OCIPEP DAILY BRIEF Number: DOB02-146 Date: 17 September 2002 http://www.ocipep.gc.ca/DOB/DOB02-146_e.html
NEWS Slapper worm continues to spread The Linux Slapper worm continued to spread quickly over the weekend and into Monday, with more than 6,700 compromised servers as of early Monday morning. The worm is creating a peer-to-peer attack network that could eventually be used to hit other servers, according to Al Huger, an official at security company Symantec. Huger warns that "with the pipes these (infected servers) are connected to, this network could easily take a large enterprise off the Internet." (Source: CNet News.com, 16 September 2002) Click here for the source article Comment: For more information on this worm, see OCIPEP Advisory AV02-042. Pipeline construction plan criticized by NWT government Imperial Oil's plan to speed up development of a Mackenzie Valley pipeline may not be realistic, according to the Northwest Territory's minister of economic development. The plan to have gas flowing by 2007 is a year sooner than previous estimates and may not provide enough time for the environmental review process, which is expected to take two to three years to complete. Construction would take another three years. The company will also need to negotiate revenue sharing with the Deh Cho First Nations. (Source: CBC News, 16 September 2002) Click here for the source article Comment: Two northern pipeline projects are currently at the planning stage: one from the Alaska gas fields through Yukon down to the U.S. markets and another running from the Mackenzie Delta to northern Alberta. Media reports have suggested that U.S. subsidies may speed up the Alaskan project. Background information on the Mackenzie pipeline project can be viewed at http://www.aboriginalpipeline.ca/pdfs/MackenzieGasProject.pdf. Research to protect Canadians in case of CBRN attack Two 5-year research projects aimed at protecting Canadians in the event of a chemical, biological or nuclear attack will soon be undertaken by Cangene, a Winnipeg-based biotechnology company. Research, which is estimated to cost $170 million, will be funded by the federally launched Chemical, Biological, Radiological or Nuclear Research and Technology Initiative and will be administered by Defence Research and Development, a National Defence agency. "These projects are in direct response to the heightened interest in biological warfare," said Dr. John Langstaff, Cangene president and CEO. The first project will target creating and manufacturing antibodies which would be needed to treat the Ebola and Marburg viruses. The second project will study how Leucotropin, a protein which was developed by the company and used to fight cancer, may also be effective to treat white-blood cell damage emanating from exposure to radiation. (Source: globeandmail.ca, 17 September 2002) Click here for the source article Securing the power grid An attack on North America's power grid could have serious consequences for the entire global economy. One proposed solution is locally generated energy and decentralized power grids, using renewable sources of energy. This would then be used to electrolyze water and separate out hydrogen that can be used to power fuel cells. (Source: globeandmail.com, 16 September 2002) Click here for the source article Comment: An economical industrial process for producing hydrogen has not yet been developed, largely because a suitably low-cost catalyst for the process has not been discovered. White House Official Release of the National Strategy to Secure Cyberspace Richard Clarke, Special Advisor to the President on Cyber Security, will publicly unveil a draft U.S. National Strategy for Securing Cyberspace on September 18 at Stanford University in California. The over 2,000-page strategy is a companion to the National Strategy for Homeland Security that was released in July by Tom Ridge, Director of the Office of Homeland Security. Among the speakers participating in the event will be Margaret Purdy, Associate Deputy Minister for National Defence with responsibility for OCIPEP, who will highlight the importance of Canada-U.S. critical infrastructure protection cooperation and the need to address the global dimensions of cyber security. Comment: The Strategy will be made publicly available on the White House web site immediately following the public announcement on a feedback link at: www.securecyberspace.gov. It is portrayed by U.S. officials as a "living document" to be refined through consultations with the public and the private sector. For additional information please see http://www.computerworld.com/governmenttopics/government/policy/story/0,10801,74 296,00.html IN BRIEF Ontario West Nile patient dies A man infected with the West Nile virus died in Mississauga on September 16, according to an Ontario Health Ministry official. (Source: thestar.com, 16 September 