precedence: bulk Subject: Risks Digest 26.00 (26.99), Volume 26 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Volume 26 : Issue 00 (99) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 26 (Apr 2010 - ongoing) (NOTE: This summary is archived in ftp file risks-26.00 at ftp.sri.com, cd risks, and is also at http://catless.ncl.ac.uk/Risks/26.00.html.) ---------------------------------------------------------------------- Date: 17 Oct 2007 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request@csl.sri.com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact . => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: for browsing, or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ RISKS 26.00 SUMMARY OF RISKS VOLUME 26 (ongoing) (archived in ftp file risks-26.00) RISKS 26.01 Thursday 8 April 2010 Taking Idol back (Avi Rubin) Microsoft to Transition Corporate IT to Google Apps (Lauren Weinstein) `Alarm fatigue' linked to patient's death (Liz Kowalczyk via PGN) Improving the Security and Privacy of Implantable Medical Devices (Kevin Fu) Derailment of London Dockland Light Railway train, 10 Mar 2009 (Bob Waixel) Canada's planned electronic passports easy to hack? (Vito Pilieci via Matthew Kruk) Watch your language (Eugene Miya via PGN) NASA will help probe Toyota accelerators (Crawley/Kim via PGN) Federal Judge Finds N.S.A. Wiretapping Program Illegal (Savage/Risen) YOUR SAT NAV IS WRONG - GO BACK! (jidanni) iPad Jailbroken (Joseph Lorenzo Hall) Self-driving cars (David Magda) 21 hidden tech threats and how to handle them (Dan Tynan via Gene Wirchenko) Google/YouTube refuses to Fix Longstanding Bug (Chris J Brady) Why are we still overloading fields in 2010? (Geoff Kuenning) Impossible to change account numbers (Geoff Kuenning) USPS allows an INTERNET Change of Address; what could go wrong? (FJohn Reinke) SSNs again -- in Medicare (Paul Wexelblat) Spirit goes silent (Richard Cook) Framed for possession of c-porn in UK (David Hollman, Lauren Weinstein) DMV saga: I'm gay? (Rob Slade) The next escalation in the spam war: circumventing Bayesian filters (Jonathan Kamens) Re: FOSE 2010 (Paul Robinson) RISKS 26.02 Sunday 18 April 2010 BofA insider to plead guilty to hacking ATMs (Robert McMillan via PGN) RFID zapper made from a disposable camera! (Eurekalert) FDA Toughens Process for Radiation Equipment (Walt Bogdanich) Labour attacked over mailshot to cancer patients (via Ross Anderson) apache.org hacked (Jidanni) China disrupts the Internet again (Robert McMillan) Is your security policy smarter than a 3rd grader? (Jeremy Epstein) Small policy violations add up (Jeremy Epstein) Israel confiscates visiting iPads (via Monty Solomon) Re: Canada's planned electronic passports easy to hack? (Adam Laurie) EU project may monitor airline passengers' conversations (Lauren Weinstein) Is it risky to make Hannah Montana tickets expensive? (Jeremy Epstein) Unintended consequence of water conservation: bursting pipes (Danny Burstein) Re: ... circumventing Bayesian filters (John Levine, Jonathan Kamens) Re: YOUR SAT NAV IS WRONG - GO BACK! (Dag-Erling Smørgrav) GPS jamming - request for information (Martyn Thomas) Retracting my observation of the USPS CofA (FJohn Reinke) New Book: Cryptography Engineering (Bruce Schneier) RISKS 26.03 Sunday 25 April 2010 April Fools: 7,500 Online Shoppers Unknowingly Sold Their Souls (Sam Posten) Teens and Mobile Phones (Pew via Monty Solomon) Social Netting lets the mosquitos through (Renay San Miguel via PGN) Anti-malware backfires (Jeremy Epstein) Computer error affected West Virginia mine scrutiny (Sam Hananel via PGN) Software controlled Toyota roll-over (Jeremy Epstein) Bogus Jury Duty notices lead to identity theft (PGN) School Admin Takes Fifth Amendment in "Peeping Tom" Case (David Murphy via Monty Solomon) Barclay Card Rewards Advert Promotes PIN Insecurity (Chris J Brady) Penguin recalls cookbooks (Nick Rothwell) Re: RFID zapper made from a disposable camera! (Oliver Leistert) Re: Apache Bug tracker attack (Steve Loughran) Re: YOUR SAT NAV IS WRONG - GO BACK! (Dimitri Maziuk, Nick Brown) Re: Canada's planned electronic passports ... (James Cameron) Re: Incorrect software change to emergency ambulance call-handling (Chris D) Re: Is your security policy smarter than a 3rd grader? (David-Sarah Hopwood) Re: ... circumventing Bayesian filters (Raj Mathur) Broadband survivability and certification (Charles Jackson) RISKS 26.04 Wednesday 28 April 2010 We Have Met the Enemy and He Is PowerPoint (Elisabeth Bumiller) "Software Error" sends out wrong ballots for the UK general election (Steve Loughran) PG&E details technical problems with SmartMeters (Dana Hull via Paul Saffo) The Eyes Have It? (PGN) Dnt Txt N Drv (Oprah Winfrey via Monty Solomon) 3D TV: A Bad View? (Nestor E. Arellano via Gene Wirchenko) More on the McAfee SNAFU (Chris J Brady) Cloud Risks and McAfee's blunder (Gene Wirchenko) More Virus Protection Woes (Chris J Brady) Speech recognition and phone banking: not a very good idea (Tim Bradshaw) Risks of RFID car keys (Ron Garret) Re: YOUR SAT NAV IS WRONG - GO BACK! (Fredric L. Rice, Arthur Flatau) Re: Broadband survivability and certification (Michael D. Sullivan) Re: Your Cell Phone May Be Hazardous to Your Health (Jeff Grigg) RISKS 26.05 Tuesday 4 May 2010 India EVM susceptible to tampering (Raj Mathur) Security Analysis of India's Electronic Voting Machines (Halderman et al.) Risks of trusting a sensor, off by 20x (Michael Rosa) Ars Technica's old provider hacked. Data loss. (S. Keeling) Top Ten Reasons You Should Quit Facebook (Dan Yoder on Gizmodo) U.S. Treasury Department dangerously redirecting users (Dan Goodin) Pay attention to Windows 7 update KB980408 (Lauren Weinstein) Chip and not bother with the pin (Celine Read) Fingerprinting Paper with Laser (Gadi Evron) A socio-psychological analysis of the first Internet war: Estonia (Gadi Evron) Your Phone Is Locked. Just Drive (David Pogue via Monty Solomon) Don't forget to back up the car before reloading the software (Roy Smith) Clouds and Phones and Untrustworthiness (Bill Gunshannon) Re: Speech recognition and phone banking: not a very good idea (Joe Thompson) Re: The Eyes Have It: Car Steered With Driver's Eyes (Marc Wilson) Re: USPS allows an INTERNET Change of Address (Edward Reid) Re: SSNs again -- in Medicare (Edward Reid) Re: Risks of RFID car keys (Bob Schuchman) Re: We Have Met the Enemy and He Is PowerPoint (Bob Frankston, John Levine, Gary Borba, Harry Crowther) Re: YOUR SAT NAV IS WRONG - GO BACK! (Leonard Finegold) RISKS 26.06 Saturday 8 May 2010 The Stock Market Fiasco of 6 May 2010 (PGN) "Dead-man control" works as planned in NYC subway (Danny Burstein) 100 people not really killed on French train (Mark Brader) Surgical Robot Examined in Injuries (Steven J Klein) Cell Phone IDs owner by heart rhythm (Steven J Klein) Anatomical ridicule raises body-scanning concerns (Marnie Hunter via Paul Saffo) Facebook's Gone Rogue (Ryan Singel via Lauren Weinstein) Facebook Security Gaffe Reveals /Unauthorized/ Live Chat Contents (Lauren Weinstein) Fingerprinting Paper with Laser (Fred Cohen) Re: Clouds and Phones and Untrustworthiness (Patrick Kobly) Re: Don't forget to back up the car before reloading the software (Doug Hosking) Wikipedia risks to personal reputation: In the Matter of Herb Schildt (Edward G. Nilges) RISKS 26.07 Saturday 29 May 2010 Drilling for Certainty (David Brooks via PGN) US Navy's Electro-Magnetic Aircraft Launch System software problem (Bruce Horrocks) It's not just the camera in the laptop (Jeremy Epstein) Caller ID Spoofing Puts Innocent Man In Jail (Joe Shortsleeve via Monty Solomon) Pre-canned GSM eavesdropping (David Magda) Video eye to scan for Newton parking lapsesm, will speed ticketing (Peter Schworm via Monty Solomon) Trafficking in Human Data (Jason Roberson via PGN) 4000 echocardiograms lost on a computer read by technicians (DKRoss via PGN) Measuring crisis response time (Peter Houppermans) Cyber attack 'could fell US within 15 minutes' (Matthew Kruk) Galaxy 15 satellite out of control, posing interference threat (Lauren Weinstein) $42.9 million slot jackpot should have been $20 (Jim Reisert) Affair outed by cellphone records (Gene Wirchenko) Risks of remote administration, especially with bad crypto (Alexander Klimov) Encrypted Google Web search (Google via Monty Solomon) Google Streetview inadvertently Captured Unencrypted Wi-Fi Data (Bob Gezelter) IBM distributes virus-laden USB keys at security conference (Matthew Kruk) Scientist Infects Himself With Computer Virus (Palmer/Maija) Re: More Virus Protection Woes (Jonathan de Boyne Pollard) Re: The Stock Market Fiasco of 6 May 2010 (Bob Frankston) KNX: "Think Before You Friend!" -- How Facebook Can Seriously Bite (Lauren Weinstein) Re: Risks of RFID car keys (Jonathan de Boyne Pollard) Re: Wikipedia risks to personal reputation (RISKS-26.06) RISKS Digest 26.08 Thursday 10 June 2010 System failures in offshore drilling processes (Steve Loughran) The costs of Electronic Device Adiction (Marv Schaefer) Software bug cuts off medical oxygen (David Lesher) Wood and computers don't mix in tracking trains (Mark Brader) Computers and Stupidity (Sarah Jacobsson via Gene Wirchenko) Expensive malware appears for Microsoft's Windows Mobile (Geoff Goodfellow) UK Scrapping National IDs (Sam Waltz) Protecting Internet Security (China Daily) The Internet in China - Fascinating Chinese white paper (Lauren Weinstein) North Korean hackers steal IDs to post Cheonan rumors (Paul Saffo) Computerized ticketing reduces ticket writing (Jeremy Epstein) Everyone's a food critic (Ike DeLorenzo via Monty Solomon) Re: Drilling for Certainty (Robert Searle) Re: $42.9 million slot jackpot should have been $20 (Mark Brader) Re: Scientist Infects Himself With Computer Virus (Steve King) Re: It's not just the camera in the laptop (Jerry Leichter) RISKS Digest 26.09 Saturday 3 July 2010 Jumping the Walrus: When Risk Management Goes Bad (Robert Charette) NYC hospital and contractor/shipper lose PII on 130,495 (Danny Burstein) Death with Dignity depends on one IC card field (jidanni) Online banking risks (Ellen Messmer via Jeremy Epstein) Software auto--updaters (Mabry Tyson) AT&T e-mail address breach (Rob McCool) Best practices for smart grid privacy (David Magda) Location services: risks of oversharing (Paul F. Roberts via Gene Wirchenko) Previous user's data on my "new" GPS device (George Mannes) Re: Computers and Stupidity (Rob Seaman) GPS humor (Steven Bellovin) Mitchell & Webb Humour Clip on Identity Theft (Gene Wirchenko) Risks of too much emphasis on electronic security (Tony Lima) When you're on vacation, your cruise line knows (Jeremy Epstein) So you thought Linux was safe... (Mike Rechtman) Let Your Phone Do the Walking? (Gene Wirchenko) Re: System failures in offshore drilling processes (Rob Seaman) RISKS 26.10 Saturday 10 July 2010 Con-Ed Nerve Center Fights to Keep Lights On (Gabe Goldberg) Cal payroll data system cannot be changed to cut all employees' pay (Spinoza) Loophole May Have Aided Theft of Classified Data (Gabe Goldberg) What Does Microsoft Know About You? (Lee Pender via Monty Solomon) NY bank IT tech pleads guilty to data theft, fraud (Robert McMillan via Monty Solomon) To Stop Cheats, Colleges Learn Their Trickery (Trip Gabriel via Monty Solomon) Healthcare data risks (PGN) Bank fishes phishing (Diomidis Spinellis) Apple Acknowledges Flaw in iPhone Signal Meter (Miguel Helft via Monty Solomon) Re: Previous user's data on my "new" GPS device (Thomas Russ) Re: Software auto-updaters (Merlyn Kline, Paul Schreiber) REVIEW: "SSL and TLS: Theory and Practice", Rolf Oppliger (Rob Slade) Re: Jumping the Walrus: When Risk Management Goes Bad (Richard I. Cook) RISKS 26.11 Wednesday 21 July 2010 Hospital files with data of 800,000 are missing (Finucane/Lazar via Monty Solomon, Jim Reisert) Colorado warns of major corporate ID theft scam - Computerworld (Jonathan Kamens) Steve Bellovin blogs on Common Sense (PGN) Electronic business cards anyone? (Mike Scott) Virus targeted at Siemens industrial control systems (Robert McMillan) Tweet Less, Kiss More (Bob Herbert via Monty Solomon) Quiet electric & hybrid cars endanger blind pedestrians (Steven J Klein) Subaru offering wi-fi in Outbacks (Peter Van Allen via Monty Solomon) Trusting Your Friends -- and Trusting the Cloud (Lauren Weinstein) Winning on points (Amos Shapir) Re: Con-Ed Nerve Center Fights to Keep Lights On (Steven Bellovin) iPhone 4: "My cheek must have called you" (Mark Brader) iPhone 4: Risks of relying on impressions (Tim Bradshaw) iPhone 4: Apple Knew of iPhone Antenna Glitch (Kane/Sheth via Monty Solomon) The iPhone 4 Redux (Klug/Shimpi via Monty Solomon) Re: Cal payroll data system cannot be changed ... (Al MacIntyre, Kelly Bert Manning) RISKS 26.12 Friday 30 July 2010 Tech worker: 'Blue screen of death' on oil rig's computer (Gregg Keizer via Gene Wirchenko) BP: "Will no one rid me of this turbulent alarm?" (Danny Burstein) Verizon experienced nationwide Network Extender network failure (Kevin G. Barkes) Oracle's Java Company Change Breaks Eclipse (timothy on Slashdot via Lauren Weinstein) Important Lessons to Learn from the Black Hat ATM Hack (Matthew Kruk) Wal-Mart Radio Tags to Track Clothing (Miguel Bustillo via Monty Solomon) iPhone GPS leads police to stolen device in minutes (Gene Wirchenko) Slovenian Mariposa botnet (Ali Zerdin via George Ledin) Android wallpaper malware (Dean Takahashi via George Ledin) Slashdot: Online banking Trojan horse (PGN) Personal Info For 100 Million Facebook Users Harvested Into One (Dave Farber) WikiLeaks classified documents (PGN) Risks of free-text fields in medical records (dkross via PGN) Photo fakery in the news again (Mark Brader) ICANN touts DNSSEC as tool to fight "Internet Criminals" (Lauren Weinstein) To Change or Not to Change Passwords? (Gene Wirchenko) Re: Cal payroll data system cannot be changed (Valdis Kletnieks, Michael Smith) iPhone Used Left-handed and Used by Lefthanders (Gene Wirchenko) Paper on the law and Implantable Devices security (Gadi Evron) REVIEW: "The Design of Rijndael", Joan Daemen/Vincent Rijmen (Rob Slade) RISKS 26.13 Monday 2 August 2010 Another GPS Near-Tragedy (Richard Grady) Is Your Detergent Stalking You? (Matthew Kruk) Online Trust Again (Gene Wirchenko) Citi Discovers Security Flaw in iPhone Application (Nick Bilton via Monty Solomon) The Web Means the End of Forgetting (Jeffrey Rosen via Monty Solomon) Facebook privacy settings: Who cares? (Danah Boyd & Eszter Hargittai via Monty Solomon) Re: Risks of free-text fields in medical records (Gabe Goldberg) Re: Electronic business cards anyone? (Jonathan Kamens) Re: BP: "Will no one rid me of this turbulent alarm?" (Peter Duncanson) Re: Quiet electric & hybrid cars endanger ... (Paul Wallich, Jonathan Kamens) RISKS 26.14 Monday 30 August 2010 Hot debate over Electronic Voting Machines (Joseph Lorenzo Hall) Jeff Burbank: License to Steal (PGN) BC Online Casino taken offline within hours (Kelly Bert Manning) Crooks Crack Check Image Sites, Steal $9 Million - The Consumerist (Ben Popken via Davide Restivo and Dave Farber) iPhone jailbreak opens world of questions (Raj Mathur) Muni gets time wrong; 510 drivers get a ticket (Paul Saffo) No fail-safe linkage? 12-year-old paralyzed by ride (PGN) Cutoff of YouTube in Siberia due to a single video (Lauren Weinstein) Mac_OS_X_Mail_parental_controls_vulnerability (Jonathan Kamens) Stalkers Exploit Cellphone GPS (Justin Scheck via Monty Solomon) Agency stored body images from Florida courthouse (Mike M. Ahlers via PGN) New law bans texting while driving (Monty Solomon) Re: BP: "Will no one rid me of this turbulent alarm?" (Steven Bellovin) WSJ: What Do Online Advertisers Know About You? (Tim Jones via Monty Solomon) Re: Quiet electric & hybrid cars endanger ... (ishikawa) Re: Risks of free-text fields in medical records (Thor Lancelot Simon) RISKS 26.15 Wednesday 8 September 2010 NTSB on WMATA (David Lesher) Software glitches, systemic failure and airplane crashes together (Peter Wayner) "iPod trance" increases traffic risk to pedestrians (Mike Martin) German goverment ID already cracked (Peter Houppermans) Malware Used to Steal South Korean Military Secrets (Monty Solomon) Risks: Tabloid Hack Attack on Royals, and Beyond (Gabe Goldberg) Scary e-mail -- invite from Facebook (Ted Lee) Facebook: Backfire to Come? (Gene Wirchenko) Twitter to log every click on every link in every tweet (Lauren Weinstein) Ford's car-monitoring software (Chris D.) Risks of Not Following Standards (Robert McMillan via Gene Wirchenko) A Strong Password Isn't the Strongest Security (Randall Stross via Monty Solomon) Really, no *really* aggressive "anti-virus" software (Paul Robinson) Found 4 security problems at a bank (Mark Fineman) Re: WSJ: What Do Online Advertisers Know About You? (Mark Fineman) RISKS 26.16 Friday 17 September 2010 Volume 26 : Issue 16 Virginia state govt computer outage, a silver lining, & a new risk (Jeremy Epstein) 2008 Attack on Military Computers Is Confirmed (Brian Knowlton via PGN) Pentagon computers attacked with flash drive (Jim Reisert) American Express: big oops! (Tony Lima) Intel Confirms HDCP Master Key for Blu-ray Is Real (Lindsey Mastis via Richard Forno) New Facebook feature; Backfire to Come? (Gene Wirchenko) Hackers blind quantum cryptographers ... (Zeeya Merali via Monty Solomon) Hacking commercial quantum cryptography systems by tailored bright illumination (Lydersen et al. via Monty Solomon) Amazon strikes again: payphrase (Tony Lima) Bedbug rumors spread at speed of Twitter (Mark Brader) Epic failures: 11 infamous software bugs (Matt Lake) Re: Software glitches, systemic failure and airplane crashes (Peter Ladkin) Spanair crash revisited (PGN) Re: A Strong Password Isn't the Strongest Security (Curt Sampson) Re: Scary e-mail -- invite from Facebook (Geoff Kuenning) Jeffrey Hunker: Failure of US cybersecurity policy, what to do (PGN) RISKS 26.17 Monday 20 September 2010 Technical Engineering Risks (Peter Bernard Ladkin) JP Morgan Chase online service outage (Steven J Klein) Accidental triggering of Emergency Alert Systems (Danny Burstein) Ed Felten on Haystack (Jeremy Epstein) Malicious e-mail with executable pdf (PGN) Similar to Smail Mail: Insert vs Insert "The Slug" (Mark Brader) The populist approach to computer security? (Steve Schafer) Spoiler Alert: Whodunit? Wikipedia Will Tell You (Noam Cohen via Monty Solomon) Private Paypal payments on the Web (Chris J Brady) Follow-up on Blu-ray HDCP Master Key crack (PGN) Re: Software glitches, systemic failure, airplane crashes (Dick Mills) Re: Scary e-mail -- invite from Facebook (Merlyn Kline) Re: A Strong Password Isn't the Strongest Security (Don Norman, Dick Mills, Nick Brown) RISKS 26.18 Saturday 2 October 2010 DC Internet voting trial intermediate results (Jeremy Epstein) Cyberwar Chief Calls for Secure Network (Tom Shanker via Gabe Goldberg) Cross-site scripting bug leads to massive Twitter worm attacks (Lauren Weinstein) Lone $4.1 Billion Sale Led to 'Flash Crash' in May (Graham Bowley via Monty Solomon) Failure of recovery time - Virgin Blue (Jared Gottlieb) Some Android apps caught covertly sending GPS data to advertisers (Ryan Paul via Monty Solomon) You can no longer rely on encryption to protect a BlackBerry (Martin Heller via Monty Solomon) Code That Tracks Users' Browsing Prompts Lawsuits (Gabe Goldberg) Facebook Outage blamed on handling of error condition (Robert Johnson via Jim Reisert) User interface modification: Titanic risk (Lee Rudolph) Robbers sweep in and siphon up money with vacuum cleaner (Michael Rosa) Fresh ACS:Law file-sharing lists expose thousands more (Daniel Emery via Gene Wirchenko) Risks of UEFI replacement for BIOS in PCs (Nick Brown) Show's Title, in Symbols, Defies DVR users (Monty Solomon) Re: Malicious e-mail with executable pdf (Danny Burstein) Re: A Strong Password Isn't the Strongest Security (Raj Mathur) RISKS 26.19 Thursday 28 October 2010 "Missile Mishap Revives Alarm Over Nuclear Arsenal" (Gabe Goldberg) Aptly-Named HMS Astute Nuclear Submarine Runs Aground (Mark Thorson) Cognitive networking (Tom Simonite) Medical errors in Colorado (DKRoss) A jail risk of 2^31 in Colorado (Jared Gottlieb) Financial market automated amplification of trades (Jeremy Epstein) Fear the baa of the Firesheep (Matthew Kruk) Google spied on British e-mails and computer passwords (Matthew Kruk) How many nukes do we have? Ummm.... (Danny Burstein) DC Internet voting trial (Jeremy Epstein) Washington D.C. Internet voting experiment risks (Sean Greene) Voting machines with incredibly poorly written software (Philip Listowsky) Hacker almost derailed Mandela election in South Africa (Chris Leeson) Las Vegas Slots Machines vs. Electronic Voting Machines (Gene Wirchenko) Stuxnet (Bruce Schneier) RISKS 26.20 Wednesday 10 November 2010 Stephen Colbert's voting machine satire (PGN) J. Alex Halderman, Hacking DC, Freedom to Tinker (PGN) Trust the Vote -- not! (Rebecca T Mercuri) Voting machines selecting default candidates (Lauren Weinstein) Data mining Facebook reveals when you're most likely to be dumped (David McCandless via Mark Thorson) Getting Crypto Wrong (Neal Ungerleider via Gene Wirchenko) Something has been going right in the fight against spam, viruses, ... (Jonathan Kamens) Rise of VoIP systems open new market for exploitation (Dennis van Dok) Banks Rush to Fix Security Flaws in Wireless Apps (Spencer E. Ante via Monty Solomon) U.S. Daylight Saving Time ends with bug in iOS4 (Tony Finch) The most expensive SW bug in recorded human history (Henry Baker) Crowdsourcing videosurveillance (Jeremy Epstein) Student Password Extension (Geoff Kuenning) Risks of listening to cries for help (Nick Brown) Remote starter risk (e-p) Cellphone's Missing Dot Kills Two People, Puts Three More in Jail (Gene Wirchenko) Texting Stinks? (Gene Wirchenko) Re: Medical Errors (Una) Re: Risks of not following standards (Jerry Leichter) RISKS 26.21 Tuesday 16 November 2010 Domain Exploitation Society Celebrates "Swinging" New Top-Level Domains (Lauren Weinstein) "Uncrackable" G2 Android Phone Successfully and Permanently Rooted -- and Why This Matters! (Lauren Weinstein) Hazards of information leakage to youtube: a real story (Chiaki Ishikawa) Facebook's new chat/e-mail feature apparently records everything... (Lauren Weinstein) Once you hit send, you can forget privacy (Joseph P. Kahn via Monty Solomon) Albert Gonzalez, The Great Cyberheist (James Verini via PGN) Rise of VoIP systems open new market for exploitation (Charles Wood) Re: A Strong Password Isn't the Strongest Security (Earl Nolan) Re: Something has been going right in the fight against spam (David E. Ross) Spam volume is indeed down (Peter B Ladkin) Re: J. Alex Halderman, Hacking DC, Freedom to Tinker (Erik Mooney) Re: Banks Rush to Fix Security Flaws in Wireless Apps (Michael Kowalchuk) Re: Remote starter risk (Randal L. Schwartz, Gene Wirchenko) Re: U.S. Daylight Saving Time ends with bug in iOS4 (Chris Kantarjiev) Re: Texting Stinks? (Alexandre Peshansky) Re: Cellphone's Missing Dot Kills Two People ... (A.E. Siegman) RISKS 26.22 Wedesday 17 November 2010 New study on adverse events in hospitals (Rita Rubin via PGN) Computer crash affects Chicago-area hospitals (Gerry Smith via PGN) Re: Trust the Vote, Rebecca Mercuri on DC (E. John Sebes, Rebecca Mercuri) Ariane 501: Not that Kind of Bug (Dennis E. Hamilton) Make left turn into swamp, wait on roof for an hour (Mark Brader) Massive Chinese Net Reroute Exposes Web's Achilles' Heel (Steven Cherry) It's Time to Stop ICANN's Top-Level Domain Lunacy! (Lauren Weinstein) Should You Be Snuggling With Your Cellphone? (Randall Stross via Monty Solomon) Re: Something has been going right in the fight against spam (Jonathan Kamens) RISKS 26.23 Saturday 27 November 2010 NYCTA forging subway signal inspections (David Lesher) Failed hard disk stalls New Orleans real estate market (Andrew Klossner) Access-based cache attack on AES-128 (Bangerter et al.) Wiseguys Plead Guilty in Ticketmaster Captcha Case (Jim Reisert) U.S. Shuts Down Web Sites in Piracy Crackdown (Ben Sisario via Monty Solomon) Deep Pockets have Deep Packets? (Steve Stecklow and Paul Sonne) Israeli army uses FaceBook to expose draft dodgers (Amos Shapir) U.S. may require jamming of cell phone use inside vehicles (Various) Passenger arrested for stripping down to underwear for TSA pat down (Peter Houppermans) Vermont law on drug data mining ruled unconstitutional (Danny Burstein) When will we learn that digital communication isn't private? (Tom Keane via Monty Solomon) Re: Massive Chinese Net Reroute Exposes Web's Achilles' Heel (Mike Andrews) Re: New study on adverse events in hospitals (Barbara Zanzig) Malware Analysts' Cookbook and DVD (Ligh et al., review by Richard Austin) Cyber Warmongering and Influence Peddling (Gary McGraw) RISKS 26.24 Friday 3 December 2010 Iran: Computer Malware Sabotaged Uranium Centrifuges (Kim Zetter) NY City: 195,055 Votes Found a month later! (Sam Roberts) Millions cashless in bank glitch (fjohn reinke) AVG Antivirus update kills Win7X64 systems (Jim Garrison) Missing decimal point leads to frustration (Paul Schreiber) Another Daylight Saving Time Bug (Frederick.Klein) Windows Phone 7 jailbreak tool comes, goes within a week (Lauren Weinstein) Re: Passenger arrested for stripping down to underwear (Dag-Erling Smørgrav) Risk of RISKS? (Chris D.) RISKS 26.25 Monday 20 December 20 Health information technology risks (Robert L Wears) Nice Work, EFF: e-mail protected by 4th Amendment (David Bolduc) WikiLeaks (*Washpost* via PGN) Amazon's cutoff of Wikileaks casts shadow on cloud computing (Lauren Weinstein via PGN) File Not Found: The Record Industry's Digital Storage Crisis (David Browne via Matthew Kruk) Massive Gawker Media security breach (Jonathan Kamens) iPhone snitch network launched (Jason Douglass via Monty Solomon) Interesting/Funny speech generation error (Lindsay Marshall) Dogs, not naked body scanners? (PGN) Ex-manager charged with stealing $140G from South Brunswick hotel (FJohn Reinke) "Security seals" on websites (River Tarnell) Re: Risk of RISKS and short URLs? (David Landgren) RISKS 26.26 Wednesday 29 December 2010 Radiation Machines Overdosing Again (Peter Bernard Ladkin) How medical radiation mistakes happened (Jeremy Epstein) UAVs needed encryption (John Long) FCC Acts to Preserve Internet Freedom and Openness (Monty Solomon) Technolog - Hackers steal Walgreens e-mail list, attack consumers (Monty Solomon) Risks of incomplete online archives (Thomas Wicklund) Cell phone "emergency mode" *preventing* 911 call (Joe Thompson) China's MIIT Declares Most VOIP Services, Including Skype, Illegal (Lauren Weinstein) Google Maps vs. USPS in Wisconsin (Richard S. Russell) Gadgets Bring New Opportunities for Hackers (Matthew Kruk) Risk Assessment and Failure Analysis ... (Rob Slade) RISKS 26.27 Friday 31 December 2010 Snowstorm plus phone problems beset fliers (Chase/McMahon via Monty Solomon) US pilot 'probed over YouTube videos of airport lapses' (Amos Shapir) Car immobilisers easily circumvented by crafty carjackers (Gabe Goldberg) New drug law will track more prescriptions (Favot/Hailey via Monty Solomon) Is reading wife's e-mail a crime? Rochester Hills man faces trial (L.L Brasier via Monty Solomon) Flaws in Tor anonymizer network (Lauren Weinstein) Banks' Reaction to Broken-Chip-and-PIN is Broken (Peter Bernard Ladkin) The Gawker hack: how a million passwords were lost (Joseph Bonneau via Monty