DAILY BRIEF Number: DOB02-143 Date: 12 September 2002 http://www.ocipep.gc.ca/DOB/DOB02-143_e.html
NEWS Hurricane Gustav hits eastern Canada Hurricane Gustav dropped 40-80 cm of rain on eastern Canada overnight. The Confederation Bridge between New Brunswick and Prince Edward Island was closed, and morning ferry runs were cancelled. Power was knocked out in parts of PEI and Cape Breton Island. There were also reports of minor flooding in northern PEI and Charlottetown. As of this morning, Hurricane Gustav has been downgraded to a sub-tropical storm and is moving across western Newfoundland. (Source: CBC News, 12 September 2002) Click here for the source article Depleted uranium journey to NYC undetected ABC News conducted a secret investigation which involved the carrying of a suitcase packed with 15 pounds of depleted uranium. The objective of this investigation was to determine if American authorities could detect radioactive material before it actually entered the country. Brian Ross of ABC News proceeded to take the suitcase on a 25-day trip through seven countries, departing from a European train station and concluding the journey in the New York City harbour. The suitcase was cleared after going through a state-of-the-art detection system and left the port without ever having been opened by U. S. Customs. (Source: abcnews.go.com, 11 September 2002) Click here for the source article Comment: Depleted uranium can be used to create "dirty bombs," which use conventional explosives to scatter radiological material around an area. IN BRIEF Canadian and U.S. pilots request smart I.D. at airports A spokesperson for the Air Line Pilots Association said that they are working on "smart cards" to identify airport employees in both the U.S. and Canada because too many workers have access to aircraft. The information on the card will feature biometrics data (i.e. iris and fingerprint). (Source: torontosun.com, 12 September 2002) Click here for the source article Klez virus still spreading widely A report issued by the Security Center of the Information-Technology Promotion Agency (IPA/ISEC) for the period of August to September 2002 indicated that the W32/Klez virus is propagating widely with more than 1,000 monthly incidents reported for the past five consecutive months. (Source: nikkeibp.asiabiztech.com, 12 September 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Central Command reports on Worm/Chet, which is a worm that is intended to propagate via Outlook e-mail. In Central Command's testing, the mass mailing routine did not work. The worm would arrive from "[EMAIL PROTECTED]" with the subject line "All people!!" and the attachment "11september.exe". http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.php?p_ refno=020910-000026 Symantec reports on Backdoor.Optix.04, which is a Trojan horse written in Delphi and packed with ASPack v2.10. It gives an attacker unauthorized access to an infected computer. By default, it opens port 27379 on the compromised computer. This Trojan attempts to disable some anti-virus and firewall programs by terminating processes. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optix.04.html Symantec reports on Backdoor.RCServ, which is a Trojan horse written in Delphi and packed with UPX v1.20. It gives an attacker unauthorized access to an infected computer. By default it opens port 4128 on the compromised computer. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.rcserv.html Symantec reports on VBS.Lavra.Worm, which is a VB Script worm that attempts to propagate via file-sharing networks such as KaZaA, Morpheus, BearShare, Grokster and ICQ. It disguises itself as a pornography-related program to trick users into downloading and opening it. The worm also attempts to delete files of various anti-virus and firewall programs. http://securityresponse.symantec.com/avcenter/venc/data/vbs.lavra.worm.html Symantec reports on W32.HLLC.Happylow, which is a companion virus that encrypts all .exe files that reside in the same folder as the virus and renames them with a .wal extension. It then makes a copy of itself as the original file name. http://securityresponse.symantec.com/avcenter/venc/data/w32.hllc.happylow.html Vulnerabilities SecurityFocus reports on a remotely exploitable denial-of-service vulnerability in MS Outlook Express 5.01, 5.0, 5.5 and 6.0. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/5682/discussion/ SecurityFocus reports on a remotely exploitable frame cross-site scripting vulnerability in MS Internet Explorer. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/5672/discussion/ SecurityFocus reports on remotely exploitable MS JVM 1.1 vulnerabilities. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/5670/discussion/ Additional vulnerabilities were reported in the following products: Netris 0.3, 0.4 and 0.5 remote memory corruption vulnerability (SecurityFocus) http://online.securityfocus.com/bid/5680/discussion/ phpGB 1.1, 1.2 and 1.3 PHP code, HTML and SQL injection vulnerabilities (SecurityFocus) http://online.securityfocus.com/bid/5679/discussion/ http://online.securityfocus.com/bid/5676/discussion/ http://online.securityfocus.com/bid/5673/discussion/ PHP (multiple versions) function CRLF injection vulnerability (SecurityFocus) http://online.securityfocus.com/bid/5681/discussion/ Cerulean Studios Trillian 0.73, 0.725 and 0.6351 credential encryption weakness (SecurityFocus) http://online.securityfocus.com/bid/5677/discussion/ WoltLab Burning Board 2.0 SQL injection vulnerability (SecurityFocus) http://online.securityfocus.com/bid/5675/discussion/ Mandrake Linux Kerberos 5 heap overflow (SecurityFocus) http://online.securityfocus.com/advisories/4462 Apple QuickTime ActiveX v5.0.2 buffer overflow (SecurityFocus) http://online.securityfocus.com/advisories/4466 Foundstone Savant Web Server 3.1 and previous buffer overflow vulnerability (SecurityFocus) http://online.securityfocus.com/advisories/4467 VERITAS Cluster Server unauthorized root access vulnerability (InfoSysSec) http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec.com/info syssec/aaa33.htm Tools MielieTool v.1.0 is a Perl-based web application "fuzzer" (SensePost) http://packetstorm.decepticons.org/filedesc/mieliekoek.pl.html AIM Sniff 0.4 is a utility for monitoring and archiving AOL Instant Messenger messages across a network that has the ability to do a live dump or read a PCAP file and parse the file for IM messages. (SourceForge.net) http://sourceforge.net/projects/aimsniff CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk