It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Giant list of HL Security/Goverment failures

page: 1
0

log in

join
share:

posted on Dec, 4 2007 @ 01:09 AM
link   

1.24 Security Problems

in computers and communications: Penetrations, Trojan Horses, Viruses, Time-bombs, Scams, Blackmail, and Other Problems:

..... Recent yet-to-be-merged security items:

***** Apologies. I am way behind in coping with the pervasive occurence of these cases and trying to distribute them sensibly within the subtopics. PGN

SH UK Sunday Business reported intruders seized control of a British military satellite, and demanded blackmail (R 20 23)

Sf Security flaw with frames in browsers (R 20 09); risk of coopted back - not just in JavaScript (R 20 11-12)

SAO 3Com security advisory admits to undocumented backdoor for CoreBuilder and SuperStack II switches (R 20 07)

Sf Seeming SecurID flaw granting root access on login (R 20 10) actually NIS client code flaw (R 20 11)

fS Excel 4.0 and Excel 98 mixes up hard disk and floppy, with nasty potential consquences (R 20 08); Excel messes up large numbers (R 20 14)

Sf Internet Explorer 4.01 Son of Curatango cut-and-paste flaw (R 20 09)

hi Unexpected Internet Explorer behavior when copy/pasting (R 24 24)

hi Internet Explorer changes due (after patent ruling): What You Can Expect (R 24 25) and what does not work (R 24 25)

Sf NT server worm attacks 10 MCI Worldcom networks (R 20 13)

S Win98 Trojan Horse in installation of Java/Y2K upgrade (R 20 13)

SAO PalmPilots can scan remote-control infrared codes (R 20 10,13); risks of RF garage-door openers, infrared alarm systems, etc. (R 20 13)

SM Auctioning of frequency spectrum undermines Pentagon's ability to counter interference risks on cruise missiles (AW&ST item) (R 20 07)


www.csl.sri.com...


Descriptor Symbols
The following descriptor symbols characterize each entry.

! = Loss of life/lives; * = Potentially life-critical or safety problem

V = Overall system or subsystem surViVability problems (with respect to diVerse adVersities, including attacks and malfunctions). Startlingly many cases fit this category; many V-unflagged cases also represent failures to continue performing properly, or delays, or other cases of misuse that could have led to much more serious survivability problems.

$ = Loss of resources, primarily financial

S = Security/integrity/misuse problem; P = Privacy/rights abuse or concern

H = Intentional Human misuse (e.g., user-administrator-operator-penetrator)

h = Accidental Human misuse or other inadvertence

a = Event attributed to animal(s)

I = Insider; O = Outsider; A = Inadequate Authentication, Access control, or Accountability

d = System Development problems

e = Improper Evolution/maintenance/upgrade. (H,h,i,f,d,e involve human foibles.)

r = Problems with Requirements for system or operation (including the overall system concept)

f = Flaws (or Features in design, or hardware/software implementation)

i = MisInterpretation/confusion/human errors at a man-system Interface; documentation problems

m = Hardware Malfunction attributable to system deficiencies, the physical environment, acts of God, etc.


Interesting read.

[edit on 4-12-2007 by elusivetruth]




posted on Dec, 4 2007 @ 01:10 AM
link   
1.30 Law Enforcement Abuses, False Arrests, etc..

..... Database and audit-trail abuses:

!P Stalker obtained address of TV actress Rebecca Schaeffer from Calif DMV DBMS, and murdered her, July 18, 1989; new regulations on DB access: notify interrogatee, then delay response for two weeks (S 14 6, R 9 18)

!*$SHI Arizona ex-law-enforcement officer tracks down and kills ex-girlfriend; GAO report on NCIC itemizes that and many other flagrant misuses (S 18 4:7)

!SHh Woman shot by former classmate who used Internet broker to gain information (R 22 46);

!SH Man allegedly stalks ex-girlfriend with help of GPS (SmartTrack?) under her hood (R 22 46)

$SHI NY police chief indicted for misuse of confidential database (S 13 4)

SHI 3 police officers sentenced for misusing Police Nat'l Computer (S 14 2)

S Risks of STOVEACT, phone-enabled STOlen VEhicle [de]ACTivation (R 19 66)

*SHI SanFran police officer charged with deleting a warrant (S 17 1)

$SPHI 45 LA police cited for searching private computer records (S 18 1:21)

$SPHI Theft of 8.5K criminal records; investigator, 2 police indicted (S 18 2:16)

SH Maryland defense lawyers hustling clients from database of arrest warrants, sometimes tipping off defendants prior to arrest! (R 19 48)

$SPH Police frame sisters on murder charge with bogus ATM evidence (S 18 4:9)

P Victim ordered to surrender computer and passwords (R 19 43)

@S Risks in altered live video images: L-vis Lives in Virtual TV (R 18 18-21)

@P 8 convicted killers sue to prevent Mass from monitoring phones (S 19 4:12)

@$SHAI Mass. hospital technician accessed ex-employee's account, accessed 954 files, harassed former patients, raped girl (R 17 07, SAC 13 3)

The New York Times Web site exposes CIA agents (R 20 93)

SPhi Risks of automated pedophilia detection (R 23 28)



new topics
 
0

log in

join