 800 (R 19 13); possibility of EMI raised in article by Elaine

Scarry, New York Review of Books, 9 Apr 1998 (R 19 64-66). Harvard Magazine

Jul-Aug 1998, pp. 11-12, diagram shows TWA 800 at 13,700 feet between a P3

Orion directly overhead at 20,000 feet, Black Hawk helicopter and HC-130 at

3,000 feet both directly below (with a C-141 and C-10 nearby). But this seems

unlikely. (R 19 86) Report by the late Commander William S. Donaldson III, USN

Ret., 17 July 1998, claiming a hostile missile attack, with radar tracks, etc.

http://www.twa800.com/index.htm.

!!V$rh Air New Zealand crashed into Mt Erebus, killing 257 [28Nov1979]; computer

course data error detected but pilots not informed (S 6 3, 6 5)

!!V$f/m? Lauda Air 767-300ER broke up over Thailand. 223 dead. Cockpit voice

recorder: thrust reverser deployed in mid-air. Precedents on 747/767 controlled;

investigation in progress. (S 16 3, AWST 10Jun91 pp.28-30) Suitcase full of cheap

lithium-battery Chinese watches exploded? Earlier lithium battery problems: South

African 747 in 1987, killed 159; Cathay Pacific 1990 emergency landing (S 16 3,

Sunday Times, London, 23 Jun 91) Many other planes may be flying with the same

thrust-reverser defect; FAA, Boeing simulations, suggest 757 less aerostable than

though (S 16 4) Ex-Boeing expert had warned of software flaw in 747/767

proximity switch electronics unit; he claims he was ordered to suppress data. (S 17

1)

!!Vhifmr Northwest Air flight 255 computer failed to warn crew of unset flaps misset,

thrust indicator wrong; 156 dead (S 12 4); circuit breaker downed the warning

system that should have detected those problems. [But who checks the checker?]

Simulator, plane behave differently (S 13 1) Report blames pilot error, unattributed

circuit outage (S 13 3) Report that the same pilots had intentionally disconnected

the alarm on another MD-80 two days before raises suspicions. (S 14 5, R-08.65)

NW sues CAE over spec error in flight training simulator (S 15 5) A Federal jury

ruled on 8 May 91 that the crew was to blame.

!!V$mf/h/i? British Midland 737 crash, 47 killed, 74 seriously injured; right engine

erroneously shut off in response to smoke, vibration (Flight International 1 Apr 89);

suspected crosswiring detected in many OTHER planes (S 14 2); low-probability,

high-consequence accidents (S 14 5); random memory initialization in flight

management computers (S 14 5); Kegworth M1 air crash inquest: many

improvements suggested (S 15 3); Criticism of "glass cockpits" (S 15 3); UK AAIB

fingers 737-400 liquid crystal display layouts (S 16 3); now-retired British vicar

Reverend Leslie Robinson claims a witches’ coven was operating under the flight

path (R 20 12)

!!Vh Aeromexico flight to LAX crashes with private plane, 82 killed (S 11 5)

!!Vh Metroliner&transponderless small plane collide 15 Jan 87. 10 die (S 12 2)

!!Vh Two planes collide 19 Jan 87. Altitude data not watched by ATC. (S 12 2)

!!Vfih 1994 China Air A300-600 Nagoya accident killing 264: final report blames

pilots and autopilot human-computer interface (R 18 33); (see also R 16 05-07, 09,

6

13-16)

!Vh Air France Airbus A320 crash blamed on pilot error, safety controls off (S 13 4);

3 killed. Airbus computer system development criticized (S 13 4); Subsequent

doubts on computers reported: inaccurate altimeter readings; engines unexpectedly

throttling up on final approach; sudden power loss prior to landing; steering

problems while taxiing (S 14 2); reportage by Jim Beatson (R 08 49, 08 77),

barometric pressure backset? (S 14 5) investigators blame pilot error; pilots charge

recorder tampering (S 15 3) Pilots convicted for libel in blaming technical

malfunctions! (S 16 3)

!!V? Indian Airlines Airbus A320 crashes 1000 ft short of runway; 97 die (S 15 2)

A320 flight modes (S 15 3); apparent similarities in crashes (S 15 3) Air India

unloading their A320s (S 15 5)

V(m?) Air India Airbus 320 autopilot failure [19Apr1999]? (S 24 4:26, R 20 32)

!!Vhmi French Air Inter A320 crash on approach to Strasbourg airport [20Jan1992];

87 dead, 9 survivors; 2,000-foot altitude drop reported (R 13 05); crash site at 2496

feet. Report fingers mixture of human and technical error, airport ill equipped,

serious failings in altimeter system, pilot unable to stop descent (S 17 2); Air Inter

official charged with negligent homicide (S 18 2:9); Commission of Enquiry

blamed Pilot Error (S 18 4:12); New case of A320 descent-rate instability identified

approaching Orly, related to Air Inter crash (S 18 1:23); Final report blames crew

training and interface problems (S 19 2:11)

!Vf 1994 Toulouse A330 accident blamed on experimental SW. 7 died (S 19 4:11)

*mf FADEC computers cause uncommanded shutdowns of aircraft engines in flight;

linked to power transistor (R 21 05; S 26 1:22)

*f Airbus A300 AA587 tail "BSD" incident, dropping 3000 feet: screens blanked for

2-3 seconds; unreliable data reset Symbol Generator Unit software changes

required (R 21 96)

*h/f? Misleading report on Air Transat A330 emergency landing in Azores, 24 Aug

2001, (R 21 93) addressed by Peter Ladkin; fuel leak not detected early enough,

and other problems (R 21 94)

* A320 flight-control computer anomalies summarized by Peter Ladkin (R 18 78)

!*(V,etc.) Compendium of commercial fly-by-wire problems (Peter Ladkin) (S 21

2:22)

@!!$hi Iran Air 655 Airbus shot down by USS Vincennes’ Aegis system (above)

?h Qantas airliner challenged by US Cowpens, Aegis missile cruiser (S 17 4)

!V(f/h/i?) Varig 737 crash (12 dead) flightpath miskeyed? (S 15 1)

!V 707 over Elkton MD hit by lightning in 1963, everyone killed (S 15 1)

!V$m American Airlines DC-10 stall indicator failed; power was from missing

engine (S 11 5)

!V Bird strikes cause crash of Ethiopian Airlines 737, killing 31 (S 14 2)

!V Dominican Republic 757 crash 6 Feb 1996, cause unclear (S 21 4:13, R 17 84)

!V BirgenAir crash at Puerto Plata killed 189 (R 17 87)

!!V$hi Further discussion of American Airlines Cali and Puerto Plata B757 crashes

(R 18 10); in Cali crash, killing 159 of 163: same abbreviated code used for

different airports (S 22 1:17); in a trial, evidence was given that 95 of 8,000

navigational beacons were not included in the airline database, including Cali’s

Rozo (R) – see media reports 17 Apr 2000. US Federal jury allocated responsibility

17% to Jeppessen, 8% to Honeywell, 75% to American Airlines (R 20 92; S 26

1:23)

!if American Airlines crash: simulator upset-recovery scenario predisposing pilots?

(R 22 33)

!fi EFIS failure main suspect in Crossair crash (S 25 3:17-18, R 20 78)

!Vh 1996 B757 Aeroperu Flight 603: duct tape over left-side static port sensors? (S

22 2:22; R 18 51,57,59) Peru Transport Ministry verified this [Reuter, 18Jan1997]

*m Failure of Embraer Brasilia aircraft electronic displays due to icing (R 22 65; S 28

4:6-7)

*mfi Leisure International Airways A320 overran Ibiza Airport in the Balearic Islands

[21 May 1998], partly due to computer failure (R 22 65-66)

*fh Airplane takes off without pilot, flies 20 miles, crashes (R 21 84,87)

Vm Migratory birds jam FAA radar in Midwest (R 17 44)

m Lovesick cod overload Norwegian submarine sonar equipment (R 20 07) [Who

needs a cod peace?]

!!V Chinese Northwest Airlines BA-146 Whisperjet crashed on second takeoff

attempt, killing 59; cause not available [23Jul1993] (S 18 4:12)

!V Ilyushin Il-114 crash due to digital engine control failure (S 19 1:9)

*V mi Dec 1991 SAS MD-81 crash (ice damaged engine) due to auto thrust

restoration mechanism not previously known to exist by SAS (S 19 1:12)

*Vf 11 cases of MD-11s with flap/slat extension problem, including China Eastern

Airline plane that lost 5000 feet on 6 Apr 1993 (S 18 4:11)

Vf/m/h? Chinook helicopter engine software implicated (S 23 3:23, R 19 51); more

on the Chinook enquiry (R 21 14,18-20,22-23)

*Vrh Lessons of ValueJet 592 crash: William Langewiesche in Atlantic Monthly (R

19 62,63)

*Vf DC-9 chip failure mode detected in simulation (S 13 1)

!!V$f Electra failures due to simulation omission (S 11 5)

!V$f Computer readout for navigation wrong, pilot killed (S 11 2)

*f Apollo NAV/COM air navigation software bearing up to 50 miles and 16 degrees

off (R 21 53); Garmin GPS can be interpreted as off by 180 degrees (R 21 56)

*Vhi South Pacific Airlines, 200 aboard, 500 mi off course near USSR [6Oct1984]

*Vhi China Air Flight 006 747SP 2/86 pilot vs autopilot at 41,000 ft with failed

engine, other engines stalled, plane lost 32,000 feet [19Feb1985] (S 10 2, 12 1)

*V Simultaneous 3-engine failure reported by Captain of DC-8/73 (S 14 2)

*Vfm Boeing KC-135 autopilot malfunction causes two engines to break off (S 16 2)

$Vfme Design change caused short-circuit causing autopilot reset, premature

separation of booster from $150 million Japanese supersonic jet model at Woomera

rocket range (R 22 43)

*Vf Avionics failed, design used digitized copier-distorted curves (S 10 5)

*Vf Lufthansa A320 overruns runway in Warsaw; actuator delay blamed (S 19 1:11);

Logic flaw in braking system; fix required fooling the logic! (S 19 2:11)

mV A320 engine-starter unit overheats after takeoff, trips breakers, gave false

thrust-reverser indications, engine control failure (S 19 2:12)

*fi(e?) Lufthansa Airbus A320 incident 20 Mar 2001 on takeoff from Frankfurt (R 21

48); detailed analysis of cross-wired sidestick (R 21 96)

*V$f 727 (UA 616) nose-gear indicator false positive forces landing (S 12 1)

*Vhi USAir 737-400 crash at NY LGA; computer interface, pilot blamed (S 15 1)

!Vi Crash of USAir Flight 427 nearing Pittsburgh, 8 Sep 1994: see Jonathan Harr,

(The New Yorker, 5 Aug 1996 (S 22 1:17)

*V Tarom Airbus automatic mode switch escaped pilot’s notice (S 20 1:16)

*Vf British Airways 747-400 throttles closed, several times; fixed? (S 15 3)

*Vf JAL 747-400 fuel distribution stressed wings beyond op limits (S 16 3)

*Vf Older Boeing 747 planes suspected of diving due to autopilot design flaw;

747-400 speed reduction of 50 knots ordered; 747-200 sudden increase in thrust,

another pitched upwards; etc. (S 17 3); FAA report on possible 747 autopilot faults

relating to altitude losses (S 18 3:A15)

Vf 747 tail scrapes runway; center of gravity miscalculated by improper program

upgrade (R 19 11)

*Vf Boeing 757/767 Collins autopilot anomalies discussed (S 19 1:10)

m Pilot fixes faulty 757 nosewheel sensor in Menorca airport (R 22 85); confusion in

reporting analyzed (R 22 88-89)

**V 767 (UA 310 to Denver) four minutes without engines [August 1983] (S 8 5)

*Vf 767 failure LA to NY forced to alternate SF instead of back to LA (S 9 2)

*Vm Martinair B767 Aircraft suffers EFIS failure; instruments blank (S 21 5:15)

*V(f/m?) B777 autopilot/flight-director problems [Oct1996]? (S 22 4:29, R 18 83)

V$ Boeing 777 landing-gear weakness; strength off by factor of 2 (R 17 04)

*he Australian Ansett B767 fleet grounded due to maintenance breaches (R 21 17)

*Vf 11 instrument software failures in BA aircraft in Jul-Aug 1989 (S 15 5)

*fhi Analysis of potential risks of the Enhanced Ground Proximity Warning System

(EGPWS), by Jim Wolper (R 19 56); pilots computer literacy? (R 19 57);

relationship with GPS accuracy (R 19 57)

* Missile passes American Airlines Flight 1170 over Wallops Island (S 22 1:18)

m Fire alarms on Boeing 777 triggered by tropical fruit and frog cargo (S 22 1:17)

M Cell phone ringing in Adria Airways luggage alarms avionics; plane returns (R 21

20)

*m INCETE power ports in use in at least 1700 aircraft can result in exploding

batteries? (R 19 94)

m* High-flying hijinks: canine passenger sinks teeth into plane (R 20 54)

SHf Air Canada "Jazz" airline grounded by computer virus in flight-planning

computer, early Feb 2003 (R 22 54)

Sf/h Airline boarding pass algorithm flaw: two people with the same name (one M,

one F) assigned the same seat (R 22 70)

Sh Hong Kong passenger winds up in Melbourne, despite correct boarding pass (R 22

79)

fme Continental Airlines check-in computer foul-up (R 22 77, S 28 6:9-10)

S* Risks of "soft walls" in avionics to keep hijacked planes at bay (R 22 79,80)

..... Private plane incidents

!Vrhi John Denver plane crash linked to unlabelled implementation change over spec:

lever up for off, down for right tank, to the right for left tank; not very intuitive! (R

20 43)

*hi Crossing the International dateline becomes a navigational risk for a small-plane

pilot: failure to reconfigure navigation computer results in flying east, not west (R

22 78, S 28 6:10)

..... Airport problems

m Power failure disrupts Ronald Reagan National Airport 10 Apr 2000 for almost 8

hours; backup generator failed (R 20 87)

$fd $200M Denver airport baggage system seriously delays opening (S 19 3:5); costly

stopgap old-fashioned system planned in the "interim" (S 19 4:6); new software

7

problems for incoming baggage (R 17 61); city overruled consultant’s negative

simulation results (R 18 66)

Vdfm$ Kuala Lumpur International Airport: Risks of being a development pioneer (R

19 68); airport opens 30 Jun 1998, but baggage and check-in systems failed for

several days (R 19 84); similar events at the opening of the new Hong Kong airport

a few days later (R 19 85)

Vm Amsterdam Schiphol airport computer down for 30 minutes, major delays (R 19

85); unchecked out-of-range value (R 19 93)

V$fe American Airlines’ SABRE system down 12 hours; new disk-drive SW

launched "core-walker" downing 1080 old disk drives, stripped file names ... (S 14

5)

Vm American Airlines’ Sabre system software problem down for four hours (30 Jun

1998, evening rush hour) affected hundreds of flights across 50 airlines; second

crash in a week (R 19 84)

m American Airline flights delayed due to computer crash, 29 Jan 2003 (R 22 54)

*f/m/e? Computer error grounds Japanese flights 1 March 2003; flight numbers

disappeared from radar screens; related to system upgrade to share flight plans with

Japanese Defense Agency? (R 22 60-61)

f/m SAS new baggage system miseries at Copenhagen Airport (R 19 97)

m/f? Sydney Airport’s new $43M baggage system fails for second time in five days

(R 21 02; S 26 1:23)

m Total primary/secondary power outage at Sydney Airport leaves 20 planes circling

(R 20 94; S 26 1:22-23)

h SAS reprinted summer airline timetables for the winter, but Internet version was

correct (R 20 05)

mh Boston airport electronic display fiasco on flight to Philly (R 19 96)

m Airport security check powers up computer (R 20 55)

..... Masquerading

*VSH Miami air-traffic controller masquerader altered courses (S 12 1)

*VSH Roanoke Phantom spoofed ATC, gave bogus information to pilots for 6 wks,

caught (S 19 2:5); out-of-work janitor pleads guilty (R 15 39)

VSH Manchester (UK) air-traffic-controller message spoofer (UK) (S 21 2:21)

..... Other air-traffic control problems

*h 20-foot aircraft separation near-collision over LaGuardia Airport, 3 Apr 1998, due

to controller being distracted by spilled coffee (R 19 79,84) together with increased

error rates and radar dropouts results in FAA ordering retraining of air-traffic

controllers (R 19 79)

mhe Aeroflot plane leaving Helsinki kept disappeared from tower radar, and had

near-miss with Finnair charter, Nov 2000; newer French radar system also had

other planes disappearing; problem traced to construction work at the airport! (R

21 22-23)

fe Westbury Long Island TRACON upgrade failed test, but backup to old software

backfired (R 19 79)

*Vfm Radar blip lost Air Force One (S 23 4:21, R 19 63)

Vm* Air Force One disappeared from the Gibbsboro NJ radar twice on 5 Jun 1998,

with President Clinton en route to MIT for the commencement speech; also

reported was near-collision with a Swissair 747, missed by radar, Oct 1997 (R 19

79); Air Force Two disappeared from radar, 7 Jun 1998, and the same radar failed

with AF2 overhead 17 Jun 1998 (R 19 82)

m?f? San Francisco Airport radar phantom flights (R 21 20, S 26 2:5)

*m Faulty ASR-9 radar system failures (Boston, JFK) led FAA to inspections,

discovery of 23 further cases, and remediations (S 26 4:4, R 21 29)

f Air-traffic control woes (R 21 09, S 26 2:5-6)

fh 2002: Rash of british air-traffic control system outages in National Airspace

System (S 27 3:5, R 21 98, 22 02-03, 22 09)

f Anecdote on a then-new European ATC center 99.99% reliable (52 minutes per

year) that had already had a 20-hour down time shortly after installation: therefore

it should not fail again for 25 years! It failed at 23:59 on 28 Feb (S 27 3:6, R 22 08)

Vm Aviation near-crashes in Kathmandu (R 21 09, S 26 2:6)

*V(m?f?) Indianapolis FAA route center running on generators for a week (R 21 11,

S 26 2:6)

*h Delta plane 60 miles off course, missed Continental by 30 feet (S 12 4)

Vf SW fault in aircraft nondirectional beacon landing approach system (S 16 3)

V* New San Jose CA ATC system still buggy, plane tags disappear (S 14 2)

*Vf ATC computers cause phantom airplane images (S 16 3)

*fe Jeppesen GPS restricted-airspace navigation database corruption (R 22 64; S 28

4:6)

Vf West Drayton ATC system bug found in 2-yr-old COBOL code (S 16 3)

*Vh Open cockpit mike, defective transponder caused 2 near-collisions (S 12 1)

*Veh ATC equipment test leads to Sydney landing near-collision (R 20 24)

*Vmf More ATC problems, fall 1998: New air-traffic control radar systems fail,

losing aircraft at O’Hare (R 20 07); Dallas-FortWorth ARTS 6.05 TRACON gives

ghost planes, loses planes (one for 10 miles), one plane on screen at 10,000 feet

handed off and showing up at 3,900 feet! 200 controller complaints ignored,

system finally backed off to 6.04 (R 20 07); near-collision off Long Island

attributed to failure at Nashua NH control center (R 20 11); TCAS system failures

for near-collision over Albany NY (R 20 11); two more TCAS-related incidents

reported (R 20 12); landing-takeoff near-miss on runway at LaGuardia in NY (R 20

13); discussion on trustworthiness of TCAS by Andres Zellweger, former FAA

Advanced Automation head (R 20 13)

*f? Automation-related Reduced Vertical Separation Minima (RVSM) AIRPROX

incident over the North Atlantic, despite ACAS and TCAS (R 22 19); European

RVSM safety case is flawed (R 22 22)

*def U.S. west-coast ATC woes 19 Oct 2000 (hundreds of flights affected) and 23 Oct

2000 (loss of flight plans for Northern CA and Western NV) (R 21 09; S 26 1:22)

df$ FAA Runway Incursion System: further delays in AMASS due to excessive false

alarms (R 21 60,62)

$*fde STARS: Standard Terminal Automation Replacement Systems to replace

ARTS – as of Feb 2002, more than 4 years late, $600 million over budget, "71

specific software problems that could prevent the system from operating as

designed" and many questions (S 27 6:7-8, R 22 12)

f/m? Collapse of UK air-traffic control computer (R 20 93-94); known bugs reduced

from 500 to 200 (R 21 01)

*dV Reports on UK New En Route Centre NERC for UK ATC (R 19 18,23,69); more

on the NERC system crashes at Swanwick (S 27 6:9-10, R 22 12); safety and

human factors (S 27 6:10, R 22 13); subsequent questions on readability of displays

at the London Area Control Centre (R 22 40,44)

$ Discussion of NERC and STARS: COTS versus Bespoke ATC Systems (Ladkin,

Leveson, S 27 6:8-9, R 22 12)

*Vfm Review on air-traffic control outages by Peter Ladkin (S 23 3:26, R 19 59)

*fhm, etc. UK air-traffic control problems summarized at www.pprune.org (R 21 11)

*SHA Fake air controllers alert in UK (R 21 04; S 26 1:22)

*h F-117 stealth fighter in near-miss with UAL jet (R 21 04; S 26 1:22)

V(f/m?) Faulty TCAS behavior. Australian report shows two faulty TCAS cases: Jan

1998 near Hawaii, TCAS off by 1500 feet vertically, caused false maneuvers; Jun

1999 over China, TCAS had higher plane descending toward the lower (R 20

60,62);

*Vfm Complete ATC power failure in the U.S. Northwest, 15 Jan 1999, discussion by

Seattle controller, Paul Cox (R 20 19)

*Vmh Dulles radar fails for half-hour 23 Nov 1998 (R 20 10); discussion of air-traffic

control safety implications (R 20 11), and ensuing comments from a controller (R

20 12)

*Vh Risks of runway crossings with tight takeoff/landing schedules (R 20 10)

f Airline clock wraparound in displays: UA Flight 63 from SFO "Delayed 1 hr 39

min, Arrive Honolulu Intl 12:01am Tues Early 22 hr 35 min" (R 20 15); More

United Airlines Website flight curiosities (R 20 44)

h Couple join Mile-High Club, disrupt British air-traffic control (S 19 1:10)

h Accidentally enabled sex-aid vibrator in hand luggage causes bomb scare on

Monarch Air flight; apparently not unusual (R 20 34)

*Vm Air-traffic control data cable loss caused close calls (S 10 5)

V$SHm Attack on fibre-optic cables causes Lufthansa delays (S 20 2:12)

VmM Display lasers affect aircraft: pilots blinded over Las Vegas (R 17 55)

*VM More on EMI and RF interference from passenger devices in aircraft systems

(Ladkin) (R 19 24); still more, including discussion of Elaine Scarry article in 26

Sep 2000 The New York Review of Books( and follow-ups (R 21 04,08,11)

VSfM Case of GPS jamming of Continental flight by failed Air Force computer-based

test (R 19 71) more on GPS jamming/spoofing: British Airways flight lost all three

GPS systems while French military was testing jammers; Continental DC-10 lost

all GPS signals while Rome Lab was experimenting with jammers (R 19 74,85)

Vf/h? GPS kills 8 in air (R 20 44-45) and radar-assisted collisions (R 20 45)

@*VM Cell-phone linked to London to Istanbul crash-landing? (R 19 34,36,37)

VM Australia’s Melbourne Airport RF interference affected communications, traced

to an emanating VCR! (R 17 44)

*VM Osaka Int’l Airport’s radar screens jammed by TV aerial booster (S 12 3)

*M Cellular telephone activates airliner fire alarm (S 14 6)

Vfmhi? Aviation Risks using Windows NT avionics systems (S 23 3:27, R 19 46)

*Vfi Flawed ATC radars: planes disappear from screens; other problems (S 12 1)

hi Controller screwup causes NW 52 to Frankfurt to land in Brussels (R 17 38,40)

*Vdef Risks in the new Sydney airport control system (R 17 43)

*m Computer outage in Concorde leads to rocky nonautomatic landing (S 12 4)

*Ve British ATC 2-hr outage, 6-hr delays: faulty HW/SW upgrade (S 12 1) Computer

problems down FL ATC, slow airline flights in Southern U.S. (S 19 1:11)

*Vfmd Air-traffic-control snafus in Chicago, Oakland, Miami, Washington DC,

Dallas-FortWorth, Cleveland, New York, western states, Pittsburgh! (S 20 5:12);

Another Oakland airport radar outage 28 Nov 1995, two hours (R 17 49)

V*fm Philadelphia airport radar problems, May 1999 (R 20 42) More radar glitches

8

at Philadelphia airport 10 Mar 2000 (S 25 3:18, R 20 84)

Vhm Brief KC power outage triggers national air-traffic snarl (S 23 3:23, R 19 51)

!Vm New York air traffic slowed for 10 hrs by construction contamination (R 19 41)

*f Fall 1998 air-traffic control upgrade problems: New Hampshire (R 19 93), Salt

Lake ATC (R 20 05); Dallas-FortWorth ARTS 6.05 (S 24 1:31, R 20 07), Chicago

(R 20 07)

Vm Effects on automated traffic controls of plane crashing into 500Kv power line

near Cajon Pass; more than 1000 traffic lights out (R 19 29,30); earlier effects of

power failure in Perth (R 19 30); risks of major outages (R 19 32,33)

*Vhe Southern Cal plane crash due to software change? (S 12 1)

*Vmf Alaskan barometric pressure downs altimeters; FAA grounds planes (S 14 2)

*Vfm FAA Air Traffic Control: many computer system outages (e.g., SEN 5 3, 11 5),

near-misses not reported (S 10 3:12)

*Vf ATC computer system blamed for various near-misses, delays, etc. (S 12 4)

*Vhi Air-traffic controller errors. O’hare near-miss: wrong plane code (S 12 3)

V(f/m/h?) 2 jets in near-miss approaching LAX; Brazilian VASP MD-11 pilot blames

autopilot, others blame pilot (R 19 10)

*Vh F-16 incidents, TCAS: 4 separate risky military approaches (S 22 4:28, R 18 83)

*V$fm FAA report lists 114 major telecom outages in 12 months 1990-91; Secretary

Pena blames air-traffic woes on computer systems (S 19 4:11) 20 ATCs downed by

fiber cable cut by farmer burying cow [4May1991] (S 17 1); Kansas City ATC

downed by beaver-chewed cable [1990] (S 17 1); Other outages due to lightning

strikes, misplaced backhoe buckets, blown fuses, computer problems (S 17 1) 3hr

outage, airport delays: Boston unmarked components switched (S 17 1) More on

the AT&T outage of 17Sep91 noted below (5M calls blocked, air travel crippled,

1,174 flights cancelled/delayed) (S 17 1)

fh WashingtonDC air traffic slowed 11 Jun 1997: old wiring error (S 22 5:13)

V$fe SW bug downs Fremont CA Air Traffic Control Center for 2 hours [8Apr1992];

12 of 50 radio frequencies died [17Apr1992], reason unspecified (S 17 3)

V$d New Canadian air-traffic control system SW problems, system late, it crashes,

planes flying backwards, frozen displays, no radar,... (S 17 4)

*Vm NY Air Route Traffic Control Center computer failure (S 21 5:15)

*Vef Computer glitches foul up flights at Chicago airports (S 24 4:26,R 20 38)

@See below, general telephone problems that affected traffic control.

*$ Discussion of the implications, needs for oversight, assurance (S 17 1)

*V$m FAA ATC computers in Houston down for 3 hours; long delays (S 12 2)*

*V$rm El Toro ATC computer HW fails 104 times in a day. No backup. (S 14 6)

Vhfm Accidental power outage affects Pacific Northwest air traffic (S 21 2:21)

Vm Dallas-FortWorth ATC system power outage affects southwest (R 17 40)

Vm Las Vegas approach radar outage (R 17 41)

*V$m London ATC lost main, standby power, radar; capacitor blamed! (S 12 2)

*f London ATC goof – US ATC program ignores East longitude (S 13 4)

*f Software misdirects air-traffic controller data in Boston (S 13 4)

@d New £300 million UK air-traffic control system confronts complexity (S 22 1:18)

*Vh Commercial plane near-collisions up 37.6% in 1986; 49 critical (S 12 2)

*H Radar center controllers (So.Cal) concealed collision course info (S 12 2)

*V Jetliners in near-miss over Cleveland; wrong freq assigned, neither plane in

contact with controllers (S 16 4)

*Vid Complexity of the airplane pilot’s interface increasing (R 18 63)

*V Computer errors involved in plane crashes? (Aftonbladet) (R 18 65,66)

* Problems with below-sea-level aircraft altitudes (R 18 72,74)

h Plane takes off, flies for two hours, without pilot (R 19 47)

*Vf ‘TCAS Sees Ghosts’ (see IEEE SPECTRUM, August 1991, p.58) (S 16 4);

Traffic Alert Collision Avoidance System blasted by ATC people (S 17 1); See also

relevant discussion on human errors by Don Norman (S 17 1:22)

Vih? TCAS related collision-avoidance mistake discussed (S 18 1:24)

*f Air-traffic controller reports on potential TCAS problem (S 18 3:A15)

Vf TCAS blamed for near collision over Portland WA; previous reports of phantom

planes and misdirected avoidance maneuvers (S 19 2:12); Followup report (S 19

3:9)

*f?/+ TCAS incidents: northwestern U.S., Tehran (S 20 5:13)

? Discussion of TCAS near-miss in Southern Calif. (R 19 55,56)

!Vhi TCAS told Russian plane to climb, Swiss controller said descend; plane crashed

into DHL plane whose TCAS had prompted descent; discussion in RISKS whether

to listen to TCAS or the controller! July 2002; 71 dead (S 27 6:6-7, R 22 15,18,

Ladkin analysis R 22 19)

*Vf Chicago’s O’Hare Airport radar lost planes, created ghosts (S 17 1)

*h GAO faults FAA for inadequate system planning in Los Angeles area (S 15 5)

$ FAA drops navigation system contract (S 21 5:16)

*Vhi Four 1986 British near misses described – all human errors (S 12 2)

*Vf/m? Leesburg VA Air Traffic primary, backup systems badly degraded (S 15 1)

*Ve? DFW ATC 12-hour outage after routine maintenance (S 15 1)

*V$ Computer outages force delays in So. Cal, Atlanta (S 12 2)

* Macaque reaches 747 cockpit controls; monkey loose on Cosmos 1887 (S 12 4)

$ Travicom computerized air cargo system withdrawn; £5M lost (S 12 2)

$H Computer hides discount airline seats from agents; lost sales (S 12 2)

$f Pricing program loses American Airlines $50M in ticket sales (S 13 4)

f,h,i Ordering airline tickets on-line: Nonatomic transaction gave tickets but no

reservation (R 19 27); name confusions on e-tickets, with similar names (R 19 28)

and identical names (R 19 29)

$d American Airlines reservation system SW woes adding cars, hotels (S 17 4)

V$m Power outage causes Australian airline reservation system "virus" (S 13 3)

f Delayed DoT airline complaint report blamed on computer (S 12 3)

$ First-day snafu at new Pittsburgh Airport; BA luggage uncoded (S 18 1:25)

Vm Hong Kong Flying Service computers corroded by hydrogen sulphide (R 19 41)

$f*h British Air 10M-pound inventory system loses parts, earnings, convictions, user

confidence, nearly causes deaths, and costs legal expenses (S 18 1:9)

*?f?V? Out with pilots, in with pibots in our national airspace (R 21 96), and flocking

algorithms (R 22 01)

Rail, Bus, and Other Public Transit

!Vmh Driver killed by unanchored ballast simulating passengers in test of

"computer-controlled" AirTrain to JFK intentionally on manual around a curve;

damage to the train and to 150 feet of concrete wall as well; blame went to the

driver, not the ballast that killed him! (R 22 37)

!Vh 42 die in Japanese train crash under manual standby operation (S 16 3)

!$Vm Loose wire caused Britrail Clapham train crash, 35 killed (S 14 6)

!!$Vhi Canadian trains collide despite "safe" computer; 26 killed (S 11 2) Report by

A.M. Smiley of Human Factors North (Toronto) blames freight-train engineer for

running red signal (TNX to Mindor Sjaastad)

*Vmh Rail Canada train derailed 3 Sep 1997; early warning alarm ignored by

untrained crew, who disconnected it (R 19 94-95,97)

!Vh Southern Pacific Cajon crash kills 3; tonnage computations wrong (S 14 6)

!Vm Cannon St train crash in London, 1 dead, 348 injured, brakes failed (S 16 2)

!Vm Kings Cross passenger trapped in automatic door, killed; no alarm (S 16 2)

!V*h London commuter train crash out of Euston Station, 8 Aug 1996 (S 22 1:18)

V!*h Ladbroke British train collision, Oct 1999; driver ran red Signal 109 (R 20

59-60, 62-63)

*V(r?f?) London underground train went 4 stops with fail-safe doors open (S 16 2)

*Vrf London Docklands Light Railway crash; protection system incomplete (S 12 4)

m/f? U.K. computerized train from London halted in Chester countryside, ran

through the entire set of remaining audio station announcements, tried to open the

doors, issued false warning of fire; recycling all power for 10 seconds enabled the

computer and train to reboot (R 21 47); new computerized Amtrak locomotives

require 10 minutes to reboot, while 30-year-old Long Island RR electric trains

seem fine (R 21 48);

* Discussion of completely automated train controls (R 21 82-83)

*Vh DLR unmanned trains crash under standby manual control (S 16 3)

e DLR train stopped at station not yet built to avoid changing SW (S 16 3)

*hf London Underground wrong-way train in rush-hour (S 15 3)

*fh London Underground train leaves ... without its driver (S 15 3)

*h South Wales train leaves without driver (R 22 26)

*fh Another London Underground driver leaves train, which takes off (S 19 2:2)

@SH London Underground hacked by insider posting nasty messages (R 17 36)

*h 1928 British rail interlocking frame problem revisited (S 15 2)

*f British Rail signalling software problems, trains disappear (S 15 5)

*Vm Leaves on track cause British Rail signal failure (S 17 1)

*Vf Removal of train’s dead-man’s switch leads to new crash cause (S 17 1)

*f/h? Severn Tunnel rail crash (100 injured) under backup controls (S 17 1)

V*fm Intercom hang-up caused 1997 Toronto train collision, 19 Nov 1997; 50

hospitalized; "dwarf signals" (R 20 49)

!f Aasta trains crashed, killing 19, 4 Jan 2000; safety-critical error; report leaves

uncertainties; considerable discussion (R 21 28,30,32,36)

!Veihh Head-on train collision in Berlin killed 3, injured 20; track controls mistakenly

set to one-way traffic, overseer overrode halt signal (S 18 3:A3)

!Vm German high-speed train disaster Jun 1998 and implications; automated system

with inadequate sensors and overrides (R 19 80,81,83,89)

Vfm Berlin new automated train switching system (Siemens Generation C) fails from

the outset of its use (R 19 77)

Vf Berlin S-Bahn stopped by switching SW stack overflow (S 22 2:19, R 18 55)

Vm Berliner S-Bahn power outage took out three switching computers, shutting

down train traffic for 2:25 (R 22 53, S 28 3:5)

*feh NY City subway crash due to operator, outdated parameters (S 20 5:8)

*m Runaway train on Capitol Hill (S 24 3:26, R 20 13)

*fm Runaway remote-controlled coal train plows into NIPSCO generating station;

9

and earlier accidents; system not designed for these trains (S 27 3:6, R 21 94)

m Computer crash freezes train traffic in 8 US states (S 20 3:8)

$Vdef Stack overflow shuts down new Altona switch tower on first day (S 20 3:8)

m Paper-clip causes hard-drive overflow, triggering traffic-control computer failure

stopping trains in south Finland for an hour (R 19 10)

* Train Accident in China due to safety systems known not to work (S 17 1)

*m Control faults cause Osaka train to crash, injuring 178 (S 19 1:4)

*f Sydney train system traps man’s leg (R 21 01)

VMf$ Sydney’s new Millennium trains put on hold by electrical signal interference

problems; very complex system with other problems as well (R 22 68-70)

f/m? Computer glitch causes severe train delays in Melbourne (R 20 48)

Vm Electrocuted snake cancels 34 trains in northern Japan (R 19 88)

*h Japanese bullet-train drivers must wear hats; driver with missing hat left his seat,

and train kept running (R 21 27)

*h Japanese bullet train driver falls asleep at the controls, fails to push confirmation

button and brake; automatic brake worked (R 22 60)

*hi Amtrak mainline train collision in Maryland, Feb 1996 (S 21 4:13)

Vf/m? Amtrak ticket system breaks down (S 22 2:19)

Vrm Hurricane Floyd had widespread effects, Amtrak operations center problems in

Jacksonville affected trains in Eastern Seaboard, Chicago, Michigan; also DC

commuter rail (R 20 58); ISDN lines, ATMs, EDS (R 20 62); nationwide AT&T

cellphone service interruptions (R 20 59);

Vm/f Emergency Alert System interrupts hurricane announcement, and crashes for 20

minutes (R 20 58)

f CSX crew spots problem signal, averts collision; insulation problem? (R 21 04; S 26

1:20)

f/m Train-ticket vending machine bogus tickets; innocent victim harassed (R 19 20)

f Train reservation process confuses city codes and airport codes (R 21 51)

Vm Swedish central train-ticket sales/reservation system and its backup both fail (R

20 05)

e Upgrade to Guildford Station (Surrey, UK) software disables hundreds of train

tickets for automated gates (R 20 94: S 26 1:20)

!i Washington D.C. Metro crash kills operator (S 21 4:13)

Vmf Washington D.C. Metro Blue Line delay 6 Jun 1997; system+backup failed (R

19 22)

Vmfe Computer crash impacts Washington D.C. Metro (S 23 3:25, R 19 50)

Vf/m? Computer problems foul up the Washington D.C. Metro system; graphics

system froze (R 20 60)

fi D.C. Metro can’t label rerouted holiday trains on 4 Jul 2000: confusion (R 20 95; S

26 1:20)

mf Computer graphics system crash stalls D.C. Metro (S 26 4:4, R 21 36)

mf D.C. Metro computer crash leaves disabled riders stranded (S 26 6:9, R 21 44)

*h Atlanta MARTA commuter train jumps track, injuring 19 (S 21 5:14)

*f LIRR trains fail to trigger computerized crossing gates (S 22 1:18)

m Lightning knocks down wall of an English pub, and closes fail-safe railroad

crossing that blocked fire engines (R 19 72)

Vfm Computer crash shuts down Taipei subway (S 21 5:14) Note: Matra made

software for both Ariane5 and Taipei subway system (S 21 5:15)

V$mf Swiss locomotives break down in cold weather; SW fails (S 20 2:11)

h Swiss train disappears from tracking system (S 26 6:9, R 21 42)

*f Flaw discovered in Swedish rail control system after near miss (R 19 22)

fh Union Pacific merger aftermath: gridlock, lost trains (S 23 1:11, R 19 41)

* Japanese railway communications jammed by video game machines (S 12 3)

* Japanese train doors opened inadvertently several times; EMI? (S 12 3)

*f SF BART train doors opened between stations during SF-Oakland leg (S 8 5)

f SF BART automatic control disastrous days of computer outages (S 6 1)

*V$m BART power mysteriously fails and restores itself 5 hours later (S 12 3)

battery charger short and faulty switch subsequently identified (S 12 4)

m BART ghost train, software crash, 3 trains fail, system delays (S 22 2:19)

f BART ghost trains; 567 cases in two years (R 20 31-32)

f SF Muni Metro: Ghost Train recurs, forcing manual operation (S 8 3)

f SF Muni Metro: Ghost Train reappears; BART problems same day (S 12 1)

mM San Francisco Muni adds new communicating streetcars, has to remove old ones

blocking comms to increase service (R 19 95); Muni driver leaves car, which went

on driverless! (R 19 95)

*fm Chunnel has ghost trains, emergency stops (due to salt water?) (S 20 3:9)

Vf Phantom trains down Miami’s Metromover inner loop for 2 days (S 20 5:8)

$*H SF Muni Metro crash; operator disconnected safety controls (S 18 3:A3)

$d Washington D.C. Metro stops payments on troubled computer (S 23 4:21)

h LA Rapid Transit District computer loses bus in repair yard (S 12 2)

$f LA RTD phantom warehouse in database "stores" lost parts (S 12 2)

fhi Analysis of the Chicago train/bus crash (R 17 43)

$*f Puget Sound ferry computer failures – 12 crashes; settlement vs builder $7

million; cost of extra $3 million for manual controls! (S 12 2); Electronic

"sail-by-wire" replaced with pneumatic controls (S 15 2)

*Vm Water seepage stops Sydney automated monorail computer controls (S 13 4)

Vfh Daylight savings time changeover halts train for an hour (S 15 3)

m Risks of the modern train: lots of inconveniences (R 20 54)

..... Roller-coaster accidents and risks

*m? 42 Japanese injured in roller-coaster car crash (EMI?) (S 12 3)

*$f Computer-controlled Worlds of Fun roller coaster trains collide (S 15 3)

*$f Dorney Park roller coaster crashes; same design flaw, builder (S 18 4:2)

* Roller Coaster controls balance scariness and safety? (S 15 5)

*e Astroworld ride jams at top with reporters; untested SW change (S 16 3)

*f Blackpool roller-coaster (1) fault traps 30; (2) 2 trains collide (S 19 4:5)

*fm Malfunction shuts down computer-controlled British Airways London Eye

amusement park ride; also, a carnival ride with blue screen of death just before

rapid descent (S 27 3:6, R 21 93-94)

+? More on making roller coasters idiot-proof: automation (R 19 93)

*? A new approach to roller coasters: RoboCoaster Windows-based self-programmed

personalized rides, with six axes, 1.4 million combinations; all safe? (R 22 89, S 28

6:8)

Automobiles

!hi Driver kills cyclist while trying to save Tamagotchi virtual pet on her key ring

(R 19 67)

!$h Wilson (draw)Bridge warnings not set, truck plows into car (S 17 1); See relevant

discussion on human errors by Don Norman (S 17 1-22)

!$f? Mercedes 500SE with graceful-stop no-skid brake computer left 368-foot skid

marks; passenger killed (S 11 2)

!$f? Audi 5000 accelerates during shifting. 2 deaths. Microprocessor? (S 12 1)

*$f? Microprocessors in 1.4M Fords, 100K Audis, 350K Nissans, 400K Alliances/

Encores, 140K Cressidas under investigation (S 11 2)

fmM More on risks of microprocessors in cars (S 16 2)

*V(f?) Saturn auto assumption cuts off engine at high speed (R 21 10); Nissan also

(R 21 13)

*fm Formula 1’s string of control-system failures (R 21 48,49)

*SM Sudden auto acceleration due to interference from CB transmitter (S 11 1)

*M Sudden acceleration of Dutch bus commonplace: interference (S 23 1:11, R 19

40)

M GM sudden acceleration (31 deaths, 1121 injuries between 1973 and 1986) linked

to EMI in court; Audi cases still suspected; cars less protected than aircraft (R 19

38); note from Adam Cobb in Australia (R 19 42)

*i Handicapped’s gas pedal on left side of car leads to 3 injuries (R 22 90)

M Remote-control car starter also controls car doors, turns on heater, defroster, or

air-conditioner, up to 400 feet away (R 19 37)

*fmi The dangers of remote start on a car with manual transmission (R 22 90)

*fm MS Windows crash traps Thai politician in BMW (R 22 73, S 28 6:11)

f(i?) BMW under GPS navigation driven into Havel River (R 20 14)

i?h?f? Man trusting in-car computer directions to meeting in York in NE England

arrested for speeding, banned from driving; computer had directed him to small

village in NW near Manchester (R 22 37)

M Swedish policeman’s handheld digital radio triggered his car airbag, which hit him

with the radio unit (R 19 43)

SM Cell phones can interfere with auto systems (R 19 63)

SM Czechs ban mobile phones in gas stations (interference) (R 19 68-69)

Sf Denver car-emission testing program bypass (S 21 4:17, SAC 14 3)

$f Toyota smog-warning computer lawsuit (R 20 48)

f Germany to rely on on-board diagnostics for vehicle emission checks (R 21 15, S 26

2:7)

f$ Emissions software glitch falsely fails hundreds of older cars in Atlanta (R 20 04)

*? Fly-by-wire SAAB: joystick, no mechanical linkage, keyboard, screen (S 17 3)

*Vefm Jaguar loses all power due to faulty car phone installation (S 15 5)

*f 1986-87 Volvos recalled for cruise control glitch (S 13 3)

* General Motors recalls almost 300K cars for engine software flaw (R 18 25)

f*$ General Motors recalled almost one million cars (1996-97 Chevies, 1995

Cadilacs) for undesired airbag deployments; Chevy fix involved software change

(R 19 85)

m Sony recalls 40,000 more Vaio PCs due to defective power supply (R 22 70)

- Comments on software explosion in new automobiles (S 22 2:23)

*H Home-reprogrammed engine micro makes 1984 Firebird into race car (S 12 1)

SH Hacking of car engine computers reaches Australia (S 13 4)

*f Anti-skid brakes and computer controlled race cars? (S 12 1)

*Vrf Car with computerized steering loses control when out of gas (S 12 4)

*Vf Non-fail-safe power-outage modes – car locks (S 13 1)

10

*Vrm Experimental semi-truck micro died (EMI) when near airport radar (S 12 1)

*$f El Dorado brake computer bug caused recall of that model [1979] (S 4 4)

i?m?f? Ford/VW/Nissan cars with Microsoft dashboard Windows PCs (S 23 3:25, R

19 54)

*$f Ford Mark VII wiring fires: flaw in computerized air suspension (S 10 3:6-7)

*Vf Cadillac recalling 57,000 cars for headlights-out computer problem (S 12 3)

V$f Oldsmobile design lost: hard disk wiped, backup tapes blank! (S 12 4)

f GM blames smelly Astros and Safaris on faulty computer fuel mix (S 13 4)

*mh Computer blamed for unbalancing of tires (S 14 6)

$drf Computer traffic/revenue model problems delay Denver highway (S 17 3)

m True Value 500 lap-counters in 5 cars fail during race; no time for backup (S 22

5:13)

*m Automated Pentagon car barrier hoisted limousine, injuring Japanese Defense

Minister and five others, Sep 1998; faulty sensor (R 19 97); same gate

malfunctioned, Aug 1990, injures German defense attaché and American aide (R

21 06; S 26 1:26)

*f Problems with the Wide Area Augmentation System (WAAS) (S 25 3:17, R 20 84)

f Amusing parts inventory system overshoot: bits needed to remove spot welds from

one car by one person required purchase of entire stock of drill sets each weekend

for 3 months; result: predictive system ordered many hundreds! (S 27 3:10, R 22

05)

Motor-Vehicle and Related Database Problems

!!h Bus crash kills 21, injures 19; computer database showed driver’s license had

been revoked, but not checked? Also, unreported citation (S 11 3)

!P Stalker obtained address of TV actress Rebecca Schaeffer from Calif DMV

DBMS, and murdered her, July 18, 1989; new regulations on DB access: notify

interrogatee, then delay response for two weeks (S 14 6, R 9 18)

$SP Misused (25% of sample) computerized Calif auto registration info (S 16 4)

SHI 24 California DMV clerks fired in fraudulent license scheme (S 23 1:14, R 19 27)

SP California DMV online database reveals too much (S 27 3:13, R 22 05)

@California DMV fosters identity theft: 100,000 of 900,000 duplicate license

requests in 1999 were fraudulent! (R 21 07; S 26 1:34)

*SH California Ex-DMV worker admits altering driving records for money (S 17 1)

$SH Personal misuse of motor vehicle data by London policeman (S 17 1)

$SPH Iowa theft ring misusing license plate info, busted (S 18 1:19)

*SH British auto citations removed from database for illicit fee (S 11 2-4)

$SH Father’s desktop publishing used for bogus drivers’ licenses (S 18 3:A8)

P Risks of stored digitized photos on drivers licenses (S 19 1:9)

$f California DMV computer bug hid $400 million fees for six months (S 11 2)

$f Toronto motor vehicle computer reported $36 million extra revenue (S 11 3)

Vef NJ DMV computer system upgrade crashes on first live use (R 19 80)

hP NY State DMV accidentally cancels auto registrations (R 21 15, S 26 2:7)

V(m?e?) Massachusetts Motor Vehicle computer down after maintenance (S 14 6)

ef Massachusetts new online renewal system issues ID cards instead of drivers’

licenses to 3,600 drivers (R 22 35)

f Alaskan DMV program bug jails driver [Computerworld, 15Apr1985] (S 10

3:13-14)

f? Parisian computer transforms traffic charges into big crimes (S 14 6)

$ Georgia vehicles stopped as stolen; new tags match old ones (S 15 3)

$f New California DMV computer system issues large erroneous bills (S 16 1)

$e SW patch adds $10-30 to 300,000 auto tax bills in Georgia (S 19 3:5)

$ Chicago cars get erroneous tickets for illegal parking (S 15 3)

$h 1000 IL residents dunned for bogus parking violations (S 15 3)

$f NYC parking violations computer issues many bogus bills per year (S 15 5)

f Computer glitch mails Mass. driver’s licenses ‘en masse’ (S 22 4:29, R 18 83)

f NJ DMV computer changes drivers’ names to "Watkins Leasing Co." (S 12 3)

$ NSWales computer deregisters ALL police cars; unmarked car scofflaw (S 15 2)

i Mileage input default problem in Ill. exhaust emission enforcement (S 17 2)

$fd California DMV system upgrade botched; $44.3M deadend (S 19 3:5)

m Computer crash caused loss of scheduled taxi cab pickups (R 20 98; S 26 1:20)

..... Automated highways:

* Human risks in IVHS automated vehicles (R 19 08,10,11)

Electrical Power (nuclear and other) and Energy

..... Nuclear power:

!!!V$rh Chernobyl nuclear plant fire/explosion/radiation [26Apr1986] (S 11 3)

Misplanned experiment on emergency-shutdown recovery procedures backfired.

Fatal (at least 31), serious cases continue to mount. Wide-spread effects. (The town

of Chernobyl is now being dismantled.) [Vladimir Chernousenko, director of

exclusion zone, estimates already 7-10K deaths among the clean-up crew,

according to San Francisco Examiner, 14Apr1991, p. A-6.] ˜500,000 contaminated,

229,000 in clean-up crew (San Fran. Chron, 17Apr91); ˜8,500 in clean-up crew

dead, many others (San Fran. Chron,14Apr91,p.A10)

*V$f 14 failures in Davis-Besse nuclear plant emergency shutdown (S 11 3)

*$hrmi Three Mile Island PA, subsequently recognized as very close to meltdown (S

4 2), with 4 equipment failures plus misjudgement. SW flaw noted (S 11 3)

*$h Three Mile Island accident revisited on 22nd anniversary: Loss of

Comprehension, not just Loss of Coolant; typical of software development as well!

(R 21 31)

!!V,$ Various previous nuclear accidents – American (3 deaths SL-1 Idaho Falls)

Soviet (27-30 deaths on Icebreaker Lenin, three other accidents) (S 11 3)

*r Subsequent to Chernobyl, US Nuclear Regulatory Commission relaxed fire

isolation guidelines, enabling a fire to wipe out two systems (S 11 3)

f* US-lent Russia Microsoft nuclear monitoring software, which lost track of nuclear

materials (R 21 50)

*$ Crystal River FL reactor (Feb 1980) (Science 207 3/28/80 1445-48, S 10 3:11-12)

*Vrf Bug discovered in Shock II model/program for designing nuclear reactors to

withstand earthquakes shuts down five nuclear power plants (S 4 2)

* Nuclear power-plant safety (S 12 4)

Sfi U.S. nuclear powerplants may not have firewalls (and not supposed to be linked to

the Internet!) (R 22 90)

*$f? British nuclear reactor software safety disputed (S 14 6)

*d Untested risk management system for UK nuclear power stations? (S 18 2:10)

*$hf? Sizewell B nuclear computer safety software complexity causes concern;

Sellafield reprocessing plant computer error adds further concerns (S 17 1) Official

report summarized. Maintenance work underway. Two shield doors left open.

Waste raised. Plant still shut down, more study. (S 18 1:27) See also Dolan (R 15

58) and Parnas (R 15 59) on software testing.

fff Czech Temelin nuclear plant problems: vibrating turbine causes three-month

shutdown; restart again shut down due to software flaw; 23rd shutdown since

beginning of operating tests (R 21 64)

*$f? French nuclear power software safety considered error-prone (S 15 1)

*Vm Oswego NY Nuclear reactor offlined by 2-way radio in control room (S 14 5)

VSMr Interference downs Iowa nuclear power plant (2nd time) (S 18 1:12)

*f SW error at Bruce nuclear station releases radioactive water, and raises questions

about Darlington (S 15 2); more on Darlington, shutdown SW difficult to modify,

verify (S 16 2); still more (R 22 87)

* Fuzzy control in nuclear reactor startup/shutdown (Omron FZ-1000) (S 16 3)

*r Nuclear Regulatory Commission Emergency Response Data System vulnerability:

only one modem (R 20 11)

*hhf Report by Chiaki Ishikawa on Japanese nuclear accident, with significant

radiation release: a case study of bad design (R 20 61)

*f Grenoble neutron reactor 10% over limit; equations wrong and instrument

miscalibrated, ordinary not heavy water assumed in both cases! (S 15 2)

$df New French reactor’s distributed computer system abandoned (S 16 2)

*$VSH Lithuanian nuclear power-plant logic bomb detected (S 17 2)

Vhi 20 of 59 Soviet N-Plant shutdowns 1st half 1991 due to ‘human error’ (S 16 4)

f (Assumed) false alarm at San Juan Capistrano nuclear plant (S 16 4)

*Vf Power surge shuts down 9 Mile Point nuclear station Oswego NY; uninterruptible

backup power fails as well; site area emergency triggered (S 16 4)

$* Tolerability of Risks from Nuclear Power Stations (report) (S 18 1:11)

* Northeast Util. Millstone 2 nuclear power problems, underreporting (S 19 4:7)

Vhi Xerox machine caused nuclear-power plant emergency halt (S 21 5:16)

VSH Florida nuclear controls "vandalized"? Switches glued (R 18 35)

*H More than 150 cases of falsified reports on welds in nuclear-power plants. (R 19

39)

@eh Pilgrim nuclear plant Y2K readiness questioned by NucRegComm (R 20 40)

*+/- California’s Diablo Canyon 1 nuclear reactor auto shut down releases some

radioactive steam; shutdown worked properly (R 20 89)

*f Australia’s Beverly uranium processing plant software bug blamed in radioactive

spill (S 27 3:6-7, R 21 90)

h Accidental alert spooks Vermont Yankee nuclear plant neighbors (R 22 44)

..... Nonnuclear power:

!m,h Electrocution leads to more deaths (R 21 15, S 26 2:7)

hd Grid-lock: Software missing, California electric power deregulation delayed (S 23

3:25, R 19 52)

VSHO Calif. PG&E power substation damaged; note links attack to McVeigh verdict

(R 19 21)

mf$ "Heading off emergencies in large electric grids" (IEEE Spectrum article, April

1997, pp.43-47) (R 19 09)

@$* Risk: Analysis, Perception and Management (report), assessing the worth of a

human life around £2M to 3M, .5M in Transport Dept. (S 18 1:11)

*V$r 9 Nov 1965 Northeast power blackout (NY, PA, VT, Conn, Mass) due to

11

set-too-low threshold being exceeded; roughly 13 hours to recover

*V$r 13 Jul 1977 power blackout (lower NY state) took twice as long to recover from

as 1965: up to 26 hours

*$Vhmfir 14 Aug 2003 massive northeast power-grid overload blackout; recovery

took up to 44 hours to get most but not all power back (R 22 85-86, S 28 6:6);

computer failures led to NE US blackout (R 22 90); pithy analysis of the bigger

picture of critical infrastructure vulnerabilities: The Road to Vulnerability, Patrick

Lincoln (R 22 86, S 28 6:6-7)

*V$f Power blackout of 10 Western states, propagated error [2Oct1984] (S 9 5)

*V$mh Western U.S. power blackouts, more propagated effects [2Jul1996] (R 18 25,

S 21 5:13); apparently, initial report of outage from tree touching a power line was

not relayed: operator could not find the phone number to call!

*V$mhf West-coast summer power losses: 10 Aug 1996 affected 8 million accounts

in 8 states, parts of Canada and Baja, with major outages, air-traffic effects; many

interlinked causes. 13 Aug outages included Palo Alto shutdown due to erroneous

signal (S 22 1:16); Palo Alto outage fried the Cable Co-op Playboy channel

scrambling chip, programs went out in the clear (S 22 1:17); Stanford outage 10-11

Oct 1996 takes down Silicon Valley Internet connectivity, newpaper Web sites;

caused by rats, explosion (S 22 1:16) (R 18 27-29,34); Claims that the 2 Jul 1996

outage could not happen again (R 18 32)

VSH(O?) 3.5-hour San Francisco power blackout 23 Oct 1997 blamed on sabotage (S

23 1:13, R 19 42)

V$m Downtown Chicago hit by electrical blackout, 12 Aug 1999; 3 of 4 transformers

down, plus high-voltage cable (R 20 55)

$Vh Power-plant apprentice’s mistake melted down $500,000 transformer, blacking

out Palm Beach; west-bus switch turns on cooling system; east-bus switch closed

first, in another room (R 22 22)

*V$hm Another San Francisco power outage: SFO Airport, Pacific Stock Exchange,

rapid transit down, 1 million customes affected (S 24 3:25, R 20 11)

$me Huge 2003 London blackout caused by using 1-amp fuse instead of 5-amp fuse

(R 22 91)

m Scotland Yard power-outage chaos: all phones out, police emergency call logs

failed (R 22 77)

*$Vm Auckland NZ without power for weeks; El Nino drought affects cables (R 19

61); Auckland major power supply failure (4 power-cable failures): analysis report

released (R 19 88)

m Remote line break leaves San Juan Puerto Rica without power (R 21 04; S 26 1:21)

Vm Power cut in northern India hits 226,000,000 people (R 21 18)

Vm Power cut blocks emergency calls (R 21 16)

*V$ Don’t forget the 6-week power outage in Quebec in winter 1996-97 due to

massive collapse of heavily iced transmission towers, which had massive effects.

Although it was not directly computer related, whoever designed the towers

certainly did not allow for reality as the weight of the ice was way over the

designed load.

*Vrfm Maine Emergency Broadcast System fails: no emergency power (R 19 55)

V$m Intel shut down by power-company software bug, 5-hour outage (R 18 02)

*m Jan 1994 L.A. earthquake power failure affects Pacific NW (S 19 2:3)

Vm$$ Chicago Loop tunnel flood blows power, computers, comm 13Apr92 (S 17 3)

m 22-state PULSE ATM network completely disabled by Houston computer center

flooded by Tropical Storm Allison (R 21 47)

*Vf Ottawa power utility loses working three units to faulty monitor (S 11 5)

V$fdmh $25M Australian power system runs amok; damages = $1.5M (S 20 2:11)

*VSi Misdirected phone call shuts down local power (S 20 3:7)

*V$rma Squirrel arcs power, downs computers in Providence RI (S 12 1)

V$rma SRI attacked by kamikaze squirrel who downs uninterruptible power (S 14 5)

Vrma 4th SRI squirrelcide causes 8-hour outage, surges, system rebuild (S 20 1:17)

Vrma$ 5th SRI squirrelcide causes 18.5-hour institute outage, knocking out

cogeneration power and disconnecting from utility power (R 19 96); earlier cases:

see (R 17 91, R 18 52-53).

Vm Another SRI-wide power outage "caused when Cogen staff pressed the wrong

button and took the facility off-line." (S 27 1:9, R 21 72)

ma Another squirrelcide: San Jose Airport power cut (R 20 87)

V$rma Squirrel attack brings down Walla Walla (S 21 2:17)

Vrma Squirrel knocked out Trumbull Connecticut infrastructure computer center (S

22 1:17)

Vma Racooonoitering causes power outage at UC Santa Barbara (R 21 11)

Vrma Snail causes Liechtenstein’s cable TV system to fail (S 22 1:17)

Vrma Kamikaze raccoon downs cold fusion experiments (S 14 5)

Vrma Rat bridging connector downs U.C. Berkeley campus power (S 19 4:6) @Also,

see Nasdaq squirrel outages (S 13 1) and (S 19 4:5-6)

Vrma Rat-induced short-circuit at Barranquilla airport closes airport (R 19 38)

Vrma Rat-patrol cat in Dhaka, Bangladesh, shorted out power station control room (R

19 74)

Vra* House cat kills power to commercial district in Dhaka Bangladesh (R 19 67)

("Un chat" in the dark?)

Vmr Fire ants enjoy the comfort of electrical equipment (R 19 17-19)

Vrfh Vacuum cleaner interrupts uninterruptible power (S 19 3:8)

*Vm Reactor overheating, low-oil indicator; two-fault coincidence (S 8 5)

Vhi Trainee raises false alarm on utility emergency printer (S 12 3)

Vmf Fire risks compounded by loss of residential power; alarms and cordless phone

ran off house power (R 19 82)

- Booming computer firms are running out of power (R 20 98)

- Russian troops override power shutoff for unpaid bill affecting missile base (R 21

05; S 26 1:21)

!h Illinois man dies after utility cuts power for arrears (R 20 95; S 26 1:21)

..... Natural Gas

Vm One-meter ice block in main gas supply knocks out 1/4 of gas in Victoria,

Australia, with secondary power losses (R 19 81)

V*hm UK Cable-and-Wireless employee accidentally cut gas line while repairing

phone line (R 19 96)

V*m Esso natural gas plant explosions in Victoria, Australia, killed 2, requires 5M

people to shut off gas, despite three other plants (R 20 01)

Medical, Health, and Safety Risks

..... Various hospital and health-care problems

!hrife Therac 25 therapeutic accelerator programming and operational flaws; 2 [now

3] killed, 3 injured (S 11 3, 12 3); see also Ivars Peterson, Science News, 12 March

1988; Jon Jacky, The Sciences, NY Acad. Sci Sep/Oct 89. See the definitive article

by Leveson/Turner, An Investigation of the Therac-25 Accidents, IEEE Computer,

July 1993, pp. 18–41: 2 deadly flaws: a nonatomically edited command line whose

effect did not complete within 8 seconds, a six-bit counter that when zero bypassed

the collimator check. Hardware interlock in Therac 20 eliminated.

!h Therac-like failures: Data-entry errors kill five patients in Panama (S 26 6:8, R 21

49)

!(ei?) Zaragoza Spain cancer radiation mistreatment; at least 3 died (S 16 2)

*hi Cancer therapy missed tumor sites in 10 Australian patients (R 22 78, S 28 6:9)

!hi Duke Hospital surgeons transplant mismatched organs; fail to check blood type (R

22 58-59)

*f Brit. hospital radiation underdoses by 30% due to SW bug (S 17 2, 19 1:3)

*Vm Possible Varian radiation therapy risks: run by 3 Windows 2000 PCs, crashes,

schedule delays (S 27 1:8-9, R 21 74)

*i X-ray machine risk due to mm vs cm units confusion (R 21 67)

!*h Flying oxygen tank kills MRI exam subject (R 21 55) – 16 safety lapses

subsequently cited in internal report; earlier case also reported of police officer’s

gun yanked out of his hand and fired (R 21 55); Hospital fined $22,000 (R 21 67);

New England Journal of Medicine article cited (R 21 68)

!h$ 3 patients die when Russian hospital omits utility payments (R 20 25)

!(f?)(h?)(i?) Robot malpractice? da Vinci robot remotely controlled by doctor from

screen accidently cut aorta and other blood vessel; patient died (R 22 36)

*Vm Risks of an ‘uninterruptible power supply’ that wasn’t: baby born by torchlight

(R 21 09)

*Vm Fuse caused a hospital to disconnect from the power grid (R 20 11)

$V Cost-cutting endangers hospital power (R 22 26)

Vrm Power outage leaves hospitals in the dark; inadequate backup (S 24 4:26-27, R

20 25)

!fh Woman killed daughter, tried to kill son and self; "computer error" blamed for

false report of their all having an incurable disease (S 10 3:8)

!Vhri Girl electrocuted by heart-monitor plugged into electrical outlet (S 12 1)

m Seizure-inducing video hospitalizes 650 Japanese youths (R 19 51)

[!h bogus] Report of cleaning person inadvertently killing patients (R 18.28,29); story

later apparently debunked (R 18 72)

mfhi "When Doctors Make Mistakes" (The New Yorker, 1 Feb 1999) considers user

interfaces on defibrillators, design variations in anesthesia controls (R 20 18)

rfhm Computer-based patient monitor problems: improvements still needed in

anesthesiology (R 20 49-50)

*+/- Open-source anesthesia software (Salon, R 20 52)

*VmM? Medical monitors reboot in mid-surgery due to EMI? (R 20 49); other

medical risks (R 20 51-52)

*fV Laser eye surgery risks (S 26 6:8-9, R 21 59)

*f The benefits and risks of robot surgery; hip/knee replacement robot criticized (R 22

90, S 28 6:7)

V*m Clinical disruptions following loss of telephone service (R 20 50)

h* Medical paper retracted following discovery of programming error (R 20 48);

Statistical errors in medicine (R 20 49); Misplaced priorities with electronic

hospital records (R 20 50)

12

*fmd Life-threatening flaw in implantable cardioverter-defibrillator and other

life-threatening medical equipment failures (R 20 48); Complexity and Safety in

Medical Electronics, Dr. John Doyle (R 20 53)

*fh Clinac 1800/2100C interlock boards switched, some calibrations x2 (S 16 4)

*fi Risks of false alarms in medical systems; disconnected alarms (S 19 2:3)

@*SHI Hacker-nurse unauthorisedly changes prescriptions, treatments (S 19 2:5)

h Bremen hospital computer uses financial bottom-line whether to give intensive care;

local government objects (R 18 84)

$ Walter Reed Hospital health care system botches prescriptions, lab orders; access to

narcotics not secure; increases doctors’ workloads (S 17 3)

mf California outage causes prescription mix-up (R 22 64; S 28 4:6)

$f NY Blue Cross system confuses patients with same gender, birthdate (S 17 3)

m Harvard Pilgrim HMO scheduling system creates chaos (S 21 4:13)

@f/h? Empire Blue Cross/Shield glitches necessitate $50M write-off (S 18 3:A5)

i Infirmary patient mistook painkiller button for call button (S 18 2:5)

*rf Blood test for man born in 1889 "normal" (for 1989 birth!) (S 15 2)

*f Medical SW fails to identify high cancer risks in British women (S 17 3)

!$dfh London ambulance service SW development woes; major test fails (S 17 3)

Complicated system, incomplete training, "wartime action room" (S 18 1:26) Up to

20 deaths from delays, worst case 11 hrs (S 18 1:28); LAS made ‘virtually every

mistake in the book’ in implementation. (S 18 2:9)

*Vf 100 US hospital computer systems die; 2**15 days after 1/1/1900 (S 14 6)

$ Computer delays cost Nottingham Hospital over £300K (S 17 1)

*f Three medical product recalls due to software errors (S 14 5)

*f Overseeing dementia patients by computer: conflicting advice (S 16 4)

*f Multipatient monitoring system recalled; mixed up patients (S 11 1)

*f Diagnostic lab instrument misprogrammed (S 11 1)

*fi AI medical system in Nevada gave wrong diagnosis, overdose (S 11 2)

$* 2nd mammogram after first botched causes health insurance denial (S 16 3)

f Doctor phone analysis skewed by inability to register long waits (S 18 2:13)

*h Nondial emergency phone gives recording to DIAL another number! (S 15 2)

*SHi Rochester General Hospital disowns Web site heart-attack info (R 20 83-84)

f/m/h/i/+/- Fascinating article on reducing risks to hospital patients; only 1 in 20

involved human error with most of the rest being caught in time; computer program

cuts mistakes; only 1 in 80 adverse drug events reported (R 21 69)

*m Helsinki Health Department Pegasos computer system down; hand-written

recording slows down treatment (R 22 55)

*Hi Large surgical tool left in woman’s stomach for 4 months, equipment audit

ignored (R 22 44,46)

*hi Inappropriate human-machine interface on medical device: suction pump to

remove fluid from infected wound (R 22 62)

*m$ Computer crashes threaten Beth Israel Deaconess Medical Center operations (R

22 62, S 28 3:5); caused by research effort flooding the local network (R 22 64)

m/h? Toronto public health computer accidentally erases many immunization records

(R 22 62, S 28 3:5)

*m Girl suffers 2nd-degree burns after laptop explodes (R 22 50)

*(!)m Failure of electronically controlled of operating table during heart surgery (R

22 60)

* Deep-vein thrombosis case results from 18-hour days of computer use (R 22 53,58)

SM TETRA radios pose some risk to hospital equipment (R 22 55)

..... Pacemakers, interference, etc.

!SrfM Arthritis-therapy microwaves set pacemaker to 214, killed patient (S 5 1)

!SrfM Retail-store anti-theft device reset pacemaker, man died (S 10 2, 11 1)

!*f$ Heart pacemaker and implantable cardioverter defibrillator recalls and alerts

involve 520,000 devices (S 26 6:8, R 21 60)

*VSrfM Electrocauterizer disrupts pacemaker (S 20 1:20)

*Vrif Pacemaker locked up when being adjusted by doctor (S 11 1)

+M Improved designs (including sealed titanium cases) have reduced the likelihood

of RF interference. See Design of Cardiac Pacemakers, John G. Webster (ed.),

IEEE Press, 1995, pp. 207–211.

*Mi Japanese woman’s rice cooker reprograms her pacemaker (R 22 67)

!VrSM Cellular/radio RFI affects medical equipment; defibrillator fails;

TV-RFI-altered diagnosis leads to unneeded pacemaker (S 19 4:7)

SMVf Digital mobile phones can phreak pacemakers (R 22 77)

+M RF risk turns pacemaker failure into accidental life-saver (S 19 4:7)

*Vf Risks of flaws in programmable defibrillators (R 19 50,52,53)

i Heart-monitoring software interface problem (R 18 49,50)

*SM Stereo speaker risk to heart device (S 14 5)

*Vm Failed heart-shocking devices due to faulty battery packs (S 10 3:7-8)

*VrM Medical electronics RF susceptibility: triggers hospital alarms respirators

failed because of portable radio interference (S 14 6)

VrSM New HDTV signal shuts down Baylor heart monitors on same frequency (R 19

62)

!SrM Miner killed by radio-frequency interference (S 14 5)

..... Chemical health hazards

! Higher miscarriage rate for women in computer-chip manufacturing (S 12 2)

!* Reports on miscarriages in U.S. chip workers, Finnish VDT users; effects of

Nintendo and other games on epilepsy (S 18 2:10)

* "Dirty Secrets" of chip industry: hazardous chemicals (R 19 55)

*f(h?) Computer flaw drops chlorine level, makes water undrinkable in Lewiston ME

(S 24 1:32, R 19 92)

..... Electromagnetic and other occupational hazards

*f/h US occupational hazards much worse than in Europe? (S 14 6)

*m Video display terminal health safety a continuing concern (S 11 3, 11 5); Series of

three articles in The New Yorker by Paul Brodeur, 12-19-26 June 1989 Article on

VDT Radiation, Paul Brodeur in MacWorld (S 15 5); VDT health effects discussed

in K.R. Foster book chapter (R 14 70, S 18 4:5)

*m Scandinavian study shows magnetic fields increase leukemia risks (S 19 1:3)

? Mobile phones cause memory loss? (R 20 23); Italian hospitalized for "acute

Internet intoxication" (R 20 24) Studies continue to show possible health hazards

from cell phones.

* Computer noise linked to stress, especially in women (S 15 5)

*f Killer terminals –teletypes (old) and Televideo 910s (S 14 1)

* Repetitive strain injury, other risks in video terminal use (S 12 2)

$ British Telecom pays £6000 for repetitive strain settlement (S 17 1)

$ Apple settles RSI claim, after lawyer’s error; IBM off the hook (R 16 86)

$i Three awards (largest $5.3M) for arm, wrist, hand injuries attributed to Digital

LK201 keyboard (R 18 66); references on RSI (R 18 68); Judge overturns all but

smallest verdict in Digital keyboard case (R 19 14); a New York jury ruled Digital

was not responsible for 9 workers’ RSI cases (R 19 82)

* Carpal tunnel syndrome (R 10 12,10.14), ulnar nerve syndrome (R 10.13)

*$ Long Island county legislation on VDT Use (S 13 3)

* VDTs and dermatology: rosacea, acne, seborrheic dermatitis, poikiloderma of

Civatte. Medical article, useful references. (S 13 4)

* VDTs and deterioration of eye focusing (S 13 4)

* Health risks from dusty computer displays (R 18 21,23)

* Glass cleaner causes static sparks, PC fires (S 13 2)

!$ 2 Compaqs (Portable II) exploded after battery circuits rewired (S 12 1)

*V GPS receiver explodes; PLGR violent venting at Fort Irwin (R 18 32)

* Health hazards attributed to laser printers (S 12 1)

@m Display lasers affect aircraft: pilots blinded over Las Vegas (R 17 55)

*f Dangers of computerized robot used in surgery (S 10 5)

* Computer use and extension phones linked with weight gains (S 15 3)

m*? Risks of computerized Japanese toilets (R 20 51-52)

*!h Trash compactor kills shoplifter; original story on automatic initiation incorrect

(R 20 90-91)

..... 911 problems

@!Vhi Death of 5-year-old boy due to SF 911 computer equipment failure (S 12 2)

Ultimately blamed on terminal operator failing to press a button.

!f CADMAS 911 dispatch SW problem contributed to woman’s death (S 16 1)

@!f Emergency dispatch EMS SW truncates address, man dies (R 11 55,57,60)

@!f 911 software discarded updated address in fatal Chicago area fire (S 17 1)

!Vfmh NYC 911 system crash during backup generator test: backup failed for an

hour, main for 6 hours (R 20 19)

m Los Angeles 911 system with no alternative power fails for 17 hours, but backup

system worked! (A novelty in RISKS archives!) (R 20 03,07)

m Wet cable leads to 120 false 911 calls (R 20 10)

h? Fort Worth TX police computer makes 1,300 invitational calls in the wee hours:

"reverse 911" (R 20 23)

Vm* Small fire escalates into major disruption for 113,000 Toronto phone lines, with

resulting protracted outages including 911 services (R 20 49,51)

Vf/m/h? Glitch misroutes Nevada 911 calls to San Diego CHP (R 20 62)

Vm Water line break closes 911 center & police department (S 27 3:7, R 21 89)

hf 911 computer fails to find "street address" for stricken tourist at DC FDR

Memorial (R 21 40)

!fh Botched 911 call led to man’s death: incomplete database (R 22 87)

e Laptop configuration screwups and accidental 911 dialing (R 21 57,59); more on

accidental 911 calls (R 21 92)

!hi 911 emergency operators drop call from rowboat occupants with unrecognizable

location (Long Island Sound) (R 22 58-59)

*f Emergency 911 call from cell phone can be routed to wrong service (R 22 67)

..... Database and system issues

fe Risks in SEVIS foreign students database: files accidentally or ‘misplaced’ block

re-entry, inability to do upgrades, random crashes (R 22 81)

$de Old data systems a health-care burden; one-third of health-care costs in

adminstration (R 22 54, S 28 3:5)

13

@$deh $35M San Mateo California health system upgrade is a downer; receivables

backlog over $40M; blame scattered (R 20 98)

SHI DMV security code disclosed at hospital in New Haven (R 18 28)

$SHAI Mass. hospital technician accessed ex-employee’s account, accessed 954 files,

harassed former patients, raped girl (R 17 07, SAC 13 3)

SHI 6000 AIDS records stolen from Miami hospital PCs and diskettes (S 19 2:9); bad

prank follows (S 20 5:10)

SHI 4000-person AIDS database leaked to press, Pinellas County, FL (R 18 48,53);

former Health Dept employee and roommate charged (Reuters, 15 Feb 1997)

f SW error almost doubled apparent death rate in St. Bruno, Canada (S 15 3)

P Confidential medical records sold at auction (S 16 4)

fe Hospital computer listed 8,500 discharged patients as dead, and informed

insurance companies and Social Security Admin; mapping error in database

conversion (R 22 55-56)

e Combatting data extinction resulting from unreadability caused by dead

technologies (R 22 89)

..... More safety risks

! Man dies after playing computer games non-stop for 86 hours in Internet cafe (R 22

30)

*f New UK Millennium Bridge closed after one day, alarming instability despite

extensive simulation; resonant frequencies at walking speeds! (R 20 93,95)

*fe Risks on Auckland harbour bridge: no signal defaults to "lane open"; wait for a

power outage! (R 22 27)

*f Risks in scuba equipment (S 26 6:10, R 21 41)

*f$ Product recalls and class action lawsuit against Uwatec, Scuba Pro and Johnson

Outdoors over faulty assumption in 1995 model Aladin Air X Nitrox scuba-dive

computer (R 22 57); further discussion (R 22 76)

- Internetomania: psychology of net usage (S 23 5:26, R 19 78)

*fm? Medical image compression problems discussed (S 16 2)

S Actress Margot Kidder’s breakdown reportedly triggered by computer virus’ lost

files (R 18 46)

h EverQuest game program is the "digital version of crack": highly addictive? (R 20

52)

!h Woman electrocuted in hotel; faulty air-conditioning? (S 20 5:9)

!f [bogus] 2 dead, 1 brain-dead from Chilean bank terminal [Weekly World News] (S

12 2)

mf? Baby death due to software-controlled air bag deactivation? (R 20 28)

* Computer CPU falls on man’s foot (S 12 4)

* High-power laptop injures lap: hot stuff! (R 22 39)

+ E-mail between Bordeaux and Minneapolis rescues a suicide attempt (S 18 1:6)

+ Microchip in dog tag identifies Australian boy (S 19 1:3)

Other Environmental Risks

!Vem(SA?) June 1999 fatal 16-inch pipeline rupture in Bellingham WA spilled

237,000 gallons of gasoline, which ignited; blamed on unexplained unreproducible

SCADA system slowdown just after new database records added; one account for

all operators; modifications performed directly on live system; error logs apparently

not watched (R 22 36,40)

(!)*$$hif Exxon Valdez oil tanker on autopilot runs aground with captain absent;

worst oil spill in US history; computer records deleted (S 14 5)

*fh Automatic speed reduction causes New Orleans Bright Field crash (S 22 2:19)

*f/h Computers blamed each time, 3M, 5.4M, 1.5M gallons of raw sewage dumped

into Willamette River in three separate incidents (S 13 3, 13 4)

(f/m/h?) Computer-related sewage release into Massachusetts Bay (R 21 08; S 26

1:18)

h GPS setup error affects dredge dumping in California (S 24 4:27, R 20 30)

rfh 1993 Midwest flood-warning problems; operations, models flawed (S 18 4:5)

*m Warning system failed during Southern Maryland fatal tornado; number of

counties to be warned exceeded programmed limit (S 27 6:10, R 22 17)

h/f? Orlando newspaper forces stormwater tax delay; computer blamed (S 17 2)

* Smoke ban in India brings back mosquitos, malaria (nontech risk) (S 19 4:7)

@*f Ozone hole over South Pole observed, rejected by SW for 8 years (S 11 5)

@fm Channel blocked, Discovery runs out of storage for ozone data (S 18 3:A14)

Robots and Artificial Intelligence

@!(f?)(h?)(i?) Robot malpractice? da Vinci robot remotely controlled by doctor

from screen accidently cut aorta and other blood vessel; patient died (R 22 36)

!m Japanese mechanic killed by malfunctioning Kawasaki robot (S 10 1, 10 3:7)

(Electronic Engineering Times, 21 December 1981)

!m At least 4 more, possibly 19 more robot-related deaths in Japan (S 11 1)

!mM? 6 of these deaths due to stray electromagnetic interference? (S 12 3)

!m Michigan man killed by robotic die-casting machinery (S 10 2, 11 1)

! [bogus] Chinese ‘AI’ computer electrocutes its builder (S 10 1) [WWN]

!f [bogus] Computer electrocutes chess player who beat it! (WWN) (S 14 5)

* Two cases of robot near-disasters narrowly averted by operators (S 11 3)

V(!) Budd Company robot commits suicide by dissolving its electronics (S 13 3)

$hi Programmed tunnel-digging robot runs amok (a-muck), $600,000 to fill hole (S

22 5:13)

f Servant robot runs amok, winds up in court (S 11 5)

f NBC network-news robot camera runs amok during broadcast (S 13 3)

$S Risks of on-line robotic SW repair: SoftRobots (S 12 4)

Vmf? Stanford robot veered off course, fell down stairs (S 18 1:7)

V$m Fiber cable snap ends Dante robot only 21 ft into Mt Erebus volcano (San

Francisco Chronicle, 3 Jan 1993, p.B-6)

V$m Dante II robot explores Mt Spurr plagued by problems: bear chews on antenna;

power loss; topples over; tether snaps; finally helicoptered out (S 19 4:5)

f Hospital delivery robot blocks exit from elevator (R 20 42)

*Sr Thai robot has Web interface controlling a gun; risky! (R 21 02; S 26 1:19)

*Sr(f?) USAF self-triggering robotic weapon system: airborne laser on a Boeing 747

(R 21 20, S 26 2:5)

Other Control-System Problems

!!$r,h? 1983 Colorado River flood, faulty data/model? Too much water held back

prior to spring thaws; 6 deaths, $ millions damage [NY Times 4Jul1983]

* Fishermen rescued after Vancouver area dam malfunction (S 27 6:11, R 22 14)

f?h? Computer glitch causes false dam failure warning (R 22 75, S 28 6:7-8)

*m Topeka KS water treatment outage (S 26 6:9, R 21 43)

!mfV In emergency override during Tropical Storm Allison, elevator in the BofA

building in Houston goes down, drowning its occupant even before reaching the

bottom; perhaps a good strategy in a fire, but not good in a flood (R 21 47)

[Apparently not quite correct, drowning occurred after walking down to the garage.

] Alan Wexelblat’s Law cited in an article by Joel Garreau in The Washington Post,

31 Aug 2001: "When it comes to technological arrogance, nature has a nasty sense

of humor." (R 21 65)

!mfV MIT elevator stopped moving on a floor at which there was a fire, roasting the

occupants (early 1970s, noted by Henry Baker)

*mV Computer malfunction floods Boulder garages and basements (S 23 1:11, R 19

34)

!fe 2 Ottawa elevator deaths; interlock logic bug; flaw unfixed after first death (S 14

5): first death (R 8 48-50,52-54); second death (R 8 77); failure to fix known

problem (R 9 01); third death noted (R 22 89)

!m Man decapitated after being caught by Houston hospital elevator door (R 22

87,89, S 28 6:7)

*MV RFI and elevators (R 8 57,58,61,63

* Safety risk in elevator door closing algorithm (R 10 74)

*SPe Woman locked in Newcastle-upon-Tyne computerized Cyberloo rescued by fire

brigade ripping off the roof; elevator escape hatches welded shut to prevent dangers

to children (R 21 35)

!mV Computer-controlled computer-room door kills South African woman (S 14 2)

!f ALCOA worker killed in interaction with automated guided vehicle (S 16 1)

*$fm Computer-related British chemical industry accidents: watchdog program fails;

other SW errors; operator overloads; maintenance error (S 14 2)

*$rh Union Carbide leak (135 injuries) exacerbated by program not handling aldicarb

oxime, plus operator error [NY Times 14 and 24Aug1985] (S 10 5) [This was after

the 3 Dec 1984 Union Carbide Bhopal pesticide plant incident, which killed more

than 3000 people and injured 200,000; many others have died since of gas-related

illnesses.]

*$h Dutch chemical plant explodes; input error gives wrong mix (S 18 2:7)

*m Power surge ignited high-voltage transformer; ensuing fires caused evacuation of

Australian steelworks (R 19 48)

*$fe During SW maintenance Alta Norwegian flood gates open in error (S 12 4)

!? Automated toilet seat in Paris killed child??? (S 12 2)

V$f 3 computer crashes rupture Fresno water mains, 50 plumbing systems (S 14 1)

V$f Stanford collider shut down due to innate complexity (S 13 4)

$f "Redundant" air-conditioning system with a single thermostat (S 14 2)

f Computerized air-conditioning bugs chill employees (R 21 05; S 26 1:26)

$f Computer controls tear movable Olympic Stadium roof in Montreal (S 13 4)

$f Toronto SkyDome movable roof open and shut case: software problems (S 14 5)

*$m 8080 control system dropped bits and boulders from 80 ft conveyor (S 10 2)

(Someone later suggested it was really 2 wheelbarrowfuls of gravel!)

*f Automatic doors lock up Amsterdam patrons in new building (S 14 1)

$h Welland Canal Bridge (not remotely controlled) lowered too soon, clips off top of

wheelhouse of freighter Windoc, which caught fire (R 21 61); incidentally, in 2002,

14

Windoc broke loose from its mooring in 130-kph winds, drifting 5km (R 21 95)

*m Shorts open Seattle drawbridge without warning in rush-hour (S 15 2)

f Dover DE drawbridge computer failure blocks traffic for 1 hour (S 18 1:8)

df Seattle drawbridge control: manual automatic system for safety! (S 20 1:16)

fm Automated bridge in Kupio Finland sticks in the up position (R 17 32)

*m Ghost bridge traps motorist in Kropswolde (R 20 43)

$f Restaurant orders on-line; computer crash overcooks steaks (S 12 2)

h Sydney Restaurant computer data wrong, menu items transformed (S 13 4)

m Saab Story: Cars rolling off the assembly line in empty factory (S 19 1:4)

$fi Ship runs aground; reverse-logic steering problem? (S 15 1)

*f/m Apparently uncommanded rudder movement in cruise liner injures passengers

(R 22 64; S 28 4:6)

m Royal Majesty runs aground due to GPS antenna failure (S 20 5:8)

*f Hard-left cruise-ship’s autopilot blamed for sharp turns (S 26 6:10, R 21 41)

f Titanic photo expedition control program erratic (S 11 5)

!$ Trawler Antares sunk by submarine; computer showed 3mi separation (S 17 4)

*$rh? QE2 hits shoal; 1939 charts off by 7 feet? (S 17 4)

m/h? Computer-controlled ballast tanks tip drydocked ship, both ways! (S 17 4)

..... Theatricks:

*$f Computer-controlled turntable for huge set ground "Grind" to halt (S 10 2)

*$f Computer stops "Les Miserables" set; 4600 refunds, $60,000 lost (S 12 2)

*$M Secret Service phone interference plunges theater into darkness (S 12 2)

$SM Mobile-phone interference moves Sunset Boulevard sets (S 18 3:A10)

V$m Computer problems cancel Boston premiere of The Who’s Tommy (S 19 2:2)

V$f Prolonged Theatre Royal booking computer outage blocks tickets sales (S 12 2)

*m Computerized theater winch goes berserk (full-speed-up and crash) (S 12 2)

Other Computer-Aided-Design Problems

*rh Hartford Civic Center Roof collapse: wrong model (S 11 5, ref. 14 5)

*f Salt Lake City shopping mall roof collapses on first snowfall (S 11 5)

@Vm Computer-center roof collapses in snow, downs 5000 ATMs (S 18 3:A4 and 5)

$rf America’s Cup Stars&Stripes misdesign due to modeling programs (S 12 1)

*f John Hancock Building in Boston – problems in "active control" (S 12 1)

*f Potential building collapse: the 59-story building saga in New York (S 20 5:10)

Accidental Financial Losses, Errors, Outages

$eh Largest computer error in US banking history: US$763.9 billion (S 21 5:13)

*$h Oct 1987 Dow-Jones index losses amplified by program trading (S 13 1);

Side-effects of saturated computer facilities; brokerage sued (S 13 1); Losses over

100 points truncated to two digits by Signal service (S 13 1); Program trading

halted by Wall Street firms for own stability (S 13 3)

$f L.A. County’s pension fund loses $1.2B over 20 years due to programming error

(R 19 66)

$fe New £170M system gyps British pensioners of up to £100 each week (R 20 05)

V$m U.S. national EFTPOS system crashed on 2 Jun 1997 for two hours, 100K

transactions were "lost". One CPU failed, backup procedures to redistribute the

load also failed. (R 19 21)

e$ Canadian Imperial Bank upgrade affected half the transactions (S 22 2:22)

fh? Canada’s Bank of Commerce glitch delays 85,000 transactions (R 19 72)

$e Fidelity Brokerage computer problems from new system installation (S 22 2:22)

$h Mistyped password put two brokers in the same computer files (S 13 1)

$f Investment program turns into selling-only doomsday machine (S 19 1:5)

$f $32 Billion overdraft at Bank of New York (prog counter overflow) (S 11 1)

$fe Ent Federal Credit Union misprocessed multiple same-day transactions for over a

year, retroactively deducted $1.2 million from accounts (R 18 53)

$h Franklin National Bank earlier lost $50M in speculation, led to demise (R 18 54)

$f UK bank SW glitch hands out extra £2B in half hour (S 15 1)

$hi $2 Billion goof due to test tape being rerun live (S 11 2)

$m Mag-snag hits Reserve Bank of India’s clearing operations (S 19 3:6)

$d UK paid SD-Scicon £7.3M for scrapped IBM 3090 SW system (S 18 1:11)

$dh BofA MasterNet development blows $23M; backup system gone(S 12 4) Two

BofA executives leave after DP problems costing $25M (S 13 1); $60M more spent

in botched attempt to fix it (S 13 2)

($) Barclays Bank almost transfers £14 billion to Greece (S 17 1)

$def $18M new system hinders collection of $10M in L.A. taxes (S 16 2)

$h British woman overdrawn by £121 billion, due to typing error (R 20 04)

$f $100M overdraft plus daily interest in Sydney – "computer error" (S 13 1)

$rih $.5M transaction became $500M due to "000" convention; $200M lost (S 10

3:9-10)

$hi? California bank deposited $1M instead of $100K; it was spent (S 19 3:5)

$$ High stakes: Wall St bank wires average over $1.2 trillion/day (S 12 2)

$h Slow responses in Bankwire interface SW resulted in double posting of tens of

$millions, with interest losses (S 10 5)

$f Australian Comm. Bank doubled all transactions for a day (S 13 2)

$h Some French civil servants get paid twice, others not at all (S 21 2:17)

$h Teacher receives $7.9M for 18-minute job; employee number entered in hourly

wage field; payroll fail-safes "didn’t work" (R 22 28)

$(f/h?) Double posting of credit-card charges (S 19 3:6)

- ISP whacks game fan with $24,000 bandwidth fine (R 21 08; S 26 1:26)

$fi NYC subway fare cards double-deduct; user interface at fault (S 19 3:6)

$fe Extra line in Chemical Bank program doubles ATM withdrawals (S 19 3:6)

$h Doubled payroll run surrounds Thanksgiving, run before and after (S 20 2:9)

he National Australia Bank operational goof: payroll program not restored after test,

payroll missed (R 19 97)

$h $98,002 refund check based on zip code, not correct amount $1.99 (R 19 16)

$f German Bundesbahn (railway) software messes up payrolls (S 20 2:9)

$h Computer blunders blamed for $650M student loan losses (S 14 2)

$h Unvetted software patches threaten $26B federal retirement fund (S 20 3:7)

f/h? Empire Blue Cross/Shield glitches necessitate $50M write-off (S 18 3:A5)

$f California state computer wrote $4M checks accidentally (S 11 5)

h? 75,000 duplicate Calif. unemployment checks issued accidentally (S 18 3:A5)

$f Farmer receives $4M US Government check instead of $31 (S 17 3)

$f Canadian Pacific stock price sanity check rejects legitimate data (S 12 4)

$h Australian man can keep $335,000 windfall from computer data error (S 12 4)

$f/i/h? Howard Jenkins receives accidental $88M; bank system error (S 19 4:8)

SHI Dutch electronic-banking direct-debit scandal: Friesian church minister

discovers surprise privileges (R 18 81)

$f SW errors blamed for £71,000 VAT misdeclared; £21,000 fine results (S 16 3)

$h First Boston loses $10M to $50M on computer securities inventory (S 13 2)

$f New software system blocks commercial loans in California (S 14 5)

$f $2B (3M bank transactions) stalled when computer rejected posting (S 13 2)

rf More on ATM range checking. $999,999,999 deposit test goes through (S 15 5)

$f Computer system refuses deposit of $200K; max just under $100K (S 17 4)

f Bank’s Exchange network overloads in Oregon and Wash, ATMs act up (S 15 5)

mh Computer aspects of Credit Lyonnais Fire discussed (R 18 14)

Vm Computer-center roof collapses in snow, downs 5000 ATMs (S 18 3:A4 and 5)

$fi Chase Manhattan computer glitch affects thousands (S 21 4:12)

$m 2000 Toronto-Dominion ATMs crashed for a weekend (S 22 2:22)

$m 2001 Toronto-Dominion Bank system outage affected debit-card users (S 27

1:9-10, R 21 72-74)

$h Codelco loses $207M on mistyped instruction (buy, not sell) (S 19 3:5)

$f Ben & Jerry’s expects first-ever loss, partly due to SW problems (S 20 2:11)

$f NZ Databank computer error withholds funds for many accounts (S 16 2)

$m European ATM repeated debit (S 14 2)

Ve Chemical Bank’s ATMs go down after botched file update (S 19 4:6)

Ve 1529 Bank of America ATMs down after maintenance goof (R 19 16)

Vfe Bank of Montreal card functions paralyzed by software flaw (R 20 01)

e Non-U.S. Bank ATM users’ debited, get no money; botched upgrade (S 18 2:12)

$mf Haywire Fargo ND ATM spits out no cash for some, and extra cash for

subsequent users; cold weather affected cash doors (R 22 64; S 28 4:8)

$ Norwegian bank ATM gives 10 times the requested cash; long lines (S 15 3)

$h European bank mounted wrong tape redid monthly transfers (S 14 2)

$he Wells Fargo deposits slip – another software glitch (S 14 5)

$f Wells Fargo 1987 IRS forms stated 100-times-salary for employees (S 15 1)

V(m?f?) Wells Fargo computer network outage (R 21 15, S 26 2:6)

fh Citibank ATM network outage due to software problems; online Internet service

crashed also (R 21 65)

Vf/m? Repeated computer outages for Swedish Nordbanken, affecting 3.5M

customers; cause not reported (R 21 18)

V$fei Mizuho online banking system 3-way merger huge failure, outages,

incompatibilities (S 27 3:7-8, R 22 03,05)

h? Resolution Trust Corp badly overreports to IRS on interest paid (S 18 2:11)

$f 120,000 long addresses mess up British building society computer (S 14 6)

$f Program bug permitted auto-teller overdrafts in Washington State (S 10 3:13)

h 2,000 Texans get false overdraft notes from Bank One in Y2K test (R 20 13)

$h Glitch causes 4 billion euro overdraft (S 24 4:27, R 20 30)

$h New Zealand student grants debited instead of credited (S 14 5)

fm More nonatomic ATM transactions: account debited, no cash (R 19 40)

$h Brown University senior’s account mistakenly given $25,000 (S 12 2)

$f $80,000 bank computing error reported – by Ann Landers (S 12 4)

e? Lisbon ATM gives receipt in esperanto instead of espanol (S 18 2:11)

$dem Brit. Foreign Office accounting computer outage off by £458M (S 16 2)

$f $40M Pentagon foreign military sales computer misses $1B (S 13 3)

hi British audit missing £37M (16M ‘usual errors’, 21M lost) (S 18 3:A6)

15

$fe Minnesota PR firm cut over to untested system, bills months behind (S 13 4)

f$ San Jose system stops issuing garbage bills (S 22 2:20)

$fe IRS COBOL reprogramming delays; interest paid on over 1,150,000 refunds (S

10 3:12)

$fh IRS overbills 1000 people by $68M in five flood-damaged states (S 18 4:4)

$h IRS audit turns up $752 VDT valued at $5.6M; $36K payment for idle mini; 32

duplicate payments, overpayments worth $.5M, $17.2M undocumented (S 18 4:4)

$SP IRS computer modernization problems: privacy and security, cost (S 18 4:4)

$f Variances in up to 25% of adjustable-rate mortgage bills (S 16 1)

$f British retail price index 1% off, costs £121M, testing (S 16 1)

V$h San Jose library lost two weeks of records. Books, fines lost. (S 11 3)

V$fm Los Alamitos racetrack lost $26K in excess payoffs; betting halted (S 16 2)

fi Risks of banks’ not retaining data between Quicken runs (R 19 39)

$h Fire-control test backfires in midst of bank’s end-month processing (S 15 5)

$fm Newly centralized Sendai postal/banking computer crash effects (S 16 3)

+ NY Federal Reserve bank Fedwire EFT survives power outage, no loss (S 15 5)

$m LA Federal Reserve computer snafu delays bank deposits (S 17 3)

V$f SW flaw freezes Barnett Banks (Florida) computer for one day (S 17 4)

$fh 5M NWB credit-card users get erroneous bills (S 17 4)

$ Buy.com mispriced a monitor; automated price search promises lowest price; (R 20

21)

h (but blamed on computer) Argos retail offered Sony Nicam TV for 3£ instead of

300£ (R 20 57)

@SH World Bank virus ("Traveller 1991") (S 16 4)

S$e Barclays Internet-banking security-glitch following software upgrade enables

access to accounts of others (S 26 1:37; R 21 01)

Vm Barclays’ BACS payment system failure (S 27 3:8, R 22 02)

f Risks of financial planning engines with bogus results (R 20 48)

$(h?) $59,500 home assessment recorded as $200,059,500 resulted in 6.5%

overstatement of the total county property value, and a more than $2.3 million

shortfall in tax revenues (R 22 20)

$f Holiday Inn decimal point disappearance overbills 26,000 people by factor of 100,

blowing many credit limits (R 22 33)

$mh Operating under huge backlog, human error resulted in monthly Swedish child

stipend deposit of roughly $10 billion (instead of 950 SEK per child); error

corrected the next day, backing off 15 million SEK in interest as well (R 22 32)

..... Lottery, Gambling, etc.:

$SHIA Autotote ex-programmer hacks winning Pick Six horse-race bets and more;

Drexel frat buddies implicated (S 28 2:13; R 22 33,38-40); programmer Chris Harn

got only a year and a day in jail, because he helped the authorities; his buddies get

two- and three-year terms (R 22 65)

$mSHf Glitch lets gamblers beat Nova Scotia video lottery terminals due to chip flaw

(R 22 64; S 28 4:8)

$f Sacramento woman denied $2.8 million casino jackpot by fail-safe mode (S 27 1:9,

R 21 65)

($) Connecticut lottery computer accidentally gave backdated tickets (S 13 3)

$ShH Proprietor tries to cash 5 extra winning lottery tickets (S 18 4:3)

$f(H?) SW enables winning tickets purchased after lottery drawing (S 16 1)

f/m Maryland Lottery software glitch distributes wrong winning numbers (S 22 1:20)

$f,h California Lotto computer crash and its costly effects (S 14 1)

$m Computer problems delay California Lotto payouts (twice) (S 15 3)

h Calif. lottery computer gets ahead of itself; sales halted early (S 20 5:10)

Vm U.K. lottery terminals downed by satellite network breakdown (S 20 5:10; R 17

18)

f$ Arizona Lottery Pick 3 random number bug: 9 never picked; not so random after

all (R 19 83)

H Cooperative database develops winning combinations for Dutch soccer scatchables

with 1445 alternatives; competition cancelled (S 22 1:21)

$15.2M Pennsylvania lottery scam – post-fabricated ticket (S 13 3; R 6 77)

$h Programmer unauthorizedly limits sale of certain lottery tickets (S 15 3)

$f California lottery delayed; Daily 3 had flawed pseudorandom program (S 17 3)

h Oregon lottery coincidence (reported by Infobeat) caused by computer crash:

winning numbers published before they were drawn by editor mistakenly using

Virginia numbers after a crash! (R 20 94)

$f One-armed bandit chips "incompatible"; 70.6%, not 96.4% payoff (S 17 4)

$f Electronic Keno game beaten; pseudorandom sequence gets reset (S 19 3:10)

fS Unlosable casino game: browser click on back to undo loss; risk of negative bets

for intentional losses subtracted from losses! (S 22 1:20)

@$Hhi Greyhound racetrack takes bets after race; NZ$7,000 payout (S 18 2;4)

$em Racetrack betting seriously impaired by degraded computer system (S 12 2)

$Vf Saratoga Race Track parimutuel computer down on opening day (S 14 6)

V$m Dog-track computer outage costs bettor $17,000 (S 19 2:2)

$ Breeder’s Cup tote-board display crashes, reduces betting take (S 22 2:21)

Vm 1996 Melbourne Cup off-course betting computer fails (S 22 2:21, R 18 58))

$SH Russian cockroach race swindle involved altered computer files (S 22 2:21)

+/- U.S. Senate bans Internet gambling (R 19 89); U.S. House rejects bill restricting

Internet gambling (R 20 95)

+ Co-owner of offshore online gambling business goes to prison (R 21 01; S 26 1:30)

+? Use of ‘unpredictable auditable random numbers’ in casino/gaming systems,

possibly relevant in elections? (R 22 57)

S? New cell phones well suited to wireless gambling (resembling the voting machine

situation?)! (R 22 55)

Financial Frauds and Intentionally Caused Losses

$SHA See Bruce Schneier article on the Future of Fraud (R 20 08)

$SHOf TILT! Counterfeit pachinko cards send $588M down the chute (S 21 5:19);

Pachinko cards suggested by a CIA briefing to hinder money laundering (S 22 1:18)

$SHI Volkswagen lost $260M to computer based foreign-exchange fraud (S 12 2) 5

people (4 insiders, 1 outsider) convicted, maximum sentence 6 years.

$SH Computer problems at BCCI; records "confused"? (S 16 4)

($)H Four financial frauds, each foiled (e.g., by luck) $70M Chicago First National,

$54.1M Union Bank of Switzerland (S 13 3) 250M kroner Norwegian clearing

house Bankenes Betalingsentral BBS (S 13 3) $15.2M Pennsylvania lottery scam –

post-fabricated ticket (S 13 3)

$SH $70 million bank scam attempt; bogus request overdrew account (S 17 3)

$S Risks in CHIPS clearinghouse handling $1M/sec. $20M stolen in 1989,

distributed widely; culprits caught but only $8M recovered (S 18 1:10)

$SHI Salomon Brothers scandal aided by misuse of database confirmations (S 16 4)

$SHO FBI arrests Emulex securities and wire fraud suspect in stock manipulation

hoax (R 21 04; S 26 1:27) with stock plummeting 62% in one day; Mark Simeon

Jakob pleads guilty, 29 Dec 2000, surrendered $54,000 in cash to court; sentenced

on 7 Aug 2001 to nearly four years in prison.

$SHO Jason Diekman settlement: $272,826 for perpetuating false information on the

Internet and profiting from stock fluctuations in Just Toys Inc. and The Havana

Republic (R 21 04; S 26 1:27-28)

$SHOA/I Russian hacker Vladimir Levin breaks Citibank security (S 20 5:13),

sentenced to 3 years in jail (R 19 61) $10 million transferred, but most of it

recovered

$SH $15.1M fraud accidentally foiled because of a computer error (S 13 2)

$SH $9.5M computer-based check fraud paid legitimate DCASR invoice (S 13 2)

$SH Czech hackers allegedly rob banks of $1.9M (S 22 2:22)

$H European Community study of fraud on the Internet (R 19 13)

$SHI Olympia WA HealthDept check scam detected; four indicted (S 18 1:12)

$SHI Military pay fraud nets $169,000 using bogus account (S 23 1:14, R 19 26)

$SHO Plot to tap British bank/credit-card information by higher-tech gang revealed

by coerced software expert in jail (R 18 70)

SHAO Chinese hackers who transferred 720,000 yuan to their own bank accounts

sentenced to death (R 20 14)

@SHI Massachusetts welfare fraud investigators fired: tax-record misuse (S 22 1:20)

@$S Risks of Conn. fingerprinting system to catch welfare recipients (R 18 69) Also,

note earlier NY Medicaid proposal (R 13 40)

fe Software incompatibility hinders Florida fingerprint system (R 20 02)

$SHI Teller embezzles $15K, caught by computer audit-trail (S 19 3:10)

$SH Brussels BNP branch hit by BFr 245M computer fraud (S 19 1:6)

$SHI Joseph Jett, Kidder Peabody, created $350M phantom profits, got bonus of

$9M; scheme undetected by KP oversight (double meaning not a pun) (S 19 4:12)

$SH U.K. computerized bank fraud nets £1M (S 14 2)

$SH 1993 Prague computer crime up 75.2% including a $1.2M transfer (S 19 1:7)

$SH $1.2M Czech computer fraud culprit gets 8 years in jail (S 19 2:7)

$SHI Japanese bank workers steal 140 million yen by PC (S 20 2:12)

$SHI Bank executive in Malaysia transfers $1.5M (S 15 5)

$SHI $550,000 Tokyo bank fraud suspected in funds transfers (S 19 2:6)

$SHI Beijing Hotel managers embezzle $9K by rigging billing records (S 19 4:13)

$H Chemicals cause checks to disappear, bogus checks clear and vanish (S 13 3)

$SHA Foiled counterfeiting of 7,700 ATM cards using codes in database (S 14 2);

five admit automated teller scam (Mark Koenig) (S 14 5)

SHO Italian thieves use bank cards, PINs, captured with bogus machine (S 17 4)

$SHf Is a cleared check really like money in the bank? NO! Another scam (R 22

44-45)

$SHAOei Bogus Yahoo e-mail gathers credit-card numbers from unsuspecting people

(R 22 31)

$SH Bogus ATM used to steal PINs, withdraw $100,000; two arrested (S 18 3:A9) 2

arrested; 300 accounts hit at 50 banks; $12M in fraud activity (R 14 85)

$SHP UK stolen ATM captures IDs/PINS, enables 250K-pound theft (S 19 4:12)

SH$ Phony ATM installed on High St in London, nets £120K (R 17 34)

16

SH Theft of entire ATM bungled in British Columbia (R 19 20)

$fSH Instant money: Bogus deposit exploits ATM flaw (S 22 2:21)

$SHAOei NY Municipal Credit Union victim of massive ATM fraud following 11

Sep 2001 outage; unchecked access (R 22 19)

$SHO Polish gang carries out ATM fraud in Israel (S 22 2:23)

@$SH 1994 UK National Audit Office report on computer misuse in government:

140% increase; 655 cases, 111 successful; £1.5M defrauded; misuse; 350%

increase in viruses; 433 computer thefts, worth £1.2M (S 20 3:11)

$SH European cyberfraud: $150K phone calls, $400K Dell losses (SAC 13 3)

$SH Cybercrime losses double to $10 billion; 485,000 credit-card numbers stolen

from e-commerce site; hacking credit cards is preposterously easy; (Credit-card

fraud worldwide is reportedly just under $1 billon a year, at about .7 percent of

gross. It represents only about 2% of banking losses. PGN) (R 20 85)

$SP Professor stole 40 student SSNs and IDs to get credit cards (R 21 02; S 26 1:38)

$S International credit-card fraud growing. On-line fraud is estimated at $24 million

per day (R 21 36)

$SHfe Stolen ATM card nets $346,770; limits inoperative (S 20 2:12)

$SH Health cards used to rip off ATM for $100K (S 20 3:12)

SH Bogus card reader opens ATM door and helps capture IDs and PINs (S 19 3:10)

@$SP Barclays credit system voice-mail hack gives sensitive info (S 18 1:20)

@$SH U.Texas Dean’s conferred password used to misappropriate $16,200 (S 17 3)

$H Two charged with computer fraud in jewelry store credit scam (S 18 2:14)

$SH Reservation computer fraud nets 50M AA frequent flier miles (S 14 1)

$SHI Frequent flier computer scam nets 1.7 million bonus miles (S 14 2); Prison

terms for travel agents in AA FreqFlyer ticketing fraud (S 16 2)

$SH $Millions of bogus airline ticket sold in Phoenix (S 14 6)

$fH Reversing air return/depart dates fakes out reservation computers (S 14 6)

$SH Bogus computer message nets 44 kilos of gold from Brinks (S 14 2)

$H ‘Credit doctors’ sell clean credit records to high-risk clients (S 13 4)

$SPH ASIS seminar reported $15M in 1991 Medicare fraud penalties (S 18 1:21)

SH Wall St audit trail off enables $28.8M computer fraud (S 12 4) [bogus???]

$H Hertz computer system kept two sets of books for accidents (S 13 2)

$h Hertz charged $5 for gas if
􀀀 50 miles driven and tank filled (S 18 2:9)

$H Value Rent-A-Car system charged for bogus 5 gallons (S 18 2:9)

$SH NYC gas pumps rigged to deliver less fuel than charged (S 18 4:3)

$SH Harrah’s $1.7 Million payoff internal fraud – Trojan horse chip? (S 8 5) 11

indicted (17 riggings in 3 yrs); ‘winner’ later found dead (stoolie?)

$SH Computer-generated Dartmouth graduation tickets sold for $15 (S 19 4:12)

$h Manual card-swipe gains weeks in taxi charge float (R 20 02)

SH States (MO, NJ, TX) crack down on "cyberfraud" (S 19 4:10)

SHOI Italian police stop digital bank robberies with bogus shadow system; 21

arrested (R 21 08; S 26 1:25)

SHOA Linear search nets 17,000 bank records from GST Startup certificate suppliers

(R 20 94)

..... Tax fraud and tax data misuse:

$SHAI Massive NY City tax fraud wipes out $13M in taxes; many implicated (S 22

2:23,R 18 63)

$SH Dublin tax collectors faked VAT repayments by spoofing computer (S 12 4)

$SH 45 phony computerized IRS tax returns net $325,000 in refunds (S 14 6)

$SH Computer-filed tax returns net $100K in refunds from bogus W-2s (S 18 1:14)

$SH Tax preparer accused by IRS of $1.1M fraud, 431 false electronic claims;

Congressional hearing discloses inmates creating bogus returns; 61,000 bogus

returns in 1st 10 months of 1993 totalling $110M (S 19 2:5-6)

$HI Store owner hid $17.1M sales, avoided $6.7M in taxes; cost: $15M (S 18 4:7)

$H Point-of-sale tax evasion via software data diddling in Quebec (S 23 3:25, R 19

48)

SHI IRS agent accused of giving defendant tax data on judges/jurors/... (S 16 3)

SH Thief nabs tax preparer’s computer, generously returns floppies (S 13 3)

SPI Risks of IRS outsourcing processing of tax returns (R 18 81,82,87)

mfP Off-by-one error reveals other people’s tax details (S 18 3:A6)

fP Connecticut unemployment insurance folks mail out "off by one" tax letters with

information on other people (S 27 3:9, R 21 90)

..... ATM and credit-card fraud:

$SH US Coast Guard accessed Customs’ computer to transfer $8M (S 12 3)

$SH ATM money dispensers blocked and emptied later by youths (S 11 5)

$SH Barclays Bank hacked for £440,000? (S 11 5)

$SH 5 British banks penetrated, blackmail attempt to disclose method (S 16 1)

?$SH Cyberterrorists blackmail banks and financial institutions (this was in an article

with considerable hype) (R 18 17,24)

$SH MasterCard lost $381M in 1991, Visa lost $259M in 1989 to card fraud;

Credit-card fraud investigations of computer misuse in San Diego (S 17 3)

$SHI Visa victim of PC theft with info on 314,000 credit-card accounts (R 18 62)

@SH Nasty scam exploiting Y2K card authorization expirations (R 18 68)

$SH Risks of credit-card numbers being sniffed (R 17 69,71,76, S 21 4, SAC 14 3)

$S FBI sting nabs man trying to sell 100,000 credit-card data items for $260K (S 22

5:14)

$SPH 2,300 credit-card numbers stolen from ESPN Sportszone, NBA.com (R 19 24)

$SHI Tower Record credit-card info offloading; 2 convicted (S 21 4, R 18 02)

SHI Time Inc. employee peddles credit-card information (to detectives) (S 17 4)

$SHI NJ car dealership in theft of 450 credit-card numbers, almost $4M (S 19 2:7)

$SHIO 40 arrested (9 postal workers) in massive D.C. credit-card fraud (S 19 2:7)

$SH 3 Britons charged with 2.5M pound European credit-card fraud (S 19 2:8)

$SHO 2 computer crackers sentenced for $28M MCI credit-card fraud (SAC 13 3)

$SH ATMs gave $140,000 on Visa card over weekend – software glitch (S 11 2)

fSA SW failure in UK credit-card authentication system (S 21 2:18)

$VmA Diner’s Club authentication in Belgium out; Royal Bank transmission failure

in Canada affects many (R 20 02)

$SHOf Thief gets $63,900 with stolen ATM card&PIN, ATM program error (S 17 2)

$SHAf Security Pacific ATM theft bypasses PINs, limits, nets $350,000 (S 14 1)

$SHfe Australian Westpac ATMs big losses (IMS 2.2 installed untested) (S 12 3)

$SHA $1800 card maker and spied PIN numbers nets $86K from ATMs (S 12 3)

$SHA PC spoofed Italian bancomat ATM, ate cards after capturing PINs (S 14 1)

$SHI UK Clydesdale Bank cash machine fraud; insider job suspected (S 16 2) bank

engineer records ATM PINs, fabricates cards, takes money (S 17 3)

$SHrf ATM accepted lollipop cardboard as $1M (New Zealand) deposit (S 11 5)

$Hhf Two cases of erroneous deposits $95,093.35 and $520,000 (R 17 32,35)

$ 525K Smith Barney customers credited temporarily with $19M each (S 22 5:13)

$SH ATM scam gets PINs for stolen cards in Boulder (S 13 4)

$SH UK banks suffer phantom ATM withdrawals, ATM removals! (S 17 3)

@$SH 550 felonies in 1991 for SSN misuse; 12 people adopt a single SSN; $10,000

charge loss; 5 people cleaned out someone else’s benefits (S 16 4)

$H Scholarship scam used to gain SSNs, bank and credit-card numbers (S 18 1:14)

$SHI Social (In)Security employees sold 11,000 SSNs to activate cards stolen in the

mail (S 21 4),(R 18 02)

SPhi US POWs in Iraq have their Social Security numbers revealed; implications

discussed once again (R 22 67-70)

P Virginia appeals court bans use of SSNs in voter registration (S 18 3:A11)

SH Japanese department-store credit-card fraud case; incidents are increasing (R 20

77)

$H Japanese BBoard fraud traps passwords, gains money; culprit caught (S 17 4)

$Hhi Greyhound racetrack takes bets after race; NZ$7,000 payout (S 18 2;4)

$SHf Firmware bugs in Dutch gambling machines easy to exploit (S 13 4)

$f Bug in Queensland gambling machines scrambles checking facility (S 17 2)

$SHO Sierra On-Line gaming site cracked (R 19 52)

$SHOIA Risks of offshore Internet gambling (S 23 1:14, R 19 27)

$SH Hackers and others win big in attacks on CryptoLogic Internet casino one rigged

for $1.9 million (S 27 1:12-13, R 21 67,69)

+ Federal prosecutors indict offshore Internet gambling operators (R 19 63)

@+/- Senate bans Internet gambling (R 19 89)

$H Video quiz game scam – teams of "experts" with right answers (S 11 5)

$fH Students cheat Brit.Telecom, gain £68,000 in contest (S 17 4)

$H West German crackers use knowledge of Poker game machine programs for big

payoffs. 160,000 machines at risk. (S 12 3)

$SPH Brazilian bank reserve data disappears; political link? (S 18 2:15)

$SPH Kuwait Investment Off. diskettes stolen from Spanish Govt. (S 18 2:16)

$$H Nick Leeson’s Barings losses predate new risk-management system (S 20 3:7)

$H Savings and Loan defaults linked to internal fraud, creative mismanagement.

What could computers have done for S&Ls to prevent fraud/abuse? (S 14 2)

$SH 1987: FBI estimates average computer fraud $650K, total $3B-$5B/year (S 12

3) and $1.5M average for computer frauds in financial institutions [old data as of

then?]

$SH 2002: U.S. Computer crime way up, says FBI (S 27 3:11, R 22 03)

$H Customs Service back-dates computer clock at end of fiscal year (S 14 5)

$H Alleged fraud in computer billing services (S 14 5)

SH Risks in check forgery (S 15 1)

Stock-Market Phenomena

$hi UBS Warburg trader’s error causes multi-million-dollar loss on Tokyo Stock

Exchange in trading Dentsu Inc. (S 27 2:5, R 21 81)

$h German stock exchange bond futures goof: wrong buttons (S 24 3:25, R 20 09)

$f Multiple stock transactions result from blocked confirmation (S 13 1)

$f Midwest Stock Exch 13-yr error redirected $Millions in broker fees (S 17 1)

$HI Bre-X Minerals gold scam (Indonesian no-gold) causes unprecendented trading,

crashing Toronto Stock Exchange computer system (R 19 09); Bre-X, stock from

$200 to .06, files for bankruptcy (news item, 9 May 1997)

17

$ Computer-induced big stock-market swings (S 11 2, 11 5)

$rf Vancouver Stock Index lost 574 points over 22 months – roundoff (S 9 1)

$f Wild stock trade swing reports suppressed on 13 Oct 89 (S 15 1)

$f Quotron SW problem gives wild swings in Dow Jones Industrial Ave (S 15 1)

f E*Trade Market Watch shows Dow Jones average at $1, down $10936.88 (R 20 56)

f Another D10K problem? DATEK reports Dow Jones Industrial Average at $0.20,

down $10031.08 (presumably instead of $10000.20, down $31.08) – perhaps a

result of earlier D10K fixes? (R 21 28)

$f London Stock Market index quotes down for 2 1/3 hrs [23Jan1990] (S 15 2)

$hi Reuters/ZDNet typo (TMCO instead of TMCS) causes wild stock fluctuations (R

20 11)

f(h?) NYSE and derived sites temporarily reported Motorola stock drops 99.95% to

one penny (R 21 56)

f/h? Stock listing error: IBM at 0 1/16, down 88 1/2; implications? (S 17 1)

$h Milano stock falls 20% due to typing error (S 19 1:5)

f$ Dutch price index wrong due to software error (R 22 84)

$f Computer malfunction causes panic selling at Hong Kong stock exchange (S 22

2:20)

V$m NY Stock Exch. halted for 41 minutes; drum channel errors killed primary and

backup computer systems [24Feb1972]

V$fe SW update halts NY Stock Exchange for one hour [18Dec1995] (S 21 2:16)

V$m(h?) Voltage-dip power glitch downs NYSE for 24 minutes [22Oct1991] (S 17 1)

Vm NY Stock Exchange computers crash for about an hour [26Oct1998] (R 20 05)

he$ Software upgrade disables half of NY Stock Exchange stocks (S 26 6:9, R 21 46)

V$m London Stock Exchange computer system crashes [23May1986]

$hfe London Stock Exchange horrors on cutover to new system (S 12 1)

$S London Stock Exchange "Taurus" problems in paperless authorization (S 17 2)

$df Chicago’s Globex trading system delays, critical test fails (S 17 3)

V$m Hurricane Gloria in NY closes Midwest Stock Exchange (S 11 1)

$eV Missing full-stop (.) in software change crashed New Zealand’s stock exchange

for five hours (R 22 87)

mf Stock market problems in 27-28 Oct 1997 fluctuations (S 23 1:10, R 19 29)

V$m Nasdaq OTC stock trading halted for 3 hours (S 12 1)

V$f E-Trade computers crash repeatedly (S 24 3:25,R 20 20)

V$ef Schwab’s e-brokerage crashes (S 24 3:25, R 20 23)

V$ma Squirrel arcs power, halts Nasdaq computers (S 13 1)

V$ma Another Nasdaq squirrel 34 min outage, backup power fails (S 19 4:5-6)

V$de/m SW upgrade downs Nasdaq for 2.5 hrs, backup fails (S 19 4:5-6)

$Vhe Network Solutions goof bumps Nasdaq off the Internet (S 23 1:10, R 19 34)

$Vrih NASD loses records on 20,000 brokers (S 22 4:26, R 18 82)

V$df Alberta Stock Exchange shuts down again, 3rd time in 1997 (S 22 4:25, R 18

89)

V$m Telstra’s Haymarket exchange overloaded, crashing bank computers, data/fax

lines for an hour in Sydney; 1000 manual resets needed (R 19 90)

V$rfh Singapore Stock Exchange outage crashed repeatedly due to interaction with

backup system (R 20 47)

ef DB upgrade causes crash of Italian online stock trading (R 20 95)

$Vdfh Johannesburg Stock Exchange computer fails, again (S 22 1:17)

$V$m Toronto Stock Exchange down 3 hours; multiple disk failures (S 14 6)

SH Toronto Stock Exchange virus scare causes all-night search (S 18 2:16)

V$m Five NY futures market shut down; uncertainty over cause (S 15 3)

$S GAO finds computer security at stock exchanges vulnerable (S 15 2)

$S Stock Exchange network security flawed, lacked risk analysis (S 16 4)

$H Chicago Bd of Trade automating commodities markets to hinder fraud (S 16 4)

$h Salomon accidental stock sale, value in $ entered in shares column (S 17 3)

h Elbow on keyboard causes 145 sell orders (for 14,500 government bonds) on

French futures exchange (R 20 04)

$reh Spanish bank accidentally buys many shares because of bounds check missing

after Euro cutover (R 20 20)

$h Bear Stearns’ erroneous order to sell $4B stock instead of $4M (R 22 28)

$ Euro changeover computational problems (R 21 70-71); bank assets disappear

during Euro changeover (R 21 73); bank credits 300,000 euros instead of pesetas

(R 21 78)

$h Iomega stock volatility blamed on AOL postings (R 17 91)

$h Computer glitch on Citicorp merger alters Dow Jones industrial average (R 20 03)

*SH Spoofed press release on Aastrom Biosciences Web site announcing merger with

Geron caused stock rumbles (R 20 81)

$h Leaving a field blank temporarily wipes out 13.2B£ in stock selloff (R 20 57)

i$ Mistaken order on Chicago Board of Trade’s E-Mini Dow Jones Industrial Average

Futures caused wild market swings: 10,000 contracts instead of 100 (R 22 79-82)

e Risks of Dow-Jones over 10,000: D10K (R 19 64,73); no big deal – nothing adverse

happened.

reh Berkshire-Hathaway 1st NYSE stock to exceed $10,000 per share (S 18 1:9);

Warren Buffet’s never-split NYSE Berkshire Hathaway stock quotes BRK.A reach

$32768 per share, must be entered by hand, blowing on-line databases (R 19 64);

similar events in Australian stock market (R 19 70)

if$ Software allows SEC stock-ownership limit violation (R 22 83)

Telephone Frauds

$SHOA Increasing phone fraud, switch cracking (E.Andrews, NY Times,

28Aug91) Mitsubishi lost $430,000 in 1990, P&G lost $300,000 in l988. NY City

Human Resources Administration lost $529,000 in 1987. WRL lost $106,776 in 3

wks. CIA PBX cracked as well... (S 16 4)

$SH $4B phone fraud per year reportedly due to organized crime rings (S 18 3:A7)

$SHO Nevada teens ‘blue-box’ $650,000 in phone calls (S 13 4)

$SHO Canadian $500K phone fraud from altered voice-mail messages (S 19 2:8)

SHAO Pacific Bell voice-mailboxes hacked, bogus messages and passwords (S 19

2:8)

$SHAO Zotos switchboard cracked for $75K in calls (S 13 4)

$SHA Phone credit-card numbers stolen from computer. $500M total? (S 12 3)

$SHO Netfill porn access scams 900,000 credit cards (R 20 37)

$SH Bogus cellular phone chip permitted free calls ($100M/year?); Secret Service

developed SW patch, blocking 5000 calls the first day! (S 16 3)

$SH Buyers of hot cracked Italian portable phone pay seller’s calls (S 17 2)

$SH US Sprint, computer penetrations, free calls, arrests (S 12 4)

$SHA Crackers attack phone information systems and switches; arrests (S 13 4)

$SHAO AT&T computers penetrated by Herbert Zinn, Jr. (‘Shadow Hawk’); $1M

program previewed (S 12 4); sentenced; more background (S 14 2)

$SHAO Pac*Bell System computer attacker Kevin Mitnick arrested (S 14 1); further

background (S 14 2); sentenced to year in prison (S 14 6); Leonard DiCicco

pleaded guilty to aiding Mitnick in DEC SW theft (S 15 1); Kevin Mitnick arrested

again after hi-tech tracking (S 20 3:12)(SAC 13 3); Mitnick’s Defensive Thinking

Web server vandalized twice (R 22 55)

$SH Corte Madera CA teenagers arrested for $150,000 in phone calls (S 13 3)

$SH Milwaukee computerized phone phreaking (S 14 2)

Sfh Risks of modern PABXs and digital phones (R 19 52)

SHAO Many telephone answering machines remotely accessible by anyone (S 13 3)

Sf Security problems in Deutsche Telekom T-Net-Box answering machine (R 19 29)

Sf Remote-access phone security discussed; serious risks (S 18 4:8)

S Sprint account balances freely accessible; potentials for misuse (S 16 3)

$hH NY Telephone free long-distance calls due to software glitch (S 14 5)

$SHf Ringback number glitch in Ireland permitted free calls for 2 wks (S 16 4)

$S Computer intruders access NASA phones. $12M in calls? (S 16 1)

$SH Staten Island youths arrested for voice-mail misuse (S 16 1)

$SH WA prison inmates phreak Fone America via collect-call indirection (S 17 1)

$SH Swedish phone system free call-back from payphones (S 17 1)

$(f/h) Canada’s Bell Millennium payphones give free calls to anywhere; flaw widely

known and exploited for 6 days before being fixed (R 21 41)

$f SW flaw in payphones allowed free phonecard calls (S 16 1)

$SH Customer-owned payphones Trojaned to steal credit-card numbers (S 16 3)

f Software bug downs half of New Zealand Telecom’s payphones (R 22 86-87)

$SH Japanese Daiwa Bank hit by prison inmates’ phone fraud (S 18 2:16)

$SH $85,000 phone fraud on Minnesota Representative’s account (S 18 3:A7)

$SHO Phone calls to Moldova result from porn scam (R 18 80,83,84,87); 38,000

customers get credits or refunds totalling $2.74M (R 19 45)

$SH Prisoner gets free calls by spoofing victim’s call forwarding (S 18 4:6)

$SH Plumber call-forwards his competitors’ phones (S 20 2:12)

SH$ Emergency call-boxes ripped off, cell-phone serial nos. reused (R 17 35)

SH$ German telephone card system cracked, many free calls made (R 17 36)

SHf$ British Telecom replaces payphone software after flaw exploited (R 17 36)

SH Rigged phone trapdoor enabled priority NBA playoff tickets (S 18 4:7)

@$SH Aussie Cracker charged with phone fraud, accessed US computers (S 16 4)

- Connecticut Dept of Public Utility Control gets slammed (long-distance carrier

changed) (R 18 69)

Other Telephone and Communication Problems

!hi Death of 5-year-old boy due to SF 911 computer equipment failure (S 12 2)

Ultimately blamed on terminal operator failing to press a button.

@!f CADMAS 911 dispatch SW problem contributed to woman’s death (S 16 1)

!f Emergency dispatch EMS SW truncates address, man dies (R 11.55,57,60)

!f 911 software discarded updated address in fatal Chicago area fire (S 17 1)

!e Computer delays response to fatal fire; faulty reload blamed (S 18 2:13)

!f Incorrect 911 call redirection blamed in Massachusetts murder (S 18 2:13)

h Role of 911 in Atlanta Olympics bombing aftermath: see transcript (R 18 35)

18

VSH Swedish cracker disrupts 11 north Florida 911 Systems (R 18 90)

*V$f Nationwide AT&T congestion [Martin Luther King Day, 15Jan1990] The

official AT&T report with further comments (R 9 63): fault-recovery fault

propagates [See Telephony, 22Jan1990, p.11.]; attributed to "switch"..."if"..."break"

in SS-7 (S 15 2); Relation of AT&T congestion with SDI testimony of Sol

Buchsbaum (S 15 2); Cf. 1990 ARPAnet collapse: PGNeumann, Risk of the Year,

COMPASS 1990.

*V$fe Signaling System 7 protocol implementations again cause extensive phone

outages: WashDC (6.7M lines), Los Angeles, 27Jun91; Pittsburgh (1M lines): SW

flaw: DSC Comm small patch installed without regular testing. (S 16 3) FCC report

implicates typing mistake (6 instead of D), faulty data, clock failures, and other

triggering events (S 17 1)

*V$h AT&T standby generator accidentally not configured, backup batteries drained,

4-hour outage in 4 ESS closes 3 NY airports, 17Sep91. The two knowledgeable

people were in a class on the power-room alarms! Alarms had been disconnected

because of construction triggering them (S 16 4); FAA review concludes: 5M calls

blocked, air travel crippled, 1,174 flights cancelled/delayed (S 17 1)

Vfe$ AT&T frame-relay network interruption (S 23 4:21); "unique sequence of

software flaws" (R 19 72)

Vm Lucent loses all connectivity in Allentown PA; AT&T lost over 400 T3 lines,

forcing rerouting and a further outage; fascinating propagation case (R 20 05)

V$hm AT&T Canada fibre-optic frame-relay link cut affects computers, phone lines,

Bank of Nova Scotia, southern Ontario (S 24 3:26, R 20 13)

Ve MCI WorldCom frame-relay network problems, 5 Aug 1999, due to Lucent

hardware/software upgrade; CBoT, ATMs, etc. affected (R 20 54)

Vfe Phone system outage on 925/510 split cutover; cable modem good backup (R 19

95)

Vm Most of Schenectady NY telephone exchanges downed for 24 hours by

water-main break (R 21 18)

m Heavy rains take out State Department phone service for 2 hours, backup batteries

out because of earlier fire (R 20 93; S 26 1:21)

$mh Drop of welding material causes fire that affected 27 cables, telephone service

for 25,000 (R 20 93; S 26 1:21)

m Algeria earthquake cuts Internet connectivity of major Greek ISP (R 22 75, S 28

6:8)

Vm Australian largest undersea Internet cable severed, disrupting 60% of Telstra

international traffic (R 21 13)

*m$ Backhoe takes down Telstra service in New South Wales from North Sydney to

Queensland border (R 21 41,44)

!f 320K calls in hour for Garth Brooks concert tickets block 911 (S 17 4)

*VH Toronto 15-yr-old paralyzes 911 emergency system (S 18 1:14)

*mf Complaints on failed Dutch newspaper presses saturate phone system, which

converts 650611 calls into 0611, national emergency number (S 18 1:12)

*VSH Ex-employee Trojan-horses emergency system, which fails (S 17 4)

i Accidental redial phones and alarms mother, who calls police (S 19 4:5)

Vm Blown fuse takes out Iowa 911 system (S 22 2:21)

Ve Bell Atlantic 411 outage for several hours; backup failed also (S 22 2:21)

Vhm Cut telephone line induces emergency response (R 20 11)

*V$H Thieves steal live Sprint telephone switching equipment (R 20 15)

V(f/m?) Swedish telephone outage (S 24 4:27, R 20 29)

fh C&P Tel glitch converts not-in-service messages to circuits-busy (S 18 4:5)

*Vh Chicago phone cable cut, 150K people and O’Hare flights affected (S 16 1), and

subsequent discussion by R.I.Cook on multiple failures (S 16 1)

VSH Vandals cut cable in Newark, slow NY-DC MCI service for 4 hours (S 20 1:21)

$*Vhe AT&T fiber-optic cable cut in removing old cable [4Jan1991], affecting

commodities markets, NY air traffic ctl, flights, phone calls (S 16 1,2)

$*Vh 2 fiber cables severed in Annandale VA, 14 Jun 1991, 80K circuits affecting

AP, UPI, Pentagon (R 11 92, S 16 3)

*$Vm Sprint long-distance out for 3.5hrs, 15 Jul 1991, due to fiber-optic cable cut in

San Fran East Bay Area; AT&T saturated by rerouting (S 16 3)

*Vm Portland OR area suffers fiber-optic phone cable cut, incl. 911 (S 17 1)

m Sliced fiber-optic cable in Lancaster PA disrupts local and long-distance phone

service NY to MD (R 20 93; S 26 1:20-21); another outage in Massachusetts (R 20

97)

$Vhme Ground-cable removal blows Iowa City phone system upgrade (S 20 2:8)

Vm WorldCom cable cut near Jacksonville affects telephones, ISPs (R 19 88)

V$hm Massive fiber cut near Cleveland 29 Sep 1999 resulted from gas-company

workers during construction, affected east-west traffic; various ISPs still down

hours later (R 20 61-62)

V$m Baltimore train tunnel fire damaged fiber-optic cables, derailing Internet service,

postponing Orioles games (R 21 54)

Vm Fire in Stockholm tunnel blacked out 50,000 people and high-tech companies (R

21 27)

Vm Deja vu: Stockholm power outage hits high-tech companies (S 27 6:10, R 22 11)

@$VSHm Attack on fibre-optic cables causes Lufthansa delays (S 20 2:12)

Vh Oregon Garbage truck worker wipes out telephone service (S 21 4:13)

*V(f/e?) Philadelphia 911 crash (S 19 3:8)

*me San Francisco 911 system still not working properly (S 21 2:19)

V(h/H) Merit (NSF) T3 fiber cable cut by backhoe; RISKS story bogused (S 18 1:6)

Vmh NY Tel cable cut causes extensive three-day disruptions (S 18 4:5)

Vm Campfire melts fiber-optic telephone cable in Connecticut (S 19 1:4)

Vm Severed MCI fiber-optic cable in NY cripples East Coast Internet and phones (R

19 82)

V$m Los Angeles fire knocks out phone service (S 19 3:7)

Vm MFS Communications switch fails, with widespread effects (S 23 1:10, R 19 39)

$Vm Mud slide cuts East-Coast MCI fiber, phones (S 19 3:7)

*m Optic fibre fragment kills Australian Telecom worker (S 19 1:4)

*$Ve SanFran outage 1Jul91: faulty clock maintenance; another a few days later (S

16 3)

*$Vmf Stamford CT 18-hour telephone switch outage affects 27,000 phone

customers; two-minute atomic action atomizes #1A to #5 ESS cutover (S 15 3)

f Software fault prevents 76,000 Telstra customers in Brisbane from receiving phone

calls (S 25 4:8, R 20 87)

Vm Utility outage downs phone system, San Jose airport (S 19 4:9)

Vfm UMASS/Amherst has week-long phone degradation (S 19 4:9)

Vm 100,000 without phone service in Plano TX for 9 hrs (R 20 50)

Vf Motorola cell-phone software bug: accidental denials of service (R 17 26)

*Vhi SpaceCom technician omits
􀀀 􀀀 , disables millions of pagers (S 20 5:8)

$Vfe Word Perfect upgrade crashes Utah phone system (S 15 5)

$Vf Software bug cripples Singapore phone lines (S 20 1:16)

V(h/f?) Cyprus village telephones disconnected: "computer error" (S 21 2:18)

Vmh Tele Denmark Internet downed by truck delivering Uninterruptible Power

Supply (UPS) crashing into power cabinet (R 20 56)

fm UPS backup system burns up, cutting off power (R 20 91)

Vmfm Power coming back on causes UPS to lose power (R 20 55); more UPS

problems (R 21 36,40,41)

f Sensors for load-shedding and for UPS start-up in conflict (R 21 49)

fe Brazilian telephone network upgrade for two extra dialled digits results in chaos (R

20 47)

*h(V to others) Intentional total Moroccan communications blackout for 4 hrs after

Hassan II died (R 20 50)

*$V(f/m/e/h?) British Telecom computer failure cuts off 42,000 (S 16 4)

$Ve East-coast 800 telephone numbers disabled by flaky SW upgrade (S 17 1)

Veh Upload of flawed AT&T SS7 translation database took out 800 service (R 19 39)

Vf The IBM "Gerry Johnson Bug" downs IBM global net (R 17 38-41,47)

$Vf ISDN SW bug causes half-day telephone outage in Hamburg (S 19 1:3)

Vmf Diagnostics stymied by loss of 37K lines due to tape malfunction (S 18 2:12)

Vm 42K Ohio Bell lines disrupted for 45 min due to CPU failure (S 18 2:12)

Vm 54K Ohio Bell lines disrupted for most of day by blown fuse (S 18 2:12)

$*Vm 21-hr Pacific Bell SF "Message Center" double HW failure (S 16 4)

Ve PacBell uploads corrupted database, disabling PCS digital telephone service (R 19

84)

$VSHm MacNeil/Lehrer reported on phone system risks, 20 Jan 1992 (S 17 2)

$(f/m/h?) One customer’s telephone problems include nonoriginated two-party calls,

false billings, incorrect numbers even when correctly dialed, multiple phone

conversations on the same line, nonoriginated emergency calls. This saga prompted

discussion of numerous other horror tales, plus hacking possibilities. (S 15 3)

h Erroneous Skytel paging network broadcast mushrooms, deluges 100,000

customers, some of whom received 300 calls an hour (R 18 75)

$f Pac Bell loses $51 million on lost phone-call charges (S 11 3)

$h AT&T goof disrupts toll-free calls; switchover botched (S 15 2)

$h Bell Canada misbills for 17,000 calls; exchanges exchanged (S 15 2)

$fe US West overcharges users by factor of 10 (S 16 4)

$h Illinois Bell bills customer for $8,709,800.33, not $87.98 (S 16 1)

$f 400 pay phones in Hackensack lost charges for half of the calls (S 11 3)

$fh 2M free long-distance calls blamed on "programming error" (S 17 4)

$fe GTE Sprint incomplete SW changes lost $10-$20M in Feb-Apr 1986 (S 11 3)

$fe GTE Sprint billing errors from botched daylight savings cutover (S 11 5)

$f 4,800 customers billed in error for telephone calls to Egypt (S 13 2)

$f 2M AT&T customers billed twice (S 13 2)

$f Hangups lost, calls billed at 999 minutes (average overcharge C$2,450) (S 13 4)

$f Bell Atlantic forgets AT&T charges in phone bill for 400K customers in D.C. area

(R 19 57)

$f Brisbane telephone accounting – erroneous $900 bill (S 21 5:18)

$f/h? Computer error costs MCI $millions (S 21 5:13)

f Northern Telecom DMS-100 billing errors result from upgrade (R 19 38)

19

hd Utrecht phone-book database problems prevent publishing (R 17 38)

$Vm Sharks munch out on fiber-optic phone cables. $250,000/bite (S 12 3)

$Vm Fiber optic cables can self-destruct at high temperatures (S 17 1)

Vmfh April First 1998, a bad day for high tech in Holland: cable cut downs phone

service, BeaNet transaction system down, Postbank maintenance problem (S 23

4:21)

*he Vodafone Spain’s network down for almost 7 hours after botched "basic

maintenance" (R 22 59)

*f U.Iowa phone system program limitation – ringing forward to busy, phones

incompatible: explosion or fire if misconnected (S 12 3)

*$Vfe Michigan Bell ESS office, 2 long outages. SW updates in progress. (S 11 3)

*$V 707 area code (above San Fran.) shut down completely for 5 hours (S 11 5)

$*V Atlanta telephone system down for 2 hours (S 11 5)

*$V C&P computer crashes 44,000 DC phones (S 11 1)

*$V Dallas 4-ESS, backup down for most of day, area code 214 isolated (S 12 2)

$Vf Program glitch disrupts PacBell 619 calls (So.Cal) for most of day (S 12 4)

*V(f?) Computer ‘bug’ downs 1000s of phones in Vancouver for an hour (S 13 4)

$Vfe Improper SW upgrade disrupts NY Tel Poughkeepsie-area for 21 hrs (S 12 4)

*Vfe 30,000 phone lines in San Luis Obispo out due to faulty upgrade (S 16 1)

$Vfe SW upgrade glitch shuts down phones for 4 hours in Minneapolis (S 12 4)

Vm Snowstorms cause telecommuting phone-line tie-ups (R 17 61)

$Vf Week-long voice-mail snafu in Boulder (US West) (S 16 2)

Vm/f? PacBell voice-mail system failure 25 Jul 1998 due to cable cut or software

upgrade? (R 19 89)

(h/f/m?) 60,000 Demon Internet e-mail messages go astray/delayed (S 21 2:18)

$f C&P computer "tape flaws" delay 100,000 bills by two months (S 11 5)

f(h?) Bell Atlantic sends mistaken notices of area-code change (S 20 5:10)

$Vf 1979 AT&T program bug downed phone service to Greece for months (S 10 3:8)

*V World Series ticket orders block phone exchanges, 911 for 3 hrs (S 13 1)

Vh France ’98 World Cup soccer ticket massive telephone overload (R 19 71,73)

Vm$ Qwest overload problem: 500,000 calls per hour blocked (R 22 24)

@Vh Star Wars Phantom Menace tchatchkis bring down eBay server on 3 May 1999;

Amazon had no troubles (different system types) (R 20 38)

!Vfm 41-year-old died while NYC’s 911 system was down due to test-induced failure

(R 20 39)

*Vm Los Angeles computer blamed for 911 system crashes (S 14 2)

Vdf Tacoma, WA 911 computer system problems (S 23 4:22)

$fM Ghost phone calls to 911 from cordless phone interference (S 11 2)

mMe More ghost phone 911 calls resulting from phone system changes (R 18 71,72)

and related number compatibility issues (R 18 72).

SfM More cordless phone problems; interference again calls 911! (S 18 4:6)

+=- US West discovered its 911 lines were too silent, added noise (R 19 41); similar

problem with Lexus engines (R 19 42)

m North Yorkshire UK emergency call-center power-supply problem (R 22 20)

*im Communications errors delay response to San Francisco fire (R 18 68)

*S Telephone sales pitch computer calls emergency broadcast number (S 12 2)

VSh Ross Perot’s high voice tone shuts down newspaper phone hotline (S 19 2:10)

$hi Swedish phone bill of $2600 – program error plus human error (S 11 5)

$ Salem OR library computer racks up $1328 in phone calls (S 12 1)

$i Some risks of reaching someone else’s phone number (S 12 4)

fh Computer blamed; Yorkshire cricket fans reach sex hot-line (S 15 1)

i One-run computer discrepancy in India-WestIndies cricket score causes critical

confusion (R 22 11)

$a Dog trained to reach out and touch 911 dials 900 numbers (S 16 1)

i Risk of snowbound east-coast bookstore phones forwarded west (R 18 65)

f SOUNDEX algorithm for directory enquiries fails for Gaelic, French (S 17 4)

fi Calling Number ID (CNID) ghost calls (S 20 3:10)

@SP CNID: negative ruling in California, free per-call blocking in Vermont;

approved in 20 states, Washington D.C., and Canada (S 17 2)

P Anonymous-call rejection to "balance" the effects of calling number ID blocking

(R 19 83)

f CNID fails to block in 510, 415 for four weeks (S 22 4:31, R 18 82)

fh Monitoring systems cause unintended changes in Bell Canada operator behavior

[and Metro Toronto Police] (S 18 2:6)

- Bezeq (Israeli telco) writes form letter to a public payphone (S 18 2:13)

+ Fax services for prayer, confession; beeper for Messiah arrival (S 18 2:13)

+ Success: SW permitted AT&T to reconfigure after Hurricane Andrew (S 18 1:5)

..... Communication satellite problems

fh Satellite transmission snafu leads to diplomatic incident (S 23 1:11, R 19 26)

$Vm* Galaxy IV malfunction causes massive pager outages, with backup also failing

(S 23 5:25, R 19 75-77); two other Hughes HS601 satellites failed, but backup

worked: Galaxy VII’s primary control processor on 14 Jun 1998, and another

satellite used by 3.7 million subscribers of DirecTV, on 4 July 1998 (R 19 85);

overdependence on satellites and pagers (R 19 76,78,81); primary failure still

unknown, backup failure due to crystal buildup in switch (R 19 93)

Vm GE-3 satellite spin cuts news services incl. AP, 12 Mar 1999 (R 20 25)

Vm Indian satellite power failure leads to abandonment (S 23 1:11, R 19 41)

@Vm U.K. lottery terminals downed by satellite network breakdown (S 20 5:10; R

17 18)

..... Other computer network and ISP problems

Vrf ARPAnet ground to a complete halt; accidentally-propagated status-message

virus [27Oct1980] (S 6 1: Reference – Eric Rosen, "Vulnerabilities of network

control protocols", SEN, January 1981, pp. 6-8)

Vrfd ARPAnet loses New England despite 7-trunk "redundancy"; one accidental

cable cut in White Plains knocks out all 7 links, 12 Dec 1986 (S 12 1)

Vhef Internet routing black hole cuts off ISPs; MAI Network Services routing table

errors directed 50,000 routing addresses to MAI; InterNIC goof as well, 23 Apr

1997 (S 22 4:25, R 19 12)

Vm Explosion causes Internet blackout in New England (S 23 1:10, R 19 29,30)

Vhe DNS upgrade causes e-mail black hole (R 20 25)

Ve Internet nameserver problem affects .com and .net, 16-17 Jul 1997 (S 22 5:13)

fh "Unfixable" error in InterNIC Whois database with name confusion: another

Catch-22 (R 19 77)

- ICANN takes hits from lawmakers (R 22 90)

Vm UK ISP suffers three-fold power loss: public grid, backup generator, and standby

batteries (R 22 69; S 28 4:6)

m Added note on risks of systems maintenance taking place in a different time zone

(re: .COM, .NET DNS tables) (R 19 35)

Vf "Redundant" Finnet virtual circuits both fail (S 22 4:27, R 18 76)

@Vhef Internet routing black hole cuts off ISPs; MAI Network Services routing table

errors directed 50,000 routing addresses to MAI; InterNIC goof as well

[23Apr1997] (S 22 4:25, R 19 12)

VSH Network Solutions blocks bulk accesses to
whois database (R 19 96)

m/f/h? Root servers used by Network Solutions failed (R 21 03; S 26 1:18-19)

@Vhe Network Solutions goof bumps Nasdaq off the Internet (S 23 1:10, R 19 34)

f Nasdaq glitch duplicates reports for stocks starting with ’M’ or ’N’, inflating daily

volume figures (S 27 6:10, R 22 18)

$f Nasdaq temporarily reports incorrect pricing, down 98% (R 22 86)

Vh Minneapolis homeless burn out US West Internet fiber cables (R 17 23)

Ve Bad upgrade disconnects much of Minnesota (MR.Net/InternetMCI) for 12 hours

(R 18 46,47)

h AOL Long Distance electronic (non)billing (S 23 4:22)

$(h/m?) Erroneous AOL stock charts attributed to "malfunction" (R 19 66)

Vh Star Wars Phantom Menace tchatchkis bring down eBay server on 3 May 1999;

Amazon had no troubles (different system types) (R 20 38)

Ve eBay embarrassed by crash and 22-hour outage, plunge of stock (R 20 45); traced

to absence of upgrade (R 20 47)

$ei MSN "upgrade" creates long-distance calling charges (S 26 4:6, R 21

32,40,54,56)

ff Swisscom Mobile GSM network breaks down for 10 hours, due to two independent

software flaws (S 26 6:9-10, R 21 60)

(m/f?) Long blackout of mobile phone service in greater Frankfurt (R 22 90)

m Cingular wireless goes down in heat wave (S 26 6:10, R 21 60)

Election Problems

We have reported election problems in Software Engineering Notes and RISKS for

many years. Many of these problems are summarized below. More recently, in the

2000 election, particularly in Florida, the chickens of neglect have come home to

roost, exemplifying everything we have been saying all these many years – and

more. Similar to the 1988 fiasco where a 210,000-ballot undervote occurred in the

Senate Race in four counties run by BCR/Cronus, 19,000 votes were disqualified

for the president in Palm Beach County, and many more in Broward County –

perhaps because of the confusion raised by the butterfly ballots. There are also

some reports of the left-hand and right-hand pages being improperly aligned, so

that a vote for one candidate actually counted for another candidate. Dimpled chad

became important – perhaps resulting in part from blocked and never-cleaned chad

trays (and there was a lot of extra chad resulting the invalidated multiple votes!).

There were many irregularities involving improper voter disenfranchisement, with

at least 91,000 voters being unable to vote because of a largely erroneous list of

supposed convicted felons – including one election commissioner who found

herself incorrectly on the list, and was apparently the only one to block use of the

list in her region.

Also, see the November CACM Inside Risks articles from 1990 (PGN), 1992, 1993,

2000 (Rebecca Mercuri), and January 2001

(http://www.csl.sri.com/neumann/insiderisks.html). Numerous problems are noted

20

in the on-line RISKS, along with various commentaries (R 21 10-14). We note that

punched-card systems are inherently flaky (!), and that even optical scanning is

problematic, but that direct-recording electronic systems tend to be subject to

serious potentials for fraud and manipulation. Internet voting is a disaster waiting

to happen in light of the inadequate security of the Internet, personal computer

systems, and subvertible servers. Proposals to vote from automated teller machines

(R 21 15-16) are also problematic, and basically undesirable. Election 2000

demonstrates once again that we need to reexamine the entire election process

objectively, and devise less-easily subvertible checks and balances that can provide

much greater assurance. Election 2002 still had vastly too many problems.

Integrity throughout the election process is essential. And yet we repeatedly hear

about unexplained anomalies (enumerated below, including the 1985 articles by

David Burnham noted below) and various suspicions of fraud – some with

convictions. For example, Ransom Shoup II (purveyor of the ShoupTronic election

machines) was convicted of two felony counts – election fraud and conspiracy to

commit election fraud. In 1996, Senator Chuck Hagel was CEO of the election

company (now a part of ES&S) used by most of Nebraska in his first-term election

(e.g., see Thom Hartmann, If you want to win an election, just control the voting

machines, The Hill, 31 Jan 2003 – R 22 55); this may not have affected the

outcome, but the early denial of the association is certainly ethically curious. In

1999, 22 people were indicted in Louisiana and 9 admitted guilt in a huge

bribery/kickback election scam involving the acquisition of Sequoia voting

systems.

If you are seriously interested in what might be needed for a high-integrity election

process, and a further study of the inherent risks, see the outstanding University of

Pennsylvania PhD thesis http://www.notablesoftware.com/evote.html of Rebecca

Mercuri (mercuri@acm.org), Electronic Vote Tabulation Checks and Balances,

2000. What we are calling the Mercuri Method involves voter-verified paper

ballot-images that become part of the official records. Useful URLs for various

other relevant organizations are included at the end of that Web site. See also

"Explanation of Voter-Verified Ballot Systems" (Rebecca Mercuri, S 27 6:15-16, R

22 17). See also my later comments (S 28 2:16-17) based on R 22 36 and R 22 38.

If the risks of voting concern you, including potential conflicts of interest among

owners, you might find some provocative information at

http://www.ecotalk.org/VotingSecurity.htm, clicking on Ownership – privatizing,

monopolizing, and politicizing the voting process. You can report voting

irregularities you see for posting at

http://www.VoteWatch.us/.

S Role of standards (Roy Saltman)(S 18 1:17); see also (R 14 08-11) [Roy has retired

from NBS/NIST, and was evidently the government person most knowledgeable

about punched-card systems. He is still active.] See "Accuracy, Integrity, and

Security in Computerized Vote-Tallying, Roy G. Saltman, National Bureau of

Standards (now NIST) special publication, 1988, for a definitive report.

+/-? US Federal Election Commission Voting Systems Standards update: draft

available (R 21 51); the final version is on the FEC Web site at http://www.fec.gov.

It still fails to address some of the most important integrity issues.

..... U.S. election events, 1984 and before:

1982: Elkhart, Indiana, program failed in midstream, programmer rebooted or

patched the system on the fly during the election process. (S 10 3:8); more in (S 10

4)

S[H?] Election frauds, lawsuits, spaghetti code, same memory locations used for

multiple races simultaneously, undocumented GOTOs, COBOL ALTER verb

allowing self-modifying code, calls to undocumented/unknown subroutines,

bypassable audit trails (S 11 3); Report from the Computerized Voting Symposium,

August 1986 (S 11 5)

SH 1984: Series of articles by David Burnham in The New York Times, (29Jul, 30Jul,

4Aug, 21Aug, 23Sep, 24Sep, 18Dec 1985) documents vulnerabilities to tampering

in Computer Election Systems (then the dominant electronic vendor); elections

with their machines challenged in Indiana, WVirginia, and Maryland, with rigging

suspected in the 1984 election in the first two states; Federal Election Commission

standards inadequate; Texas also investigated numerous discrepancies, involving

Business Records Corporation (which subsequently was involved in the Florida

fiasco of 1988) – formerly known as Computer Election Systems; NSA asked to

investigate if CES systems were open to fraud; California and Florida also

investigated; Michael Shamos quoted – CES systems equipment "is a security

nightmare open to tampering in a multitude of ways." The Burnham articles are a

startling warning shot that was almost completely ignored. [Most lawsuits later

thrown out: not guilty or lack of evidence, particularly in the absence of audit

trails!].

1984: McCloskey McIntyre Congresional election in Illinois long questioned, with

only a few votes making the difference depending on which were thrown out in

which recount. Other problems in Dade County in 1984, West Virginia, St. Louis

(S 10 3:8)

h Clerical error blamed for election computer program mishap (S 11 5)

SHrf System designs, bad software engineering, standards (Eva Waskell, S 11 3)

S[H?] Alabama, Georgia election irregularities (S 12 1)

Sh Texas beefs up security of computerized voting (S 12 1)

..... 1988 U.S. election events:

SH Computers in Elections (see the excellent article by Ronnie Dugger, The New

Yorker, 7 Nov 1988, and several cited reports); 1988 problems in Florida – 210,000

votes fewer for Senate race (Connie Mack vs. Buddy Mackay) than for President in

4 counties administered by Business Records Corporation, part of Cronus

Industries of Dallas, Texas (The New York Times, 12 Nov 1988, S 14 1:20, R 7 78);

jammed chad slots? post-election multiply punched ballots? at least one

disappearing ballot box reported? other possible scenarios?

..... 1992 U.S. election events:

m Misaligned Votomatic in Berkeley caused mispunched cards (S 18 1:15)

S? Sandia helps NM develop "uncrackable" phone voting system (S 18 1:15)

hf Oregon computer error reversed election results (S 18 1:16)

hf Programming error reverses DistAtty election landslide in Oregon (S 18 1:16)

h Ventura Cty CA votes reversed on 13 state propositions (S 18 1:16)

h/H? Another voting machine misaligned, biased toward Bush (S 18 1:16)

..... 1996 U.S. election events:

+ Hanging chad removal in punch-card ballots overturns Massachusetts primary

election (S 22 1:21)

? Louisiana results questioned because of evidence of misrecorded votes

Ethics? Senator Hagel of Nebraska was CEO of the company whose voting machines

got him elected, and had denied the connection (R 22 55)

..... 1998 U.S. election events:

h ABC News accidentally posted test election results before the election (they were

correct in 61 out of 70 Senate and Governor races!); Fox TV did a similar thing for

a Yankee-Padre World Series game (R 20 05)

..... 2000 U.S. election events:

hifm(H?) U.S. and Florida Presidential race complexities discussed (S 26 2:7-9),

relating to RISKS items and others (R 21.09-15) [noted at the beginning of the

section]. Sanity in the Election Process (Lauren Weinstein and PGN, R 21 12).

Statement by Don Dillman on Palm Beach ballot layout (R 21 12). The early

recount process showed many irregularities (R 21 12). Perspective from PGN (R 21

13) reminds us of many earlier warnings from 1985 (David Burnham) and 1988

(Ronnie Dugger, who quoted Willis Ware: "There is probably a Chernobyl or a

Three Mile Island waiting to happen in some election, just as a Richter 8

earthquake is waiting to happen in California.") (R 21 13). Discussions on Internet

and electronic voting by PGN, Rebecca Mercuri, and Lauren Weinstein (R 21 14),

and others (R 21 13-14). Criteria for voting systems (Rebecca Mercuri’s PhD

thesis, http://www.notablesoftware.com), also Fred Cohen (R 21 15-16). Testimony

of Doug Jones before U.S. Civil Rights Commission (R 21 20). DUMvoting 1.0,

Gene N. Haldeman’s parody on Dell/Unisys/Microsoft consortium (R 21 20). Later

study by Doug Jones shows certain specific slots were more likely to jam and result

in pregnant chad in Votomatic machines used in Florida (S 27 1:17, R 21 70-71),

which could be relevant to the 1988 Florida Senate race as well. (See

Mack/Mackay election, noted above.) Discussion of the Caltech/MIT report and

what Los Angeles County is doing about it in attempting to upgrade to

all-electronic systems (S 27 1:17, R 21 70)

h Exit polls blamed for misleading results in disputed Florida counties, although

those polls seemingly correctly reflected the intent of voters whose ballots were

invalid! (R 21 11, S 26 1:17)

f(h or H?) Florida election erroneous disenfranchisement of thousands of voters also

traced to bogus Choicepoint data; Choicepoint blames its data aggregator, DBT (R

21 42)

fmhH 4 to 6 million votes uncounted in 2000 U.S. election (S 26 6:15, R 21 51)

Sfh Broward County FL officials consider letting students hack election systems, but

later overruled (S 26 6:15, R 21 61)

fe New voting protocol and new ballot tally system in Cochise County AZ special

election resulted in miscounting (R 21 07; S 26 1:21)

S Vote auction Web site moves overseas after being outlawed (R 21 11, S 26 1:18)

..... Other year 2000 items:

fS? Contribution from Douglas W. Jones, Chair of Iowa State Board of Examiners for

Voting Machines and Electronic Voting Systems (S 26 1:15-16, R 21 10). This

updates his earlier report on risks in electronic voting in Iowa (R 18 15).

dfeiSPHh NSF workshop on feasibility of e-voting, commentary by Avi Rubin and

others (S 26 1:16-17, R 21 10-11)

Sf House Science Committee hearings on electronic and other voting systems, 22

May 2001: testimony by Stephen Ansolabehere, Rebecca Mercuri, Roy Saltman,

Douglas Jones (R 21 44)

SP Risks of receipts for voting machines (R 21 23); potential risks in "open"

development of voter data standards (R 21 33)

21

fHh Discussion of the use of ATMs for voting (R 21 15-16)

f$ Also in 2000, Pennsylvania county wins $1M for faulty MicroVote computer

voting machines (R 21 10)

SHA Minnesota election fraud accused in e-mail sent by Christine Gunhus (using a

Hotmail alias) disparaging her husband Senator Rod Gram’s opponent; identity

revealed by X-Originating-IP: header sent from a campaign computer, and by

GUIDs included in Word documents! (But Gram lost.) (R 21 50)

..... 2001 U.S. election events:

f Programming error scrambles San Bernadino election results (S 27 1:15, R 21 74)

VSm Implications of power outage during Nov 2001 Pennsylvania election (R 21 80)

m Mercer County NJ voting problems 2001 due to Anthrax scare delaying Internet

voting info (S 27 1:16, R 21 74)

h Election problems before the election in Virginia result from 2000 census

redistricting; electronic rolls lost 18,000 voters (S 27 1:17, R 21 74)

@hP Erroneous law-enforcement data from Choicepoint: Privacy Foundation’s

Richard Smith discovered he had been dead since 1976, and had aliases with Texas

convicts; Chicago woman misidentified as shoplifter and drug dealer, and fired.

(Florida election erroneous disenfranchisement of thousands of voters also traced to

bogus Choicepoint data; Choicepoint blames its data aggregator, DBT.) (R 21 42)

..... 2002 U.S. election events:

h Compton California Mayoral election screwup from lack of randomization of

candidate ordering (S 27 3:16, R 21 91)

SP Miami-Dade OKs touchscreen voting for Nov 2002 (S 27 3:16-17, R 21 90,92,93)

SAf Palm Beach’s new electronic voting machines have problems (S 27 6:15, R 22

16) and more on lack of accountability (S 27 6:16, R 22 17)

fmiSP(HI?) Florida Primary 2002 problems: touchscreen machines not working,

showing the wrong candidate, or nonworking authorization cards; some huge voter

delays, Governor authorized two-hour extensions although some already shut-down

machines could not be restarted; lame testing; purchase contract makes it a felony

violation if any devices provided for internal examination; serious reliability

problems reported in Georgia and Maryland; comments from the Georgia Secretary

of State (R 22 25); comments from Mercuri on MIT/Caltech press release (R 22

26);

fmiSP(HI?) U.S. general election 2002: Glitches widely reported in FL, TX, AL, NV,

GA, CA, SC, NE, NJ; Voter News Service outage (R 22 38); iVotronic machines

lose 294 votes in Wake County NC (R 22 33); 2-3 hour waits in Florida early voting

result from voter anticipation of election day problems! (R 22 34); factual errors

reported in CNN article, particularly regarding use of old FEC standards, not new,

and still voluntary; other errors (R 22 36); in FL Palm Beach and Broward counties

and Georgia, voters found touch-screen machines that showed votes for untouched

candidates; Broward programming error omitted 34,000 votes; 70,000 absentee and

Spanish-language ballots missing from turnout but (supposedly) included in counts;

Houston voters in 5 precincts had straight-party votes rejected; half of the Pulaski

County AK had not been assigned precincts after redistricting, were not allowed to

vote; NE long-shot candidate was given a premarked ballot for his opponent (R 22

36); more on exit polls (R 22 35,37); Broward County vote total short by 104,000

votes (R 22 36-37); 67 memory cards misplaced in Georgia, representing 2,180

ballots (R 22 37); "The right to have the vote counted is infringed, and we have lost

the integrity of our voting system, when the ease with which ballots can be

manipulated is greater than the ease with which the manipulation can be detected."

(Kevin Craig, 2000) www.electionguardians.org (R 22 37); chip glitch hands

victory to wrong candidate in Nebraska (R 22 38); Voters can report election

irregularities at VoteWatch.us (R 22 38); problem in White Plains NY with sticking

lever machine (R 22 44); vote only by mail in Oregon (R 22 35)

Sm?f?H? 2002 unofficial election results in Alabama reversed, cause still

unexplained: electronic results wrong, hardcopy results correct (R 22 60-61, S 28

3:10)

fiSP(HI?) Columns by Lynn Landes on questionable ownership of voting machine

companies (felons, etc.), also citing VoteScam, 1992 book by James and Kenneth

Collier; interactive modems capable of controlling voting machines in real-time (R

22 25,37-38); ideal voting systems? (R 22 34); further discussion of the Mercuri

Method, alternatives, and butterfly ballots again, and other discussions (R 22

27-31,38)

SHPfi Boston gets Diebold AccuVote marked-paper reader systems, seemingly

lacking in assurance of correct tabulation (but at least recounts by independent

systems are possible – if requested) (R 22 39)

SH? Diebold AccuVote system integrity questioned in Georgia because of the use of

an unprotected FTP site for storing election software, election results files, upgrade

files, etc. (for example, see The Register, 8 Feb 2003; surprising Max Cleland

defeat linked?

SPH Powervote electronic vote machines open to tampering: bogus ballot face (R 22

44)

*m Explosion of nickel-cadmium batteries used in electronic voting (R 22 28)

..... 2003 U.S. election events:

SH Chief of Diebold voting machine company writes Republicans in fund-raiser he is

"committed to helping Ohio deliver its electoral votes to the President next year."

(R 22 89, S 28 6:11)

SH "According to election industry officials, electronic voting systems are absolutely

secure, because they are protected by passwords and tamperproof audit logs. But

the passwords can easily be bypassed, and in fact the audit logs can be altered.

Worse, the votes can be changed without anyone knowing, even the County

Election Supervisor who runs the election system." (R 22 83)

fS(H?) Avi Rubin et al. analyze serious flaws in Diebold electronic voting systems (R

22 82)

mh Voting tech problems galore in Mississippi: locked precincts, machine

malfunctions, erroneous ballots, voters given wrong ballots (R 22 83)

f?m?SH? (who knows?) NYCity: Blank ovals sensed as votes, legitimate votes

disqualified as overvotes (R 22 75)

H? UC Riverside student arrested for allegedly derailing student election, casting 800

votes for a fabricated candidate (R 22 78)

..... Other election items in the U.S.:

Sfde Voting machine engineer sues, alleges machine design flaws (Bev Harris via

Susan Marie Weber, R 22 59, S 28 3:10)

S(H?) Senator Frist’s on-line poll on Iraq removed, claiming tampering (R 22 62, S

28 3:10-11)

h Missouri legal decision questions automatic ballot counting (S 13 2)

m Computer miscounts StarWars (Strategic Defense Initiative) vote in the House of

Representatives (358 ayes & 237 nays, which adds up to much more than 435!!!)

(S 13 3)

*h Computer data-entry error in vote tallying (2828, not 28) (S 13 4)

f/h? 8 Durham NC precincts had correct totals counted twice (S 15 1)

f/h? Virginia governor’s race also had totals counted twice (S 15 1)

h Undeleted leftover test data reverses Yonkers NY election results (S 15 1:12)

rf Manual districts required live fudging of Michigan election system (S 15 1)

f Another experience with voting machines in Fairfax County VA (S 15 1)

SHAO Absentee ballot fraud detected in Colorado since 1984 (S 18 1:18); 11 indicted

in Costella Cty CO; 2536 voters with pop. 2278 (R 15 41)

fh Other risks in unaccountable computerized elections (S 19 1:6)

m CMU elections suspended because roster database system was down (S 19 2:8)

SH Cat registered as voter to show risks (no pawtograph required) (S 20 1:16)

m Static electricity affects ballot counting (S 22 1:18)

VSH San Jose State voting computer crashes, "fixed". (S 18 1:18)

$f NY City electronic voting machines still unaccepted after spending $20M (R 19

06) (Note: 1940s lever machines still in use in 2000 election!)

+? A little humor: use of "fixed" vs "repaired" (S 18 1:18)

m Computer disk crash gives ballots with 2 candidates omitted (S 20 1:17)

hfm 1995 San Francisco elections (S 21 2:19)

mfie Problems in Montgomery County election, 7 Nov 1995: anti-moisture spray

effects, delays, bad operator initialization, phantom votes (R 17 50,56)

h Risks of global editing in voting context: name ‘Pollack’ changed to ‘Turnoutack’

(S 14 5)

..... Internet and remote voting:

Internet voting systems are potentially even riskier than electronic voting systems,

especially if you (and everyone else) can vote from anywhere in the world on a PC

with inadequate security using code that you have downloaded from some

supposedly trustworthy site on the Internet. The California Commission studying

Internet voting suggested that the risks were too high for such a balloting method to

be used, although it considered using such a scheme under carefully controlled

physical surroundings. See http://www.pfir.org/statements/2000-02 for a discussion

by Lauren Weinstein of risks in Internet voting, and later by PGN, Rebecca

Mercuri, and Lauren Weinstein (S 26 2:, R 21 14), and others (R 21 13-14).

SPf More on risks in Internet voting: NSF report (R 21 28-30,32,34)

rSH Garciaparricide in 1999 All-Star balloting? 25,259 on-line votes cast by a Perl

devotee; 22-vote max detected: same e-mail address; needed IP spoofing (R 20

47-48)

SAOf Vote early, vote often for your favorite California quarter design – via the

Internet (R 22 49)

SP 2000 Arizona Democratic primary allows Internet voting (R 20 83) and more

people voted that way than all votes in the 1996 election. Needs for privacy and

anonymity difficult to meet (R 20 84); crypto for voting (R 20 85);

fSH Problems with Australian ABC TV show online voting scores (R 21 06; S 26

1:33)

f? College election.com online voting glitch (R 21 28)

SH Large-scale fraud in Dutch election choosing new name for merged towns of

Leidschendam and Voorburg (S 27 1:16, R 21 70)

SPH E-voting and international law (S 27 2:11-12, R 21 81)

22

SH 1998 People Magazine Most Beautiful People poll winner Hank the Angry

Drunken Dwarf! 1998 Kesmai employees instructed to vote early vote often for

Kesmai game award (S 27 3:18, R 21 90)

SH Microsoft "astroturf" campaign stuffing an e-ballot box (S 27 2:12, R 21 87)

SH Vivendi suspects electronic vote fraud (S 27 3:18, R 22 05)

SP UK tries remote voting in Liverpool and Sheffield in May 2002, using SMS (R 21

90, R 22 03,05); Web voting in Wybunbury and Maw Green (R 22 04)

..... Other Election Problems:

f Quebec election prediction bug: wrong pick [1981] (S 10 2 pp 25-26, 11 2)

fh Votes and candidates misaligned in Calgary 2001 election through

misalphabetization of d’Arras as Arras (S 27 1:16, R 21 70)

mH? Philippines election power failure affected only the area of the computer center;

on reboot, the computer immediately declared the underdog to be the winner (S 10

3:8, The Washington Post 10 Jun 1985)

$f Votes lost in Toronto (S 14 1, 14 5); Toronto district finally abandons computerized

voting; year-old race still unresolved (S 15 2)

SHm SQL Slammer DDoS attack disrupted the 25 Jan 2003 NDP leadership

convention voting in Toronto (election.com) (R 22 59)

hfi Alberta vote-by-phone fiasco (S 20 2:8)

h 6000 moved Australian voters lost from computer election rolls (S 14 6)

h Read-ahead synchronization glitch and/or eager operator causes large data entry

error, giving wrong winner in Rome Italy city election (S 15 1)

fm DB and WWWon one machine mess up 2001 Australian Capital Territory

election (S 27 1:15, R 21 71-72); see earlier anticipation (R 21 67)

fh Risks with automated counting of preferential ballots in 2001 Australian Senate

elections (S 27 1:15-16, R 21 77)

f/h/H? Computer error in Cape Town election affects results (R 18 17)

f German parliament election: program rounds up Greens’ 4.97%, but 5% needed to

count; corrected error gives Social Democrats one-seat majority (S 17 3)

h Wrong result in German Bundestag elections due to FAX of double-sided results

pages (R 20 04)

f Swedish election results delayed by computer errors, 140% returns (S 17 1)

$h Mis-set parameter invalidates Oslo parliamentary election (S 19 1:5)

SH Election fraud in the UK? (R 21 50,51)

S? Tampering blamed for lost Peruvian candidacy signatures (S 20 1:18)

SH Electronic ballots eschewed in India due to rigging fears (S 16 3)

+? Church of England has certified software for its elections (S 17 1)

fSAP New Zealand electoral Web site for registering and updating; authentication

consists of full name and date of birth! (R 21 41,44)

SAfe Electronic voting systems: more on system integrity and accountability (R 22

66); New South Wales forced to hand-count poll result after inadequately tested

computer upgrade (R 22 69); crash of Will County, Illinois, Web site for tallying

and publishing election results after being deluged with bogus requests (R 22 69)

Sfi Bulgarian parliament e-voting authentication based on member’s weight (S 27

2:12, R 21 88-89)

SP Electronic voting in Ireland in spring 2002 (S 27 3:16, R 21 93)

S Injured technician’s inability to provide the password delays vote count in Mali (S

27 3:18, R 22 05)

SHf Olympics’ ice skating judging rigging leads to strange proposal for nonaudited

electronic randomized voting scheme! (S 27 3:18, S 21 92)

m Mice chew up paper ballots in Bangkok election (S 27 3:18, R 21 98)

h How to rig an election by clever redistricting (R 22 05)

hi Brazilian computer blocked twins, like-named siblings from voting (S 12 1) (This

problem may still have existed in 1994, unless new report was old.) (R 16 45)

fe Voting machine inflexibility causes postponement of Brazil’s standard time cutover

from daylight time because law requires 8 to 5 voting (R 22 33); Brazil modified

3% of their machines to use the Mercuri Method (R 22 24) – see article in

November 2002 IEEE Spectrum.

SP Nigerians to use fingerprint scanning technology in elections; lower-level officials

hoard registration forms (R 22 30)

SP(+/-) UK publishes security requirements for e-voting (Cuddy and Mercuri

response, R 22 40)

SH BBC Website article on risks with e-voting: Yet every time we get to look inside a

piece of software or a security system that has been developed in secret, and built

on the top of a compromise between acceptable levels of risk and the cost of doing

it properly, we find holes and errors. (R 22 83)

SHf Phantom voting in Israeli Knesset; no security (R 22 76,79)

..... Related technology problems

@+? Use of ‘unpredictable auditable random numbers’ in casino/gaming systems,

possibly relevant in elections? (R 22 57)

@S? New cell phones well suited to wireless gambling (resembling the voting

machine situation?)! (R 22 55)

Insurance Frauds

$SH Possible fraud on reinsurance – message time stamp faked??? (S 10 5)

$H N-step reinsurance cycle; software checked for N=1 and 2 only (S 10 5)

Security Problems

in computers and communications: Penetrations, Trojan Horses, Viruses,

Time-bombs, Scams, Blackmail, and Other Problems:

..... Recent yet-to-be-merged security items:

***** Apologies. I am way behind in coping with the pervasive occurence of these

cases and trying to distribute them sensibly within the subtopics. PGN

SH UK Sunday Business reported intruders seized control of a British military

satellite, and demanded blackmail (R 20 23)

Sf Security flaw with frames in browsers (R 20 09); risk of coopted back – not just in

JavaScript (R 20 11-12)

SAO 3Com security advisory admits to undocumented backdoor for CoreBuilder and

SuperStack II switches (R 20 07)

Sf Seeming SecurID flaw granting root access on login (R 20 10) actually NIS client

code flaw (R 20 11)

fS Excel 4.0 and Excel 98 mixes up hard disk and floppy, with nasty potential

consquences (R 20 08); Excel messes up large numbers (R 20 14)

Sf Internet Explorer 4.01 Son of Curatango cut-and-paste flaw (R 20 09)

Sf NT server worm attacks 10 MCI Worldcom networks (R 20 13)

S Win98 Trojan Horse in installation of Java/Y2K upgrade (R 20 13)

SAO PalmPilots can scan remote-control infrared codes (R 20 10,13); risks of RF

garage-door openers, infrared alarm systems, etc. (R 20 13)

SM Auctioning of frequency spectrum undermines Pentagon’s ability to counter

interference risks on cruise missiles (AW&ST item) (R 20 07)

SM Sweden recommends banning mobile telephones on ships; Norwegian man

consistently caused ship rudder to swing despite vessel on autopilot (R 20 08)

SM Security risks of laptops in airline cockpits (R 20 12)

SH Risks of Internet vote rigging: BBC Sports Personality of the Year (R 20 11)

SH Rhode Islander sentenced for intentional damage and unauthorized access (R 20

23)

M Man’s cell phone interferes with all traffic in GTEWireless tower (R 20 18)

S Viruses spread in Sea Launch documents (R 20 16)

VSH Smurf denial-of-service attack on Ozemail ISP (R 20 16)

SH Unsuccessful cracker takes it out on challenge creator (R 20 19-20)

$SHO German bank being blackmailed by putative cracker (R 19 56)

- High-school student expelled for writing article on hacking (R 19 56)

SH Ransom note on Yahoo demands freeing Kevin Mitnick (R 19 50)

S(not-H?) Matthew Bevan (a.k.a. Kuji) cleared of unauthorized access charges; also

reference to GAO report on Rome Lab breakins (R 19 48)

$S Wells Fargo issues ATM/Check cards, which are actually debit cards; analysis by

Lauren Weinstein (R 19 49)

Sf Security vulnerabilities in Common Desktop Environment (CDE): faulty argument

check (R 19 57)

Sf Potential risks associated with Mobil Speedpass at gas pumps: replay attacks with

RF and no PIN in TI’s TIRIS (R 19 52)

SHm 4-watt GPS/Glonass jammer from Russian Aviaconversia (R 19 54)

*M? Australian air-safety report gives 30 cases of possible in-flight electronic

interference (R 19 55)

+ Lufthansa combats mobile phone risk with detector (R 19 48)

Si Risks of new Motorola car-control-via-pager system (R 19 50)

+ Discussion of IEEE/ACM Code of Ethics (R 19 57)

$H Oregon DMV lost $15K photo licensing equipment (R 19 16)

m Report that "hackers get into Ramsay case computer" (R 19 23) is false; it was a

dead CMOS battery!! (R 19 24)

Sfi Security flaw in Rogers Cablesystems Wave gives access to other users’ data (R

19 43)

m Mobile-phone electromagnetic radiation causes short-term memory loss; related to

talkers’ road accidents? (R 19 39)

S PBS and TV "Barney & Friends" signal to activate interactive Barney doll via

Microsoft ActiMates set-top box (R 19 39)

? Satanic Risks with GPS in every mobile phone? Comments on Lucent, Limbo,

Styx, 666 5th Ave. in NY, from the Fortean Times (R 19 51)

- Computer system implicated in need for death-penalty review (R 19 29)

S Discussion of leaked report on Mondex security flaws (R 19 38)

- Gerber net hoax (R 19 43)

S+$ "Crack a Mac" contest server cracked; winners get 100,000 Swedish kronor each

(R 19 31)

? Encoded circuit board missing from Chinese rocket (R 19 84) Chinese suspected of

23

extracting it, later report it must have burned up on reentry

H? Three alleged Quebec hackers accused of posting bomb recipes (R 19 81)

SHO Department of Energy discovers security vulnerabilities, with 1400 Internet

systems having classified or sensitive information (R 19 81)

SHO German phone-cards cracked by Dutch crackers (R 19 77)

ShHOA Dutch ISP WorldOnline security failures (R 19 85)

SHOA CzERT group of hackers ravage Czech & Slovak cyberspace (R 19 77-78)

Sfi Excite referer-log security hole (R 19 78-79, 19 90)

SH/h/f/etc. Discussion of defining the line between hacking and Web surfing, by Eli

Goldberg (R 19 84-85)

SP Burglars foiled by cordless-phone interception (R 19 80)

S SPA/BSA report: computer industry lost $11.4 billion in piracy.

*VM Electromagnetic interference on defense systems such as Patriot, Predator,

radars, telephones, etc. (S 24 1:34, R 20 04)

M Sensormatic Ultra-Max shoplifting gate in bookstore interfered with 72-year-old

man’s defibrillator (R 20 05)

M GPS on M.V. Manatoulin cargo ship failure traced to interference from the

captain’s TV antenna (R 19 90)

SH Malaysian unrest; broadcasters’ reports censored; satellite communications

intercepted and blacked out (R 20 01)

SH Irish gang physically takes out telephone exchange (R 20 01)

fS JavaScript flaw in Netscape allows reading of other caches (R 20 02)

Sf Cult of the Dead Cow Windows 95/98 BackOrifice Backdoor (R 19 90)

Sf NT security flaw allows impersonation of admins (R 19 90); further discussion on

the old days, C2 certification, etc. (R 19 95-96, 20 01-02)

Sf Windows NT 5.0 reportedly about 48M lines of source code (R 19 90)

SHAO AOL-official masquerader changes aol.com domain-name entry, takes AOL

off the Net (R 20 04)

SHO Computer consultant-hacker investigated for using 2,585 computers and 10.63

computer-years in prime-number search; detected by US West intrusion response

team (R 19 97)

SHf Small credit unions easy targets for debit-card fraud (R 19 93)

Sf BankBoston and USTrust ATM teller machines truncate PINs to four digits! (R 19

89)

SH Custom alarm decoders break electronic car systems quickly (R 19 93)

ffffSH Frequent security break-ins at the Pentagon (R 20 24)

Sh Sweep detects 31 secret files in former CIA Director John Deutch’s PC (R 20 30)

SH JavaScript eBayla virus infects eBay auction (R 20 32-33)

SH Fake Swedish ATM front panel copies cards and PINs (R 20 31)

$H 13-year-old makes $3M in bids on eBay auctions, wins a few and messes up

others (R 20 35)

SH Military-strength version of Windows NT certification problems: NT 3.5 is C2

(when standalone), NT 4 is not certified for the networked use NATO uses it for (R

20 36)

Sf Woody’s Office Watch reports virus-infected documents on MS Web site. (R 20

34)

S Shamir’s TWINKLE machine could increase speed of factoring by 3 to 4 orders of

magnitude, threatening 512-bit public-key crypto keys (R 20 38)

Sf False virus detection: searching for Melissa (R 20 40); HotMail and the

happy99.exe infection; Virus Scan misses it (R 20 40)

Sfff Discussion by Bruce Schneier on Why Computers are Not Secure (S 25 2:18, R

20 67,69)

Sf GSM cell-phone encryption cracked by Birykof and Shamir (R 20 67,69) See

http://www.crypto.com/papers/others/a5.ps

SHf Pirate broadcasters overtake Radio Data System (R 20 74)

Sf BlackICE Defender security product opens up gaping flaw (R 20 64)

$Sf U.K. bank (Halifax) suspends on-line share trading over security flaw enabling

you to trade for others (R 20 66)

$SH Hacker redirected browsers from Staples to Office Depot (R 20 66)

SH "Anonymous" Hotmail e-mail threat traced to AOL user (R 20 66)

Sf Defective crypto in Netscape e-mail password saver (R 20 68,70,74)

S Netscape mail confounds two accounts for one user (R 20 70)

Sf Installing IE 5.0 changes the OS topology! (R 20 66)

Sf No bounds checking in Microsoft RTF controls (R 20 66, 68-69)

Sf Mini-Zip virus (R 20 66)

SH Canadian debit-card fraud: doctored swipe readers transmit mag stripe info and

PIN (R 20 69)

$S Sanity.com allows CD orders without payment, in attempt to avoid credit-card risk

(R 20 68)

P Sanity.com violates its own privacy policy by divulging e-mail addresses (R 20 71)

Sf Further CERT Advisories 99-15,16 on buffer overflows (R 20 69)

SHV Dell loses five days’ production time in Ireland to FunLove Virus (R 20 66)

$SA Automated money laundering: counterfeit Japanese 500-yen coins made from

Korean coins worth about 50 yen accepted by coin machines; coin return yields a

genuine coin! (R 20 67-68)

Si Risks in MS Outlook 98: sensitive attachments missent (R 20 67); trying to delete

e-mail: embedded html executes OpenWindow to remote site (e.g., porn, which is

logged) (R 20 69)

SH Various risks of Conducent/TimeSink ads in software (R 20 65)

*Sfi ATM user trapped for 9 hours by automatic 9pm lock, with no escape (R 20 66)

SH$ Salary payment diskettes intercepted and manipulated (R 20 54)

VS* If payments are delinquent, car might not start, or could stop while running (R

20 54)

SHA Web users "page-jacked" by pornographers (R 20 60)

SHA "United Loan Gunmen" attack on NASDAQ, AMEX, previously C-Span, ABC,

Matt Drudge sites (R 20 58)

h Stray faxes for U.S. Embassy go to Auckland NZ chicken farmer (R 20 56)

SHA Author of false e-mail arrested for starting panic (R 20 47-48)

SHAO Yet another ATM scam: Trojan-horsed keyboard (R 20 46)

S New ICQ Trojan as JPEG (R 20 57)

Sf Hotmail Trojan horse captures passwords (R 20 57)

Sf Race condition flaw in Microsoft JVM / Java library with IE4 and IE5 (R 20 55);

further flaw in MS bytecode verifier (R 20 62)

Sf Microsoft "fixes" the macro virus vulnerability in MS Office (R 20 42); also

problems in Word 97 (R 20 57,59)

Sf*$ Vulnerability in Windows SSL server and common browsers: private key with

exponent 1 (R 20 41)

Sff ActiveX security problems in IE (R 20 44), in Windows 98 (R 20 50-51); Richard

M. Smith’s test page for dangerous ActiveX controls, recommendation to turn off

ActiveX in IE5 (R 20 56)

http://www.tiac.net/users/smiths/acctroj/axcheck.htm

Sf More risks of Internet Explorer 5 (R 20 54); more flaws in Internet Explorer 5.0

interactions with ActiveX (R 20 61) plus further flaw in MS Java VM (R 20 62)

Srf Security vulnerability in Netscape:
of bookmarked page is executed! <br /> <br />(R 20 42) <br /> <br />SHf Allaire/ColdFusion firewall vulnerabilities (R 20 43) <br /> <br />SHOA Hackers breach Firewall-1 (R 21 02; S 26 1:29) <br /> <br />Sf Critical Path has serious security hole affecting many including NSI (R 20 59) <br /> <br />S Security flaw in Texas Hold ’em Poker program (R 20 56) <br /> <br />S Auto-Fix feature for Dell PCs opens up security hole (R 20 55) <br /> <br />SH$ eBay scam results from last-minute withdrawal of ridiculously high bid (R 20 <br /> <br />51) <br /> <br />S-ethics Clinton’s Executive Order on Unlawful Conduct on the Internet (R 20 53) <br /> <br />Sm,h,rf Maldesigned Baltimore computer system CCMS slows Pentagon background <br /> <br />checks (R 20 46) <br /> <br />? Supreme Court upholds CDA barring indecent speech online (R 20 45) <br /> <br />ShA DoD password management policies questioned (R 20 50) <br /> <br />SA Security risks in "Treasury Direct" (R 20 50) <br /> <br />SH Microsoft employee apparently posted aliased message falsely blaming AOL for a <br /> <br />security flaw (R 20 54) <br /> <br />SHf London Underground sequence rollover: certain 2-year-old Travelcards work <br /> <br />again! (R 20 48) <br /> <br />SM*? Cell phones and aviation electronics; One year in jail for cell-phone use on a <br /> <br />plane (R 20 50-52); Chinese jet driven off course (R 20 53) <br /> <br />Hhm Cell-phone hoax takes down Lebanon’s phone networks (R 20 43) <br /> <br />* Possible victims of Iridium demise: Pacific rower, Norwegian transpolar skiers (S <br /> <br />25 3:18, R 20 85); Iridium flames out (R 20 87) <br /> <br />$h Reserve Bank of Australia (RBA) announced an unexpectedly larger interest rate <br /> <br />hike at at 9:30 a.m. on 2 Feb 2000, but accidentally sent 64 people e-mail 6 minutes <br /> <br />earlier. In those 6 minutes, approximately AUD$3 billion worth of bill and bond <br /> <br />futures were dumped on the market. (David Shaw, R 20 78) <br /> <br />f U.S. Census prepends extra digit to house numbers in mass mailing (R 20 83) <br /> <br />$hf UK woman dunned for underpayment of four pence (R 20 75); other small debts <br /> <br />(R 20 76) <br /> <br />f Letter from Jim Allchin, Microsoft on Windows 2000 bugs (R 20 80) and comments <br /> <br />(R 20 81-82) <br /> <br />f More on MS Outlook Express feature: line begins with <br />"begin ", following <br /> <br />which everything is an attachment (R 20 75-76); more risks with pine bug (R 20 <br /> <br />78-79,81) <br /> <br />f Risks of Authenticode in Windows 2000 (R 20 81 after R 18 89) <br /> <br />fi Computer-truncated flower-delivery message brings police (R 20 83) <br /> <br />hi National Weather Service tests leak out live (R 20 82) <br /> <br />f Weather.com leaves visitors in the cold, with erroneous temps (R 20 85) <br /> <br />SHO Feb 2000 distributed denial-of-service attacks disable Yahoo, Amazon, eBay, <br /> <br />CNN.com, Buy.com, ZDNet, E*Trade, and Excite.com for a few hours each. (S 25 <br /> <br />3:19, R 20 79) <br /> <br />24 <br /> <br />$SHAO Credit-card data used for extortion (S 25 3:20, R 20 75) <br /> <br />*fff Rhode Island computer arrested innocents (S 25 3:20, R 20 76) <br /> <br />$SHAO Global Hell hackers steal 63,000 passwords (S 25 3:20, R 20 76) <br /> <br />SHAO Judge sends message to network vandals: "go to jail" (S 25 3:21, R 20 83) <br /> <br />+S U.S. removes most restrictions on encryption software (S 25 3:21, R 20 76-77) <br /> <br />+S U.S. government abandons Bernstein restrictions (S 25 3:21, R 20 82) <br /> <br />SP China to require encryption information (S 25 3:21, R 20 78) <br /> <br />SH Online prankster distorts Clinton chat (R 20 80) <br /> <br />SHOf Junk e-mailer uses closed e-mail list as a relay (R 20 79) <br /> <br />Sf UK ISPs leave themselves wide open to potential abuse (R 20 83) <br /> <br />Sf CERT Advisory http://www.cert.org/advisories/CA-2000-02.html on malicious <br /> <br />html tags embedded in client Web requests; (R 20 78) <br /> <br />$- Offshore online gambling operator convicted in NY placing illegal wagers over <br /> <br />phone lines (R 20 84) <br /> <br />Sfi Risks of a hyperactive anti-viral immune system (R 20 84) <br /> <br />SHh etc. Computer Security: Will We Ever Learn? (Bruce Schneier, S 25 4:8-10 and <br /> <br />R 20 90) <br /> <br />S Peter Junger case: encryption code protected by First Amendment (R 20 87-88) <br /> <br />SHf Code protecting Stephen King e-book Riding the Bullet cracked (R 20 87); <br /> <br />Stephen King’s not scared of trusting online readers (R 20 98) <br /> <br />SHAO Love Letter Worm affects Microsoft Outlook users; See CERT Advisory <br /> <br />CA-2000-04, http://www.cert.org/advisories/CA-2000-04.html, summarized in (R <br /> <br />20 88); See related items (R 20 88-89), security patch to disable attachments (R 20 <br /> <br />89), and risks of antiviral software (R 20 90); Microsoft Outlook 2002 will enable <br /> <br />restriction of 30 types of file attachments (R 21 36) <br /> <br />Sf W32/ExploreZip.worm "virus" and user interfaces (R 20 44) <br /> <br />VSHf,etc. Risks of e-mail borne viruses, worms, and Trojan horses, by Bruce <br /> <br />Schneier (R 20 45); security sites vandalized (R 20 53) <br /> <br />S Commentary from Bruce Schneier on Back Orifice 2000 (R 20 57) <br /> <br />Sf CERT Advisory CA-99.06 ExploreZip worm (R 20 44); See http://www.cert.org <br /> <br />for background. <br /> <br />SHfe SQL Slammer/Sapphire worm slows Net, grounds South Korean surfers, <br /> <br />disables most of Bank of America’s ATMs (R 22 52); various Canadian banks <br /> <br />affected (R 22 52), plus Canadian NDP leadership convention Internet election in <br /> <br />progress (R 22 59); Microsoft’s own unpatched servers victimized as well (R 22 <br /> <br />53); Who is to blame? (R 22 52-53, 58); advent of network risk insurance (R 22 <br /> <br />53); Caida analysis shows worm doubling in size every 8.5 seconds (R 22 54); side <br /> <br />problem of Virginia furnace fuses blowing, causing file system corruption (R 22 <br /> <br />53); parametric worm warning (humor, R 22 53) <br /> <br />Sf Risks of reading zipped Microsoft text including .exe files (R 20 90-91) <br /> <br />SHf Peacefire: Eudora "Stealth Attachment" security hole discovered (R 20 88) <br /> <br />SHf Netscape Navigator improperly validates SSL sessions, CERT Advisory <br /> <br />CA-2000-05: http://www.cert.org/advisories/CA-2000-05.html, summarized in (R <br /> <br />20 88); see also Misleading warning (R 20 89) <br /> <br />SHf Microsoft Office 2000 UA ActiveX Control Incorrectly Marked "Safe for <br /> <br />Scripting": CERT Advisory CA-2000-07, <br /> <br />http://www.cert.org/advisories/CA-2000-07.html, summarized in (R 20 89) <br /> <br />SHAO Canadian teen (Mafiaboy) held in February 2000 Web attacks on Yahoo, <br /> <br />CNN.com, eBay, Amazon (R 20 87) <br /> <br />Sf Web server displays admin password on failures (R 20 87) <br /> <br />SHP The Mirror reports recovery of top-secret stolen UK laptop with Strike Stealth <br /> <br />fighter data (R 20 89) <br /> <br />Shm Venezuela postpones election due to computer problems (R 20 89) <br /> <br />*Sf Discussion of 2 devices allowing police to stop arbitrary cars (R 20 89) GM’s <br /> <br />OnStar for location, but also may allow remote hacker activities (R 20 90) <br /> <br />S? India considering use of railroad communications for Internet connectivity (R 20 <br /> <br />90-91) <br /> <br />S?f?h?i? More risks of networked home appliances (R 20 88, R 21 37) <br /> <br />M Study shows mobile phones do interfere with old-generation avionics (R 20 89) <br /> <br />SV Scientists spot Achilles’ heel of the Internet; critical nodes (R 20 98) <br /> <br />SHI During a Verizon strike, 2 NY employee saboteurs cut a power cable next to a <br /> <br />telephone cable, suffering burns (R 21 03; S 26 1:28) <br /> <br />Sf NATO antivirus developers accidentally create Anti-Smyser1 virus that spills <br /> <br />secrets (R 20 93; S 26 1:28) <br /> <br />Sf Major security hole in Anna annapa.com online organizer service (R 21 02; S 26 <br /> <br />1:28-29) <br /> <br />Sfh "Verify your age with a credit card": more than $188M fraud (Lenny Foner, R 21 <br /> <br />03; S 26 1:30) <br /> <br />SH Cyber-extortion increasing (R 20 94; S 26 1:30) <br /> <br />*m Microsoft software can damage your hardware! Plastic CD-ROM fragments and <br /> <br />frags (R 20 92); hairline fractures in center hole dangerous (R 20 94) <br /> <br />f Another Win95/DOS interaction (R 20 93) <br /> <br />Sf Outlook buffer-overflow bug on date allows self-executing Trojan horses (R 20 97) <br /> <br />SHOAi Fake PayPal site (PayPaI.com) collects user IDs and passwords (R 20 97); <br /> <br />PayPal victimized by seemingly legitimate fraudulent e-mail (R 22 78,79,85) <br /> <br />S (not-for-kids) Burger King gives away CD-ROM with porn addresses (R 20 93) <br /> <br />f Edmonton man finds security hole in video slot machines, gets sued (R 20 93) <br /> <br />Sf Risks of using HTML Mail and HTTP proxy "censorware" together (R 21 05-06; <br /> <br />S 26 1:32) <br /> <br />Sr Tighter security at Los Alamos may actually decrease security (R 21 07; S 26 1:32) <br /> <br />Sf SSL Server Security Survey: 32% dangerously weak (R 21 02; S 26 1:32-33) <br /> <br />Sfde? New Navy aircraft carrier to run Win 2000 for critical functions (R 21 05) <br /> <br />Sf Windows NT/2000 "Lock Computer" allows palm sync (R 21 04-05) <br /> <br />Sf Pretty Good Bug found in Windows versions of PGP for "trusted" third parties (R <br /> <br />21 03); another flaw in PGP plug-ins for MS Outlook distributed by Network <br /> <br />Associates (R 22 15) <br /> <br />fS Norton Antivirus 2000 defect on Win2000 content (R 20 94) <br /> <br />Sf Security hole in Netscape infects computers, opens access (R 21 01) <br /> <br />SH? (no) Report of hacker endangering astronauts in 1997 (R 20 93) disclaimed by <br /> <br />NASA (R 20 94) <br /> <br />SHA Risks of automated boarding passes for airline e-Tickets (R 21 02) <br /> <br />e NY State running out of fingerprint IDs (R 21 02) <br /> <br />[S-spoof] New security vulnerability: 13-year-old ‘r00ts’ popular polynomial, <br /> <br />crypto-spoof article by Leonard Richardson (R 21 03) <br /> <br />S+ The end of the Multics era (R 21 12, S 26 2:9) <br /> <br />S+ CERT’s ActiveX security report (R 21 17, S 26 2:9) <br /> <br />*SH$ Arizona Motor Vehicle counterfeiting rings (R 21 14, S 26 2:9) <br /> <br />*SH Another DMV Break-in, in Oregon (R 21 15, S 26 2:9) <br /> <br />Sf No security in Internet-connectable laboratory instrument controller (R 21 10, S 26 <br /> <br />2:9) <br /> <br />VSHI Security at UK nuclear power stations (R 21 20, S 26 2:9) <br /> <br />SP How to upset your customers (R 21 09, S 26 2:10) <br /> <br />$SH Hacker seemingly extracts large number of credit-card records from <br /> <br />egghead.Com (R 21 16,18-19); egghead says maybe none of those cards was <br /> <br />compromised; however, lots of people’s cards were cancelled as a precaution. <br /> <br />SHAO Florida 8th-graders penetrated school system and copied final science exam (R <br /> <br />21 18) <br /> <br />SHAO 11-year-old boy charged with felony for computer tampering, changing grades <br /> <br />(R 22 56) <br /> <br />Shi Report on hacker altering MIT grades false; spreadsheet missorted (S 25 3:16-17, <br /> <br />R 20 84-86) <br /> <br />SP Report that Dutch hacker offloaded patient records from Seattle Hospital; U. Wash <br /> <br />denies it (R 21 14-16,18) <br /> <br />SHAO Microsoft Web site vandalized; Trojan horse sent company passwords to <br /> <br />Russian site (R 21 11) <br /> <br />S(f) Researchers able to defeat SDMI digital music security measures (R 21 11) <br /> <br />$SH Poll of CIOs reveals confidence in their network security despite $billions in <br /> <br />losses; over half of respondents did not report breaches (R 21 18); skepticism <br /> <br />needed concerning loss figures (R 21 19) <br /> <br />Sf Verisign and MS authenticode time-stamp errors (R 21 11) <br /> <br />i Devious URLs making something look hacked when it isn’t (R 21 16) <br /> <br />ShHA Australian government minister has $50,000 phone bill on telephone card <br /> <br />given to his son and used widely by others (R 21 09) <br /> <br />SPf NJ EZ-Pass discovers risk of sending URLs instead of actual text (R 21 09) <br /> <br />Sf Buffer overflow in Outlook Express allows execution of arbitrary code (R 21 13) <br /> <br />Sf McAfee VirusScan update (4.0.4102) crashes Windows 95, 08, NT (R 21 13) <br /> <br />S+/-? Bugtraq discussion: Security advisories are becoming less open (R 21 16) <br /> <br />SP Dutch Railways to introduce electronic access/ID card (R 21 19) <br /> <br />Sf Microsoft advisory format buggy (bugtraq item, Richard M. Smith, R 21 16) <br /> <br />S Risks of automatic firmware upgrades in Dolby digital sound processors (R 21 17) <br /> <br />and DVD (R 21 18) <br /> <br />Sf More on ActiveX security limitations (R 21 30) <br /> <br />Sf SiteGuest.com sends unauthorized e-mail during browsing (R 21 24,25) <br /> <br />S(H?) Der Spiegel reports German armed forces banning MS software, citing NSA <br /> <br />snooping (R 21 29); correction: Bundeswehr using hardware encryption – see <br /> <br />original German text (R 21 31) <br /> <br />h, then SH Millions of people were prevented from visiting dozens of Microsoft Web <br /> <br />sites on 24 Jan 2001 (R 21 21), result of human error; flooding attack the next day <br /> <br />jammed network, with four DNS all linked to a single network (R 21 22) <br /> <br />f Microsoft’s UltimateTV set-top box hard-drive storage space shrinks, reducing <br /> <br />record-time max (R 21 35) <br /> <br />H Over 5 months, HotMail blocked e-mail to peacefire.org, with delayed fake error <br /> <br />message blaming peacefire outage (R 21 22) <br /> <br />HHS Sabotaged phone lines and stolen credit cards allowed thieves to safely rob a <br /> <br />Sydney shopping centre (R 21 35) <br /> <br />SHO Hackers hit U.S., U.K., Australian government sites (R 21 23) <br /> <br />25 <br /> <br />SHO Hacker attacks from China peaked in May 2001 (R 21 37) <br /> <br />SH Creator of Anna Kournikova virus claims intent to warn sites to tighten their <br /> <br />Internet security (R 21 24); the virus blamed for fax machine blowing up! (R 21 <br /> <br />24); damages assessed at $166,827; J. de W sentenced to 150 hours of community <br /> <br />service (R 21 67-68) <br /> <br />Sf Palm Pilot security; passwords not adequate (R 21 22,26,27) <br /> <br />Se DirectTV remote updates enable remote disabling of old satellite TV receiver <br /> <br />smart cards; newer hacks already emerging (R 21 22-24) <br /> <br />Se ReplayTV auto-updated itself, disabling a valuable feature (R 21 32) <br /> <br />S Dutch police send text bombs to stolen cellphones (R 21 32,34) <br /> <br />SP Risks of outsourcing in banking (R 21 24) <br /> <br />$ Technology exodus: 10% of U.S. computer service/software jobs moving overseas <br /> <br />by 2004 (R 22 83) <br /> <br />Sf Czechs discover flaw in OpenPGP to reveal private keys in digital signatures (R 21 <br /> <br />28-29) <br /> <br />SHAO Penetrator gets OS/COMET source code used in NAVSTAR GPS guidance (R <br /> <br />21 26), but code not classified as first reported (R 21 27) <br /> <br />SHAO Former U.Wisconsin student Jerome Heckenkamp indicted in Jan 2001 for <br /> <br />1999 network vandalism at eBay, Exodus, Juniper, eTrade, Lycos, and Cygnus, and <br /> <br />more than $900,000 in damage (R 21 22) <br /> <br />SHAO NASA Web site hacked, replaced with conspiracy-theory moon-landing hoax <br /> <br />hoax (R 21 27) <br /> <br />SH Copper thieves knock out SETI@Home fiber-optic cable and Web site for 24 <br /> <br />hours cut (R 21 26-27) <br /> <br />$hm Chinese cybersurfers caught by fishermen’s anchor nets, snagging cables (R 21 <br /> <br />30) <br /> <br />+ Bank robber nabbed by escape-taxi’s GPS (R 21 22) <br /> <br />SH Teenager convicted of defacing Web sites sentenced to programming jail <br /> <br />computers (R 21 29) <br /> <br />SH Computer cords used in escape from police custody (R 21 33) <br /> <br />Sf Nokia 8260 cell phone trivially easy to unlock (R 21 29) <br /> <br />$SPi Seattle police using Palm VIIs to give traffic tickets (R 21 35) <br /> <br />SP IBM and Carrier will offer Web-controllable air conditioners (R 21 35) <br /> <br />Sf Risks in e-gaps: they are not air gaps between networks (R 21 26-27,29) <br /> <br />S- DoE warning about "Naked Wife" virus blocked by politically correct mailer (R 21 <br /> <br />29) <br /> <br />H FBI director’s home security system false alarms due to his young sons (R 21 28) <br /> <br />SH California power grid hacked over 17-day period (S 26 6:12, R 21 46) <br /> <br />S ebates.com installs Java program on user’s computer (R 21 49) <br /> <br />S$? Blaming the victim: vandalized sites could be liable for damages (R 21 64) <br /> <br />SH Danish police break "Safeguard" encryption program in tax case? (R 21 58); no, <br /> <br />they hacked the system and guessed some passwords (R 21 59) <br /> <br />$SAOf Serious flaw in Wireless Encryption Protocol (WEP) link-layer security used <br /> <br />in IEEE 802.11 wireless LANs; attack described by Fluhrer, Mantin, and Shamir (R <br /> <br />21 55); attack implementation described by Stubblefield, Ioannidis, and Rubin (R <br /> <br />21 57); AirSnort, WEPCrack, and other 802.11b-defeating sniffers (R 21 62); Bill <br /> <br />Arbaugh and Arunesh Mishra present "session hijacking" and "man-in-the-middle" <br /> <br />scenarios for cracking Wi-Fi security (S 27 3:11-12, R 21 92) <br /> <br />Sf The New York Times article on 19 Aug 2001 on Avi Rubin discovering that <br /> <br />Morristown NJ hospital wireless network is unprotected (R 21 62) <br /> <br />S War-chalking wireless networks for Internet access (S 27 6:13-14, R 22 18,23) <br /> <br />SHA Insecure wireless access points mushrooming (R 22 65; S 28 4:8) <br /> <br />SAOh ISP employee Brian West who notified Oklahoma’s Poteau Daily News that <br /> <br />their Web site security had no authentication was threatened with felony <br /> <br />conviction; discussion of law that specifies "exceeding authority" when there is no <br /> <br />authentication (R 21 62); however, in court West plead guilty to copying <br /> <br />proprietary PERL scripts and obtaining passwords (R 21 67) <br /> <br />Sf Flaw in SSL encryption on Experimental Aircraft Association Web site (R 21 <br /> <br />53,54,56) <br /> <br />Sf Kaiser Permanente self-service Web site SSL vitiated by return e-mail! (R 21 62) <br /> <br />*SH Firefighter’s phone lines disrupted because of a report of free SMS calls (but <br /> <br />originally thought to be a hoax) (R 21 55,59) <br /> <br />Sfe U.S. Air Force authors blast Outlook security patch (R 21 39) <br /> <br />Sfi Renewal of BT Trustwise digital certificate impeded by secure passphrase with <br /> <br />non-alphameric characters (R 21 54) <br /> <br />Sf Security risks in Passport Single Sign-on: Kormann and Rubin (R 21 58) <br /> <br />SHf Stealing MS Passport’s Wallet, credit-card numbers, etc. with browser and <br /> <br />Passport flaws (S 27 1:12, R 21 74) <br /> <br />SHAO($?) Microsoft admits Passport was vulnerable (R 22 72; S 28 4:8) <br /> <br />SHf SirCam virus spreads widely, including inside FBI (R 21 55); U.S. Air Force <br /> <br />officer mailing confidential information to 4400 cadets (R 21 62); sounds like just <br /> <br />another SirCam example (R 21 63); more like MS Outlook and wrong distribution <br /> <br />list (R 21 65) <br /> <br />SHf Code Red worm (R 21 54); cyanide for Code Red: passive worm infecting the <br /> <br />attacker (R 21 57); Warhol Worm variant discussed (R 21 59) several systems <br /> <br />hosting the MSN Hotmail service infected by Code Red worm variants (R 21 <br /> <br />58,62); avoid programming languages that don’t check buffer lengths (R 21 62,64); <br /> <br />yet another MS Hotmail risk (R 21 62) <br /> <br />Sf Hotmail hackable with one line of code (R 21 63) <br /> <br />Sf Norton Anti-Virus 2001 interprets backup script as a virus (R 21 57) <br /> <br />SHP Software is called capable of copying any human voice (R 21 55) <br /> <br />SHA Forged county-clerk stamp and chief-judge signature used in attempt to gain <br /> <br />release of triple murderer (R 21 44) <br /> <br />SHAf European Commission "safer Internet" site invaded by hackers (R 21 48) <br /> <br />SHO Intruder crashes United Arab Emirates’ only ISP (R 21 50) <br /> <br />SHA Determining the age of Internet users, especially minors, the age of virtual porn <br /> <br />characters, and differences between real and virtual (R 21 45,47,49) <br /> <br />SHA 16-year-old boy concocted radio calls, adapted police alias, misled police and <br /> <br />helicopter pilots, for over a month – despite "security codes" (R 21 39,41) <br /> <br />H+/-? U. Virginia prof uses computer text comparison to identify cheaters (R 21 39) <br /> <br />S? Publisher of $3,000 industrial reports uses ROT13 for protection! (R 21 58); of <br /> <br />course, utterly trivial to break (R 21 39); when U.S. Army outlawed encryption <br /> <br />software on SIMTEL20, ROT13 was removed! (R 21 59) <br /> <br />$ Appeals court overturns ruling blocking publication of "The Wind Done Gone", an <br /> <br />obvious parody of "Gone With the Wind" written from the point of view of black <br /> <br />slaves; parodies tend to be exempt from copyright violations! (Good news for <br /> <br />RISKS contributors of April Fools’ spoofs!) (R 21 42) <br /> <br />h Apple Titanium Powerbook xray-nondeterminism ’bomb’ scare shuts Burbank <br /> <br />airport (R 21 41) <br /> <br />Sf Denial of service possibility in FAA airport traffic Web site e-mail notification <br /> <br />software (R 21 42) <br /> <br />SHAO Gas-shutoff requests require minimal authentication and no verification (R 21 <br /> <br />54) <br /> <br />S? Weatherbug software security questioned in evaluation (R 21 42,44) <br /> <br />Sf McDonald’s testing cashless payments using speed-pass to make fast food faster; <br /> <br />lots of risks discussed (R 21 43,46,49,58) <br /> <br />Shi Sloppy use observed in PCs used as cash registers (R 21 49) <br /> <br />Sf Flaws in swimming-pool changing cubicle motion-detector security (R 21 44) <br /> <br />Sh? Implications of a Gullibility Virus: delete all your files, on the honor-system (too <br /> <br />late for April Fool prank R 21 45) <br /> <br />S DoD declares unclassified hard drives no longer need be destroyed (R 21 47) <br /> <br />Sf EarthBrowser developer reports e-mail scam with Russian URL mimicking <br /> <br />legitimate business Web pages, capturing credit-card info, etc. (R 21 47) <br /> <br />SH New technology for sneaky advertising: fastclick.com masks source (R 21 47,48) <br /> <br />SMf Car-door lock remote control activates another car’s alarm (R 21 56) <br /> <br />Sfh Many Federal computers fail hacker test (S 27 1:11, R 21 76) <br /> <br />SHAIf Security hole in cash machines (S 27 1:12, R 21 74) <br /> <br />SP Virgin Mobile security/privacy risk on archived mobile-phone usage records (S 27 <br /> <br />1:12, R 21 74) <br /> <br />S Risk of monocultures and exponential false anti-virus positives (S 27 1:13, R 21 73) <br /> <br />*f British BSE crisis; misplaced trust in third-party analysis: wrong samples (S 27 <br /> <br />1:13, R 21 71) <br /> <br />$ Sony uses DMCA against Aibo Enthusiast’s site (S 27 1:13, R 21 73) <br /> <br />$SH Feds make record counterfeit software seizure (S 27 1:14, R 21 75) <br /> <br />Sf GForce Pakistan crackers deface U.S. Defense Test and Evaluation dtepi.mil, after <br /> <br />which rival Pakistani vigilanties retaliated (R 21 71) <br /> <br />SH Jilted Michigan boyfriend convicted of hacking into ex-girlfriend’s Internet bank <br /> <br />account (R 21 73) <br /> <br />SH Oklahoma man who reported access vulnerability to the Poteau Oklahoma News <br /> <br />(R 21 62) guilty of copying proprietary files and stealing passwords (R 21 67) <br /> <br />Sf Yahoo! news stories can be altered without authorization (R 21 67-68) <br /> <br />Sf Hotmail Web site hackable by javascript exploits (R 21 67) <br /> <br />Shfi Norton Personal Firewall security problems (R 21 65) <br /> <br />Shf Consumer Reports password policy risks (R 21 65) <br /> <br />SHh Hackers could face life imprisonment under "USA PATRIOT" anti-terrorism act <br /> <br />(R 21 67); U.S. House approves life sentences for crackers (S 27 6:14, R 22 16) <br /> <br />Sf Nasty Redesi virus (Dark Machine, Ucon) (R 21 71) <br /> <br />*Sf Nimda worm patching problems in IIS (R 21 67); public hospitals in Gothenburg <br /> <br />Sweden crippled by nimda (R 21 67) <br /> <br />S Swedish national radio bans SETI software from office computers, fearing Trojan <br /> <br />horses (R 21 74,77) <br /> <br />Sf New class of wireless attacks against the Address Resolution Protocol gains <br /> <br />unauthorized access to WEP-protected systems (R 21 69) <br /> <br />$SH Playboy says hacker stole customer credit-card and other info (R 21 78) <br /> <br />SAOf Insecure on-line promotion from American Express (R 21 73) <br /> <br />S Black Hat Conference demo of how to disable a mobile phone by SMS (R 21 80) <br /> <br />26 <br /> <br />SP Ziff-Davis Media exposes credit-card info for 12,500 subscribers (R 21 77) <br /> <br />SP Google freely giving out your phone number and home address (R 21 75,77) <br /> <br />SHP($?) Financial records stolen from New Zealand Funds Management in Auckland <br /> <br />(R 21 80) <br /> <br />SH 800 "directory assistance" slamming redirects calls to third-party wholesaler <br /> <br />unbeknownst to correct recipient (R 21 76-78) <br /> <br />SP Ernst & Young reportedly terminated kids’ learning game site moneyopolis.org, <br /> <br />which became porn site (R 21 73); story is either bogus or else E&Y has reacquired <br /> <br />the domain (R 21 74); related cases, one involving acquisition of 2000 expired <br /> <br />domains (R 21 75) <br /> <br />SPf Continuing SirCam activity leaks UCLA radiation safety document with dummy <br /> <br />fields for names, SSNs, DoBs of personnel, but illustrative of the risks (R 21 69) <br /> <br />SP U.S. court shuts down deceptive Web sites with spelling variants, etc. (R 21 67) <br /> <br />SP Australians voice anger over online spying (R 21 67) <br /> <br />Si Risks of deceptive characters in URLs: Gabrilovich/Gontmakher, (S 27 2:13, R 21 <br /> <br />89, Inside Risks column http://www.csl.sri.com/neumann/insiderisks.html#140) <br /> <br />SH Risks of bouncing e-mail forgery (S 27 2:13, R 21 89) <br /> <br />SHf AOL Instant Messenger Buddy-Hole fix has backdoor (S 27 2:13-14, R 21 87) <br /> <br />$SH Credit-card cloners’ $1B scam (S 27 2:14, R 21 86) <br /> <br />$Sf Risks of mag-stripes on retail gift cards (S 27 2:14, R 21 86) <br /> <br />SH Latest Windows versions vulnerable to unusually serious attacks involving <br /> <br />plug-and-play (R 27 2:15, R 21 83) <br /> <br />Sfi HTTPS secure in, insecure out (S 27 2:15-16, R 21 83) <br /> <br />S Lotus Notes silently losing data (S 27 2:16-17, R 21 88) <br /> <br />Sf Facial recognition technology doesn’t work (S 27 2:17, R 21 87) <br /> <br />SPi Answering machine provides door entry code (S 27 2:18, R 21 88) <br /> <br />Sf Risks of Georgia Tech anti-cheating software (S 27 2:18, R 21 88) <br /> <br />Sfi SAS Institute software to detect e-mail untruths (S 27 2:18-19, R 21 88-89) <br /> <br />SH Swedish police reportedly doctor video evidence, admit it (R 21 81-82) <br /> <br />Sf Lawrence Livermore National Laboratory bans all wireless networks. Proponents <br /> <br />say technology is secure. Experts say 90% of all Wi-Fi nets improperly installed, <br /> <br />not secure (R 21 89) <br /> <br />Sf Wireless carriers offer products that tunnel insecurely through firewalls (R 21 89) <br /> <br />Sf Fingerprint scanner interfaces with built-in wireless LAN network card, defeating <br /> <br />intended security (R 21 83) <br /> <br />SHI$ Former Cisco accountants sentenced to 34 months and restitution of $8M for <br /> <br />unauthorized computer access, fraud (R 21 82) <br /> <br />*SHh Risks of remotely triggerable exploding chips in cell phone to foil thieves (R 21 <br /> <br />87) <br /> <br />SAOf Security hole at WorldCom left internal computer networks accessible at AOL <br /> <br />Time-Warner, BoA, CitiCorp, NewsCorp, JPMorgan, McDonald’s, Sun <br /> <br />Microsystems (R 21 81) <br /> <br />Sf Windows update server glitch blocks downloading of security patches (R 21 87) <br /> <br />Sf Risks of Internet Reconfigurable Logic: FPGAs upgradable from anywhere based <br /> <br />on IP address (R 21 87) <br /> <br />Sf SMS phone crash disabling messages a risk in older Nokias (R 21 82) <br /> <br />ShV Swisscom sends SMS test messages that delete roaming information on SIM <br /> <br />cards (R 21 89) <br /> <br />Sm Anthrax postal mail irradiation can affect electronic devices (R 21 88) <br /> <br />Sf A VeriSign Secure customer site isn’t using https/SSL properly, resulting in failure <br /> <br />of end-to-end security (R 21 84) <br /> <br />Sf VeriSign’s NetSOL vs. PGP: Risks of a crypto company owning a registrar? (R 21 <br /> <br />82); similar problem discussed (R 21 86,88) <br /> <br />f Bogus dates for McAfee virus alerts: sloppy programming (R 21 85,88) <br /> <br />S$ "Don’t Touch That Dial–Or You’re Under Arrest!" Some entertainment industry <br /> <br />folks insist that if you skip TV commercials, you are a thief. See a <br /> <br />www.factsquad.org/radio piece by Lauren Weinstein (R 22 05), and article in the <br /> <br />San Jose Mercury <br />by Dan Gillmor (R 22 05) <br /> <br />S(-?) Lifetime jail sentences proposed for reckless hacking (R 21 94) <br /> <br />SM Lightning storm caused power outage and failure of jail’s cell locks, defaulting to <br /> <br />open (R 22 02-03) <br /> <br />SA Iceland places trust in face-scanning for airport screening (R 21 89) <br /> <br />Sf Face recognition kit fails in Fla airport experimental use: success rate less than <br /> <br />50%, false-positive extrapolations about 50 per day per checkpoint (R 22 10); <br /> <br />Tampa police disband face recognition (R 22 87) <br /> <br />Sf Unsecure wireless used for remote-controlled New Zealand water supplies (R 22 <br /> <br />04) <br /> <br />SH CIA warns of Chinese plans for cyber-attacks on U.S. (R 22 05); preparedness (R <br /> <br />22 06) <br /> <br />Sf Security risks of programs that automatically update: <br /> <br />http://schram.net/articles/updaterisk.html (Scott Schram, R 21 92) <br /> <br />SHAO Fingerprint authentication: study shows all of the tested machines could be <br /> <br />spoofed, 80% or more of the time (R 22 08-09) <br /> <br />SHIe Remote mobile phone configuration changes made via Swisscom SMS service <br /> <br />(R 21 89) <br /> <br />fi ezmlm used for moderated e-mail lists responds erroneously, interfering with <br /> <br />certain virus scanners and vacation programs (S 27 3:13-14, R 22 06) <br /> <br />Sf Windows XP disables own firewall (R 21 98) <br /> <br />Si Windows XP speech recognition feature: random words inserted in text, picking up <br /> <br />ambient sounds (even if the mike is supposedly off) (R 21 95) <br /> <br />hi Deleting rows in Excel scrambles the rows (R 21 88,90); another Excel "feature" <br /> <br />changes your input: A grades changed to A- after A- entered previously, with <br /> <br />prompted completion (R 21 94-95) and Word miscorrecting [College of the] <br /> <br />Cariboo to Caribou and replacing asterisks (R 21 95) <br /> <br />Sf BlackICE Defender and BlackICE Agent buffer overflows (R 21 91) <br /> <br />Sf Security flaw in Sony Vaio computers (R 21 91) <br /> <br />SHf Sony’s "Copy-proof" CDs cracked with $0.99 marker pen; will marker pens be <br /> <br />outlawed? (R 22 08) <br /> <br />Si Apple: break your new PC with a nonstandard copy-protected CD, it’s not Apple’s <br /> <br />fault (R 22 07-10) <br /> <br />SPf Privacy risk in Netscape 6: Google use tracked by Netscape (R 21 93) <br /> <br />SPf IE 6 Privacy features open users to attack (R 22 05) <br /> <br />SPf$ VeriSign doesn’t encrypt credit-card info (R 22 07) <br /> <br />Sf Domain hijacking easy for AUDA/AUNIC Internet registration services (R 21 94) <br /> <br />Sf US Navy suffers domain hijacking: NavyDallas.com taken over by porn site, <br /> <br />NavyBoston.com by eBay auction site (R 22 10,13,15); Louisiana Attorney <br /> <br />General site reused (R 22 15) <br /> <br />SVhi Citibank Visa woes resulting from system outage (R 22 04) <br /> <br />Sfi 714 newsletter items on Windows 2000 bugs, clarifications, etc., since release of <br /> <br />Service Pack 2 (R 22 01) <br /> <br />SHi Risks of spoofing, bouncing e-mail in Strasbourg, supposedly from the mayor (R <br /> <br />21 89) <br /> <br />Shf Secret American Telstar 11 live spy photos broadcast unencrypted over satellite <br /> <br />TV and Internet for over 6 months! (R 22 13) <br /> <br />ShAi Sun’s misguided instructions on installing StarOffice 5.2 (R 22 11) <br /> <br />Si Apple computers trigger anti-shoplifting alarms? (R 22 11,13) <br /> <br />Sh Norwegian history database password lost, then retrieved in contest (R 22 13) <br /> <br />Sf FreeBSD Scalper worm (R 22 15) <br /> <br />Sf New virus Perrun can infect picture files (R 22 13) <br /> <br />$S Royalty fees may be the death of Internet radio (NewsScan, R 22 17) <br /> <br />$SP Windows Media Player security update EULA gives MS permission to keep you <br /> <br />from using "other software" on your computer (R 22 14-16) <br /> <br />Sf Security flaw in Excel XP spreadsheets enables arbitrary code execution (R 22 12) <br /> <br />Sf IIS e-mail flaw transforms server into open relay (R 22 16) <br /> <br />Sf Security problem: Apple OSX and iDisk and Mail.app (Bugtraq, R 22 18,20) <br /> <br />Sf SSH Protocol weakness advisory (R 22 17) <br /> <br />Sf More on 802.11 wireless networks and security (R 22 17) <br /> <br />S+ Hackers/crackers seem to provide the most useful information! (R 22 17) <br /> <br />S Calculators OK in exams, not handheld computers (R 22 13) <br /> <br />SHV Hacker attack targets 9 of the 13 Internet root servers (R 22 32) <br /> <br />Sf San Jose access point for Southern Cross Cable Network co-located with MAE <br /> <br />West, representing something like 70% of the Internet traffic from the Western <br /> <br />U.S., 40% of the world Internet traffic. Worldcom (albeit owning only 10% of <br /> <br />SCCN) is still a corporate weak-link for the Internet. (R 22 20-21) <br /> <br />$Sf ATM operational flaw relating to transaction noncompletion (R 22 44) <br /> <br />SHAI$ Former Drug Enforcement Agency employee sentenced to 27 months for <br /> <br />selling protected data (R 22 44) <br /> <br />SHAI Former UBS PaineWebber programmer faces U.S. fraud charge in virus attack <br /> <br />(R 22 44,46) <br /> <br />SH L.A. woman gets 9-year prison term and $11 million restitution penalty in <br /> <br />counterfeit software ring (R 22 41) <br /> <br />S Deceptive password complexity in building key codes (R 22 31-32) <br /> <br />h VeriSign error mistakenly transfers immigrationdesk.com to site in India, with <br /> <br />sensitive e-mail vanishing (R 22 21) <br /> <br />$SA Australian automated toll collection charges auto owners for bikes with the same <br /> <br />license plate ID but different color, irrespective of ownership (R 22 39) <br /> <br />$f Web browser incompatibilities cost business (R 22 45) <br /> <br />Sf Risks of automated law-enforcement responses, equivalent to vigilante actions (R <br /> <br />22 47); <br /> <br />SHf GTech finds winning lottery tickets can be identified before purchase, <br /> <br />unscratched, from bar codes (R 22 36) <br /> <br />SP Credit agencies provide information on your relations under UK Data Protection <br /> <br />Act (R 22 46) <br /> <br />Sd Understanding the Windows 2000 Common Criteria EAL4 evaluation, Jonathan S. <br /> <br />Shapiro (R 22 41) and Rick Smith (R 22 42); must-reading for serious developers <br /> <br />Sh MS court ruling leaked early through security blunder – posted on open server (R <br /> <br />27 <br /> <br />22 34) <br /> <br />Sf Software leaves encryption keys and passwords lying around in memory; <br /> <br />optimizer removes memset() (R 22 35) <br /> <br />SPf Internet home banking unsafe (R 22 37) <br /> <br />Sfe Patch slip-up raises security questions: Robert Lemos article (R 22 40-41) <br /> <br />S Retrospective ACSAC Karger/Schell paper on Multics Security Evaluation (R 22 <br /> <br />25-26) <br /> <br />S Throttling Viruses: Restricting propagation to defeat malicious mobile code, by <br /> <br />Matthew Williamson, HP Labs at ACSAC 2002 (R 22 42-43) <br /> <br />$SHA Crackers steal University of Oslo password file with 52,000 users (R 22 39); <br /> <br />MS SQL security patches not installed (R 22 44) <br /> <br />SHP Sensitive backup tapes stolen from Japanese national system of citizens’ private <br /> <br />information (R 22 45) <br /> <br />SHP? FBI bugging Hartford Public Library? (R 22 35) or not? (R 22 38) <br /> <br />SHP How mobile phones let spies see our every move; U.K. Celdar project (R 22 31) <br /> <br />$SHA NSF Fastlane proposal submission system: privacy problem for <br /> <br />co-investigators (R 22 39) and PIN exposure problem (R 22 41) <br /> <br />$ShA Internet eBay auction scam (R 22 41); also, eBay sends plaintext password <br /> <br />changes (R 22 40-41) <br /> <br />SHAO$ Canal Plus accuses NDS Group of breaking its smart-card secret key, giving <br /> <br />it to counterfeiters; Cadence Design suit against Avant Corp for stealing programs <br /> <br />results in verdicts against seven with ties to Avant; in 1999, Internet bookseller <br /> <br />Alibris paid $250,000 to resolve federal charges that it had unlawfully intercepted <br /> <br />thousands of e-mail messages to its customers from Amazon.com. (R 22 22) <br /> <br />$SHAI Turin credit-card duplicating machine (R 22 19) <br /> <br />Sf Are you bothered by telemarketing? It’s a $270 billion industry (R 22 35) <br /> <br />Sf Spoofability of Calling-Number-ID (R 22 46-48) <br /> <br />f More e-mail content filtering: the word "fugue" causes censorship for music group <br /> <br />(R 22 20); "klezmer" blocked by "klez" scan (R 22 20) <br /> <br />SPf A little bit of anti-porn filtering can go a long way; more may not be appropriate <br /> <br />(R 22 42) <br /> <br />- Ironic filtering example from rec.humor: "Congress shall make no law abridging the <br /> <br />freedom of sxxxch, or the right of the people peaceably to xxxemble, and to <br /> <br />pexxxion the government for a redress of grievances." (R 22 42) <br /> <br />S? Greek Law Number 3037 bans electronic games (R 22 23); later found <br /> <br />unconstitutional? (R 22 24); Greek consulate clarifies that ban extends only to <br /> <br />games that can be used for gambling purposes (R 22 26) <br /> <br />SHVif Risks of Georgetown Law Center exam software supposedly limiting laptop <br /> <br />functionality (R 22 34) <br /> <br />S,P,f,etc. Prediction: e-mail will become double-trouble in 3 years (R 22 29) <br /> <br />SPHh$* etc. Concerns over Total Information Awareness (TIA) widely discussed in <br /> <br />the media during November-December 2002. See various RISKS items (R 22 <br /> <br />44-47); Total Information Awareness renamed to Terrorist Information Awareness; <br /> <br />privacy advocates doubt Pentagon promises on spying (R 22 74, S 28 6:13) <br /> <br />SPH Don Norman essay on the risks of risks, including social engineering, citing <br /> <br />Mitnick and Simon, The Art of Deception: Controlling the Human Element of <br /> <br />Security, Wiley, 2002; book also reviewed by Rob Slade (R 22 43); follow-up from <br /> <br />Norman (R 22 44) and Fred Cohen (R 22 45) <br /> <br />SP "Scopeware" as universal structure 3D stream of e-document. David Gelernter <br /> <br />quote: "Operating systems are lapsing into senile irrelevance." (Risks not noted.) <br /> <br />(R 22 36) <br /> <br />SP Castro Valley nurses refuse to wear locator devices (R 22 24) <br /> <br />SPHh$* etc. Automation increases anxiety – with cause; abuse, blacklists, blackmail, <br /> <br />privacy; in Japan, a proposed family-registry database, a national ID, and various <br /> <br />misuses (R 22 21); Japanese phones vulnerable to hackers (R 22 22) <br /> <br />P U.S. transport worker ID, privacy rights, funding at issue (R 22 22) <br /> <br />SP(+/-) U.S. Senate closes its proxy server’s accidental anonymizer capability (R 22 <br /> <br />43) <br /> <br />$?SP? U.S. Navy searches for at least 595 missing computers, then only 187 after <br /> <br />further checking; two top-secret laptops disappeared (R 22 32) <br /> <br />SPfh French Kitetoa group discovered U.S. Navy Web sites leaking information via <br /> <br />Lotus Domino, e.g., trouble tickets since 1989 (R 22 37) <br /> <br />Sf? Opportunities for Trojan horses in StealthChannel music? (R 22 28) <br /> <br />SHP RIAA orders U.S. Navy to purge computers of illegally downloaded MP3s (R 22 <br /> <br />40) <br /> <br />SPh Defense Information System Agency leaves shopping list and requisition info <br /> <br />online (R 22 28) <br /> <br />SPh Website personal-data security flaw costs Ziff-Davis Media $500 per subscriber <br /> <br />(R 22 22) <br /> <br />SPf Wireless keyboard radiates 150 meters away (R 22 38) <br /> <br />SP Quote from a book review: Writing a book on wireless security is like writing a <br /> <br />book on safe skydiving – if you want the safety and security, just don’t do it. (R 22 <br /> <br />23) <br /> <br />P Car goes airborne for 110 feet; airbag spills the beans: driver going at 124 mph in <br /> <br />40-mph zone (R 22 21); such information suspect? (R 22 22) <br /> <br />P Pacific Bell (now SBC) will share info, with almost invisible opt-out notice; SBC <br /> <br />Yahoo will request personal info to "customize" your account (R 22 43) <br /> <br />SHAO/SP$ UK Government under digital attack: security breaches revealed (R 22 <br /> <br />41); UK police offer anonymity to cybercrime victims (R 22 42) <br /> <br />+/-? Quantum cryptography for secure global communications over increasing <br /> <br />distances; interceptions self-evident (R 22 28) But what about denials of service? <br /> <br />SH Weak encryption or poor design leads to killing of wolves fitted with <br /> <br />transponders; hunters might say "tri-angu-later, alligator?" (R 22 29-31) <br /> <br />+/- Court welcomes e-mailed excuses/explanations for traffic tickets (R 22 28) <br /> <br />*SA Automakers block crash data-recorder standards (R 22 47) <br /> <br />Sfm Dishplayer and digital phone don’t play well together (R 22 30) <br /> <br />VHh Microsoft rashly gets entire site shuts down for alleged copyright infringement, <br /> <br />based on reader feedback (R 22 62, S 28 3:8) <br /> <br />SHVf Windows root kits a stealthy threat (R 22 62, S 28 3:8) <br /> <br />eSV MS says Upgrade! HP says Don’t Upgrade! (R 22 54, S 28 3:6) HP advises <br /> <br />customers to "check back frequently", but the notice has been up for 4 months.] <br /> <br />$SHA Attempt to buy BMW over the Net results in $55,000 scam (R 22 58) <br /> <br />Sf+ Sendmail flaw tests new Dept. of Homeland Security (R 22 62) <br /> <br />SH Feds pull suspicious AONN.gov cyberwarfare site (R 22 54) <br /> <br />SH$ Feds charge 17 with stealing satellite TV signals, 6 of them for violating DMCA <br /> <br />(R 22 55) <br /> <br />SPH Indiana University Center’s computers breached by hacker; identities of 7,000 <br /> <br />patients potentially compromised (R 22 61) <br /> <br />SPAOfi Risks of using Tax IDs for other things: Internet banking exposes Princeton <br /> <br />University’s accounts (R 22 61) <br /> <br />$SHI Australian security firm forced to close after insider sabotage (R 22 62) <br /> <br />$SHI Danish credit-card fraud: mailman intercepts postal mail (R 22 61) <br /> <br />$SH Credit company’s 15,000-customer list leaked to an underground gang, which <br /> <br />demanded 200 million YEN in blackmail (R 22 61) <br /> <br />$SH 16M Yen stolen from sniffed bank passwords at Japanese Internet Cafe (R 22 61) <br /> <br />$S Lexmark DMCA lawsuit temporary restraining order against rejuvenated toner <br /> <br />cartridges (R 22 50); Lexmark wins injunction (R 22 60) <br /> <br />$S DMCA case: garage door opener company Chamberlain Group levels claim <br /> <br />against Skylink, maker of universal remotes (R 22 50) <br /> <br />Sf Citibank seeks gag order on disclosure of ATM vulnerabilities (Ross Anderson, R <br /> <br />22 58) <br /> <br />Sf FirstUSA/BankOne sends login ID and PW as clear text (R 22 62) <br /> <br />$SH UK cash machine error goes unchecked, gives unlimited money; error reported, <br /> <br />but left unfixed, then exploited (R 22 50) <br /> <br />SH Computer sabotage against Venezuela oil? (R 22 49) <br /> <br />SHAO Boston College student reprograms his ID card, getting other students billed <br /> <br />for his books, meals etc. (R 22 55) <br /> <br />SH Up for drunk driving, man hacks court computer (R 22 51) <br /> <br />SH Welsh computer virus writer gets two years in prison (R 22 52) <br /> <br />SH 12 University of Maryland students accused of high-tech cheating (R 22 53) <br /> <br />Sfhi DoD inadvertently offers admin privileges on .mil Web sites (R 22 51) <br /> <br />SI Matt Blaze’s discussion on long-hidden lore of master keys for mechanical locks <br /> <br />(R 22 51) with subsequent comments – including he’s a hero (R 22 52) <br /> <br />Sf A. Guadamuz: Trouble with Prime Numbers: DeCSS, DVD, and the Protection of <br /> <br />Proprietary Encryption Tools (R 22 51,52,54) <br /> <br />Sf TurboTax ’activation’ restricts subsequent use (R 22 51); online registration works <br /> <br />on Windows only if security parameters reduced to lowest (unsecure) setting (R 22 <br /> <br />55) <br /> <br />*+/-? Bugsplat: military collateral damage simulator (R 22 59) <br /> <br />SH- Lawyers say convicted hackers are getting comparably harsher sentences (R 22 <br /> <br />58) <br /> <br />$SHP Crooks harvest customer details and perpetrate fraud from Birmingham <br /> <br />England Internet bank kiosk (R 22 52) <br /> <br />S(f?h?H?) Smut interrupts ’Army Newswatch’ program on Webster NY cable <br /> <br />channel (R 22 49) <br /> <br />SHAO Text message can disable Siemens mobile phones (R 22 65; S 28 4:9) <br /> <br />SH-SH Automated denial-of-service attack using the U.S. Post Office (R 22 69; S 28 <br /> <br />4:10) <br /> <br />S? 2003 Stupid Security Awards include some doozers! (R 22 68) <br /> <br />$Si Risks of bank deposit-only ATM displaying MS NTDetect 4.00 prompt and boot <br /> <br />with live keys with interface wider than intended (R 22 69-70) <br /> <br />Shi Draft legislation on using crypto in commission of a crime: extra five years in <br /> <br />prison (R 22 67); but, if encryption is treated like arms, does that violate the Second <br /> <br />Amendment? (old argument, repeated in R 22 67) <br /> <br />SHAO Cracking of small Nevada hospital system hack traced to Russia (R 22 69) <br /> <br />SHO Bogus Internet domain-name renewal offers spoof NSI (R 22 71) <br /> <br />28 <br /> <br />SH NASCAR fan faces prison time for flooding Fox with angry e-mails (R 22 70) <br /> <br />SH Website hoax on killer SARS virus triggers Hong Kong panic (R 22 67) <br /> <br />Sh CNN reveals pre-prepared obits for living people (R 22 70) <br /> <br />Sf Software patching gets automated (William Jackson) (R 22 84-85, S 28 6:11-12) <br /> <br />$SH Ukrainian crime ‘kingpin’ cracker arrested in Thailand; counterfeited MS, <br /> <br />Adobe software; fraudulent schemes worth $1 billion (R 22 74) <br /> <br />$SH Man fined $180 million for piracy conspiracy stealing satellite TV signals (R 22 <br /> <br />79) <br /> <br />$SH Ex-student fined more than $500,000 for stock fraud on Net (R 22 74) <br /> <br />SHf The Great Capacitor Scare of 2003; Chinese corporate stole incomplete <br /> <br />electrolyte formula, resulting in his new employer’s capacitors failing after 250 <br /> <br />hours instead of 4000 (R 22 73) <br /> <br />$SH BestBuy.com e-mail swindle uses bogus fraud alert about a swindle (R 22 78) <br /> <br />$SH ATM electronic spying and camera scam nets $623,000 Australian (R 22 85) <br /> <br />SHAO Free Software Foundation GNU/Linux source site hacked (R 22 86) <br /> <br />SAOf California state Web site accepts completely unverified updates of statement by <br /> <br />domestic stock corporation; also tends to crash browsers (R 22 88) <br /> <br />SAf Denver school student information system on the Internet; protection questioned <br /> <br />(R 22 85) <br /> <br />SAf Biloxi schools have cameras in classrooms, pictures on Internet (R 22 85) <br /> <br />SHA Safe-cracking via telephone (R 22 74) <br /> <br />Shf Pilots hear baby’s cries instead of air-traffic controllers’ guidance; baby monitor <br /> <br />set on wrong frequency (R 22 73) <br /> <br />SHAO More on deceptive URLs (R 22 85,86) <br /> <br />SHAOf Walk-by hacking: more unprotected wireless access in Midtown Manhattan <br /> <br />(R 22 80) <br /> <br />SH Acxiom’s FTP Server compromised by (now former) client (R 22 84) <br /> <br />S Incompatibilities and incomparabilities among 802.11a, b, g (R 22 89) <br /> <br />SH SCO wants licensing fees from corporate Linux users (R 22 82); <br /> <br />Denial-of-service attack cuts off SCO Web site (R 22 89) <br /> <br />Sf Adobe Acrobat and PDF security flaws: no improvements for 2 years (R 22 80) <br /> <br />Sf Hand-held computer devices easy to hack (R 22 83) <br /> <br />SH Jolitid: Downloading data can turn your computer into a server (R 22 77) <br /> <br />SH Network vandals hijack Internetted PCs to spread pornography (R 22 80) <br /> <br />SHI Nova Scotia worker deletes her speeding ticket, gets fired (R 22 84) <br /> <br />SH ISP Charter Communications’ DHCP servers infiltrated (R 22 78) <br /> <br />Sf Internet Bank Egg advises customers that ActiveX is a security product! (R 22 80) <br /> <br />SV John C. Dvorak estimates 30 billion Windows crashes each year (R 22 84) <br /> <br />Shf U.Michigan center advises ignoring ssh key change warning (R 22 80) <br /> <br />SH SRI firewall reject rates show dramatic peaks (R 22 87) <br /> <br />S Risks of TheftGuard remotely disabling PCs as an anti-theft measure (R 22 80) <br /> <br />S- Reassembly of shredded Stasi documents outs informant (R 22 81) <br /> <br />SH Man steals home-detection tracking transponder, which tracks him down (R 22 <br /> <br />89) <br /> <br />SHA Customer passwords stolen from Kinko’s in Manhattan for two years (R 22 82) <br /> <br />SHf Student hacks high-school computers, erases class files; the fix: change <br /> <br />passwords every 60 days! (R 22 76) <br /> <br />$SHA South Africa bank Internet spyware and fraud (R 22 82) <br /> <br />SA Lack of Abbey National telephone banking security (R 22 81) <br /> <br />Sf Microsoft withdraws security update for XP; it would knock 600,000 users off the <br /> <br />Internet (R 22 74) <br /> <br />SA New method cracks Windows passwords in seconds (R 22 82) <br /> <br />Sf Denial of service via algorithmic complexity attacks, Crosby and Wallach (R 22 <br /> <br />76) <br /> <br />SA Biometrics technology: not yet ready for primetime (R 22 82) <br /> <br />S Chips that can self-destruct: add gadolinium nitrate (R 22 89) <br /> <br />Sf Hardware to avoid buffer overflows? (R 22 74,75) <br /> <br />Sh Owner of stolen ’sex.com’ can sue VeriSign (R 22 82) <br /> <br />i White House puts up obstacle course for e-mail; critics cite burden of additional <br /> <br />steps (Markoff, R 22 82) <br /> <br />SH Slammer worm hits system within Davis-Besse nuclear power plant (R 22 88,89) <br /> <br />SH LoveSan/Blaster/MSBlaster wreaks havoc, targets W32, MS security site, <br /> <br />includes RPC DCOM exploit to insert payload (R 22 85); risks of believing MS <br /> <br />advisory (R 22 86) and MS patch management (R 22 86) <br /> <br />SH$ Sobig virus affects CSX railroad, Amtrak freight and commuter service (R 22 <br /> <br />87,89), Air Canada operations (R 22 88); sobig forges FROM: addresses from <br /> <br />innocent victims who get rampant bounces (R 22 87,88); huge load increases (R 22 <br /> <br />87) and side-effects (R 22 87); further analysis (R 22 88,89); organized crime link? <br /> <br />(R 22 88) <br /> <br />SH Covert virus channels? (R 22 90) <br /> <br />Sf CCIA trade group tells DHS don’t use MS (R 22 90) <br /> <br />S-? Curtailing online education in the name of homeland security (R 22 90) <br /> <br />SH$ etc. Some observations on e-mail phenomenology (Peter B. Ladkin, R 22 88) <br /> <br />SH "Good" worm supposedly fixes infected computers (R 22 87,89) <br /> <br />SH Palyh/Mankx Internet worm disguised as e-mail from Microsoft (R 22 73) <br /> <br />S Risks of teaching virus writing (R 22 75-77) <br /> <br />..... End of recent yet-to-be-merged security items <br /> <br />..... Security flaws: <br /> <br />*SHAf Many known security flaws in computer operating systems and application <br /> <br />programs. Discovery of new flaws running ahead of their elimination. Flaws <br /> <br />include problems with passwords, superuser facilities, networking, <br /> <br />reprogrammable workstations, inadequate or spoofable audit trails, ease of <br /> <br />perpetrating viruses and Trojan horses, improper handling of line breaks, etc. Lots <br /> <br />of internal fraud and external penetrations. <br /> <br />f Stanford sendmail buffer overflows saturated systems (S 15 1) <br /> <br />Sf Security flaw (buffer overflow) in popular e-mail programs and the programming <br /> <br />language implications (R 19 90-93) <br /> <br />Sf More on buffer overflows: CERT Advisories (S 24 3:27, R 20 21) Note: Steve <br /> <br />Bellovin remarks that 8 out the 13 CERT Security Advisories for 1999 involved <br /> <br />buffer overflows! <br /> <br />Sf Extensive discussion of buffer overflows, causes, methods of prevention, etc. (S 27 <br /> <br />2:7–11; R 21 83-86 plus an excellent analysis and response to further comments, by <br /> <br />Earl Boebert (S 27 3:13, R 21 87,89) <br /> <br />Sf More on eliminating buffer overflows: OpenBSD (R 22 71,72,74,75) <br /> <br />fi Student mistaking list for scalar causes truncated Web info, brings police (S 26 4:7, <br /> <br />R 21 27) <br /> <br />Sf Ross Anderson et al. responded to MobilCom challenge (R 18 45) to hack GSM <br /> <br />for 100,000 DMarks, found flaw, but discovered the offer had been withdrawn. (R <br /> <br />19 48) <br /> <br />Sf Argus’ PitBull £35,000 hacking challenge cracked in 24 hours (R 21 36) <br /> <br />Sf SDMI Secure Digital Music protocol challenge cracked; RIAA threatened to sue <br /> <br />Princeton prof Ed Felten’s team if the results were published; the paper <br /> <br />presentation was withdrawn (R 21 37,39) <br /> <br />f GSM phones recalled for software upgrade (R 19 27,30) <br /> <br />@Sf Crypto-based security in 90 million GSM phones cracked by Silicon Valley <br /> <br />"cypherpunks" (R 19 67) <br /> <br />$SHf CERT Advisory, IP spoofing attacks, hijacked terminal connections; Robert T. <br /> <br />Morris, Tsutomu Shimomura, John Markoff, Kevin Mitnick (S 20 2:13) <br /> <br />S Security flaw in NCSA httpd phf (R 18 69,70); CERN httpd (R 18 71) <br /> <br />S Sun’s Hot Java executes its code on your Web browser (S 20 3:9) <br /> <br />Sf Netscape had a rough time securitywise: 40-bit crypto breakable, random number <br /> <br />generator crypt seed breakable, bounds-check flaw (S 20 5:13) <br /> <br />SO More risks of allegedly random numbers: spoofability (R 18 89) <br /> <br />S Andrew Twyman reduces cost of cracking Netscape’s 40-bit crypto to $584 (from <br /> <br />$10K) (S 21 4:18, SAC 14 3, R 17 65) <br /> <br />S Risks of Trojan horses with HotJava and Word (R 17 39-41,43,45,46,52); see <br /> <br />particularly Marianne Mueller in (R 17 45) <br /> <br />Sf More browser/server security problems in Java/JavaScript/Netscape (S 21 4:18, <br /> <br />SAC 14 3): Dean, Felten & Wallach, Princeton, in (R 17 77); others (R 17 <br /> <br />65,66,77,79,80,83-91,93-95, R 18 01,02); Abplanalp and Goldstein (R 18 06); <br /> <br />David Hopwood (R 18 08), including a summary of Java-related bugs, with a <br /> <br />pointer to John LoVerso’s JavaScript bug list (R 18 08); further problems were <br /> <br />reported in Java and JavaScript (R 18 09), in Netscape 2.02 (R 18 13,14), and again <br /> <br />in Java (Hopwood, R 18 18). Princeton team finds Java security bugs in Microsoft <br /> <br />Internet Explorer 3.0beta3 and Netscape Navigator 3.0beta5 (R 18 32); More on <br /> <br />Java security (Mueller, R 18 50); Flaws in and Microsoft’s warning on Internet <br /> <br />Explorer 3.0 (R 18 36,38); ActiveX security risks (R 18 69) <br /> <br />Sf More Java woes: Princeton team finds new flaw in Java ClassLoader that disables <br /> <br />security controls in Netscape Navigator 4.0x (S 23 5:27, R 19 86) <br /> <br />- Appropriateness of Confutatis Maledictis in MSIE advertisment? (R 19 23) <br /> <br />VSf Land Attack (land.c) denial of service on TCP implementations; Microsoft <br /> <br />implications; also see BUGTRAQ (R 19 48,49) <br /> <br />f Microsoft Office 97 e-mail gives sight to blind copies (R 19 08) <br /> <br />Sf Ruminations on MS security (S 23 4:24) <br /> <br />SH Enumeration of over 100 holes in Windows NT (R 19 65) <br /> <br />f Incompatibility between Cisco 5000 routers and Windows XP beta shuts down <br /> <br />Xerox corporate network, draws ban on XP betas (R 21 37) <br /> <br />f Another privacy bug in Netscape Navigator 2.0 (S 22 4:31, R 18 74) <br /> <br />SP More on risks in Netscape browsing histories (R 18 79) <br /> <br />SOf Netscape flaw allows reading of entire hard drive (R 19 22,23) <br /> <br />SAf Netscape Communicator 4.01 for Windows 95/NT risks include forgeable digital <br /> <br />signatures (R 19 30) <br /> <br />Sf Netscape Communicator 4.02 and 4.01a allow disclosure of passwords (R 19 34) <br /> <br />$Sf Risks in Secure Electronic Transaction (SET) protocol (R 19 31-36,48) <br /> <br />SHP Security hole in Shockwave Web browser exposes e-mail (R 18 91) <br /> <br />Sf More on Java security (R 18 77,79,87); Another Java security flaw (R 19 11) <br /> <br />29 <br /> <br />f Discussion of local classes in Java, flaw and fix (R 19 41,42) <br /> <br />Sf Good Java security vs good network security (R 18 61) <br /> <br />S More on Java performance (R 19 77) and applet security (R 19 78-79,81); vendors <br /> <br />unite against bad applets (R 19 84), but Li Gong reminds us of the pervasiveness of <br /> <br />mobile-code risks: CD-ROM, zip drive, Lisp code, Java applet, Word document, <br /> <br />agent software, browser plugin, postscript file, removable storage, ActiveX <br /> <br />components, articles posted to newsgroups, any number of scripting languages, <br /> <br />attached e-mail components (MIME), floppy disk (demo disks you receive in the <br /> <br />post), someone over the phone asking you to run a program, ... (the list goes on and <br /> <br />on) (R 19 85) <br /> <br />f Security hole reported in Java 2 (JDK 1.2) (R 20 30), fixed in JDK 1.2.1 <br /> <br />Sf Security problems in ActiveX, Internet Explorer, Authenticode (R 18 <br /> <br />80-86,88-89); in particular, see detailed comments from Bob Atkinson (R 18 85) <br /> <br />and subsequent responses (R 18 86-89); Paul Greene at Worcester Poly finds IE <br /> <br />flaw (R 18 85); EliaShim notes two more IE flaws (R 18 88); Another ActiveX flaw <br /> <br />(R 19 06,09) <br /> <br />i ActiveX controls – You just can’t say no! (S 23 3:26, R 19 55) <br /> <br />SOf Internet Explorer runs arbitrary code: MIME type overridden (R 19 14) <br /> <br />Se Misleading Internet Explorer security patch (S 26 4:8, R 21 35) <br /> <br />Sf IE security bug with Active Scripting (R 20 80) <br /> <br />SOf More on Web browser risks (R 19 18) <br /> <br />Sf More on NT security (R 18 82,84,86-88); Another Windows NT security flaw (R <br /> <br />19 02) <br /> <br />Sf NT passwords bypassable by overwriting hashed password (R 18 62) <br /> <br />Sf Making good ActiveX controls do bad things (R 18 61); more risks (R 18 62) <br /> <br />Sf Chaos Computer Club demonstrates ActiveX/Quicken flaw on TV (R 18 80,81) <br /> <br />SHO Beware of offer of remote ActiveX-enabled antivirus scanner (R 19 30) <br /> <br />Se Microsoft Java/COM integration support does automatic upgrades (R 18 64) <br /> <br />@SP Discussion of security and privacy implications of "cookies" (squirreled <br /> <br />information in browsers) (R 18 19,20, 63,65,67,68,70,72,78,79,88,92); residues in <br /> <br />Internet Explorer 3 (R 18 68); <br /> <br />Seh Over 10,000 sites running nonsecure versions of NCSA Web server (S 21 4:17, <br /> <br />SAC 14 3) <br /> <br />Sf SATAN anticracker software; discussion; version 1 flaw (S 20 3:12)(SAC 13 3) <br /> <br />Sf Master password generation algorithm uses program bug in LOGIN (S 12 3) <br /> <br />Sf Flaw in Sun 386i – argument that bypassed authentication (S 14 5) <br /> <br />Sf DEC/Ultrix 3.0 breakins using tftpd, weak passwords, and known flaws (S 15 1) <br /> <br />Sf SunOS 4.0.x rcp problem, exploiting /etc/hosts.equiv , /.rhosts (S 15 1) <br /> <br />Sf Password Snatching? RS-232 data tap advertised for $29.95 (S 12 3) <br /> <br />S Flaws in Kerberos version 4 and 5 (S 21 4:17 SAC 14 3, CERT Advisory CA-96.03) <br /> <br />Sf Security hole in SSH 1.2.0 permits remote masquerading (R 17 66,68, SAC 14 3) <br /> <br />Sf Trojan horsing electronic countermeasures? Def.Electr. Oct 89 (S 15 1) <br /> <br />SH Risks of infrared-reprogrammable parking meters (S 15 5) <br /> <br />Sf Risks from using laptops with cellular phones (S 15 5) <br /> <br />SHf Justice Department computers vulnerable remotely (S 15 5) @ $S GAO finds <br /> <br />computer security at stock exchanges vulnerable (S 15 2) <br /> <br />S PRODIGY security and integrity problems discussed (S 15 2) <br /> <br />Sf CTSS raw password file distributed as message-of-the-day; editor temporary file <br /> <br />name confusion. See Morris and Thompson, CACM 22, 11, Nov 1979. (S 15 2) <br /> <br />Also FJCorbató, 1991 Turing Award Lecture, CACM 34, 9, 1991, pp. 73-90. <br /> <br />SPf Bad pointer dumps encrypted passwords as message-of-the-day (R 17 44) <br /> <br />SH Dictionary-based password cracking (Morris-Thompson) happening (S 15 2) <br /> <br />$Sh NZ Kiwinet posts new default password (S 16 4) <br /> <br />$Sf RISC architectures crashable from user mode (S 15 5) <br /> <br />Sf SunOS SPARC integer division grants root privileges divide&conquer (S 16 4) <br /> <br />S Hitachi’s dynamic microcode download facility (S 16 2) <br /> <br />S Root console spoofable by function-key remote reprogramming (S 16 4) <br /> <br />S Security breach in UK Government Whitehall computer (S 17 2) <br /> <br />SH Crackers of Boeing and Seattle US District Court fined $30K (S 18 4:9) <br /> <br />f FAX in send mode receives someone else’s FAX instead (S 19 2:3) <br /> <br />i Wrong fax code sends antiQuebec message to French-language papers (S 19 3:9) <br /> <br />SP IRS checks mailed with visible SSNs and amounts in 1994 (S 19 4:10); City of <br /> <br />Detroit MI did the same 400,000 tax forms in 2002 (R 21 91); new law will <br /> <br />prohibit federal agencies from doing so, effective 2004 (R 21 92) <br /> <br />SP Lexis-Nexis P-Trak database includes unselectable SSNs (R 18 43-45,47-49) <br /> <br />Sf Univ. California computerized retirement system flaw (S 21 4:17, SAC 14 3) <br /> <br />SAf Authentication in Lotus Notes has security flaws (S 20 3:9, R-17.10) <br /> <br />Sh? Randal Schwartz finds security flaws in Intel, convicted (R 17 23,28) <br /> <br />Sf More on Windows security bugs (R 17 62) <br /> <br />Sf Windows 95 security hole: file names beginning with extended-ASCII 229 (S 21 <br /> <br />4:17, SAC 14 3) <br /> <br />f File name bug in Windows 95 (S 21 5:18) <br /> <br />i File name problems in Unix (R 21 80,82) <br /> <br />Sf Win 95 Microsoft TCP/IP flaw freezes system (R 19 26) <br /> <br />i Risk of renaming a Windows 95 computer on a network (R 19 56) <br /> <br />i Windows 95 renaming problem (R 19 66) <br /> <br />f Warning! NT 4.0 utility wipes system configuration (R 18 49) <br /> <br />f Windows NT 4 corrupting filespace and deleting directories (R 19 63) <br /> <br />Sf Password unsecurity in NT cc:Mail release 8 (R 19 37) <br /> <br />Vmf Massive NT outage due to registry corruption (R 19 60) <br /> <br />f Bug in DoD Common Operating Environment screen-lock consumes resources (R <br /> <br />19 42); NT screen savers also risky (R 19 43) <br /> <br />$f Reliability of NT in embedded applications (R 20 41) <br /> <br />f Microsoft Word footnote problems irks federal appeals court: Word does not count <br /> <br />words correctly (R 20 52) <br /> <br />i Risks related to Ctl-Alt-Del (R 19 28,29,31,32) <br /> <br />Sf Paper by Avi Rubin on Microsoft Passport flaw (R 20 85) <br /> <br />Sf Bug in Microsoft Word 6.0, 6.0a releases unintended info (S 20 1:19) <br /> <br />Sf More on Microsoft WORD macro security problems (R 18 70-72,75-77,79-89) <br /> <br />Sf Microsoft again distributes a Word Macro Virus: WAZZU.A (R 18 53) <br /> <br />Sff Microsoft vulnerabilities, publicity, and virus-based fixes (good analysis by Bruce <br /> <br />Schneier, R 21 01) <br /> <br />Sf Microsoft Windows Update Corporate Web site "features more than 1,000 system <br /> <br />updates and drivers for the Windows 2000 platform"!!! (R 21 04) <br /> <br />(f=feature)i Microsoft Word file holds two separate texts (R 20 40,45; MS response R <br /> <br />20 43); more on hidden old edits (R 21 45) <br /> <br />(f=feature)i Office XP modifies what you type, changes links to point to MS sites, <br /> <br />overrides corrections, without notification; you’d better read these items if you use <br /> <br />Office XP! (R 21 42,43,45,46,48); Smart Tags in WinXP (R 21 46) later killed by <br /> <br />MS (R 21 51); Comments on XP = smiley face = chi-rho = Cairo monogram (R 21 <br /> <br />44, 46,48,51) <br /> <br />f Uncleared disk space visible: MS Visual C++ or operating system problem? (R 21 <br /> <br />50,51) <br /> <br />$ Insurer considers NT high-risk (R 21 44,45) <br /> <br />Sf,e,H,$,etc. More Microsoft problems and security flaws: Win32 API (R 22 19); <br /> <br />Klez (R 22 20-21) and BugBear (R 22 29,31-32); OFfice/IE risks (R 22 22); <br /> <br />Internet banking and e-commerce risks (R 22 22); certificate validation flaw (R 22 <br /> <br />23); MS recommends preventive measures: eliminate blank or weak administrator <br /> <br />passwords, disable guest accounts, run up-to-date antivirus software, use firewalls <br /> <br />to protect internal servers, and stay up to date on all security patches (R 22 24,26); <br /> <br />Microsoft EULA asks for root rights – again (R 22 19); risks of chaining <br /> <br />substitutions in Outlook (R 22 30-31); more on risks of automated updates (R 22 <br /> <br />29,31); MS says 1% of bugs cause half of software errors (R 22 29); UC Santa <br /> <br />Barbara bans Win/2K (R 22 31); King’s College, London, bans Unix/Linux on their <br /> <br />network (R 22 32); switch-from-Mac-to-MS ad bogus (R 22 31); more on Windows <br /> <br />daylight savings cutover, including a dual boot problem (R 22 34-35, previously <br /> <br />noted in R 18 3, 18 96, 19 6, 19 11-12, 19 64); Windows quietly deletes Unix files <br /> <br />(R 22 40); nine related Internet Explorer flaws reportedly leave systems vulnerable <br /> <br />(R 22 32); Transportation Security Administration Word password protection easily <br /> <br />compromised (R 22 45) <br /> <br />Se Microsoft Hotfix erroneously undoes previous Hotfix (R 21 24); other fix files on <br /> <br />MS Web sites infected with FunLove virus (R 21 37) <br /> <br />Sf Bogus Microsoft Corporation digital certificates from Verisign (R 21 29,32,34); <br /> <br />problem with revocation lists (R 21 30,32) <br /> <br />Sf UK Government Gateway certificates block non-MS browsers (R 21 44); same <br /> <br />system used for UK’s agriculture department MAFF (R 21 45) <br /> <br />SH Windows XP vulnerable (R 21 45,46,48); Release Candidate 2 has driver block <br /> <br />preventing some programs from running, because vendors write bad code! (R 21 <br /> <br />57,58); more Outlook security problems (R 21 46) <br /> <br />Sf Freeware Password Recovery recovers Windows lost passwords saved in IE (R 21 <br /> <br />56,59) <br /> <br />Sf Microsoft Reader e-books broken (R 21 64) <br /> <br />Shf Microsoft’s PGP keys don’t verify for several months, so MS security bulletins <br /> <br />look forged! (R 21 56); WindowsUpdate Service Pack 2 for IE have questionable <br /> <br />certificates as well (R 21 63) <br /> <br />SHA Bogus letter-writing campaign opposing Microsoft anti-trust actions includes <br /> <br />mail from dead people (R 21 63) <br /> <br />fi Microsoft SMB protocol: Risks of undocumented ‘standards’ (R 21 69) <br /> <br />i- MS Front Page 2002 license agreement forbids use on disparaging sites (R 21 68) <br /> <br />SP Security and privacy risks of Microsoft Hailstorm/Passport and Project Liberty <br /> <br />alternative (R 21 70,72) <br /> <br />Sf Windows XP accounts default to administrator with no password (R 21 76,78) <br /> <br />Sf Remote tricking of users with Outlook XP with X-Message-Flag (R 21 76) <br /> <br />Sf Windows XP hacked in hours, black-market copies shortly thereafter (R 21 76) <br /> <br />-(S) Despite Connecticut’s MS monopoly case stance, CT Attorney General’s Web <br /> <br />site requires JavaSoft to browse (R 21 80) <br /> <br />30 <br /> <br />Sf Microsoft IE Javascript cookie disclosure vulnerability (R 21 76) <br /> <br />Sf "Beale Screamer" cracks Microsoft anti-piracy software (R 21 71) <br /> <br />SA Microsoft using predictable passwords for Passport (S 27 2:18, R 21 88) <br /> <br />Sf Microsoft C++ feature against buffer overflows is itself vulnerable (R 21 91) <br /> <br />*Sfff? Windows NT html products basis for Interim Brigade Combat Force (R 21 94) <br /> <br />Windows CE palmtops to be used to direct air strikes (R 21 94); <br /> <br />SOf Security flaw in Microsoft Office for Macs leaves OS wide open via HTML <br /> <br />feature (R 22 04) <br /> <br />SHf W32/KLEZ.H polymorphic MS Outlook e-mail virus (R 22 05-08,10); and <br /> <br />after-effects – bogus mail, spoofing, mail loops, etc. (R 22 11) <br /> <br />Shf Microsoft invokes national security in not sharing information on MSMQ <br /> <br />protocol, Windows File Protection API, anti-piracy and digital rights management; <br /> <br />also, "some Microsoft code was so flawed it could not be safely disclosed." (R 22 <br /> <br />13); more on MS’s secret plan to secure the PC, Palladium, viruses, etc. (Peter da <br /> <br />Silva, R 22 14; Cringely, Mellor on Palladium, R 22 15) <br /> <br />Sf MSNTV WebTV virus dials 911 (R 22 17) <br /> <br />Shf Microsoft sends Nimda worm to South Korean developers in Visual Studio .Net <br /> <br />software (R 22 13-14) <br /> <br />SPfh Tower Records reports customer information "leak" from Windows Active <br /> <br />Server Page (R 22 43) <br /> <br />SP FTC/Microsoft settlement: Passport violates its own user-ID privacy policy (R 22 <br /> <br />19) <br /> <br />Sf Macro virus lists from Klaus Brunnstein, <br /> <br />ftp://agn-www.informatik.uni-hamburg.de/pub/texts/macro/ and <br /> <br />ftp.informatik.uni-hamburg.de/pub/virus/macro/macrolst.* (R 19 24) <br /> <br />S+ After October 1997 Macro Virus contamination and Eligible Receiver <br /> <br />demonstration of significant vulnerabilities, NASA requested DoD to attempt <br /> <br />penetration exercises (R 19 74) <br /> <br />Sf New Word macro virus WM/PolyPoster posts Word documents to 23 Usenet <br /> <br />newsgroups (R 19 85) <br /> <br />$SHO Chernobyl CIH virus hits on 13th anniversary, attacks Windows 95/98; <br /> <br />damage reportedly worst outside U.S., especially South Korea (R 20 34) and Sri <br /> <br />Lanka, with usual rumors that it was created by an anti-virus supplier (R 20 37) <br /> <br />Sf OS/2 Warp TCP/IP misfeature (S 21 5:19) <br /> <br />SHA Another risk of reusable passwords: sharing them to avoid Web fees (R 18 85) <br /> <br />@SHI Dutch electronic-banking direct-debit scandal: Friesian church minister <br /> <br />discovers surprise privileges (R 18 81) <br /> <br />Sf Security flaw found in Alcatel’s high-speed modems (R 21 35) <br /> <br />..... Penetrations and misuse by "nonauthorized" personnel: <br /> <br />!SH China executes hacker for embezzling £122,000 (S 18 3:A12) <br /> <br />SPH British Telecom’s Prestel Information Service – demonstration for a reporter <br /> <br />read Prince Philip’s demo mailbox and altered a financial market database [London <br /> <br />Daily Mail 2Nov1984] (S 10 1) Break-in being prosecuted (1st such prosecution in <br /> <br />Britain) (S 11 3) Conviction reversed by Appeal Court and House of Lords (S 13 3) <br /> <br />SHAfe W.German crackers plant Trojan horses, attack NASA systems, exploit flaws <br /> <br />in new OS release (S 12 4, 13 1); perpetrator arrested in Paris (S 13 2). See also (R <br /> <br />08 36,37 [response from ‘pengo’],38). <br /> <br />$SHAOf Lawrence Berkeley Lab computer break-ins by Markus Hess; Stoll planted <br /> <br />phony computer file; file requested (S 13 3, Cliff Stoll, CACM May 1988); see <br /> <br />Cliff Stoll, ‘The Cuckoo’s Egg: Tracking a Spy ...’, Doubleday 1989. Hess and <br /> <br />others accused of KGB computer espionage (S 14 2); Three of the Wily Hackers <br /> <br />indicted on espionage charges (S 14 6), ‘mild’ convictions on espionage, not <br /> <br />‘hacker’ attacks [15Feb1990] (S 15 2) <br /> <br />S Report from the Chaos Computer Club Congress ’88 (S 14 2) <br /> <br />SHf Hacker enters Lawrence Livermore computers (S 14 1) <br /> <br />SH South German hackers hack TV German Post dial-in poll (S 14 6) <br /> <br />SH Discussion of Dutch Intruders breaking in to U.S. systems (S 16 3) <br /> <br />SH Dutch Hackers H.W., R.N. arrested; reportage from Rop Gonggrijp (S 17 2) <br /> <br />SH First Dutch computer hacker arrested under new Dutch Law (S 18 3:A12) <br /> <br />$SH Kevin Poulsen (Dark Dante) arrested (S 16 3); accused of rigging radio contests <br /> <br />by phone hacking (S 18 3:A13) tapes, other evidence seized from locker ruled <br /> <br />inadmissible (S 19 2:9); espionage charges dropped; Poulson pleads guilty to other <br /> <br />charges (S 21 2:20) <br /> <br />$SH Leonard Rose (Terminus) guilty of unauthorized possession of UNIX source and <br /> <br />distributing access-capturing Trojan horses (S 16 3) <br /> <br />$SHA 5 NY Master of Disaster hackers’ Federal 11-count indictment (computer <br /> <br />tampering/fraud, wire fraud, wiretapping, conspiracy; phones, computers, credit) (S <br /> <br />17 4); Phiber Optik (Mark Abene) sentenced to 1 year + for conspiracy, wire fraud <br /> <br />(S 19 1:8) <br /> <br />S? Feds arrest hackers nationwide in Operation Sun Devil; Steve Jackson Games <br /> <br />investigated for cyberpunk fantasy game rules (S 15 3); Secret Service rebuked for <br /> <br />Steve Jackson Games investigation (S 18 3:A8) <br /> <br />$SH "Sun Devil" indictments: "Doc Savage" arrested for tel/credit fraud (S 16 3) <br /> <br />$SH FtWorth programmer Donald Gene Burleson plants time-bomb, deletes 168,000 <br /> <br />brokerage records; convicted, fined (S 13 3, 13 4) <br /> <br />SH University of Surrey hacker arrested ... and released; Edward Austin Singh <br /> <br />penetrated 200 systems (S 14 1) <br /> <br />SH UK "Mad Hacker" (Nicholas Whiteley) goes to jail (S 15 5); appeal fails (S 16 2); <br /> <br />new British Computer Misuse Act (S 15 5) <br /> <br />SH Intruder hacks into Cambridge University systems (R 18 09-10) <br /> <br />SH UK hacker "Datastream" finally arrested (S 20 2:13) <br /> <br />SH Hackers break into Macedonian Foreign Ministry phones (S 23 3:24, R 19 46) <br /> <br />SH R.G. Wittman accused of felonies in hacking NASA computers (S 17 1); <br /> <br />sentenced to 3-year probation, mental health treatment (S 17 3) <br /> <br />$SH 2 Norwegians fined for fraud; telephone fraud, browsing ignored (S 19 1:8) <br /> <br />@SH$ Russian hacker Vladimir Levin breaks Citibank security (S 20 5:13, R 17 <br /> <br />27-29,61); Levin pleads guilty (R 17 61), sentenced to 3 years, with $240,015 <br /> <br />restitution; 4 accomplices previously pleaded guilty (R 19 61) <br /> <br />SHOA 3 Croatian teenagers cracked Pentagon Internet systems. Classified files <br /> <br />allegedly stolen (?). Zagreb Daily suggests damaging programs could cost up to <br /> <br />$.5M (?) (R 18 84) <br /> <br />SH Pentagon computers hacked ("most organized and systematic" according to John <br /> <br />Hamre); Cloverdale high-school kid blamed (R 19 60); in blaming "hackers", DoD <br /> <br />seems to be oblivious to its own bad security <br /> <br />SPH Carlos Salgado Jr. pleads guilty, max up to 30 years, $1M fines (R 19 34) <br /> <br />SH Wendell Dingus sentenced to 6 mos home monitoring for cracking USAF and <br /> <br />NASA computers from Vanderbilt U. (R 19 35,36) <br /> <br />SH Former IRS employee indicted for fraud, illegal browsing (S 20 5:13) <br /> <br />SH* NY Police Department phone system cracked (S 21 5:19) <br /> <br />SH British man (Black Baron) convicted as malicious virus writer (S 20 5:14) <br /> <br />S Cancelbot derails online promo (WSJ via Edupage 20 Dec 1994) (S 20 2:11) <br /> <br />$SH Criminal hacker arrested in Winnipeg (S 20 2:12) <br /> <br />SH 16-year-old boy cracks university computer security (S 21 2:20) <br /> <br />@SH DMV security code breached at hospital in New Haven (R 18 28) <br /> <br />@SH AIDS database compromised in Pinellas County, FL (R 18 48,53) <br /> <br />SH Geraldo show demonstrates how to break into tracer.army.mil (S 17 1) <br /> <br />SHA Milwaukee 414s broke into many computers (some with guessable passwords) <br /> <br />SHAO Australians use dictionary attack on various U.S. computer systems (S 15 2) <br /> <br />$SPH Thieves ransack 55 government computers in Australia (R 18 14) <br /> <br />SH St. Louis teenager Christopher Schanot arrested for computer fraud (R 18 01) <br /> <br />SPH Two convicted: 1,700 Tower Record credit-card numbers offloaded (R 18 02) <br /> <br />$SH U.Texas Dean’s conferred password used to misappropriate $16,200 (S 17 3) <br /> <br />S References to CERT memo and Dave Curry article on countermeasures (S 15 3) <br /> <br />fH Fudging a poll on program(med) trading? (S 15 1) <br /> <br />SH USAF satellite positioning system, others cracked by 14-yr-old (S 14 6) <br /> <br />Sf Sony satellite dishes remotely reprogrammable? (R 17 33) <br /> <br />SH CerGro voice-mail hacked, mailboxes used for illicit purposes (S 13 4) <br /> <br />SP Olympics e-mail misuses affect Tonya Harding and Cathy Turner (S 19 3:10) <br /> <br />$SP Barclays credit system voice-mail hack gives sensitive info (S 18 1:20) <br /> <br />SH Voice-mail phreaking alters recorded message (S 19 3:10) <br /> <br />@$SH AT&T computer break-ins (Herbert Zinn) (S 12 4) <br /> <br />@$SH Pac*Bell System computer attacker Kevin Mitnick arrested (S 14 1); arrested <br /> <br />again after hi-tech tracking (S 20 3:12)(SAC 13 3) <br /> <br />SHAO Computer crackers arrested in Pittsburgh, West Coast (S 12 4) <br /> <br />SH Argentine Hacker encounters computer wiretap (S 21 4:17, SAC 14 3) <br /> <br />$SH Computer intrusion network in Detroit (Lynn Doucett) (S 14 5) <br /> <br />$SH Fired computer engineer caught downloading proprietary software (S 13 2) <br /> <br />*SH Ex-employee arrested in file theft via Internet (S 19 3:10) <br /> <br />$SHI Two Lucent scientists charged with selling PathStar Access Server software to <br /> <br />Chinese firm (R 21 38) <br /> <br />$S MIT student arrested for running BBS used for pirate software (S 19 3:11) <br /> <br />$H Australian hackers face jail or fines (S 13 2) <br /> <br />$SH Australian intruder fined $750 for copying programs (trespass) (S 15 3) <br /> <br />$SH Aussie Cracker charged with phone fraud, accessed US computers (S 16 4) <br /> <br />*SH Australian computer hacker jailed for two years; caused release of thousands of <br /> <br />liters of raw sewage on Queensland coast (S 27 1:14, R 21 74) <br /> <br />$SH Phone cracker tried for Palomar Hospital felony wiretap/eavesdrop (S 17 2) <br /> <br />*SHAO Hospital intruder captures password, alters drug protocol (S 19 3:10) <br /> <br />*SH Tampered heart monitors, simulating failure to get human organs (S 19 2:5) <br /> <br />SH 16yr-old Brit (Jamie Moulding) tried to sell cracked MoD files (S 16 4) <br /> <br />$SPH Brit. Min. of Defense computers penetrated by 8LGM; 3 arrested (S 18 3:A9), <br /> <br />hacked into NASA, ITN’s Oracle, ... 2 given 6-month sentences (S 18 3:A12) <br /> <br />SH TV editor raids rival’s computer files (S 14 2) <br /> <br />SH Fox TV computers hacked, access to news stories in progress (S 15 3) <br /> <br />$SH TRW Credit information bureau breakins – one involved gaining information on <br /> <br />Richard Sandza (Newsweek reporter who wrote "anti-hacker" articles) and running <br /> <br />31 <br /> <br />up $1100 in charges (S 10 1) <br /> <br />$SH 14-yr-old cracks TRW Credit, orders $11,000 in merchandise (S 15 1) <br /> <br />$S 12-yr-old boy arrested for tapping TRW credit files (S 15 3) <br /> <br />$SH Risks of unauthorized access to TRW credit database (S 15 3) <br /> <br />$SHAO U.S. Reps Zschau, McCain computers penetrated, mailings affected (S 11 2) <br /> <br />VSH/h? Ross Perot’s computers lose 17K names; intruder or inadvertence? (S 17 4) <br /> <br />SPHA NJ Republican staffer breaks into Democrats’ computer (S 16 1) <br /> <br />SHAO Bogus e-mail says Dartmouth prof cancels exam; 1/2 noshows (S 19 4:12) <br /> <br />SHAO Grade-changing prank at Stanford (around 1960) (S 8 5) <br /> <br />SHAO More class grade changes: Alaska, Columbia U., U. Georgia (S 16 3); <br /> <br />Berkeley High School, despite requiring two passwords! (R 20 92) <br /> <br />S Remote student tests by push-button phone; Psych 519, Gov’s State (S 16 1) <br /> <br />$SH Southwestern Bell computer penetrated: free long-distance calls (S 11 3) <br /> <br />$SPH British Airways dirty tricks tapping into Virgin Air data (S 18 2:15) <br /> <br />$SH Bloodstock Research thoroughbred genealogy computer system break-in <br /> <br />SHf Systematic breakins of Stanford UNIXes via network software (S 11 5) Brian <br /> <br />Reid, "Lessons from the UNIX Breakins at Stanford", pp 29-35, Oct 1986 <br /> <br />SHAO UK’s MI5 phone recruitment hotline spoofed by KGB impersonator (R 19 20) <br /> <br />SH Masquerader acts as Liz Taylor’s publicist, hacks answering machine (S 15 5) <br /> <br />$S Laser printer counterfeiting and new US legislation (S 15 5) <br /> <br />SH Free Software Foundation trashed, added passwords for integrity (S 16 4) <br /> <br />$SH Remote-control automobile locks opened by signal replay attacks (S 18 4:7) <br /> <br />$SH GM charged VW with industrial espionage (S 18 4:8); settlement eventually <br /> <br />reached: VW agreed to pay GM $100M and buy $1B in parts over 7 years [Wall <br /> <br />Street Journal, 10Jan1997, A3] <br /> <br />SPf Risks of presumed anonymity in tar files, e-mail (S 18 4:10) <br /> <br />@$SH Foiled counterfeiting of 7,700 ATM cards using codes in database (S 14 2) <br /> <br />@*H Prison escapes via computer manipulation (S 10 1, 12 4) <br /> <br />@*$H Masquerading spoof of air-traffic control comm altered courses (S 12 1) <br /> <br />SH Dan Farmer’s security survey [2Jan1997] catalogs attacks on government sites, <br /> <br />banks, credit unions, etc. See http://www.infowar.com. (R 18 74) <br /> <br />$SH 1994 UK National Audit Office report on computer misuse in government: <br /> <br />140% increase; 655 cases, 111 successful; £1.5M defrauded; misuse; 350% <br /> <br />increase in viruses; 433 computer thefts, worth £1.2M (S 20 3:11) <br /> <br />$SHO Computer breakins cost businesses estimated $800 million worldwide in 1995 <br /> <br />(R 19 47) <br /> <br />SHOA Stanford Linear Accelerator Center (SLAC) computer system penetrated 2 Jun <br /> <br />1998 using LAN sniffers (R 19 80-81) <br /> <br />SHOA Canadian charged with breaking into U.S. government computer (R 19 74) <br /> <br />SHOA Woman cracker gets five-month prison sentence for deleting info from Coast <br /> <br />Guard personnel database (R 19 84) <br /> <br />SHO Milw0rm crackers penetrated India’s Bhadha Atomic Research Center (BARC), <br /> <br />copied 5MB, relating to India’s nuclear research, altered BARC Web site, deleted <br /> <br />files, in protest of nuclear testing (R 19 78) <br /> <br />SHf Critical mass or critical mess at Los Alamos? Lax security (S 23 4:21) <br /> <br />SH Jonathan James (cOmrade) sentenced to six months detention for having <br /> <br />penetrated DoD and NASA computer systems, intercepting 3,300 e-mail messages <br /> <br />and stealing passwords when he was 15 (R 21 06; S 26 1:27) <br /> <br />SH Jason Diekman, 20, charged with cracking into university computers and NASA, <br /> <br />stealing hundreds of credit-card numbers to buy thousands of dollars of clothing, <br /> <br />stereo equipment, and computer hardware (R 21 06; S 26 1:27-28) <br /> <br />SHOA Raymond Toricelli charged with breaking into NASA computers, capturing <br /> <br />passwords, running porn ads (R 20 95) <br /> <br />..... Web site hacks and risks: <br /> <br />VSH Justice Department’s Web site is infiltrated (S 22 1:21, R 18 35) <br /> <br />VSH CIA disconnects home page after Web site hacked (S 22 1:21-22) <br /> <br />VSHAO Air Force Web page hacked (S 22 2:23, R 18 64) <br /> <br />VSHOA NASA’s Web site http://www.nasa.gov hacked on 4 Mar 1997 (S 22 2:23, R <br /> <br />18 88) <br /> <br />VSHf Three Army Web sites hacked (S 23 4:24, R 19 63) <br /> <br />VSHf Hackers claim major U.S. defense system cracked (S 23 4:24) <br /> <br />f Art Money (when nominee-to-be for U.S. AsstSecDef) was quoted in Federal <br /> <br />Computer Week at an AFCEA meeting as saying that hackers had changed troops’ <br /> <br />blood types on a DoD Web site, reportedly causing DoD to revisit what info to put <br /> <br />on its Web pages (R 19 97); however, the following issue of FCW said that no such <br /> <br />attack had occurred, although the possible scenario had been identified by a <br /> <br />red-team exercise (R 20 02) <br /> <br />VSHOA National Collegiate Athletic Association (NCAA) Web site hacked, racial <br /> <br />slurs posted; 14-year-old high school freshman? (R 18 90) <br /> <br />VSHOA ACLU’s AOL Web site cracked (R 19 77,81); further notes on AOL security <br /> <br />(R 19 87) <br /> <br />VSHAO NY Times Web site attacked in support of Kevin Mitnick, and suggestions of <br /> <br />what could have been worse in insidious misinformation (R 19 96) <br /> <br />VSHAO Lost World Web site hacked into Duck World: Jurassic Pond (R 19 20,21) <br /> <br />VSAO Swedish meat packer Web site penetrated and replaced (R 19 14) <br /> <br />SHAO Swedish 16-year-old arrested 3 hours after Web attack on Swedish National <br /> <br />Board of Health and Welfare; discussion by Ulf Lindqvist (R 20 87) <br /> <br />SH Teenage hacker Raphael Gray arrested in Wales, hacked 9 e-commerce sites, stole <br /> <br />Gates’ credit-card info (R 20 87) <br /> <br />SHAO Man (Max Vision) indicted for vandalizing NASA, Argonne, Brookhaven, <br /> <br />Marshall Space Center, DoD computers (R 20 87) <br /> <br />SH National Hockey League Web site denial of service attack: down over 5 days, due <br /> <br />to lack of admin expertise (R 20 89) <br /> <br />V$SH Many New Zealand IHug Web sites wiped out by cracker (R 20 09) <br /> <br />SH Internet vandals Trojan-horse USIA Web site (R 20 18) <br /> <br />VSHf Hackers take down FBI and Senate Internet sites, 27 May 1999 (retaliation for <br /> <br />Zyklon?), Dept of Interior and Govt facility at Idaho Falls hit on 31 May 1999 (R <br /> <br />20 43); Crackers do for U.S. gov’t what critical infrastructure report couldn’t (R 20 <br /> <br />43); US GAO report found serious security gaps in 24 agencies’ systems (S 26 4:7, <br /> <br />R 21 36) <br /> <br />VS Critical infrastructure DCS/SCADA security: dependence on the Internet! (S 27 <br /> <br />6:6, R 22 14) <br /> <br />Sf EPA Web site shut down in response to Congressman’s threat to divulge <br /> <br />vulnerabilities (S 25 3:20, R 20 79-80); GAO says EPA’s computer security is <br /> <br />"riddled" with weaknesses (R 21 02; S 26 1:28) <br /> <br />SHOA George W. Bush’s campaign Web site hacked, photo replaced (R 20 64) <br /> <br />SHAO Gallup Web site hacked just before primary election (S 25 3:21-22, R 20 83) <br /> <br />SH Zyklon admits attacks on NATO, USIA, Gore Web pages (R 20 58) <br /> <br />SH Japanese Government Web sites hacked: Science and Technology Agency <br /> <br />penetrated, census info erased (R 20 77) <br /> <br />SHAO OPEC Web site hacked protesting oil prices (R 21 05) <br /> <br />S Risks of Web sites from computer fraud (R 19 44) <br /> <br />Sf Air Force thinks push-pull technology (e.g., Web browsers, PointCast) too risky (R <br /> <br />19 57); added risks from Netscape or anyone else giving away source code? (R 19 <br /> <br />57-59) <br /> <br />SHPA Federal Web sites lack privacy safeguards (S 23 1:13, R 19 35) <br /> <br />$H Fake Web page cause 20% stock surge and then retreat in PairGain (R 20 30) <br /> <br />SHO Western Union Web site hacked, with info on 10,000 customers’ cards (R 21 04; <br /> <br />S 26 1:28) <br /> <br />..... Password and authentication violations: <br /> <br />SH John-the-Ripper software finds 48,000 passwords (R 19 91) <br /> <br />S Password problem on Bloomberg Web site (R 20 08) <br /> <br />SHAOhe Stanford e-mail system passwords stolen by sniffer attack on un-upgraded <br /> <br />systems, reportedly from Sweden and Canada (R 20 05) <br /> <br />SHA Organized e-mail theft in Seattle: compromised master key (S 24 3:27, R 20 09) <br /> <br />SH Strange case of Instant Messaging scam involving password on AOL (R 20 24); <br /> <br />another scam on AOL using hyperlinks (R 20 28) <br /> <br />@$h Mistyped password put two brokers in the same computer files (S 13 1) <br /> <br />@$H Japanese BBoard fraud traps passwords, gains money; culprit caught (S 17 4) <br /> <br />..... Trap-doors, Trojan Horses, logic bombs, worms, viruses: <br /> <br />$$SHhf Internet worm attack 2-3 Nov 1988 on BSD-derived Unix systems, an <br /> <br />intended constructive experiment that went awry (editor’s discussion on software <br /> <br />engineering implications; exploitations of sendmail debug option, finger, .rhosts, <br /> <br />some dictionary-attacked encrypted passwords; references to detailed reports by <br /> <br />Spafford, Seeley, Eichin/Rochlis) (S 14 1); Robert Tappan Morris indicted on <br /> <br />felony count (S 14 6) Jury declares Morris guilty, Jan 1990; motions, sentencing <br /> <br />pending (S 15 2) RTM sentencing and some implications (S 15 3); appeal fails (S <br /> <br />16 2) <br /> <br />$SHI Taco Bell register reprogrammed to redirect funds (S 22 4:31, R 18 76) <br /> <br />SH Unauthorized Internet activity; TELNET Trojan horsed (S 14 6) <br /> <br />SH New rash of Internet break-ins with Trojan-horsed net software (S 19 2:5) <br /> <br />SHA Another Trojan-horse bogus cash dispenser in Finland (R 20 03) <br /> <br />SH Trojan Horse infests 15,000 Internet Relay chat users with Back Orifice (R 20 03) <br /> <br />SH CERT alert: Trojan horse planted in TCP wrapper acquired by at least 52 sites (R <br /> <br />20 18) <br /> <br />Sf html e-mail or Web page can launches Excel Trojan horses (R 20 15) <br /> <br />SH Discussion of write-protectable hard drives as one way to defend against Trojan <br /> <br />horses (R 20 21-22,24) <br /> <br />SH Two Penn State Hackers arrested, service theft, etc. (S 15 2) <br /> <br />SH C compiler Trojan horse for UNIX trapdoor (Ken Thompson, "Reflections on <br /> <br />Trusting Trust", 1983 Turing Award Lecture, CACM, 27, 8, August 1984) <br /> <br />SH? Rhode Island "disgruntled employee" arrested for "e-mail virus" (R 18 50) <br /> <br />$SH PC Graphics program Trojan horse (ArfArf) wiped out users’ files (S 10 5) <br /> <br />SH PC-Prankster Trojan horse on PCs (S 12 4) <br /> <br />SH Another Trojan horse trashes DOS – NOTROJ (S 11 5) <br /> <br />SH Trojan turkey program deletes files (S 13 3) <br /> <br />32 <br /> <br />Sf Microsoft Network e-mail binaries can contain executables (R 17 31,32,33) <br /> <br />SHOA Microsoft Network (MSN) fraudulent e-mail credit-theft risks (R 19 08) <br /> <br />VS AOL alerts users to e-mail Trojan Horse that crashes hard drives (S 21 2:20) <br /> <br />S Intel CD-ROM hoses hard drives (S 21 2:20) <br /> <br />*SH Software time-bomb inserted by unhappy programmer (extortion?) (10 3:15) <br /> <br />*SH Los Angeles Water&Power computer system software time-bomb (S 10 3:15-16) <br /> <br />$S Booby-trapped contracted software "destroys data"; unpaid blackmail? (S 15 3) <br /> <br />SH Lauffenberger convicted of logic bombing GD’s Atlas rocket DB (S 17 1) <br /> <br />SH NY law consultant plants logic bomb (claim 56789), seeks repair job (S 17 4) <br /> <br />H Man accused of Trojan horsing his ex-wife’s computer (S 18 2:4) <br /> <br />$H Typesetter disabled system, demanded arrears; bankrupted corp sued (S 17 4:7) <br /> <br />$SH Logic bomb allegedly planted in nonpaying customer’s system (S 19 1:7) <br /> <br />SH UK Logic Bomb displays Margaret Thatcher picture when triggered (S 13 3) <br /> <br />@*SH Ex-employee Trojan-horses emergency system, which fails (S 17 4) <br /> <br />SH Trojan horse Christmas-greeting message contains saturating virus (S 13 1) <br /> <br />SH Apple II virus, Amiga virus, a chain letter; Canadian logic bombs; computer <br /> <br />terrorism; voice-mail misuse (S 13 1) <br /> <br />SH Pandair Freight (UK) logic bomb case (S 13 1); backfires (S 13 2) <br /> <br />VSH Viruses halted government computers in south China (S 16 4) <br /> <br />SH World Bank virus ("Traveller 1991") (S 16 4) <br /> <br />SH Lehigh time-bomb virus propagates four times, wipes disk (S 13 2) <br /> <br />SH Israeli 13th-of-month PC time-bomb, would delete files 13 May 88 (S 13 2) <br /> <br />Jerusalem Virus bet declared a draw (S 13 3) Time-bomb warning on SunOS for 13 <br /> <br />May 1988 (S 13 3) <br /> <br />SH Jerusalem-B virus infects GPO library disk (S 15 2) <br /> <br />SH Jerusalem-B virus infects Chinese computers widely [13Apr1990] (S 15 3) <br /> <br />$S Fri 13th Virus found in a game software on the market (S 15 3) <br /> <br />SH Anticipation of time-bomb causes accidental clock bomb (S 13 3) <br /> <br />SH Various Macintosh Viruses/time-bombs – trap handler, INIT32 nVIR – <br /> <br />Brandow/MacMag 2 March peace message, infected Aldus commercial software <br /> <br />DREW, FreeHand (in shrink-wrap). (S 13 2) <br /> <br />Sd Apple distributes a CD-ROM with a "Trojan Horse" (S 19 2:10) <br /> <br />Sdh Ford Motor Co promotional floppy disk contains monkey virus (R 17 23) <br /> <br />Shf Cardiff software shipped self-destruct timebomb in Teleforms 4.0 (R 17 36) <br /> <br />SH More on viruses dangers of virus construction sets, propriety of assigning virus <br /> <br />development in courses, plus more on the Atari ST virus, the (c) Brain virus and the <br /> <br />Providence Journal attack, the Scores virus and the "ERIK" and "VULT" attacks, <br /> <br />Elk Cloner, Disease DOS, and the growing anti- virus business – including <br /> <br />contaminated versions of FLUSHOT that contained Trojan horses. (S 13 3 refers to <br /> <br />on-line RISKS, VIRUS-L.) <br /> <br />SH (c) "Brain" Virus at eastern universities (S 13 2) <br /> <br />$SH Michelangelo – hype, preparation, and attack on 6Mar1992; Leading Edge <br /> <br />shipped 6000 infected systems; Intel shipped 800 infected LANSpool 3.01; <br /> <br />DaVinci shipped 900 infected eMAIL 2.0 disks (S 17 2) Various Michelangelo <br /> <br />attacks were reported (in New Zealand, Australia, Japan, China, Poland, Germany, <br /> <br />South Africa [where bootleg SW is prevalent], Canada); various US hits also noted <br /> <br />(S 17 2) Norton’s free antiviral utility more dangerous than Michelangelo (S 17 2) <br /> <br />f(S) Intel says Itanium 2 error can crash servers (R 22 73) <br /> <br />SH Novell shipped a stealth virus, Stoned III, to 3800 customers (S 17 2) <br /> <br />$SH 2 Cornell students arrested for spreading Macintosh game virus (S 17 2) 10 <br /> <br />hrs/wk for a year public service required as punishment (S 18 2:15) <br /> <br />$SH The Trojan horse named ‘AIDS’, from ‘PC Cyborg Corp’ (S 15 1); Joseph Popp <br /> <br />accused on 11 charges, computer blackmail of medical institutes, attempting to <br /> <br />obtain £6M (S 17 2) <br /> <br />@*$SH Lithuanian nuclear power plant logic bomb detected (S 17 2) <br /> <br />SH The "Twelve Tricks" Trojan horse (S 15 2) <br /> <br />SH DECnet ‘WANK’ Worm on SPAN affected DEC VMS systems (S 15 1) <br /> <br />SH PC pest programs in China and Japan (S 15 1) <br /> <br />S Soviets claim unprecedented computer-virus shield (S 14 1) <br /> <br />SH "Virus" removes security barriers in Italian judicial computers (S 17 3) <br /> <br />SH Self-invoking RUNCOM self-propagates as virus on MIT’s CTSS (S 13 3) <br /> <br />$H Use of a virus excuse for nondelivery of software (S 13 2) <br /> <br />$SHf Portable terminals for Hong Kong horse betting spoofable? (S 14 2) <br /> <br />$SH [Bogus] "Big Red" Trojan horse reported (as virus) in Australia (S 12 3); <br /> <br />Hackwatch ‘expert’ Paul Dummet [alias Stuart Gill] claims exposed (S 15 1) <br /> <br />SH Japanese PC-VAN network ‘Virus’ posts passwords of NEX PC9800s (S 13 4) <br /> <br />SH Virus aimed at EDS infects almost 100 NASA computers instead (S 13 4) <br /> <br />S ‘Computer Virus Eradication Act of 1988’ (S 13 4) <br /> <br />*S Virus hits hospital computers in Michigan, creates bogus patients (S 14 5) <br /> <br />$S "Virus" arrest in New Jersey (Chris Young) (S 14 5) <br /> <br />SH Black Baron gets 18-month sentence for virus activities (S 21 2:21) <br /> <br />S Prank "Virus" Warning Message in government service system (S 14 5) @SH <br /> <br />Toronto Stock Exchange virus scare causes all-night search (S 18 2:16) <br /> <br />SH Trojan horses implantable by active electronic jamming? (S 15 1) @$mSe Minn. <br /> <br />9th Federal Reserve Bank vulnerability during recovery (S 16 3) <br /> <br />SH? Aum Shinri Kyo affiliate develops Japanese government software (R 20 83) <br /> <br />Sh(H?) U.S. State Dept embassies’ Mission Performance Plan software written by <br /> <br />Russians! (R 20 81) <br /> <br />S? Fantasy Baseball Journal errors attributed to a computer virus (S 18 3:A11) <br /> <br />SH Contact krvw@first.org for access to the VIRUS-L on-line newsgroup, <br /> <br />documenting, cataloging, discussing innumerable virus problems! <br /> <br />NOTE: We long ago stopped reporting run-of-the-mill new viruses. Klaus Brunnstein <br /> <br />reported the number of distinct strains has grown from five in early 1988 to over <br /> <br />1000 by early 1992. The number is now huge, over 10,000. See the VIRUS-L <br /> <br />newsgroup for ongoing activities... But we must include two 1999 manifestations <br /> <br />that result from the absence of meaninful PC security: <br /> <br />ffSH Melissa Macro Virus. See my article (S 24 4:28, R 20 26) and my Web site <br /> <br />(http://www.csl.sri.com/neumann/house99.html) for testimony for the 15 Apr 1999 <br /> <br />hearing of the House Science Committee subcommittee on technology, in which I <br /> <br />consider Melissa as the tip of a very large iceberg – the abysmal state of computer <br /> <br />and communication security. See also other items in RISKS on Melissa: Report by <br /> <br />Robert M. Slade (R 20 26); hidden risks (R 20 28); effect on a UK bank (R 20 30); <br /> <br />Risks of monocultures (R 20 26) and more virulent macro viruses (R 20 26); further <br /> <br />analysis (R 20 30); Role of the GUID in identifying David Smith as the purported <br /> <br />culprit (R 20 26,28,30-34), with wrap-up from Richard M. Smith (R 20 33); Smith <br /> <br />faces five years in prison; claimed to have caused $80M damages and infected over <br /> <br />100,000 computers (R 20 68); further discussion of GUIDs accepted in court (R 20 <br /> <br />70); Mainframe viruses (R 20 30-32) and origin of virus vulnerabilities (R 20 29) <br /> <br />SH CIH virus (26 Apr 1999) recalls Chernobyl (R 20 33) <br /> <br />..... Risks in voice-recognition systems <br /> <br />SH Risks of computer voice recognition monitoring gang members (S 15 5) <br /> <br />VSh Ross Perot’s high voice tone shuts down newspaper phone hotline (S 19 2:10) <br /> <br />Sfi British discover Texas accent is needed for voice recognition system for UK <br /> <br />criminals (R 19 78) <br /> <br />Sf Risks of voice-controlled human interfaces (R 19 25) <br /> <br />S Potential for Trojan horses in voice software (R 20 10) and remote controls (R 20 <br /> <br />10) <br /> <br />S Trojan horses embedded in voicemail (R 20 10) and risks of turning on audio and <br /> <br />video, e.g. Back Orefice (R 20 11-12) <br /> <br />VShi NCR phone instruction for Tower Star multiport removal: "execute rm -r star" <br /> <br />(R 19 65) <br /> <br />VSi Voice-recognition software <br />Format c: Return and Yes, Return (R 20 <br /> <br />24) <br /> <br />Sf- Seagull squawks consistently interpreted by speech recognizing software as <br /> <br />"Aldershot" (R 20 36) <br /> <br />..... Internal perpetrations and insider misuse: <br /> <br />ShI CIA Director Deutch and multilevel security (S 25 3:20-21, R 20 78) <br /> <br />ShAI DoE weak password policy on nuclear secrets (S 25 3:21, R 20 77) <br /> <br />$SPHI Man charged with counterfeiting Japanese bank ATM cards, based on insider <br /> <br />access (R 20 34) <br /> <br />$SHI/O AOL tech support volunteer sentenced to year in jail (R 20 74) <br /> <br />SHI FAA programmer destroyed only copy of source code for flight-control data <br /> <br />transfer; authorities recovered encrypted copy at his home (R 20 64) <br /> <br />SHI ISP/bookseller intercepted Amazon messages, trying to get competitive <br /> <br />advantage; fined $250,000 (R 20 66) <br /> <br />SHI+O Hackers penetrated Russian Gazprom, controlled pipeline flow; Russian <br /> <br />police noted twelve-fold increase in computer crime in 1999 over 1998 (R 20 87) <br /> <br />SHIf Rogue code in Microsoft software, dvwssr.dll, includes password to access <br /> <br />thousands of Web sites (R 20 87-89) <br /> <br />*SHI Hacker-nurse unauthorisedly changed prescriptions, treatments (S 19 2:5; R 15 <br /> <br />37,39) <br /> <br />$SHI $1M internal computer fraud at Pinkerton (S 16 4) <br /> <br />@$SHI NY police chief indicted for misuse of confidential database (S 13 4) <br /> <br />@SHI 3 police officers sentenced for misusing Police Nat’l Computer (S 14 2) <br /> <br />@$SPHI 45 LA police cited for searching private computer records (S 18 1:21) <br /> <br />@SHI IRS agent accused of giving defendant tax data on judges/jurors/... (S 16 3) <br /> <br />@$SHIO Harrah’s $1.7 Million payoff scam – Trojan horse chip? (S 8 5) and San <br /> <br />Francisco Examiner/Chronicle, 18 Sep 1983 <br /> <br />$SH Nevada slot-machine ripe for $10 to 15 million phony payoffs? (S 11 2) <br /> <br />$H Amusement game machines have covert gambling mode (S 13 4) <br /> <br />@$f One-armed bandit chips "incompatible"; 70.6%, not 96.4% payoff (S 17 4) <br /> <br />*SPHAf San Fran. Public Defender’s database readable by police; as many as 100 <br /> <br />cases could have been compromised [Feb1985] (S 10 2) <br /> <br />$SHI Browsing by IRS employees: curiosity to fraud (S 19 4:13) <br /> <br />SHA Sabotage of Italian newspaper source text without access controls (S 17 1) <br /> <br />$SH Sabotage of Encyclopedia Brittanica database (S 11 5) <br /> <br />33 <br /> <br />$S(H?) Forbes accuses former employee of sabotage; NY programmer accused of <br /> <br />sabotaging Art Assets computer (R 19 47) <br /> <br />$SH Prescott Valley Arizona computerized financial records wiped out (S 12 2) <br /> <br />SPH LLivermoreNL system used as repository 50Gb 90K erotic images (S 19 4:6); <br /> <br />Employee acquitted; pictures thought related to engineering! (S 20 3:11) <br /> <br />@SH Election frauds by vendor or staff charged? ... [see above] <br /> <br />@*SHI British auto citations removed from database for illicit fee (S 11 1) <br /> <br />S Reporting and misreporting on successful Internet penetration of Navy battleship in <br /> <br />exercise by U.S. Air Force (R 17 56-58) <br /> <br />$SHI Trojan-horsed chips in gas pumps enable charging scam (R 20 03) <br /> <br />SHI Mars Bars fraud via data diddling (S 24 3:27, R 20 09) <br /> <br />..... Other intentional denials of service: <br /> <br />SHI David Salas, former subcontractor on a Calif. Dept of Info.Tech., was arrested on <br /> <br />3 felony charges for "allegedly trying to destroy" the Sacramento computer system <br /> <br />(R 18 75,76) <br /> <br />H Mail-merge program used to generate 12,000 amendments for Ontario legislature <br /> <br />in blocking attempt (R 19 06,08,09) <br /> <br />SH Bogus cable chips zapped, possessors bringing them in apprehended (S 16 3) <br /> <br />*$SH Sabotage causes massive Australian communications blackout (S 13 1) <br /> <br />SH Former estimator destroys billing/accounting data on Xenix (S 15 1) <br /> <br />SH DC analyst in dispute with boss changed password on city computer (S 11 2) <br /> <br />SH Insurance computer taken hostage by financial officer (S 12 3) <br /> <br />*SH Cancer database disabled; 50K bogus calls, 10K-pound phone bill (S 18 2:17) <br /> <br />@SH Swedish cracker disrupts 11 north Florida 911 Systems (R 18 90) <br /> <br />SAO Swedish teen-aged hacker fined for U.S. telephone phreaking etc. (R 19 13) <br /> <br />SHf Vandalism disrupts service at Stirling University for days (S 19 4:13) <br /> <br />VSH Denial-of-service attack with e-mail flooding (S 21 2:20) <br /> <br />$VSHI Disgruntled Reuters computer technie brings down trading net (S 22 2:23) <br /> <br />@!$$Hm World Trade Center blast and outages discussed (S 18 2:17) <br /> <br />@SH Vandals cut cable in Newark, slow NY-DC MCI service for 4 hrs (S 20 1:21) <br /> <br />H? Workmen strike at CERN; beer bottles halt accelerator reopening (S 21 5:16) <br /> <br />VSH Update on Windows NT denial-of-service attacks, Bonk/Boink, New Tear (S 23 <br /> <br />4:24) <br /> <br />..... More on information warfare and terrorism: <br /> <br />VSH Information Security: Computer Attacks at Department of Defense Pose <br /> <br />Increasing Risks, GAO/AIMD-96-84, in Senate hearings (R 18 15) <br /> <br />SH+H Pentagon uses offensive information warfare against Electronic Disruption <br /> <br />Theater attacks beginning 9 Sep 1998 against DefenseLink Web site; EDT says it <br /> <br />was illegal! (R 20 03) <br /> <br />S Pentagon to take stronger computer security measures; Eligible Receiver results <br /> <br />indicate pervasive vulnerabilities (S 23 4:24) <br /> <br />$VS* Canadians assess risks of computer terrorism (S 16 1) <br /> <br />$S Cyber-terrorists blackmail banks and financial institutions (article with <br /> <br />considerable hype) (R 18 17,24) <br /> <br />VS GAO report: Government computers at risk (R 21 04; S 26 1:27) <br /> <br />SHO Information Warfare in Israel (R 19 77) <br /> <br />..... Internet Service Provider outages and security problems: <br /> <br />Vhfme Internet "dark address space" leaves 100 million hosts unreachable (S 27 1:9, <br /> <br />R 21 75) <br /> <br />Vf/m Problems with on-line services: Prodigy "comm error" shown live on ESPN; <br /> <br />AOL downed by flood; traffic chokes MCI inbound Internet gateways (S 19 4:8) <br /> <br />Pf Prodigy misdirects 473 e-mail messages, loses 4901 others (S 20 3:9) <br /> <br />SH Racist cracker trashes BerkshireNet (R 17 83, S 21 4, SAC 14 3) <br /> <br />$Vfh 14-hour Netcom crash due to extra & in code (S 21 5:14) <br /> <br />$e Microsoft, AOL, and AT&T also have netwoes (S 21 5:14) <br /> <br />VSHAO PANIX denial-of-service syn flooding attack (R 18 45); more on syn floods, <br /> <br />IP spoofing, and how to defend (Fred Cohen, R 18 48) <br /> <br />VSHAO Major denial-of-service syn attack on WebCom in San Francisco area (S 22 <br /> <br />2:23, R 18 69) <br /> <br />$e Bad upgrade gets America On-Line off-line for 19 hours 7 Aug 1996 (S 22 1:17, R <br /> <br />18 30-31) <br /> <br />Vfe More AOL outages: 2 Dec 1996; bad upgrade, 5 Feb 1997 (S 22 4:28, R 18 81) <br /> <br />Vfe E-mail volume brings down Microsoft Network (MSN) servers for C-E and T-Z <br /> <br />names; Microsoft shut down entire service for several days to upgrade (R 19 09) <br /> <br />Sf WorldNet security flaw (R 19 19, correction in R 19 20) <br /> <br />Vh Telehouse ‘reliable’ backup center in London downed by accidental power <br /> <br />shutoff, downing most of the UK Internet (R 19 13,14) <br /> <br />VSH PING-of-death attacks from Serbia on NATO Web server, counterattacks on <br /> <br />www.gov.yu (R 20 31) <br /> <br />SH Copper thieves hit Rogers@Home cable Internet service in Canada (R 21 27); <br /> <br />exposed cables chewed by rodent during repairs take out 300,000 customers <br /> <br />$fSHA Internet MSN Cyberseat park bench gives free international telephone service <br /> <br />(R 21 59) <br /> <br />..... Other Internet-related security problems: <br /> <br />SHAO Princeton admissions office caught breaking into Yale computers (S 27 6:13, <br /> <br />R 22 18) <br /> <br />..... Stolen equipment and computers – including sensitive data: [See also Piracy, <br /> <br />below.] <br /> <br />$SH Computers stolen from SDI Office (S 13 3) <br /> <br />S Stolen laptop contains sensitive British military data (S 16 2) <br /> <br />SHO Sensitive customer data in stolen CalTrain ticket-by-mail computer (R 19 02,05) <br /> <br />SHO Stolen Levi Strauss personnel computer contains 40,000 SSNs and other <br /> <br />identifying info, also bank account into for retirees (R 19 12) <br /> <br />SH Laptop with unspecified data stolen from London police car (R 18 24) <br /> <br />$SPH Thefts of doctors’ computers lead to blackmail in Cheshire UK (S 18 1:22) <br /> <br />SH Stolen computer contains ophthalmology certification exam (R 18 53) <br /> <br />@SHI 6000 AIDS records stolen from Miami hospital PCs and diskettes (S 19 2:9); <br /> <br />bad prank follows (S 20 5:10) <br /> <br />H May 1995 theft of $10M in Pentium chips; Asian syndicate indicted (R 19 21) <br /> <br />$H Armed theft of $800K in chips thwarted (R 19 23) <br /> <br />Hm Russian harvests 60 meters of cable in Ulan-Ude, disabling external phone <br /> <br />service in Russia [19Jun1997]. Previously, 2 thieves in eastern Kazakhstan were <br /> <br />electrocuted trying to steal high-voltage copper wires. (R 19 23) <br /> <br />Hm Backup system failure: cable stolen at Korat Royal Thai AFB, 1973 (R 19 24) <br /> <br />..... Piracy and proprietary software rights: <br /> <br />SH 37% of programs used in business are pirated (S 26 6:12, R 21 42) <br /> <br />- Risks of arbitrary binary representations (e.g., <br /> <br />􀀀 <br /> <br />) infringing copyrights (S 26 <br /> <br />6:12-13, R 21 42) <br /> <br />Sf Ed Felten and coauthors (backed by Usenix and EFF) sue RIAA and DoJ over <br /> <br />right to publish paper on Secure Digital Music Initiative flaws and constitutionality <br /> <br />of DMCA (R 21 45) <br /> <br />SHrf DVD CSS encryption algorithm cracked with <br />􀀀 <br /> <br />attack with 6 bytes of known <br /> <br />plaintext, with 40-bit key; freeware software remove copy protection (R 20 <br /> <br />64-65,67,69), with detailed analysis by Bruce Schneier (R 20 66); jail for <br /> <br />possessing a debugger? (R 20 74) DVD lawyers make "trade secret" public in <br /> <br />unsealed lawsuit against Norwegian teen (R 20 77); Lawsuit against 2600.com for <br /> <br />posting DVD security crack DeCSS (R 21 37); DeCSS source code is ruled speech; <br /> <br />object code is not speech (R 21 73,74); ’DVD Jon’ acquitted by Norwegian court; <br /> <br />Supreme Court rescinds emergency stay barrying Matthew Pavlovich from <br /> <br />distributing DVD lock descrambler (R 22 48) <br /> <br />SH Russian programmer Dmitry Sklyarov wrote program to unrestrict encrypted <br /> <br />Adobe Acrobat e-book files; gave talk at Defcon in US, arrested for Digital <br /> <br />Millennium Copyright Act violation, jailed, eventually released on bail (R 21 <br /> <br />53,55); Elcomsoft and Dmitry Sklyarov cleared (R 22 44); an e-book publisher <br /> <br />apparently uses utterly trivial rot13 for cryptographic protection! (R 21 58); <br /> <br />extradition laws (R 21 62,64) <br /> <br />SHf More discussion on DMCA, RIAA, DVD Crack (R 21 42,47,48,54,61,62); <br /> <br />negative effects on forensic analysis (R 21 62); UCITA implications as well (R 21 <br /> <br />54); use of rot13 as "encryption" (R 21.58-59,62); UCITA support fading (R 22 84) <br /> <br />Shi Use a Firewall, Go to Jail! DMCA broadening: New U.S. state legislation in <br /> <br />Mass, Texas, Michigan, and other states would ban the possession, sale, or use of <br /> <br />technologies that "conceal from a communication service provider ... the existence <br /> <br />or place of origin or destination of any communication." Also would ban <br /> <br />encryption, Network Address Translation, home routers, remailers, wireless, <br /> <br />Linux/*BSD for reading DVDs, etc. Horrendous legislation! (Ed Felten and others, <br /> <br />R 22 66); effects on electronic voting and the Internet community (Doug Jones, R <br /> <br />22 67); further discussion (R 22 67-69) This reminds PGN of the California <br /> <br />computer crime law that in essence makes it illegal to read, write, alter, or delete <br /> <br />information! <br /> <br />SA The Internet vs. the recording industry (R 22 66; S 28 4:9) <br /> <br />SA$ Music piracy violations: fines up to $150K a song (R 22 67; S 28 4:9) <br /> <br />SA-? Radio stations unable to play copy-protected CDs (R 22 68; S 28 4:9) <br /> <br />? Acacia owns patent on digital audio and streaming video; goes after small sites, <br /> <br />including (R 22 67; S 28 4:9) <br /> <br />Sf Very weak HDCP content protection broken – by various people (R 21 60-62) <br /> <br />$dP Microsoft documents leaked on the perceived threats of open-source software, <br /> <br />and desired MS countermeasures; see the "Halloween Documents" annotated by <br /> <br />Eric Raymond (http://www.opensource.org/halloween.html <br /> <br />http://www.opensource.org/halloween2.html) (R 20 04-05) Microsoft preparing <br /> <br />campaign to counter open-source movement (R 21 37) <br /> <br />$SH FBI raid "Davy Jones’ Locker" (400-customers pirated-SW BBoard) (S 17 4) <br /> <br />@SH Leonard DiCicco pleaded guilty to aiding Mitnick in DEC SW theft (S 15 1) <br /> <br />$SH Captain Blood, software pirate, nabbed in L.A. (S 21 2:21) <br /> <br />$SH Irish rock band U2 unreleased songs pirated from demo video, distributed on the <br /> <br />Internet (R 18 62,63) <br /> <br />SH$ Finnish executives jailed for software piracy (S 20 5:13) <br /> <br />34 <br /> <br />$SH Software piracy considered enormous, Hong Kong, worldwide (R 18 12-13) <br /> <br />S U.S. No Electronic Theft Act may criminalize non-profit software copying (R 19 <br /> <br />52) <br /> <br />$S Software theft statistics: $7.4B losses in 1993, $9.7B in 1992; greatest increases in <br /> <br />India, Pakistan, Korea, Brazil, Malaysia (S 19 3:11) <br /> <br />S British Visa source code compromised, ransom sought (R 20 75-76) <br /> <br />..... Incomplete deletions and other security residues: <br /> <br />!S,H? Mystery death of NZ man who bought old Citibank disks reportedly containing <br /> <br />details of overseas accounts & laundering activities (S 18 1:13) <br /> <br />fSP Footnotes in the Starr report that had been deleted in WordPerfect reappeared in <br /> <br />the House-translated html version; this is the old mark-as-deleted but <br /> <br />don’t-really-delete residue problem; also, some text was lost in the translation. (R <br /> <br />19 97) <br /> <br />Sf Effects of data residues in Microsoft Word (R 17 78,80) and Netscape Navigator <br /> <br />2.0 (R 17 79); incorrect text replacements in WordPerfect (R 17 80) <br /> <br />SPf More on the MS Word deleted residue feature (R 20 83) <br /> <br />SHf Windows NT storage residue in supposedly deleted files (R 20 88) <br /> <br />SP Discussion of security and privacy implications of "cookies" (squirreled <br /> <br />information in browsers) (R 18 19,20, 63,65,67,68,70,72,78,79,88,92); residues in <br /> <br />Internet Explorer 3 (R 18 68); <br /> <br />Sf Alcatel Word document includes deleterious document history (R 21 35) <br /> <br />SP Residue problem in frequent-flier miles on number reissue (R 18 65) <br /> <br />*Sh Air Force sells off unerased tapes with sensitive data (S 11 5) <br /> <br />SP Used UK Bristol University computer contains identities of pedophiles and <br /> <br />victims (R 21 64) <br /> <br />*S White-house backup computer files bypass shredders on Irangate (S 12 2) <br /> <br />Sf Sex, lies and backup disks: more D.C. risks in (non)deletion (S 21 2:17) <br /> <br />Sh Leftover sealed-indictment data on sold-off surplus computers (S 15 5) <br /> <br />Sh Secret FBI files sold off inside $45 surplus computers (S 16 3) <br /> <br />H Residual Gulf war battle plans incriminate $70K computer thefts (S 17 4) <br /> <br />S Deleted files still on disk give evidence vs Brazilian president (S 18 1:7) <br /> <br />SP Used hard-disk contains unerased confidential personnel files (S 18 4:9) <br /> <br />Sh UK cabinet secrets on National ID card found in surplus store (S 20 2:12) <br /> <br />P Czech intelligence computer stolen, with sensitive data (R 19 31) <br /> <br />+*H US charges man planned to kill 4,000 travelers; laptop evidence (S 21 5:16) <br /> <br />S More risks of core dumps (R 18 42,43,44) <br /> <br />Shi Sloppy HTML in MS Outlook reveals supposedly hidden Microsoft comments <br /> <br />when viewed in emacs or non-MS browsers; missing endif (R 22 49) <br /> <br />SP Google search finds cached password-protected pages (R 22 49) <br /> <br />..... Satellite takeovers and TV screwups: <br /> <br />VSH "Captain Midnight" preempted Home Box Office program (S 11 3, 11 5) <br /> <br />VSH Another satellite TV program interrupted (S 12 1) <br /> <br />$VSH Playboy Channel disrupted with bogus program "Repent Your Sins" (S 12 4); <br /> <br />CBN employee convicted, facing up to 11 years in prison and $350,000 fines (S 16 <br /> <br />1, R 10 62) <br /> <br />(m/f) Playboy Channel video appeared in the Jeopardy time-slot in the Chicago area <br /> <br />for 10 minutes, due to a screwup (R 18 22) <br /> <br />e Upgrading Cartoon Network Channel gives Playboy video, Flintstones’ audio (S 22 <br /> <br />4:26, R 18 77) <br /> <br />SH WGN-TV and WTTW in Chicago overtaken by pirate broadcast (S 13 1) <br /> <br />SH Video pirates disrupt L.A. cable broadcast of 1989 Super Bowl (S 14 2) <br /> <br />..... Other cases: <br /> <br />SH British businesses suffer 30 computer disasters/year (S 12 1) <br /> <br />SH UK computer security audit estimates £40M fraud in 1987 (S 12 1) <br /> <br />S Accidental breach of Rockwell security bares shuttle software (S 13 3) <br /> <br />$SH Debit card copying easy despite encryption (DC Metro, SF BART, etc.) <br /> <br />$SH Thieves profit from $240,000 in debit-card transaction adjustments (R 19 42) <br /> <br />$SHO Counterfeit debit cards hit Burns National and others (R 19 53) <br /> <br />@$SHf TILT! Counterfeit pachinko cards send $588M down the chute (S 21 5:19) <br /> <br />$SH ATM cards altered by in-car home computer net $50,000 (S 12 1) <br /> <br />$SH Microwave phone calls interceptable; cordless, cellular phones spoofable <br /> <br />$SH Church cordless phone abused (piggybacked dialtone) (S 20 3:12)(SAC 13 3) <br /> <br />$SPH More cellular phone eavesdropping cases: Private call on saving the SF Giants <br /> <br />(broadcast on TV frequency); Dan Quayle call from Air Force 2 on Gorbachev <br /> <br />coup; Seabrook control-room calls including one on bad valve karma, heard by an <br /> <br />antinuclear activist; Green Bay Packer football player calling a male escort service; <br /> <br />intimate conversation allegedly with Princess Diana ("my darling Squidge") (S 18 <br /> <br />1:20) <br /> <br />$SH Unsecure cellular phone fraud: $482M in 1994 (3.7% of revenue) (S 20 2:13) <br /> <br />$SH Massive cell-phone identifier interception (S 21 5:19) <br /> <br />$SH Callback security schemes rather easy to break (S 11 5) <br /> <br />$SHA 18 arrested for altering cellular mobile phones for free calls (S 12 2) <br /> <br />HS San Jose CA men arrested for altering, selling cellular phones (S 20 1:21) <br /> <br />+ E-mail tap nets German cell-phone fraudsters (S 21 2:19) <br /> <br />SH Risks of lap-top computers being permitted in exams (S 13 3) <br /> <br />$SH Embezzlements, e.g., Muhammed Ali swindle [$23.2 Million], Security Pacific <br /> <br />($10.2 Million), City National Beverly Hills CA [$1.1 Million, 23Mar1979] <br /> <br />Marginally computer-related, but suggestive of things to come? <br /> <br />S On-line BBS bug fix downloaded to an M1 tank in Saudi Arabia (S 16 2) <br /> <br />Cryptography <br /> <br />..... Limitations of encryption and related problems (recent): <br /> <br />SP National Research Council study report (CRISIS) on U.S. cryptography policy <br /> <br />available from National Academy Press (http://www2.nas.edu/cstbweb) (R 18 <br /> <br />14,17) <br /> <br />Shi Robert Litt’s comment on National Research Council crypto study <br /> <br />(http://www2.nas.edu/cstbweb): it was written before he came on board and <br /> <br />therefore he didn’t feel obliged to read it. (S 23 5:27, R 19 80) <br /> <br />SP Hal Abelson (MIT/HP), Ross Anderson (Cambridge Univ.), Steven M. Bellovin <br /> <br />(AT&T Research), Josh Benaloh (Microsoft), Matt Blaze (AT&T Research), <br /> <br />Whitfield Diffie (Sun Microsoft), John Gilmore, Peter G. Neumann (SRI <br /> <br />International), Ronald L. Rivest (MIT), Jeffery I. Schiller (MIT), and Bruce <br /> <br />Schneier (Counterpane Systems), The Risks of Key Recovery, Key Escrow, and <br /> <br />Trusted Third-Party Encryption, May 27, 1997 <br /> <br />(ftp://research.att.com/dist/mab/key_study.txt or .ps; <br /> <br />http://www.crypto.com/key_study). This report considers the technical <br /> <br />implications, risks, and costs of ‘key recovery’, ‘key escrow’, and ‘trusted <br /> <br />third-party’ encryption systems. (R 19 17, discussion R 19 18) It has appeared in <br /> <br />various places, including the World Wide Web Journal, volume 2, issue 3, Summer <br /> <br />1997, O’Reilly & Associates, pp 241-257. This report was reissued in the summer <br /> <br />of 1998 with a new preface: "One year after the 1997 publication of the first edition <br /> <br />of this report, its essential finding remains unchanged and unchallenged: The <br /> <br />deployment of key recovery systems designed to facilitate surreptitious government <br /> <br />access to encrypted data and communications introduces substantial risks and costs. <br /> <br />These risks and costs may not be appropriate for many applications of encryption, <br /> <br />and they must be more fully addressed as governments consider policies that would <br /> <br />encourage ubiquitous key recovery." [http://www.crypto.com/key_study] <br /> <br />SP McCain-Kerrey Senate bill seeks crypto key-recovery infrastructure (R 19 23) <br /> <br />SP Cryptography Policy and the Information Economy, Matt Blaze (R 18 71) <br /> <br />+/- The Net Never Forgets (R 20 09-10), although the UK Labour Party removed its <br /> <br />earlier promises against encryption controls from its Web site (R 20 11) <br /> <br />SP 33 nations sign Wassenaar Arrangement on crypto export controls (R 20 11); <br /> <br />some exemptions considered for open-source crypto software (R 20 11,12) and <br /> <br />public-domain software (R 20 13) <br /> <br />+/- French announcement on changes in liberalizing crypto policy (R 20 17-18), legal <br /> <br />quirk (R 20 20) <br /> <br />Sf Report on timing cryptanalysis of RSA, DH, DSS (Paul C. Kocher) (S 21 2:21) <br /> <br />SfmM($?) Many new crypto-related results: Crypto implementations, particularly in <br /> <br />smart-cards, under theoretical attack by interference-induced faults: Boneh, <br /> <br />DeMillo, and Lipton (Bellcore) on public-key crypto (R 18 50); Ross Anderson on <br /> <br />smart-cards (R 18 52); Biham and Shamir on differential fault-induced analysis of <br /> <br />symmetric crypto – DES, triple DES, RC4, IDEA, etc. (R 18 54, 56); also Paul <br /> <br />Kocher (R 18 57) and Ross Anderson (R 18 58); retrospective research note on <br /> <br />crypto fault analysis, J.-J. Quisquater (R 18 55); role of replication? (R 18 58); <br /> <br />history – note on Bletchley Park Colossus breaking Fish ciphers (R 18 59); <br /> <br />practical tampering attacks, Ross Anderson and Markus Kuhn, Usenix Electronic <br /> <br />Commerce paper (R 18 62); more from Quisquater (R 18 64) <br /> <br />SHOA Paul Kocher provided information on three related attacks: Simple Power <br /> <br />Analysis, Differential Power Analysis, and High-Order Differential Power <br /> <br />Analysis, applicable particularly to devices such as smart cards. See Introduction to <br /> <br />Differential Power Analysis, by Paul Kocher, Joshua Jaffe, Ben Jun, Cryptography <br /> <br />Research (R 19 80) <br /> <br />SP RSA crypto challenges: Ian Goldberg cracks 40-bit RC5 in 3.5 hours, using 250 <br /> <br />machines to exhaust 100B would-be keys per hour (R 18 80); Germano Caronni <br /> <br />cracks 48-bit RC5 in 312 hours, using 3,500 computers to search 1.5 trillion keys <br /> <br />per hour (R 18 82); RSA’s DES-I challenge broken after 4 months <br /> <br />(http://www.rsa.com) (R 19 23); RSA’s RC5-56 challenge cracked by Bovine <br /> <br />Cooperative (S 23 1:14, R 19 43); DES-II-1 challenge cracked: 63 quadrillion keys, <br /> <br />90% of keyspace (R 19 60) <br /> <br />SO DES Cracked: "EFF DES Cracker" Machine Brings Honesty to Crypto Debate; <br /> <br />Electronic Frontier Foundation Proves DES Is Not Secure announcing the Deep <br /> <br />Crack machine. See Cracking DES: Secrets of Encryption Research, Wiretap <br /> <br />Politics, and Chip Design, published by O’Reilly and Associates. <br /> <br />(http://www.eff.org/descracker) (S 23 5:27; R 19 87); review of Cracking DES (R <br /> <br />19 90); implications on cracking passwords, including L0phtCrack (R 19 91-92) <br /> <br />35 <br /> <br />+ Deep Crack (part of Distributed.Net’s 100,000 PC attack) cracks RSA’s DES <br /> <br />Challenge III in less than a day, Jan 1999 (R 20 17-18) <br /> <br />S Elliptic curve 97-bit challenge broken in 40 days with 740 computers in 20 <br /> <br />countries (R 20 61) <br /> <br />SH Lucent cracks SSL e-commerce encryption code (R 19 84) <br /> <br />S Cryptanalysis of Frog, a not-very-strong AES candidate to replace DES (R 19 92) <br /> <br />SP Implications of outlawing concealed messages: ban the Bible, smiley faces, <br /> <br />foreign languages (Navaho used in WWII), on-line card catalogs, random numbers, <br /> <br />what else??? (R 19 37-41); use of steganography, e.g., in graphical images (R 19 <br /> <br />40,41); Feynman’s censors in WWII objected to math! (R 19 39) <br /> <br />SP(f?) More on risks of key recovery: see also PGN testimonies before the Senate <br /> <br />Judiciary Committee and House Science Committee subcommittee on Technology, <br /> <br />with written responses to questions as well (http://www.csl.sri.com/neumann/). <br /> <br />S "Private doorbells" proposed alternative to key-recovery (R 19 85) <br /> <br />Sf More on cryptographic hashing and MD5, Paul Kocher (R 19 26) <br /> <br />S John Gilmore publishes strong crypto code for authentication (R 19 52) <br /> <br />Sf? Discussion of alleged weak RSA keys in PGP (R 19 50) <br /> <br />SP New attack on PGP keys with a Word Macro (R 20 19-20) <br /> <br />Sf Exchange/Outlook plug-in for PGP bypasses crypto (R 19 81-83) <br /> <br />S Why cryptography is harder than it looks, Bruce Schneier (R 19 61) <br /> <br />SH Cypherpunks break GSM digital cell-phone encryption in 90M units (R 19 <br /> <br />67-68); response from GSM Alliance (R 19 69) <br /> <br />SP More on the key-recovery crypto discussion, including the Denning-Baugh report <br /> <br />on crypto impediments to law enforcement (R 19 62,63,65,67,72) <br /> <br />S Discussion of smart-card security, responding to Card Technology Magazine <br /> <br />declaring, "The smart card is an intrinsically secure device." (R 18 91) <br /> <br />S Commerce Secretary calls U.S. encryption policy a failure (S 23 4:25, R 19 68) <br /> <br />SP Ron Rivest’s nonencryptive Chaffing and Winnowing (S 23 4:25, R 19 64); <br /> <br />natural-language example (R 19 65) <br /> <br />SP Cellphone CMEA 64-bit encryption effectively only 24 or 32 bits (R 18 92) <br /> <br />S Myths about digital signatures discussed by Ed Felten (R 18 83,84) <br /> <br />S Leevi Marttila program translates C to English and back; used for crypto, what is <br /> <br />free speech and what is not exportable? (R 19 92) <br /> <br />Sfi Microsoft Outlook e-mail glitch discloses unencrypted message; cancelled <br /> <br />message not cancelled (R 19 74,76) <br /> <br />mh Risk of not backing up PGP Key Ring files (R 20 30) <br /> <br />hei Risks of running a public-key infrastructure (R 20 32-33) <br /> <br />SH Adi Shamir reports design of special-purpose machine to factor RSA prime <br /> <br />products (R 20 37) <br /> <br />$SH Parisian programmer Serge Humpich makes his own smartcards; cracked 640-bit <br /> <br />crypto key (R 20 77); despite negotiations to reveal the technique, he was convicted <br /> <br />of fraud, but given suspended sentence (R 20 82). <br /> <br />VSH Stephen King’s on-line-only eBook taxes Web sites on opening day, 14 Mar <br /> <br />2000, representing unintended denials of service! (R 20 85); it was rapidly reverse <br /> <br />engineered, decrypted, and pirated; ISPs forced customers to delete it, but was still <br /> <br />available elsewhere (e.g., a Swiss bulletin board); developers blame export controls <br /> <br />for weak crypto! (R 20 86) <br /> <br />..... Limitations of encryption and related problems (less recent): <br /> <br />S 100-digit numbers factorable; crypto implications [as of 1988] (S 14 1) <br /> <br />SP DES vulnerabilities claimed by Shamir and Biham (S 16 4, R 12 43); requires <br /> <br />large amounts of known plaintext, ADDS credibility to DES! <br /> <br />S 56-Bit Encryption Is Vulnerable, Says Phil Zimmermann (S 21 5:19) <br /> <br />S Discussion on the strength of 56-bit crypto keys (R 18 26,27) <br /> <br />SP Potential problems with NIST-proposed Digital Signature Standard (DSS) and <br /> <br />DSA (based on ElGamal and Schnorr): Bidzos (R 12 37); Rivest, (R 12 57,58); <br /> <br />others (R 12 33 to 35); Hellman, (R 12 63). <br /> <br />$SP Risks of export controls on workstations, cryptosystems (R 12 30-35); See also <br /> <br />Clark Weissman, Inside Risks, CACM, 34, 10, p.162, Oct 1991. <br /> <br />SP Sun exploits loophole in crypto ban for SunScreen SKIP E+ (R 19 17) <br /> <br />SP MD5 weakness and possible consequences (R 19 14,16,24,26) <br /> <br />$SP Computer Systems Policy Project estimates $60 billion market-share loss in year <br /> <br />2000 resulting from current U.S. export controls on crypto products (R 17 61) <br /> <br />$SP Crypto export licenses issued to Apple, Adobe, RSA (S 17 3) <br /> <br />$SP U.S. encryption export control policy softens somewhat (S 17 4) <br /> <br />S U.S. program export controls ruled unconstitutional by Northern California federal <br /> <br />judge, Marilyn Hall Patel (R 18 69) <br /> <br />SP Charges dropped relating to PGP export and Phil Zimmermann (S 21 2:20) <br /> <br />SP Daniel Bernstein case involving export controls for crypto programs, snuffle and <br /> <br />unsnuffle (R 19 05, 18 69, 19 52) <br /> <br />SH Forged "PGP has been cracked" message (not from Fred Cohen); pursuing the <br /> <br />given URL could lead to your ISP disabling you! (R 19 08,09) <br /> <br />$SP NSA, FBI, cryptosystems: J. Abernathy, Houston Chron. 21Jun92 (S 17 4) <br /> <br />SP Escrowed Key Initiative (Clipper, Capstone, and Skipjack) discussed (S 18 3:A12, <br /> <br />R 14 51-59, ff.); Skipjack Review by Dorothy Denning (R 14 81); more on <br /> <br />Escrowed Keys, SkipJack, Clipper, and Capstone (R 15 46, ff.) <br /> <br />S NSA declassified 80-bit Skipjack encryption algorithm and its 1024-bit <br /> <br />key-exchange algorithm (R 19 84) <br /> <br />S Comments on the U.S. Government Technical Advisory Committee to Develop a <br /> <br />Federal Information Processing Standard for the Federal Key Management <br /> <br />Infrastructure (TACDFIPSFKMI) (R 19 84-86). <br /> <br />SP "Key Recovery" replaces "Key Escrow" in U.S. encryption plan (R 18 50,54) <br /> <br />S Palisades Park NJ school employs 16-yr-old to break into locked-up computer <br /> <br />system – need for key recovery mechanisms? (R 18 70,71) <br /> <br />$S Nov 1995 report on minimal key lengths for symmetric ciphers (R 17 69) <br /> <br />SPH FBI digital phone tapping, see M.G. Morgan, IEEE Institute, Sep/Oct 92 <br /> <br />SP Police can’t crack crypto used by Basque terrorist organization (S 17 3) <br /> <br />! Bank robber foiled by security screen (S 20 1:16) <br /> <br />..... Other topics related to cryptography: <br /> <br />- Discussion over who discovered public-key crypto first: UK’s CESG, or NSA, prior <br /> <br />to Diffie-Hellman? (R 19 51) <br /> <br />Sf Microsoft Crypto Service Provider confusion over "NSA" key discussed (R 20 <br /> <br />57-58,60) <br /> <br />April Foolery and Spoofs <br /> <br />..... April Fool’s Day items <br /> <br />+- April 1984 special section of the Communications of the ACM edited by PGN: A <br /> <br />Further View of the First Quarter Century, pages 343–357, including The <br /> <br />Complexity of Songs (Donald Knuth), The Telnet Song (Guy Steele, Jr.), A <br /> <br />Linguistic Contribution to Goto-less Programming (R. Lawrence Clark – the <br /> <br />famous Come-From paper), CLOG: An Ada Package for Automatic Footnote <br /> <br />Generation in Unix (Preet J. Nedginn and Trebor L. Bworn), Languages: Three <br /> <br />Interviews (Peter Brown), and a classic, The Chaostron: An Important Advance in <br /> <br />Learning Machines (J.B. Cadwallader-Cohen, W.W. Zysiczk, and R.B. Donnelly). <br /> <br />SH 1984: Chernenko at MOSKVAX: network mail hoax by Piet Beertema (S 9 4) <br /> <br />SH 1988: Self-referencing forged April Fool warning message, seemingly from Gene <br /> <br />Spafford (S 13 2,3; R 6 52) <br /> <br />+- 1990: Transmission of IP Datagrams on Avian Carriers (S 15 3) <br /> <br />$S 1995: Internet cybergambling (R 17 02) <br /> <br />Microsoft will NOT acquire the Catholic Church! (S 20 2:7) <br /> <br />1997: French immune to Y2K: quatre vingts dix neuf (4x20+10+9) will increment to <br /> <br />cinq vingts (5x20); Windows ninety-ten will adopt similar strategy (R 19 01) <br /> <br />1997: Proposal to lengthen the second by 0.00001312449483 to eliminate leap years <br /> <br />(R 19 01) or slow down the earth’s orbit accordingly (R 19 02) <br /> <br />1997: Microsoft buys Sun in order to kill Unix (R 19 01) <br /> <br />1997: Hale-Bopp solar wind (cosmic radiation) causes ticking and buzzing in <br /> <br />computer mouse; problem worsened by Internet acting as giant antenna (R 19 02) <br /> <br />1998: Funding for a new software paradigm, removing rarely used code producing <br /> <br />routinely ignored diagnostics, to combat software bloat (R 19 64) <br /> <br />1998: Quantum computer cracks crypto keys quickly (R 19 64) <br /> <br />1998: The Computer Anti-Defamation Law protecting developers against criticism (R <br /> <br />19 64) <br /> <br />1999: The Y9Z problem, Mark Thorson; 99 rolls over to 9A; 199Z (the year 2025) <br /> <br />rolls over to 19A0; then 19ZZ can roll over to "2000" (R 20 26) <br /> <br />1999: Y2K bug found in human brain (R 20 26) <br /> <br />1999: Vatican announces all computer systems ready for new millennium; Roman <br /> <br />numerals are the answer! (R 20 26) <br /> <br />1999: Historical retrospective analysis of the Y10K problem, dated 1 Apr 9990 (R 20 <br /> <br />26) <br /> <br />1999: RFC2550 - Y10K and Beyond: marvelous RFC on solving the Y10K problem <br /> <br />by Steve Glassman (R 20 27) <br /> <br />1999: Linus Torvalds starts for-profit LinusSoft; open-source advocates SlashDot <br /> <br />launch SlashDot Investor; Richard Stallman of the Free Software Foundation now <br /> <br />Senior Vice President for Ideology (R 20 26) <br /> <br />1999: Professor wants Y2K jokes banned on the Net (Edupage item, R 20 28) <br /> <br />1999: Congress votes to move Daylight Savings cutover to Monday to avoid Easter <br /> <br />confusion (R 20 28) <br /> <br />1999: Tuxissa Virus creator (Anonymous Longhair) modifies Melissa to download <br /> <br />and install Linux on infected Microsoft systems (R 20 29) <br /> <br />1999: Running out of time on Y2K? Add a month to the calendar (Martin Minow) <br /> <br />1999: Zurich loses citizens files on 31 Mar 1999 after Y2K upgrade test crash (R 20 <br /> <br />29); was this real or April Foolish? Doesn’t matter. The lesson is the same: keep <br /> <br />backups (R 20 30) <br /> <br />1999: Australian Securities & Investment Commission’s April Foolery: Millennium <br /> <br />Bug Insurance (R 20 37) <br /> <br />2001: Windows 2000 source-code access to top MS customers protested by smaller <br /> <br />36 <br /> <br />customers; spoof on it being written in Microsoft Basic with obscure variable <br /> <br />names (S 26 4:11, R 21 31) and follow-up comment (R 21 33) <br /> <br />2001: Foot-and-mouth virus propagation: "first virus unable to spread through <br /> <br />Microsoft Outlook" (Copyright, <br /> <br />http://www.satirewire.com/news/0103/outlook.shtml) (R 21 31, with serious <br /> <br />follow-up in R 21 33); also, roles of computers and bureaucracy in real spread (R <br /> <br />21 76) <br /> <br />2001: Bogus movie description created by techies at The New York Times in test <br /> <br />development in 1998 showed up accidentally in the paper – on 1 Apr 2001! (S 26 <br /> <br />4:11-12, R 21 36) <br /> <br />2002: ARF reconstituted as the Bureau of Alcohol, Tobacco, Firearms, and Software <br /> <br />(ATFS), in an attempt to regulate the software industry, with penalties for <br /> <br />possession of unlicensed products (R 22 01); discussion of this and the following <br /> <br />2002 spoofs (R 27 04) <br /> <br />2002: Review of a bogus book, "Hacking for Dummies"; also two older pieces <br /> <br />revisited, If GM build computers and if Microsoft built cars, and a SatireWire item <br /> <br />on splitting up Microsoft into two companies, one to make software, the other to <br /> <br />make patches (R 22 01) <br /> <br />2002: Parody, "If General Motors had kept up with the technology like the computer <br /> <br />industry has, we would all be driving $25.00 cars that got 1,000 miles to the <br /> <br />gallon." Also, followup parody of would-be GM response, e.g., cars that crash <br /> <br />twice a day, press start to stop the engine, airbags asking for confirmation, and <br /> <br />overloaded single control interface (R 22 01); interesting discussion of the actuality <br /> <br />of several of these (R 22 02-03) <br /> <br />2002: Splitting Microsoft into two companies, one to make software, the other to <br /> <br />make patches (R 22 01) <br /> <br />2002: Spoof after warning to New South Wales students to watch out for 1 April (R <br /> <br />22 04) <br /> <br />2002: The Scandanavian "nation" of Ladonia draws thousands of requests for <br /> <br />citizenship! (R 21 96) <br /> <br />2003: The Security Flag in the IPv4 Header, the Evil Bit (Steve Bellovin, R 22 66); <br /> <br />alternative: The Angelic Bit (Drew Dean, R 22 66) <br /> <br />2003: Recycling of old programs (R 22 66) <br /> <br />..... Other spoofs and pranks: <br /> <br />VSHOA See the various Web site hacks above, in which the Justice Department, CIA, <br /> <br />Air Force, NASA, Army, and other Web sites had bogus pages installed. <br /> <br />VSHO 1984 Rose Bowl hoax, scoreboard takeover ("Cal Tech vs. MIT") (S 9 2) <br /> <br />H CNN nearly broadcast bogus on-line report of Bush’s death in Japan (S 17 2) <br /> <br />SH Bogus report, BritTelecom NOT hacked for intelligence secrets (S 20 2:13) <br /> <br />SH AOL4FREE.COM virus report started out as yet another hoax, but such a virus <br /> <br />was actually created within 24 hours (R 19 11) <br /> <br />SH Moynihan Commission report on Penpal virus hoax (R 19 04) <br /> <br />SH E-mail hoax at University of Maryland: canceling classes (R 22 72; S 28 4:8-9) <br /> <br />SH Washington DC street message board displays bogus message (S 15 1) <br /> <br />SHA Caltrans freeway off-ramp sign spoofed (S 21 2:20) <br /> <br />SHAO Bogus computer-generated draft notices swamp Univ. Minnesota (S 16 2) <br /> <br />SHAO Bogus e-mail submits Univ. of Wisconsin official’s resignation (S 19 1:7) <br /> <br />SHAO German intruder forges White House messages (R 17 31,32) <br /> <br />$SH "Goodbye, folks" software prank costs perpetrator £1000 (S 11 3) <br /> <br />- [bogus] First cybersex pregnancy Weekly World News (R 19 60) <br /> <br />- Reactions to Mary Schmich’s parody of Kurt Vonnegut on the Internet (R 19 29) <br /> <br />SHI London Underground hacked by insider posting nasty messages (R 17 36) <br /> <br />SH Risks of digital video editing – authenticity question (S 14 2) <br /> <br />S Risks in altered live video images: L-vis Lives in Virtual TV (R 18 18-21) <br /> <br />$SH Beeper messages to call back result in $55 900-number charges (S 16 3) <br /> <br />SH Password attack as e-mail root spoof demanding password changes (S 16 3) <br /> <br />$SH Houston City Hall voice-mail pranked; no passwords needed! (S 16 4) <br /> <br />S Stolen account used to send hate e-mail at Texas A&M (S 20 1:21) <br /> <br />- Computer system tracks school assignments and automatically calls home on <br /> <br />students who cut classes until someone/something answers; spoofable (S 17 1) <br /> <br />- Bogus element 118 un-discovered. Phonium? Phakium? Phorgium? Phudgium? <br /> <br />Mike Hogsett suggested Itaintium (It-ain’t-ium or I-taint-ium) and Unscrupulum. <br /> <br />With elements 102 and 101 being Nobelium and Mendelevium, Stephen Poley <br /> <br />suggested 118 would be Nobelievium. (R 22 31-32) <br /> <br />Privacy Problems <br /> <br />..... Recent yet-to-be-merged privacy items: <br /> <br />SPf Privacy flaw in CyberCash 2.1.2 discussed by Steve Crocker (R 19 47) <br /> <br />SP Discussion of Easter Eggs (hidden features) in commercial software (R 19 53,55) <br /> <br />P Ontario removes privacy controls on students’ personal information (R 19 48) <br /> <br />SP Swedes discover Lotus Notes (64-40 or fight?) has key-escrow crypto (R 19 52) <br /> <br />$SHPOe Japanese bank records stolen; aftermath of flawed upgrade (R 19 53) <br /> <br />P Case of pharmacy mixing up confidential records (R 19 53) <br /> <br />P China cracks down on Internet access (R 19 54) <br /> <br />P Navy discharge case based on violation of don’t-ask don’t-tell, illegally gained <br /> <br />AOL data (R 19 55); ruling reversed <br /> <br />PfSoftware flaw causes Virginia to misidentify 2300 people as child-support <br /> <br />deadbeats (R 19 58) <br /> <br />+/- Response to West Virginia ’deadbeat-dad’ glitches: woman builds system to <br /> <br />counter effects (R 19 73) <br /> <br />S?P? Discussion of possible risks of interpreting robots.txt (R 19 57-59) <br /> <br />SP? Furby off-limits at NSA as security risk (R 20 16,20) <br /> <br />SP win.tue.nl ftp site hacked, login/uid info forwarded to Hotmail (R 20 18-19) <br /> <br />SP Serious security breach in Canadian consumer-tracking database (R 20 18) <br /> <br />P Furor over Intel’s Pentium III processor ID discussed by Bruce Schneier (R 20 19); <br /> <br />German report of flaw re-enabling override of ID disabling (R 20 23) <br /> <br />hPi U.S. Bureau of Labor Statistics posts official tables one day prematurely (R 20 <br /> <br />05); another premature data release: Producer Price Index (R 20 16); Australian <br /> <br />budget press release follows suit, blamed on "technical and human errors" (R 20 <br /> <br />39) <br /> <br />SP Markus Kuhn and Ross Anderson’s Soft Tempest, Microsoft, and copy prevention <br /> <br />(R 19 59-60) <br /> <br />SP American Bar Assn OKs unencrypted Internet e-mail for client documents (R 20 <br /> <br />34) <br /> <br />P? DejaNews feature on surreptitious URL link manipulation (R 20 34-36) <br /> <br />P IWC Watch Company site publishing visitors e-mail addresses (R 20 35); wrong <br /> <br />URL posted! (R 20 36) <br /> <br />SP SingNet surreptitiously scans customer PCs: "looking for CIH virus" (R 20 40) <br /> <br />SP* Bank United of Texas to use iris scanners (R 20 40) <br /> <br />SPH MI6 agents "outed" on Web by disgruntled employee (R 20 39) <br /> <br />P Conflict between UK libel law and U.S. free speech on usenet items written in the <br /> <br />U.S. (R 19 79) <br /> <br />SP Cell phones can be instant bugs! (R 20 53) <br /> <br />SP Electronic wiretaps on wireless devices outnumber those on wireline phones (R 20 <br /> <br />41) <br /> <br />P Distributed cooperating Smart Dust particles as spies? (R 20 58) <br /> <br />P Proposal for Secret Service national ID database (R 20 57) <br /> <br />SPh Canadian spy secrets leaked on Web (R 20 55) <br /> <br />SP+/- NCIC 2000 began 11 Jul 1999, with remote mugshots, fingerprint searches, <br /> <br />expanded coverage (probation, parole, sex offenders, in prison); risks of false <br /> <br />positives, accuracy/timeliness of new entries, no probable cause; cost overran x2 <br /> <br />(US$183M vs US$80M), took 7 years not 3; accuracy requirement relaxed; risks of <br /> <br />use on ordinary folks? (R 20 53); Mass. requires mugshots/fingerprints for firearm <br /> <br />owners with no law enforcement records, forwarded to Feds (R 20 54-55) <br /> <br />SPhi NCIC database accuracy requirements relaxed (R 22 65,67,69,71) <br /> <br />P California wants to sell confidential wage data (R 20 43) <br /> <br />SP Man recording police abusiveness sentenced for violations of wiretap statute (R 20 <br /> <br />47) <br /> <br />P DoJ seeks wider access to computer data (R 20 55) <br /> <br />P Risks of sharing files via Yahoo (R 20 53) <br /> <br />Ph Risks of unexpected cell-phone redials (R 20 46) <br /> <br />P Minnesota Bank sued over client data sale (R 20 44) <br /> <br />SP Zero-Knowledge Systems allows five pseudonymous identities, but restricts <br /> <br />number of messages (R 20 69) <br /> <br />SP Steganographic IDs in color copier/printer images (R 20 68) <br /> <br />SAPi Risks in ResearchIndex, digital library of CS papers (R 20 70) <br /> <br />SPhe Northwest Airlines may have leaked credit-card numbers after maintenance (R <br /> <br />20 74) <br /> <br />$SHP Small-town Italian postman intercepts PIN codes for more than 100 new credit <br /> <br />cards (R 22 68) <br /> <br />SPf TWA e-mail includes others’ addresses (R 20 85) <br /> <br />SPH Stolen MI5 laptop contains sensitive info (R 20 85) <br /> <br />SPf Breach 12-13 Feb 2000 exposes H&R Block customers’ tax records, Block shuts <br /> <br />down 15 Feb, 2nd time in two weeks (R 20 80) <br /> <br />SP On-line confessional Web site promises privacy! (R 20 76) <br /> <br />SP Great West bank reveals personal info (R 20 80,82) <br /> <br />*SP Risks of Internet-connected heart devices (R 20 78) <br /> <br />P Georgetown Univ. study criticizes health sites for privacy intrusions (R 20 78) <br /> <br />P Lawsuit against Yahoo! for collecting cookies (R 20 78) <br /> <br />P Doubleclick saga: Michigan files "notice of intended action" over cookies (R 20 81) <br /> <br />*P Cybersex compulsives represent hidden health hazard (S 25 3:22, R 20 84) <br /> <br />P Havenco, data haven off-shore from UK (R 20 91) <br /> <br />P Julia Roberts gains access of her named domain, and other cases of domain-name <br /> <br />hijacking (R 20 91) <br /> <br />P Pac*Bell publishes 400,000 phone books with Cox Communications customers’ <br /> <br />37 <br /> <br />unlisted phone numbers, including names and addresses; Cox blamed for not <br /> <br />pruning its own list (R 20 90-91) <br /> <br />SP Powergen: 7000 customers’ Credit-card info exposed on the Web (R 20 97) <br /> <br />SPf Glitch at Amazon.com exposes e-mail addresses (R 21 04; S 26 1:37) <br /> <br />SPf "Free" e-mail accounts and passwords exposed for a month (R 21 03; S 26 1:37) <br /> <br />SP Kaiser Permanente medical e-mails go to wrong people (R 21 02; S 26 1:38) <br /> <br />SPh Mix-up sends Spanish bank e-mail to Virginia BBoard (NewsScan, R 20 94) <br /> <br />SP Verizon’s 28M private phone records exposed on Web (R 21 01; S 26 1:38) <br /> <br />SP British law would allow police to intercept e-mail (R 20 95) <br /> <br />SP(+/-) White House revised encryption policy (R 20 95) <br /> <br />SP Hotel telephones give identity of called room occupants (R 20 93) <br /> <br />SP+/- People For Internet Responsibility (PFIR) Statement on Government <br /> <br />Interception of Internet Data, 7 Sep 2000 <br /> <br />http://www.pfir.org/statements/interception (R 21 04); Statement on Internet <br /> <br />Policies, Regulations, and Control (http://www.pfir.org/statements/policies) (R 20 <br /> <br />96) <br /> <br />P Internet content for 2000 Olympics restricted to protect TV (including diaries, <br /> <br />chats, streaming video) (R 21 07) <br /> <br />SPH CIA secret off-color chat room undetected for five years (R 21 13) <br /> <br />P Richard M. Smith’s top 10 privacy stories of 2000 <br /> <br />http://www.privacyfoundation.org/release/top10.html (R 21 18) <br /> <br />SPh,h URL typo + Web glitch = private Florida Health Dept files world-readable <br /> <br />(RISKS 21.09-10) <br /> <br />P US Government’s healthcare database contains inaccurate and flawed information <br /> <br />(R 21 15) <br /> <br />P Intelligence gathering risks from some over-informative e-mail auto-responses (R <br /> <br />21 16,22) <br /> <br />SP IBM and Intel push copy protection into ordinary disk drives: various views (R 21 <br /> <br />17-19) <br /> <br />P Privacy/quality risks in Quicken Online Billing Service (R 21 17) <br /> <br />Phf Credit report full of errors – and ex-spouse’s address (R 21 17) <br /> <br />hiP Misidentification: recorded on CCTV, UK citizen arrested after making normal <br /> <br />transaction immediately following cash-machine thief (R 21 36) <br /> <br />SP Dutch government advised to give citizens Web access to Civil Registry ’digital <br /> <br />vault’ with their personal information; risks issues (R 21 33) <br /> <br />SPh Kew Public Records Office using British prisoners for data input of old census <br /> <br />data; they made changes such as "wardens" to "bastards"; subsequent corrections <br /> <br />being outsourced to "cheap labor" in India (R 21 35) <br /> <br />P Amtrak ’sharing’ passenger information with Drug Enforcement (R 21 36); later <br /> <br />backs down <br /> <br />SSN problems in mortgage info database (R 21 31) <br /> <br />SP 9 states have insecure sex-offender Web sites; 2 have insecure criminal history <br /> <br />records (R 21 22) <br /> <br />SP GAO finds lax security in IRS electronic filing system, ability to read and change <br /> <br />other people’s returns (R 21 28) <br /> <br />SPf Network Solutions exposes e-mail addresses, enables unauthorized deletions (R <br /> <br />21 21) <br /> <br />Sh Porn site took over domain of widely used agricultural resource center, causing <br /> <br />unfortunate links from government and school sites; faulty Network Solutions <br /> <br />record-keeping blamed (R 21 29) <br /> <br />SPf Bibliofind exposes credit-card info for 4 months (R 21 26-27) <br /> <br />SPH Theft of RCMP officer’s vehicle gives home address, and robbery of home <br /> <br />computers and property (R 21 22) <br /> <br />P Police can read event data recorders in auto air-bag systems (R 21 23) <br /> <br />Pf 401(k) mixup sends statements to off-by-one recipients, disclosing personal info <br /> <br />(R 21 21) <br /> <br />SPe Travelocity exposes 51,000 customers’ information for up to a month (R 21 21) <br /> <br />P Lax customer information privacy policies: Network Solutions (R 21 24), Amazon <br /> <br />changes end-game policy, WebVan, ... <br /> <br />P Lawsuit challenges "file buying" of prescription records when pharmacy stores are <br /> <br />sold (R 21 35) <br /> <br />SPf More on hidden info in MS Word documents (R 21 25,32) <br /> <br />SP Fairfax Virginia police records are posted online (in MSWord), but never updated <br /> <br />to include case dispositions (R 21 27) <br /> <br />SP New flashlight sees through doors as well as windows (R 21 35) <br /> <br />P Hidden highway robbery within Microsoft Terms of Use contracts? (R 21 32,35) <br /> <br />SP U.S. Web sites fall short of global privacy standards (S 26 6:14, R 21 61) <br /> <br />P Woman stalked by Michigan cop via police databases before being murdered (S 26 <br /> <br />6:14, R 21 60) <br /> <br />SPhe Georgia’s HOPE scholarship program passwords and personal info exposed on <br /> <br />the Web and cached on search engines for many months; deletion of one file <br /> <br />blamed (R 21 58,59) <br /> <br />SP Washington State public schools putting student information on the Internet; <br /> <br />security and privacy questioned (R 21 43) <br /> <br />P Council of the European Union considering storing all telecom traffic for at least 7 <br /> <br />years – for "public safety and law enforcement"? (R 21 42-45) <br /> <br />P Totally Hip’s Mac "Livestage Pro" covert http tracking; Adobe similar (R 21 56,58) <br /> <br />Se Building alarm-monitoring security-system update leads to insecurity: <br /> <br />configuation database and backups deleted (R 21 54) <br /> <br />Sfei Peoples Federal Savings Bank software upgrade goes awry: PINs inadvertently <br /> <br />reset to obvious default; account linkages disabled; other changes (R 21 53); things <br /> <br />not improved months later (R 21 82); retraction after bank explanation five months <br /> <br />later (R 21 86) <br /> <br />SP World bank, seeking safer place to meet, chooses the Internet! (R 21 43) <br /> <br />Ph Illinois Registered Sex Offender database rife with consequential errors (R 21 44) <br /> <br />SP More than 90 Michigan cops abused police database to stalk women, threaten <br /> <br />motorists, settle scores (R 21 58) <br /> <br />P(+/-) Omron Corp anti-theft device intended to stop stolen car outside police station <br /> <br />and lock driver inside (R 21 58) <br /> <br />SPH Software worm VBS.Noped.a searches your computer for pornography (R 21 <br /> <br />49) <br /> <br />SP Leakages of sensitive information: Excel (R 21 39); Berlin Bank (R 21 50); Eli <br /> <br />Lilly Prozac users list (R 21 51); UK Consumers’ Association Web site (R 21 51); <br /> <br />UK cabinet minister’s draft changes (R 21 53); medical records transcribed by <br /> <br />3rd-party, sent by unencrypted e-mail (R 21 56); AT&TWorldnet exposes all user <br /> <br />passwords (R 21 57,61) <br /> <br />SP FTD.com security hole leaks personal customer information (R 22 58) <br /> <br />SP NASTAR Web site provides personal skier information to anyone (R 22 51) <br /> <br />SHP Theft of 9 sports-club lockers followed by bogus phone calls from "police fraud <br /> <br />department" asking for credit info, SSNs, etc.; several duped victims (R 21 56) <br /> <br />SP Web site streams live audio from private Ottawa cell calls (R 21 48) <br /> <br />P Supreme Court rules 5 to 4 in Kyllo case against thermal-imaging scanners (R 21 <br /> <br />47) <br /> <br />SP Scottish newspaper archive in contempt of court (S 27 2:13, R 21 88) <br /> <br />SP Judge ordered hack of Interior Department trust fund system for Native <br /> <br />Americans (R 27 2:13, R 21 81) <br /> <br />SP Gwinnett County GA keeps prison inmates list online (S 27 2:14, R 21 81) <br /> <br />SP FBI may not appreciate the risks with Carnivore sniffing e-Mail (S 27 2:15, R 21 <br /> <br />82) <br /> <br />SPH Wiretapping equipment compromised: FBI, CALEA (R 27 2:15, R 21 83) <br /> <br />SP Web site about PC security asking to lower PC/browser security (S 27 2:16, R 21 <br /> <br />86) <br /> <br />SP DoT linking DMV databases and biometrics on driver’s licenses; risks of false <br /> <br />arrest, internal abuse, disclosure, etc. (S 27 2:17, R 21 87) <br /> <br />SPfmi Biometric systems more like toys than serious security measures (R 22 15,37); <br /> <br />face recognition found lacking at Boston’s Logan Airport (R 22 16) <br /> <br />S Reports on biometrics for controlling borders, airports, and seaports (R 22 60) <br /> <br />S$ Biometrics: retina scans used for automating English school lunch payments (R 22 <br /> <br />49) <br /> <br />SHAPf* More on biometrics, including iris scans (R 20 41-43); Thumbprints in <br /> <br />Malaysian smart cards (R 20 43) <br /> <br />SP UK Home Office identity infrastructure: Risks of diverse identification documents <br /> <br />vs national identity card, biometric database, etc. (Markus Kuhn, R 22 47) <br /> <br />Sf US ARO seeking odortype detection (R 22 43) <br /> <br />SPi Iceland places trust in face-scanning (S 27 2:17, R 21 89) <br /> <br />SP An outrageous violation of privacy in composite picture of WTC helper (S 27 <br /> <br />2:17-18, R 21 87) <br /> <br />SPhi ATT ignores its own privacy policy with cleartext bypass of SSL (S 27 2:18, R <br /> <br />21 86) <br /> <br />SP Office XP, Windows XP can send sensitive info to Microsoft in debugging <br /> <br />information following crashes (R 21 82) <br /> <br />SP P3P privacy filters in IE6 present legal liability; in 1999, Bancorp paid $7.5 <br /> <br />million for misstatements in posted privacy policy (R 21 82) <br /> <br />SP Virginia county recalls 11,000 student laptops to retrofit security against porn, <br /> <br />grade changing, game/music downloading, in-class messaging (R 21 88) <br /> <br />SP German government bans porn (worldwide) except from 11pm to 6am German <br /> <br />time! (R 21 81-82) <br /> <br />SP RSA Conference e-mail newsletter has tracking bugs (R 21 89) <br /> <br />SPA$ Official self-service litigation system available in England and Wales (R 21 89) <br /> <br />SPf Wireless Nanny-Cam broadcasts hundreds of yards away, easy to intercept (R 22 <br /> <br />04-05); wireless network eavesdropping can be done with an antenna made from an <br /> <br />old Pringles tube (R 21 96) <br /> <br />$SPHI Brisbane ISP in court for intercepting e-mail and fraudulent debits (R 21 89) <br /> <br />SPH Theft of Experian credit reports by masquerading as Ford Motor Credit office (R <br /> <br />22 09-10) <br /> <br />SP Teale Data Center’s California personnel files were breached for all 265,000 state <br /> <br />38 <br /> <br />workers (R 22 10) <br /> <br />SP RSA Conference html-ized e-mail has tracking bugs (R 21 89) <br /> <br />SPf Risks of hotel STSN Internet access (R 21 91) <br /> <br />SP New official self-service litigation system available in England & Wales (R 21 89) <br /> <br />SP LED light content reportedly can be detected remotely (R 21 94-96,98) <br /> <br />SP Security leak in Dutch Internet sexshop (R 22 01) <br /> <br />$SP Saab USA Web site leaks customers address, offers extra discounts (R 22 01) <br /> <br />SP Gillette’s Mach3 includes MIT antitheft tracking microchip (R 22 02) <br /> <br />SPi UK govt wants to make Internet "e-filing" compulsory by 2010 for tax returns, <br /> <br />with £3,000 fines (R 22 07) <br /> <br />SPf E-mail subscription link gives full access to other people’s personal details (R 22 <br /> <br />01) <br /> <br />ShP Midwest Express Airlines Web site leaks customer information (R 22 05) <br /> <br />SP Photocopier stores document for later printing; confidentiality risk (R 22 01) <br /> <br />P British Telecom publishes list including confidential ex-directory telephone <br /> <br />numbers (R 22 01) <br /> <br />Pi BBC monitoring policy states that any response whatsoever constitutes consent to <br /> <br />e-mail being monitored; e-mail opt-out impossible! (R 21 95); This is a <br /> <br />requirement of the UK "Regulation of Investigatory Powers Act". (R 21 96); more <br /> <br />on copyright implications (R 21 98) <br /> <br />$P CT Dept of Consumer Protection questions speeding fines levied by rental-car <br /> <br />companies (R 21 91) <br /> <br />SP Risks of SafeWeb anonymizer: tunneling too close to the person you’re trying to <br /> <br />protect (S 27 3:12-13, R 21 93) <br /> <br />SPA Privacy risks in MSN Messenger 4.6 (R 22 13) <br /> <br />SP Risks of identity-theft Web site (R 22 13) <br /> <br />SPA 54% of U.S. schools use students for computer tech support (R 22 11) <br /> <br />SPA Japanese service links ATMs to cell phones (R 22 16) <br /> <br />SPH Enron/Anderson types of problems reach into information technology: the Big 5 <br /> <br />accounting firms also audit information assurance and security (R 22 13) <br /> <br />SP Tracking subway users by electronic fare cards (R 22 12) <br /> <br />SP Finger-printing children in schools, without parental involvement (R 22 18) <br /> <br />SPfi Kazaa users inadvertently share their private files (R 22 12) <br /> <br />SPf Web glitch exposed 300,000 Canadian accounts at Fidelity Investments (R 22 12) <br /> <br />P Are we legally obligated to watch commercials? (R 22 12) <br /> <br />P Citibank’s third-party e-mailing raises privacy concern (R 22 23) <br /> <br />SP Federal appeals court overturns its own Web site privacy ruling (R 22 23) <br /> <br />P$ Tough EU privacy rules influence U.S. Web practices (R 22 22) <br /> <br />VSHPm Rube Goldberg strikes again: man damages cruiser; police use pepper spray, <br /> <br />restraints, place him in jail cell; he jumps up, hitting light and microphone, <br /> <br />destroying the light, tripping a circuit breaker, causing the police dispatch room <br /> <br />lights to go out and messing up the phone systems (R 22 22) <br /> <br />$SPf New Jersey E-ZPass transponders wearing out, causing bogus citations and <br /> <br />necessitating 900,000 replacement devices (R 22 31) <br /> <br />SPf? Lying Lie Detectors, William Safire article quotes National Research Council <br /> <br />study: "No spy has ever been caught [by] using the polygraph." (R 22 30) <br /> <br />$SP$ etc. The Underground Web: illegal activities so easy (R 22 24); fake Internet <br /> <br />bank bilked two people out of $100,000 (R 2 29) <br /> <br />SHAP$ FDA approves use of implantable ID VeriChip in humans (R 22 32-33) <br /> <br />SP Oregon proposing to tax in-state car mileage via GPS (R 22 46) <br /> <br />P Privacy Journal ranks states on privacy; California and Minnesota best (R 22 32) <br /> <br />P(h/f?) BSA Accuses OpenOffice ftp sites of piracy (R 22 60-62) <br /> <br />SP+ Good example: seriously protected patient data with real deletion (R 22 60,62) <br /> <br />SHP New $40 telemarketing tool makes caller ID fakery easy (R 22 60) <br /> <br />SHP Bogus Hotmail password change page captured 120 user accounts (R 22 57) <br /> <br />SHP Information on 5 million U.S. credit-card accounts hacked (R 22 56) <br /> <br />SP+ eBay Sting locates stolen Fluke inline network tester (R 22 56) <br /> <br />SP eBay privacy policy wide open to investigators (R 22 59) <br /> <br />SP Surplus computer in Kentucky held supposedly deleted AIDS files (R 22 55) <br /> <br />SP Junked hard drives yield lots of personal data (R 22 50) <br /> <br />SP Hong Kong gym pulls plug on camera cell phones (R 22 49) <br /> <br />SP Alcala University developing electronic system to monitor and remotely control <br /> <br />elevators over the Internet (R 22 58) <br /> <br />SP Judge suspends Washington State telephone privacy regulations; constitutionality? <br /> <br />(R 22 55) <br /> <br />P Scientology critic fined under French law for Web site (R 22 59-60) <br /> <br />SPA T-Mobile Hotspot uses SSN for passphrase (R 22 72) <br /> <br />SP- Use of satellite cell phones among embedded media folks in Iraq: Risks of not <br /> <br />being lost! (R 22 69) <br /> <br />SP Cisco’s eavesdropping enables undetectable lawful interception (R 22 71) <br /> <br />SPfh Search engines making sensitive information easy to locate (R 22 64) <br /> <br />SP Benetton clothes to include tracking chip (R 22 64); later rescinded <br /> <br />SP Federal privacy rules for medical information (R 22 69); rules let marketers see <br /> <br />sensitive patient data (R 22 70) <br /> <br />SP- Secrecy and the Patriot Act: library records, wire transfer blocked because of <br /> <br />spouse’s name, law suits, etc. (Amy Goldstein, NYT, R 22 90) <br /> <br />P MIT Web site provides dossiers on government officials, turning the tables (R 22 <br /> <br />79) <br /> <br />SP QinetiQ "intelligent" airplane seat to detect nervousness in passengers and alert <br /> <br />airline staff (R 22 78) <br /> <br />SP FTC increases focus on privacy; serious vulnerability on Guess Inc.’s Web site <br /> <br />revealed 200,000 customer credit-card numbers (R 22 79) <br /> <br />SP WhereWare tracks your location (R 22 90) <br /> <br />SP Wall Street trading scandal uses instant messaging evidence (R 22 91) <br /> <br />SHPIi VeriSign’s Site Finder captures all nonexistent .com and .net addresses, breaks <br /> <br />all sorts of Internet services, causes significant controversy (R 22 91) <br /> <br />SHAOP Men steal computers from high-security Sydney Airport facility (R 22 90) <br /> <br />SP Resold BlackBerry contains sensitive Morgan Stanley data (R 22 88) <br /> <br />Sf Sensitive health data on PrecisionRX.com Web sites reflects lack of security <br /> <br />awareness (R 22 75,76) <br /> <br />SP Confidential hospital records in memory stick (re)sold-as-new (R 22 83) <br /> <br />SP Metadata residues in Photoshop files (R 22 83,84) <br /> <br />SP Microsoft Word hits Tony Blair: Web-posted document residues shows names of <br /> <br />four employees involved in the plagiarized dossier on Iraq (R 22 79, two items) <br /> <br />P Indiana man charged in e-mail stalking of TV anchorwoman (R 22 80) <br /> <br />SHP+ Inadvertent cellphone redial leaves burglars’ conversation on victim’s <br /> <br />girlfriend’s voicemail (R 22 79) <br /> <br />SP U.K. man proves he was victimized by network porn vandals (R 22 84) <br /> <br />SP Pentagon’s plans for terrorism futures market attacked, perhaps led to John <br /> <br />Poindexter’s resignation from DARPA (R 22 83); America Action Market offers <br /> <br />wagers on political events (R 22 83,84) <br /> <br />SP New laws induce greater corporate surveillance (R 22 80) <br /> <br />SP Coplink software helps police draw crime links (R 22 81) <br /> <br />SP+(!) Cell-phone log retention finds missing IRS employee’s body (R 22 78,79) <br /> <br />SP Samsung Electronics bans camera phones from key factories (R 22 81) <br /> <br />SP Tiny RFID tracking chips surface in retail use (R 22 77); RFID site security gaffe <br /> <br />uncovered by CASPIAN consumer group (R 22 79); nuking of RFID chips (R 22 <br /> <br />80,81) <br /> <br />SPfh NZ Health Commissioner’s anonymised case reports not so anonymous, <br /> <br />including Word residues (R 22 81) <br /> <br />SPA UK: Sign someone else up to be an organ donor! No authentication. (R 22 77) <br /> <br />..... End of yet-to-be-merged privacy items <br /> <br />..... Government Surveillance: <br /> <br />SP Court says FBI has been given too much wiretap power (R 21 03; S 26 1:34-35) <br /> <br />SP FBI’s Carnivore monitors Internet traffic; summary of House Judiciary oversight <br /> <br />hearing, by Lina Tilman (R 20 97; S 26 1:35-36); sloppy pdf usage allows <br /> <br />expurgated information on review team identities to be uncovered (R 21 08-09, S <br /> <br />26 1:36) <br /> <br />SPhi FBI’s Carnivore unintended overcollection hampered anti-terror probe (R 22 11; <br /> <br />S 27 6:11-12) <br /> <br />SPHAOf FBI targets suspects’ PCs with Trojan-horse spy (R 21 77; S 27 1:11) <br /> <br />SP(H/h?) FOIA-obtained memo reveals FBI national security wiretap violations (R <br /> <br />22 32) <br /> <br />+- DoJ does not support FBI on CALEA-amendment roving wiretaps (R 19 90) <br /> <br />SPAHO Unencrypted Secret Service pagers intercepted, despite demos of the <br /> <br />vulnerabilities 3 years before at Hackers on Planet Earth (S 23 1:13, R 19 39,40) <br /> <br />P Germany still planning law-enforcement surveillance on ISPs (R 21 25) <br /> <br />SPfh Software failure billed 50 German phone-tapped suspects for the eavesdropping <br /> <br />connections, blowing secrecy; almost 20,000 lines currently under surveillance in <br /> <br />Germany (R 22 33) <br /> <br />SPH Risks of concentrated power and the surveillance state: Chicago Chief of <br /> <br />Detectives insider information used for thefts (at least $5M) (S 27 1:13, R 21 73) <br /> <br />SP French spies listen in to British business phone calls (S 25 3:20, R 20 77) <br /> <br />P UK Regulation of Investigatory Powers Bill requires ISP to record all traffic; use of <br /> <br />crypto can put you in jail if you cannot produce the key! (R 20 90) <br /> <br />SPf Automated traffic-camera system has flaws, citing driver of Honda CR-V for <br /> <br />speeding in a sporty coupe (R 21 58); Honolulu citations 80% unenforceable due to <br /> <br />human errors (R 21 87); police officers being cited for speeding to emergencies (R <br /> <br />21 81) <br /> <br />SHP Global Positioning Satellites (GPS): Surveillance to keeping convicts out of jail <br /> <br />(R 22 31); commercial satellite security needs improvement (R 22 31) <br /> <br />SHf Yugoslav forces intercepted unencrypted NATO air communications and <br /> <br />thwarting attacks; consequence of ITAR export-control regulations? (R 20 37) <br /> <br />SHP Abuse of intercept capabilities: Australia’s ‘Tampa’ affair (S 27 3:12, R 21 92) <br /> <br />SP ACLU sees a growing Big Brother ’surveillance monster’ (R 22 50) <br /> <br />..... Other surveillance, electronic monitoring, tracking: <br /> <br />39 <br /> <br />SHP Anonymous e-mailer convicted of cyberstalking (R 21 73) <br /> <br />*SPH Hazards on the Superhighway: Woman cyberstalked by Vito; man receives fax <br /> <br />from bogus lawfirm with false accusations; girl harassed; Chicago man sends <br /> <br />obscene messages in someone else’s name; Boston boy runs away to meet on-line <br /> <br />Texas man (S 19 3:8) <br /> <br />*SH Cyberstalking on the rise (R 22 70) <br /> <br />*SH More on risks of surveillance (R 22 64-65); Is our TV watching you? (R 22 67) <br /> <br />SP+ California making it harder for prying eyes: ISPs to inform customers of <br /> <br />requests for their identities (R 22 72) <br /> <br />P Norwegian brothel surveillance camera broadcasts live on WorldWideWeb (R 19 <br /> <br />13) <br /> <br />P Sex, Truth and Videotaping: risks of monitoring your baby-sitter (R 22 11; S 27 <br /> <br />6:12-13) <br /> <br />Sf Electronic card designed to spot football hooligans (S 14 5) <br /> <br />@fh Monitoring systems cause unintended changes in Bell Canada operator behavior <br /> <br />and Metro Toronto Police (S 18 2:6) <br /> <br />SP Satellite monitoring of car movements proposed in Sweden (R 18 81) <br /> <br />SP Swedish narcotics police demand telephone card database (R 19 07) <br /> <br />P Location-tracing service of handy phones starts in Tokyo (R 19 58) <br /> <br />SHAO Teen intercepts MD’s pages, makes medical orders (R 21 19) <br /> <br />$SHI Brisbane ISP in court for intercepting e-mail and debiting customer credit <br /> <br />accounts (R 21 89) <br /> <br />P Published demonstration photo from Ybor city surveillance camera recognized <br /> <br />deleteriously by ex-wife in Tulsa (R 21 59); Charlotte NC will photograph license <br /> <br />plates to analyze freeway travel (R 21 60) <br /> <br />SP EPIC urges colleges not to monitor peer-to-peer sharing, as requested by <br /> <br />recording industry (R 22 38) <br /> <br />SPAHO New Jersey company intercepts pager messages, sells them to media (S 23 <br /> <br />1:13, R 19 35) <br /> <br />..... Accidental data releases: <br /> <br />For further privacy violations relating to accidental release of information, see some <br /> <br />of the ‘SP’ descriptor entries in the subsection on Incomplete deletions and other <br /> <br />security residues, toward the end of the Security section above. <br /> <br />HSPO Newt Gingrich’s teleconference compromised by cell phone (R 18 75,76; S 22 <br /> <br />4:30-31) <br /> <br />SHP Qualcomm CEO’s laptop vanishes, containing corporate secrets (R 21 05; S 26 <br /> <br />1:28) <br /> <br />SPfh France Telecom inadvertent disclosure blamed on computer error, actually MS <br /> <br />Office history: risks of e-mail compounded with the <br /> <br />notes/comments/change-tracking features (R 21 65); see also article by Gene <br /> <br />Spafford on protecting information, in Computing Research News (URL in R 21 <br /> <br />65) <br /> <br />SPf Handspring hands out names and springs out numbers (S 27 6:14, R 22 18) <br /> <br />SP U of Montana releases children’s psychological records on the Web (R 21 74) <br /> <br />..... Other privacy violations: <br /> <br />For further privacy violations relating to intentional misuse of information, see some <br /> <br />of the ‘SHP’ descriptor entries in the subsection on Penetrations and misuse in the <br /> <br />Security section above. <br /> <br />S?h?+? Controversy surrounding Dallas Morning News posting news of alleged <br /> <br />Timothy McVeigh "confession" on their Web site. Item obtained via computer <br /> <br />breakin? Early Web posting to stave off injunction? (R 18 85) Bogus memo <br /> <br />allegedly planted in attempt to trap a witness? <br /> <br />Phi Risks of errors in Calif Megan’s Law CD of sex offenders (R 19 25) <br /> <br />$SHP Crackers access University of Texas database, accessing over 50,000 <br /> <br />SSN/name pairs (R 22 62) <br /> <br />P Discussion of Whitewater Filegate security/privacy issues involving FBI, Secret <br /> <br />Service, White House (R 18 21) <br /> <br />S GAO criticizes White House for inadequate database controls (S 22 1:19) <br /> <br />SH Privacy risks in telephone company voice-mail archives (S 16 3) <br /> <br />SPH Civil liberties issues in National Crime Information Center (S 14 2) <br /> <br />SP Calif. to permit prisoner access to confidential drivers’ records? (S 14 2) <br /> <br />SHI Database misuse by 11 prison guards in Brooklyn (leaking names of informants <br /> <br />to prisoners, warning about searches, etc.) (R 19 20) <br /> <br />SP Justice Dept wants to scrutinize parolee computer use (R 18 70) <br /> <br />P Texas driver database on the Internet (R 19 22) <br /> <br />P Kansas sex-offender database full of incorrect entries (R 19 14); Also true in <br /> <br />California DB: 2/3 of entries incorrect (R 19 24) <br /> <br />P Virginia’s online sex-offender database not up-to-date (R 20 17) <br /> <br />SPH Bryant Gumbel’s on-line critique stolen, given to Newsday (S 14 2) <br /> <br />SPH Belgian Prime Minister’s e-mail tapped by penetrator (S 14 1) <br /> <br />SP Oliver North private e-mail appears in New York Times (S 18 2:17) <br /> <br />P? In-flight video privacy risks (S 18 4:9) <br /> <br />SPH Are your medical records adequately protected? Probably not. (S 14 2) <br /> <br />$PH Personal data being sold illegally by Nationwide Electronic Tracking (S 17 3); <br /> <br />somewhat duplicated material in notes indictments (S 18 1:21) <br /> <br />@SHI 6000 AIDS records stolen from Miami hospital PCs and diskettes (S 19 2:9); <br /> <br />bad prank follows (S 20 5:10) <br /> <br />SH AIDS database compromised in Pinellas County, FL (R 18 48,53) <br /> <br />@$SHAI Mass. hospital technician accessed ex-employee’s account, accessed 954 <br /> <br />files, harassed former patients, raped girl (R 17 07, SAC 13 3) <br /> <br />SPH Medical privacy violation reported by victim, U.S. congresswoman (S 19 2:9) <br /> <br />P Australian insurance company builds household database from electoral rolls (R 18 <br /> <br />02) <br /> <br />$P Proctor&Gamble matched telco call records after WSJ news leak (S 16 4) <br /> <br />SPH 2 Nissan employee firings allegedly based on eavesdropped e-mail (S 16 2) <br /> <br />SPH Washington State monitored e-mail; privacy lawsuit filed (S 16 2) <br /> <br />P 8 convicted killers sue to prevent Mass from monitoring phones (S 19 4:12) <br /> <br />SPf Undelivered ‘private’ e-mail message returned, but NOT to sender (S 14 1) <br /> <br />SPH$ E-mail privacy rights vs company property lawsuit against Epson (S 15 5) <br /> <br />SPH Proliferation of spy viruses predicted (S 21 2:21) <br /> <br />$SP Risks in the British Data Protection Act (S 12 1) <br /> <br />SP Concern over privacy of Swedish Databank (S 11 5) <br /> <br />SP Discussion on computer privacy and search-and-match in Canada (S 15 1) <br /> <br />SP Canada’s Privacy Commissioner issues report warning about EDI (S 18 4:9) <br /> <br />SP Thailand establishes centralized database on its 55M citizens (S 15 5) <br /> <br />SP Risks of being indexed by search engines (R 18 15) <br /> <br />SP Use of databases for investigative checks on would-be suitors (S 15 1) <br /> <br />P 4-star General Griffith’s SSN posted on Internet site (R 19 28) <br /> <br />P Washington State posts criminal history records on the Net; legal issues (R 19 28) <br /> <br />P Alaska exposes its rascals on Web site (R 19 30) <br /> <br />SPH 30 implicated in selling Equifax credit records, bill histories (S 17 2) <br /> <br />SPHI Illegal sales of confidential SocSecurity and FBI data in 9 states (S 17 2) <br /> <br />SPHI Anaheim police employee leaks address of antiabortion target (S 18 3:A12) <br /> <br />SPH 2 women accused of selling confidential adoption information (S 18 3:A11) <br /> <br />SPH Ross Perot’s campaign accused of stealing credit data (S 18 2:15) <br /> <br />P Privacy implications of Ohio school. child abuse records (S 18 2:17) <br /> <br />P Privacy concerns with Lotus Marketplace database of 80M households (S 16 1); <br /> <br />Lotus Marketplace database withdrawn after 30,000 protest letters (S 16 2) <br /> <br />P Australian government bungles private data on 6000 households (S 17 2) <br /> <br />P Citicorp proposed marketing info on its 21M customers (S 16 4) <br /> <br />P AOL announces its intent to share data with telemarketers (R 19 26) and ads on <br /> <br />private e-mail (R 19 40); eventually modified in response to objections <br /> <br />P Risks of aggressive marketing (R 22 06) <br /> <br />$SPH TRW settles lawsuit with FTC, 19 states, over privacy violations and erroneous <br /> <br />data; improvements required, $300K payment (S 17 1) <br /> <br />+- L. Tribe proposes computer freedom/privacy cyberspace amendment (S 16 3) <br /> <br />S Privacy Act vs. Justice Dept. file matching on One Big File... (S 16 3) <br /> <br />$P Discrimination and privacy issues in insurance database (S 16 1) <br /> <br />SP Calling Number ID: negative ruling in California, free per-call blocking in <br /> <br />Vermont; approved in 20 states, Washington D.C., and Canada (S 17 2) <br /> <br />$SPH Personal attack on USENET raises issues of privacy, ethics (S 12 3) <br /> <br />P Big flap over German request that CompuServe remove offensive material; in <br /> <br />response, CompuServe disabled some newsgroups (R 17 59,61,62) <br /> <br />SPH NY Met’s 1986 World Series parade: brokerage printout augments ticker-tape (S <br /> <br />12 1) <br /> <br />SP New York Yankee 1996 World Series parade; in absence of stock-market ticker <br /> <br />tape, confidential records from NYC Housing Authority and Dept of Social <br /> <br />Services rained down (R 18 55) <br /> <br />SP San Diego School payroll printouts appear as Xmas gift-wrap (S 12 2) <br /> <br />SP Public pleasure-boat database could help thieves (S 14 5) <br /> <br />SP Baby-monitor system bugs house, broadcasts to neighborhood (S 13 1) <br /> <br />? Pay-per-view failure lets adult station go unscrambled (S 19 3:8) <br /> <br />h/f? Free porn-in-the-morn hits San Francisco cable channel due to early scrambler <br /> <br />time-out (R 19 60) <br /> <br />f Norwegian class gets porno image because of cache problem (R 19 48) <br /> <br />i Recycled URL leads to porn site (R 19 47) <br /> <br />- User-friendly Netscape transforms placeholder xxxx.htm in a developing Web site <br /> <br />into URL www.xxxx.com for porno site (R 19 54) <br /> <br />H World Wide War on Wonderland Club of child pornographers (R 19 94) <br /> <br />? "MP3" second-most-searched-for string (popular compression program with no <br /> <br />anti-piracy protection) after "sex" (R 19 95); meta tags (R 19 96-97, 20 01) used to <br /> <br />force search-engine hits, although that situation may be improving (R 20 02) <br /> <br />SPH Teenage radio hams detect collusion in Los Angeles in 1911 (S 18 3:A11) <br /> <br />S William Gibson’s Book of the Dead supposedly on uncopyable diskette! (S 17 3) <br /> <br />@* CA notifies licensee before responding to data requests (S 14 6) <br /> <br />..... Other items on privacy and related rights: <br /> <br />40 <br /> <br />SP Risks of reverse telephone directories (R 19 62) <br /> <br />SP Risks of proposed universal CV database for everyone in the UK (R 19 67) <br /> <br />P Lexis-Nexis archives don’t match print versions; near-lawsuit over false <br /> <br />information (R 19 67) <br /> <br />SP On-line confession in Poland (R 19 70-71) <br /> <br />SP Idaho State rules Boise city e-mail subject to FOIA (R 19 63) <br /> <br />SP Clandestiny? Intuit TurboTax clandestinely uploading INTUPROF.INI? (R 19 71); <br /> <br />Software clandestinely uploading names and e-mail addresses: Blizzard’s Starcraft, <br /> <br />and Virgin’s Subspace (R 19 70) <br /> <br />f TurboTax potential overstatement of gross income (R 21 26) <br /> <br />SHP Proposal to make fake IDs a federal offense (R 19 85) <br /> <br />SP Risks of Federal healthcare insurance database regulation (R 19 88) <br /> <br />P- New Swedish personal information handling law makes most of the Internet illegal <br /> <br />(R 20 05) <br /> <br />P FTC charges Geocities with misleading customers, selling private info without <br /> <br />permission; Engage system to track individual Net usage (R 19 92) <br /> <br />$P Nancy Kerrigan settles X-rated lawsuit over faked porno images (R 19 97) <br /> <br />SPH Social Security claims agent takes revenge on woman by entering her death date <br /> <br />in SSA database (R 20 01) <br /> <br />SP Security risks delay online registration system at U.Va. (R 20 09) <br /> <br />SP Discussion of Northwest frequent-flyer database privacy and integrity (R 20 <br /> <br />12-13) <br /> <br />P Supreme Court rules against software filters for sexually explicit materials (R 20 10) <br /> <br />P Swedes outlaw naming an individual on the Internet (R 20 05,09) <br /> <br />P Shanghai entrepreneur Lin Hai tried in China for providing e-mail addresses (R 20 <br /> <br />11) <br /> <br />P Windows 98 Registration Wizard may violate European Privacy Laws (R 20 25) <br /> <br />fSP IE 5.0 browser Favorites bookmarks graphic favicon.ico (R 20 31) <br /> <br />SP Privacy risk in "shopping-cart" software (R 20 33) <br /> <br />SP Major flaws in the WIPO domain name proposal, A. Michael Froomkin (R 20 24) <br /> <br />SP Raytheon probes e-mail moles, subpoenas Yahoo! (R 20 30) <br /> <br />..... Inference used in deriving protected data: <br /> <br />- Evident symmetry in scoring mask used to guess test answers (S 16 3) <br /> <br />+- Joe Klein’s computer-detected authorship of Primary Colors (S 21 4:14) confirmed <br /> <br />by handwriting analysis of typescript annotations, then finally acknowledged by <br /> <br />publisher! (R 18 26,27) <br /> <br />Spamming, Junkmail, and Related Annoyances: <br /> <br />SH Spam continues to increase: 300% from 2001 to 2002 (R 22 51, S 28 3:7) <br /> <br />SHf$ MORE ON SPAM: Earthlink awarded $16M in spamages (R 22 73); EarthLink <br /> <br />sues to stop Alabama and Vancouver spammers (R 22 89); California court rules <br /> <br />against Intel in spam case (R 22 81); how about refusing to accept e-mail? (R 22 <br /> <br />74); spam blocking and ’challenge-response’ cures may be worse than the spam <br /> <br />problem (R 22 74,76); more risks of spam filters (R 22 78); AOL blocking e-mail <br /> <br />from other ISPs (R 22 81); easynet.nl is causing serious e-mail disruption with its <br /> <br />overzealous blacklist (R 22 86); another credit-card scam spam (R 22 82); Who <br /> <br />profits from spam? Surprise! (R 22 84); spam for new Jamie Oliver cookbook <br /> <br />contains 121-page MS Word document, with fictitious title, Naked Chef 2 (R 22 <br /> <br />82); Why are spammers backing spam-control laws? (R 22 81) <br /> <br />Sh Foolish wireless network access policies provides safe harbor for spam, etc. (R 21 <br /> <br />39,41) <br /> <br />S- Utterly amazing spam/scam offers heroin, "Tomohawk" [sic] missiles, cocaine, <br /> <br />(sex) slaves, counterfeit currency, and child pornography <br /> <br />S FAA.gov spam relay (R 21 73) <br /> <br />Sfi Apple Computer’s hidden spam-filtering on POP3/IMAP mac.com addresses (R <br /> <br />22 07) <br /> <br />SH Use of unclaimed British bank Web site by West African spam scammers cons <br /> <br />victims (R 22 34); Paypal scams (R 22 34,43); phishing on AOL for passwords and <br /> <br />credit-card numbers (R 22 35); imposter eBay site (R 22 42) <br /> <br />P $SP African e-mail spam scams inspire "Special Forces Commando" in <br /> <br />Afghanistan who wants to share $36 million in drug money (R 22 09) <br /> <br />!S Nigerian consul in Prague slain by spam scam victim (R 22 59); new scam <br /> <br />involves allegedly frightened Iraqis trying to move money (R 22 62) <br /> <br />SH Internet spam mogul Alan Ralsky can’t take what he dishes out (R 22 43) <br /> <br />SH More spam tricks at hotmail (R 22 20,21); new spammer trick using forged <br /> <br />received header (R 22 39) <br /> <br />$ FEC OK’s SMS spam without saying who paid for it (R 22 22) <br /> <br />efi Invisible ISP spam separator gives "mailbox full" for seemingly empty mailbox (R <br /> <br />22 42) <br /> <br />Sf The pinnacle of chutzpah in spam filtering by ISP: ISP rejects complaints! (R 22 <br /> <br />24,26) <br /> <br />SH How to spam a closed mailing list (R 22 60) <br /> <br />S$ Allegedly disgruntled NetGaming Casino ex-developer posts spam of would-be <br /> <br />attack (R 22 59) <br /> <br />Sfi Spam filtering stops the democratic process in Parliament, blocking distribution of <br /> <br />Sexual Offences Bill, paper on censorship, etc. (R 22 54) <br /> <br />SH$ Microsoft sues bulk e-mailers over spam to harvested Hotmail users (R 22 58) <br /> <br />SHO Spammers use viruses to hijack computers (R 22 71) <br /> <br />SP Anti-spam legislation passed in the House (R 20 95) <br /> <br />SP Google allows anonymous spam (R 20 95) <br /> <br />- Maryland attempting to outlaw ‘annoying’ and ‘embarrassing’ e-mail (R 18 81) <br /> <br />- Nevada contemplating outlawing unsolicited junk e-mail (R 18 87) <br /> <br />SHOA Vineyard.NET used as spam conduit for 66,000 messages (R 18 79) <br /> <br />SHOA More risks relating to spamming and spam blockers (R 19 02,05,10,13); legal <br /> <br />implications (R 19 10) <br /> <br />SPf Overzealous spam blocking (R 20 49), and IMRSS (R 20 51-53); delivery of <br /> <br />RISKS-21.44 blocked by overzealous Melissa detector at health.gov.au (R 20 45); <br /> <br />even more overzealousness (R 21 89) <br /> <br />SP Porn spammers send cybergreeting with hidden URL (R 20 77) <br /> <br />SH FAX Attacks – risks of junkmail spamming saturation (S 14 1) <br /> <br />Shf More NSI woes; spamming its own customers with weak password scheme (R 20 <br /> <br />58-59) <br /> <br />S Spam causes major ISP delay in e-mail (R 20 53) <br /> <br />- AOL enables blocking of 53 domains in attempt to reduce junkmail (R 18 56,62) <br /> <br />SHA Cyber Promotions: spam and get spammed, plus restraining orders (S 22 4:28, <br /> <br />R 18 81, 19 13); Cyber Promotions spamming restrained by Earthlink injunction; <br /> <br />CP agrees to pay CompuServe $65,000; CP hit by 20-hour retaliatory spam attack <br /> <br />(R 19 13); CompuServe blocks some multiple-address mailings? (R 19 21) <br /> <br />SHAO Spammer retaliates against NJ ISP block by Beth Arnold, using her e-mail <br /> <br />address and 800 number; she was ping stormed and flooded with calls (R 19 21) <br /> <br />SHA More spamming: Newmediagroup anti-spam measures draw retaliation (R 19 <br /> <br />16,17,21); Anti-spam bills in U.S. House and Senate (R 19 18,21); <br /> <br />S Spam filtering (R 19 24) <br /> <br />SH Spams and associated risks (R 19 25,27,31-34); laws (R 19 35-36); $125 million <br /> <br />lawsuit to stop striptease advertising via Strong Capital Management (R 19 27); <br /> <br />Hewlett-Packard scanner spam (R 19 38); Pacific Bell Internet spammed with <br /> <br />forged QueerNet address, causing Pac*Bell to misdirect its retaliation (R 19 44); <br /> <br />Samsung spam and reverse-spam (R 19 32,33) <br /> <br />fh Monster accidental e-mail blitz (S 23 5:26, R 19 74) <br /> <br />f Matsushita’s Panasonic Interactive Media filter spews out vulgarities (S 23 3:26, R <br /> <br />19 82-83) <br /> <br />+/-? Discussion of whether U.S. Code Title 47, Section 227 applies to spam (R 19 <br /> <br />33-36,42,44) <br /> <br />SHf Risks of reading Trojan-horsed spam mail (R 19 49,50) and accidentally clicking <br /> <br />on wallpaper icon (R 19 46) <br /> <br />SHAO Spammer Craig Nowak used Tracey LeQuey Parker’s from: address; she <br /> <br />received 5,000 bounces, and sued – along with EFF and Texas ISPs Assoc. (R 19 <br /> <br />19,20); Travis County court fines Craig Nowak $19,000 for his spam activities (R <br /> <br />19 46) <br /> <br />SHi MCI Mail spam blocker and account-name changes may make things worse (R <br /> <br />19 53); further risks of overzealous anti-spam measures (R 19 55) <br /> <br />SHO Spammers blackmail AOL, threaten release of 1M addresses (R 19 53) <br /> <br />SHO AOL hit by e-mail scam and Trojan horse URLs (R 19 34) <br /> <br />S Trojan horse: 5-yr-old installs AOL CD-ROM from Chex Quest box (R 19 26) <br /> <br />SP SPAMMING: 6100 Cornell University students spammed with entire list in TO: <br /> <br />field; 9 gigabytes (R 19 64); Rice University (R 19 66); Natl Assoc of Broadcasters <br /> <br />deluges its own members with spam (R 19 62) <br /> <br />hf NASAA spams investors by mistake (S 24 3:25-26, R 20 07) <br /> <br />SPf Is your spam e-mail watching you? worse than cookies! (S 27 3:12, R 22 03) <br /> <br />m Hospital e-mail delayed 84 hours, spam problems (R 21 23) <br /> <br />S(H?) Verizon bombarded with spam; denial of service attack? (R 21 15,17) <br /> <br />SHOA Effects of porn spam from spoofed e-mail address (R 21 35) <br /> <br />SP Discussion of spammers getting sneakier, avoidance, and smtp as a root of <br /> <br />problems (R 21 71,72,76,78,80) <br /> <br />Sfff LLNL bans all wireless networks, including Wi-Fi, because of technology <br /> <br />vulnerabilities, with only about 10(R 21 89); risks in wireless carriers tunneling <br /> <br />through firewalls (R 21 89) <br /> <br />Sf Minneapolis-St.Paul airport offers free wireless network; great opportunity for <br /> <br />launching spam and security attacks (R 21 89) <br /> <br />SH Bogus "Internet security update" spam seemingly from Microsoft (R 21 94) <br /> <br />SPHi SPAM and the RISK of ignoring permission letters (R 21 94,95,98; R 22 02) <br /> <br />iP Yahoo changes default marketing preferences, encouraging spam, require cookies <br /> <br />to change (R 22 02-03) <br /> <br />SPf Over 160,000 join Massachusetts Do-Not-Call Registry to block telemarketers (R <br /> <br />22 47); Do-not-call list preventing 911 notifications in Massachusetts, pruned list <br /> <br />41 <br /> <br />purchased! (R 22 75); Glitches hit FTC ‘do-not-call’ list (R 22 79); effects of new <br /> <br />state laws on privacy for anti-spam and do-not-call (R 22 78,79); further problems <br /> <br />(R 22 79); Canadians cannot register home phones, but their 800 numbers are OK! <br /> <br />(R 22 80); EchoStar sued for ‘No-Call List’ breach (R 22 89); FTC says <br /> <br />Do-Not-Spam list effort will be futile (R 22 87) <br /> <br />..... Censorship, porn, and risks of filtering – or not: <br /> <br />SP Spam prevention gone too far (R 21 89); Risks of using anti-spam blacklists (R 22 <br /> <br />01); Use of SpamAssassin effective for the time being (R 22 08-10) <br /> <br />S+? A better approach to spam filtering? Try bogofilter, based on paper by Paul <br /> <br />Graham and Bayesian statistics (R 22 22) <br /> <br />i Risks Forum blocked by SmartFilter under Criminal Skills category (R 21 14) <br /> <br />SP U.S. Supreme Court rules Communications Decency Act unconstitutional (S 22 <br /> <br />5:14, R 19 23) <br /> <br />fi White House Web pages off-limits to Surfwatch: photo of first couple and second <br /> <br />couple <br />triggers filter (R 17 79); Surfwatch also blocked NYNEX’s Web page <br /> <br />named iixxxpg1.html because of the "xxx" (R 17 81) <br /> <br />i Adult content filter considers MSDN Flash 6, 2, 22 Jan 2002, as "Unwanted adult <br /> <br />spam"; it contained the string "over 18’ in the text "Plus, VSLive! San Francisco <br /> <br />provides over 180 hours of content in three technical conferences." (R 21 90) <br /> <br />Sf AT&T’s e-mail filter filters AT&T’s e-mail (R 22 08) <br /> <br />SP? No laptops on the Senate floor: fears of surfing, lobbyists, spamming, real-time <br /> <br />on-line influence, etc., ignoring such possible benefits of being able to read pending <br /> <br />legislation and to communicate! (R 19 29,32,33) <br /> <br />rfi AOL’s Scunthorpe saga: risks of string-based censorship (S 21 5:17, R 18 07-08); <br /> <br />more on AOL filtering of Internet e-mail (R 17 65, 18 18,41,42,44,46,48) <br /> <br />rfh SW filters sex, blocking access to NJ counties Sussex, Essex,... (R 19 24) <br /> <br />Si Risks of filtering randomly generated 4-letter words in sendmail queue-ids (R 22 <br /> <br />13,15); and other filtering risks (R 22 16); a Yahoo admits changing e-mail text to <br /> <br />block hackers (R 22 16-17); more on filters and, in particular, dirty-word filters (R <br /> <br />22 17-18) <br /> <br />fi The "finger" command and "Paul Hilfinger" (S 21 5:18) <br /> <br />rfi CyberSitter censors "menu */ #define" because of the string nu...de; binary <br /> <br />equivalents of bad words (R 19 56-58); more on dimwitted naughty-word filtering <br /> <br />(R 20 39-40, R 21 03); e-mail with Don Beaver’s name filtered (R 21 50); more <br /> <br />overzealous filtering problems (R 21 47), and combatting them (R 21 47) <br /> <br />- Applied Micro Technology Inc. device censors closed-captioned broadcasts, e.g., <br /> <br />turning Dick Van Dyke into Jerk Van Gay (R 19 63) <br /> <br />P China strengthens control over "cultural rubbish" on the Internet (R 18 73); <br /> <br />Draconian controls on Chinese Internet usage (R 19 23) <br /> <br />SP German Cabinet approves Internet privacy, censorship regulation (R 18 69) <br /> <br />P South Korea clamps down on Canadian home page on North Korea (R 18 21) <br /> <br />P BUGTRAQ may be banned by Australian censorship (R 20 43) <br /> <br />$SHO Hackers sued by software-filtering company (S 25 3:20, R 20 84-86) <br /> <br />fiP XXX Web filters take out Superbowl XXXIV sites as porn (R 20 77) <br /> <br />f/h Name filtering causes revocation of police officer C. O’Kane’s badge (interpreted <br /> <br />as "cocaine") (R 22 19) <br /> <br />Sr Web anti-surfing filter prevents Palm Support Germany from doing its job! (R 21 <br /> <br />65) <br /> <br />Sh/h/h? Ed Felten’s Web log at www.freedom-to-tinker.com shut due to questionable <br /> <br />SpamCop listing (R 22 19); fascinating summary of responses on whom to blame <br /> <br />(R 22 21-22); e-mail envelope filters blocking NDN and DSN (R 22 20); <br /> <br />SpamAssassin (see R 22 08-10) blocked RISKS-22.20 (R 22 21) <br /> <br />S Risks of junk-mail filtering (R 20 89, and see nondistributed issue RISKS-20.89x <br /> <br />which would have been filtered!); Microsoft content-based spam Bcc: filtering (R <br /> <br />20 90-91) <br /> <br />f/h Harvard admissions e-mail bounced by AOL’s spam filters (R 21 84-86,88) <br /> <br />i Police chief: don’t permit certain file types (gif, pjg, ...) to stop porno (S 22 1:19) <br /> <br />SH? Gateway 2000 issues promo video tapes with mysterious insertion of offensive <br /> <br />and objectionable materials (R 18 90) <br /> <br />- CompuServe German ISP indicted for transmitting porn content; former manager <br /> <br />given suspended 2-year sentenced, 100,000DM fine (R 19 73,77) <br /> <br />+ U.S. Supreme Court rules ISPs not liable for content (R 19 83) <br /> <br />fi Royal Court, UK theatre group aiming to "shock and offend", gets new computer <br /> <br />system that filters its own specialties! (R 20 84) <br /> <br />h USAF Space Command blocked San Francisco Exploratorium Yahoo site because <br /> <br />of baking-soda/vinegar recipe (R 21 02) <br /> <br />Marc Rotenberg reviewed Ray Bradbury’s Fahrenheit 451 from the perspective of <br /> <br />censorship and the banning of digital copies (R 22 03) <br /> <br />fi CNN (but not the San Jose Mercury News censored Webby nominee with a <br /> <br />questionable URL (R 21 37) <br /> <br />Other Unintentional Denials of Service: <br /> <br />..... Recent cases <br /> <br />Vm PGN’s Univ. Maryland Fall 1999 course on survivable systems and networks <br /> <br />beset with survivability problems: hurricane, lightning, teleconference circuit <br /> <br />outages! (S 25 1:) See http://www.csl.sri.com/neumann/umd.html for the course <br /> <br />notes. <br /> <br />Vm Weather-predicting Cray C90 supercomputer lost in fire, weather predictions <br /> <br />reduced (R 20 62) <br /> <br />Vm Netcom file-server hardware outage loses half of the e-mail customers, <br /> <br />depending on first letter of name (R 20 49) <br /> <br />h White House admits over one year of VP’s e-mail lost forever (S 25 4:8, R 20 91) <br /> <br />$fm Greek tax information system experiences blackout (S 25 3:15-16, R 20 75) <br /> <br />f U.S. National Archives loses 43K e-mail messages, backup failed also (S 25 3:, R <br /> <br />20 76) <br /> <br />f/h? NSA system inoperative for four days (S 25 3:16, R 20 78) <br /> <br />$f/h? AT&T Business Internet Service major outage of primary and backup DNS <br /> <br />systems (S 25 3:16, R 20 78) <br /> <br />$f Computer glitch cancels 86 America West flights (S 25 3:16, R 20 80) <br /> <br />$Vhm Northwest Airlines grounded for 3.5 hours after cable cuts off main and <br /> <br />backup fibre (S 25 3:16, R 20 85) <br /> <br />$m Week-long outage in NE San Jose after cable cut downs 11,000 phone lines (S 25 <br /> <br />3:16, R 20 84) <br /> <br />m Fire takes out Nottingham phones (S 25 3:16, R 20 80) <br /> <br />m Senate Web site dies as Clinton stresses Net-reliability (S 25 3:16, R 20 81) <br /> <br />i Online broker blames outages on software maker; incompatibility, not hacker attack! <br /> <br />(S 25 3:16, R 20 83) <br /> <br />..... Older cases <br /> <br />(!)$V Amsterdam air-freight computer crashes, giraffes die (S 12 1) <br /> <br />@*Vf ARPAnet ground to a complete halt; accidentally-propagated status-message <br /> <br />virus [27Oct1980] (S 6 1: Reference – Eric Rosen, "Vulnerabilities of network <br /> <br />control protocols", SEN, January 1981, pp. 6-8) <br /> <br />@*Vf ARPAnet loses New England despite 7-trunk "redundancy" (S 12 1) <br /> <br />Vm Network crash halts Larry Ellison’s OpenWorld demo (S 23 1:11, R 19 40) <br /> <br />mh Judge Zobel’s awaited e-mail in "au pair" case delayed over an hour by Boston <br /> <br />Edison Electric workers in a manhole disconnecting his ISP (R 19 45) <br /> <br />-/+ Estimates of the effects of the Starr report on the Internet (R 19 95): loc.gov, <br /> <br />house.gov, and gpo.gov were essentially inoperative, but proliferation of mirrored <br /> <br />sites eased the burden substantially (R 19 96); many comments that the <br /> <br />Communications Decency Act I (ruled unconstitutional) would have had to <br /> <br />penalize the Starr Report. with fines of $250,000 and 5 years in prison to anyone <br /> <br />posting it on the Internet. AP estimated almost 6 million people browsed the report <br /> <br />via the Internet. <br /> <br />V$he Computer collapse wipes out British Social Security NIRS records; manual <br /> <br />payments prone to fraud (S 24 1:32, R 20 01) <br /> <br />- ACM’s ISP cuts off service for late payment of fees (R 19 15) <br /> <br />Vmh Computer crash loses CBC radio listeners’ requests (R 20 17) <br /> <br />f New Haven cable viewers see "SW Failure. Press left mouse. ..." (S 19 4:8) <br /> <br />*$Vm Weather Service phone circuit failure downs forecasts for 12 hours (S 17 1) <br /> <br />*$Vm Weather computers down for 12 hrs, blocking AFSS flight service (S 19 1:9) <br /> <br />Vm Cold weather impairs fiber-optic performance (R 19 41) <br /> <br />@he Computer test residue generates false tsunami warning in Japan (S 19 3:4) <br /> <br />Vm California Dept. of Labor computer system crash blocks labor certifications (R <br /> <br />20 25) <br /> <br />$fe Government computer withholds benefits from British widows (R 20 19-20) <br /> <br />*fh UK Serbian sanctions unenforced; Yugoslav breakup unprogrammed (S 18 1:9) <br /> <br />demi DEC SRC Topaz rendered useless by multiple interacting events (S 16 2, a new <br /> <br />classical saga in article by John DeTreville, pp. 19-22) <br /> <br />m Hundreds of duplicate computer-mail copies due to errant gateway (S 12 1) <br /> <br />$f 3 e-mail problems give extra copies: Internet, UUCP, MCI (S 14 6) <br /> <br />mfh Part of the duplicate RISKS mailings problem resolved (S 15 3) <br /> <br />f Posting to vmsnet.announce.newusers unmoderated newsgroup returned halfhourly <br /> <br />nasty messages; ‘announce’ implies moderation! (S 15 1) <br /> <br />m Computer failures in automated GMAT testing (S 23 3:25, R 19 50) <br /> <br />!Vm Remote clock comm, 22 traffic lights down. 1 killed, 1 injured (S 14 2) <br /> <br />*f Playing Russian Roulette with traffic lights: flawed conversion from four-way <br /> <br />flashing red to normal patterns (R 22 57-58); <br /> <br />*f Lakewood CO traffic system fails; single disk drive, no redundancy (S 15 2) <br /> <br />*Vm Austin TX auto traffic-light computer crashes; 2 lights out (S 11 5,12 1) <br /> <br />*Vef Another traffic light outage in Austin TX (S 15 3) <br /> <br />f/h German computerized traffic-light stuck on morning rushhour (S 19 3:5) <br /> <br />*imM Traffic lights don’t work in the snow (R 22 62,65,70) <br /> <br />Vef Massive failure of Washington DC traffic lights (S 21 5:16) <br /> <br />Vhe Dublin traffic lights out 28 Sep 1998: massive congestion (S 24 1:32, R 20 01) <br /> <br />42 <br /> <br />Vfe Gridlock as 800 London traffic lights seize (S 27 6:10, R 22 18) <br /> <br />*m More on traffic signals going four-way green (R 20 48) <br /> <br />m(*?) Finnish computer glitch causes traffic light malfunctions; date leaps from <br /> <br />morning 30 May 2003 to night time in 1991; cause unknown (R 22 76, S 28 6:8) <br /> <br />$f Overloaded Ontario transit computer delays commuters (S 14 2) <br /> <br />*Vh Unplugged cable plugs Orlando traffic light computer system (S 14 1) <br /> <br />*$Vh Hinsdale IL fire seriously affected computers and communications (S 13 3) <br /> <br />$mSe Minn. 9th Federal Reserve Bank flooded as air-cooling pipe bursts; serious <br /> <br />security vulnerability left open in backup operation (S 16 3) <br /> <br />$V Rhine flooding disrupts computer networks for two days (S 13 3) <br /> <br />$hV Noisy air conditioning shut off by mayor; downs computers (S 13 4) <br /> <br />h GPS lost time synch when first activated when cleaning crew unplugged the master <br /> <br />time source! (R 19 30) <br /> <br />VSIh Nando.net shut down for three hours by custodian vacuuming, electrical <br /> <br />overload, data server crashes (R 19 48) <br /> <br />hi German Bundestag sound system disabled by misplaced book (S 18 2:5); <br /> <br />microphones still not working, months later! (S 18 4:4) <br /> <br />m Gobblings of legitimate automatic teller cards (S 9 2, 10 2, 10 3, 10 5) <br /> <br />m Mass swallowing of falsely expired ATM cards (S 12 2) <br /> <br />fmi ATMs swallow 400 bank cards; retry after no diagnostic that interconnection was <br /> <br />broken (S 22 1:21) <br /> <br />h Australian ATMs snatch 921 cards. "Human error" (S 12 4) <br /> <br />$Vf&m Bank of America outage shuts down Cal ATMs, nationwide links (S 14 1) <br /> <br />$Vm Wells Fargo, BofA ATMs out of service (S 14 2) <br /> <br />$Vfm French ATM-authorizing computers down for 30 hours (S 18 4:3) <br /> <br />@$f 1992 leap-year-end clock bug blocks ATM machines 1 Jan 1993 (S 18 2:11) <br /> <br />Vf 1200 Citibank ATMs down four hours due to ‘software glitch’ (S 18 2:11) <br /> <br />$m Swiss debit-card system broke down (R 21 20, S 26 2:6-7) <br /> <br />Vm Royal Wedding side-effect shuts down computer machine room? (S 11 5) <br /> <br />$Vm CMU library computer power outage; no catalogues (S 12 2) <br /> <br />Vfm Santa Cruz High computer crashes on opening day; no schedules (R 17 34) <br /> <br />m Blown transformer disables automated library card catalog (S 18 2:7) <br /> <br />$Vfmh Palo Alto library computer system errs increasingly, collapses (S 18 4:3) <br /> <br />$Vrm NY Public Library loses computerized references; no backup (S 12 4) <br /> <br />Vhe Sun Valley ski area forgets to back up access database (S 23 3:25, R 19 53) <br /> <br />$mhmh Fear of not enough backups (S 21 2:19) <br /> <br />Vhe Stanford Grad School of Business storage addition causes years of work to be <br /> <br />lost for some people; upgrade failed to check backups first (R 19 66) <br /> <br />$Vm Computer crashes stop gasoline pumps, other businesses (S 11 5) <br /> <br />$ Other problems with fast-food computers as well (S 12 1) <br /> <br />$Vm Aylesford new supermarket checkout failure closes store (S 17 1) <br /> <br />$f UNICEF loses thousands of orders for greeting cards (S 14 1) <br /> <br />hi Fred Cohen’s saga of HP200 data integrity woes (R 19 68,69) <br /> <br />$f US Gov’t computer password check flaw results in crossed orders (S 16 3) <br /> <br />$m 1017 dipsticks ordered instead of 17 due to ASCII 0-to-1 error (S 16 3) <br /> <br />$h M.Ward warehouse dropped from database, cut off from shipments; employees <br /> <br />paid for 3 yrs anyway by different computer system! (S 16 3) <br /> <br />* Hospital gets computerized Reagan vote calls, 20/hr for 6 hours (S 12 1) <br /> <br />$V Broker’s phone tied up 3 days: errant computerized sales pitch (S 12 1) <br /> <br />f Phone call deluge from program bug in computerized Coke machines (S 10 2) <br /> <br />h Another Coke machine phones home for help, gets Ft. Bragg number (S 17 2) <br /> <br />? Potential risk of latest wireless and cashless Coke machines (R 20 38) <br /> <br />fh More machines phone home: summary notes cold drink dispensers, lonely oil tank, <br /> <br />faulty public lavatory, medical insulin fridge alarmed because of low temperature <br /> <br />(R 19 31,33); multiple autodial illegal (R 19 36) <br /> <br />rh Vending machine default phone number 000 (Australian emergency number) <br /> <br />yields hundreds of false alarms (R 20 47) <br /> <br />hi Abandoned oil-tank phone harasses MA woman for 6 months (R 17 34,36,37) <br /> <br />$H? Compass Airlines jammed with 25,713 calls; computer generated? (S 16 1) <br /> <br />f Phone machines call each other; switchhook-flash glitch (S 19 3:8) <br /> <br />fh Stray signal loops beeperless remote answering machine (S 14 6) <br /> <br />Sfm Hare Krsna chant triggers answering machine remote (R 17 91-93) <br /> <br />m Sony TV remote control turns Apple Performa 6300 on/off (R 17 95) <br /> <br />$Vm Computer network node hit by lightning; down for weeks (S 11 5) <br /> <br />V$m Lightning strikes drawbridge controls (twice!!), out for days (S 13 4) <br /> <br />Vm Lightning disables lightning-strike-monitoring system (R 20 42) <br /> <br />Vm Lighting triggers automated meeting-announcement messages half a day early, <br /> <br />and repeats them for 6.5 hours (R 21 65) <br /> <br />VH Green-Card law firm uses the Internet to broadcast ads; volume of protest traffic <br /> <br />shuts down systems (S 19 3:9) <br /> <br />Vm Basketball scoreboard clock fails as reporters PCs overload power (S 13 3) <br /> <br />$Vf Australian betting network downed after software inconsistencies (S 13 3) <br /> <br />$V Betting computer crash invalidates winners; class-action suit wins (S 19 4:9) <br /> <br />(h) Fire destroys on-line (sole) copies of secret ice cream flavors (S 13 3) <br /> <br />Vm NY Times omits op-ed page due to "computer breakdown" (S 20 5:9) <br /> <br />$Vh IRS has no contingency plans for computer disasters (GAO report) (S 11 2) <br /> <br />$Vhf Software can burn out PC monochrome monitor (0 horizontal sweep) (S 13 3) <br /> <br />f Hewlett-Packard recalls personal organizers, battery change loses data (S 21 2:18) <br /> <br />*m Product safety recall for Textronix TDS210/220 oscilloscopes (R 19 88) <br /> <br />Vf VMS tape backup SW trashed disk directories dumped in image mode (S 8 5) <br /> <br />Vf VAX UNIX file system disk purge runs amok at various locations (R 5 04) <br /> <br />m Disk failures after extended shutdown, bearing seal problem (S 15 3) <br /> <br />$m Electronic flash of BBC documentary crew hangs tape drives (S 12 4) <br /> <br />m EPROMS susceptible to ultraviolet, bright lights (S 14 1) <br /> <br />Sf Spreadsheet program destroys database (S 13 1) <br /> <br />m Rats take a byte out of Ugandan exam computers (R 20 05) <br /> <br />..... Other accidental denials of service due to interference: <br /> <br />$SM Computer interference from McDonalds toasters; paychecks higher (S 15 1) <br /> <br />$SfM Sputnik frequencies triggered garage-door openers <br /> <br />$SfM Pres.Reagan’s command plane jams 1000s of garage-door openers (S 11 2) <br /> <br />SfM Fort Detrich communications jam garage-door openers? (S 13 1) <br /> <br />SM Garage door interference again – Mt Diablo and the Navy (S 14 5) <br /> <br />M EMI from USS Carl Vinson opens garage doors in Hobart (R 20 31) <br /> <br />SfmM Risks of Army ordnance being autozapped by EM radiation (HERO) (S 16 2) <br /> <br />SMi C-Guard antijam system jams cellular communications (R 19 73-74) <br /> <br />$VSmM Sunspots disrupt communications, Quebec power station, ... (S 14 5) <br /> <br />mM? Effects of Leonid meteor shower in 1998-99 on satellites? (R 19 23) <br /> <br />fmM Faulty car alarm jams S-band downlink for Lewis satellite (R 19 24) <br /> <br />SM Johnny Carson loses his hat to electronic interference (S 14 6) <br /> <br />mM Clocks leap forward gradually. Power line interference! (S 16 2) <br /> <br />*SM Airlines ban in-flight mouse use: interference with navig. systems (S 17 3) <br /> <br />*mM More on risks of RF interference in aircraft: cell-phone linked to London to <br /> <br />Istanbul crash-landing? (R 19 34,36,37) <br /> <br />*SM Electronic interference affects airplanes, car brakes, robots (S 18 3:A10) <br /> <br />*SfmM More on risks of electromagnetic interference: medical devices (R 18 47) and <br /> <br />airplanes (R 18 47,52) <br /> <br />SmM Interference effects of the next cycle of solar activity (R 18 62,63) <br /> <br />*SM Opel Corsa stops for mobile phones (S 18 3:A10) <br /> <br />*SM Interference from mobile telephones affects hearing aids, cars (S 18 3:A10) <br /> <br />@VMf$ Sydney’s new Millennium trains put on hold by electrical signal interference <br /> <br />problems; very complex system with other problems as well (R 22 68-70) <br /> <br />VmM Mobile phone interference dependably crashes Netware servers (S 22 2:20) <br /> <br />SM Football coach-to-QB-helmet transmission interference problems (S 20 1:19) <br /> <br />SM RFI affects Kroll K-154 building-construction cranes in Toronto (S 20 1:20) <br /> <br />SM Microwave interference affects construction cranes in Seattle (S 20 1:20) <br /> <br />SM Accidental EMI observed during Emergency Response seminar! (S 20 1:21) <br /> <br />MH? Oral hackers could disrupt voice-operated systems (S 20 2:13) <br /> <br />SM British hospitals ban portable phones because of interference (S 20 3:10) <br /> <br />M* Studies of high-altitude cosmic-radiation effects on memory loss (R 18 79,81) <br /> <br />SM Risks of erasable "cash" in SmartCards? (R 20 25) <br /> <br />$mM? Damages awarded after Sleepezee Beautyrest high-tech bed controls went <br /> <br />berserk. Electromagnetic interference? (R 19 11) <br /> <br />@!!M Sheffield (20 deaths), pacemakers (2 deaths), @SfM Electrocauterizer disrupts <br /> <br />pacemaker (S 20 1:20) <br /> <br />@*SfM Air Force bombs Georgia – stray EMI?; @*M$ Challenger communications, <br /> <br />CB auto interference, Ghost phone calls; @*M Fail-unsafe effects of <br /> <br />microprocessor controlled autos; @*M Nuclear reactor knocked offline by 2-way <br /> <br />radio in control room; @$M telephone outages, stock exchange outages, <br /> <br />Tomahawk 2, Black Hawk; @$M "Grind" and "Sunset Boulevard" sets; and other <br /> <br />cases noted here; @M Display lasers affect aircraft: pilots blinded over Las Vegas <br /> <br />(R 17 55); @M Melbourne Airport VCR RF interference affects communications <br /> <br />(R 17 44) <br /> <br />@VSM New HDTV signal shuts down Baylor heart monitors on same frequency (R <br /> <br />19 62) <br /> <br />@SfM Case of GPS jamming of Continental flight by failed Air Force <br /> <br />computer-based test (R 19 71) more on GPS jamming/spoofing: British Airways <br /> <br />flight lost all three GPS systems while French military was testing jammers; <br /> <br />Continental DC-10 lost all GPS signals while Rome Lab was experimenting with <br /> <br />jammers (R 19 74,85) <br /> <br />@SM Cell phones can interfere with auto systems (R 19 63) <br /> <br />@*SM Sudden auto acceleration due to interference from CB transmitter (S 11 1) <br /> <br />@*M Sudden acceleration of Dutch bus commonplace: interference (S 23 1:11, R 19 <br /> <br />40) <br /> <br />@SM Czechs ban mobile phones in gas stations (interference) (R 19 68-69) <br /> <br />@mM? Air Force bombs Georgia – stray electromagnetic interference? (S 14 5) <br /> <br />@*$VfM Libyan bomb raid accidental damage by "smart bomb" (S 11 3) F-111 <br /> <br />43 <br /> <br />downed by defense-jamming electromagnetic interference (S 14 2) More on U.S. <br /> <br />radio self-interference in 1986 Libyan attack (S 15 3) <br /> <br />@VM Australia’s Melbourne Airport RF interference affected communications, <br /> <br />traced to an emanating VCR! (R 17 44) <br /> <br />Law Enforcement Abuses, False Arrests, etc.. <br /> <br />..... Database and audit-trail abuses: <br /> <br />!P Stalker obtained address of TV actress Rebecca Schaeffer from Calif DMV <br /> <br />DBMS, and murdered her, July 18, 1989; new regulations on DB access: notify <br /> <br />interrogatee, then delay response for two weeks (S 14 6, R 9 18) <br /> <br />!*$SHI Arizona ex-law-enforcement officer tracks down and kills ex-girlfriend; GAO <br /> <br />report on NCIC itemizes that and many other flagrant misuses (S 18 4:7) <br /> <br />!SHh Woman shot by former classmate who used Internet broker to gain information <br /> <br />(R 22 46); <br /> <br />!SH Man allegedly stalks ex-girlfriend with help of GPS (SmartTrack?) under her <br /> <br />hood (R 22 46) <br /> <br />$SHI NY police chief indicted for misuse of confidential database (S 13 4) <br /> <br />SHI 3 police officers sentenced for misusing Police Nat’l Computer (S 14 2) <br /> <br />S Risks of STOVEACT, phone-enabled STOlen VEhicle [de]ACTivation (R 19 66) <br /> <br />*SHI SanFran police officer charged with deleting a warrant (S 17 1) <br /> <br />$SPHI 45 LA police cited for searching private computer records (S 18 1:21) <br /> <br />$SPHI Theft of 8.5K criminal records; investigator, 2 police indicted (S 18 2:16) <br /> <br />SH Maryland defense lawyers hustling clients from database of arrest warrants, <br /> <br />sometimes tipping off defendants prior to arrest! (R 19 48) <br /> <br />$SPH Police frame sisters on murder charge with bogus ATM evidence (S 18 4:9) <br /> <br />P Victim ordered to surrender computer and passwords (R 19 43) <br /> <br />@S Risks in altered live video images: L-vis Lives in Virtual TV (R 18 18-21) <br /> <br />@P 8 convicted killers sue to prevent Mass from monitoring phones (S 19 4:12) <br /> <br />@$SHAI Mass. hospital technician accessed ex-employee’s account, accessed 954 <br /> <br />files, harassed former patients, raped girl (R 17 07, SAC 13 3) <br /> <br />The New York Times <br />Web site exposes CIA agents (R 20 93) <br /> <br />..... False arrests and hassles resulting from mistaken identities <br /> <br />$Phi Repeatedly detained (S 10 3:14 quoting David Burnham in The New York Times; <br /> <br />S 11 1) for actions of an impersonator, Terry Rogan wins rights violation case (S 12 <br /> <br />4); settles for $55,000 from LAPD (S 13 2) <br /> <br />$Phi Other cases of false arrest due to computer database use: C.R. Griffin license not <br /> <br />suspended; Sheila Jackson Stossier mistaken for Shirley Jackson; two Shirley <br /> <br />Jones, diff birthdays, 6", 70 lbs diff (S 10 3:14) <br /> <br />SPH John Munden, UK policeman, acquitted after having his bank account cleaned <br /> <br />out and false fraud accusation. Must read this one. (R 18 25) <br /> <br />VHm Computer crash falsely blamed on San Mateo Dist.Atty computer chief by <br /> <br />would-be successor (S 22 5:14) <br /> <br />Phi Richard Sklar falsely apprehended three times because of impostor (S 14 2) <br /> <br />$Phi Roberto Hernandez falsely jailed twice; won $7000 first time! (S 14 5) <br /> <br />$Phi Joseph O. Robertson in for 17 months despite contrary evidence (S 14 5) <br /> <br />*Phi Martin Lee Dement 2 yrs LA County jail; fingerprint sys not used (S 14 6) <br /> <br />*$H Another bogus identity: someone with fake ID obtained a duplicate driver’s <br /> <br />license for Teresa Stover from the Virginia DMV license; ‘perhaps thousands’ of <br /> <br />fraudulent licenses ‘bought’, often by illegal aliens (S 16 3); ring of bogus license <br /> <br />sellers <br /> <br />Phi Donny Ray Boone spent 41 days in jail because his name was similar to one <br /> <br />mentioned on The Osgood File (noted in Computer-Related Risks) <br /> <br />Phi Wrong Neil Foster arrested on incomplete database match (S 13 2) <br /> <br />Phi More computer-inspired false arrests, libel, etc. (S 12 3) <br /> <br />*hi Nonupdated stolen-car database; one owner shot, one roughed up (S 21 4:14) <br /> <br />*P(f/h?) Driver arrested in computer muddle: two cars with same plates (S 17 1) <br /> <br />*i Police raid wrong house (twice), due to uncorrected database typo (S 17 1) <br /> <br />hP Two Russ Hamiltons with same birthdate; wrong one jailed (S 19 3:6) <br /> <br />*$h Rented car falsely listed as stolen leads to false incarceration (S 16 4) <br /> <br />*h ATM photo of wrong person sent as rapist/robber; ‘downloading error’ (S 16 4) <br /> <br />- Motorist gets citation based on photo, responds with photo of money (S 16 4) <br /> <br />hi Ex-worker falsely arrested for deleting files; files were there! (S 20 2:8) <br /> <br />fh? Man jailed erroneously because of computer glitch (S 23 3:23, R 19 58) <br /> <br />hi Mistaken identity: Going to jail innocently over a speeding ticket (R 19 69,71) <br /> <br />Ph Bank robbery "wanted" poster of wrong person due to unchecked match (R 19 29) <br /> <br />Pi 70-yr-old black woman Johnnie Thomas mistaken for erstwhile FBI-top-ten man <br /> <br />aliased as John Thomas Christopher while he was in jail; Oregon still would not <br /> <br />remove her name from their computers (S 27 04:, R 22 07) <br /> <br />Phi Ed Felten’s sister-in-law victim of name confusion with Ponzi schemer (S 27 3:8, <br /> <br />R 21 90) <br /> <br />*$SPhie More false arrests based on bad law-enforcement data and sloppy law <br /> <br />enforcement checks, failure to remove expired warrants (R 22 61, S 28 3:7-8) <br /> <br />*fh ATM time-synchronization errors lead to mistaken arrests (R 22 73,76,78,79, S <br /> <br />28 6:13) <br /> <br />..... Effects of false database information <br /> <br />False entry for felony arrest hinders job seeking (R 20 92: S 26 1:29-20) <br /> <br />hP Erroneous law-enforcement data from Choicepoint: Privacy Foundation’s Richard <br /> <br />Smith discovered he had been dead since 1976, and had aliases with Texas <br /> <br />convicts; Chicago woman misidentified as shoplifter and drug dealer, and fired. <br /> <br />(Florida election erroneous disenfranchisement of thousands of voters also traced to <br /> <br />bogus Choicepoint data; Choicepoint blames its data aggregator, DBT.) (R 21 42) <br /> <br />..... Prison problems: <br /> <br />!m Busy Philippine phone lines prevent stay of execution; ultimate denial of service <br /> <br />in unreceived death reprieve (R 20 47) <br /> <br />hi Philadelphia jail keeps 100 despite case dispositions (S 21 4:13, R 17 80) <br /> <br />*SHA Santa Clara prison data system (inmate altered release date) (S 10 1) <br /> <br />*SHA Drug kingpin escapes LA County prison via bogus release message (S 12 4) <br /> <br />SHA Convicted forger released from Tucson jail via bogus fax (S 17 1) <br /> <br />SHA Another phony-fax get-out-of-jail scheme: Richard Foster (S 23 1:14, R 19 27) <br /> <br />*f Seven Santa Fe inmates escaped; prison control computer blamed (S 12 4) <br /> <br />*hi Oregon prisoner escaped; frequent-false-alarm alarm ignored (S 12 4) <br /> <br />*ref New Dutch computer system frees criminals, arrests innocent; old system <br /> <br />eliminated, and no backup possible! (S 12 4) <br /> <br />Semh Another computer-miscontrolled jail enables escape (S 23 1:14, R 19 44) <br /> <br />hf Prisoner released due to program design flaw (S 23 3:23, R 19 59) <br /> <br />Sf Kenton County KY Detention Center cell doors opened spuriously, remained open <br /> <br />for 9.5 hours (R 20 24) <br /> <br />Sf New Southeastern Ohio Jail emergency evacuation system malfunctions, unlocks <br /> <br />doors prematurely, prisoner walks out! (R 20 83) <br /> <br />df New Tulsa County jail system development woes set back operation (R 20 39) <br /> <br />f New El Dorado jail cell doors won’t lock – computer controlled (S 13 4) <br /> <br />Sf San Joaquin CA jail doors unlocked by spurious signal; earlier, inmates cracked <br /> <br />Pelican Bay State Prison pneumatic door system (S 18 2:4) <br /> <br />fm Oklahoma power outage freezes jail doors (S 18 2:4) <br /> <br />f Northern Calif. jail-door openings due to software errors (S 19 3:11) <br /> <br />S Limon (Colorado) prison is claimed to be escape-proof! (S 18 4:10) <br /> <br />fmh Multitude of new Pittsburgh Jail system woes (S 20 5:9) <br /> <br />hi Data entry omission extends prisoner’s sentence (S 21 5:17) <br /> <br />hifm Baltimore (MIS)throws the book(ing database) at criminals (S 21 5:17) <br /> <br />@SP Justice Dept wants to scrutinize parolee computer use (R 18 70) <br /> <br />HSP Texas prisoner convicted of rape employed to enter Metromail survey results, <br /> <br />harasses respondents (R 19 13) <br /> <br />..... Other law enforcement problems: <br /> <br />fh$ UCITA, the Uniform Computer Information Transactions Act (Schneier, S 25 4:8 <br /> <br />and R 20 87, and Simons in August 2000 CACM Inside Risks); UCITA allows <br /> <br />vendors to have total immunity from liability; bar use of proprietary interfaces; <br /> <br />inhibit constructive reverse engineering, even for debugging and patching; install <br /> <br />trapdoors that enable them to disable installed software remotely! (electronic <br /> <br />self-help); forbid publication of criticism! OUTRAGEOUS. Already passed state <br /> <br />legislatures in Maryland and Virginia. UCITA encourages DoS and DDoS <br /> <br />Vulnerabilities (S 26 4:4-5, R 21 27); more on UCITA (R 21 35); It’s time to bury <br /> <br />UCITA (S 26 6:10-11, R 21 41) <br /> <br />@Sf SDMI Secure Digital Music protocol challenge cracked; RIAA threatened to sue <br /> <br />Princeton prof Ed Felten’s team if the results were published; the paper <br /> <br />presentation was withdrawn (S 26 4:5, R 21 37) <br /> <br />@Sf Lawsuit against 2600.com for posting DVD security crack DeCSS (R 21 37) <br /> <br />@f Digital Millennium Copyright Act (DMCA) problematic as well (S 26 4:5, R 21 <br /> <br />37) <br /> <br />P WIPO Copyright legislation, HR 2281; amendment permits reverse engineering for <br /> <br />crypto research and security evaluation (R 19 88) <br /> <br />m FBI Interstate Identification Index database system crashed on 11 May, for three <br /> <br />days preventing background checks of some 100,000 would-be gun purchasers, and <br /> <br />use of the NCIC 2000 Integrated Automated Fingerprint Identification System (R <br /> <br />20 88) <br /> <br />m*(!?) Inacessible database leads to police friendly fire in Spain (S 22 4:29, R 18 88) <br /> <br />$f New Dutch system fails to cope with police ticket writing (S 16 4) <br /> <br />* Undercover police use CHAOSNet BBoards in ‘snuff’ film bust (S 14 6) <br /> <br />fi INS suspends immigration process due to EDS fingerprint data format <br /> <br />incompatibility (R 20 10) <br /> <br />f Fault in electronic leg tag indicates false-alarm escape (S 14 6) <br /> <br />*mf System fails to report movements of murderer with electronic anklet (S 17 3) <br /> <br />fh Monitoring systems cause unintended changes in [Bell Canada operator behavior <br /> <br />and] Metro Toronto Police (S 18 2:6) <br /> <br />f Long Beach CA crime statistics affected by program error (S 16 2) <br /> <br />- Old bounced checks jail hotel employee on visit from Barbara Bush (S 17 3) <br /> <br />44 <br /> <br />$h Fees on unused account overdraw, generate felony arrest warrant (S 18 1:15) <br /> <br />- Swedish court fines parents for son’s overly long name (S 21 5:17) <br /> <br />i Australian court emulates Swedes (S 21 5:17) <br /> <br />@SH "Virus" removes security barriers in Italian judicial computers (S 17 3) <br /> <br />@$ NSWales computer deregisters all police cars; unmarked car scofflaw (S 15 2) <br /> <br />@SP Police can’t crack crypto used by Basque terrorist organization (S 17 3) <br /> <br />@SH* NY Police Department phone system cracked (S 21 5:19) <br /> <br />- Woman on murder charge blames chip implanted in brain by ex-husband (S 17 3) <br /> <br />fi Computer-generated will rejected by court (R 17 95) <br /> <br />fe When it was automated, Paris police computer mismatched split-out Corsican city <br /> <br />code with postal code, and was unable to collect motorists’ fines (R 19 41,42) <br /> <br />i Risks of Florida’s automating traffic citations (R 19 34) <br /> <br />- Computer glitch turns traffic ticket into sex conviction (R 19 73) <br /> <br />..... Law enforcement successes: <br /> <br />+ Forensic use of GPS to catch murderer (S 23 3:26, R 19 83) <br /> <br />Identity Theft, Internet Fraud, Mistakes, Related <br /> <br />Problems <br /> <br />..... Identity theft: <br /> <br />@$Phi Repeatedly detained (S 10 3:14 quoting David Burnham in The New York <br /> <br />Times; S 11 1) for actions of an impersonator, Terry Rogan wins rights violation <br /> <br />case (S 12 4); settles for $55,000 from LAPD (S 13 2) <br /> <br />$HP Imposter usurps Clinton Rumrill’s existence (S 19 3:7) <br /> <br />$HhP New license sent to imposter who plagued Charles Crompton (S 19 3:7) <br /> <br />$SH 550 felonies in 1991 for SSN misuse; 12 people adopt a single SSN; $10,000 <br /> <br />charge loss; 5 people cleaned out someone else’s benefits (S 16 4) <br /> <br />SP Impersonator transfers numerous traffic citations to victim (S 17 2) <br /> <br />SHA Masquerader’s name collision lands robbery victim in jail (S 23 1:14, R 19 28) <br /> <br />SHA NC identity theft defeated by victim’s wife (R 20 08) <br /> <br />SP Report on identity theft (S 25 3:22, R 20 77) <br /> <br />SPh Actor Jerry Orbach sues eBay for auctioning off a contract containing his SSN, <br /> <br />leading to fraud (R 20 85); new identity theft case (R 20 86) <br /> <br />SPHh Serious increases reported in identity theft (R 20 95, 21 04-05; S 26 1:34) See <br /> <br />http://www.calpirg.org for possible assistance if you have been had. <br /> <br />SPH California DMV fosters identity theft: 100,000 of 900,000 duplicate license <br /> <br />requests in 1999 were fraudulent! (R 21 07; S 26 1:34); Identity theft risks with <br /> <br />California driver’s licenses as primary IDs (R 21 29-32,36); and supermarket <br /> <br />discount cards (R 21 30); video rental aftermath (R 21 30) <br /> <br />SP Indiana University system penetration detected offloading of student info files; <br /> <br />fears of identity theft (R 21 29) <br /> <br />SH$ Pair held in plot to steal thousands of mortgage identities (R 22 72; S 28 4:9) <br /> <br />SHA Bogus computer-generated letters sent out in Bradford UK requesting original <br /> <br />birth certificates (suitable for identity theft!) so that local council could recreate <br /> <br />lost computer records (R 21 44) <br /> <br />SP More identity thefts: To drive or to avoid identity theft: mutually exclusive? <br /> <br />SSNs, laws, etc., nice analysis by Brett Glass (R 21 39); concerns for identity theft <br /> <br />often go unheeded (R 21 54); risks of identity theft resulting from moving, DMV, <br /> <br />SSN, etc. (R 21 54,55); huge identity theft uncovered: chat-room files with SSNs, <br /> <br />drivers’ license numbers (R 21 56) <br /> <br />$S FBI arrests dozens for Internet fraud, growing problem (R 21 42); Internet Ponzi <br /> <br />scam nets $50M (R 21 51) <br /> <br />$SH U.S. cracks down on Internet fraud; 130 people charged, 90 investigations <br /> <br />involving 89,000 victims, losses at least $176M (R 22 73, S 28 6:11); Gartner <br /> <br />Group estimates 3.4% of U.S. consumers suffered ID theft in 2002; arrests in only <br /> <br />one out of every 700 cases (R 22 82, S 28 6:11); identity theft victimizes 3.3 <br /> <br />million in 2002, costs billions: businesses $32.9B, consumers $3.8B; 6.6 million <br /> <br />victims of account theft (R 22 90) <br /> <br />$SHAO 18-yr-old Brazilian arrested for thefts using the Internet, with $3 million in <br /> <br />his account, stolen credit-card info, etc. (S 27 6:13, R 22 15) <br /> <br />SH Internet fraud complaints triple in 2002, including auction fraud, nondelivery of <br /> <br />goods, credit fraud, fake investments (R 22 71) <br /> <br />SP California birth records acquired by RootsWeb.com, placed on the Internet; <br /> <br />increasing risks of identity theft? Opt-out only (R 21 80); PGN attempted to opt <br /> <br />out. The response was that they have removed the entire databases for California <br /> <br />and Texas (R 21 81) <br /> <br />SP Identity theft without prior knowledge of SSN (S 27 2:14-15, R 21 82,83) <br /> <br />SHhH Another case of identity theft; identity hijacker reversed the corrective <br /> <br />changes! (R 21 93) <br /> <br />SHP Dictionary attacks can result in eBay identity theft (R 21 98); eBay lack of <br /> <br />security facilitates fraud, locks out legitimate user (R 22 01) <br /> <br />SPH Bogus "IRS Form W-9095" not issued by the Gov’t, with considerable identity <br /> <br />theft potential, renounced by Secret Service (R 22 02) <br /> <br />SP Stiffer penalties sought: 2 to 5 years in jail for aggravated identity theft (R 22 06) <br /> <br />SHAI/O Massive identity theft ring broken up misusing Ford Motor Credit <br /> <br />credentials, with 30,000 victims (R 22 40; S 28 2:13); <br /> <br />SHAI/O? Theft of information on 500,000 military-related from TriWest Healthcare <br /> <br />Alliance on 14 Dec 2002 (R 22 46; S 28 2:14) <br /> <br />SP Identity thefts: Alleged ID thief accused of identity theft on 12 Boston lawyers, <br /> <br />using birth certificates and credit reports, evaded authorities for a year; previously <br /> <br />convicted of fraud (R 22 20); Online job listing leads to ID theft scam via bogus <br /> <br />‘background check’ (R 22 35); 4MyEmergency.com gathers personal info in case <br /> <br />of disaster, ripe for misuse (R 22 26); Busboy pleads guilty to ID theft (R 22 28) <br /> <br />[follow-up on (R 21 29)] Potential ID theft risk in X-Box gamezone (R 22 39); <br /> <br />Identity thieves create change-ebay.com with a stolen credit card, scam obtains <br /> <br />eBay user names and passwords (R 22 40,43); H&R Block employees suspected of <br /> <br />identity theft against 27 customers (R 22 46) <br /> <br />SP+ Virginia Identity Theft Passport identifies theft victims as victims, (R 22 80,81) <br /> <br />and risks of its being forged! (R 22 83) <br /> <br />SHPf Virginia grievance system online, except SSN is all that is needed to access the <br /> <br />file (R 22 77) <br /> <br />$SHP Identity thefts doubled from 2001 to 2002 (R 22 52; S 28 3:7) <br /> <br />$SHP 19 charged in identity theft that netted $7 million in tax refunds (R 22 54, S 28 <br /> <br />3:7) <br /> <br />$SHP Identity theft evidently based on spoofing AOL (R 22 56, S 28 3:7) <br /> <br />SP Canadian Centre for genealogical information might become a Centre for Identity <br /> <br />Theft! (R 22 51) <br /> <br />SHP Fake job listings on Net fostering identity theft (R 22 60) <br /> <br />$SHP Identity mixup: NZ teacher identified as prostitute (R 22 62, S 28 3:7) <br /> <br />*$SHPh The darkest side of ID theft: victim being arrested (R 22 62, S 28 3:7) <br /> <br />*$SHPh Wrong man arrested after identity theft (R 22 62, S 28 3:7) <br /> <br />@*$SPhie More false arrests based on bad law-enforcement data and sloppy law <br /> <br />enforcement checks, failure to remove expired warrants (R 22 61, S 28 3:7-8) <br /> <br />..... Risks of identifiers, particularly as authenticators: <br /> <br />SPHfm Risks of national ID cards and supporting infrastructures, and risks of belief <br /> <br />in identities (S 27 1:11-12, R 21 74-75); see also <br /> <br />http://www.csl.sri.com/neumann/insiderisks.html#138 <br /> <br />SPIOA Risks involved in Social Security Admin PEBES database (R 19 <br /> <br />05,06,09,12); legislation to bar use of personal information (R 19 10); See PGN’s <br /> <br />U.S. House testimony on PEBES and identity theft <br /> <br />(http://www.csl.sri.com/neumann/ssa.html), subsequent extended position paper for <br /> <br />an SSA panel (http://www.csl.sri.com/neumann/ssaforum.html); more on PEBES <br /> <br />database problems (R 19 16); SSA restores PEBES service, with opt-in and a few <br /> <br />other safeguards (R 19 37) <br /> <br />SHA Knowledge of SSN sufficient to convince SSA falsely of Kirsten Phillips’ death <br /> <br />(R 19 39) <br /> <br />SP Risks of SSNs: Chris Hibbert’s SSN FAQ <br /> <br />(http://cpsr.org/cpsr/privacy/ssn/ssn.faq.html) (R 19 12); <br /> <br />SP CALPIRG Theft Identity Guide for protecting your identity <br /> <br />http://www.pirg.org/calpirg/consumer/privacy/toi/prevent.htm (R 18 91) <br /> <br />$Phi Discussion of identity cases, Inside Risks, CACM, 35, 1, Jan.1992. <br /> <br />P Identity theft risks with California driver’s licenses as primary IDs (R 21 29-32,36); <br /> <br />and supermarket discount cards (R 21 30); video rental aftermath (R 21 30) <br /> <br />$P Abraham Abdallah arrested while picking up equipment for making bogus credit <br /> <br />cards, had data-mined SSNs, addresses, birthdates, etc., for 217 of the Forbes <br /> <br />Magazine richest 400 U.S. people, also had 400 stolen credit-card numbers; caught <br /> <br />trying to make $10M transfer (S 26 4:9, R 21 29) <br /> <br />..... Other personal name confusions and mistaken identities <br /> <br />Phi More mistaken-identity nightmares: O’Connor, Taylor, Stapelton (S 13 2) <br /> <br />Phi Michael W. Klein, mistaken identity due to outrageous mismatch (S 20 2:7) <br /> <br />hi Two Belinda Lee Perrys share the same birthdate (S 21 4:13, R 17 88) <br /> <br />$Phi Identical database record names cause nasty tax problem in Canada (S 12 4) <br /> <br />h Two Steven Reids in Montreal sharing same birthday (S 18 1:22); See also Don <br /> <br />Norman et al., on-line (R 14 12-17) on Name Problems <br /> <br />hi Medical identity problem: confusion between Jim and James (S 23 3:24, R 19 46) <br /> <br />@f,h,i Ordering airline tickets on-line: name confusions on e-tickets, with similar <br /> <br />names (R 19 28) and identical names (R 19 29) <br /> <br />fh Nasty name recognition problem in New Mexico state DMV and tax system arises <br /> <br />in seeking interoperability (R 20 04) <br /> <br />e Memorial Society software upgrade loses some life-time members (R 21 08; S 26 <br /> <br />1:26) <br /> <br />$f? Disabled mother barred from receiving tax credits because of computer inability <br /> <br />to handle hyphenated surname (R 22 69) <br /> <br />45 <br /> <br />Other Legal Implications <br /> <br />!$ Deaths of 3 lobstermen in storm not predicted by National Weather Service – 3 <br /> <br />mos unrepaired weather buoy; $1.25M award (S 10 5) [NY Times, 13Aug1985] <br /> <br />Overturned by federal appeals court. [AP, 15May1986] (S 11 3) <br /> <br />!m Spider triggers alarm, investigating dog is sick, man is shot (R 18 46) <br /> <br />SPH+/-? Discussion of Communications Decency Act, unconstitutionality (R 17 74), <br /> <br />federal court judge enjoins indecency provision; foreign implications (R 17 <br /> <br />71,72,83,91,92, EPIC Alert 3.04); Federal Court rules against Communications <br /> <br />Decency Act (S 21 5:19); another ruling against Communications Decency Act (R <br /> <br />18 29) <br /> <br />S ITAR to allow personal-use export ("Matt Blaze exemption") (R 17 75, S 21 4, <br /> <br />SAC 14 3) <br /> <br />SP Judge: Computer encryption codes ruled protected speech (S 21 5:19); 9th Circuit <br /> <br />Court of Appeals upholds district court in Bernstein case (R 20 38) <br /> <br />$SH Anticracking bill S982 passes senate; between $2 and $4 billion in losses in <br /> <br />1995 reported (R 18 48) <br /> <br />P California court rules unwanted e-mails are "trespassing" in Intel case (R 20 35) <br /> <br />S ACLU files suit vs. Georgia Internet law against Web-spoof frauds (S 22 1:20) <br /> <br />f Caldera lawsuit over being sabotaged by Windows 3.1; MS claims lost source code <br /> <br />invalidates lawsuit! (R 19 94) <br /> <br />$ SAP sued by bankrupted FoxMeyer Corp. for delivering unsuitable <br /> <br />order-processing software; SAP disagrees (R 19 94) <br /> <br />$hi Publishing wrong phone area code (800 instead of 888) costs Gateway $3.6 <br /> <br />million in court settlement (S 27 6:10-11, R 22 17) <br /> <br />SH Theft of UN computers impedes war-crime prosecutions (S 21 4:18, SAC 14 3) <br /> <br />*$ EC Machine Safety Directive enables suits over unsafe HW/SW (S 18 1:26) <br /> <br />$hfff Salvage Association awarded £662,926 from CAP Financial Services after <br /> <br />badly botched accounting system was scrapped (S 18 1:8) <br /> <br />$H Logisticon disabled Revlon SW in contract dispute (S 16 1) <br /> <br />H? SoundWars: Creative Technology vs. Media Vision, SW sabotage? (S 17 4) <br /> <br />$PH INSLAW case over Promis SW – US House report available (S 18 1:7) <br /> <br />P Shetland Islands newspaper hyperlink controversy over Web links (S 22 2:20); <br /> <br />subsequent reports (S 22 4:27, R 18 78-79,81) <br /> <br />$PH Borland vs Symantec lawsuits based on MCI Mail evidence (S 18 1:19) <br /> <br />S Risks of VeriSign digital certificates – legalese (R 18 47) <br /> <br />$ MS-DOS 6.0 infringes on Stac compression, Microsoft pays $120M (S 19 3:8) <br /> <br />$ Reuters Holdings PLC delays Dealing-2000 over liability issues (S 16 1) <br /> <br />S Conflicting testimony in NYC case; differing phone records (S 16 3) <br /> <br />+ E-mail provides evidence in LA police probe (S 16 3) <br /> <br />ih Van Nuys CA doughnut shop turns up in LAPD database because it is closest <br /> <br />address to high-crime mini-mall street (R 18 70) <br /> <br />$SPH Case of Oracle wrongful termination based on e-mail evidence (R 18 07-08); <br /> <br />disposition: Adelyn Lee vs Oracle’s Larry Ellison: The (f)e-mail of the PCs is more <br /> <br />deadly than the bail (S 22 4:27-28, R 18 81) <br /> <br />! Discussion of New Orleans police chief murdering accuser despite wiretap (Shabbir <br /> <br />Safdar, R 18 01) <br /> <br />+ PC file name "murder" contains plotting details for alleged murder (S 16 3) <br /> <br />S? UK libel writ served overseas by e-mail (R 18 09) <br /> <br />@$f UK poll taxes uncollected; flaw in ICL Comcis SW; printout ruled invalid <br /> <br />evidence, unitemized dunning notices rejected by court (S 18 1:10) <br /> <br />+ Newly linked fingerprint file breaks unsolved SanFran 1984 murder (S 17 2) <br /> <br />SH+ Bogus flying-saucer message traps police-band sniffers (S 18 3:A8) <br /> <br />P+ Marijuana conviction based on anomalous use of electricity (S 18 3:A13) <br /> <br />$SH London police foil million pound hacking plot (S 17 2) <br /> <br />* Computer records for bus tickets contradict killer’s bogus alibi (S 17 1) <br /> <br />SPH Colorado Spgs Mayor reads Council e-mail, says it should be public (S 15 3) <br /> <br />$h US court rules computer malpractice in Diversified Graphics case (S 15 1) <br /> <br />$h Lawsuit vs Lotus’ Symphony dropped (omitted General Costs proposal section) (S <br /> <br />11 5:11-12, 12 1) <br /> <br />$fh SAP software leaves German SPD membership list in limbo (R 20 41) <br /> <br />$ Uncertainties about PC shutdown damage while under lawsuit (S 15 5) <br /> <br />$f Lloyds Bank pays £50K in libel suit over misbounced checks (S 18 1:13) <br /> <br />$* Risk: Analysis, Perception and Management (report), assessing the worth of a <br /> <br />human life around £2M to 3M, .5M in UK Transport Dpt (S 18 1:11) <br /> <br />@$S Laser printer counterfeiting and new US legislation (S 15 5) <br /> <br />@SH$ Lawsuit against Epson on e-mail privacy rights (S 15 5) <br /> <br />@SH Litigated cases (Mitnick, Zinn, Burleson, Morris, British Telecom, ...) <br /> <br />@SH Implications of Sun Devil investigations <br /> <br />@$SPH TRW settles lawsuit with FTC, 19 states on privacy violations and erroneous <br /> <br />data; improvements required, $300K payment (S 17 1) <br /> <br />*$ Can a computer system be held liable? (S 15 1) <br /> <br />$ Prodigy liable for contents because they exert editorial control (S 20 5:10) <br /> <br />+/-? Proposed Virginia law on self-disabling software (S 20 2:12) <br /> <br />** Launch on warning legality subject of law suit (S 10 2, 11 5) [suit lost] <br /> <br />H FBI’s Cal House sting: ten-fold rise in computer backup deletions (S 13 4) <br /> <br />$SH Cable freeloaders caught in sting by ad offering free T-shirt (S 18 2:14) <br /> <br />$SH Users of pirated Cadsoft stung by offers of free program (S 18 2:14) <br /> <br />$SH Cable-TV sting operation: Ireland traps stolen black-box users (S 19 4:13) <br /> <br />$hSH FBI Medicare sting backfires; reported losses exceed $160K (S 20 2:11) <br /> <br />$ Sex-therapy software risks (S 11 2) <br /> <br />$ Computerized sex ring broken; records seized (S 11 5, S 12 1) <br /> <br />S Further risks of computers in prostitution (S 14 1) <br /> <br />$ $3M hi-tech prostitution ring raided, 4000-name database captured (S 17 1) <br /> <br />$ Heroin smugglers caught; stored computer data used as evidence (S 12 1) <br /> <br />* 7 terrorists arrested via phone numbers in wrist-calculator (S 12 3) <br /> <br />+ Residual evidence still stored in Psion EPROM nabs drug smuggler (S 13 2) <br /> <br />+ Robbers call first, break in, erase answering machine message, but are caught based <br /> <br />on CNID record of the call (R 16 32) <br /> <br />SP Incorrect phone trace lands Bostonian in jail; digits transposed (S 20 3:11) <br /> <br />+ Portuguese drug ring ensnared by pager technology (S 19 3:10) <br /> <br />$ War-on-drugs communications network stalled by budget squeeze (S 17 2) <br /> <br />$H Schwab employees use e-mail to sell drugs (S 17 3) <br /> <br />* Detailed telephone bill provides alibi for accused murderer (S 12 1) <br /> <br />* Mobile phone ID may trap British kidnapper? (S 17 2) <br /> <br />$m Israeli supreme court appeal blamed on computer malfunction (S 11 5) <br /> <br />*$ Expert systems for criminal investigations (S 11 5) <br /> <br />$H Blackjack gambler with microprocessor faces trial (S 13 2) <br /> <br />$H Financial-computer penetrator acquitted: "Welcome to the..system" (S 12 1) <br /> <br />$h Man arrested after shooting his computer (S 12 4) <br /> <br />$H America’s Cup floppies held to ransom for telemetry data (S 12 1) <br /> <br />$H Computer network used to advertise $250,000 in stolen ICs (S 12 3) <br /> <br />$H U2 rock-band ticket oversell detected, shuts out scalpers (S 17 2) <br /> <br />$h Canadian civil servants charged $1,270 for private computer use (S 12 3) <br /> <br />$h NM court’s docketing files erased in botched backup; $1300 cost (S 15 3) <br /> <br />- Brazilian corruption probe runs out of computer resources (S 19 1:3) <br /> <br />$P Minnesota Nintendo Lottery from your home proposed, withdrawn (S 17 1) <br /> <br />SPH Exon anti-cyberporn bill (S 20 3:11) <br /> <br />SHI Massachusetts welfare fraud investigators fired: tax-record misuse (S 22 1:20) <br /> <br />$S Risks of Conn. fingerprinting system to catch welfare recipients (R 18 69) Also, <br /> <br />note earlier NY Medicaid proposal (R 13 40) <br /> <br />- Self-help legal software illegal in Texas? (S 24 3:26, R 20 21) <br /> <br />? Federal Court holds that source code is a functional device (Peter Junger, R 19 88) <br /> <br />h Intel "accidentally" sues potential partner, Via Technologies (R 20 38) <br /> <br />Other Aggravation <br /> <br />..... Risks of whistleblowing: <br /> <br />$h Edward F.Wilson, whistleblowing aerospace SW Quality Assurer fired, life <br /> <br />threatened (S 11 3) <br /> <br />- Roger Boisjoly fired after reporting O-ring problem that led to loss of the <br /> <br />Challenger. (See Challenger, in SPACE, above.) <br /> <br />- Ted Postol harassed after report downgrading Patriot defense shortcomings (See <br /> <br />Iraqi scuds, <br />under DEFENSE, above.) <br /> <br />..... Internet and on-line hazards: <br /> <br />PH Sexual harassment suit against Univ.Wisc-Madison over computer use by an <br /> <br />individual (S 22 4:29, R 18 83) <br /> <br />i Sending the wrong message with flowers: interface risk (S 23 3:25, R 19 53) <br /> <br />h A risk of not keeping Web pages updated (S 23 1:12, R 19 41) <br /> <br />H Citibank sued for racist e-mail (S 22 4:29, R 18 83) <br /> <br />$H Internet scams: beware of pyramid schemes, bogus services, misleading <br /> <br />equipment sellers, frauds, work-at-home offers (S 22 1:22) <br /> <br />@$SPH 2,300 credit-card numbers stolen from ESPN Sportszone, NBA.com (R 19 <br /> <br />24). <br /> <br />$H E-mail scam from "Global Communications": dunning notice (S 22 1:22) <br /> <br />SH U.S. Intelligence agencies reportedly hacked into European systems (R 18 30) <br /> <br />h Cutting off husband’s cybersex leads to assault (S 22 2:20) <br /> <br />P French police raid leading Internet service providers (R 18 21) <br /> <br />SPh Danish government puts its own records on the Web, illegally (R 18 63) <br /> <br />Se Intel LANDesk Manager reaches directly into networked workstations (R 18 59) <br /> <br />SP Detroit man charged with e-mail stalking (S 19 4:12) <br /> <br />P Gina Smith (ABC News) saga of e-stalker described in Commonwealth Club forum <br /> <br />on privacy, 24 July 1997 <br /> <br />SHI Emeryville Ontario cyberstalker (Sommy) (R 19 08) turns out to be family’s son <br /> <br />(R 19 10,11) <br /> <br />Vhi Risks of information (being and) not being on the Net: black holes (R 20 14-15) <br /> <br />hf Risks in AT&TWireless PCS text messaging problems (R 20 52-53) <br /> <br />46 <br /> <br />hi 50 million U.S. adults at risk for Internet illiteracy (R 21 08-09; S 26 1:18) <br /> <br />hi Computers eroding Chinese culture and calligraphy (R 21 24) <br /> <br />..... Spelling checkers and misplaced correction <br /> <br />*h Spelling corrector fingers Mafia "enforcer" as "informer" (S 12 4) <br /> <br />h Spelling checker for massive drug abuse? Changes "payout" to "peyote" (S 17 3) <br /> <br />h Risks of spelling checkers: goddamn for Goldman; NAUSEA for NASA; colada for <br /> <br />collider; one product name for another! Wilted for WilTel; (S 19 3:11) <br /> <br />- Mispeler: Kafka, Musil, Schnitzler to Kaffee, Muesli, Schnitzel (S 20 5:8) <br /> <br />- "Notre Dame" trashed by grammar checker for use of "dame" (S 20 5:8) <br /> <br />hi A spelling-checkered existence: WSJ says Tony Blair "eLabourated" (R 19 12) <br /> <br />hi More spelling curiosities: semper fidelis corrected to semipro fiddles (R 19 34-36); <br /> <br />html mangling of & character (R 19 35); Cambridge (UK) City Council letter <br /> <br />(spelling-checked) begins, "Dear Sir or Madman" (R 19 50); Dutch spelling <br /> <br />checker turns Campbell into kampbeul (camp bully) (R 19 65); Spelling checker <br /> <br />converts General Engr to General Negro (R 19 97); More spelling checkerisms: <br /> <br />"Pope Beautifies 10 more" (R 20 24) <br /> <br />fhi More spelling checker uncorrections: Relying on them increases errors in study (R <br /> <br />22 64-65); Regelsatz replaced with Regenschutz (R 22 66); Reuters spelling <br /> <br />checker repeatedly renames Amritsar to AmriCzar (R 22 71); "Jeff Jackboot" for <br /> <br />columnist Jeff Jacoby (R 22 72); AP item on NYTimes site cited Justice Clarence <br /> <br />Thomas referring to Turgid Marshall, instead of Thurgood, for a few minutes until <br /> <br />fixed (R 22 73); MS.Mail changed Org Chart to Orgy Chart (R 22 73); References <br /> <br />to Osaka bin Laden on the Web R 22 74) (some appear to have been fixed <br /> <br />subequently) <br /> <br />h "Sussex villages" corrected to "Susan villages" in quote of Finest Hour: The Battle <br /> <br />of Britain (R 20 98) <br /> <br />f Nick Atty addressed as "Mr. Attorney" (R 20 25) <br /> <br />f Microsoft Word grammar checker suggests rigor mortis for school reviews (R 18 24) <br /> <br />f Microsoft Office 97 automagically transforms Michael Steffen Oliver Franz’s <br /> <br />initials ‘msof’ into ‘Microsoft Office’ (R 18 79) <br /> <br />h Etalfried Wedd’s Loan Authorization, another name garbling (S 15 5) <br /> <br />h More on word processor context edit garbles (S 16 2) <br /> <br />h Newspaper search-and-replace: "back in the black" changed to "back in the <br /> <br />AfroAmerican" (S 15 5) <br /> <br />ih "tif" to "jpg" fix results in arjpgicial, idenjpgied in Sydney paper (R 18 24) <br /> <br />hi More spellchecker woes, in Radford University sports pages (S 20 1:17) <br /> <br />hi Enola Gay: Another text substitution (S 20 1:17) <br /> <br />i More spelling corrector amusements (Internet to Interment, etc.) (S 21 2:19) <br /> <br />- Limits of automated newsgathering: rugby position (hooker) confused with sex <br /> <br />news (S 22 2:20) <br /> <br />fh CNN report on Gary Shandling lawsuit names him as "Changeling"; spelling <br /> <br />corrected? (R 20 47) <br /> <br />i DNS directory use results in spelling corrector transforming "washtech.com" to <br /> <br />"washes.com" porn site (R 21 37) <br /> <br />i Spelling checker on London City Univ. department head’s memo: CS changed to <br /> <br />Chihuahuas (R 21 83) <br /> <br />i Spelling corrector munged HP’s 2002 annual report: David and Lucite Packard <br /> <br />Foundation, Edwin van Pronghorns, Eleanor Hewlett Limon, and Mary Hewlett <br /> <br />Gaffe, instead of Lucile, Bronkhorst, Gimon, and Jaffe, respectively (R 21 90) <br /> <br />i Spelling correction: experiment becomes excrement courtesy of MS Outlook (R 22 <br /> <br />42) <br /> <br />..... Automated natural-language translation <br /> <br />f Systran French-English automatic translation oddities (S 15 1) <br /> <br />i Problems with computerized "translation" of English to Danish (S 21 2:19) <br /> <br />fh AltaVista translation interjects "communist" in Esperanto "Prague Manifesto" (R <br /> <br />19 51) <br /> <br />f Yahoo! Mail transforms some words in attachments when displayed (R 21 27,29,34) <br /> <br />fi MS Word saves omegas as W; electrical resistances become kilowatts (R 21 29,33) <br /> <br />..... Name, number, word confusions (other than false arrests): <br /> <br />rf U.S. Social Security Admin systems cannot handle nonAnglo names, affecting <br /> <br />$234 billion for 100,000 people, some back to 1937 (R 18 80) <br /> <br />hi? Minnesota State Senate candidate victim of photo "mistake"? (S 22 1:20) <br /> <br />- Risks of hyphenaters as in e-mail or E-mail vs. hyphenhaters as in email and Email: <br /> <br />confusions avoided with hyphens (R 17 95,96, 18 01-04) [Note: email is a perfectly <br /> <br />good French word.] French Culture Ministry bids adieu to the word ‘e-mail’, <br /> <br />urging instead use of "courriel" (R 22 82) <br /> <br />f Two John P. Taylors with same birthday get only one vote (S 17 4) <br /> <br />$f FL health services computer glitches; two babies identified as one (S 17 4) <br /> <br />$fi 1st patient with NO SSN, 9 months old, gets billed for many others (S 17 4) <br /> <br />h Mistaken duplicate SSN accusation hits NH Congressman Bill Zeliff (R 18 38) <br /> <br />$e Cygnus XI BBS phone number recycled to dermatological DB; unknowing access <br /> <br />attempts by telecomm SW triggered 4 equipment confiscations (S 16 3) <br /> <br />hi Living soldiers listed as dead on Viet Vets’ Memorial; input error (S 16 2) <br /> <br />- Computer (cash register) as excuse for poor restaurant service (S 16 1) <br /> <br />Sf Microsoft Trojan horse in Office97 installation (R 19 29) <br /> <br />i Fax program substitutes outgoing fax number for @a (S 21 2:20) <br /> <br />h Bulk US Mail from CA to Switzerla ND delivered abroad [fraud?] (S 14 6) <br /> <br />f Walter Jon Williams’ SciFi novel glitched by letter substitutions (S 15 1) <br /> <br />ih Spelling corrector blamed for changing ACLJ to ACLU (S 19 4:10) <br /> <br />e/ih Library automation loses catalog detail; Madonna becomes Mary, ... (S 19 4:11) <br /> <br />hi Spellchecker goes beserk; editorial maimed ("boss" changed to "DOS") (S 20 2:9) <br /> <br />h LA Times splices two stories together (S 20 2:9) <br /> <br />$h 40,000 copies of book printed from unedited file by mistake (S 15 2) <br /> <br />fe Bible concordance program shuffles text; marvelous garbled text (S 16 1) <br /> <br />$f Bank computer develops costly crush on Fionas (S 20 5:10) <br /> <br />- Anglican Primate gets query on Primate Research; amusing response (S 17 3) <br /> <br />h CDs mislabeled; Dead Kennedys shipped as religious discs (S 18 2:5) <br /> <br />($)m Effects of single-segment errors in digital displays (S 14 1) <br /> <br />f Glowing letter of credit recommendation to ‘Bob A. Speake, Deceased’ (S 16 4) <br /> <br />- Truncations beget name change (Community College of the Finger [Lakes]) <br /> <br />h MS Mexico recalls offensive Spanish-language thesaurus (R 18 25) <br /> <br />Hi Vanity e-Mail domain names (e.g., DukeU.com) rile college administrators (R 18 <br /> <br />50) <br /> <br />i More on European comma versus U.S. period in numbers (R 18 79) <br /> <br />i Help-desk question on "Press any key": Where’s the <br />any key? (R 19 60) <br /> <br />SPh Leftover phone numbers in supposedly new cell phone (R 20 15) <br /> <br />ei INTUIT support line sold off to sex support line (R 20 15); domain name change <br /> <br />results in URL pointing to porno Web site (R 20 17) <br /> <br />hi Risks of 3-letter user IDs for free e-mail accounts (R 20 39-40) <br /> <br />h Grave error! Automated survey mailing software reaches for The Occupier, Burial <br /> <br />Ground in UK (R 20 05) <br /> <br />fi Opera browser confuses Australia (.au) and Austria (.at) (R 22 36) <br /> <br />..... File and domain name confusions <br /> <br />i Multilingual naming problems [if you remove the hyphen inserted to prevent <br /> <br />filtering of this file]: powergen-italia (R 22 81-83); experts-exchange.com (R 22 <br /> <br />83); who-represents.com (R 22 83) <br /> <br />i Risks of naming files "core" (S 21 2:18) <br /> <br />h Risks of non-portable configuration files (R 17 62) <br /> <br />h Centraal Corp.’s browser uses single words instead of URLs; "bambi" was a bad <br /> <br />choice, and led folks to a porn site! (R 19 63) <br /> <br />f Lynx 2.7.1 browser on mistyped URLs coerces http.org domain (R 19 42) <br /> <br />i Risks of Internet keywords in searching on incomplete URLs (R 20 10) <br /> <br />i Missing hyphen in URL nets similarly named porn site (R 19 63) <br /> <br />fhi More cases of misaddressed mail: off-by-one letter in domain (R 20 35) and <br /> <br />reused domain (R 20 37); and systems doing what they thought you meant, not <br /> <br />what you meant, in Outlook Express (R 20 36-37); Dodgy automatic address book <br /> <br />resolution reported using IE5/Outlook 98 (R 20 34), and a similar experience (R 20 <br /> <br />36); confusion on MS Web site between versions of NT 4.0 Service Pack 4 and 5 <br /> <br />(R 20 37); Flash BIOS chips needing reprogramming (R 20 35) <br /> <br />SAh,h Linux banned after Samba misconfigation blocks NT authentication (R 20 61) <br /> <br />hi Domain-name confusions (R 20 40) <br /> <br />..... Tax problems <br /> <br />$h David Brinkley gets erroneous $2137 penalty from IRS, retaliates (S 12 4) <br /> <br />$h IRS computer issues illegal $47,000 bill (S 13 1) <br /> <br />$h? IRS mistakenly sends Dickie Ann Conn $1B for $67K back taxes (S 16 2) <br /> <br />fh IRS incorrectly warns 90,000 taxpayers of Nannygate delinquency (R 19 28) <br /> <br />$drS IRS computer project a four-billion-dollar fiasco (S 21 4:12); IRS drops Internet <br /> <br />Cyberfile tax filing plan (S 22 1:19) <br /> <br />h/m? Multiple (16,000!) California tax forms mailed to some businesses (S 22 2:20) <br /> <br />@$e SW patch adds $10-30 to 300,000 auto tax bills in Georgia (S 19 3:5) <br /> <br />$h/m? San Francisco’s property tax computer fails to send bills (S 16 2) <br /> <br />$h/f? British poll tax tales: bill for £4M instead of 70; bill delivered to "Occupier" at <br /> <br />a bus stop in Kent. (S 15 3) <br /> <br />$f UK poll taxes uncollected; flaw in ICL Comcis SW; printout ruled invalid <br /> <br />evidence, unitemized dunning notices rejected by court (S 18 1:10) <br /> <br />f 1.3m-pound award against ICL for faulty poll-tax software (S 20 1:17) <br /> <br />$fh Bug in MacInTax drops "other" income in recalculated tax returns (S 17 3) <br /> <br />f 20 income-tax preparation programs give 20 different results (S 19 4:10) <br /> <br />f Intuit TurboTax, MacInTax incompatible with Quicken data (S 20 3:9) <br /> <br />SPf MacInTax security glitch leaves Intuit master system vulnerable (S 20 3:9) <br /> <br />f Another MacInTax glitch (S 22 4:29, R 18 88) <br /> <br />($)f New problems with Intuit tax software for 1996 (S 21 4, R 17 75) <br /> <br />$fh Tax-program bug causes $36,000 overpayment (S 18 3:A6) <br /> <br />f QuickTax 97 miscalculates self-assessment taxes (R 19 30) <br /> <br />@$Phi Identical database record names cause nasty tax problem in Canada (S 12 4) <br /> <br />..... Other cases: <br /> <br />47 <br /> <br />!f Hillsborough soccer computerized turnstile totals erroneously indicate space <br /> <br />available, allowing serious overcrowding (S 14 5) <br /> <br />![H?] 8 deaths, 1 disappearance, 1 injury relating to Marconi systems (S 12 3) <br /> <br />(ultimately 9 deaths) (S 12 4) <br /> <br />!Vh False computer data shuts off home power; alternative kills girl (S 12 1) <br /> <br />fm California government agencies’ computers fail, cars impounded; Pac*Bell <br /> <br />blamed (R 20 62) <br /> <br />*f Briton survives "sea monster" attack due to computer glitch (S 19 3:5) <br /> <br />Sf Overload caused Experian credit reports to go to wrong people (R 19 31) <br /> <br />$hi TRW blows credit reports for everyone in Norwich VT; 1 input error! (S 16 4) <br /> <br />$hi TRW false data misreports local taxes; TRW blames subcontractor (S 17 1) <br /> <br />@$ TRW settles lawsuit with FTC, 19 states on privacy violations and erroneous <br /> <br />data; improvements required, $300K payment (S 17 1) <br /> <br />$fP Credit queries from shopping around can be cumulatively harmful (S 16 4) <br /> <br />$f Casino blames $320,000 jackpot on malfunction, reneges on payoff! (S 16 1) <br /> <br />$h Pepsi promotion .5M winners blamed on computer glitch (S 17 4) <br /> <br />*h Wrong bar codes result in water shut-offs in Utah (S 14 6) <br /> <br />f Nielsen snafu hurts cable network’s ratings (S 23 1:11, R 19 37) <br /> <br />$f Software error really messes up ’round the world yacht race (S 14 5) <br /> <br />fh SW prevents correction of recognized Olympic skating scoring error (S 17 2) <br /> <br />fi Computer scoring glitch at Olympic boxing: evident winner loses (S 17 4) <br /> <br />f/h? Computer-generated sports scores recycle old results (S 18 1:11) <br /> <br />$h $300,000 budget error downsizes Whig Standard (Kingston, Canada) (S 17 2) <br /> <br />*h Weather Service false warnings, disaster reports in live test (S 12 2) <br /> <br />he Computer test residue generates false tsunami warning in Japan (S 19 3:4) <br /> <br />*$hi Poor input data blamed for nonprediction of European storm (S 13 1) <br /> <br />fi Limitations of mouse-based interfaces on disabled persons (R 18 87,88) <br /> <br />*m Carrier control unit blamed for nuclear false alarm (S 11 5) <br /> <br />f/m? Channel Tunnel syndrome? Train false alarm triggers evacuation (S 19 4:8) <br /> <br />V Channel Tunnel closed in both directions on 20 Aug 1997, cause not reported (R 19 <br /> <br />32) <br /> <br />$df Bargain Harold’s receivership blamed in part on computer problems (S 17 3) <br /> <br />h British Telecom test computer wakes up customer at 4:30am daily (S 18 1:6) <br /> <br />Vi Program conventions cause network outages, terminal crashes (S 18 3:A4) <br /> <br />f/h? ADP flubs cause wrong shareholder votes, wrong labor stats (S 18 3:A4) <br /> <br />Vh "Buffer overload" crashes network bridge: floor buffer! (S 22 1:19) <br /> <br />$e Oklahoma computer system upgrade foulup delays payroll (S 15 5) <br /> <br />f$ Washington State unemployment checks "delayed" (S 22 2:20) <br /> <br />hi Larger type font causes key sentence at bottom of the page to be omitted from <br /> <br />Queen Elizabeth’s speech in Poland (R 17 95, 18 01) <br /> <br />S PostScript printer chip Trojan horse? Password changed (S 15 5) <br /> <br />$SHi Eugene Smith, 33, legally dead after impostor dies in accident (S 17 4) <br /> <br />$h Customer declared dead by bank computer; effects propagated (S 11 3) <br /> <br />$h Vancouver woman, dead to revenuer database, can’t collect refund (S 13 4) <br /> <br />$i Dutchman’s death masked for 6 months by automatic payments (S 16 2) <br /> <br />$i Computer-paid bills mask death of Swedish woman for 3 years (S 19 1:2) <br /> <br />$h Auto insurance program misses 18,000 bad-driver surcharges (S 15 1) <br /> <br />$ Montreal life ins. company dies due to SW bugs in integrated system (S 17 2) <br /> <br />$f Comm delays: $1100 debit for aborted withdrawal, side-effects (S 12 1) <br /> <br />fh New computer system duns students for loans not due (S 18 2:9) <br /> <br />$i Keystroke "record" and "replay" accidentally reissues old orders (S 17 1) <br /> <br />$f Swedish union fees miscomputed when salary over 32767 crowns (S 18 1:14) <br /> <br />$h $63 data entry converted to $6.3M electric bill (S 16 1) <br /> <br />$h Tampa electric issues bill for $5M instead of $146.76 (S 13 4) <br /> <br />fhi Another large electrical bill (R 22 68) <br /> <br />$h Wrap-around problems in meter reading cause erroneous bills (S 13 4) <br /> <br />$h $22,000 water bill for almost 10M gallons; new_meter <br />􀀀 old_meter! (S 16 4) <br /> <br />$hif Another enormous water bill due to new meter installation (S 20 2:8) <br /> <br />ef$ Water company software upgrade results in monster water bill and threats of <br /> <br />penalties and interest (R 20 12) <br /> <br />$fhi Computer error means 2.3-trillion-pound electricity bill (R 22 61); possibly the <br /> <br />old =A323.19 million representing 23 pounds 19 pence? (R 22 62); similar <br /> <br />problem in Victoria, Australia (R 22 64) <br /> <br />$hi Student at U. New South Wales gets bill for more than $3M Australian – an <br /> <br />amount identical to his student number! (R 22 59) <br /> <br />f British Gas blames SW for sending 15,000 customers false warnings (S 19 2:4) <br /> <br />$f/m/h? Computer error halts fuel payments for 1,128 people in England (R 22 61) <br /> <br />$f Marks&Spencer Visa charges in Paris accidentally multiplied by 100 (S 17 3) <br /> <br />$f 28 Krispy Kreme customers each charged exactly $84,213.60 (R 22 61) <br /> <br />$f NCStateUniv computer mismatches names, addresses on 6000 bills (S 13 4) <br /> <br />$SH Blue Cross/Blue Shield victim of computer generated prank letter (S 13 1) <br /> <br />$f Democratic National Committee thank-you mailing mistitled supporters (The New <br /> <br />York Times, 16 Dec 1984) <br /> <br />f British NHS computer sent out letters to males with female names (S 12 4) <br /> <br />eh Automated postal canceller blurts out unfortunate test message (S 17 1) <br /> <br />f Red valentine envelopes unreadable by automated mail sorters (S 18 2:6) <br /> <br />m Earthquakes: 3 of 5 reported never happened; microwave static (S 11 5) <br /> <br />h Query of vacationing programmer starts beer panic (S 11 5) <br /> <br />hi German parking violators falsely accused of war crimes (S 20 1:17) <br /> <br />$fi Chicago cat owners billed $5 for unlicensed dachshunds. Database match on DHC <br /> <br />(dachshunds, domestic house cats) with shots but no license (S 12 3) <br /> <br />h Mass. state budget plan 50-page loss attributed to "Virus"! (S 16 2) <br /> <br />fh Mass. jury selection computer issues multiple summonses (S 15 2) <br /> <br />fi 8-year-old called for jury duty (R 17 91,92,94) <br /> <br />$h Computer program misdirects 30,753 Minneapolis school children (S 12 4) <br /> <br />$hr 887 Boston school assignments botched; lost tape, no backup (S 14 6) <br /> <br />f/h? Newark NJ high school computer breakdown mangles class schedules (S 17 1) <br /> <br />h Indian program to reroute bus lines trounced (S 11 5) <br /> <br />$m Microwave oven erases comic’s 3 years of personal computer data (S 12 2) <br /> <br />fi System deletes a file; each step makes sense, but the result is broken (R 19 57) <br /> <br />- Beware of bogus diploma mills on the Net (R 19 52) <br /> <br />$ef University software development fiasco; academic record system cutover still not <br /> <br />working properly after one year (R 22 57) <br /> <br />h/f? Cornell mistakenly sends hundreds of acceptance letters to previously rejected <br /> <br />candidates (R 22 60) <br /> <br />h Univ. Central Florida did not cut off student registration (S 12 3) <br /> <br />SH On-line class registrations deleted by other students at UBC (S 18 1:19) <br /> <br />fh "Computer error" affects hundreds of UK A-level exam results (R 19 40) <br /> <br />f British school examination program gave erroneous grades (S 11 5) <br /> <br />f Faulty computer program blocks promotion of fifth grader (S 12 2) <br /> <br />h Computer gives law student wrong exam, passes him, after disk fix (S 12 2) <br /> <br />f Four students victimized by grade spreadsheet error (R 19 89) <br /> <br />hi Danville CA students expelled due to misinterpretation of overloaded database <br /> <br />fields (R 17 87-89) <br /> <br />h Svensson’s Tennis rankings affected by name confusion (S 16 2) <br /> <br />m PC EncROACHment: advice on roaches invading PCs (S 15 5) <br /> <br />mi "My DOS ate my homework" (Blame it on the computer!) (S 13 3) <br /> <br />h? Saudi Arabian uses computer to organize harem; it runs him ragged (S 13 2) <br /> <br />f Computer error blamed for French diplomatic fiasco (S 13 2) <br /> <br />- Computer service selects ex-wife as "ideal" mate for divorced man (S 12 1) <br /> <br />H Stolen disk and digital audio equipment affects Stevie Wonder concert (S 13 4) <br /> <br />H Bogus messages inserted in bank statements, TELEXes, prescriptions (S 13 2) <br /> <br />$f British Customs computer ‘loses’ 35.6 million bottles of wine (S 14 6) <br /> <br />$f Automated Maryland food stamp computer overloads, jams many stores (S 17 3) <br /> <br />f Overly clever failsafe system shuts down Australian TV transmission (S 17 3) <br /> <br />h Washington Post runs OLD stock prices; file-name confusion (S 20 2:11) <br /> <br />fhi MIME-Messages: quoted-printable characters mess up URLs (R 20 40) <br /> <br />$h Hot-metal print supervisor uses mallet on computerized typesetter (S 15 2) <br /> <br />$h Closed-fist-like pattern observed in damaged keyboard (S 15 2) <br /> <br />+ In-flight PC battery recharging leads to shaver outlet disabling (S 17 2) <br /> <br />fm Apple PowerBook portable computer battery problem (R 17 36) <br /> <br />+/-? Sabbath restrictions bypassed by using extensive autotimers (S 15 3) <br /> <br />- Effects of deaths of Tamagotchi virtual e-pets; more than just a game? Counseling <br /> <br />available (R 19 20,36,37) <br /> <br />hi Risks of PostPet Japanese game (R 20 28); MS Outlook 98 has similar risks (R 20 <br /> <br />29) <br /> <br />@- Various cases of gobbled bank cards noted above. <br /> <br />@* Various false arrest cases noted below. <br /> <br />f MIT system weather command gives "Temp: 2147483647 F (2147483647 C)"; yes, <br /> <br />that’s <br />􀀀 <br /> <br />(R 20 51-52); USA Today weather page: high of 577 F (R 20 58) <br /> <br />? NOAA radio +61 degrees F, wind-chill -64 (R 20 57) <br /> <br />+ NOAA satellite tracking system seen as having saved 4,500 lives since 1982 (R 22 <br /> <br />53) <br /> <br />$he $239M Lockheed Martin NOAA-N Prime spacecraft fell off cart, inflicted serious <br /> <br />damage; bolts removed improperly from cart (R 22 91) <br /> <br />f Kangaroo helicopter responses mess up Australian virtual-reality simulators (R 20 <br /> <br />47,76) <br /> <br />Calendar/Date/Clock Problems including Y2K <br /> <br />..... Y2K Manifestations: approaching 1/1/00 <br /> <br />$rfed Many of the following Y2K problems are the result of decades of collossal <br /> <br />short-sightedness, in requirements specification in the first place, as well as <br /> <br />throughout the development process. Note that in 1965 the Multics development <br /> <br />effort recognized the 35-year-away Y2K problem and addressed it quite <br /> <br />constructively, using a 71-bit date-time field lasting long after Y2K. The costs are <br /> <br />48 <br /> <br />staggering. The lessons that should be learned from this experience are profound. It <br /> <br />is not just the Y2K remediation that is relevant – it is the entire software <br /> <br />development process. [I have not even bothered to insert the new "r" descriptor in <br /> <br />those cases below in which faulty requirements are obviously implicated!] <br /> <br />f Discussion of date and century roll-over problems: Fujitsu SRS-1050 ISDN display <br /> <br />phones fail on two-digit month (10); 1401 one-character year field; COBOL <br /> <br />improvements; IBM 360 (S 20 2:13) <br /> <br />f Year 2000? Don’t forget 1752 and 30 February 1712; two references (S 20 5:11) <br /> <br />$f Estimated costs of 1999-to-2000 date fix (S 21 2:16) <br /> <br />$f When the Clock Strikes 2000: U.S. Fed Govt cost $30 billion? Only 70% to be <br /> <br />fixed in time? (S 21 5:18) <br /> <br />f$ More Y2K problems: Visa credit-card expiration-date problem and legal liabilities <br /> <br />(R 18 63,74,75) <br /> <br />$ Lawyers look forward to the year 2000 (S 22 2:23) <br /> <br />f$$ Lots more on Y2K (R 18 74-80,82,83-84,87-88), including the unforesightful use <br /> <br />of "12/99" as an out-of-band date flag (R 18 88); more on Y2K and other <br /> <br />date/calendar/daylight arithmetic problems (R 19 02,03,06,08-12); costs to <br /> <br />reprogram in UK (R 19 07); Y2K cost estimates worldwide now up to $600 billion <br /> <br />(R 19 10) <br /> <br />Vf More on Y2K: sliding window approach, year-2069 problem (R 19 13); (R 19 14); <br /> <br />year 2106 and 2038 problems in Unix (R 19 15); year 65,536, leap seconds, UTC <br /> <br />vs TAI (R 19 16); DEC OpenVMS expired on 19 May 1997 (R 19 18); clock <br /> <br />synchronization (R 19 18); Java Y2K problem arises in the year 292271023 (R 19 <br /> <br />21) <br /> <br />$f Y2K problem blocks UK divorcing couples from splitting pensions (S 22 1:19) <br /> <br />? Millenium fears lead to Virgin Birth insurance policies (in addition to alien <br /> <br />impregnation policies) (S 22 1:19) <br /> <br />SH Nasty scam exploiting Y2K authorization expirations (R 18 68) <br /> <br />fde Y2K: Tcl 8.0 bytecode compiler Y2K risks; 00-38 now 2000-2038 (R 19 35-37); <br /> <br />Y2K and C (R 19 37-38,40); non-Y2K problems with Java Date classes (R 19 38) <br /> <br />Vfe DoD Global Command and Control System (GCCS) fails Y2K test (R 19 38) <br /> <br />$ Y2K lawsuit: Produce Palace International sues Tec-America (R 19 29) <br /> <br />- American Megatrends: "Year 2000 compliance means that the internal BIOS date <br /> <br />and time clock will continue above the date 1999. It will not reset itself after 1999 <br /> <br />to the date of 1980. It will continue to the date of 2099 before resetting to 1980." <br /> <br />(R 19 60) <br /> <br />H Y2K spam scam: jobs offered with no experience required (R 19 46) <br /> <br />- Ottawa firm registers "Y2K" as trademark (R 19 47) <br /> <br />f Freecell degenerates on erroneous date: Y2K and random numbers (R 19 48) <br /> <br />f Potential risks of backup and recovery after Y2K (R 19 55) <br /> <br />Vf PDP-11 Y2K leap-year bug with German clock board (R 19 56) <br /> <br />f Risks of testing Y2K by setting clocks ahead (R 19 56) <br /> <br />fe IRS Y2K fix threatens 1,000 taxpayers erroneously; IRS needs to check at least <br /> <br />62M lines of source code for Y2K (R 19 57) <br /> <br />$f More on Y2K lawsuits: North Carolina contemplating suing computer industry (R <br /> <br />19 57); California legislation proposed to limit Y2K liability (R 19 59) <br /> <br />f Canned-goods rejected with Y2K expiration dates (R 19 47,48) <br /> <br />f Miniature Enthusiasts with Y2K expiration dates deleted from address DB (R 19 57) <br /> <br />f Canadian guaranteed investment certificates with Y2K maturity vanish from DB (R <br /> <br />19 58) <br /> <br />e Euro changeover makes Y2K bug look easy! (S 23 4:23, R 19 69) <br /> <br />fh Gore congratulates 71-year-old Senator on birth of twins (S 23 4:23, R 19 64) <br /> <br />$ffffe... As of March 1998, only 35% of Federal Agency computer systems checked <br /> <br />for Y2K compliance, 3,500 systems remain (R 19 64); IRS to spend $1B (R 19 68); <br /> <br />Effects on the aviation industry (R 19 64); Financial risks (R 19 69); Y2K in <br /> <br />Britain (R 19 64); Y2K in China (R 19 65); Australian simulated results of effects <br /> <br />on public health and public infrastructure (R 19 71) <br /> <br />f Testing bugs that result from trying to test Y2K compliance, particularly when <br /> <br />setting dates back to their correct value! (R 19 71) <br /> <br />f Report that only 1/3 of popular Microsoft apps are Y2K compliant (R 19 68) with <br /> <br />further clarifications (R 19 69-70) <br /> <br />f Leap years: MS Excel 6.0 Office 95 version and 7.0 Office 97 version believe 1900 <br /> <br />is a leap year (R 19 64) <br /> <br />Vf Summer time: in Britain (R 19 64), voicemail backup system fails (R 19 67); in <br /> <br />Germany, Deutsche Telekom adjusted clocks twice in Lübeck (R 19 65) <br /> <br />f Year 2100 problems (AMI BIOS, R 19 60), IBM PCs and Network Time Protocol <br /> <br />balk at 2100-Feb-29 (R 19 61,62); <br /> <br />? Fable of Y2K and 1979 Toyotas: shutdown if 00 in year field? (R 19 69,71); <br /> <br />Computer insists on cataloguing Chateau Margaux 1900 as Ch. Margaux 2000 (R <br /> <br />19 67); Y2K and tombstones (R 19 61); Eagle Talons alleged Y2K problem (R 19 <br /> <br />68) bogus (R 19 69) <br /> <br />- Need for contingency plans, not just questionable remediation (R 19 85,88-89) <br /> <br />fh$, etc. CIA worries about Y2K as an opportunity for hostile intent (R 19 84); Senate <br /> <br />considers need for martial law after Y2K breakdowns (R 19 78); Potential Y2K <br /> <br />railroad problems, with no more manual backups (R 19 84); Y2K risks to world <br /> <br />shipping (R 19 82); Senate Y2K committee suspects power grid could collapse (R <br /> <br />19 82); Wells Fargo study shows millions of small firms at risk (R 19 77); Y2K <br /> <br />insurance and financial risks (R 19 79); Swedish corporate insurance explicitly <br /> <br />excludes Y2K (R 19 78); Y2K problem in Swedish personal identification numbers <br /> <br />(R 19 74); Microsoft Y2K (non)compliance; Excel believes in 29 Feb 2000 and 29 <br /> <br />Feb 1900, for Lotus 1-2-3 compatibility (R 19 73); More on Y2K forced-upgrade <br /> <br />strategies (R 19 73); 102-yr old gets a birthday card for 2-yr olds (R 19 73) <br /> <br />f$ SIR-C processor Y2K problem in shuttle imaging (R 19 81) and its economic <br /> <br />implications (R 19 83) <br /> <br />- Y2K priorities delayed security upgrades at bombed U.S. embassies (R 19 93) <br /> <br />*$fd UK Railtrack (former BritishRail) has no safety-critical computer systems, <br /> <br />because of past underfunding! Y2K preparations simplified by delaying upgrades! <br /> <br />(R 19 90); UK Railtrack online timetable information has errors for holiday <br /> <br />weekend schedules Xmas 1999 and NewYear 2000 (R 20 67); Railtrack running a <br /> <br />year behind and £3 billion over budget in rebuilding London-Glasgow line, with <br /> <br />workers being sent to Army training for discipline! (R 20 84) <br /> <br />f Sloppy date handling in Perl scripts (R 19 88) <br /> <br />+ Wall Street test simulation gives good marks to 29 brokerage firms (R 19 89) <br /> <br />$ No UK Y2K insurance for household electrical items (R 19 89); Canadian insurance <br /> <br />not likely to pay off; also another 100+ year anomaly, from Rob Slade! (R 20 03) <br /> <br />+ Canadian RCMP blocks vacations to ensure Y2K emergency coverage (R 20 02); <br /> <br />Wisconsin National Guard mobilizing (R 20 03) <br /> <br />- White House calm, DoD nervous about Y2K (R 19 90) <br /> <br />f Win98 date problem detected (R 19 91); occurs in 5-second window when booting <br /> <br />around midnight (R 19 92) <br /> <br />Sf Internet Explorer 4.0 instructions on how to bypass firewalls! (R 20 01-02) <br /> <br />fe IE2 cannot read www.microsoft.com for upgrade (R 20 55) <br /> <br />f Y2K risk in Javascript cookies despite 4-digit standard (R 20 01) <br /> <br />Vf Consignment of corned beef with intended expiry 2001 rejected as too old: <br /> <br />appears as 1901 (R 19 92); cf. the leap-day Xtra supermarket meat problem, below! <br /> <br />(There’s more than meats the eye.) <br /> <br />$SPH Business Software Alliance finds 1400 unlicensed software copies in Los <br /> <br />Angeles Unified School District, valued at $5M? (R 19 92) <br /> <br />$ Clothing retailer sues for cost of non-Y2K-compliant 1991 system (R 19 94) <br /> <br />Vf$ Product Palace settles with Tec America over Y2K-noncompliant software: <br /> <br />entire system crashed on single 00 credit-card (R 19 96) <br /> <br />fe Saga of another Y2K bug, after being "fixed", a letter dated 3 Aug 2098 sent <br /> <br />mistakenly to half-million recipients (R 19 95) <br /> <br />+ Y2K problem resolved that had threatened the production of scotch whiskey (R 20 <br /> <br />03) <br /> <br />f New Vancouver Hospital pathology system default misses updates to patient files for <br /> <br />many months (R 20 23); CORRECTION (R 20 30) <br /> <br />- 400-year-old time machine (in Liverpool museum) to suffer from millennium bug: <br /> <br />time runs out at year 2000! (R 19 79,81) <br /> <br />+ Memo on Y to K conversion: Januark, Februark, ... (S 20 23:, R 20 21) <br /> <br />*$ Y2K-related panic may be more serious than Y2K computer problems (R 20 11) <br /> <br />fH DoD Special Weapons Agency falsely claimed successful Y2K tests on 3 or 5 <br /> <br />critical systems (R 20 10) <br /> <br />$(f?) Hospital spends $700K on new digital nuclear medicine machine because <br /> <br />vendor would not certify Y2K compliance of well functioning analog machine (R <br /> <br />20 10) <br /> <br />*f UK MoD admitted that Rapier anti-aircraft missile was not Y2K compliant (R 20 <br /> <br />13) <br /> <br />$f 1 Jan 1999: Y2K hits Singapore and Swedish taxi meters (R 20 15) <br /> <br />f Windows/Visual C++ daylight saving cutover one week early on 1 Apr 2001 (no <br /> <br />fooling!), affecting 95,98,NT (R 20 15-16) <br /> <br />ef Enator AdeEko Y2K update turns Malmo Sweden seriously disrupts city’s bill <br /> <br />paying (R 20 18) <br /> <br />+? China contemplating making all airline executives fly on Y2K boundary (R 20 17) <br /> <br />fm Store Baelt Bridge not Y2K-safe (R 20 22-23) <br /> <br />h 2,000 Texans get false overdraft notes from Bank One in Y2K test (R 20 13) <br /> <br />h Y2K "fix" test results in traffic offenses dated 2097 (R 20 21) <br /> <br />$h PSE&G Y2K test of billing program results in false billing (R 20 23) <br /> <br />- As of early 1999, GAO report says U.S. states lagging in Y2K readiness (R 20 20); <br /> <br />CIA predicts serious Y2K problems around the globe (R 20 23) <br /> <br />*h VPA’s Peach Bottom nuclear-power Y2K-check crashed monitoring systems (R 20 <br /> <br />24) <br /> <br />fh Boston bank’s Y2K problems blamed on IE5, but apparently not! (R 20 25) <br /> <br />+? Sri Lankan Banks to close on 31 Dec 1999 for Y2K tests (R 20 25) <br /> <br />SH Scam using Y2K bank problems as bait <br /> <br />eh Pilgrim nuclear plant Y2K readiness questioned by NucRegComm (R 20 40) <br /> <br />49 <br /> <br />+ Standards needed now for Y10K? (not April Foolery) (R 20 30) <br /> <br />f Nottingham weather images dated "FEB 28 2000, 2330" and "FEB 28 2000, 2400": <br /> <br />Y2K leap-testing? (R 20 42) <br /> <br />Vf Y2K test knocks out Fiji’s telecommunications (R 20 43) <br /> <br />f Downloading Y2K fixes to Internet Explorer leads to clock problem (R 20 42) <br /> <br />*f Y2K test sends sewage flowing in Los Angeles (R 20 46) <br /> <br />S Another Y2K scam (R 20 51) <br /> <br />Vfe* London Electricity Y2K upgrade left 2000 customers without power for days (R <br /> <br />20 54) <br /> <br />+P Canadian govt recommends encrypted e-mail (R 20 54) <br /> <br />? Y2K in China (R 20 55); Indonesia: wait to see what happens in New Zealand and <br /> <br />fix it quickly (R 20 58); Iraq decides to wait and see on Y2K oil disruption; <br /> <br />concerns that oil nations are not ready (R 20 62) <br /> <br />f$ Northwest Metrology stung by Y2K bug (R 20 56) <br /> <br />f? Unix needs 10th decimal digit for timestamp on 9 Sep 2001; risks of format <br /> <br />problems? (R 20 58) <br /> <br />f Unix billion-seconds hits medical archiving application fixed-length label (R 21 69) <br /> <br />f Bank switch to 4-digit years blows up on 1 Oct 1999, with 10/01/1999 truncated to <br /> <br />0/01/1999 (R 20 59) <br /> <br />SHf FBI warns some Y2K fixes may be suspect (R 20 61); general concerns over <br /> <br />Trojan horses in Y2K-remediated code <br /> <br />fe NT, SP5, SP6 Y2K problems (R 20 62) <br /> <br />f Maine year-2000 vehicles classified as "horseless carriages" from 1900 (R 20 63-65) <br /> <br />f Cornell University registration system welcomes students to the spring 1900 <br /> <br />semester (R 20 64) <br /> <br />$? Businesses could owe millions for Y2K sliding-window fix if 1998 patent holds <br /> <br />up, despite this being an old technique (used at least in the 1960s) (R 20 65) <br /> <br />$ Microsoft Y2K liability claim: "... Microsoft does not warrant or make any <br /> <br />representations regarding the use or the results of the use of any Microsoft Year <br /> <br />2000 statement in terms of its correctness, accuracy, reliability, or otherwise." (R <br /> <br />20 65) <br /> <br />$efh Irish telephone network upgrade failed, backup failed, caused domino <br /> <br />propagation in Dublin; independent cell-phone system failure; outage brings Y2K <br /> <br />fears of lack of disaster recovery (R 20 66-67) <br /> <br />efh $.5M fire-station fire blamed on Y2K computer fix; breaker disabled due to Y2K <br /> <br />incompatibility (R 20 66) <br /> <br />efh IEEE standard Y2K compliance attained by rendering software unusable (R 20 <br /> <br />67) <br /> <br />SH Flagrant antisocial behavior of Y2K virus competitions promotions (R 20 68) <br /> <br />SH Y2K-related viruses: Worm.Mypic (R 2067), W95.Babylonia and others (R 20 <br /> <br />69) <br /> <br />fm Y2K test takes out all power in German Department of Justice, 11 Dec 1999 (R 20 <br /> <br />69) <br /> <br />$H Y2K fears lead Philippine man to withdraw his life savings, then robbed of <br /> <br />everything (R 20 69) <br /> <br />fff Australian Y2K readiness news page clock sticks at 31 Dec 1999 23:56:15, then <br /> <br />15 Dec 1999 00:23; New Zealand airport Web site update time-stamped 1 Jan 100; <br /> <br />in Y2K test, Henderson NZ clock flashed "GAME OVER" at midnight; 20,000 UK <br /> <br />credit-card machines incapable of coping four days before Y2K, with settlement <br /> <br />date in 2000; Pentagon DefenseLINK Y2K info site accidentally disabled; Oakland <br /> <br />CA 911 system not Y2K compliant, prioritizes earliest calls (seemingly from <br /> <br />1900); glitch with NIST’s Automated Computer Time Service; Wells Fargo CD <br /> <br />renewal notices dated 1900; many digital certificates expire with Y2K because old <br /> <br />browsers could not accept 2000; date field called Shirley harder to detect; risks of <br /> <br />last-minute FAA HOCSR patch; more on risks of leap-second corrections at Y2K <br /> <br />(R 20 71) <br /> <br />..... Y2K and Similar Manifestations: on and after 1/1/00 <br /> <br />f,h,e Y2K dates: Numerous cases of 1 Jan 100, 1 Jan 19100, Jan 1 2100. An <br /> <br />Australian online media news gateway had 3 Jan 3900 on 2 Jan 2000, while <br /> <br />appple.com and happypuppy.com should get a prize for year 20100, which beat out <br /> <br />the U.S. Naval Observatory calendar with the year 19,000 and others with 19100. <br /> <br />Amazon announced a Sonic Youth CD would be available on 10 Oct 2011. <br /> <br />Startrekcontinuum.com noted the next Voyager episode would air on 1 Jan 1900. <br /> <br />*The New York Times* Website said 1 Jan 1900. Compaq sites said it was 2 Jan on <br /> <br />1 Jan. Several counts of time until Y2K went negative in funny ways. An old 486 <br /> <br />PC reset its clock to 4 Jan 1980. The atomic clock at UK’s NPL read 31 Dec 1999 <br /> <br />27:39 UTC at 2:39am GMT (off by an hour, at that). Various Web sites were <br /> <br />hacked. www.2600.com had a humorous spoof. Toronto abandoned its on-line bus <br /> <br />information service at midnight because it was not Y2K compliant. (R 20 72) <br /> <br />feh A Pentagon computer system processing satellite intelligence data lost its <br /> <br />capabilities at midnight GMT, for 2.5 hours, due to preventive human mistake (R <br /> <br />20 72); data from 5 satellites was reduced to a trickle for several days (R 20 75) <br /> <br />f Automated New Zealand radio station repeats 31 Dec 1999 11pm news hourly, due <br /> <br />to <br />􀀀 􀀀 > <br /> <br />; Nokia phone not Y2K compliant?; effects on mobile and phone nets; <br /> <br />more on cost of Y2K fixes vs. preventive measures; Filemaker Pro; Word Perfect <br /> <br />5.1 and medical transcription; lots more on bad arithmetic date programs, including <br /> <br />Javascript problem; X-10 controller; New York Times correcting 102-year-old issue <br /> <br />number glitch; nuclear-power glitches; Win95 Y2K bug?; California DMV snafu; <br /> <br />ftp date problems; Talking Clock; count-down to Y2K programs go negative (R 20 <br /> <br />73) <br /> <br />f Y2K: repeated billings result from uninstalled fix; Bills for 100 years back interest; <br /> <br />Sprint PCS network problems at Y2K; MKS Toolkit Y2K glitch: next backup 9 Jun <br /> <br />2005!; Barbara’s Cereal expires July 1900; driver’s license expires in year 1000!; <br /> <br />NTSB website has Y2K test data mixed in with real data; Bogus message in live <br /> <br />service for Quicken 2000; With stepped-up Y2K wariness, NAI WebShield blocks <br /> <br />RISKS issues (R 20 74) <br /> <br />f Newborn Y2K baby birth certificates dated 1900 (R 20 76); Satellite orbit predictor <br /> <br />software fails (R 20 76); Flight Sim 2000 Professional Edition (R 20 76); <br /> <br />abcnews.com continued copyright year of 1999 (R 20 78) <br /> <br />$f New Y2K Tulsa County Court computer system fails for weeks thereafter (R 20 <br /> <br />81) <br /> <br />$f Nevada man registered his car late, billed for $378,426.25, accrued interest since <br /> <br />1900 (R 20 84) <br /> <br />f Commentary on Lessons of Y2K by Toby Gottfried (S 25 3:18-19, R 20 77) <br /> <br />*fm Berlin Fire Department dispatching system Y2K problem (R 20 75) also a <br /> <br />Leap-Day problem; caused by faulty network cards (R 20 82) Y2K bug as well? (R <br /> <br />20 84); Yes, Y2K fix failed: date incompatibilities because of leading zeros (R 20 <br /> <br />93; S 26 1:19-20) <br /> <br />f Fax driver/app "Delrina WinFax Lite 3.0 Fax Administrator" can’t recognize years <br /> <br />00 to 09 as the send date; Starfish Sidekick98 Y2K bug; Kremlin press office <br /> <br />cannot send e-mail after Y2K (R 20 75) <br /> <br />f Yet another Y2K bug in Jun 2000! (R 20 91) <br /> <br />fh 54-week anomaly in American calendars every 18 years (R 21 19), but not in <br /> <br />Europe and elsewhere; ISO standard 8601 (R 21 19-21,23); <br /> <br />Vf Norwegian trains halted 31 Dec 2000 (R 21 18, S 25 2:11; also R 21 19,21) <br /> <br />Vf 7-Eleven unable to process credit cards since 1 Jan 2001 (R 21 18, S 26 2:11) <br /> <br />f Y2K+1 bug in Sharp Organizer? (R 21 18 S 25 2:11, also R 19,21,23,25) <br /> <br />f In 2001, Oregon’s Multnomah County residents summoned for jury duty in 1901 (R <br /> <br />21 20) <br /> <br />f Motorola flex page blew 2000 (R 21 09) <br /> <br />f Postscript Jan 2001 monthly calendar off by several days (R 21 19) <br /> <br />f Millennium clock has a millennium bug (R 21 20) <br /> <br />f Y2K-leapyear hangover: CDMA GTE wireless date 31 Jun 00 (R 20 92) <br /> <br />American Express bill date confusion beginning Jan 2001: Y2K aftermath (R 21 <br /> <br />24,25) <br /> <br />Merlin travel-agency system credited Jan 2001 reservations to Jan 2000 accounts, <br /> <br />affecting 200 agencies (R 21 25) <br /> <br />Extreme Ultraviolet Explorer (EUVE) satellite launched Jun 1992 lived until 31 Jan <br /> <br />2001; planning system failed on 1 Jan 2001 – because the legacy data <br /> <br />solar/lunar/planetary ephemeris file extended only to 31 Dec 2000 (R 21 21) <br /> <br />Failure to bill pet fees cost Toronto $700,000 in 2000; Y2K problem? (R 21 24) <br /> <br />f Y2K flaw blamed for Down’s Syndrome test errors; four positives went unnoted (S <br /> <br />27 1:10, R 21 67) <br /> <br />$fe Y2K malady lingers on in Brevard County, Florida: cities must repay county over <br /> <br />$1M in erroneous disbursements (S 27 3:8, R 22 04) <br /> <br />f 1 Jan 2003 Yorkshire Evening Press front page dated 1 Jan 2002: short-sighted <br /> <br />hard-coded JavaScript calendar date fails! (R 22 45,51) <br /> <br />f? Y2K bug at Macdonalds: July 1903 use-by date on birthday cake (R 22 70) <br /> <br />..... Leap-Year Problems: <br /> <br />f Clock problems – Leap Day, end of century, etc. (S 13 2) <br /> <br />f 1988 leap-year: Xtra supermarket fined $1000 for one-day overage on meat due to <br /> <br />program skipping 29 Feb <br /> <br />f 1992 leap-year problems: 29 Feb invalid but 1 Mar gets correct day; Prime’s <br /> <br />MAGSAV fails, probably because one-year expiration date 29 Feb 93 invalid; Imail <br /> <br />dies worldwide; UUPOLL on MS-DOS due to bug in Borland C++ 2.0; Windows <br /> <br />3.0 locks up on mktime call; glitches in watches; Iowa state liquor licenses expired <br /> <br />on 28-Feb, new ones started 1 Mar; leap day waivered. (S 17 2) <br /> <br />f Airport parking bill for $3771 at $11/day with time-in 30 Feb 92 (S 17 2) <br /> <br />$Vf 1992 leap-year-end clock bug blocks ATM machines on 1 Jan 1993 (S 18 2:11) <br /> <br />f Many more calendar, date, and time problems – particularly surrounding Leap-Day <br /> <br />1996 and 1/1/00; Arizona lottery downed, insurance policy problem, leap-year <br /> <br />algorithms, Excel 5.0, WIN95, and lots more; Persian gulf support problem; the <br /> <br />business of fixing the year 2000 problem The length of the tropical year at present <br /> <br />is about 365.24219 days. The present algorithm (not if divisible by 100 unless <br /> <br />divisible by 400) works out to 365.2425 days, with an error of three days every <br /> <br />10,000 years. Expect a closer approximation in another few thousand years. (S 21 <br /> <br />50 <br /> <br />4:15-16) <br /> <br />$Vf Leap-Year software bug at Tiwai Pt aluminum smelter halts potlines, costs <br /> <br />NZ$1M (S 22 4:29, R 18 74) <br /> <br />f <br />time_t offset from 1900 in C led to leap-year mistake on 2000 in Plan 9 (R 20 31) <br /> <br />f Leap-day 2000: Digital Casio wristwatch changed from 29 Feb to 30 Feb; Sony <br /> <br />SLV-940HF VCR (which picks up date/time via cable) showed Tue 29 Feb 2000 as <br /> <br />Monday 28 Feb; Washington Checkbook magazine sent out erroneous subscription <br /> <br />renewals to subscribers on 29 Feb 2000 (R 20 83); bank fails to post check on 29 <br /> <br />Feb 2000, even though it honored it (R 20 85) <br /> <br />f Another date error: Lotus/Visicalc compatibility: dates stored as days since 1 Jan <br /> <br />1900 off by one, because 1900 was assumed to be a leap-year! (RISKS-21.78) <br /> <br />..... Summer Time (and the livin’ is queasy): <br /> <br />@$fe GTE Sprint billing errors from botched daylight savings cutover (S 11 5) <br /> <br />@Vhf Daylight savings time changeover halts train for an hour (S 15 3) <br /> <br />f Hawaii not on daylight time; off-island program messes up rush-hour (S 17 3) <br /> <br />i Some UNIX systems missed daylight savings end (US/Pacific-New) (S 18 1:5) <br /> <br />f More daylight savings time problems (R 18 02-05) <br /> <br />fi Windows 95 daylight saving confusion in Sweden (R 18 50) <br /> <br />*f Summer-time cutovers splatter molten ingots, down police system (S 18 3:A4) <br /> <br />f Daylight-savings: falling back 1997 – VCRs, Interac ATMs, Win95 (R 19 43,44) <br /> <br />f New remote-synch radio clock blows daylight savings changeover (R 20 03) <br /> <br />f Another VCR Summer Time screwup (R 20 29) <br /> <br />!h Terrorist bombing botched due to daylight time difference between Israel and <br /> <br />Palestine (R 20 58) <br /> <br />f Two more daylight savings time problems (R 21 09) <br /> <br />h U.S. spring 2001 daylight savings cutover on April Fools’ Day (R 21 31,34) <br /> <br />f Deutsche Telekom spring 2001 daylight cutover messed up (previous week) (R 21 <br /> <br />34) <br /> <br />f "Reflection from WRQ" package at Fermilab blows third-party Windows NT <br /> <br />Kerberos authentication on Daylight Time cutover, 2 Apr 2000 (S 26 4:11, R 21 33) <br /> <br />fh Super-accurate atomic-clock display goofs, losing an hour each Sunday after DST <br /> <br />in April 2001; Y2K aftermath (R 21 55,57) <br /> <br />..... Other Calendar-Clock and Counter Problems: <br /> <br />???? TEASER: Akin to the Y2K problem, are we anticipating an IPv16 problem? <br /> <br />(There is one hex-character field for the IP version number.) <br /> <br />fe IPv6 addresses too big to fit in existing software; another Y2K-like <br /> <br />incompatibility? (R 22 81) <br /> <br />Vf GPS rolled over to 6 Jan 1980 at the end of 21 August 1999 [leaping back 1024 <br /> <br />weeks] (R 18 24); More on older GPS receivers with 10-bit week-counter rollover <br /> <br />on 21 Aug 1999 (R 19 73); Pioneer recalling GPS receivers (R 19 80) British Civil <br /> <br />Aviation notice on GPS receiver rollover on 22 August 1999 after 1024 weeks (R <br /> <br />20 07) GPS clock rollover affected Tokyo taxicabs (R 20 55), the yacht <br /> <br />Tam-o-Shanter (R 20 55), and some DoD weapons systems (R 20 62). Pioneer <br /> <br />adapted or replaced 210,000 of 270,000 GPS receivers (R 20 55); GPS Selective <br /> <br />Availability for degraded precision no longer in use, announced 1 May 2000 (R 20 <br /> <br />88) <br /> <br />f TruTime leaped forward 1024 weeks around 1 Jan 2002 (R 21 84) <br /> <br />i? What Time Is It? Atomic clocks, GPS, others differ (R 22 83) <br /> <br />$h Human input error on year causes $49-million error for NJ food stamps (S 24 <br /> <br />4:27, R 20 28) <br /> <br />Vf Swedish passport system and Swedish Giroguide both fail on "99" (R 20 14) <br /> <br />fh Y2K-like problems include stop-codes such as 9999 (9 Apr 1999 is the 99th day of <br /> <br />"99"), 99999999, etc. (R 20 14) <br /> <br />f$ 9/9/99 was mostly a non-event, although it resulted in a non-critical medical app <br /> <br />failure (R 20 55) and an accidental deposit of $160K (R 20 60) <br /> <br />hm Japanese MARS rail-ticket system crashed due to customers wanting tickets <br /> <br />bearing an 11/11/11 11:11 time stamp on 11 Nov 1999, year Heisei 11 of the <br /> <br />current emporer (R 20 65) <br /> <br />Vf Swiss hospital computers crash on 1/1/1999 (R 20 16) <br /> <br />f Quicken’99 divide-by-zero bug on Jan 1999 dates in Auto category (R 20 16) <br /> <br />f Clock-setting algorithm gets wrong time; other clock problems (S 11 2) <br /> <br />f Hidden horrible bug in Grapevine mail system lurks for 5 years (S 12 1) <br /> <br />*f 100-year-old’s age computed as 0, license renewed without test (S 15 2) <br /> <br />fi Kindergarten recruiting for born-in-’88 invites 104-year-old woman (S 18 3:A3) <br /> <br />fi Insurance co. requests first-year checkup for 101-year-old woman (R 16 32) <br /> <br />$f Auto insurance rate triples – man turns 101 (= 1 mod 100) (S 12 1) <br /> <br />f Born in 1899, 103-year-old man is told to bring parents for eye test; a Y1.9K <br /> <br />problem, not a Y2K problem (R 22 20) <br /> <br />f 106-year-old woman born in ’97 summoned to start school (R 22 58) <br /> <br />f Democratic bug in AppleLink in Chile, reserved word "General" (S 15 3) <br /> <br />f Apollo workstation date bug coming soon (S 22 4:30, R 18 78) <br /> <br />Vf Windows 95 will crash in 2038 (R 18 84) <br /> <br />f Microsoft Outlook e-mail Word problem (R 19 23) <br /> <br />f Thanksgiving misplaced in Microsoft Outlook 97: better check your calendar! (S 23 <br /> <br />3:24, R 19 46:47) <br /> <br />f Microsoft Outlook 98 reschedules Memorial Day 1999 (R 20 30) and 2 UK bank <br /> <br />holidays (R 20 32); not Y4.501K compatible (R 20 31) <br /> <br />fi Design flaw in MS Outlook/Word save procedure? (S 23 3:26, R 19 55) <br /> <br />f Outlook Express date parsing problem: 2099 by mistake, but displayed as 1919 (R <br /> <br />20 24) <br /> <br />fi Confusion of Microsoft Outlook shifting times with timezones (R 20 11-12); <br /> <br />Windows 95 changes date without confirmation (R 20 13) <br /> <br />e Melbourne hopital system upgrade took four years: system could not handle patient <br /> <br />numbers over six digits! (S 27 3:8, R 22 03) <br /> <br />V Multics crashes on Bernie Greenberg’s 45th birthday; Bernie never anticipated <br /> <br />Multics would still be running! (S 20 5:11) <br /> <br />ehi Dartmouth Time Sharing System: Beware the Ides of March, 1970s (S 21 2:16) <br /> <br />Vf Misdeclared variable type overflows <br />term program on 26 Oct 1993 (S 19 1:4) <br /> <br />Vf Microcode bug downs Tandem CLX clocks at 3pm 1-Nov-1992; detected in New <br /> <br />Zealand/FarEast, fix available before it could hit Europe, US (S 18 1:5) <br /> <br />Vf Every MTS shuts down: 2**15 days from 1 Mar 1900 to 16 Nov 1989 (S 15 1) <br /> <br />@*f 100 hospital computer systems die; 2**15 days after 1 Jan 1900 (S 14 6) <br /> <br />f National Semi chip flaw persisted, 1987-1990; skips a day (S 16 1) <br /> <br />Vf NOS/BE clock failed after 2 years when the system 1st was up 24 days! (S 16 2) <br /> <br />VSf Security bug hung Tandem systems worldwide 27Aug91, 4:22pm local (S 16 4) <br /> <br />f Errant ‘timed’ propagates effect, wrong date then skips 2.8 years (S 17 2) <br /> <br />f AT&T PC date problem in AT&T 6300; 5-year max lifetime assumed! (S 17 2) <br /> <br />Vf MOSS graphics systems crash on 15 Jul 1993 worldwide (S 18 4:3) <br /> <br />f Ball Aging Analysis SW clock bug prevents plotting of new data (S 19 2:2) <br /> <br />ehi A glitch in time shaves U.S. Naval Observatory (S 21 2:16, errata R 17 65) <br /> <br />hh Erroneous bank-clock coincidence puts wrong photo on Crimestoppers (S 21 2:16) <br /> <br />@M Clocks leap forward gradually. Power line interference! (S 16 2) <br /> <br />Vf Hospital computer crashes every midnight at midnight until 00:15 (R 19 25) <br /> <br />mfe AOL off line for two hours 29 Oct 1997 (R 19 44); AOL e-mail outage due to <br /> <br />software, 3 Nov 1997 (R 19 45); more AOL e-mail outages, 18 Nov 1997, Internet <br /> <br />outages 19 Nov (S 23 3:24, R 19 47,49) <br /> <br />Vf Windows 95, Windows 95 OEM Service Release, Windows 98 hang after 49.7 <br /> <br />days ( <br /> <br />􀀀 􀀀 <br />milliseconds, Vtdapi.vxd problem) (R 20 24) <br /> <br />f Overzealousness problem in Access on location-dependent date interpretation (R 20 <br /> <br />31-32) <br /> <br />f/m/h? Date failure on weather.com: 28 Apr not 16 Sep (R 20 58) <br /> <br />f Fox network misprograms time on US VCRs for a year (R 20 95) <br /> <br />German digital certificate expiration on 4/5/01: April or May? (R 21 34) <br /> <br />Northwest Airlines Web site departures: 12:40am departures sorted as 12:40pm (R 21 <br /> <br />35) <br /> <br />f Date screwup in Visual Basic (S 27 1:10, R 21 74,76) <br /> <br />f Outlook for Thanksgiving 2001: a week late in some versions (R 21 69) <br /> <br />i- Calendar reminder service suggests gifts on death anniversary (R 21 37); another <br /> <br />sends notification of cancellation of status as boyfriend (R 21 40) <br /> <br />hif Networker backup software mislabels tape dates (R 22 49); <br /> <br />hif Amazon offers new 2003 book showing release date of 31 Dec 1969 (R 22 49) <br /> <br />The Game of Chess: <br /> <br />SP Sealed chess move disclosed? Karpov-Kasparov authentication glitch (S 16 1) <br /> <br />mi Deep Blue, Deep Trouble: ACM Chess Challenge glitch (S 21 4:14) <br /> <br />hi Deep Blue in Deep Foo in first Kasparov match; chess board position A3 <br /> <br />fat-fingered and interpreted as command ‘3’, necessitating reboot and loss of 20 <br /> <br />minutes (transcript in R 18 78); <br /> <br />+-? Deep Blue beats Kasparov in second match (11 May 1997); long-term risks to the <br /> <br />sanity of chess masters and the future of mankind? <br /> <br />Miscellaneous Hardware/Software Problems <br /> <br />f "My Hairiest Bug War Stories" (Communications of the ACM, April 1997, pp. <br /> <br />30-37) on debugging, including a program that worked correctly only on <br /> <br />Wednesday, because the overwritten 9th byte was supposed to contain a ‘y’! (R 19 <br /> <br />09); more examples in (R 19 10,11) <br /> <br />h More computer-is-never wrong tales (R 19 07,08); mad-cow disease database <br /> <br />trusted more than reality (R 19 11) <br /> <br />P? Private Dead Sea Scrolls computer-reconstructed from concordance (S 16 4) <br /> <br />f IBM de Mexico pays Mexico City for failed database system (R 19 89) <br /> <br />$f Microsoft, IBM dispute faults in each other’s products (S 16 4) <br /> <br />fe Defects in Microsoft Word for Windows remained unfixed (S 17 4) <br /> <br />f Windows 3.11 data loss problem in vcache (R 17 80) <br /> <br />f Risk of 16-bit MIS-Access installed on WFW or Windows 3.1 (R 18 65) <br /> <br />51 <br /> <br />fe Risks of installing old SW on new systems in Microsoft Windows (S 20 3:10) <br /> <br />Vf Windows 95 late-night sales cause midnight cash-register crash (S 20 5:11) <br /> <br />f WinWord 6 "feature" and discussions of compatibility problems (R 18 70,71,72) <br /> <br />f(*) File-conversion errors between WordPerfect and Word: 1/4 becomes 3; two <br /> <br />problems involved, discovered at Hanford (R 20 35) <br /> <br />h Inconsistent reception of e-mailed MS Word documents causes problem (R 20 03) <br /> <br />Vm Microsoft TerraServer unavailability ("The world’s largest online database!") (S <br /> <br />23 3:26, R 19 84) <br /> <br />f Microsoft Web site denies access based upon Windows regional settings (R 20 03) <br /> <br />f Side-effects of installing Microsoft’s Media Player (R 20 03-04) <br /> <br />f C compiler vs editor compatibility: WYSI not always WYG; different definitions of <br /> <br />"newline" (20 39-40) <br /> <br />- Risks of PC changes without changed model numbers (R 18 70,71) <br /> <br />Vfi Quark XPress trims Unix <br />to , overwriting the file (R 20 13) <br /> <br />Seh Risks of upgrading a UNIX system without rebuilding privileged apps (R 20 39) <br /> <br />f Insidious SQL interpreter bug messes up files; don’t forget patches (R 20 03) <br /> <br />hi Discussion of <br /> <br />􀀀 <br /> <br />vs <br /> <br />􀀀 􀀀 <br /> <br />(R 20 18,21-22) <br /> <br />fi MapQuest Do-What-I-Think-You-Mean risk (R 20 37) <br /> <br />if Anomalies in Microsoft driving directions (R 20 62-63) <br /> <br />f AutoRoute Express 2000 Weekend Watchdog problems (R 20 39) <br /> <br />Sfi Extensive discussion on inconsistencies in context-sensitive wildcard <br /> <br />interpretation, special characters, and file-name conventions (R 17 73-79) <br /> <br />i Confusion in page layout commands (R 20 14-18) <br /> <br />fhi Risks in incorrect software warnings and alerts (R 20 13) <br /> <br />f McAfee’s PC Medic 97 Deluxe QuickBackup incompatibility (R 19 91) <br /> <br />h Smoothly running missing network server Univ. of North Carolina found 4 years <br /> <br />later – accidentally sealed behind a wall (R 21 35) <br /> <br />..... System and computation problems: <br /> <br />f Harvard Mark I register least-significant digits interchanged on input AND output, <br /> <br />no effect unless carry propagated; not caught for MANY years. <br /> <br />$fm Flaws reported in Intel 486 chip (COMPAQ found it) (S 15 1) <br /> <br />$f Three flaws in Advanced Micro Devices 29000 32-bit RISC chip discovered only <br /> <br />in revision D: problems in instruction burst mode, exception handling priority, <br /> <br />data-access exception. Workarounds were found. (S 15 1) <br /> <br />$f Pentium FDIV bug discussed in RISKS-16.57-69,81, summarized in SEN; flaw in <br /> <br />table, not algorithm (S 20 2:9) <br /> <br />$f Time-bomb ticks in noncompliant no-name Pentium motherboards (R 19 13); <br /> <br />further flaw detected in Pentium II and Pro – approximately 140,739,635,839,000 <br /> <br />floating-point numbers affected (R 19 14); (R 19 18) <br /> <br />m New Pentium flaw enables user-mode program to lock up the system (R 19 45); <br /> <br />preventive fixes in operating systems, software (R 19 46,47) <br /> <br />f New Pentium III chip recalled (R 21 04; S 26 1:21-22) <br /> <br />- Centaur IDT-C6 Pentium-compatible: "exacting proof of correctness" results from <br /> <br />tests on PC OSs because of their complexity! (R 19 25) <br /> <br />$hi TransAlta Excel spreadsheet clerical error causes $24-million loss (R 22 77, S 28 <br /> <br />6:8-9) <br /> <br />f$ Microsoft Excel linked-spreadsheet bug blows balances (S 20 2:8) <br /> <br />f New Microsoft Excel math bug (feature?): 1.40737488355328 = 0.64 (S 20 5:11) <br /> <br />and still more in (R 17 38,39,40); floating-point problems consequence of IEEE <br /> <br />standard (S 21 2:17) <br /> <br />Pfi Excel/Outlook risk of hidden information released (R 21 69-70) <br /> <br />f Excel deletes terminal zeros in phone number conversion with abc.defg format, also <br /> <br />IP 10.0.0.10 becomes 10.0.0.1 (R 21 74-75,77) <br /> <br />fhi Space character in number causes overzealous Excel miscalculation (error of <br /> <br />US$19,130) (R 20 30) <br /> <br />f Microsoft Excel 97 re-exhibits ghost of Pentium FDIV bug (R 19 04,05) <br /> <br />f Risks of Microsoft’s self-extracting files: no file integrity... (R 19 92) <br /> <br />f Side-effects of IE4 (R 20 03) <br /> <br />f IE5 under Windows 98 multiwindow cache consistency problem (R 20 28) <br /> <br />f/m Bill Gates demo of Windows 98 crashed at Comdex (R 19 70) <br /> <br />f Microsoft software blocks copy of file with name of "sensitive country", and <br /> <br />subsequent copies (R 20 19-20) <br /> <br />f Risks of Windows NT Blue Screen of Death requiring reboot (R 20 20-21) <br /> <br />fh Outlook 98 filters RISKS-20.32 as junk! (R 20 33) <br /> <br />f Microsoft Explorapedia Nature: earth rotates in wrong direction (R 20 87) <br /> <br />f Windows 95 error message pops up on Swedish bank ATM screen (R 20 19) <br /> <br />i Microsoft: "Q276304 - Error Message: Your Password Must Be at Least 18770 <br /> <br />Characters and Cannot Repeat Any of Your Previous 30689 Passwords" (R 21 37) <br /> <br />ifh California I-405 bitmapped billboard displays Windows error message (R 21 45); <br /> <br />cash machine displays MS-DOS prompt (R 21 46); CalTrans displays "NO DATA" <br /> <br />(R 21 46); http://www.daimyo.org/bsod/ gives some classic blue screens of death in <br /> <br />very conspicuous places (R 21 47); portable highway display shows "BATTERIES <br /> <br />NEED RECHARGING" (R 21 48,50); Ottawa bus-station TV monitors displayed <br /> <br />file-write error instead of time of next bus, for several days (R 21 40); The Drop <br /> <br />Zone carnival ride display at the top explaining the 100-meter free-fall drop showed <br /> <br />a Windows crash message (R 21 50) <br /> <br />rf Inmos T800 floating point used formal methods for analysis, but the specification <br /> <br />was wrong (according to Bill Kahan) (S 20 2:10) <br /> <br />f VAX 11-780 floating point and early-production GE 635 floating-point truncation <br /> <br />problem (noted by Jim Haynes) (S 20 2:10) <br /> <br />f 5 equivalent floating-point formulae give very different results (S 19 2:4) <br /> <br />f Intel chip flaw in Orion 82450 reduces I/O bus throughput (S 21 4:13,R 17 83) <br /> <br />M Moore’s Law hits a leak: current leakage from inactive processors (R 22 43) <br /> <br />f DEC Alpha bug: pow(1.234567, 7.654321) may not give 5.017... (R 19 24-26) <br /> <br />m Real ‘bug’ in Alpha VAX (S 21 4:14) <br /> <br />f Faster Mac reveals lurking flaw (R 19 38,40) <br /> <br />f 2-user login max due to HW floating-point flaw used by PW encrypt.