Solomon) Gawker tech boss admits site security was crap (Gabe Goldberg) Why You May Want to Avoid Non-ASCII Characters in Your Passwords (FJohn Reinke) When it comes to the cloud, fight it... or join it? (Jeremy Epstein) Re: WikiLeaks (Amos Shapir) Cryptographers Chosen to Duke It Out in Final Fight (ACM technews) RISKS of reusing ID numbers (Geoff Kuenning) $15 phone, 3 minutes all that's needed to eavesdrop on GSM call (Jon Borland via Monty Solomon) Re: A Pinpoint Beam Strays Invisibly, Harming Instead of Healing (Hal Murray) Re: Radiation Machines Overdosing Again (Stanley F. Quayle, Barry Gold) Re: FCC Acts to Preserve Internet Freedom and Openness (Michael Smith) Re: Google Maps vs. USPS in Wisconsin (Everett W. Howe) WikiLeaks, Secrets, and Lies - and a new book! (Simon Chesterman) RISKS 26.28 Wednesday 12 January 2011 Lots of computer risks related items in the news lately (Robert Schaefer) Storage on the cloud is not the only risk (Geoffrey Brent) Risk of coffee in the cockpit (Nick Brown) Car Theft by Antenna (Robert Schaefer) Estonia prep's for CyberWar (PGN) "SMS of Death" Could Crash Many Mobile Phones (Robert Schaefer) Microsoft investigates 'phantom' Windows Phone 7 data (Robert Schaefer) Risks of E-health records (PGN) Cornell digester overflow due to "programming error" (Doug Elrod) FedEx: we can't deliver your package because the computer says so (Jonathan Kamens) WSJ: Russia, China go open-source -- distrust U.S. commercial software (Lauren Weinstein) Privacy-Enhanced Mobile Data Storage and Self-Destruct Mechanisms (Lauren Weinstein) Stock Market Cheating Risk? (Gene Wirchenko) I am stupid, and it has cost me (Paul Robinson) Re: RISKS of reusing ID numbers (Jonathan Kamens) Re: WikiLeaks (Patrick Gustafson) Re: Radiation Machines Overdosing Again (Kevin Fu, Alexandre Peshansky) RISKS 26.29 Thursday 13 January 2011 Jackpot: Bug or Feature? (Chuck Weinstock) Researchers Hack Internet Enabled TVs, Discover Multiple Security Vulnerabilities (Mike Lennon via Monty Solomon) Caveman: Using the cloud to break passwords (Dan Goodin) Infected PC Compromises Pentagon Credit Union (slashdot via Robert Schaefer) 3 Tucson UMC workers fired for records access (Stephanie Innes via Monty Solomon) Bug Causes iPhone Alarm to Greet New Year With Silence (Nick Bilton via Monty Solomon) Wristwatch fails 2010->2011 transition (Bill Stewart) Security risks in PDF documents (Lauren Weinstein) New twist on ATM skimming: put the data collector inside the gas pump! (Paul Saffo) Risks of Touring the White House (Daniel Faigin) Confusing Interface (Gene Wirchenko) Re: "Risk of coffee in the cockpit", maybe, maybe not (Danny Burstein) Re: RISKS of reusing ID numbers (Jonathan Kamens) 50th Anniversary of Eisenhower's Farewell Address (PGN) Call for Papers: RAID'11 (Guofei Gu) RISKS 26.30 Friday 14 January 2011 For Some Travelers Stranded in Airports, Relief Is in 140 Characters (Kim Severson via Monty Solomon) Risks of not securing public infrastructure (John Sawyer) Against Headphones (Virginia Heffernan via Monty Solomon) The dangers of GPS/GNSS (jidanni) Calif. Supreme Court - cell phones can be searched without warrants (PGN) Login for Facebook (jidanni) Re: Cell phone "emergency mode" *preventing* 911 call (Amos Shapir) Re: Risks of Touring the White House (Steve Wildstrom) Re: Risks of panic about SSNs (John Levine) Re: Health information technology risks (Ken) I am stupid, and it has cost me: Hard Drive woes, Pass 2 (Paul Robinson) Re: I am stupid, and it has cost me (George Adomavicius) Re: "Risk of coffee in the cockpit", maybe, maybe not (Mark Brader) RISKS 26.31 Friday 21 January 2011 UK Health Service IT (Martyn Thomas) Android Trojan horses (Robert Schaefer) Israel Tests on Worm Called Crucial in Iran Nuclear Delay (NYT via Monty Solomon) Cyberwar countermeasures a waste of money, says report (New Scientist via Lauren Weinstein) Can Your Camera Phone Turn You Into a Pirate? (Nick Bilton via Monty Solomon) Windows phone 7 phantom data blamed on an unnamed third party service (Robert Schaefer) Carbon Trading Halted After Hack Of Exchange (Robert Schaefer) More misadventures on Facebook (Gene Wirchenko) IBM Computer Gets a Buzz on for Charity Jeopardy! (Jim Fitzgerald) Re: Jackpot: Bug or Feature? (Steven Bellovin, Ed Mirmak) Re: Caveman: Using the cloud to break passwords (Amos Shapir) Re: The dangers of GPS/GNSS (Erling Kristiansen) No need for privacy when nobody's interested (jidanni) Re: Hard Drive woes (Dimitri Maziuk) Re: Health information technology risks (Robert L Wears) What Risks really represents: robustness vs. brittleness (Paul Robinson) RISKS 26.32 Saturday 29 January 2011 "The Internet is For Everyone" (PGN editorial) Internet Society statement on Egypt's Internet shutdown (Greg Wood) Video: Dr. Strangelove Explains the Internet Kill Switch (Lauren Weinstein) Swedish ISP to circumvent EU data retention laws ... (Lauren Weinstein) 25 Years Of Digital Vandalism (William Gibson) Another Cloud Risk: Divorcing your vendor (Gene Wirchenko) Facebook in the News (Gene Wirchenko) The Inside Story of How Facebook Responded to Tunisian Hacks (Alexis Madrigal via Monty Solomon, Lauren Weinstein) Video: Software Security and Malicious Code (Gary McGraw) WECSR 2011, March 4, 2011 - Call for participation (Sven Dietrich) RISKS 26.33 Monday 31 January 2011 China Blocks Chinese Word for 'Egypt' (Sam Waltz) Egypt: Risk for a Country (Gene Wirchenko) Re: Egypt's Internet shutdown (Bob Frankston) Re: Internet Society statement on Egypt's Internet shutdown (SMiller) Non-snailproofed traffic light proves fatal (Mark Brader) Public service announcement on Undigestifying (Jonathan Kamens) BBDB ran off with my Spacebar press (jidanni) Re: Cyberwar countermeasures a waste of money, says report (Joe Thompson) Re: Yet Another Risk: Not reading the package very carefully (Terje Mathisen, Steve Fenwick) CfP: CRiSIS 2011: Risks and Security of Internet and Systems (Marius Minea) RISKS 26.34 Saturday 12 February 2011 Internet role in Egypt's protests (Brian Randell) Hackers Breach Tech Systems of Multinational Oil Companies (John Markoff) Hacker steals 400,000,000,000 Zynga poker chips (Athima Chansanchai) Certified Lies ... Government Interception... SSL (Soghoian/Stamm) Yet another personal, medical, info series of tapes lost (Danny Burstein) Sweetheart deal for billionaire could cut off GPS service (Geoff Goodfellow) Vatican bans "confession app" (Lauren Weinstein) Breaking the Web by assuming Javascript is running (Thomas Dzubin) Anonymous smear campaigns on the Internet (Mark Thorson) Advantages of no electronic controls? (Peter Z Ingerman) Rightists launch battle to block Facebook pages of left-wing groups (Amos Shapir) Facebook and www.lovely-faces.com (Gene Wirchenko) Prank "dating site" imports 250K Facebook profiles w/o permission (Lauren Weinstein) FEMA Loses Lessons Learned Data (Stephen Fairfax) Outsourcing elections in the Netherlands (Anne-Marie Oostveen) Oscar voting (Tom Sherak) Tree octopus exposes Internet illiteracy (Sam Waltz) REVIEW: "Inside Cyber Warfare", Jeffrey Carr (Rob Slade) CAISE'11 FORUM - Call for Short Papers and Tool Demonstrations (Selmin Nurcan) RISKS 26.35 Sunday 20 February 2011 U.S.-centrism: a Blind Spot (Gene Wirchenko) UK Immigration Officer Puts Wife on the No-Fly List (Bruce Schneier) Risks of trusting GPS (Steve Lamont) Court applies "computer use" sentence enhancement due to simple cell phone use (Lauren Weinstein) New Hacking Tools Pose Bigger Threats to Wi-Fi Users (Kate Murphy via) Monty Solomon) Risk of using old techniques on new technologies (Jim Reisert) Free File Fillable Forms vs. Foreign Country (jidanni) Kill Switch, Anyone? (Gene Wirchenko) DHS/ICE vs. ICANN (Lauren Weinstein) FBI wants surveillance backdoors in ... pretty much everything (Lauren Weinstein) The Dirty Little Secrets of Search (David Segal via Monty Solomon) How does Nabble store passwords? (jidanni) SpyTunes (Andrew Mcafee via Monty Solomon) Precioussss! Mental price comparisons (Gene Wirchenko) Alarm Fatigue (Cliff Sojourner) Re: Tree octopus exposes Internet illiteracy (Kelly Bert Manning) Good, techish, update on Stuxnet (Symantec via Danny Burstein) REVIEW: "Extrusion Detection", Richard Bejtlich (Rob Slade) Computers, Freedom and Privacy 2011, WashDC, 14-16 Jun 2011 (Lillie Coney) RISKS 26.36 Saturday 5 March 2011 Swiss Officials Order Citizens to Wear Masks in Public -- Ban Tourists Posting Photos on Web (Lauren Weinstein) An Outbreak Of Out Of Order Moles Whac-a-moles (Hans Polzer) Matt Blaze: "Shaking Down Science" (PGN) Raining on cloud computing: Gmail outage (Mark Thorson) 500,000 Gmail accounts go offline, some users lose all their data (David Farber) Restoration of Gmail accounts from tape almost completed (Lauren Weinstein) Mac OS X backdoor Trojan, now in beta? (Chester Wisniewski via Monty Solomon) Risks in health records (DKross) NY Assembly candidate's law shoots him in the foot (Celeste Katz) SSD Erasure Unreliable (Gene Wirchenko) "Can You Frisk a Hard Drive?" (David K. Shipler) Facebook To Share Users' Home Addresses, Phone Numbers With External Sites (Huffington Post) Vulnerable social networking platforms (jidanni) Re: Kill Switch, Anyone? (Jonathan Kamens) Re: Tree octopus exposes Internet illiteracy (Daniel A Graifer) Susan Landau: Surveillance or Security? (PGN) RISKS 26.37 Wednesday 9 March 2011 The PG&E San Bruno gas pipeline disaster (Eric Nalder via Jim Haynes-PGN) Supreme Court rejects "personal privacy" for corporations (Paul Levy) UK Controllers Say Air Traffic System 'Not Safe' (Jack Spine via PGN) Hiding Details of Dubious Deal, U.S. Invokes National Security (Eric Lichtblau and James Risen) Indiana vote fraud indictment (PGN) More election e-fraud: Colorado (PGN) IPv6 on home routers and DSL/cable modems: FAIL (Lauren Weinstein) China monitoring mobile phones -- to detect large crowds? (PGN) Is the Navy Trying to Start the Robot Apocalypse? (Matthew Kruk) Social Media Password Request (Gene Wirchenko) Facebook Comments: The death of Web anonymity (Gene Wirchenko) Facebook, Google Giving Us Information Junk Food (jidanni) Safari JavaScript date bug (J R Stockton) Student stranded in snowed-in car 3 days (Matthew Kruk) Google: Nosy Questions (Gene Wirchenko) Your "secure" e-mail messages will be deleted after 60 days (jidanni) SourceForge.net passwords reset (jidanni) Re: Raining on cloud computing: Gmail outage (Jonathan Kamens) Re: Matt Blaze: "Shaking Down Science" (John Levine) Re: Raid disks (Turgut Kalfaoglu) Re: SSD Erasure Unreliable (Andrew Waugh) Next generation will ask, "Where were you when this was going down?" (Carl Hewitt) RISKS Digest 26.38 Tuesday 22 March 2011 Interconnectivity -- Local, Global, and All-ways (PGN) Canadian Nuclear Plant Leaks Radioactive Water Into Lake Ontario (Geoff Goodfellow) Dozens of exploits released for popular SCADA programs (Dan Goodin) German Parliament in the Dark (Debora Weber-Wulff) Estonian voting system flawed (PGN) Three-ship collision attributed to software (Rich Brown) GPS jamming trial (Martyn Thomas) UK Royal Academy of Engineering report on GPS jamming (Erling Kristiansen) Copper thieves cause train wreck (Mark Brader) Efforts to make Internet secure are ineffective (James Lewis) Google's "Farmer" search tweaks devastate website rankings (Mark Thorson) China Tightens Censorship of Electronic Communications (Robert Schaefer) Risks of playing computerized poker (Gabriel Dance) Insider threat against Whac-A-Mole (Jeremy Epstein) NJ came close to selling private data at auction (Jeremy Epstein) Congratulating National Car rental (Don Norman) ACSAC 2011 Call for Participation (Jeremy Epstein) Computers/Freedom/Privacy Research/Poster CFP (Jeremy Epstein) RISKS 26.39 Sunday 27 March 2011 Mis-click sends false alert about shooting to 40,000 on UIUC campus (Steven N. Severinghaus) RSA hack - a lesson in how not to handle a PR disaster! (yvonneeskenzi via Monty Solomon) The RSA Hack FAQ (Tim Greene via Monty Solomon) Bismaleimide triazine shortage looms (Mark Thorson) Re: Canadian Nuclear Plant Leaks Radioactive Water (Roger Hird, George Wangersky) Single point of failure; was: German Parliament in the Dark (Martyn Thomas) Stuxnet found in Japan (Danny Burstein) Disk drives in copy machines (Lou Katz) Re: UK Royal Academy of Engineering report on GPS jamming (Martyn Thomas) Re: GPS Jamming trial (Tony Finch) Re: Jamming (Charles Jackson) Comments on recent RISKS items (Joe Thompson) Re: Google: Nosy Questions (Jonathan Kamens) Re: Google's "Farmer" search tweaks devastate website rankings (John Sebes) RISKS 26.40 Friday 1 April 2011 Appleplexy, Anyone? (PGN) Facebook introduces `enemies list' feature (Mark Thorson) Introducing Gmail Paper (jidanni) Not an April Fool's case: Samsung Swansong becomes a Duck Call (PGN) The April Fool Turing Test (Rob Slade) Some risk-related issues after the earthquake (Chiaki Ishikawa) Speaking of the US radiation detectors, cough, cough (Danny Burstein) Railway signaling glitch strands commuters (Alex Farlie) Docklands 2009 rail accident report (Alex Farlie) Major UK Internet Outage (Martin Ward) Comodo compromise (PGN) FBI unable to break a code, asks for public help (Danny Burstein) India: system failure impedes voting on a constitutional amendment (PGN) A Girl's Nude Photo, and Altered Lives (Jan Hoffman via Monty Solomon) RISKS 26.41 Thursday 7 April 2011 Network failure closed hospitals to ambulance admissions (Gabe Goldberg) Japanese air route changes (jidanni) RSA turning a technical disaster into a marketing catastrophe? (PGN) Deceased Father-in-Law spamming friends and family two years on (Matthew Tarpy) A study in contrasts: handling stolen e-mail lists (Jonathan Kamens) Video: Internet Freedoms Lost: A Search Story (Lauren Weinstein) A Message from Walgreens (F John Reinke) Epsilon Data Breach: Expect a Surge in Spear Phishing Attacks (Jim Reisert) Epsilon: Who Reacted and How (Stephen Smoliar via PGN) 75-year-old woman *literally* cuts Armenia off the Internet (Lauren Weinstein) The Rootkit That Was Not (Gene Wirchenko) Omission in CFP 2011 conference announcement (Jeremy Epstein) RISKS 26.42 Thursday 7 April 2011 Mark another security problem done and solved. Web login systems are flawless and here to stay. (Kevin Fu) RISKS 26.43 Wednesday 20 April 2011 Some risk-related issues after the earthquake (ishikawa) Re: Single point of failure (Paul Robinson) Oak Ridge spear phishing (Jeremy Epstein) Exams in Turkey were all coded! (Hasan) Increasing risks due to leap seconds being ever more frequent (Theodor Norup) Obama admin: Please don't protect Americans' e-mail in the cloud (Lauren Weinstein) Increase in cyberattacks on critical infrastructures (McAfee/CSIS) Nuclear submarine documents leaked (Doug Hosking) Skype for Android User Data Leak (Gregg Keizer via Gene Wirchenko) Massive Russian hacker attack threatens freewheeling Ru.net (Lauren Weinstein) France outlaws secure hashed passwords -- massive security FAIL (Lauren Weinstein) Apple AirPlay Private Key Exposed, Opening Door to AirPort Express Emulators (Arnold Kim via Dewayne Hendricks) More on the Epsilon fiasco (Robert X. Cringely via Gene Wirchenko) Epsilon reactions by Chase and Capital One (Andrew Klossner) 'HTTPS Now' Campaign Urges Users to Take an Active Role in Protecting Internet Security (Eva Galperin) RISKS 26.44 Saturday 14 May 2011 Colleges worry about always-plugged-in students (Tracy Jan via Monty Solomon) Warnings about Risks aren't just for technological issues (Paul Robinson) Amazon Cloud Cloudy? (Ted Samson via Gene Wirchenko) More About the Amazon Cloud Crash (Nestor E. Arellano via Gene Wirchenko) Cloud Reliability (Patrick Thibodeau via Gene Wirchenko) The algorithm says that'll be $23,698,655.93, plus $3.99 shipping (Mark Brader) Texas exposes addresses, SSNs of 3.5 million residents (F John Reinke) Risks of auto-classification (Steven Bellovin) Iran claims it's under a second virus attack (Danny Burstein) RSA hack spear-phishing via an Excel spreadsheet with embedded Flash (Jeremy Epstein) Tracking File Found in iPhones (Matthew Kruk) Re: Skype for Android User Data Leak (Robert N.M. Watson via PGN) Re: Increasing risks due to leap seconds being ever more frequent (Amos Shapir) Re: 'HTTPS Now' (Dimitri Maziuk) Workshop on RFID Security and Privacy (Kevin Fu) RISKS 26.45 Tuesday 24 May 2011 Computer glitch forces U.S. to cancel visa lottery results (Robert McMillan via Ben Moore) Westpac systems crash in IT meltdown notsp (Michael Rosa) Car Talk and Talk and... (Joseph B. White via Eli the Bearded) Sony breach may drive down value of stolen credit cards (Jeremy Epstein) WSJ Reporter Takes Heat Over Tone Of Privacy Series (Joe Mullin via Monty Solomon) : When the Internet Thinks It Knows You (Eli Pariser via Monty Solomon) "Automatic Updates" considered Zombieware (Henry Baker) Amazon Cloud Crash Write-up (Gene Wirchenko) Lawsuit alleges spyware on rental computers (Joe Mandak via Matt Roberds) The Web browser that cried "wolf" (Mark Thorson) You must enable javascript to view this page (jidanni) Future Risks (John Brandon via Gene Wirchenko) Poor choice for automatic password (Tony Luck) REVIEW: "The Black Swan", Nassim Nicholas Taleb (Rob Slade) RISKS 26.46 Saturday 4 June 2011 Ash clouds: No Man is an Island (Der Spiegel) Another role for provers? (Martyn Thomas) Diebold employee accused of loading fake money into ATM machines (Henry K Lee) Russian Company Cracks IOS 4 Hardware Encryption (John E. Dunn via Steve Goldstein) Lockheed Martin: Uh-Oh! (Randall Webmail) Updated rogue AV installs on Macs without password (Elinor Mills via Monty Solomon) Sour Cookies in the UK (Gene Wirchenko) Skype is reportedly reverse-engineered: Skype threatens to crush open-source versions (Lauren Weinstein) Excerpted items from Lauren Weinstein's Network Neutrality Squad (PGN) Graffiti meets YouTube (Rob Slade) On the risks of an incompletely implemented idea (Jon Seymour) Left hand doesn't talk to right hand (Rick Gee) Study Sees Way to Win Spam Fight (John Markoff via Monty Solomon) Virtual slave labor in China (Mark Thorson) Different banks' ATMs have different masking policies (jidanni) 'A Google Oddity' in the echoes of Y2K (Joe Loughry) Re: "Automatic Updates" considered Zombieware (Steve Loughran) Re: Car Talk and Talk and... (Steve Loughran, Peter Houppermans) Re: You must enable javascript to view this page (Joseph Brennan) Re: REVIEW: "The Black Swan", Nassim Nicholas Taleb (Stephen Bounds) RISKS 26.47 Monday 6 June 2011 99% of Android phones leak secret account credentials (Dan Goodin via Monty Solomon) SCADA Holes Allowed Remote Takedown of Siemens Systems (Paul Roberts via Jeremy Epstein) Canada Post Strike (Nestor E. Arellano via Gene Wirchenko) "InfraGard" passwords/logins exposed (Danny Burstein) Risks of comp.risks resolved: new USENIX feed (PGN) RISKS-related Slashdot items (Werner U) Re: Russian Company Cracks IOS 4 Hardware Encryption (John Beattie) Re: "Automatic Updates" considered Zombieware (Martin Ward, Peter Houppermans, Dimitri Maziuk) Re: Car Talk and Talk and... (Ben Kamen) Cars that drive themselves (Jonathan Kamens) `A Google Oddity' is not a Y2K bug (Sidney Markowitz) Re: Virtual slave labor in China (Geoffrey Brent) Re: Study Sees Way to Win Spam Fight (Kevin Fu) Risks Digest 26.48 Tuesday 21 June 2011 United Airlines system-wide computer failure (PGN) The Bitcoin fiasco (Mark Thorson) A new speed record for exposing plagiarism by web search? (Mark Brader) Risks of automatically generated weather forecast data (Nick Brown) Citi Says Credit Card Customers' Data Was Hacked (Chris V. Nicholson via Monty Solomon) SecurIDs Come Under Siege (Siobhan Gorman and Shara Tibken via Monty) Hackers steal quantum code (Peter Houppermans) Spam "e-books" becoming a major problem on Kindle e-book store (Lauren Weinstein) Nissan Leaf reportedly leaks data via RSS, including location/speed Casey Halverson via Lauren Weinstein) Subject: Fwd: British Spies Replace Terrorists' Online Bomb Instructions with Cupcake Recipe (Paisley Dodd via Monty Solomon) iPhone app measures frequency of common passcodes (Mark Thorson) RSA Insecurity (Nelson D. Schwartz and Christopher Drew via Monty Solomon) Customers angry at RSA over delay in admitting depth of breach (Lauren Weinstein) Conceal your breaches, and steel your breeches? (Dan Goodin) Spyware, the FBI, and The Failure of ISPs (John Dvorak via Monty Solomon) Fox News mistakenly uses Tina Fey picture in Sarah Palin story (Monty) Re: Skype is reportedly reverse-engineered (Rob Slade) Re: Cars that drive themselves (Spencer Cheng) Re: "Automatic Updates" considered Zombieware (David Gillett) RISKS 26.49 Monday 25 July 2011 Planes collide in midair, land safely (Monty Solomon) Aviation Experts Worry About Aircraft Mishaps on the Ground (Monty Solomon) Pilots to use iPads instead of manuals (Peter Houppermans) Safety on China's Railroads (Chuck Weinstock) Toyota to recall 82,200 vehicles in the US (Monty Solomon) Don't throw away Grandma's wind-up desk clock (Danny Burstein) Electronic vote stealing in Ohio's 2004 Presidential Election (PGN) Bruce Schneier's CRYPTOGRAM item on Dropbox and clouds (PGN) A Mouse Ate Your Network? (Ted Samson via Gene Wirchenko) Apple Laptops Vulnerable To Hack That Kills Or Corrupts Batteries (Andy Greenberg via Monty Solomon) Patient alleges Tufts breached privacy (Chelsea Conaboy via Monty Solomon) Beth Israel reports potential data breach (Hiawatha Bray via Monty Solomon) Most cellphone voice mail is vulnerable to hackers (Hiawatha Bray via Monty Solomon) Staples resold devices holding consumer data (Jenn Abelson via Monty Solomon) Somebody is using my e-mail address, but I can't figure out why (Jonathan Kamens) Empowering Evil Through Search and Surveillance: Why Corporate Ethics Matter (Lauren Weinstein) Book review: Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (Ben Rothke) RISKS 26.50 Tuesday 26 July 2011 National Popular Vote -- Needs Governor Brown's Veto (Rebecca Mercuri) New Court Filing Reveals How the 2004 Ohio Presidential Election Was Hacked (Bob Fitrakis via Monty Solomon) Software Designer Reports Error in Anthony Trial (Lizette Alvarez via PGN) Computer problems may trump debt ceiling (Mark Thorson) The British Phone Hacking Scandal (Peter Bernard Ladkin) Indian government uses Hotmail! (Ashish Gehani) Skype Vulnerability (Gene Wirchenko) Booz Allen systems breached (Jason Ukman via PGN) Do Not Track Not Being Followed (Grant Gross via Gene Wirchenko) Man gets 18-year sentence for harassing neighbor through Wi-Fi (Mark Thorson) Let's hope their code stays closed! (jidanni) Decoupling Civil Timekeeping from Earth Rotation? (Rob Seaman) RISKS 26.51 Monday 1 August 2011 China train crash explanation raises more public doubts (Jim Reisert) Study Faults Approval Process for Medical Devices (Barry Meier) Counterfeit driver's licenses (Ashley Halsey III) High-rolling gamblers are exploiting a quirk in Cash WinFall (Jim Reisert) FaceBook + Facial Recognition software = Increase Privacy Risks (Steven J Klein) "FaceBook Founder's Sister says Kill Internet Anonymity" + Counterarguments (Lauren Weinstein) Remote access to cars, water plants, etc. (Dennis Fisher) Risks of verbose automated e-mail (Paul Wallich) Google+ and Names (Gene Wirchenko) Re: Don't throw away Grandma's wind-up desk clock (Ted Lee) Re: Patient alleges Tufts breached privacy (Chris D.) Re: Empowering Evil Through Search and Surveillance (Chris D.) Re: The British Phone Hacking Scandal (Chris D.) RISKS 26.52 Tuesday 2 August 2011 Motorcycle 'smart key' can disable steering (Steven J Klein) Internet Addiction (Sharon Gaudin via Gene Wirchenko) Researchers Expose Cunning Online Tracking Service That Can't Be Dodged (Lauren Weinstein) House Committee sweepingly hypocritical Internet data retention bill (Lauren Weinstein) Bot-Bashed by Google (Robert X. Cringely via Gene Wirchenko) Re: Study Faults Approval Process for Medical Devices (Kevin Fu) Re: Patient alleges Tufts breached privacy (Steve Loughran) Re: FB & facial recognition software (Peter Houppermans) Re: Risks of verbose automated e-mail (Eriks Ziemelis) Re: Don't throw away Grandma's wind-up desk clock (Kurt Fredriksson, Mark Kramer) Taking over a stranger's phone number (Geoff Kuenning) RISKS 26.53 Sunday 7 August 2011 F-35 Testing Suspended (Gabe Goldberg) Google's driverless car causes 5-car pile-up (Mark Thorson) The Anti-Malware Follies, George Ledin Jr (George Ledin) The Speed of the Web, the Speed of the Nonsense (Robert X. Cringely via Gene Wirchenko) How does a telco call its service people when its network is out? (Danny Burstein) Text error sends Scottish exam results a day early (Carrell/Shepherd via Monty Solomon) Microsoft vs. Google: Patents, Society, and Greed (Lauren Weinstein) Java SE 7 Problems (Gene Wirchenko) Report on 'Operation Shady RAT' Identifies Widespread Cyber-Spying (Nakashima/Tate via ACM TechNews) The_Most_Expensive_One-byte_Mistake Generates Buzz (ACM Bulletin) Microsoft Kicks Off $250,000 Security Contest (Gregg Keizer via ACM TechNews) AT&T increases voice mail security; Password meant to deter hackers (Hiawatha Bray via Monty Solomon) 8 Technical Methods That Make the PROTECT IP Act Useless (Lauren Weinstein) Contractor leaves hundreds of bank account details at a pub (Jim Reisert) Hospital reports a possible data loss (Liz Kowalczyk via Monty Solomon) Re: High-rolling gamblers are exploiting a quirk in Cash WinFall, raking in huge profits (Jim Reisert) Re: Google+ and Names (Tony Finch) Re: Motorcycle 'smart key' (Carl Byington) Re: Don't throw away Grandma's wind-up desk clock (Tony Finch) Risk, Hazards & Crisis in Public Policy, Vol 2 Issue 2 (Heather M. Bell) RISKS 26.54 Saturday 27 August 2011 Air France 447: Smart planes still vulnerable to human error (Matthew Kruk) Air France 447, the A330 EFCS, and extreme nose-up (Heather McNeil) British Columbia Medicine Mixup, doggedly (Gene Wirchenko) Man unable to open car from the inside and dies of dehydration (David Landgren) Bitcoin + Cloud Computing = Approx. USD$231K Up In Smoke (Mark Thorson) United Airlines uses 11,000 iPads to take planes paperless (Daniel Dilger via Monty Solomon) Chinese newscast apparently reveals their cyber warfare games (Danny Burstein) Death, taxes and identity theft (Suzanne Johnson) Visa to adopt chip & pin in the US (Jeremy Epstein) 4G and CDMA reportedly hacked at DEFCON (Lauren Weinstein, Dotzero) Why Governments Are Terrified of Social Media (Lauren Weinstein) Transaction without a password is more secure? (Jonathan Kamens) Re: The Anti-Malware Follies (Rob Slade) Workshop on Cryptography for Emerging Technologies and Applications (Sara J. Caswell) RISKS 26.55 Tuesday 13 September 2011 Hurricane power outage: What could possibly go wrong? (Doug Hosking) Southwest power outage from AZ to SoCal and BajaCal (Monty Solomon) Insulin pumps can be hacked (Werner U) One Sperm Donor, 150 Offspring (Jacqueline Mroz via Monty Solomon) Ten Years After 9/11, Cyber Attacks Pose National Threat (Jaikumar Vijayan via ACM TechNews) Nominet UK proposing police shut down domains without court order (Lauren Weinstein) Channel 5 in Minneapolis had windows browser showing (Joyce Scrivner) Researchers crack APCO P25 public safety encryption, find DoS flaws (Slashdot via Lauren Weinstein) T-Mobile JavaScript comment stripper breaks websites (Lauren Weinstein) Risks of typos in email addresses: Man-in-the-mailbox attack (Toby) Why Governments Are Terrified of Social Media (Lauren Weinstein) Private Yale Student Info Accessible via Google Search (Jeff James via Monty Solomon) Yale Student Allows His Privacy To Be Obliterated For A Class Project (Kashmir Hill via Monty Solomon) Yet another incident of over-reliance on GPS navigation (Sean W. Smith) Zombie Cookies won't die (Gene Wirchenko) Re: Don't throw away Grandma's wind-up desk clock (Paul Robinson) CFP Integrated Formal Methods: iFM 2012 (Diego Latella) RISKS 26.56 Wednesday 14 September 2011 Air France 447: Smart planes still vulnerable to human error (Don Norman) Re: United Airlines uses 11,000 iPads to take planes paperless (Geoff Kuenning) Automation in the air dulls pilot skill (AP item) Many US schools adding iPads, trimming textbooks (Stephanie Reitz via Monty Solomon) Benefits of IT on Education? (NYTimes) DigiNotar SSL Security Cert Breach (Gregg Keizer via Gene Wirchenko) Risks in Google, specifically Gmail (Paul Robinson) Microsoft posts security bulletins 4 days early, scrambles to fix mistake (Jon Brodkin via Monty Solomon) $100 Bill: The Fed Has a $110 Billion Problem with New Benjamins (Leonard Finegold) Re: Bitcoin + Cloud Computing = Approx. USD$231K Up In Smoke (Arno Wagner) Dutch Government Websites No Longer Secure (Danny Burstein) Forged Google crypto certificate found in the wild (Lauren Weinstein) Google+ Security/Privacy Risks? (Tony Bradley via Gene Wirchenko) The Internet's Secret Back Door (Lauren Weinstein) Closed, Says Google, but Shops' Signs Say Open (David Segal via Monty Solomon) Re: Researchers crack APCO P25 public safety encryption ... (Jeremy Ardley) Re: Visa to adopt chip & pin in the US (David Alexander) Re: T-Mobile JavaScript comment stripper breaks websites (Amos Shapir) Re: Yet another incident of over-reliance on GPS navigation (Geoff Kuenning, Amos Shapir) Man unable to open car from the inside and dies of dehydration (Clive Page) Patient Data Posted Online in Major Breach of Privacy (Kevin Sack via Monty Solomon) Cash for iPhones -- spam, scam, or phishing (DoN. Nichols) RISKS 26.57 Monday 19 September 2011 Redundancy is always a good idea, when it exists (David Lesher) EFF Heads Back to Court to Fight Warrantless Wiretapping (EFF) Re: United Airlines uses 11,000 iPads to take planes paperless (Alistair McDonald, John Stanley) Re: Air France 447 (Peter Houppermans) FTC proposes stricter Net access rules for children under 13 (Lauren Weinstein) Pakistan orders ISPs to block VPNs and other encryption? (NNSquad) Supercookie (Bill Snyder via Gene Wirchenko) Re: "Why Governments Are Terrified of Social Media" (Chris D) Re: Zombie Cookies won't die (Chris Jewell) Re: Risks in Google, specifically Gmail (John Fouhy, Joseph Brennan) Re: Don't throw away Grandma's wind-up desk clock (Martin Ward) Re: Transaction without a password is more secure? (Wayne Mesard) Re: Researchers' Typo-squatting Stole 20 GB of E-Mail (Lauren Weinstein) Re: $100 Bill: The Fed Has a $110 Billion Problem ... (Nick Laflamme) Re: Yet another incident of over-reliance on GPS navigation (Paul Wallich) Re: Man unable to open car from the inside and dies of dehydration (David Peverley) Online risks for a power of attorney (Jared Gottlieb) RISKS Digest 26.58 Tuesday 27 September 2011 U.S. Accuses Poker Site of Fraud (Matt Richtel via PGN) Auditing in the News: $7.6 billion missing (Steven J. Greenwald) OnStar Begins Spying On Customers' GPS Location For Profit (Jonathan Zdziarski via Lauren Weinstein, and via Monty Solomon) Data breaches affect 2 million people in Massachusetts (Hiawatha Bray via Monty Solomon) Interesting Facebook incident (Peter Houppermans) Facebook Yet Again Again Again (Gene Wirchenko) Cell phone number acquisition (Peter Houppermans) Risks of cyber warfare (Jared Gottlieb) Re: United Airlines uses 11,000 iPads ... (David Magda, Simon Farnsworth, Andrew Douglass, Geoff Kuenning) Thoughts about this WSJ "you've been hacked" suggestion? (Danny Burstein) Mark Bowden, WORM: The First Digital World War (PGN) REVIEW: "Above the Clouds", Kevin T. McDonald (Rob Slade) RISKS 26.59 Sunday 23 October 2011 China Bullet Trains Trip on Technology (Areddy/Shirouzu) NJ election cover-up (Andrew Appel via Monty Solomon) Gas bill climbed 13,000 pounds after correct online reading given (Gabe Goldberg) Robot editors strike again (Earl Boebert) Computer Virus Hits U.S. Drone Fleet (WiReD via Joly MacFie) BlackBerry Outage Linked to Massive Drop in Traffic Crashes (Brad Aaron) Re: Blackberry outage saves lives (Mark Thorson) Security Vulnerability In HTC Android Devices (Artem Russakovskii) Skype for iPhone makes stealing address books a snap (Dan Goodin) Massive HTC Android phone vulnerabilities reported (John P. Mello Jr. via Gene Wirchenko) AmEx 'debug mode left site wide open' (John Leyden via Monty Solomon) Air traffic control data found on eBayed network gear (John Leyden) Skype flaw allows BitTorrent users to be identified (Jeremy Kirk) Adobe flash design would let authorities order Adobe to turn on your mic/camera remotely (Steve Bellovin) FBI Official Calls for Secure, Alternate Internet (Lauren Weinstein) Researchers crack W3C encryption standard for XML (Lauren Weinstein) Better Business Bureau offers rogue script browser peril (Gabe Goldberg) Washington objects, OnStar reverses tracking policy (Computerworld) Re: United Airlines uses 11,000 iPads ... (John Stanley) ACSAC 2011 open for registration (Jeremy Epstein) RISKS 26.60 Friday 11 November 2011 ANA plane goes nearly belly up after wrong knob turned (Rob McCool) E-voting remains insecure, despite paper trail (Gene Wirchenko) Alleged Absentee Ballot Fraud in Florida (PGN) Massive Internet Outage blamed on Juniper routers (Lauren Weinstein) Gmail goes Colbert (James Morris) Automated systems that don't use automatic daylight savings (Tim Panton) NASA Confirms 'Suspicious Events' in Satellite Hacking Report (Rebecca Mercuri) Apple was OK to fire man for private Facebook comments (Anna Leach via Gene Wirchenko) Re: Blackberry outage saves lives (Geoff Kuenning) Re: United Airlines uses 11,000 iPads ... (Andrew Douglass, Geoff Kuenning) W32.Duqu: As ye sow, so shall ye reap ... (Stanley De Jager via Randall) New Malicious Program by Creators of Stuxnet Is Suspected (NYTimes via PGN) UK police using gear to intercept and monitor cell phones via mobile network spoofing (Lauren Weinstein) What happens when *everyone's* PII is leaked? (Jeremy Epstein) Contract worker stole 9M+ Israelis' personal information (Jeremy Epstein) Skype flaw allows BitTorrent users to be identified (Jeremy Kirk via Gene Wirchenko) Skype for iPhone makes stealing address books a snap (Dan Goodin via Monty Solomon) RISKS 26.61 Sunday 13 November 2011 Panel Emphasizes Safety in Digitization of Health Records (Steve Lohr) The Coming Fascist Internet (Lauren Weinstein) First national Emergency Alert System (EAS) test: FAIL in many areas (Lauren Weinstein) "747's are big flying Unix hosts" (Gabe Goldberg) Underground call-centre for identity theft uncovered (Gene Wirchenko) The Dark Side Of Biometrics: 9 Million Israelis' Hacked (FastCompany) "Sloppy use of Amazon cloud can expose users to hacking" (Gene Wirchenko) Re: Gmail goes Colbert (Dag-Erling Smørgrav) Re: ANA plane goes nearly belly up ... wrong knob turned (Pete Disdale, Richard S. Russell, Joe Keane) Fun Yahoo! term of service (jidanni) Humorous illustration of computer security (David Hollman) RISKS 26.62 Friday 18 November 2011 U.S. water plants reportedly hit by cyber attacks (Gene Wirchenko) Remotely Opening Prison Doors (Bruce Schneier) Digital surveillance camera held sensitive unrelated photos (Mark Brader) The government is going overboard in Internet copyright control (Vint Cerf) "Who Decides Who You Are Online?" (Somini Sengupta) Facebook's tracking of other Web site visits under fire (USA Today) How Google, by voluntarily implementing facial blurring... (jidanni) "Coming conundrum: Malware signed by a legitimate developer" (Robert Lemos) Standard and Poor's and France's credit (Mark Brader) Congress Declares War on the Global Internet; Internet Replies "Bring It On!" (Lauren Weinstein) Insider fraud (Michael Lee) Re: ANA plane goes nearly belly up ... wrong knob turned (Tony B Atkinson) Re: The Coming Fascist Internet (Mike Smith) Does this icon mean YES or NO? (jidanni) RISKS 26.63 Tuesday 22 November 2011 Online elections (Rob Slade) Americans Elect (Jim Cook) Android leads the way in mobile malware growth (Peter Houppermans) Firm Sought to Install Spyware Via Faked iTunes Updates (Werner U) "Why Law Enforcement Can't Stop Hackers" (Meridith Levinson via Gene Wirchenko) The Web as Backyard Fence Gone Wild (Galen Gruman via Gene Wirchenko) Re: Update: U.S. water plants reportedly hit by cyber attacks (Howard Webb) Re: 9 Million Israelis' PII hacked (Barry Jaspan) Slovenia attacks panoramic photography (Lauren Weinstein) Re: How Google, by voluntarily implementing facial blurring... (Amos Shapir) Protecting data for the long term with forward secrecy (Lauren Weinstein) Re: "Coming conundrum: Malware signed ... (David Shambroom) Congress Declares War on the Global Internet - Internet Replies "Bring It On!" (Robert Heuman) Re: ANA plane goes nearly belly up ... wrong knob turned (John Stanley, Larry Sheldon) Re: The Coming Fascist Internet (Amos Shapir) The Surveillance Catalog (Gabe Goldberg) How to persuade lawmakers to change their passwords (Chiaki Ishikawa) I think I got a spammed (jidanni) RISKS 26.64 Saturday 26 November 2011 CalPERS computer misfire sparks benefit cancellations (Randall Neff) Robot prison wardens - with guns? (Peter Houppermans) "Facebook bans at work linked to increased security breaches" (Nestor E. Arellano via Gene Wirchenko) "Hired posters degrading Web's information credibility" (John P. Mello Jr. via Gene Wirchenko) Thailand wants Facebook links blocked, warns that pressing "Like" can lead to prosecution (Lauren Weinstein) If You Can't Trust Caller ID ... (Matt Richtel) LaTeX as an example of software engineering best practices? (Mark Thorson, PGN) Re: Update: U.S. water plants reportedly hit by cyber attacks (Alexander Klimov) Ruined water pump apparently wasn't attacked by hackers after all (Lauren Weinstein) Apple iTunes flaw 'allowed government spying for 3 years' (Lauren Weinstein) More on Duqu/stuxnet link? (PGN) Missing the point of the Internet (Bob Frankston) REVIEW: Eric D. Knapp, Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems (Richard Austin) RISKS 26.65 Tuesday 29 November 2011 Volume 26 : Issue 65 Investigation into ICT enabled projects (Andrew Pam) Cybersecurity Requires Patches, Not a Vast Bill (Susan Crawford via Lauren Weinstein) Internet Amorality, and Cutting Thailand Off From the Internet (Lauren Weinstein) Another mass takedown of domains by U.S. authorities + discussion (Lauren Weinstein) Hackers target IPv6: Why you must address IPv6 security concerns now (Susan Perschke via Gene Wirchenko) "Face Unlock feature in Galaxy Nexus poses security risk" (Matt Hamblen via Gene Wirchenko) Google protects its current HTTPS traffic against future attacks (Lucian Constantin via Gene Wirchenko) Columbia U. researchers claim widespread security problems with laser printers (Lauren Weinstein) "Doomed by default passwords" (Roger A. Grimes via Gene Wirchenko) "When mobile apps go bad" (Galen Gruman via Gene Wirchenko) Facebook Settles With F.T.C. Over Deception Charges (Lauren Weinstein) Re: purported water plant attack (SMiller) Re: If You Can't Trust Caller ID ... (Paul Wallich) Re: Missing the point of the Internet (Amos Shapir) Complexity (Bob Frankston) Re: LaTeX as an example of ... best practices (Bob Frankston) Re: "Facebook bans at work linked to increased security breaches" (Carlos G Mendioroz) RISKS 26.66 Tuesday 6 December 2011 Civilian Use of Drone Aircraft May Soon Fly In the US (W. J. Hennigan) Underpublicized risks of mobile devices (Valdis Kletnieks) Comedy of Errors Led to False "Water Pump Hack" Report (Kim Zetter via Lauren Weinstein) GCHQ code-cracking challenge "cracked" -- by a Google search!(Robert Meineke) Ongoing large-scale distributed SSH brute-force attack (Jonathan Kamens) Skype flaw reveals users' location, file-downloading habits (Joan Goodchild via Monty Solomon) "Security researchers say HP printers vulnerable to hackers" (Gene Wirchenko) HP printers can be remotely controlled and set on fire, researchers claim (Jon Brodkin via Monty Solomon) The risks of information sharing? (Steven Bellovin) Exam Cheating on Long Island Hardly a Secret (Anderson/Applebome) Apple iTunes ... Trojan horse that gives governments access to your computer and files (Gordon Peterson) Sneaky Mobile Ads Invade Android Phones (Tom Spring via Monty Solomon) "Carrier IQ: The Sony rootkit all over again" (Robert X. Cringely) "CarrierIQ" on various mobile handsets (Android Security Test) Re: Carrier IQ May Have Violated Wiretap Law In Millions Of Cases (Declan McCullagh) "Carrier IQ and Facebook pose the least of your privacy threats" (Galen Gruman) AT&T, Sprint, T-Mobile admit to using Carrier IQ; Apple says it doesn't anymore (Lauren Weinstein) Re: Cybersecurity Requires Patches, Not a Vast Bill (Martyn Thomas) Re: Complexity (Bob Frankston) RISKS 26.67 Tuesday 20 December 2011 Qantas Terror Blamed on Software (Andrew Heasley) Why data matters for public policy (Vint Cerf via Lauren Weinstein) Internet Hysteria: Is the US Losing Its Edge? (Brent Glass) BufferBloat: What's Wrong with the Internet? A discussion (Dave Farber) Can the U.S. Government close social media accounts? (Salon) Computing On Encrypted Databases Without Ever Decrypting Them (Forbes) 4 Romanians Indicted for Hacking Subway, Other Retailers (Kim Zetter via Jim Reisert) Ambulances turned away as computer virus infects Gwinnett Medical Center computers (Misty Williams/Joel Anderson via Jim Reisert) Hollywood's pirate cure is worse than the disease (Jack Shafer) Protect Yourself from Intrusive Laptop/Phone Searches at U.S. Border (EFF) Daniel Kahneman: Thinking, Fast and Slow (PGN) RISKS 26.68 Wednesday 28 December 2011 Botched elevator maintenance? (James Barron via PGN) Single point of failure in the Berlin Train System (Debora Weber-Wulff) Report on Queen Mary 2 Dead in the Water (Earl Boebert) "Why Ford Just Became A Software Company" (Chris Murphy via Gabe Goldberg) The False Promise of Biometrics (Aman Sethi via Gene Spafford) EFF reverse engineers Carrier IQ (Sebastian Anthony via Monty Solomon) In tests, LightSquared disrupts 75% of GPS receivers (Lauren Weinstein) Internet of things (David Magda) Risks of focusing on risks (Bob Frankston) Hollywood's pirate cure is worse than the disease (Jack Shafer via LW) ACMA: Facebook photos are not private, even with "privacy" enabled (Peter Houppermans) When Facebook really became a liability (Peter Houppermans) Facebook agrees to a dozen recommendations by Irish data protection authority (Jeremy Kirk via Gene Wirchenko) Hacked! (James Fallows via Monty Solomon) Stratfor security breach (Huffington Post via Lauren Weinstein) Stratfor hacking victims targeted after comments (Eileen Aj Connelly) Microsoft will push IE auto-updates (Gregg Keizer) Re: Internet Hysteria ... (Henry Baker) Re: Robot prison wardens - with guns? (Paul Robinson) Re: Qantas Terror Blamed on computer (Peter Bernard Ladkin, Robert Meineke) REMINDER - iFM 2012 CfP - DEADLINE APPROACHING (Diego Latella) RISKS 26.69 Thursday 29 December 2011 Design Flaws Cited in Deadly Train Crash in China (Sharon Lafraniere) Software reliability testing for the space shuttle (David Jefferson) Risks and aircraft control - how does voting fit into this? (Jeremy Epstein) How an "anonymous" hacker disrupted a wireless demo - in 1903 (Paul Marks via Lauren Weinstein) The Times E-Mails Millions by Mistake to Say Subscriptions Canceled (Amy Chozick via Monty Solomon) Mistaken Verizon emergency alert scares N.J. (Danny Burstein) "Giving a fair shake to the eyes in the sky" (Francis Moran via Gene Wirchenko) IMDb and Amazon vs. the "Ageless Actress" (Lauren Weinstein) A Dispute Over Who Owns a Twitter Account Goes to Court (John Biggs via Monty Solomon) Re: First national Emergency Alert System (EAS) test: FAIL (David E. Price) Re: 'Anonymous' Stratfor Hack Reportedly Start Of Weeklong Assault (Kurt Albershardt) Menlo Report on research ethics out for comments (Jeremy Epstein) Proceedings for UTC meeting (Rob Seaman) First STAMP/STPA Workshop (Nancy Leveson) RISKS 26.70 Monday 2 January 2012 Election integrity (Bob Fitrakis/Harvey Wasserman) 3 of 2011's worst data breaches involved medical records (Healthcare Tech Review) Skype Information Leakage and decoding of encrypted packets (Stephan Burschka via Lauren Weinstein) Re: Risks and aircraft control - how does voting fit into this? (John Levine) AZ Humane Society lies, kills man's cat, blocks Facebook comments () Re: Internet of things (David Magda) Re: IMDb and Amazon vs. the "Ageless Actress" (Peter Houppermans) Re: "Risks of focusing on risks" (Bob Paddock) Expiring CharlieCards causing confusion and frustration (Monty Solomon) RISKS 26.71 Thursday 26 January 2012 Deducing causality? (Jonah Lehrer via PGN) More on total-system issues; We are all interconnected (PGN) The Wired Car (Tom Ashbrook via Monty Solomon) Risks of Instant Messaging in Indy Racing (MLCook) Passengers on British Airways warned of crash landing (Jim Reisert) Lawyer Demands Pacemaker Vendor Supply Source Code (Werner U) $44 million bill from Bronx-Lebanon Hospital (Jim Reisert) Cameras may open up the board room to hackers (PGN via Nicole Perlroth) Belarus Is Now Home to the Internet's Most Insane Law (Sam Biddle via LW) Top 1% NYT Readers are Consuming 50% of the text! (Kevin J. O'Brien via Bob Frankston) ``Internet Access Is Not a Human Right'' (Vint Cerf via LW) "Megaupload file seizure shows why many cautious about the cloud" (Ian Paul via Gene Wirchenko) Con-men set up face Facebook site asking for donations (Jim Reisert) Hi-tech heist takes millions from South African Postbank (Jim Reisert) Hackers post 1000s of Israeli credit card numbers (Danny Burstein) Viruses stole City College of S.F. data for years (Nanette Asimov via Jim Reisert) Thieves steal debit-card PIN keypads (Mark Brader) Pocket-dialed 911 calls increasingly common (Mark Brader) Who Is Flying Unmanned Aircraft in the U.S.? (EFF) Nancy G. Leveson: Engineering a Safer World (PGN) Risks Digest 26.72 Sunday 12 February 2012 Programming error doomed Russian Mars probe (Lauren Weinstein) ... or maybe radiation, not programming, killed the Russian probe (LW) The Research Works Act (PGN) HGI scientists break satellite telephony security standards (Horst Goertz Inst) PayPal STILL doesn't get it (Jim Garrison) FBI to track social networks (Antony Savvas via Gene Wirchenko) Twitter can now block tweets in specific countries (Stephen Lawson via GW) Evidence of massive Iranian Internet blocking -- SSL, etc. (LW) "Man-in-the-middle" corporate attack in the wild (Jim Ausman) Symantec recommends disabling pcAnywhere (via Monty Solomon) "Got remote access? Lock it down" (Robert Lemos via GW) Aloha Privacy! - Hawaii bill would track all Web surfing in detail (via LW) Privacy on the Barbie! - Australia considers unlimited communications data retention (via LW) Lawyer sues ex-girlfriend over Google Search results (via LW) Inside China's censorship machine (via LW) Hackers take over Boston Police Department website; message cites handling of Occupy Boston protest (via Monty Solomon) Risks: Conviction of Card Scam operators. How the Scam worked. (Len Spyker) Would the US Extradite UK Blogger for Linking to Works in the Public Domain in Other Countries? (Dewayne Hendricks via Dave Farber's IP) The Heartbreaking Truth About Online Dating Privacy (EFF) Over 3 years later, "deleted" Facebook photos are still online (via LW) Re: deducing causality (Richard O'Keefe) Re: Pocket-dialed 911 calls increasingly common (Danny Burstein) RISKS 26.73 Friday 24 February 2012 Armored SUV could not protect U.S. agents in Mexico (Simson Garfinkel) "It's A Brick" -- Tesla Motor's Devastating Design Problem (Michael Degusta) Small coding mistake led to big Internet voting system failure (PGN) QTH.com Server Outage Notice (Jim Reisert) Less-than-random-number generation compromises encryption (PGN on Lenstra et al. and John Markoff) Security of Self-Selected PINs Is Lacking (John Markoff on Ross Anderson et al.) IL-PIN printed right on the IL-1040 PDF (jidanni) Google Mobile Phone Tracker (Matthew Kruk) Computers blamed once again (Keith Price) Web Firms to Adopt 'No Track' Button (Lauren Weinstein) WSJ: "The U.N. Threat to Internet Freedom" (Lauren Weinstein) Re: Privacy on the Barbie! (Jeremy Ardley) Bruce Schneier's Liars and Outliers (PGN) REVIEW: Bruce Schneier, "Liars and Outliers: ... (Rob Slade) REVIEW: "Identity Management: Concepts, Technologies, and Systems", Elisa Bertino/Kenji Takahashi (Rob Slade) RISKS 26.74 Friday 24 February 2012 Re: Google Mobile Phone Tracker (Tim Diebert, PGN) Re: It's A Brick: Tesla Motor's Devastating Design Problem (Martyn Thomas) "13 security myths you'll hear -- but should you believe?" (Ellen Messmer via Gene Wirchenko) Not-so-faster-than-light superluminal neutrinos! (smolloy via David Bolduc) NewSci: GPS jamming: a clear and present reality (Paul Saffo) UK - 4G TV interference: Up to a million homes 'need filters' (Lauren Weinstein) Behind the Google Goggles, Virtual Reality (Nick Bilton via Matthew Kruk) Facebook contractor reportedly reveals "secret""censorship" list (Stephen C. Webster via Lauren Weinstein) Nortel breached for years; management knew but didn't react (Jeremy Epstein) Re: Armored SUV could not protect U.S. agents in Mexico (Chris Barnabo, Richard S. Russell, R. G. Newbury) Fifth Amendment Protects Suspects from Having to Decrypt Hard Drives (LW) Long distance mail, but why? (Richard O'Keefe) REVIEW: The Tangled Web: A Guide to Securing Modern Web Applications (Ben Rothke) RISKS 26.75 Sunday 18 March 2012 Risks of Leap Years and Dumb Digital Watches (Mark Brader) Windsat Data Outage 29 Feb 2012 (David J Taylor) "Windows Azure Leap-Year Glitch Takes Down G-Cloud" (Steve McCaskill via Gene Wirchenko) Aussie leap-year problems (Don Gingrich) Defibrillator risks (Benoit Goas) Internet voting redux (VVW via PGN) Internet Voting a "disaster in waiting" (Lauren Weinstein) Another video of Alex Halderman on Internet voting (David Jefferson) Board of Elections does nothing as hundreds of Bronx votes go missing (Joseph Lorenzo Hall) First enforcement action under HITECH Breach Notification Rule (Deborah Peel via PGN) The Hidden Risk of a Meltdown in the Cloud (ACM TechNews) Jonathan Zittrain on Data tracking (Alexander Furnas via David Farber) "Bodog case could affect all Canadian sites using U.S. domains" (Christine Wong via Gene Wirchenko) Not even a tiny bit creepy. After all, Orwell WAS British, no? (Eric Pfeiffer via Randall) "Thieves use victims' SIM cards to hack into online banking" (Gene Wirchenko) Re: GPS jamming: a clear and present reality, Plus Fukushima and infrastructure CyberSecurity issues (Peter Bernard Ladkin) More on do-it-yourself drones (PGN) Facebook, Apple, Twitter, Yelp, 14 others sued for privacy-invading mobile apps (Jaikumar Vijayan via Gene Wirchenko) Flashback Mac trojan is back with new and improved exploit strategy (Jacqui Cheng via Monty Solomon) Re: Armored SUV (David Lesher) Washington Post's Ombudsman's Mea Culpa regarding origins of e-mail (Lauren Weinstein) Re: Google Mobile Phone Tracker (Matthew Kruk) EVT/WOTE 2012 call for participation (Jeremy Epstein) RISKS 26.76 Sunday 1 April 2012 French Regulation of Primes? (PGN) Nogales drone fiasco (PGN) DHS Cybersecurity Chief criticizes online voting (Pam Fessler) US Outgunned in Hacker War (Devlin Barrett) Texting error leads to lockdowns at two schools (Jim Reisert) Ship's anchor cuts Internet access to six East African countries (Jim Reisert) Space station control codes on stolen NASA laptop (Jim Reisert) Second Murdoch hacking scandal (Charles C. Mann) Police to cruise streets for unsecured Wi-Fi (Lauren Weinstein) MasterCard, VISA Warn of Processor Breach (Brian Krebs via Monty Solomon) "Study finds major weaknesses in single-sign-on systems" (Cameron Scott via Gene Wirchenko) Mobile operators seek to 'block' Skype in Sweden (Lauren Weinstein) The Moral Network (Daniel Berninger via Dave Farber) Linux 3.3: Finally a little good news for bufferbloat (Robert X Cringely via Dewayne Hendricks and Dave Farber) "Google, Facebook, Twitter warned in privacy report" (Gene Wirchenko) Massive crackdowns on Internet freedoms in some Arab countries? (Lauren Weinstein) Doug Jones/Barbara Simons, Broken Ballots: Will Your Vote Count? (PGN) RISKS 26.77 Wednesday 4 April 2012 ICANN Announces Surprise Termination of Domain Name Expansion Program; Plans Own Dissolution (Lauren Weinstein) Unicode in the modern communications world (Mike Tashker) The Evil Bit, the Angelic Bit, and the "I'm not sure" value! (PGN) Arizona Internet censorship bill on Gov's desk (Lauren Weinstein) Reserved Words Anyone? (Marv Schaefer) DDoS attack disrupts Canadian political party leadership vote (Mark Brader) Why Your Vote Won't Count (Mark E. Smith) Tor traffic disguised as Skype video to fool repressive governments Kazakh gold medal team gets Borat national anthem -- googled! (Rob McCool) Australian Court Finds Google Guilty of Deceptive Ad Tactics (Lauren Weinstein) Tom Tom GPS "Leap Year Bug" (Martyn Thomas) Second Murdoch hacking scandal (Charles C. Mann) An end to phones in every home? (David Cay Johnston) Apple holds the master decryption key when it comes to iCloud security, privacy (Chris Foresman via Monty Solomon) Outage of Visa network kept people from using credit, debit cards for a time Sunday afternoon (Monty Solomon) Re: Texting error leads to lockdowns at two schools (Paul Wallich) Re: Not even a tiny bit creepy. After all, Orwell WAS British (Marcus Rowland) RISKS 26.78 Tuesday 10 April 2012 More on The Evil Bit and the "I'm not sure" value! (Ben Okopnik) Tacocopters delivering hot tacos on the fly (Peter Bernard Ladkin) The Addictiveness of Games (Sam Anderson) Voting machine flaw (Joseph Lorenzo Hall) "Computer Science for the Rest of Us" (Randall Stross via Erwin Gianchandani) "Facial recognition tech could help stop drunk drivers" (Nestor E. Arellano via Gene Wirchenko) NIST ISPAB recommendation about cybersecurity risks of medical devices (Kevin Fu) Hacking medical devices (Jack Holleran) Updating auto software over the Internet (Robert Schaefer) FBI: Smart Meter Hacks Likely to Spread (Robert Schaefer) US government hires company to hack into video game consoles (Robert Schaefer) "The computer did it" (Paul Wallich) Nano Particles--Giga Benefits, Giga Risks (Stephen Unger) "Flaw in popular mobile apps exposes users to identity theft" (Ted Samson via Gene Wirchenko) Police Are Using Phone Tracking as a Routine Tool (Eric Lichtblau via Matthew Kruk) Unraveling a massive click fraud scheme (WSJ item via Lauren Weinstein) The Risks of Advertising (Gene Wirchenko DRM is crushing indie booksellers online (Lauren Weinstein) Hotspots using Deep Packet Inspection (Lauren Weinstein) Internet Use Promotes Democracy Best in Countries Already Partially Free ( (Lauren Weinstein) Re: The Moral Network (Bob Frankston) RISKS 26.79 Tuesday 17 April 2012 Hospital generator failure following earthquake (Jonathan Hunt) For want of an isolating ground, a railroad was shutdown (Danny Burstein) Insider attack on smart meters (PGN) UK Government to give consumers control over smart meter data amidst privacy concerns (Bob Waixel) Why one in five U.S. adults don't use the Internet (CNN) 60% of Wikipedia entries about companies contain errors: correcting them isn't easy (Science News) Computer Fraud Act Case Dismissed (Donn Parker) GPS is a humanitarian weapon system (jidanni) DHS chief contemplating proactive cyber attacks (Steve Johnson via Richard Forno) MintChip -- a virtual cryptocurrency backed up by a government (Mark Thorson) ICANN data breach exposes gTLD applicant data ... (ars technica) CIA's Secret Fear: High-Tech Border Checks Will Blow Spies' Cover (Robert Schaefer) "Apple under fire for backing off IPv6 support" (Gene Wirchenko) CISPA, Cybersecurity, and the Devil in the Dark (Lauren Weinstein) Web freedom faces greatest threat ever, warns Google's Sergey Brin (The Guardian) DARPA Challenge Seeks Robots to Drive Into Disasters (ACM TechNews) Walled gardens look rosy for Facebook, Apple -- and would-be censors (The Guardian) Re: Unraveling a massive click fraud scheme (Martin Ward) "Did first DDOS attack sink the Titanic?" (Gene Wirchenko) RISKS 26.80 Wednesday 25 April 2012 Airline pilot distracted by new text messages botches landing attempt (Mike Flacy) Backdoor in mission-critical systems (Dan Goodin via C Y Cripps) The Power of Individual Voters to Transform Their Government (William Cox) Risks from computers in elections? (Brad Friedman via Mark E. Smith) Thieves steal fiber (Joel Garry) Berkeley High students hack into attendance system (Jill Tucker) TapLogger (Jim Reisert) Solar panel production page reveals name, address, real-time info (Jonathan Kamens) Re: Insider attack on smart meters (Paul Wallich) Compromised ATMs of no Consequence to Banks or Customers (Chris J Brady) Google Street View face blurring side effects (Ed Ravin) Occupy Wall Street protester doesn't own his tweets, judge rules (Lauren Weinstein) Harvard Library open access? (Dan Geer) White House pushes back on CISPA "cybersecurity" legislation (The Hill and LW) 11 percent of all sexts sent to the wrong recipient (Natt Garun via Monty Solomon) "The Flight from Conversation" (Sherry Turkle) Review: CERT Guide to Insider Threats, Capelli/Moore/Trzeciak (Ben Rothke) Henry Petroski does it again! (PGN) Gmail outage much broader than originally reported (Juan Carlos Perez via Gene Wirchenko) Re: "Did first DDOS attack sink the Titanic?" (Jeremy Ardley) Re: Hospital generator failure following earthquake (Dick Mills) The hidden danger of Windows 8 Microsoft Accounts (Woody Leonhard via Gene Wirchenko) RISKS 26.81 Friday 4 May 2012 Fed report on that Southern California blackout (Danny Burstein) How to handle voter registration (Douglas A. Kellner) Re: The Power of Individual Voters to Transform Their Government (Mark E. Smith) North Korea jamming commercial airliner GPS? (PGN) Ars Technica on "back doors" in critical systems (Dan Goodin via C Y Cripps) "Microsoft detects new malware targeting Apple computers" (Jeremy Kirk via Gene Wirchenko) Data breaches in Massachusetts (Jenn Abelson via Monty Solomon) Tiny memory card causes unusual trouble for police (Mark Brader) Thwarting the Cleverest Attackers (Larry Hardesty via ACM TechNews) How to Muddy Your Tracks on the Internet (Kate Murphy via Monty Solomon) "Canadians hit by bogus Microsoft Help calls" (Gene Wirchenko) "Bad stats sink cyber crime costs claims" (Bill Snyder via Gene Wirchenko) DiscoverCard stores passwords in plaintext, e-mails them on request (Gregory Marton) "iPad in the enterprise: prepare for guerilla tactics" (Gene Wirchenko) Re: CIA's Secret Fear: High-Tech Border Checks Will Blow Spies' Cover (Geoff Kuenning) Re: Airline pilot distracted by new text messages (Peter Bernard Ladkin) Harvard and M.I.T. Team Up to Offer Free Online Courses (Tamar Lewin via ACM TechNews) Re: Harvard Library open access? (Jurek Kirakowski) Re: "Did first DDOS attack sink the Titanic?" (Scott Dorsey) Workshop on the Economics of Information Security WEIS 2012 (Jeremy Epstein) RISKS Digest 26.82 Wednesday 9 May 2012 Nevada issues first license for a driverless car (Mark Thorson) The Campus Tsunami (David Brooks, James Morris) Living Plan IT's Urban OS (PGN) Judge: An IP-Address Doesn't Identify a Person -- or BitTorrent Pirate (Torrentfreak via Monty Solomon) How "Privacy Correctness" Is Leading Us Dangerously Astray (Lauren Weinstein) Re: Fed report on that Southern California blackout (Dick Mills) FBI Wants Backdoors in Facebook, Skype and Instant Messaging (Lauren Weinstein) "Half of all Macs will lack access to security updates by summer" (Gregg Keizer via Gene Wirchenko) Understanding the Net neutrality debate: Listening to stakeholders (Lauren Weinstein) With Chen Guangcheng news on Twitter, China's censors lost control (Lauren Weinstein) Re: The Power of Individual Voters to Transform Their Government (Steve Wildstrom, Martyn Thomas) "Controlling Queue Delay" published -- Re: Bufferbloat (Jim Gettys) RISKS 26.83 Saturday 12 May 2012 6 Disasters Caused by Poorly Designed User Interfaces (John Hillabin via Brian Westley) Never Trust a Robot (Earl Boebert) Robot Soldiers Will Be a Reality -- and a Threat (Jonathan D. Moreno via John F. McMullen) Automatic cars? Not so fast.. (Peter Houppermans) "Fire risk: Lenovo expands recall of ThinkCentre all-in-ones" (Agam Shah via Gene Wirchenko) Disruptions: Indiscreet Photos, Glimpsed Then Gone (Nick Bilton via Monty Solomon) USPS curtailing international lithium battery shipments... no iPads, laptops, cameras... (Danny Burstein) Man jailed for accepting call in court (Gene Wirchenko) FBI issues warning on hotel Internet connections (Michael Cooney via Monty Solomon) ".secure" TLD proposed (Lauren Weinstein) More details on the .secure TLD proposal -- and why I believe it is fundamentally flawed (Lauren Weinstein) Re: The Campus Tsunami (David Alexander) Re: The Power of Individual Voters to Transform Their Government (Roderick A Rees, Andrew Douglass) RISKS 26.84 Wednesday 16 May 2012 City Misses $1.6M in Parking Tickets Because of Computer Glitch (Monty Solomon) Computer Glitch Forces Johnson County Motor Vehicle Offices to Close (Sarah Clark via Monty) Computer Glitch Gave Free Education To College Students (Phil Yacuboski via Monty) Computer glitch hampers Alaska deer hunt reporting (via Monty) Computer glitch means NC jobless can't collect (via Monty) Hundreds of potential jurors mistakenly head to Placer County courthouse (Ed Fletcher via Monty) NJ toddler on no-fly list was mistakenly pulled from JetBlue flight (via Monty) Risks of financial models being gamed (Bob Frankston) Top judge: ditching software patents a "bad solution" (Lauren Weinstein) Computerized prescriptions to stop fraud -- what could go wrong? (Rex Sanders) Facebook Shares More About How It Uses Your Data (Somini Sengupta via Monty) Dewayne Hendricks Microsoft Funded Startup Aims to Kill BitTorrent Traffic (Ernesto via Dewayne Hendricks) Comcast Wants You to Watch Commercials (Swanni via Dewayne Hendricks) Slick new type of "password" (Al Stangenberger) Paging George Orwell ... (Matthew Kruk) Researcher runs IP network over xylophones (Lauren Weinstein) Fiat Hacks Google Street View (Steven J. Greenwald) Software Engineer: 2012's Top Job (Cindy Waxer) Re: Humorous Doctor Office Interaction? (Rebecca Mercuri) Re: USPS curtailing international lithium battery shipments (Martin Ward, JC Cantrell) Never Trust a Robot, take 2 (Arnt Gulbrandsen) Re: Power of Individual Voters (Mark E. Smith) Re: Disruptions: Indiscreet Photos, Glimpsed Then Gone (Geoff Kuenning) RISKS 26.85 Monday 28 May 2012 Class 1 Recall: Nicolet, Software Malfunction and Short Circuit (Monty Solomon) Class I Recall: Baxa Software, Potential Dosing Errors (Monty Solomon) NJ Mayor hacks website that advocated his recall (Arstechnica) "Why voting machines still suck" (Paul Venezia via Gene Wirchenko) Japanese Satellite Broadcasting scramble protection cracked (Ishikawa) "Smartphone users more oblivious to others: study" (Gene Wirchenko) The risk of having to "sell" research (Bob Frankston) Controlling the Internet? (Lauren Weinstein) China's version of Twitter adopts new usage restrictions (Lauren Weinstein) In Malaysia, new Internet laws make you guilty unless proven innocent (Lauren Weinstein) FBI forms a new internet-surveillance unit (Declan McCullagh via Joly MacFie) BBC on Flame virus (Joly MacFie) ID Thieves Loot Tax Checks, Filing Early and Often (Lizette Alvarez via Monty Solomon) Orthodox Rally for a More Kosher Internet (Josh Nathan-Kazis via Monty Solomon) Illuminating dialog with a scammer (Identity withheld by request) "Can an Algorithm Write a Better News Story Than a Human Reporter?" (Gabe Goldberg) Re: Never Trust a Robot, take 2 (Jonathan Pritchard) Re: Microsoft Funded Startup Aims to Kill BitTorrent Traffic (Barry Gold) Re: Disruptions: Indiscreet Photos, Glimpsed Then Gone (Dag-Erling Smørgrav) RISKS 26.86 Wednesday 30 May 2012 Patient Died at New York VA Hospital After Alarm Was Ignored (Ornstein/Weber via Monty Solomon) Driverless cars (Martyn Thomas) Delta overcharges some fliers because of computer glitch (Monty Solomon) Hidden Danger of the Fukushima Daiichi Spent Fuel Pool 4 (Tobin Maginnis) "Customers irked by Quickbooks Online outage" (Chris Kanaracus via Gene Wirchenko) Vint Cerf warns Web freedom is under attack (Lauren Weinstein) Utility network protection? No. (PGN) Bogus story: no Chinese backdoor in military chip (Errata Security via Lauren Weinstein) RSA [In]SecureID software token (Ben Moore) The Axis of Weevil? (PGN) Researchers Propose Way to Thwart Fraudulent Digital Certificates (Brian Prince) "iCloud user tracks down iPhone thief using photo stream" (Karen Haslam via Gene Wirchenko) Web billing biz ransacked, smashed offline by hacktivists (John Leyden via Monty Solomon) "New Trojan empties online customers' bank accounts" Gene Wirchenko) Thailand convicts Webmaster for posted site comments (Fuller/Drew via Lauren Weinstein) New York Legislation Would Ban Anonymous Online Speech (Lauren Weinstein) UK surveillance program could expose private lives (Lauren Weinstein) Internet Voting Still Faces Hurdles in U.S. (ACM Tech News) IBM Outlaws Siri, Worried She Has Loose Lips (Robert McMillan via Monty Solomon) "Should you care that Siri is taking notes?" (Ted Samson via Gene Wirchenko) Re: Never Trust a Robot (Jane Hesketh) Re: Disruptions: Indiscreet Photos, Glimpsed Then Gone (Dag-Erling Sm?rgrav Re: Illuminating dialog with a scammer (Alister William Macintyre) RISKS 26.87 Saturday 2 June 2012 Anti-virus software deletes fetal monitor data, baby OK (Kevin Fu) Yet another Leap Year issue (Tim Duncan) Court warns on jurors' Web use (Milton J. Valencia via Monty Solomon) U.S. tech companies warn: threat to Internet from foreign governments (Lauren Weinstein) Spy software's Bluetooth capability allowed stalking Iranian victims (Richard M. Smith) Budget and staff pressures are reshaping federal cybersecurity market (PGN) Over-55s pick passwords twice as secure as teenagers' (Lauren Weinstein) Future Internet Content-Centric Networking a memory of the past? (David Farber) "Facebook's mobile desperation will threaten your privacy" (Gene Wirchenko on Bill Snyder) SouthWest airlines manipulating web content (John Pettitt) If you're going to steal an iPhone, don't photograph yourself! (Mark Brader) Re: iCloud user tracks down iPhone thief using photo stream (Andrew Douglass) On Facebook, 'Likes' Become Ads (Somini Sengupta via Monty Solomon) Telemarketing Calls Keep Mounting Up, Along With Consumer Irritation (Alina Tugend via Monty Solomon) Microsoft forbids class actions in new Windows licence (Gavin Clarke via Gene Wirchenko) The fallacy of collaboration technology (Galen Gruman via Gene Wirchenko) Re: "Siri *ab*use (Peter Houppermans) Re: Facts about Fukushima spent fuel pool #4 (Dan Yurman) Re: Vint Cerf warns Web freedom is under attack (Chris Drewe) Re: UK surveillance program could expose private lives (Chris Drewe) RISKS 26.88 Monday 4 June 2012 Malicious E-Mail Attachment on Olympics Making Internet Rounds (Nicole Perlroth via Monty Solomon) Cyber search engine Shodan exposes industrial control systems to new risks (Robert O'Harrow Jr. via Lauren Weinstein) Microsoft Emergency Bulletin: Unauthorized Certificate in "Flame" (Johannes Ullrich via Lauren Weinstein) Online Courses Can Offer Easy A's via High-Tech Cheating (Jeffrey R. Young via Dave Farber) Facebook takes baby steps toward kids' social network (Robert X. Cringely via Gene Wirchenko) Fighting Sign Pollution in Florida With Robocalls (Robbie Brown via Monty Solomon) Re: Future Internet Architecture: Content-Centric Networking ... (Scott Brim) Re: iCloud user tracks down iPhone thief using photo stream (Geoff Kuenning) Re: "Siri *ab*use (Dag-Erling Smorgrav) Re: Telemarketing Calls Keep Mounting Up, Along With Consumer Irritation (Geoff Kuenning, John Stanley) Re: Yet another Leap Year issue (John Stanley) Re: "Court warns on jurors' Web use" (George Ross) RISKS 26.89 Saturday 9 June 2012 Medical device software update, server distributes malware (Kevin Fu) Haverhill teen to serve year in jail for fatal texting crash ... (Ballou and Ellement via Monty Solomon) Teen texting behind wheel common: 42% in Mass. say they do it (Kay Lazar via Monty Solomon) Flame required world-class cryptographers (Dan Goodin) Texting While Driving: Despite penalties, it's not sinking in (Billy Baker via Monty Solomon) "VIDEO: "Heads Up" Distraction Safety Campaign Targets Pedestrians" (Michelle Rosa via Gene Wirchenko) "Lawful access 'one of the greatest threats to privacy" (Nestor E. Arellano via Gene Wirchenko) "Ontario service kiosks shut