2002) Click here for the source article Canadian customs inspectors should be armed: Union Members of the Customs Excise Union will again demand that the government allow customs inspectors to carry firearms. The Union is also stating that many border points have still not received new equipment designed to detect terrorists and that they are still short-staffed. (Source: canoe.ca, 16 September 2002) Click here for the source article U.S. Congress considers limiting IT vendor liability The U.S. Congress is considering a proposal that would limit the liability of IT companies supplying secure systems technology to government offices in the event that their product fails to stop terrorist attacks on government networks. (Source: computerworld.com, 16 September 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Central Command reports on Worm/Linux.Slapper, which is a Linux-based worm that uses the known OpenSSL buffer overflow exploit (August 2002), which allows it to run a shell on a remote system. It targets vulnerable Apache Web server installs on Linux operating systems. The versions affected include: Debian, Mandrake, RedHat, Slackware and SuSE. The worm also contains a backdoor component that can be used to start up a series of denial-of-service attacks. http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.php?p_ refno=020916-000006 Comment: For additional information, see: News - Slapper worm continues to spread Symantec reports on W32.Efno.Worm, which is a worm written in Visual Basic that attempts to propagate via KaZaA using the file name "Win XP SP1 cracker.exe.". When this worm runs, it changes several KaZaA registry keys causing it to be accessible to other users. http://securityresponse.symantec.com/avcenter/venc/data/w32.efno.worm.html Vulnerabilities CERT/CC reports on a vulnerability in multiple vendors' e-mail content/virus scanners, which do not adequately check "message/partial" MIME entities resulting in a failure to detect viruses, malicious code, or other restricted content. Follow the link for more information. http://www.kb.cert.org/vuls/id/836088 CERT/CC reports on a vulnerability in Jakarta Tomcat, which serves JSP source code when supplied malformed HTTP requests. Follow the link for more information. http://www.kb.cert.org/vuls/id/208131 CERT/CC reports on a buffer overflow vulnerability in IBM AIX FC that causes the FC client to crash. Follow the link for more information. http://www.kb.cert.org/vuls/id/152955 Additional vulnerabilities were reported in the following products: Trend Micro InterScan VirusWall 3.52 and 3.6 content-encoding and transfer-encoding bypass vulnerabilities. (SecurityFocus) http://online.securityfocus.com/bid/5701/discussion/ http://online.securityfocus.com/bid/5697/discussion/ Mac OS X 10.2 (Jaguar) unauthorized access vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5705/discussion/ Gabriele Bartolini ht://Check 1.1 script injection vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5699/discussion/ Avaya IP Office 1.0 denial-of-service vulnerability (SecurityFocus) http://online.securityfocus.com/bid/5704/discussion/ Tolis Group BRU 17.0 Linux XBRU insecure temporary file vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5708/discussion/ Savant Webserver 3.1 and prior denial-of service-vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5707/discussion/ Savant Webserver 3.1 and prior denial-of-service and file disclosure vulnerabilities. (SecurityFocus) http://online.securityfocus.com/bid/5706/discussion/ http://online.securityfocus.com/bid/5709/discussion/ Altavista BabelFish cross-site scripting vulnerability. (SecuriTeam) http://www.securiteam.com/securitynews/5DP0B1P8AK.html Lycos HTMLGear script injection vulnerability. (SecuriTeam) http://www.securiteam.com/securitynews/5EP0C1P8AK.html W3C HTML Validator cross-site scripting vulnerability. (SecuriTeam) http://www.securiteam.com/securitynews/5FP0D1P8AK.html W3C CSS Validator proxying attack vulnerability. (SecuriTeam) http://www.securiteam.com/securitynews/5GP0E1P8AK.html Ssldump Protocol Analyzer buffer overflows vulnerabilities. (Security Tracker) http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec.com/info syssec/aaa33.htm Network Associates WebShield SMTP Virus Scanner can be bypassed with fragmented 'partial' e-mail messages. (Security Tracker) http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec.com/info syssec/aaa33.htm Tools Nessus 1.2.5 is a free, up-to-date, and full-featured remote security scanner for Linux, BSD, Solaris and some other systems. http://www.nessus.org/ Syscall Tracker 0.74 is a very powerful tool for Linux 2.2 and 2.4 which allows users to write rules to track system calls. http://syscalltrack.sourceforge.net/ Ssldump 0.9b3 is an SSLv3/TLS network protocol analyzer. http://www.rtfm.com/ssldump/ CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk