Here are just a few specific recent problems of note:  <p>

* The U.S. Government has had a new rash of large-system fiascos, including
the Federal Aviation Administration's efforts to modernize the Air Traffic
Control system, the IRS attempt at tax systems modernization, and the FBI's
upgrading of the National Crime Information System (NCIC).  California has
had major difficulties with its new Deadbeat Dads database.  <p>

* Widespread West-Coast power outages during the summer of 1996 remind us
of the propagation effects of the ARPANET collapse of 1980 and the AT&T
collapse of 1990.  <p>

* In the U.S., Websites of the Central Intelligence Agency, Department of
Justice, NASA, and the Air Force have been penetrated and altered by
intruders.  Numerous security flaws have been found in Web browsers and Web
software.  <p>

* Some remarkable theoretical attacks have been described on cryptographic
systems, including timing attacks that can derive private keys from observed
behavior (Paul Kocher), demonstration of smart-card vulnerabilities (Ross
Anderson), and introduction of electromagnetic interference to derive
private keys in public-key crypto (Boneh, DeMillo and Lipton) and to derive
secret keys in DES and other shared-key crypto systems (Biham and Shamir).
In addition, a class of rather efficient potential man-in-the-middle attacks
on a variety of authentication protocols has been described (Sarvar Patel,
IEEE Symposium on Security and Privacy, 1997).  <p>

* A National Research Council study report appeared that is worth citing,
representing a comprehensive review of U.S. cryptographic policy and an
analysis of the risks associated with bad crypto and good crypto.
See <em>Cryptography's Role In Securing the Information Society</em>
(a.k.a. the CRISIS report), Final Report of the National Research Council
Cryptographic Policy Study Committee, National Academy Press, 2101 
Constitution Ave., Washington, D.C. 20418, 1996.  <p>

References to some of these problems can be found at
http://www.csl.sri.com/neumann.html on my Website,
in ftp://ftp.csl.sri.com/illustrative.PS, and in 
back issues of RISKS.  <p>

If you wish to catch up with recent events and you
are able to browse the Internet, you are encouraged
to peruse the RISKS archives -- at ftp.sri.com/~risks or via 
ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
(the volume-summary issues are in risks-*.00; back volumes have their 
own subdirectories, e.g., "cd 18" for volume 18), or
http://catless.ncl.ac.uk/Risks/VL.IS.html (where VL is the VoLume number and
IS the ISsue number).  The ftp.sri.com site directory ``risks'' and
ftp.csl.sri.com both contain the most recent PostScript copy of my
comprehensive historical summary of mostly one-line descriptions of
the RISKS cases in the file get illustrative.PS .  <p>