The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 22 Issue 87

Thursday 21 August 2003


Nasty elevator death at Houston hospital
Missing full-stop halts NZX trading
Gavin Treadgold
Safe! until the 22st century?
Wendell Cochran
Of course, it couldn't happen again!/The Road to Vulnerability
Tampa Police disband face-recognition software
Botched 911 call led to man's death
Ben Moore
Blackout: definitely not terrorists!
Martin Ward
Robert X. Cringely on India, outsourcing, and IT productivity
Lots of railroad traffic affected by so-big
Danny Burstein
Increase in bounces from forgeries due to virus
Rob Slade
Sobig side effects
Jim Griffith
Firewall reject rates
Mike Hogsett
"Good" Worm Fixes Infected Computers
Jim Schindler
Send PIF files in ZIP attachment to avoid virus detectors?
Olivier Dagenais
Do-Not-Spam list effort will be futile
The Risks of Miniaturisation
Gene Wirchenko
Update on NZ payphone failures
Don Mackie
Out of context numbers: It wasn't quite THAT bad...
Andrew Greene
Info on RISKS (comp.risks)

Nasty elevator death at Houston hospital

<"Peter G. Neumann" <>>
Mon, 18 Aug 2003 09:15:19 -0700 (PDT)

More for the "THIS CAN'T POSSIBLY HAPPEN" file:

Hitoshi Kikaidow, a surgical resident at Christus St. Joseph Hospital in
Houston, was caught by a hospital elevator door as he stepped in, and was
decapitated as the elevator ascended.  A female hospital employee was in
malfunctioning the elevator at the time, and was trapped until rescued by
firefighters.  Incidents with elevators and escalators kill about 30 people
and injure about 17,000 each year, according to the U.S. Bureau of Labor
Statistics' Census of Fatal Occupational Injuries and more recent Consumer
Product Safety Commission data.  [PGN-ed from two sources]

*Houston Chron*:

*Newsday* AP item:

And don't forget the "THIS CAN'T POSSIBLY HAPPEN AGAIN" file.

RISKS reported the earlier cases in Ottawa in which, following the first
death in Apr 1989 (RISKS-8.48,49,50,52,54), a second death in Jun 1989
(RISKS-8.77) occurred; the known flaw in the 1954 Otis elevator door
interlock logic causing the first death had remained uncorrected
(RISKS-9.01).  We also previously reported the Houston elevator that failed
in the floods caused by Tropical Storm Allison and by default went down to
the BOTTOM, drowning its occupant (RISKS-21.47).  I recall another case in
which elevator power failed because of a fire on the top floor, and the
elevator by default went to the TOP floor, roasting its occupants, but I
cannot find that case in our archives.

Missing full-stop halts NZX trading

<"Gavin Treadgold" <>>
Thu, 21 Aug 2003 11:23:19 +1200

A missing full-stop in a piece of code for a trivial change to a software
program reportedly started the chain of events that brought New Zealand's
sharemarket to a halt yesterday.

Computer glitch halts stock exchange trading,2106,2633746a13,00.html

A faulty computer program at New Zealand's biggest share registrar halted
trading on the stock exchange for more than five hours yesterday.

I guess that's got to be one of the smallest software bugs around :)

Safe! until the 22st century?

<Wendell Cochran <>>
Tue, 19 Aug 2003 15:25:20 -0700

`Disaster Plans Get New Scrutiny After Blackout' runs a headline in *The New
York Times*, 19 Aug 2003, C1.  Alas, some company managers seem to evaluate
risk in risky ways.

"Some customers learn from experience," reports John Schwartz of *The
Times*, paraphrasing Don DeMarco, vice president for business continuity &
recovery services at IBM, `but seem to learn the wrong lesson.  He described
a corporate client that survived a major flood with the help of his
company's disaster recovery services, and then declined to renew its
contract for the following year.

`Mr. DeMarco said he was aghast.  "Are you kidding?" he recalled asking.
"We just saved your company."

`The client, however, was unmoved.  "We're in a hundred-year flood zone,"
Mr. DeMarco recalled him saying, "and it just happened."

Of course, it couldn't happen again!/The Road to Vulnerability

<"H.L.Hausen" <>>
Mon, 18 Aug 2003 10:43:40 +0200

Some years ago I visited the Darlington PowerPlant in Ontario and I was
surprised that the Power Grid Control System of the Niagara-Mohawk power
grid did not include a "25% safety reserve" as usual. The software engineers
there told me that the software has been proven to be safe and reliable and
so that sort of traditional risk prevention was not necessary.  Is it that
sometimes software engineers don't like to listen to traditional engineering
professionals?  Wasn't there a problem with the Darlington control software
some time ago?  I assume a deeper investigation into the Grid Control is

  [For previous RISKS items on Darlington, see RISKS-9.64, 11.08, 11.12,
  11.96, 12.49, 15.13, 15.59, 15.81, 17.47.  PGN]

Tampa Police disband face-recognition software

<"Peter G. Neumann" <>>
Wed, 20 Aug 2003 09:47:51 -0500

The Tampa Police Department has eliminated the facial-recognition software
hooked up to cameras scanning crowds in public places in Ybor City, after
two years, with zero arrests and zero positive identifications, with a
database of 30,000 mug shots of criminals and runaway children.
[Source: *Tampa Tribune*, 20 Aug 2003]

Botched 911 call led to man's death

<Ben Moore <>>
Sun, 17 Aug 2003 19:52:21 GMT

A 911 dispatcher in Buncome County, North Carolina, clicked on a box to
transfer the house address of a caller into the Computer Aided Dispatch
system.  But that system, installed in March 2003, did not yet have
information on all Buncombe County roads, and suggested an incorrect
alternative (Briarcliff Drive, instead of Lane, in West Asheville), which
the dispatcher accepted.  As a result, the paramedics were significantly
delayed and the self-inflicted victim died.  Attempts are now being made to
complete the database.  [Source: article by Tonya Maxwell, 15 Aug 2003,
*Citizen-Times*; PGN-ed]

Blackout: definitely not terrorists!

<Martin Ward <>>
Mon, 18 Aug 2003 10:29:45 +0100

Did anyone else notice this?  All the early reports about the blackout said
that they had *no* idea of the cause, or even in which country it originated
(with Canada and the USA both pointing the finger at each other).  But
officials are absolutely certain that it was *not* caused by terrorist
activity. Some reports were slightly more honest in saying that "we have no
evidence of terrorist activity": not surprising since they had no evidence
of *any* cause whatsoever. If "no evidence of terrorist activity" is the
same as "definitely no terrorist activity", then the blackout definitely did
not occur (because there is no evidence of *any* cause). Any actual loss of
electricity you appear to observe is therefore merely the result of a
deranged imagination...

Robert X. Cringely on India, outsourcing, and IT productivity

<"Peter G. Neumann" <>>
Sat, 16 Aug 2003 07:45:14 -0400

Those of you interested in problems associated with outsourcing might be
interested in this article:

  May the Source Be With You: IT Productivity Doesn't Have to Be an
  Oxymoron, but Outsourcing Isn't the Way to Achieve It,
  by Robert X. Cringely

Cringely has a fascinating Web site.  He also invites you at that URL to
send this article to others, but I thought my including it in its entirety
in a RISKS issue would be a little excessive, so I am merely posting the URL

Lots of railroad traffic affected by so-big

<danny burstein <>>
Wed, 20 Aug 2003 19:00:04 -0400 (EDT)

Computer Virus Strikes CSX Transportation Computers
Freight and Commuter Service Affected, 20 Aug 2003

CSX Transportation's (CSXT) information technology systems experienced
significant slowdowns early today after a computer virus infected the
network. The cause was believed to be a worm virus similar to those that
have infected the systems of other major companies and agencies in recent
days.  The infection resulted in a slowdown of major applications, including
dispatching and signal systems. As a result, passenger and freight train
traffic was halted immediately, including the morning commuter train service
in the metropolitan Washington, D.C., area. Contrary to initial reports, the
signal system for train operations was not the source of the
problem. Rather, the virus disrupted the CSXT telecommunications network
upon which certain systems rely, including signal, dispatching and other
operating systems.  [...]

Increase in bounces from forgeries due to virus

<"Peter G. Neumann" <>>
Tue, 19 Aug 2003 14:49:35 PDT

Incidentally, the number of bounces from messages sent with forged FROM:
addresses (appearing to come from me and various others of you who are
remarking thereupon) seems to have taken a huge quantum leap in the past few
days.  I'm suddenly getting even more bounces than usual, due to the new
W32.Sobig.F virus.  My regrets if you are getting any such forged e-mail.
However, it is not coming from my mailer, because I do not use *any*
Microsoft software.  Just look at the last RECEIVED: line (unless your
stupid mailer hides it!).