(S 15 1) <br /> <br />f Bug in zipcode catalog adds an extra decimal digit to invoice (S 22 1:19) <br /> <br />fi When is -32768 not equal to -32767-1 ? (R 18 48-49, 55,57,58,60,61) <br /> <br />f Software math errors also discussed: BASIC on TI 99/4A (S 20 2:11) <br /> <br />f Accounting system claims quota exceeded at number approaching <br />􀀀 copies (R 20 <br /> <br />20) <br /> <br />f <br />ping program gives negative round-trip times; useful for time travel? (R 20 21) <br /> <br />f UK supermarket customers can double their accumulated points due to <br /> <br />synchronization flaw (R 19 82) <br /> <br />..... Other problems: <br /> <br />hi Harmful puns on input: "EDIT" (Everything Deleted Insert T), " <br />􀀀 <br /> <br />" <br /> <br />See Inside Risks, CACM, 33, 9 (Sept 1990), p. 202. <br /> <br />i Y=Yes, 9=No(nein auf deutsch) in control system operator interface (S 16 1) <br /> <br />hif Hartford jurors uncalled; letter "d" interpreted as "deceased" (S 18 1:7) <br /> <br />i Atari prompt is READY; editor cursor on prompt read as READ Y (S 17 3) <br /> <br />ifh System uses "$" to return to main menu; havoc results (S 17 3) <br /> <br />h Celsius-to-Fahrenheit conversion: 2.5C increase becomes 36.5F! (S 20 3:11) <br /> <br />f Standard deviation in Lotus 1-2-3 uses wrong number in computation (S 17 3) <br /> <br />f Microsoft and Lotus spreadsheet errors (base conversion, roundoff)(S 20 3:9); <br /> <br />similar Fred Brooks tale retold, on pipeline billing (S 20 3:9) <br /> <br />h Spreadsheet Research documents enormous operational error rates (R 19 24) <br /> <br />hi? New York Times computer typesetting problems (S 17 3) <br /> <br />m Single-bit errors in DQ-11 partition the network (S 14 1) <br /> <br />f Windows open and close for runaway mouse in Word 4.0 (S 13 4) <br /> <br />fm Toshiba DOS 3.3 Backup deletes files (S 14 5) <br /> <br />fi Printer-truncated pathname causes directory overwrite on retrieval (S 17 1) <br /> <br />f Domain name service meltdown due to cache corruption (R 18 38) <br /> <br />$mfh $150 printer hangs up $0.5M VAXcluster (S 17 4) <br /> <br />$f Tape unit caught on fire from repeated reading of tape section (S 5 1) <br /> <br />fm 63,000 Dell monitors too hot to handle: overheating, fires (S 19 4:11) <br /> <br />m(i) Stretching cat loads CDROM in Macintosh; interface misleading (S 15 2) <br /> <br />h Incidents on people’s willingness to trust computers (S 11 5) <br /> <br />f Program works fine in debug, fails in live execution (S 12 4) <br /> <br />fe Anaesthetist trainees fail exam because of computer roundoff (R 17 25) <br /> <br />f Pseudo-randomly generated bridge hands identical except for suits (S 14 1) <br /> <br />i German FORTRAN "unit" and "device" both translated to "Einheit" (auf deutsch) (S <br /> <br />17 1) <br /> <br />fi Discussion of handling of null variables in programs (R 19 58,59) <br /> <br />m Memory parity error corrupts nonwritable shell file (S 19 2:4) <br /> <br />h French card tricks: customs agent "samples" cards [old] (S 20 5:9) <br /> <br />h Program fails when blank card jams, is removed [old] (S 20 5:9) <br /> <br />f Bioinformatics programs considered badly software engineered (S 27 3:7, R 21 98) <br /> <br />i Risks of differing Unix variants of killall (S 27 3:7, R 22 05-07) <br /> <br />i Risks of the rise of PowerPoint: format dominates content (S 27 3:10, R 21 91) <br /> <br />*fh Cancelling errors, serendipity in avoiding risks, and Kepler: note by Henry Baker <br /> <br />(R 20 48,51) <br /> <br />? Risks of "self-destructing e-mail" from Disappearing Inc. (R 20 62) <br /> <br />S/f/m An early collection of risk-related anecdotes was presented at the ACM <br /> <br />Symposium on Operating Systems Principles, SOSP 7 (S 5 1:30-35), with <br /> <br />follow-on (S 7 1). The former collection includes the repeated dunning notices for <br /> <br />a debt of $0.00, responded to by writing a check for $0.00, which results in an <br /> <br />angry letter that the check had crashed the computer system. <br /> <br />Other Computer System Development Difficulties <br /> <br />$rdef... The Software Bloatware Debate (S 24 1:32, R 19 92-93); Extensive <br /> <br />discussion of bloatware, why it occurs, what its consequences are: less adaptability, <br /> <br />interoperability, ...; examples (R 20 35-38); revisited (R 20 91-92,98, R 21 08) <br /> <br />$rdf Difficulties in developing large systems: IRS TSM ($4 billion), FBI (fingerprint <br /> <br />system and NCIC upgrade), California (welfare database, BART, DMV) (S 22 <br /> <br />52 <br /> <br />4:25, R 18 81) <br /> <br />$df(SV* etc.) NIST study: Impact of inadequate software testing on U.S. economy, <br /> <br />estimated at $59.5 billion per year (S 27 5:6, R 22 11) <br /> <br />rd More on California’s software woes: welfare system problems (R 20 53) <br /> <br />@$drS IRS computer project a four-billion-dollar fiasco (S 21 4:12); IRS drops <br /> <br />Internet Cyberfile tax filing plan (S 22 1:19) <br /> <br />$df HUD fires contractor over program error costing $3.8 million (S 23 1:10, R 19 43) <br /> <br />$rf GAO report says Pentagon overpaid contractors by $millions because different <br /> <br />accounting systems could not interoperate (R 19 14) <br /> <br />$d Medicare computer project terminated (S 23 1:10, R 19 38) <br /> <br />$rd California child-support deadbeat dads/moms database flawed; project overrun <br /> <br />from $99M to $300M (S 22 4:25, R 19 12); Lockheed-Martin IMS Contract <br /> <br />CANCELLED (S 23 1:9, R 19 43); State of California and Lockheed Martin IMSC <br /> <br />suing each other over contract cancellation (R 19 82) <br /> <br />$df Virginia State child-support payments halted: software problems (S 12 3) <br /> <br />$drfh $4.5M Virginia child-support system scrapped; bad management (S 14 2) <br /> <br />$ef Software upgrade glitch snares the Social Security Administration; $478.5 million <br /> <br />in underpayments detected years later (S 20 2:8, R 16 67, 23 Dec 1994), <br /> <br />subsequently reported as $850 million, affecting almost 700,000 people (S 21 1:20, <br /> <br />R 18 51) <br /> <br />@$deh $35M San Mateo California health system upgrade is a downer; receivables <br /> <br />backlog over $40M; blame scattered (R 20 98) <br /> <br />$d King County Washington blew $38 million on canceled payroll system (R 21 01; S <br /> <br />26 1:19) <br /> <br />$de $3.2M NY City computerized death registration system design abandoned; new <br /> <br />design for $1.8M; development cost approaching $10M; Similar project in NJ <br /> <br />using Sybase completed in six months and $250,000 (R 22 79, S 28 6:10) <br /> <br />eh Northeastern University admits 25% too many students (600 extra) after DB <br /> <br />upgrade loses potential applicants (R 21 01; S 26 1:20) <br /> <br />$d Congress’ report Bugs in the System attacks waterfalls, procurement (S 15 1) <br /> <br />$d GAO report on effects of IS technology (S 15 1) <br /> <br />$d Congress repeals catastrophic insurance, SSA gets premiums anyway; too difficult <br /> <br />to make the software modifications (S 15 1) <br /> <br />$drfh Summary of several ‘runaway’ computer software projects – Allstate, <br /> <br />Richmond utilities, Business Men’s Assurance, Oklahoma WorkComp, Blue <br /> <br />Cross/Shield of Wisconsin (S 14 1) <br /> <br />@$drf California DMV system upgrade botched; $44.3M deadend (S 19 3:5) <br /> <br />@Vef NJ DMV computer system upgrade crashes on first live use (R 19 80) <br /> <br />@$dh BofA MasterNet development blows $23M; backup system gone (S 12 4) Two <br /> <br />BofA executives leave after DP problems costing $25M (S 13 1); $60M more spent <br /> <br />in botched attempt to fix it (S 13 2) <br /> <br />$fe $34M fails to fix Washington DC payroll computers (R 22 30) <br /> <br />$df Los Angeles hospital billing system bugs; delays cost up to $16M (S 19 2:3) <br /> <br />$rd Greyhound computer reservation system development problems (S 20 1:18) <br /> <br />$f System to prevent gov’t bond auction bid-rigging ‘deeply flawed’ (S 18 3:A5) <br /> <br />$df Software failures in Britain estimated at $900M per year (S 13 4) <br /> <br />$rd Comvor: Hamburg police computer system development problems (blamed on <br /> <br />"complexity") (S 23 4:22; R 19 68) <br /> <br />$dfh $5.4M Canadian computerized taxi system won’t work (S 14 2) <br /> <br />$rd Ontario toll-road system six months late at twice the cost (R 19 24) <br /> <br />$dfm $800,000 computerized cab service system fouls up (S 15 2) <br /> <br />$dfh $15M strip-mining violation computer system deficient (S 14 2) <br /> <br />rdf New Notre Dame de Paris organ software development disaster (S 20 3:10) <br /> <br />- Douglas Adam’s ‘Mostly Harmless’ quoted on repairability (S 18 2:5) <br /> <br />@$def $18M new system hinders collection of $10M in L.A. taxes (S 16 2) <br /> <br />@$df New French reactor’s distributed computer system abandoned (S 16 2) <br /> <br />@$dhff Salvage Association awarded £662,926 from CAP Financial Services after <br /> <br />badly botched accounting system was scrapped (S 18 1:8) <br /> <br />@$hd DoD criticized for software development problems (S 13 1) <br /> <br />@$d ADATS tank-based anti-copter missile system development problems, $5B <br /> <br />overrun, unreliability (S 16 1); others: C-17, London Ambulance, <br /> <br />$dr Discussion by Lauren Weinstein on technology deterioration resulting from <br /> <br />cutting corners during system development (R 17 94,96) <br /> <br />$d New £300 million UK air-traffic control system confronts complexity (S 22 1:18) <br /> <br />$d Software problems with NATS new-generation air-traffic control center (R 19 <br /> <br />18,23) <br /> <br />$de New Zealand’s INCIS Crime Information System (S 25 3:17, R 20 83) <br /> <br />Achieving Better System Development and <br /> <br />Operation <br /> <br />+ Numerous articles on software development, specification, formal verification, <br /> <br />safety, reliability, security, etc. (S 1 1 to the present) <br /> <br />+ Barclays Bank success story in cutover to client-server system (S 20 1:18) <br /> <br />+ Collected Papers by David L. Parnas, book edited by Daniel M. Hoffman and <br /> <br />David M. Weiss, with foreword by Jon Bentley: commentary (R 21 42,43) by Jim <br /> <br />Horning. Very useful book on good software engineering. <br /> <br />+ Software Engineering, Dijkstra, and Hippocrates (R 21 42,44) <br /> <br />+ Discussion on the need to certify computer professionals (S 16 1) <br /> <br />+ More on Proper British Programs – the MoD standard (S 14 1) <br /> <br />+ Updated UK Interim Defence Standards 00-55/56 on software safety (S 16 3); <br /> <br />Comments on Revised 00-55/56 by Stavridou and Ravn (S 16 4); Progress on <br /> <br />adopting DefStan 00-55 (S 17 1) <br /> <br />@*$ EC Machine Safety Directive enables suits over unsafe HW/SW (S 18 1:26) <br /> <br />+ Australian Software Quality Management Standard AS 3563-91 (S 17 1) <br /> <br />- Risk Management: Books by Brian Wynne, Lorraine Daston noted (S 18 2:8) <br /> <br />+ IEC TC4 WG3 International Standard on industrial machines safety (S 16 3) <br /> <br />+ NewSpeak, a safer programming language (S 13 2) <br /> <br />+/-?? Programming competency and the use of FORTH (R 20 49-53, R 22 14-15) <br /> <br />+ Spark, an attempt at a "safe" Ada subset (S 14 1) <br /> <br />+ Viper and formal methods used in Australian railroad switching (S 14 5) <br /> <br />+ Benefits of computer technology, particularly safety, discussed (S 14 6) <br /> <br />+ DoD Software Master Plan [preliminary draft released [9Feb1990] (S 15 2) <br /> <br />+ Flogging as an ancient method for assuring software quality? (S 16 3) <br /> <br />+ Scents increase productivity of Russian computer operators! (S 17 2) <br /> <br />+ Scents [androstenone] give 14% increase in bill-payment rate (S 18 2:5) <br /> <br />The Proper Role of Technology? <br /> <br />+- Winter 1991 issue of Whole Earth Review questions technology; articles by <br /> <br />Jerry Mander, Howard Levine, Langdon Winner, Patricia Glass Schuman, Linda <br /> <br />Garcia, Gary T. Marx, Ivan Illich, Amory and Hunter Lovins (S 17 2) <br /> <br />+- Fujitsu probing brain-wave detecting interface; risks suggested (S 18 3:A10) <br /> <br />fh Discussion of expectations of technology: Chase Manhattan Bank fire, 911 cell <br /> <br />phone identification (S 23 5:25, R 19 83) <br /> <br />Reference Materials <br /> <br />If you are interested in further details, pursue the back issues of SEN, the on-line <br /> <br />RISKS archives, and Neumann’s Computer-Related Risks, Addison-Wesley, 1995 <br /> <br />(ISBN 0-201-55805-X) and ACM Press (ACM Order 704943). <br /> <br />Books <br /> <br />The following books may also be of interest. <br /> <br />􀀀 <br />Frederick P. Brooks, Jr., The Mythical Man-Month (2nd edition) Addison-Wesley, <br /> <br />1995. <br /> <br />􀀀 <br />David Burnham, The Rise of the Computer State, Random House, New York, 1982. <br /> <br />􀀀 <br />Steven M. Casey, Set Phasers on Stun, and Other True Tales of Design Technology <br /> <br />and Human Error, <br />Aegean, 1993. <br /> <br />􀀀 <br />Robert N. Charette, Software Engineering Risk Analysis and Management, <br /> <br />McGraw-Hill, New York, 1989. <br /> <br />􀀀 <br />Robert N. Charette, Application Strategies for Risk Analysis, McGraw-Hill, New <br /> <br />York, 1990. <br /> <br />􀀀 <br />Robert N. Charette, Frances Scarff, and Andy Carty, Introduction to the <br /> <br />Management of Risk <br />, HMSO (Her Majesty’s Stationary Office), 1993 (ISBN 0 11 <br /> <br />330648 2). <br /> <br />􀀀 <br />David Clark et al., Computers at Risk: Safe Computing in the Information Age, <br /> <br />National Research Council report of the System Security Study Committee, <br /> <br />National Academy Press, December 1990. <br /> <br />􀀀 <br />Ken Dam et al., Cryptography’s Role In Securing the Information Society (a.k.a. <br /> <br />the CRISIS report) <br />, National Research Council report of the Committee to Study <br /> <br />National Cryptography Policy, National Academy Press, 1996. Executive summary <br /> <br />is available at http://www2.nas.edu/cstbweb . <br /> <br />􀀀 <br />Mark Dery, Escape Velocity: Cyberculture at the End of the Century, Grove Press, <br /> <br />1996. <br /> <br />􀀀 <br />Dietrich Dörner, The Logic of Failure: Why Things Go Wrong and What We Can <br /> <br />Do to Make Them Right, <br />Metropolitan Books (Henry Holt), New York, 1996. <br /> <br />􀀀 <br />John H. Fielder and Douglas Birsch, The DC-10 Case: A Case Study in Applied <br /> <br />Ethics, Technology, and Society, <br />State University of New York Press, 1992. <br /> <br />􀀀 <br />John Gall, Systemantics : the underground text of systems lore : how systems really <br /> <br />work and especially how they fail <br />, General Systemantics Press, 3200 W. Liberty, <br /> <br />Ann Arbor 48103, 1986. (The first edition was printed by Pocket Books in 1975 <br /> <br />and Quadrangle/NYTimesBookCo in 1977.) <br /> <br />53 <br /> <br />􀀀 <br />Robert Glass, Software Creativity, Prentice-Hall, Englewood Cliffs, New Jersey, <br /> <br />1995. <br /> <br />􀀀 <br />Karla Jennings, The Devouring Fungus, Tales of the Computer Age, Norton, 1990. <br /> <br />􀀀 <br />Deborah G. Johnson and Helen Nissenbaum, Computer Ethics and Social Values, <br /> <br />Prentice Hall, Englewood Cliffs, New Jersey, 1995. <br /> <br />􀀀 <br />Rob Kling, Computerization and Controversy: Value Conflicts and Social Choices <br /> <br />(2nd Edition), Academic Press, San Diego, February 1996. <br /> <br />􀀀 <br />Nancy G. Leveson, Safeware: System Safety and Computers, Addison-Wesley, <br /> <br />Reading, Massachusetts, 1995. <br /> <br />􀀀 <br />Jerry Mander, In the Absence of the Sacred: The Failure of Technology & the <br /> <br />Survival of the Indian Nations, <br />Sierra Club Books, 1991. <br /> <br />􀀀 <br />Steven E. Miller, Civilizing Cyberspace: Policy, Power and the Information <br /> <br />Superhighway, <br />Addison-Wesley Publishing Co. and ACM Press, 1996. <br /> <br />􀀀 <br />Charles Perrow, Normal Accidents, Basic Books, NY, 1984. <br /> <br />􀀀 <br />Ivars Peterson, Fatal Defect: Chasing Killer Computer Bugs, Times Books <br /> <br />(Random House), New York, 1995. <br /> <br />􀀀 <br />Henry Petroski, To Engineer is Human: The Role of Failure in Successful Design, <br /> <br />St, Martin’s Press, 1985. <br /> <br />􀀀 <br />Henry Petroski, Design Paradigms: Case Histories of Error and Judgment in <br /> <br />Engineering, <br />Cambridge University Press, 1994. <br /> <br />􀀀 <br />Scott D. Sagan, The Limits of Safety: Organizations, Accidents, and Nuclear <br /> <br />Accidents, <br />Princeton University Press, 1993. <br /> <br />􀀀 <br />Joan Stigliani, The Computer User’s Survival Guide, O’Reilly & Associates, Inc., <br /> <br />1995. <br /> <br />􀀀 <br />Lauren Wiener, Digital Woes: Why We Should Not Depend on Software, Addison <br /> <br />Wesley, 1993 <br /> <br />Also, check out Phil Agre’s Web site (http://communication.ucsd.edu/pagre/) for a <br /> <br />bibliography of recent books on social responsibility, many of which are relevant <br /> <br />here. <br /> <br />Computer-Related Risks <br />draws heavily on the listed cases. It also incorporates some <br /> <br />material from COMPASS and CACM Inside Risks sources, noted below. "The <br /> <br />Computer-Related Risk of the Year" (abbreviated here as CRRotY) series of papers <br /> <br />by PGN, in the Proceedings of the COMPASS (Computer Assurance) Conference, <br /> <br />held each June, at NIST in Gaithersburg MD: <br /> <br />1987: The N Best (or Worst) Computer-Related Risk Cases. <br /> <br />IEEE 87TH0196-6, pp.xi-xiii. <br /> <br />1988: CRRotY: Computer Abuse. IEEE 88CH2628-6, pp.8-12. <br /> <br />1989: CRRotY: Misplaced Trust in Computer Systems. IEEE, pp.9-13. <br /> <br />1990: CRRotY: Distributed Control. IEEE 90CH2830, pp.173-177. <br /> <br />1991: CRRotY: Weak Links and Correlated Events. IEEE 91CH3033-8, pp.5-8. <br /> <br />1993: Keynote, 16 Jun 1993, Myths of Dependable Computing: Shooting the Straw <br /> <br />Herrings in Midstream, IEEE 93CH3291-2, pp.1-4. <br /> <br />1995: Banquet speech on risks in critical systems, 29 June 1995 [no paper] <br /> <br />Inside Risks <br /> <br />See also the "INSIDE RISKS" monthly columns inside the back cover of the <br /> <br />Communications of the ACM, <br />since July 1990, written by PGN except for guest <br /> <br />columns as indicated. Recent columns are on-line: <br /> <br />http://www.csl.sri.com/neumann/insiderisks.html <br /> <br />.....Inside Risks, CACM VOLUME 33, numbers 7 through 12, respectively – <br /> <br />Jul 1990: Some Reflections on a Telephone Switching Problem <br /> <br />Aug 1990: Insecurity About Security? <br /> <br />Sep 1990: A Few Old Coincidences <br /> <br />Oct 1990: Ghosts, Mysteries, and Risks of Uncertainty <br /> <br />Nov 1990: Risks in computerized elections <br /> <br />Dec 1990: Computerized medical devices, Jon Jacky <br /> <br />.....Inside Risks, CACM VOLUME 34, numbers 1 through 12, respectively – <br /> <br />Jan 1991: The Clock Grows at Midnight <br /> <br />Feb 1991: Certifying Programmers and Programs <br /> <br />Mar 1991: Putting on Your Best Interface <br /> <br />Apr 1991: Interpreting (Mis)information <br /> <br />May 1991: Expecting the Unexpected Mayday! <br /> <br />Jun 1991: The Risks With Risk Analysis, Robert N. Charette <br /> <br />Jul 1991: Computers, Ethics, and Values <br /> <br />Aug 1991: Mixed Signals About Social Responsibility, Ronni Rosenberg <br /> <br />Sep 1991: The Not-So-Accidental Holist (on critical systems) <br /> <br />Oct 1991: A National Debate on Encryption Exportability, Clark Weissman <br /> <br />Nov 1991: The Human Element <br /> <br />Dec 1991: Collaborative Efforts <br /> <br />.....Inside Risks, CACM VOLUME 35 number 1 through 12, respectively – <br /> <br />Jan 1992: What’s in a Name? <br /> <br />Feb 1992: Political Activity and International Computer Networks, Sy Goodman <br /> <br />Mar 1992: Inside "Risks of RISKS" <br /> <br />Apr 1992: Privacy Protection, Marc Rotenberg <br /> <br />May 1992: System Survivability <br /> <br />Jun 1992: Leaps and Bounds (on leap-year problems, distributed systems) <br /> <br />Jul 1992: Aggravation by Computer: Life, Death, and Taxes <br /> <br />Aug 1992: Fraud by Computer <br /> <br />Sep 1992: Accidental Financial Losses <br /> <br />Oct 1992: Where to Place Trust <br /> <br />Nov 1992: Voting-Machine Risks, Rebecca Mercuri <br /> <br />Dec 1992: Avoiding Weak Links <br /> <br />.....Inside Risks, CACM VOLUME 36 number 1 through 12, respectively – <br /> <br />Jan 1993: Risks Considered Global(ly) <br /> <br />Feb 1993: Is Dependability Attainable? <br /> <br />Mar 1993: Risks of Technology <br /> <br />Apr 1993: Using Names as Identifiers, Donald A. Norman <br /> <br />May 1993: The Role of Software Engineering <br /> <br />Jun 1993: Modeling and Simulation <br /> <br />Jul 1993: Risks on the Rails <br /> <br />Aug 1993: Risks of Surveillance <br /> <br />Sep 1993: Animal Crackers <br /> <br />Oct 1993: System Development Woes <br /> <br />Nov 1993: Corrupted Polling, Rebecca Mercuri <br /> <br />Dec 1993: A World Lit by Flame, Peter Denning <br /> <br />.....Inside Risks, CACM VOLUME 37 number 1 through 12, respectively – <br /> <br />Jan 1994: Risks in Aviation, Part One, Robert Dorsett <br /> <br />Feb 1994: Risks in Aviation, Part Two, Robert Dorsett <br /> <br />Mar 1994: Technology, Laws, and Society <br /> <br />Apr 1994: Risks of Passwords <br /> <br />May 1994: Alternative Passwords <br /> <br />Jun 1994: Risks on the Information Superhighway <br /> <br />Jul 1994: Questions About the NII, Barbara Simons <br /> <br />Aug 1994. Friendly Fire <br /> <br />Sep 1994. Expectations of Security and Privacy <br /> <br />Oct 1994. The Verdict on Plaintext Signatures: They’re Legal, Benjamin Wright <br /> <br />Nov 1994. Dehumanizing the Workplace, Herb Grosch <br /> <br />Dec 1994. Inside "Inside Risks" <br /> <br />.....Inside Risks, CACM VOLUME 38 number 1 through 12, respectively – <br /> <br />Jan 1995. The Information Superhighway: For the People, Ben Schneiderman <br /> <br />Feb 1995. Computers as Substitute Soldiers, Chris Demchak and Sy Goodman <br /> <br />Mar 1995. Reassessing the Crypto Debate <br /> <br />Apr 1995. Information Superhighway 2015, Peter J. Denning <br /> <br />May 1995. How to Create a Successful Failure, Robert N. Charette <br /> <br />Jun 1995. Computer Vulnerabilities: Exploitation or Avoidance <br /> <br />Jul 1995. My Top Ten E-Mail Hassles, Phil Agre <br /> <br />Aug 1995. Research on the Internet, Joel M. Snyder <br /> <br />Sep 1995. Risks of Easy Answers <br /> <br />Oct 1995. Risks of Social Security Numbers, Simson Garfinkel <br /> <br />Nov 1995. Safety as a System Property, Nancy Leveson <br /> <br />Dec 1995. Reviewing the Risks Archives <br /> <br />.....Inside Risks, CACM VOLUME 39 number 1 through 12, respectively – <br /> <br />Jan 1996. Risks in Digital Commerce <br /> <br />Feb 1996. W(h)ither Research and Education? PGN and Peter J. Denning <br /> <br />Mar 1996. Taking Responsibility for Our Risks, Robert Charette <br /> <br />Apr 1996. A Risks-Related Bookshelf <br /> <br />May 1996. Linguistic Risks <br /> <br />Jun 1996. Securing the Information Infrastructure, Teresa F. Lunt <br /> <br />Jul 1996. Using Formal Methods to Reduce Risks <br /> <br />Aug 1996. Cryptography’s Role In Securing the Information Society, Herbert Lin <br /> <br />Sep 1996. Behind the State of the Art, Lauren Weinstein <br /> <br />Oct 1996. Disinformation Theory <br /> <br />Nov 1996. Distributed Systems Have Distributed Risks <br /> <br />Dec 1996. Risks of Anonymity <br /> <br />.....Inside Risks, CACM VOLUME 40 number 1 through 12, respectively – <br /> <br />Jan 1997. Cryptography, Security, and the Future, Bruce Schneier <br /> <br />Feb 1997. Hopes for Fewer Risks? <br /> <br />Mar 1997. Some Observations on RISKS and Risks, Richard I. Cook <br /> <br />Apr 1997. Webware Security, Edward Felten <br /> <br />May 1997. The Big Picture <br /> <br />Jun 1997. Spam, Spam, Spam! PGN and Lauren Weinstein <br /> <br />Jul 1997. Identity-Related Risks <br /> <br />Aug 1997. Crypto Key Management <br /> <br />Sep 1997. Software Engineering: An Unconsummated Marriage, David Lorge <br /> <br />Parnas, P.Eng. <br /> <br />54 <br /> <br />Oct 1997. Integrity in Software Development <br /> <br />Nov 1997. Risks of Technological Remedy, Peter Ladkin <br /> <br />Dec 1997. More System Development Woes <br /> <br />.....Inside Risks, CACM VOLUME 41 number 1 through 12, respectively – <br /> <br />Jan 1998. Protecting the Infrastructures <br /> <br />Feb 1998. Internet Gambling <br /> <br />Mar 1998. Are Computers Addictive? <br /> <br />Apr 1998. On Concurrent Programming, Fred B. Schneider <br /> <br />May 1998. In Search of Academic Integrity, Rebecca Mercuri <br /> <br />Jun 1998. Infrastructure Risk Reduction, Harold Lawson <br /> <br />Jul 1998. Laptops in Congress? <br /> <br />Aug 1998. Computer Science and Software Engineering: Filing for Divorce?, Peter J. <br /> <br />Denning <br /> <br />Sep 1998. Y2K Update <br /> <br />Oct 1998. On-Line Education <br /> <br />Nov 1998. Toward Trustworthy Networked Information Systems, Fred B. Schneider <br /> <br />Dec 1998. The Risks of Hubris, Peter B. Ladkin <br /> <br />.....Inside Risks, CACM VOLUME 42 number 1 through 12, respectively – <br /> <br />Jan 1999. Our Evolving Public Telephone Networks, Fred Schneider and Steven M. <br /> <br />Bellovin <br /> <br />Feb 1999. Robust Open-Source Software <br /> <br />Mar 1999. Bit-Rot Roulette, Lauren Weinstein <br /> <br />Apr 1999. A Matter of Bandwidth, Lauren Weinstein <br /> <br />May 1999. Ten Myths about Y2K Inspections, David L. Parnas <br /> <br />Jun 1999. Risks of Y2K, PGN and Declan McCullagh <br /> <br />Jul 1999. Information is a Double-Edged Sword <br /> <br />Aug 1999. Biometrics: Uses and Abuses, Bruce Schneier <br /> <br />Sep 1999. The Trojan Horse Race, Bruce Schneier <br /> <br />Oct 1999. Risks of Relying on Cryptography, Bruce Schneier <br /> <br />Nov 1999. Risks of Content Filtering, PGN and Lauren Weinstein <br /> <br />Dec 1999. Risks of Insiders <br /> <br />.....Inside Risks, CACM VOLUME 43 number 1 through 12, respectively – <br /> <br />Jan 2000. Risks of PKI: Secure E-Mail, Carl Ellison and Bruce Schneier <br /> <br />Feb 2000. Risks of PKI: Electronic Commerce, Carl Ellison and Bruce Schneier <br /> <br />Mar 2000. A Tale of Two Thousands <br /> <br />Apr 2000. Denials of Service <br /> <br />May 2000. Internet Risks, Lauren Weinstein and PGN <br /> <br />Jun 2000. Internet Voting, Lauren Weinstein <br /> <br />Jul 2000. Risks in Retrospect <br /> <br />Aug 2000. Shrink-Wrapping Our Rights, Barbara Simons <br /> <br />Sep 2000. Missile Defense <br /> <br />Oct 2000. Tapping on My Network Door, Matt Blaze and Steven M. Bellovin <br /> <br />Nov 2000. Voting Automation (Early and Often?), Rebecca Mercuri <br /> <br />Dec 2000. Semantic Network Attacks, Bruce Schneier <br /> <br />.....Inside Risks, CACM VOLUME 44 number 1 through 12, respectively – <br /> <br />Jan 2001. System Integrity Revisited, Rebecca T. Mercuri and PGN <br /> <br />Feb 2001. What to Know About Risks <br /> <br />Mar 2001. Computers: Boon or Bane?, David L. Parnas and PGN <br /> <br />Apr 2001. Cyber Underwriters Lab?, Bruce Schneier <br /> <br />May 2001. Be Seeing You!, Lauren Weinstein <br /> <br />Jun 2001. PKI: A Question of Trust and Value, Richard Forno and William <br /> <br />Feinbloom <br /> <br />Jul 2001. Learning from Experience, Jim Horning <br /> <br />Aug 2001. Risks in E-mail Security, Albert Levi and Çetin Kaya Koç <br /> <br />Sep 2001. Web Cookies: Not Just a Privacy Risk, Emil Sit and Kevin Fu <br /> <br />Oct 2001. The Perils of Port 80, Stephan Somogyi and Bruce Schneier <br /> <br />Nov 2001. Risks of Panic, Lauren Weinstein and PGN <br /> <br />Dec 2001. Risks of National Identity Cards, PGN and Lauren Weinstein <br /> <br />.....Inside Risks, CACM VOLUME 45 number 1 through 12, respectively – <br /> <br />Jan 2002. Uncommon Criteria, Rebecca Mercuri <br /> <br />Feb 2002. The Homograph Attack, Evgeniy Gabrilovich and Alex Gontmakher <br /> <br />Mar 2002. Risks of Linear Thinking, Peter Denning and James Horning <br /> <br />Apr 2002. Digital Evidence, David WJ Stringer-Calvert <br /> <br />May 2002. Risks of Inaction, Lauren Weinstein <br /> <br />Jun 2002. Free Speech Online and Offline, Ross Anderson <br /> <br />Jul 2002. Risks: Beyond the Computer Industry, Don Norman <br /> <br />Aug 2002. Risks in Features vs. Assurance, Tolga Acar and John R. Michener <br /> <br />Sep 2002. Risks of Digital Rights Management, Mark Stamp <br /> <br />Oct 2002. Secure Systems Conundrum, Fred B. Schneider <br /> <br />Nov 2002. Florida 202002: Sluggish Systems, Vanishing Votes, Rebecca Mercuri <br /> <br />Dec 2002. Why Security Standards Sometimes Fail, Avishai Wool <br /> <br />.....Inside Risks, CACM VOLUME 46 number 1 through 12, respectively – <br /> <br />Jan 2003. The Mindset of Dependability, Michael Lesk <br /> <br />Feb 2003. Gambling on System Accountability, PGN <br /> <br />Mar 2003. Risks of Total Surveillance, Barbara Simons and Eugene H. Spafford <br /> <br />Apr 2003. On Sapphire and Type-Safe Languages, Andrew Wright <br /> <br />May 2003. Risks of Misinformation, PGN <br /> <br />Jun 2003. Reflections on Trusting Trust Revisited, Diomidis Spinellis <br /> <br />Jul 2003. How Secure Is Secure Web Browsing?, Albert Levi <br /> <br />Aug 2003. Spam Wars, Lauren Weinstein <br /> <br />Sep 2003. Risks in Trusting Untrustworthiness, PGN <br /> <br />Oct 2003. Information System Security Redux, PGN <br /> <br />Nov 2003. Security by Insecurity, Rebecca Mercuri and PGN <br /> <br />See http://www.csl.sri.com/neumann/insiderisks.html for many recent columns. <br /> <br />Unfortunate motto for the ages: If it is not now on the Web, it does not exist; what’s <br /> <br />more, it never existed. (Too bad. A lot of good old stuff gets lost.) At least this file <br /> <br />is on-line! <br /> <br />55 <br /> <br />microprocessor <br />BoxcarJohnny Bernays <elijahradioprophet@yahoo.com> wrote: <br /> <br /> <H1><B><I> <br /> <CENTER>RAP LYRICS AND <br /> VIOLENCE</CENTER></I></B></H1><B>. <BR>Below are <br /> a few samples of racist rap lyrics and their <br /> producers. These are MTV sponsored bands. Go to <br /> any grocery store and look for Vibe, Source, XXL <br /> or any other hip-hop magazine and you will find <br /> these performers. <BR>Mixed in with the rap <br /> lyrics you will find a handful of the racially <br /> motivated crimes committed against White people <br /> every day.<BR>So, does racist music cause <br /> violence? Keep reading and judge for yourself. <br /> <P></B> <br /> <HR> <br /> <br /> <HR> <br /> Kill the white people; we gonna make them hurt; <br /> kill the white people; but buy my record first; <br /> ha, ha, ha"; <BR>"Kill d'White People"; --Apache, <br /> Apache Ain't Shit, 1993, Tommy Boy Music, Time <br /> Warner, USA. <br /> <HR> <br /> <B>Denver, CO</B>- A white female teenager, <br /> Brandy DuvaI, is raped, sodomized, tortured with <br /> a broomstick and stabbed 28 times by a gang of <br /> six blacks and Hispanics. Her skull is caved in <br /> and corpse dumped into a ditch. Police confiscate <br /> a blood soaked mattress as evidence. The murder <br /> trial started on the same day as the James Byrd <br /> trial!<BR> <br /> <HR> <br /> "Niggas in the church say: kill whitey all night <br /> long. . . . the white man is the devil. . . . the <br /> CRIPS and Bloods are soldiers I'm recruiting with <br /> no dispute; drive-by shooting on this white <br /> genetic mutant. . . . let's go and kill some <br /> rednecks. . . . Menace Clan ain't afraid. . . . I <br /> got the .380; the homies think I'm crazy because <br /> I shot a white baby; I said; I said; I said: kill <br /> whitey all night long. . . . a nigga dumping on <br /> your white ass; fuck this rap shit, nigga, I'm <br /> gonna blast. . . . I beat a white boy to the <br /> motherfucking ground";<BR>"Kill Whitey"; --Menace <br /> Clan, Da Hood, 1995, Rap-A-Lot Records, Noo Trybe <br /> Records, subsidiaries of what was called Thorn <br /> EMI and now is called The EMI Group, United <br /> Kingdom. <br /> <HR> <br /> "Devils fear this brand new shit. . . . I bleed <br /> them next time I see them. . . . I prey on these <br /> devils. . . . look what it has come to; who you <br /> gonna run to when we get to mobbing. . . . <br /> filling his body up with lead, yah; cracker in my <br /> way; slitting, slit his throat; watch his body <br /> shake; watch his body shake; that's how we do it <br /> in the motherfucking [San Francisco] Bay. . . . <br /> Sitting on the dock of the dirty with my AK"; <br /> <BR>"Heat-featuring Jet and Spice1"; --Paris, <br /> Unleashed, 1998, Unleashed Records, Whirling <br /> Records. <br /> <HR> <br /> <B>Killeen, TX</B> - A white couple, Todd and <br /> Stacy Bagley are kidnapped on the way to church, <br /> lit on fire, burned to death and shot in the head <br /> by four blacks.<BR> <br /> <HR> <br /> "These devils make me sick; I love to fill them <br /> full of holes; kill them all in the daytime, <br /> broad motherfucking daylight; 12 o'clock, grab <br /> the Glock; why wait for night"; <BR>"Sweatin <br /> Bullets"; --Brand Nubian, Everything Is <br /> Everything, 1994, Elektra Entertainment, Warner <br /> Communications, Time Warner, USA. <br /> <HR> <br /> "A fight, a fight, a nigger and a white, if the <br /> nigger don't win then we all jump in. . . . <br /> smoking all [of] America's white boys";<BR>--"A <br /> Fight"; Apache, Apache Ain't Shit, 1993, Tommy <br /> Boy Music, Time Warner, USA. <br /> <HR> <br /> <B>Flint,Michigan</B> - Three white teenagers, <br /> Michael Carter, Dustin Kaiser and (girl’s name <br /> withheld by police) are attacked by six black <br /> youths. Carter is shot and killed. Kaiser is <br /> beaten and shot in the head, but recovers. The <br /> girl is forced to perform oral sex on her black <br /> attackers, pistol whipped and shot in the <br /> face.<BR> <br /> <HR> <br /> "I kill a devil right now. . . . I say kill <br /> whitey all nightey long. . . .I stabbed a fucking <br /> Jew with a steeple. . . . I would kill a cracker <br /> for nothing, just for the fuck of it. . . . <br /> Menace Clan kill a cracker; jack 'em even <br /> quicker. . . . catch that devil slipping; blow <br /> his fucking brains out"; <BR>"Fuck a Record <br /> Deal"; -- Menace Clan, Da Hood, 1995, Rap-A-Lot <br /> Records, Noo Trybe Records, subsidiaries of Thorn <br /> EMI; called The EMI Group since 1997, United <br /> Kingdom. <br /> <HR> <br /> <B>South Carolina</B> - A white female, Melissa <br /> McLaughlin, is raped, tortured and skinned alive <br /> in a tub of bleach by seven blacks.<BR> <br /> <HR> <br /> "Now I'm black but black people trip 'cause white <br /> people like me; white people like me I but don't <br /> like them. . . . I don't hate whites, I just <br /> gotta death wish for motherfuckers that ain't <br /> right";<BR>--"Race War"; Ice-T, Home Invasion, <br /> 1993, Priority Records, Thorn EMI; now called The <br /> EMI Group, United Kingdom. <br /> <HR> <br /> "To all my Universal Soldier's: stay at attention <br /> while I strategize an invasion; the mission be <br /> assassination, snipers hitting Caucasians with <br /> semi-automatic shots heard around the world; my <br /> plot is to control the globe and hold the world <br /> hostage. . . . see, I got a war plan more <br /> deadlier than Hitler. . . . lyrical specialist, <br /> underworld terrorist. . . . keep the unity thick <br /> like mud. . . . I pulling out gats , launching <br /> deadly attacks";<BR>--"Blood for Blood"; <br /> Killarmy, Silent Weapons for Quiet Wars, 1997, <br /> Wu-Tang Records, Priority Records, The EMI Group, <br /> United Kingdom. <br /> <HR> <br /> <B>Jacksonville, FL</B> - A mentally retarded <br /> white man, Gregory Griffith, is beaten and <br /> stomped unconscious by blacks and died a few days <br /> later. The blacks admitted to the police beating <br /> Griffith because "he was white".<BR> <br /> <HR> <br /> "Lead to the head of you devils"; <BR>"Lick Dem <br /> Muthaphuckas-Remix"; --Brand Nubian, Everything <br /> Is Everything, 1994, Elektra Entertainment, <br /> Warner Communications, Time Warner, USA. <br /> <HR> <br /> "This will all be over in '99, so, niggas, give <br /> devils the crime; gonna be more devils <br /> dying";<BR>--"No Surrender"; Bone <br /> Thugs-N-Harmony, Creepin on ah Come Up, 1994, <br /> Ruthless Records, Epic Records, Sony Music <br /> Entertainment, Sony, Japan. <br /> <HR> <br /> <B>Kansas City, MO</B> - A black male shoots two <br /> white co-workers, Micheal Scott and Traci Riehle. <br /> Scott is killed and Riehle is critically injured. <br /> Police find a note referring to "blood sucker <br /> supreme white people".<BR> <br /> <HR> <br /> "Won't be satisfied until the devils-I see them <br /> all dead. . . . my brother is sending me more <br /> guns from down South. . . . pale face. . . . it's <br /> all about brothers rising up, wising up, sizing <br /> up our situation. . . . you be fucking with my <br /> turf when you be fucking with my race; now face <br /> your maker and take your last breath; the time is <br /> half-past death. . . . it's the Armageddon. . . . <br /> go into the garage; find that old camouflage. . . <br /> . cracker-shooting nightly"; <BR>--"What the <br /> Fuck"; Brand Nubian, Everything Is Everything, <br /> 1994, Elektra Entertainment, Warner <br /> Communications, Time Warner, USA. <br /> <HR> <br /> ".44 ways to get paid. . . . I'm through with <br /> talking to these devils; now I'm ready to <br /> blast";<BR>--"44 Wayz-featuring Mystic"; Paris, <br /> Unleashed, 1998, Unleashed Records, Whirling <br /> Records. <br /> <HR> <br /> <B>Alexandria, VA</B> - An eight year old white <br /> child, Kevin Shiffiet, is killed when his throat <br /> is slit by a black who also stabs his 80 year old <br /> great grandmother and punches her in the chest. <br /> Police find a hand rambling note stating. "Kill <br /> them raceess whiate kidd’s anyway". <BR> <br /> <HR> <br /> "Like my niggas from South Central Los Angeles <br /> they found that they couldn't handle us; Bloods, <br /> CRIPS, on the same squad, with the Essays up, and <br /> nigga, it's time to rob and mob and break the <br /> white man off something lovely";<BR>--"The Day <br /> the Niggaz Took Over"; Dr Dre, The Chronic, 1993, <br /> Interscope Records, under Time Warner in 1993. <br /> <HR> <br /> <B>Burlington, NC</B> - A ten year old white <br /> child, Tiffany Long, is raped, sodomized, <br /> sexually tortured and murdered by two black males <br /> and a black female. The black female rams a <br /> broomstick up her vagina and rectum. The parents <br /> were prohibited from seeing their dead daughter’s <br /> body. <BR> <br /> <HR> <br /> "Bust a Glock; devils get shot. . . . when God <br /> give the word me herd like the buffalo through <br /> the neighborhood; watch me blast. . . . I'm <br /> killing more crackers than Bosnia-Herzegovina, <br /> each and everyday. . . . don't bust until you see <br /> the whites of his eyes, the whites of his skin. . <br /> . . Louis Farrakhan . . . Bloods and CRIPS, and <br /> little old me, and we all getting ready for the <br /> enemy";<BR>-- "Enemy"; Ice Cube, Lethal <br /> Injection, 1993, Priority Records, Thorn EMI; now <br /> called The EMI Group, United Kingdom. <br /> <HR> <br /> "Devil, to gangbanging there's a positive side <br /> and the positive side is this-sooner than later <br /> the brothers will come to Islam, and they will be <br /> the soldiers for the war; what war, you ask; <br /> Armageddon; ha, ha, ha, ha, ha";<BR>"Armageddon"; <br /> -- RBX, The RBX Files, 1995, Premeditated <br /> Records, Warner Brother Records, Time Warner, <br /> USA. <br /> <HR> <br /> "Subtract the devils that get smoked. . . . we're <br /> people, black people; steal your mind back, don't <br /> die in their wilderness. . . . let's point our <br /> heaters the other way";<BR>--"Dial 7"; Digable <br /> Planets, Blowout Comb, 1994, Pendulum Records, <br /> Thorn EMI; now called The EMI Group, United <br /> Kingdom. <br /> <HR> <br /> "Get them devil-made guns and leave them demons <br /> bleeding; give them back whips, and just feed <br /> them bullets";<BR>--"Wicked Ways"; Sunz of Man, <br /> One Million Strong: The Album, 1995, Mergela <br /> Records, Solar/Hines Co., Prolific Records. <br /> <HR> <br /> <B>Fayetteville, NC</B> - Two white women, Tracy <br /> Lambert and Susan Moore, are carjacked by a group <br /> of seven blacks and Hispanics and shot execution <br /> style in the head. This murder was part of a gang <br /> initiation. The bullets found in the victims’ <br /> heads were painted blue, the Crips’ gang color. <br /> <BR> <br /> <HR> <br /> "It's time to send the devil to the essence. . . <br /> this is a must because there ain't no reform or <br /> trust; you got a Glock and you see a devil, <br /> bust... . they'll be calling us the trigger men, <br /> the nappy-knotty red-beard devil-assassin; Lord <br /> make a law; at midnight I'll be bashing. . . . <br /> field niggas [are] locked in until <br /> 2005";<BR>--"Field Nigguhz in a Huddle"; <br /> Professor Griff, Blood of the Prophet; 1998, <br /> Lethal Records, Mercury Records, PolyGram, <br /> Phillips' Electronics NV, Netherlands. PolyGram <br /> merged with Universal Music Group in 1998, the <br /> parent being The Seagram Company of Canada, owned <br /> by Edgar Bronfman. <br /> <HR> <br /> <B>Alton, Illinois </B>- A white male, Richard <br /> Skelton, is attacked and stomped to death by a <br /> group of 25 blacks while black onlookers yell, <br /> "Kill the cracker". <BR> <br /> <HR> <br /> "He preys on old white ladies [who] drive the <br /> Mercedes with the windows cracked. . . . you <br /> should've heard the bitch screaming. . . . <br /> sticking guns in crackers' mouths. . . . the cops <br /> can't stop it. . . . remember 4-29-92, come on; <br /> Florence and Normandy coming to a corner near <br /> you, cracker; we've been through your area, mass <br /> hysteria; led by your motherfucking Menace <br /> Clan";<BR>--"Mad Nigga"; Menace Clan, Da Hood, <br /> 1995, Rap-A-Lot Records, Noo Trybe Records, Time <br /> Warner, USA. <br /> <HR> <br /> "The black man is god. . . . buy a Tec [and] let <br /> loose in the Vatican. . . I love the black faces; <br /> so put your Bible in the attic";<BR>--"Ain't No <br /> Mystery"; Brand Nubian, In God We Trust, 1992, <br /> Elektra Entertainment, Warner Communications, <br /> Time Warner, USA. <br /> <HR> <br /> <B>Cleveland, OH</B> - A five year old white <br /> girl, Devon Duniver, was stabbed to death by a <br /> black teenager who said after the murder, "She <br /> got what she deserved." <BR> <br /> <HR> <br /> "Rhymes is rugged like burnt buildings in Harlem; <br /> the Ol Dirty Bastard. . . . I'm also militant. . <br /> . . snatching devils up by the hair, then cut his <br /> head off";<BR>--"Cuttin Headz"; Ol Dirty Bastard, <br /> Return of the 36 Chambers: the Dirty Version; <br /> 1995, Elektra Entertainment, Time Warner, USA. <br /> <HR> <br /> <B>Kansas City, MO</B> - A six year old white <br /> child, Jake Robel, is dragged to death by a black <br /> carjacker who drove away even as the boy being <br /> dragged screamed outside of the car door while <br /> still partially attached to the seat belt. <BR> <br /> <HR> <br /> "Listen to this black visionary, bringing war <br /> like a revolutionary. . . . go on a killing <br /> spree, putting devils out their misery; hearing <br /> screams, sounds of agony; my hostility takes over <br /> me. . . . camouflaged ninjas <br /> avenging";<BR>--"Under Seige"; Killarmy, Silent <br /> Weapons for Quiet Wars, 1997, Wu-Tang Records, <br /> Priority Records, The EMI Group, United Kingdom. <br /> <HR> <br /> "Swing by on the pale guy. . . . break him in the <br /> neck. . . . the guerrilla with the poison tip. . <br /> . . shaking pinky up on a dull-ass ice-pick . . . <br /> this is Lench Mob. . . . devil, what you want to <br /> do; when you see the boot, knew your head is <br /> hoohoo ";<BR>--"King of the Jungle"; Da Lench <br /> Mob, Planet of da Apes, 1994, Priority Records, <br /> Thorn EMI; now called The EMI Group, United <br /> Kingdom. <br /> <HR> <br /> <B>Buffalo, NY</B> - A white man, Gary Traska, is <br /> stomped to death by three blacks. Many of his <br /> organs were actually split apart from the savage <br /> beating. <BR> <br /> <HR> <br /> "Dropping verses, casting curses, throwing these <br /> hexes on the devils. . . . respect to Farrakhan, <br /> but I'm the jungle-don, the new guerrilla, <br /> top-ranked honky killer. . . . what do blacks do; <br /> they just keep on blowing devils away. . . . evil <br /> fucking cracker. . . . I'm tightening up the <br /> laces to my steel-toed boots, so I can walk, <br /> stomp; we stomp this devil down in the <br /> park";<BR>--"Planet of da Apes"; Da Lench Mob, <br /> Planet of da Apes, 1994, Priority Records, Thorn <br /> EMI; now called The EMI Group, United Kingdom. <br /> <HR> <br /> <B>Fayetteville, NC</B> - A white male, Donald <br /> Lange, is stomped by ten black males. Lange is <br /> now brain dead and a complete vegetable. <BR> <br /> <HR> <br /> "We're having thoughts of overthrowing the <br /> government. . . . the brothers and sisters threw <br /> their fists in the air. . . . it's open season on <br /> crackers, you know; the morgue will be full of <br /> Caucasian John Doe's. . . . I make the Riot shit <br /> look like a fairy tale. . . . oh my god, Allah, <br /> have mercy; I'm killing them devils because <br /> they're not worthy to walk the earth with the <br /> original black man; they must be forgetting; it's <br /> time for Armageddon, and I won't rest until <br /> they're all dead";<BR>--"Goin Bananas"; Da Lench <br /> Mob, Planet of da Apes, 1994, Priority Records, <br /> Thorn EMI; now called The EMI Group, United <br /> Kingdom. <br /> <HR> <br /> <B>Salt Lake City, UT</B> - A black man breaks <br /> into the house of two white women, Amy Clinton <br /> and Aaron Warren. The black man stabs both women, <br /> killing Amy Clinton and seriously injuring Aaron <br /> Warren. <BR> <br /> <HR> <br /> "The crackers ain't shit; chase them out of the <br /> jungle; now raise up off the planet. . . . we get <br /> the 12 gauge; shot to the chest. . . . we hitting <br /> devils up. . . . Da Lench Mob, environmental <br /> terrorist. . . . I gripped the Glock and had to <br /> knock his head from his shoulders. . . . I got <br /> the .30[6] on the rooftop; pop; pop; so many <br /> devils die. . . . make sure I kill them. . . <br /> lynch a thousand a week if it's <br /> necessary";<BR>--"Environmental Terrorist"; Da <br /> Lench Mob, Planet of da Apes, 1994, Priority <br /> Records, Thorn EMI; now called The EMI Group, <br /> United Kingdom. <br /> <HR> <br /> <B>Bloomington, IL</B> - A white female, Patricia <br /> Stansfield is dragged two miles to her death <br /> during a carjacking by a black male. <BR> <br /> <HR> <br /> "Like an armed struggle. . . . I come with the <br /> New Wu Order. . . . waging war on the devils' <br /> community. . . . whipped cardinals and one <br /> Pope";<BR>--"Universal Soldiers"; Killarmy, <br /> Silent Weapons for Quiet Wars, 1997, Wu-Tang <br /> Records, Priority Records, The EMI Group, United <br /> Kingdom. <br /> <HR> <br /> "Swinging out of the trees, is the <br /> blood-spilling, devil-killing, nappy-headed g.'s. <br /> . . . blacks and Mexicans must take a stand. . . <br /> . I'm down with Chico, and not with the <br /> man";<BR>--"Set the Shit Straight"; Da Lench Mob, <br /> Planet of da Apes, 1994, Priority Records, Thorn <br /> EMI; now called The EMI Group, United Kingdom. <br /> <HR> <br /> <B>Reno, NV</B> - A Polynesian immigrant kills a <br /> white police officer, George Sullivan, with a <br /> hatchet Sullivan is struck 20 times. The <br /> immigrant admits to killing Sullivan because "he <br /> was a white police officer". <BR> <br /> <HR> <br /> "Fuck them laws, because the Mob is coming raw; <br /> nigga, is you down because it's the Final Call. . <br /> . . grab your gat; know the three will start <br /> busting; I'm trying to take them down. . . . the <br /> war of wars with no fucking scores. . . . April <br /> 29 was a chance to realize . . . the g.'s are out <br /> to kill. . . . we got crackers to kill; sending <br /> them back in on a ship to Europe. . . . they <br /> deserve it. . . . a nation-wide riot across <br /> America. . . . this is the Final Call on black <br /> man and black woman, rich and poor; rise <br /> up";<BR>--"Final Call"; Da Lench Mob, Planet of <br /> da Apes, 1994, Priority Records, Thorn EMI; now <br /> called The EMI Group, United Kingdom. <br /> <HR> <br /> "I come with the wicked style. . . . I got <br /> everybody jumping to the voodoo. . . . I got a <br /> gat and I'm looking out the window like Malcolm. <br /> . . . April 29 was power to the people, and we <br /> just might see a sequel";<BR>--"Wicked"; Ice <br /> Cube, The Predator, 1992, Priority Records, Thorn <br /> EMI; now called The EMI Group, United Kingdom. <br /> <HR> <br /> <B>Boulder, CO</B> - A white college student, <br /> "Jane Doe", is gang-raped at gun-point by six <br /> Asians. Because of court proceedings and fear of <br /> retaliation by the "Asian Crips", she is referred <br /> to as "Jane Doe". The Asians admit to raping the <br /> girl "because she was blonde and white". <BR> <br /> <HR> <br /> "Deal with the devil with my motherfucking steel. <br /> . . . white man is something I tried to study, <br /> but I got my hands bloody, yeah. . . . I met <br /> Farrakhan and had dinner"; <BR>--"When Will They <br /> Shoot"; Ice Cube, The Predator, 1992, Priority <br /> Records, Thorn EMI; now called The EMI Group, <br /> United Kingdom. <br /> <HR> <br /> "Actual fact you need to be black. . . . everyday <br /> I fight a devil. . . . I grab a shovel to bury a <br /> devil. . . . the battle with the beast, Mr. 666. <br /> . . . my mind rolled to a 7th level; grab my <br /> bazooka and nuke a devil. . . . with black, I <br /> build; for black, I kill";<BR>--"Fightin the <br /> Devil"; RBX, The RBX Files, 1995, Premeditated <br /> Records, Warner Brother Records, Time Warner, <br /> USA. <br /> <HR> <br /> <B>Racine, WI</B>- A black gang member, Nazeer <br /> Ghani, fires into a crowd of white concert-goers <br /> while shouting racial epithets, killing father of <br /> two Joe Rowan. Although identified by 30 <br /> witnesses, police release the killer for "lack of <br /> evidence." <BR> <br /> <HR> <br /> "I pledge allegiance to only the black. . . . <br /> black, you had best prepare for the coming of <br /> war. . . . look at you devil; now you're <br /> sweating; I'm telling you: you can't run from the <br /> hand of Armageddon. . . . he eats his pig-steak <br /> rare so he can taste the blood";<BR>--"No Time"; <br /> RBX, The RBX Files, 1995, Premeditated Records, <br /> Warner Brother Records, Time Warner, USA. <br /> <HR> <br /> "Killing devils [and] scatter they ashes over the <br /> sea of Mediterranean . . . . open your eyes to <br /> the revolution. . . . unite with the black <br /> coalition"; <BR>--"Wake Up"; Killarmy, Silent <br /> Weapons for Quiet Wars, 1997, Wu-Tang Records, <br /> Priority Records, The EMI Group, United Kingdom. <br /> <HR> <br /> "My own kind blind, brain-trained on the <br /> devil-level. . . . chasing down loot, Dole or <br /> Newt, who do you shoot. . . . rough stuff to the <br /> babies, spread like rabies"; <BR>--"Niggativity . <br /> . . Do I Dare Disturb the Universe"; Chuck D, <br /> Autobiography of MistaChuck, 1996, Mercury <br /> Records, PolyGram, Phillips' Electronics NV, <br /> Netherlands. PolyGram merged within Universal <br /> Music Group in 1998, the parent being The Seagram <br /> Company, Canada. <br /> <HR> <br /> "Buck the devil; boom. . . . shoot you with my <br /> .22; I got plenty of crew; I take out white boys. <br /> . . . we got big toys with the one-mile scope, <br /> taking whitey's throat";<BR>--"Buck tha Devil"; <br /> Da Lench Mob, Guerrillas in tha Mist, 1992, <br /> Eastwest Records America, Elektra, Atlantic, Time <br /> Warner, USA. <br /> <HR> <br /> <B>Pine Ridge Indian Reservation, SD</B>- A white <br /> man is dragged to his death by Indians. Federal <br /> officials hesitate to call it a "hate crime". <br /> <BR> <br /> <HR> <br /> "Little devils don't go to heaven. . . . the AK <br /> forty . . . hold a fifty clip, and I'll shoot <br /> until it's empty. . . . I'm killing only seven <br /> million civilians. . . . one dead <br /> devil";<BR>"Freedom Got an AK"; Da Lench Mob, <br /> Guerrillas in tha Mist, 1992, Eastwest Records <br /> America, Elektra, Atlantic, Time Warner, USA. <br /> <HR> <br /> "Grab your deep-ass crews. . . . we gotta make <br /> them ends, even if it means Jack and friends. . . <br /> . now you're doomed, hollow-points to the dome; <br /> once again it's on. . . . out comes my .22. . . . <br /> I'm the cut-throat; now I got to cut you . . . <br /> '94 is the season for lynching; from out of the <br /> dark is the South Central g., ready-hand steady <br /> on a bloody machete. . . . a devil is on my <br /> shoulder; should I kill it; hell yah. . . . I <br /> slice Jack. . . . took an axe, and gave that <br /> bitch, Jill, forty wacks. . . . with my hip hop . <br /> . . it don't stop, until heads roll off the <br /> cutting block";<BR>--"Cut Throats"; Da Lench Mob, <br /> Planet of da Apes, 1994, Priority Records, Thorn <br /> EMI; now called The EMI <br /> <HR> <br /> <B>Miami, FL</B> - Seven whites are murdered by <br /> the Yahweh Cult whose leader orders the members <br /> to cut off and return the ears of the victims as <br /> proof of the murders. The trial was conducted at <br /> the same time as the Rodney King trial! <BR> <br /> <HR> <br /> <br /> <CENTER> <br /> <CENTER>The evidence speaks for its self, <br /> </CENTER> <br /> <CENTER>if anyone cannot</CENTER> <br /> <CENTER>understand that there is</CENTER> <br /> <CENTER>a WAR against the WHITE RACE, by a <br /> certain </CENTER> <br /> <CENTER>CLASS OF NEGROES, then</CENTER> <br /> <CENTER>this person, blind and in the</CENTER> <br /> <CENTER>depths of delusion,</CENTER> <br /> <CENTER>DESERVES TO DIE!</CENTER></CENTER> <br /> <br /> <br /> <br /> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." <br /> Benjamin Franklin <br /> <br /> "If you want total security, go to prison. There you're fed, clothed, given medical care and so on. The only thing lacking is freedom." <br /> Dwight Eisenhower <br /> <br /> "A black cat crossing your path signifies that the animal is going somewhere." <br /> Groucho Marx <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <span class='post-author vcard'> Posted by <span class='fn' itemprop='author' itemscope='itemscope' itemtype='http://schema.org/Person'> <meta content='https://www.blogger.com/profile/17157543961041926381' itemprop='url'/> <a class='g-profile' href='https://www.blogger.com/profile/17157543961041926381' rel='author' title='author profile'> <span itemprop='name'>boxcarro</span> </a> </span> </span> <span class='post-timestamp'> at <meta content='http://nazihomelessholocaust.blogspot.com/2011/08/gmail-jochannan-bn-israel-bernays-re.html' itemprop='url'/> <a class='timestamp-link' href='http://nazihomelessholocaust.blogspot.com/2011/08/gmail-jochannan-bn-israel-bernays-re.html' rel='bookmark' title='permanent link'><abbr class='published' itemprop='datePublished' title='2011-08-13T10:01:00-07:00'>10:01 AM</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='post-comment-link'> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-1761853531'> <a href='https://www.blogger.com/post-edit.g?blogID=1054465589763888472&postID=7490050105830553291&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='https://resources.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> <div class='post-share-buttons goog-inline-block'> </div> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> <div class='comments' id='comments'> <a name='comments'></a> <h4>No comments:</h4> <div id='Blog1_comments-block-wrapper'> <dl class='avatar-comment-indent' id='comments-block'> </dl> </div> <p class='comment-footer'> <div class='comment-form'> <a name='comment-form'></a> <h4 id='comment-post-message'>Post a Comment</h4> <p> </p> <a href='https://www.blogger.com/comment-iframe.g?blogID=1054465589763888472&postID=7490050105830553291' id='comment-editor-src'></a> <iframe allowtransparency='true' class='blogger-iframe-colorize blogger-comment-from-post' frameborder='0' height='410px' id='comment-editor' name='comment-editor' src='' width='100%'></iframe> <script src='https://www.blogger.com/static/v1/jsbin/569042235-comment_from_post_iframe.js' type='text/javascript'></script> <script type='text/javascript'> BLOG_CMT_createIframe('https://www.blogger.com/rpc_relay.html'); </script> </div> </p> <div id='backlinks-container'> <div id='Blog1_backlinks-container'> </div> </div> </div> </div> </div></div> </div> <div class='blog-pager' id='blog-pager'> <span id='blog-pager-newer-link'> <a class='blog-pager-newer-link' href='http://nazihomelessholocaust.blogspot.com/2011/08/scalar-wars-brave-new-world-of-scalar.html' id='Blog1_blog-pager-newer-link' title='Newer Post'>Newer Post</a> </span> <span id='blog-pager-older-link'> <a class='blog-pager-older-link' href='http://nazihomelessholocaust.blogspot.com/2011/08/blog-post_5370.html' id='Blog1_blog-pager-older-link' title='Older Post'>Older Post</a> </span> <a class='home-link' href='http://nazihomelessholocaust.blogspot.com/'>Home</a> </div> <div class='clear'></div> <div class='post-feeds'> <div class='feed-links'> Subscribe to: <a class='feed-link' href='http://nazihomelessholocaust.blogspot.com/feeds/7490050105830553291/comments/default' target='_blank' type='application/atom+xml'>Post Comments (Atom)</a> </div> </div> <script type='text/javascript'> window.___gcfg = { 'lang': 'en' }; </script> </div></div> </div> </div> <div class='column-left-outer'> <div class='column-left-inner'> <aside> </aside> </div> </div> <div class='column-right-outer'> <div class='column-right-inner'> <aside> <div class='sidebar section' id='sidebar-right-1'><div class='widget Followers' data-version='1' id='Followers3'> <h2 class='title'>Followers</h2> <div class='widget-content'> <div id='Followers3-wrapper'> <div style='margin-right:2px;'> <div><script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script> <div id="followers-iframe-container"></div> <script type="text/javascript"> window.followersIframe = null; function followersIframeOpen(url) { gapi.load("gapi.iframes", function() { if (gapi.iframes && gapi.iframes.getContext) { window.followersIframe = gapi.iframes.getContext().openChild({ url: url, where: document.getElementById("followers-iframe-container"), messageHandlersFilter: gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER, messageHandlers: { '_ready': function(obj) { window.followersIframe.getIframeEl().height = obj.height; }, 'reset': function() { window.followersIframe.close(); followersIframeOpen("https://www.blogger.com/followers.g?blogID\x3d1054465589763888472\x26colors\x3dCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMyMjIyMjIiByNjYzY2MTEqByNmZmZmZmYyByMwMDAwMDA6ByMyMjIyMjJCByNjYzY2MTFKByM5OTk5OTlSByNjYzY2MTFaC3RyYW5zcGFyZW50\x26pageSize\x3d21\x26postID\x3d7490050105830553291\x26origin\x3dhttp://nazihomelessholocaust.blogspot.com/"); }, 'open': function(url) { window.followersIframe.close(); followersIframeOpen(url); }, 'blogger-ping': function() { } } }); } }); } followersIframeOpen("https://www.blogger.com/followers.g?blogID\x3d1054465589763888472\x26colors\x3dCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMyMjIyMjIiByNjYzY2MTEqByNmZmZmZmYyByMwMDAwMDA6ByMyMjIyMjJCByNjYzY2MTFKByM5OTk5OTlSByNjYzY2MTFaC3RyYW5zcGFyZW50\x26pageSize\x3d21\x26postID\x3d7490050105830553291\x26origin\x3dhttp://nazihomelessholocaust.blogspot.com/"); </script></div> </div> </div> <div class='clear'></div> <span class='widget-item-control'> <span class='item-control blog-admin'> <a class='quickedit' href='//www.blogger.com/rearrange?blogID=1054465589763888472&widgetType=Followers&widgetId=Followers3&action=editWidget§ionId=sidebar-right-1' onclick='return _WidgetManager._PopupConfig(document.getElementById("Followers3"));' target='configFollowers3' title='Edit'> <img alt='' height='18' src='https://resources.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/> </a> </span> </span> <div class='clear'></div> </div> </div></div> <table border='0' cellpadding='0' cellspacing='0' class='section-columns columns-2'> <tbody> <tr> <td class='first columns-cell'> <div class='sidebar section' id='sidebar-right-2-1'><div class='widget Profile' data-version='1' id='Profile3'> <h2>About Me</h2> <div class='widget-content'> <a href='https://www.blogger.com/profile/17157543961041926381'><img alt='My photo' class='profile-img' height='60' src='//1.bp.blogspot.com/-lRn6tzlrpBo/VJk_MqVPK3I/AAAAAAAAAok/UIyMW-thqzQ/s80/*' width='80'/></a> <dl class='profile-datablock'> <dt class='profile-data'> <a class='profile-name-link g-profile' href='https://www.blogger.com/profile/17157543961041926381' rel='author' style='background-image: url(//www.blogger.com/img/logo-16.png);'> boxcarro </a> </dt> <dd class='profile-textblock'>If you like my Blogs, Please Consider Support VIA Paypal. My PayPal Account is boxcarro@yahoo.com Thank You from the HOMELESS Jazz GUITARIST.</dd> </dl> <a class='profile-link' href='https://www.blogger.com/profile/17157543961041926381' rel='author'>View my complete profile</a> <div class='clear'></div> <span class='widget-item-control'> <span class='item-control blog-admin'> <a class='quickedit' href='//www.blogger.com/rearrange?blogID=1054465589763888472&widgetType=Profile&widgetId=Profile3&action=editWidget§ionId=sidebar-right-2-1' onclick='return _WidgetManager._PopupConfig(document.getElementById("Profile3"));' target='configProfile3' title='Edit'> <img alt='' height='18' src='https://resources.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/> </a> </span> </span> <div class='clear'></div> </div> </div></div> </td> <td class='columns-cell'> <div class='sidebar section' id='sidebar-right-2-2'><div class='widget BlogArchive' data-version='1' id='BlogArchive3'> <h2>Blog Archive</h2> <div class='widget-content'> <div id='ArchiveList'> <div id='BlogArchive3_ArchiveList'> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2021/'> 2021 </a> <span class='post-count' dir='ltr'>(1)</span> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2021/10/'> October </a> <span class='post-count' dir='ltr'>(1)</span> </li> </ul> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2016/'> 2016 </a> <span class='post-count' dir='ltr'>(11)</span> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2016/10/'> October </a> <span class='post-count' dir='ltr'>(2)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2016/09/'> September </a> <span class='post-count' dir='ltr'>(1)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2016/07/'> July </a> <span class='post-count' dir='ltr'>(1)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2016/06/'> June </a> <span class='post-count' dir='ltr'>(2)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2016/05/'> May </a> <span class='post-count' dir='ltr'>(4)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2016/03/'> March </a> <span class='post-count' dir='ltr'>(1)</span> </li> </ul> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2015/'> 2015 </a> <span class='post-count' dir='ltr'>(9)</span> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2015/05/'> May </a> <span class='post-count' dir='ltr'>(4)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2015/04/'> April </a> <span class='post-count' dir='ltr'>(1)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2015/03/'> March </a> <span class='post-count' dir='ltr'>(2)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2015/01/'> January </a> <span class='post-count' dir='ltr'>(2)</span> </li> </ul> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2014/'> 2014 </a> <span class='post-count' dir='ltr'>(5)</span> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2014/12/'> December </a> <span class='post-count' dir='ltr'>(5)</span> </li> </ul> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2013/'> 2013 </a> <span class='post-count' dir='ltr'>(19)</span> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2013/06/'> June </a> <span class='post-count' dir='ltr'>(4)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2013/05/'> May </a> <span class='post-count' dir='ltr'>(3)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2013/04/'> April </a> <span class='post-count' dir='ltr'>(9)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2013/03/'> March </a> <span class='post-count' dir='ltr'>(2)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2013/01/'> January </a> <span class='post-count' dir='ltr'>(1)</span> </li> </ul> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2012/'> 2012 </a> <span class='post-count' dir='ltr'>(67)</span> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2012/12/'> December </a> <span class='post-count' dir='ltr'>(4)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2012/11/'> November </a> <span class='post-count' dir='ltr'>(7)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2012/10/'> October </a> <span class='post-count' dir='ltr'>(20)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2012/09/'> September </a> <span class='post-count' dir='ltr'>(1)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2012/06/'> June </a> <span class='post-count' dir='ltr'>(21)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2012/05/'> May </a> <span class='post-count' dir='ltr'>(1)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2012/04/'> April </a> <span class='post-count' dir='ltr'>(3)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2012/03/'> March </a> <span class='post-count' dir='ltr'>(1)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2012/02/'> February </a> <span class='post-count' dir='ltr'>(2)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2012/01/'> January </a> <span class='post-count' dir='ltr'>(7)</span> </li> </ul> </li> </ul> <ul class='hierarchy'> <li class='archivedate expanded'> <a class='toggle' href='javascript:void(0)'> <span class='zippy toggle-open'> ▼  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2011/'> 2011 </a> <span class='post-count' dir='ltr'>(55)</span> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2011/12/'> December </a> <span class='post-count' dir='ltr'>(10)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2011/11/'> November </a> <span class='post-count' dir='ltr'>(2)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2011/10/'> October </a> <span class='post-count' dir='ltr'>(1)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate expanded'> <a class='toggle' href='javascript:void(0)'> <span class='zippy toggle-open'> ▼  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2011/08/'> August </a> <span class='post-count' dir='ltr'>(39)</span> <ul class='posts'> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/people-with-mental-illnesses-could-be.html'>People with mental illnesses could be scattered to...</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/reply-re-garylarrabee-tribulations-etc.html'>Reply Re: GaryLarrabee - tribulations, etc Seno...</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/crookid-social-security-plan.html'>CROOKID Social Security plan</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/fat-boy-thinks-bad-tings.html'>FAT BOY thinks BAD TINGS</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/americas-secret-courts-laws-on.html'>Americas Secret Courts, Laws on Survelliance</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/dont-ask-dont-tell.html'>??? Don't ASK. Don't TELL???</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/racial-bias-in-media.html'>Racial Bias in Media</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/myth-of-racism.html'>MYTH of Racism</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/music-murder.html'>Music & Murder</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/dead-bodies-haunt-hill-bill.html'>DEAD BODIES HAUNT HILL & BILL</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/cocaine-clintoon-arkansas-fbi.html'>COCAINE, CLINTOON, ARKANSAS, FBI DEPOSITION</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/matrixslavery.html'>MATRIX=SLAVERY</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/nat-id-horror.html'>NAT. ID. HORROR</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/us-patent-officemins-control.html'>US PATENT OFFICE=MINS CONTROL</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/fallacies-of-counductors.html'>FALLACIES of COUNDUCTORS</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/lunar-influs-colloids-of-silver.html'>Lunar Influ/s Colloids of Silver</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/wilhelm-reich.html'>Wilhelm Reich</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/sonic-weapons.html'>SONIC wEAPONS</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/voynich-ms-secret-knowledge.html'>the Voynich MS. Secret Knowledge</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/global-warming-science.html'>Global Warming Science</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/teslas-true-wireless-and-haarp.html'>Tesla's True Wireless and HAARP</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/weather-modification-patented.html'>Weather Modification PATENTED</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/climate-lies.html'>CLIMATE LIES</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/experiment-ground-antennas.html'>Experiment: Ground Antennas</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/introduction-to-mysteries-of-ground.html'>An Introduction to the Mysteries of Ground Radio</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/scalar-interferometry.html'>SCALAR INTERFEROMETRY</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/scalar-wars-brave-new-world-of-scalar.html'>Scalar Wars The Brave New World of Scalar Electro...</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/gmail-jochannan-bn-israel-bernays-re.html'>Gmail Jochannan bn Israel Bernays Re: [HoboMurd...</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/blog-post_5370.html'> </a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/blog-post_2001.html'> </a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/blog-post_12.html'>KILLING POOR & HOMELESSin AMERIkkkA</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/blog-post.html'> </a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/function-var-awindowfunction-cbthis.html'><!DOCTYPE html> (function() { var a=win...</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/rapping-about-cop-killing.html'>Rapping about cop killing</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/john-dewey-speech-1917-following-quote.html'>John Dewey Speech 1917 The following Quote is fro...</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/department-of-state-publication-7277.html'>Department of State Publication 7277 THE UNITE...</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/majestytwelve-by-william-cooper.html'>MAJESTYTWELVE by William Cooper Copyright © 1997...</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/corpwatch-prison-industrial-complex.html'> CorpWatch : The Prison Industrial Complex:...</a></li> <li><a href='http://nazihomelessholocaust.blogspot.com/2011/08/is-chelsea-grand-daughter-of-winthrop.html'>Is Chelsea the grand-daughter of Winthrop Rockefel...</a></li> </ul> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2011/07/'> July </a> <span class='post-count' dir='ltr'>(2)</span> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2011/05/'> May </a> <span class='post-count' dir='ltr'>(1)</span> </li> </ul> </li> </ul> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2009/'> 2009 </a> <span class='post-count' dir='ltr'>(2)</span> <ul class='hierarchy'> <li class='archivedate collapsed'> <a class='toggle' href='javascript:void(0)'> <span class='zippy'> ►  </span> </a> <a class='post-count-link' href='http://nazihomelessholocaust.blogspot.com/2009/02/'> February </a> <span class='post-count' dir='ltr'>(2)</span> </li> </ul> </li> </ul> </div> </div> <div class='clear'></div> <span class='widget-item-control'> <span class='item-control blog-admin'> <a class='quickedit' href='//www.blogger.com/rearrange?blogID=1054465589763888472&widgetType=BlogArchive&widgetId=BlogArchive3&action=editWidget§ionId=sidebar-right-2-2' onclick='return _WidgetManager._PopupConfig(document.getElementById("BlogArchive3"));' target='configBlogArchive3' title='Edit'> <img alt='' height='18' src='https://resources.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/> </a> </span> </span> <div class='clear'></div> </div> </div></div> </td> </tr> </tbody> </table> <div class='sidebar no-items section' id='sidebar-right-3'></div> </aside> </div> </div> </div> <div style='clear: both'></div> <!-- columns --> </div> <!-- main --> </div> </div> <div class='main-cap-bottom cap-bottom'> <div class='cap-left'></div> <div class='cap-right'></div> </div> </div> <footer> <div class='footer-outer'> <div class='footer-cap-top cap-top'> <div class='cap-left'></div> <div class='cap-right'></div> </div> <div class='fauxborder-left footer-fauxborder-left'> <div class='fauxborder-right footer-fauxborder-right'></div> <div class='region-inner footer-inner'> <div class='foot no-items section' id='footer-1'></div> <table border='0' cellpadding='0' cellspacing='0' class='section-columns columns-2'> <tbody> <tr> <td class='first columns-cell'> <div class='foot no-items section' id='footer-2-1'></div> </td> <td class='columns-cell'> <div class='foot no-items section' id='footer-2-2'></div> </td> </tr> </tbody> </table> <!-- outside of the include in order to lock Attribution widget --> <div class='foot section' id='footer-3' name='Footer'><div class='widget Attribution' data-version='1' id='Attribution1'> <div class='widget-content' style='text-align: center;'> Simple theme. Powered by <a href='https://www.blogger.com' target='_blank'>Blogger</a>. </div> <div class='clear'></div> <span class='widget-item-control'> <span class='item-control blog-admin'> <a class='quickedit' href='//www.blogger.com/rearrange?blogID=1054465589763888472&widgetType=Attribution&widgetId=Attribution1&action=editWidget§ionId=footer-3' onclick='return _WidgetManager._PopupConfig(document.getElementById("Attribution1"));' target='configAttribution1' title='Edit'> <img alt='' height='18' src='https://resources.blogblog.com/img/icon18_wrench_allbkg.png' width='18'/> </a> </span> </span> <div class='clear'></div> </div></div> </div> </div> <div class='footer-cap-bottom cap-bottom'> <div class='cap-left'></div> <div class='cap-right'></div> </div> </div> </footer> <!-- content --> </div> </div> <div class='content-cap-bottom cap-bottom'> <div class='cap-left'></div> <div class='cap-right'></div> </div> </div> </div> <script type='text/javascript'> window.setTimeout(function() { document.body.className = document.body.className.replace('loading', ''); }, 10); </script> <script src='https://apis.google.com/js/plusone.js' type='text/javascript'></script> <script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/3863139539-widgets.js"></script> <script type='text/javascript'> window['__wavt'] = 'AOuZoY6rCQH86uHkfRU0rSO2oFfPJJOzgw:1500675794389';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d1054465589763888472','//nazihomelessholocaust.blogspot.com/2011/08/gmail-jochannan-bn-israel-bernays-re.html','1054465589763888472'); _WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '1054465589763888472', 'title': 'HOMELESS HOLOCAUST', 'url': 'http://nazihomelessholocaust.blogspot.com/2011/08/gmail-jochannan-bn-israel-bernays-re.html', 'canonicalUrl': 'http://nazihomelessholocaust.blogspot.com/2011/08/gmail-jochannan-bn-israel-bernays-re.html', 'homepageUrl': 'http://nazihomelessholocaust.blogspot.com/', 'searchUrl': 'http://nazihomelessholocaust.blogspot.com/search', 'canonicalHomepageUrl': 'http://nazihomelessholocaust.blogspot.com/', 'blogspotFaviconUrl': 'http://nazihomelessholocaust.blogspot.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': false, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22HOMELESS HOLOCAUST - Atom\x22 href\x3d\x22http://nazihomelessholocaust.blogspot.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22HOMELESS HOLOCAUST - RSS\x22 href\x3d\x22http://nazihomelessholocaust.blogspot.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22HOMELESS HOLOCAUST - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/1054465589763888472/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22HOMELESS HOLOCAUST - Atom\x22 href\x3d\x22http://nazihomelessholocaust.blogspot.com/feeds/7490050105830553291/comments/default\x22 /\x3e\n', 'meTag': '', 'openIdOpTag': '', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'ieCssRetrofitLinks': '\x3c!--[if IE]\x3e\x3cscript type\x3d\x22text/javascript\x22 src\x3d\x22https://www.blogger.com/static/v1/jsbin/3832463125-ieretrofit.js\x22\x3e\x3c/script\x3e\n\x3c![endif]--\x3e', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/ef61d1940ae6a6d0', 'plusOneApiSrc': 'https://apis.google.com/js/plusone.js', 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Google+', 'key': 'googlePlus', 'shareMessage': 'Share to Google+', 'target': 'googleplus'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'googlePlusShareButtonWidth': 300, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Read more', 'pageType': 'item', 'postId': '7490050105830553291', 'pageName': '', 'pageTitle': 'HOMELESS HOLOCAUST'}}, {'name': 'features', 'data': {'unsupported_browser_message': 'false', 'lightbox_img_parsing': 'false', 'sharing_get_link_dialog': 'false'}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'Simple', 'localizedName': 'Simple', 'isResponsive': false, 'isAlternateRendering': false, 'isCustom': false, 'variant': 'bold', 'variantId': 'bold', 'variantName': 'Bold', 'localizedVariantName': 'Bold'}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'HOMELESS HOLOCAUST', 'description': 'Gmail Jochannan bn Israel Bernays \r Re: [HoboMurderer] Cosmic Radiatitioun Computer FrequeOut 20 KILLED bezerker MicroProCessionErCRIME?\r j...', 'url': 'http://nazihomelessholocaust.blogspot.com/2011/08/gmail-jochannan-bn-israel-bernays-re.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 7490050105830553291}}]); _WidgetManager._RegisterWidget('_NavbarView', new _WidgetInfo('Navbar1', 'navbar', null, document.getElementById('Navbar1'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'header', null, document.getElementById('Header1'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'main', null, document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/2709796370-lbx.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/368954415-lightbox_bundle.css'}, 'displayModeFull')); _WidgetManager._RegisterWidget('_FollowersView', new _WidgetInfo('Followers3', 'sidebar-right-1', null, document.getElementById('Followers3'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_ProfileView', new _WidgetInfo('Profile3', 'sidebar-right-2-1', null, document.getElementById('Profile3'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_BlogArchiveView', new _WidgetInfo('BlogArchive3', 'sidebar-right-2-2', null, document.getElementById('BlogArchive3'), {'languageDirection': 'ltr', 'loadingMessage': 'Loading\x26hellip;'}, 'displayModeFull')); _WidgetManager._RegisterWidget('_AttributionView', new _WidgetInfo('Attribution1', 'footer-3', null, document.getElementById('Attribution1'), {}, 'displayModeFull')); </script> </body> </html>