down" (Nestor E. Arellano via Gene Wirchenko) SSNs on P2P? The Feds found businesses that leaked private info (Megan Geuss via Monty Solomon) MD5 password scrambler 'no longer safe' (John Kemp) LinkedIn and eHarmony reportedly did not "salt" password hashes (Lauren Weinstein) LinkedIn app under scrutiny for transferring iOS calendar entries (Monty Solomon) ATM-style provincial government services suspended due to breach (Mark Brader) "Researchers find ways to bypass Google's Android malware scanner" (Lucian Constantin via Gene Wirchenko) Police: mobile software hack defeating anti-theft measure (Cyrus Farivar via Monty Solomon) Observations on changing passwords (Geoff Kuenning) Stupid security mistakes: Things you missed while doing the hard stuff (Josh Fruhlinger via Gene Wirchenko) Re: 60% of Wikipedia entries about companies contain errors (Geo Swan) `Siri, Kill That Guy': Drones Might Get Voice Controls" (David Axe via ACM TechNews) Another Siri risk (Martyn Thomas) Re: Telemarketing Calls Keep Mounting Up (Isaac Morland) RISKS 26.90 Thursday 28 June 2012 An Airbus manual describes a double hydraulic failure as 'improbable' (Danny Burstein) San Onofre's issues appear to be result of faulty computer modeling (Lauren Weinstein) Software Failures Responsible for 24% Of All Medical Device Recalls (Robert Schaefer) Re: Class I Recall: Baxa Software, Potential Dosing Errors (Kevin Fu) Re: Medical device software update, server distributes malware (Kevin Fu) 60% of Wikipedia entries about companies contain errors (Richard O'Keefe) Teenage girl posts picture of cash on Facebook, family robbed within hours (Mike Flacy via Monty Solomon) Re: MD5 password scrambler 'no longer safe' (John Kemp, Dag-Erling Smørgrav, Richard Pennington) LinkedIn hit with lawsuit over massive data breach (Cameron Scott via Gene Wirchenko) Error code 451: An HTTP error for censorship? (Robert Schaefer) Verifying Ages Online Is a Daunting Task, Even for Experts (Lauren Weinstein) FBI, DEA warn IPv6 could shield criminals from police (John Gilmore) Technical problem at bank denies access to accounts (Martyn Thomas) Data lost or breached at 82.5 per cent of government IT systems in Canada (Christine Wong via Gene Wirchenko) "Why we need a code of ethics for the Web" (Robert X. Cringely via Gene Wirchenko) Security issue found in 64-bit virtualization software running on Intel CPUs (David Marshall via Gene Wirchenko) US-CERT discloses security flaw in Intel chips (Antone Gonsalves via Gene Wirchenko) What you really need to know about cloud security (Jeff Vance via Gene Wirchenko) What Facebook Knows (Lauren Weinstein) Taxing old browsers out of existence (Mark Thorson) Hacker group demands 'idiot tax' from payday lender (Ted Samons via Gene Wirchenko) Stolen passwords, or chum to catch passwords? Lastpass.com (PGN) Coming in your Future! - "An important message from your .bank!" (Lauren Weinstein) Serious new MySQL security vulnerability (Lauren Weinstein) The Vulnerabilities Market and the Future of Security (Matthew Kruk) New fingerprint reader works 6 meters away (Robert Schaefer) Privacy Breach Discovered In Internet Address Bids (Lauren Weinstein) ICANN's Call For New Domain Names Brings Criticism, and $357M (Lauren Weinstein) Remove stylesheets, US pseudo embassy becomes real embassy (Jidanni) RISKS 26.91 Wednesday 11 July 2012 Stuxnet Parallels to Voting Security (Rebecca T Mercuri) Campaigns to Track Voters with "Political Cookies" (Lauren Weinstein) A320 Lost 2 of 3 Hydraulic Systems on takeoff (PGN) Risks of the Spent Fuel Pool in Reactor Building 4 at Fukushima Daiichi (Peter Bernard Ladkin) More on Fukushima (Richard I. Cook via PGN) San Diego fireworks suffer a *slight* glitch... (David Lesher) Botched computer "upgrade" in sixth day of transactions chaos at RBS (Peter Bernard Ladkin) RBS computer failure condemns man to spend weekend in the cells (Gabe Goldberg) Time isn't on my side; Lesson: Look before you leap... (Henry Baker) Drones: Yet another reason to keep your sextant at hand (Danny Burstein) Scientists crack RSA SecurID 800 tokens, steal cryptographic keys (Lauren Weinstein) Bugs in source code cannot be used in DUI cases in Minnesota (Ben Blout) RAND: Cyberdeterrence and Cyberwar (Lauren Weinstein) France shutting down their /once groundbreaking/ Minitel service (Lauren Weinstein) UK considers broad Web site blocking by default (Lauren Weinstein) RISKS 26.92 Tuesday 17 July 2012 Major Snafu in New Zealand Election was 'Human Error' (Chris J Brady) FDA spied on its own people - and then the evidence leaked (Peter Houppermans) Deep packet inspection device purged of flaw that threatened TOR users (Ars Technica via Lauren Weinstein) Cyberoam fixes SSL snooping hole in network security appliances (Lucian Constantin via Gene Wirchenko) Privacy trumps cybersecurity! (PGN) Wireless Device syncs through anyone's computer (Richard Karash) In the UK, encryption implies potential guilt? (Lauren Weinstein) China censoring video (Didi Tang via Rodney Van Meter) FCC chief blasts Russia for passing Internet censorship bill (Brendan Sasso via Dewayne Hendricks) Yahoo Passwords Stolen in Latest Data Breach (Drew Fitzgerald via Monty Solomon) American Express security cluelessness (Jonathan Kamens) Re: San Diego fireworks suffer a *slight* glitch (Joel Garry) Re: A320 Lost 2 of 3 Hydraulic Systems on takeoff (Roger Hird) Re: RBS computer failure condemns man (Martin Ward, Chris D.) Re: UK considers broad Web site blocking by default (Chris D.) Re: Taxing old browsers out of existence (Jonathan Kamens) Announcement of civil timekeeping meeting (Rob Seaman) RISKS 26.93 Thursday 19 July 2012 Washington State wants to register voters via Facebook (Peter Houppermans) Facebook security 'checkpoint' hits user roadblock (Antone Gonsalves via Gene Wirchenko) Passwords leaked from Yahoo: Boozy, preachy, angry -- and easy (Stephen Lawson via Gene Wirchenko) Bitcoinica exchange funds hacked, again (Mark Thorson) Accidents due to confusion of units of measurement (jidanni) Mom accessed school system 110 times to change kids' grades (Emil Protalinski via Monty Solomon) Online identity theft up 200% since 2010 (Emil Protalinski via Monty Solomon) Warning: Scams surrounding 2012 Olympics have already begun (Emil Protalinski via Monty Solomon) "GPS watch to keep tabs on kids, seniors could hit Canada by autumn" (Christine Wong via Gene Wirchenko) Re: FDA spied on its own people - and then the evidence leaked (Steven J Klein, Ken Knowlton) Re: In the UK, encryption implies potential guilt? (David Alexandero Re: Major Snafu in New Zealand Election was 'Human Error' (Gregor Ronald) Re: Taxing old browsers out of existence (Dimitri Maziuk, Henry Baker, Jonathan Kamens, Arthur T.) Re: Privacy trumps cybersecurity! (Dick Mills) "Apple wins patent for transparent scroll bar" (Gene Wirchenko) Re: Announcement of civil timekeeping meeting (J R Stockton) Tests (Monty Solomon) RISKS 26.94 Tuesday 24 July 2012 Who Really Invented the Internet? (PGN) Denials of Service spam attacks commercially available (PGN) "How to avoid an Elections-Ontario-style data-breach fiasco" (Christine Wong via Gene Wirchenko) Re: Washington State wants to register voters via Facebook (JC Cantrell) The car in the future is connected - I hope not.. (Peter Houppermans) Navy radio might be crippling Connecticut garage doors (Russ Furze) Searching for Clues to Calamity (Fred Guterl via Monty Solomon) Olympics security poster 'gibberish' to Arabic speakers (Chris J Brady) Google ordered to censor 'torrent', 'megaupload' and more words (Lauren Weinstein) Patient information may have been breached after laptop stolen at Beth Israel Deaconess (Kay Lazar via Monty Solomon) Apple removes security app from the App Store (Mark Thorson) "Mobile and Web security will be major topics at Black Hat" (Lucian Constantin via Gene Wirchenko) Oops! Vivus awaits weight-loss drug approval, even as story breaks (Ron Leuty via Monty Solomon, PGN) Re: In the UK, encryption implies potential guilt? (Jonathan Thornburg, Chris Drewe) Re: Accidents due to confusion of units of measurement (Mark Brader) Re: Apple wins patent for transparent scroll bar (Richard O'Keefe) Re: You can have security or privacy. Pick one (Anthony Thorn) RISKS 26.95 Wednesday 25 July 2012 Cadillac replaces tactile buttons with tablet (Paul Wexelblat) Open Sesame for hotel keycards (Andy Greenberg via PGN) "Will the 2012 Olympics set new surveillance records?" (Claudiu Popa via Gene Wirchenko) DARPA's hacking box disguised as a power strip (Lauren Weinstein) Clicking with your doctor (Bella English via Monty Solomon) Mother stole passwords to change children's school grades (John E. Dunn via Gene Wirchenko) Best Typo Ever Runs A-1 in the Los Angeles Times (Tessa Stuart via Monty Solomon) Re: Who Really Invented the Internet? (John Shoch, Dave Crocker, Rebecca Mercuri, Vint Cerf via Lauren Weinstein) Re: Google ordered to censor 'torrent', 'megaupload' (Albert Aribaud) Re: Olympics security poster 'gibberish' (Chris J Brady, Dimitri Maziuk) Re: Taxing old browsers out of existence (Steven J Klein) LADC2013 - Sixth Latin-American Symposium on Dependable Computing (Mohamed Kaaniche) RISKS 26.96 Wednesday 1 August 2012 More on election risks: Brennan Center study (PGN) Internet Voting Systems at Risk (Martha T, Moore via ACM TechNews) Oakland police radios fail during Obama visit (Jaxon Van Derbeken via Paul Saffo) Startup claims 80% of its Facebook clicks are bots, not people (Mark Thorson) Dropbox confirms it got hacked, will offer two-factor authentication (Jon Brodkin via Monty Solomon) Attack against Microsoft scheme puts hundreds of crypto apps at risk (Dan Goodin via Monty Solomon) "Microsoft hits Java where it hurts" (Woody Leonhard via Gene Wirchenko) Attack against Microsoft scheme puts hundreds of crypto apps at risk (ars technica via Lauren Weinstein) Google Failed to Delete All Street View Data, Drawing U.K. Ire (Monty Solomon) Chief developer quits OAuth2.0: I failed, We failed (jidanni) Hacking attacks on printers still not being taken seriously (Mark Piesing via Monty Solomon) General warns of dramatic increase in cyber-attacks on U.S. firms (Lauren Weinstein) Don't believe the Skype: it may not be as private as you might think (Dan Gillmor via Lauren Weinstein) Is This Anonymous Group Behind the New York Times WikiLeaks Hoax? (Lauren Weinstein) "First strain on Olympic networks seen" (Brandon Butler via Gene Wirchenko) Don't tweet if you want TV, London fans told (Reuters) Re: Olympics security poster 'gibberish' (Jeremy Epstein) World Wide Web - Inventor (Chris J Brady) Re: Who Really Invented the Internet? (Larry Press) RISKS 26.97 Wednesday 15 August 2012 Knight Capital software upgrade costs $440m (Martyn Thomas) Errant Trades Reveal a Risk Few Expected (NYT via Monty Solomon) Hand wringing over Knight Capital software bugs (Henry Baker with excerpts from Ellen Ullman's OpEd) DMV computer fails to make friends (Ellen Huet via Paul Saffo) NTT DoCoMo outage (Rodney Van Meter) Verizon 911 failures had multiple causes (David Lesher) JFK security is breached by man who swam ashore (Sean Peisert) Kaspersky Lab on Gauss, Flame, Stuxnet (PGN) Wikileaks reveals TrapWire, a government spy network that uses ordinary surveillance cameras (Annalee Newitz via Dave Farber's IP) Mat Honan hacked (Mat Honan via Marv Schaefer) Ensure Phone is Off Before Engaging in Crime (Mark Brader) Claims of medical patient info encrypted, held for ransom (Danny Burstein) Microsoft sorry over 'big boobs' software code (Martyn Thomas) RBS to pay out 125 million pounds (Martyn Thomas) Re: Where Did the Internet Really Come From? (Steve Crocker via Dave Farber) Re: Best Typo Ever Runs A-1 in the Los Angeles Times (Phil Holden) RISKS 26.98 Monday 20 August 2012 Epic EMR Device Endangering Lives Nurses Say They Are Guinea Pigs for the Vendor Innumerable Complaints (PGN) Southwest glitch causes multiple billings (Monty Solomon) NYPD unveils new $40 million super computer system ,,, (Rocco Parascandola and Tina Moore via Monty Solomon) "Citadel exploit goes after weakest link at airport: employees" (Taylor Armerding via Gene Wirchenko) Hackers Identify Threat to NextGen: Ghost planes (PGN) Live Security Platinum (David Einstein) NYC "Metrocard Vending Machine" failure on DNS-changer day (Danny Burstein) How do you reach your repair techs when the network is dead? (Danny Burstein) "Cloud security dos and don'ts after the latest Dropbox breach" (Christine Wong via Gene Wirchenko) "Security vendor exposes vulnerabilities in DDoS rootkit" (Jaikumar Vijayan via Gene Wirchenko) How we screwed [almost] the whole Apple community (Lukasz Lindell via Monty Solomon) "Elections Ontario data loss victims could top four million" (Howard Solomon via Gene Wirchenko) Rakshasa proof-of-concept malware infects BIOS, network cards (Lucian Constantin via Gene Wirchenko) "Nvidia releases Unix driver to fix high-risk vulnerability" (Lucian Constantin via Gene Wirchenko) iPhone SMS (PGN?) "Today's Internet: All the fake news that's fit to publish" (Robert X. Cringely via Gene Wirchenko) Trust: Ill-Advised in a Digital Age (Somini Sengupta via Monty Solomon) Wikileaks reveals TrapWire ... (Paul Steier) Re: Lawyers who hate maths and computers (Wols) Re: Oakland police radios fail during Obama visit (Bob Frankston) Re: Hand wringing over Knight Capital software bugs (Bob Frankston) Re: Announcement of civil timekeeping meeting (Jan Hoogenraad) Re: Olympics security poster 'gibberish' (Amos Shapir) RISKS 26.99 and RISKS 26.00 20 August 2012 Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 26 (8 April 2010 to 20 August 2012) ------------------------------ End of RISKS-FORUM Digest 26.00 (99) ************************