Typical subject lines include these:
  Re: Details
  Re: Approved
  Re: Re: My details
  Re: Thank you!
  Re: That movie
  Re: Wicked screensaver
  Re: Your application
  Thank you!
  Your details
and attachments such as:

You can read more about this virus online at:


<Rob Slade <>>
Thu, 21 Aug 2003 11:05:42 -0800

Sobig load is increasing: over the past 15 hours I've received 52 copies in
my inbox, up from yesterday's 47 in 20 hours (and, as previously noted, well
exceeding the previous record for Klez at its height).  (On the slightly
bright side, spammers seem to have been affected: other spam seems slightly
down today :-)

As noted, Sobig uses its own SMTP engine, and spoofs both the From and
Return-Path headers on a random basis, so that is no indication.  However,
the message body is always "Please see the attached file for details." so
that is a reliable indicator.  In addition, I've had a look at more headers,
and the following two seem to appear in every copy I've received:

  X-MailScanner: Found to be clean
  X-Mailer: Microsoft Outlook Express 6.00.2600.0000

*PLEASE* spread the word: DO NOT OPEN ATTACHMENTS.  If in doubt, don't.
Sobig uses no special technology beyond this rather simplistic social
engineering.  (Can anyone tell me: is there any content scanner lazy enough
to be bypassed by the X-MailScanner header?)    or

Sobig side effects

< (Jim Griffith)>
Thu, 21 Aug 2003 13:57:21 -0500

Unlike Blaster and other past worms and viruses, the rec.humor.funny
moderating addresses have been hammered by the Sobig worm.  In the past
48 hours, I've seen some 3500 worm-related e-mail messages sent to the
three or four moderating addresses that I use, resulting in a DOS of
e-mail and submission processing.  As this worm does the "send the worm
out as if from someone else" trick, and as the RHF addresses have been
around for years, the worm is apparently masquerading as coming from me
in a lot of instances, despite the fact that the RHF machines run LINUX
and are immune to it.  So a fair number of the worm-related pieces of
e-mail are mail bounces and quarantine messages generated by other sites'
anti-virus software.

Most annoying is that some of the addresses targeted by the worm are mailing
list subscription addresses.  While many of them are smart enough to either
look for keywords like SUBSCRIBE or require confirmation, some of them are
not.  As a result, I find that the RHF-related addresses are now subscribed
to mailing lists devoted to jokes, religious and political topics, and one
which discusses issues important to Raelians.  I've also found that I've
apparently opened customer support tickets with any number of companies as

It's disappointing that despite the surge in e-mail viruses in past years,
many systems still allow actions to be triggered by a single e-mail, with no
outside confirmation required.

Firewall reject rates

<Mike Hogsett <>>
Tue, 19 Aug 2003 14:07:14 -0700

The following are the file sizes for our compressed daily firewall logs.
There are a few interesting dates.  The spike for 26 Jan 2003 is the SQL
Slammer worm.  The increase in early March is an exploit for port 445 on MS
products.  Finally the major spike on Aug 12 is Blaster.

So, we have gone from about 2Mbytes/day of compressed log data at the
beginning of the year to about 20Mbytes/day now.  There is no end in sight.
[There is no site to end.  PGN]

 1-Jan-2003	 2M	**
 2-Jan-2003	 2M	**
 3-Jan-2003	 2M	**
 4-Jan-2003	 3M	***
 5-Jan-2003	 1M	*
 6-Jan-2003	 2M	**
 7-Jan-2003	 2M	**
 8-Jan-2003	 3M	***
 9-Jan-2003	 3M	***
10-Jan-2003	 3M	***
11-Jan-2003	 3M	***
12-Jan-2003	 3M	***
13-Jan-2003	 3M	***
14-Jan-2003	 3M	***
15-Jan-2003	 3M	***
16-Jan-2003	 3M	***
17-Jan-2003	 2M	**
18-Jan-2003	 3M	***
19-Jan-2003	 3M	***
20-Jan-2003	 3M	***
21-Jan-2003	 2M	**
22-Jan-2003	 2M	**
23-Jan-2003	 3M	***
24-Jan-2003	 3M	***
25-Jan-2003	 9M	*********
26-Jan-2003	24M	************************
27-Jan-2003	 8M	********
28-Jan-2003	 5M	*****
29-Jan-2003	 4M	****
30-Jan-2003	 3M	***
31-Jan-2003	 2M	**
 1-Feb-2003	 3M	***
 2-Feb-2003	 3M	***
 3-Feb-2003	 2M	**
 4-Feb-2003	 3M	***
 5-Feb-2003	 2M	**
 6-Feb-2003	 3M	***
 7-Feb-2003	 3M	***
 8-Feb-2003	 4M	****
 9-Feb-2003	 3M	***
10-Feb-2003	 4M	****
11-Feb-2003	 3M	***
12-Feb-2003	 3M	***
13-Feb-2003	 3M	***
14-Feb-2003	 3M	***
15-Feb-2003	 3M	***
16-Feb-2003	 3M	***
17-Feb-2003	 3M	***
18-Feb-2003	 3M	***
19-Feb-2003	 3M	***
20-Feb-2003	 3M	***
21-Feb-2003	 2M	**
22-Feb-2003	 3M	***
23-Feb-2003	 3M	***
24-Feb-2003	 3M	***
25-Feb-2003	 3M	***
26-Feb-2003	 4M	****
27-Feb-2003	 3M	***
28-Feb-2003	 3M	***
 1-Mar-2003	 3M	***
 2-Mar-2003	 2M	**
 3-Mar-2003	 3M	***
 4-Mar-2003	 4M	****
 5-Mar-2003	 4M	****
 6-Mar-2003	 4M	****
 7-Mar-2003	 5M	*****
 8-Mar-2003	 6M	******
 9-Mar-2003	11M	***********
10-Mar-2003	12M	************
11-Mar-2003	11M	***********
12-Mar-2003	10M	**********
13-Mar-2003	11M	***********
14-Mar-2003	12M	************
15-Mar-2003	10M	**********
16-Mar-2003	10M	**********
17-Mar-2003	 9M	*********
18-Mar-2003	 9M	*********
19-Mar-2003	10M	**********
20-Mar-2003	11M	***********
21-Mar-2003	12M	************
22-Mar-2003	10M	**********
23-Mar-2003	11M	***********
24-Mar-2003	 6M	******
25-Mar-2003	10M	**********
26-Mar-2003	10M	**********
27-Mar-2003	10M	**********
28-Mar-2003	12M	************
29-Mar-2003	11M	***********
30-Mar-2003	10M	**********
31-Mar-2003	 9M	*********
 1-Apr-2003	12M	************
 2-Apr-2003	13M	*************
 3-Apr-2003	11M	***********
 4-Apr-2003	10M	**********
 5-Apr-2003	10M	**********
 6-Apr-2003	13M	*************
 7-Apr-2003	 9M	*********
 8-Apr-2003	11M	***********
 9-Apr-2003	11M	***********
10-Apr-2003	11M	***********
11-Apr-2003	11M	***********
12-Apr-2003	12M	************
13-Apr-2003	12M	************
14-Apr-2003	11M	***********
15-Apr-2003	12M	************
16-Apr-2003	12M	************
17-Apr-2003	10M	**********
18-Apr-2003	11M	***********
19-Apr-2003	11M	***********
20-Apr-2003	10M	**********
21-Apr-2003	10M	**********
22-Apr-2003	11M	***********
23-Apr-2003	13M	*************
24-Apr-2003	13M	*************
25-Apr-2003	13M	*************
26-Apr-2003	12M	************
27-Apr-2003	10M	**********
28-Apr-2003	11M	***********
29-Apr-2003	15M	***************
30-Apr-2003	11M	***********
 1-May-2003	11M	***********
 2-May-2003	10M	**********
 3-May-2003	11M	***********
 4-May-2003	10M	**********
 5-May-2003	 9M	*********
 6-May-2003	12M	************
 7-May-2003	11M	***********
 8-May-2003	10M	**********
 9-May-2003	 9M	*********
10-May-2003	10M	**********
11-May-2003	 9M	*********
12-May-2003	 9M	*********
13-May-2003	13M	*************
14-May-2003	10M	**********
15-May-2003	10M	**********
16-May-2003	10M	**********
17-May-2003	11M	***********
18-May-2003	 9M	*********
19-May-2003	10M	**********
20-May-2003	10M	**********
21-May-2003	11M	***********
22-May-2003	 9M	*********
23-May-2003	10M	**********
24-May-2003	12M	************
25-May-2003	10M	**********
26-May-2003	11M	***********
27-May-2003	10M	**********
28-May-2003	13M	*************
29-May-2003	10M	**********
30-May-2003	11M	***********
31-May-2003	10M	**********
 1-Jun-2003	 7M	*******
 2-Jun-2003	 8M	********
 3-Jun-2003	11M	***********
 4-Jun-2003	10M	**********
 5-Jun-2003	11M	***********
 6-Jun-2003	10M	**********
 7-Jun-2003	12M	************
 8-Jun-2003	12M	************
 9-Jun-2003	12M	************
10-Jun-2003	14M	**************
11-Jun-2003	12M	************
12-Jun-2003	13M	*************
13-Jun-2003	10M	**********
14-Jun-2003	11M	***********
15-Jun-2003	 9M	*********
16-Jun-2003	10M	**********
17-Jun-2003	14M	**************
18-Jun-2003	13M	*************
19-Jun-2003	13M	*************
20-Jun-2003	11M	***********
21-Jun-2003	11M	***********
22-Jun-2003	 9M	*********
23-Jun-2003	 9M	*********
24-Jun-2003	11M	***********
25-Jun-2003	12M	************
26-Jun-2003	10M	**********
27-Jun-2003	12M	************
28-Jun-2003	14M	**************
29-Jun-2003	11M	***********
30-Jun-2003	10M	**********
 1-Jul-2003	14M	**************
 2-Jul-2003	 9M	*********
 3-Jul-2003	10M	**********
 4-Jul-2003	11M	***********
 5-Jul-2003	11M	***********
 6-Jul-2003	 8M	********
 7-Jul-2003	 9M	*********
 8-Jul-2003	14M	**************
 9-Jul-2003	10M	**********
10-Jul-2003	 8M	********
11-Jul-2003	 9M	*********
12-Jul-2003	10M	**********
13-Jul-2003	 7M	*******
14-Jul-2003	 8M	********
15-Jul-2003	12M	************
16-Jul-2003	10M	**********
17-Jul-2003	 9M	*********
18-Jul-2003	10M	**********
19-Jul-2003	 8M	********
20-Jul-2003	 9M	*********
21-Jul-2003	 8M	********
22-Jul-2003	11M	***********
23-Jul-2003	 9M	*********
24-Jul-2003	 8M	********
25-Jul-2003	 9M	*********
26-Jul-2003	 8M	********
27-Jul-2003	 8M	********
28-Jul-2003	 7M	*******
29-Jul-2003	12M	************
30-Jul-2003	 9M	*********
31-Jul-2003	 9M	*********
 1-Aug-2003	 9M	*********
 2-Aug-2003	 8M	********
 3-Aug-2003	 7M	*******
 4-Aug-2003	 7M	*******
 5-Aug-2003	11M	***********
 6-Aug-2003	 8M	********
 7-Aug-2003	 7M	*******
 8-Aug-2003	 8M	********
 9-Aug-2003	 6M	******
10-Aug-2003	 7M	*******
11-Aug-2003	 7M	*******
12-Aug-2003	44M	********************************************
13-Aug-2003	35M	***********************************
14-Aug-2003	24M	************************
15-Aug-2003	20M	********************
16-Aug-2003	15M	***************
17-Aug-2003	11M	***********
18-Aug-2003	12M	************
19-Aug-2003	26M	**************************

"Good" Worm Fixes Infected Computers

<Jim Schindler <>>
Mon, 18 Aug 2003 20:10:24 -0700

A new Internet worm emerged today that is designed to seek out and fix any
computer that remains vulnerable to "Blaster," the worm that attacked more
than 500,000 computers worldwide last week.  The new worm scours the
Internet for computers already infected with Blaster and deletes the "bad"
worm, according to two anti-virus software vendors.  The worm then fixes the
computers with one of eight software patches developed by Microsoft Corp,
and it uses infected computers as a base for searching the Internet for
other vulnerable systems.  Blaster and the new worm both target
vulnerabilities in recent versions of Windows XP, Windows 2000 and Windows
NT 4.0.  Even though the new worm is "good," it can cause plenty of trouble
for computer users ...  Buried within the code of the new worm is the
message: "I love my wife & baby :-) ~~ Welcome Chian ~~ Notice: 2004 will
remove myself:-)~~ sorry."  [From the titled article by Brian Krebs, *The
Washington Post*, 18 Aug 2003]

Send PIF files in ZIP attachment to avoid virus detectors?

<"Olivier Dagenais" <>>
Wed, 20 Aug 2003 21:52:15 -0400

With the recent rebirth of the Sobig virus/worm, I have found myself on the
receiving end of many messages being bounced back, saying I reached accounts
that do not exist, are over quota or that do not allow certain attachments
to come through, such as in the following response:

  This message has been rejected because it has a potentially executable
  attachment "thank_you.pif" This form of attachment has been used by recent
  viruses or other malware.  If you meant to send this file then please
  package it up as a zip file and resend it.

The RISKS?  How long until a virus sends itself in a ZIP file attachment,
thereby bypassing traditional virus detection routines and people implicitly
trusting said attachments and their contents?  (doesn't most ZIP software
make ZIPs transparent to the users, anyway?)

Oh, and did I mention that the bounced message also included said
"potentially executable attachment"?  What a great virus re-distribution

(IIRC) PIF files were the precursors to shortcuts and never were meant to
contain executable code, so why EVER trust them as executable code?
(although banning them is a risk in itself, if some unfortunate soul were to
write a program to manage, say, personal information files...)

Do-Not-Spam list effort will be futile

<"NewsScan" <>>
Wed, 20 Aug 2003 09:16:15 -0700

Federal Trade Commission Chairman Timothy Muris says that even if efforts in
Congress to establish a "do-not-spam" list succeed, that won't fix the
problem of unwanted junk mail. "If such a list were established, I'd advise
customers not to waste their time and effort. Most spam is already so
clearly illegitimate that the senders are no more likely to comply with new
regulations than with the laws they now ignore." The drive toward setting up
a "do-not-spam" list has picked up steam following the popularity of the
FTC's recently established "do-not-call" registry for people who want to
stop telemarketing calls. Muris says the magnitude of the problem and the
fact that "spammers can easily hide their identities and cross international
borders," makes government regulation extremely difficult.  "In the end,
spam will be reduced, if at all, through several technological improvements,
as well as safer computing practices by others."  [AP 19 Aug 2003; NewsScan
Daily, 20 August 2003]

The Risks of Miniaturisation

<Gene Wirchenko <>>
Sun, 17 Aug 2003 12:30:24 -0700

I recently lost some very useful data.  It was on a USB memory stick.  As
far as I can tell, I forgot to remove the itty-bitty memory stick before
leaving a college workstation.  I did get the memory stick back, but it
occurred to me how very unlikely I would be to forget with something bigger.
I now attach the memory stick to my pants with the cord that came with it.

Update on NZ payphone failures (RISKS-22.86)

<Don Mackie <>>
Tue, 19 Aug 03 21:42:04 +1200

Some more details in the story at:

I had never heard of The Centre for Critical Infrastructure Protection
before. I work in health and am involved in some disaster preparedness
committees. Probably my own fault for not asking. They seem to be more
interested in information systems infrastructure than water/power.

Don Mackie <>

  [Error in Subject line in RISKS-22.86 is corrected in archives.  PGN]

Out of context numbers: It wasn't quite THAT bad...

< (Andrew Greene)>
Wed, 20 Aug 2003 12:54:48 -0400

PGN's summary in RISKS-22.85 included the sentence: "At least 50 million
people were affected."  But according to *The New York Times* ("How Many in
the Dark? Evidently Not 50 Million" by Mike McIntire, 17 Aug 2003, currently
at, that number was
actually the total population of the overall geographical areas served by
utility companies that were affected, and could be taken as a hard upper
limit on the number of customers affected. However, the number was lifted
out of context and then got exaggerated by politicians and news reporters
looking to make a big story sound even more impressive:

  "Approximately 61,800 megawatts of customer load was lost in an area that
  covers 50 million people. ... We cannot say with precision how many
  customers were affected at this time."  [...]  For instance, in the New
  York region, where approximately 18 million people live, nearly 20 percent
  of the available electricity remained on, according to the New York
  Independent System Operator, which monitors electrical usage.

    [Andrew, Just because someone was not out of power does not mean that
    person was not affected.  But you are quite correct.  The quoted 50
    million number was erroneously qualified.  TNX.  PGN]

Please report problems with the web pages to the maintainer