DAILY BRIEF Number: DOB02-151 Date: 24 September 2002 http://www.ocipep.gc.ca/DOB/DOB02-151_e.html
NEWS Derailed CN train spills fuel in Quebec A Canadian National (CN) train, en route from Toronto to Senneterre, derailed in the Mauricie Region of Quebec on Sunday night. Diesel fuel spilled from one of the train cars onto the tracks and the ground nearby. A CN spokesperson stated that an investigation is in progress to determine the cause of the derailment and whether the fuel spill will be harmful to the environment. No injuries were reported. (Source: canada.com, 23 September 2002) Click here for the source article Comment: There does not appear to be significant damage from the spill of approximately 7,000 gallons (26,498 litres) of diesel. A team was on the scene on Monday to start the clean-up process. Service on the rail line is expected to resume on Wednesday. NIPC releases hacktivisim assessment On 23 September 2002, the U.S. National Infrastructure Protection Center (NIPC) released an assessment entitled Hacktivism in Connection with Protest Events of September 2002, which warns of the potential for hacktivism in conjunction with the upcoming World Bank and IMF meetings to be held in Washington, DC this week. The NIPC recommends that recipients monitor their information systems and networks for computer intrusions during the events listed above. The assessment can be viewed at: http://www.nipc.gov/warnings/assessments/2002/02-002.htm U.S releases National Security Strategy On 17 September 2002, the Bush Administration released its latest national strategy to protect American interests. The National Security Strategy largely abandons the concept of military deterrence-which dominated defence policies during the Cold War years-for a forward-reaching, pre-emptive strategy against hostile states and terrorist groups. The strategy document also outlines a policy of multilateralism to: defuse regional conflicts; prevent enemies from using weapons of mass destruction against the United States, it allies and friends; support and promote a new era of global economic growth through free markets and free trade; expand the development of open societies and build the infrastructure of democracy; reduce the toll of HIV/AIDS and other infectious diseases; and, transform the U.S. military to meet 21st century challenges. Comment: The latest strategy is an enclosed document to the Homeland Security Strategy released on 6 June 2002 and overarches the recently released National Strategy to Secure Cyberspace. For the complete text of the National Security Strategy of the United States of America please see http://www.whitehouse.gov/nsc/nss.html IN BRIEF West Nile (WN) virus According to the chair of Toronto's Board of Health, the WN virus has hit Ontario and the Greater Toronto area faster than anticipated. The board is considering alternatives to chemical "fogging," including the use of non-chemical larvicide or synthetic hormones. (Source: thestar.com, 24 September 2002) Click here for the source article Comment: Additional information on the WN virus can be found on the OCIPEP web site at: http://www.ocipep.gc.ca/otherlinks/hlinx_e.html New version of Slapper worm starts spreading A new version of the Slapper B worm, dubbed Slapper C, has started infecting servers. Patches are available for all variants of the worm. (Source: vnunet.com, 24 September 2002) Click here for the source article Ontario hydro bills increase sharply Consumers in Ontario have been paying an average of 30 percent more for their electricity over the summer months, according to a media report. Energy suppliers credit higher summer temperatures for the increase in the market price of energy. (Source: globeandmail.ca, 24 September 2002) Click here for the source article Comment: The OCIPEP Daily Brief DOB02-116, released on 2 August 2002, noted that higher than usual temperatures this past summer, coupled with high use of air conditioners, had prompted Ontario's electricity distributor to warn residents that they should consider cutting back their energy consumption to reduce the load on the system. Homeowners may receive $1,000 from Ottawa to help conserve energy As part of the consumer portion of Canada's draft plan to put into action the Kyoto Protocol, federal officials stated that Ottawa is considering offering homeowners rebates as high as $1,000 if they make their homes more energy efficient. (Source: globeandmail.ca, 23 September 2002) Click here for the source article U.S. planning to revert back to code yellow Government officials believe that President Bush may decide to lower the Homeland Security alert level back from orange (high) to yellow (elevated) in the next few days. (Source: nandotimes.com, 23 September 2002) Click here for the source article FBI and Secret Service join forces to investigate cyber crimes During the launching of the National Strategy to Secure Cyberspace last week, it was announced that the FBI National Infrastructure Protection Center (NIPC) and the Secret Service will commence a new pilot program that will be aimed at bringing together employees from both agencies to work collectively while investigating cyber crimes. (Source: govexec.com, 23 September 2002) Click here for the source article Comment: On 18 September 2002, OCIPEP released Information Note IN02-006 pertaining to the National Strategy to Secure Cyberspace and its implications for OCIPEP. The OCIPEP Daily Brief DOB02-130, released on 23 August 2002, noted that the success of the Secret Service Electronic Crime Task Force (ECTF) established in New York was leading to the expansion of the ECTF program to several other major U.S. cities. CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Sophos reports on XM97/Divi-AS, which is an Excel macro virus that creates the viral file 874.xls in the XLSTART folder. http://sophos.com/virusinfo/analyses/xm97divias.html Symantec reports on Trojan.PSW.Ajim_bbs, which is a password-stealing Trojan horse that will also modify various default settings for Internet Explorer. The default file name for the Trojan is Setup.exe. http://securityresponse.symantec.com/avcenter/venc/data/trojan.psw.ajim_bbs.html Symantec reports on W32.HLLP.Alpoor, which is a simple prepender virus written in Visual Basic .NET. The virus will only work under Windows 2000 and Windows XP with the .NET framework installed. http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.alpoor.html Symantec reports on Backdoor.DarkFtp, which is a Trojan horse that gives an attacker unauthorized access to an infected computer. By default, it opens port 6667 on the compromised computer. The compromised system is then controlled by commands transmitted over IRC. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.darkftp.html Vulnerabilities SecurityFocus reports on a remotely exploitable file disclosure vulnerability in MS Word (multiple versions) INCLUDEPICTURE document sharing that could allow an attacker to obtain the contents of files residing on a user's system. No known patch is available at this time. http://online.securityfocus.com/bid/5764/discussion/ SecurityFocus reports on a remotely exploitable command execution vulnerability in Apple Mac OS X 10.2 (Jaguar) Terminal.APP Telnet Link. View the "Solution" tab for upgrade information. http://online.securityfocus.com/bid/5768/discussion/ SecuriTeam reports on a locally exploitable proxy vulnerability in Checkpoint Firewall-1 4.1 and NG HTTP Security Server that could allow an unauthenticated attacker to bypass it. Follow the link for more information. http://www.securiteam.com/securitynews/5IP0M0K8AE.html SecuriTeam reports on a remotely exploitable vulnerability in Cisco systems' SIP-based IP Phones 7960 that could lead to complete control of a user's credentials, the total subversion of a user's settings for the IP Telephony network, and the ability to subvert the entire IP Telephony environment. Follow the link for more information. http://www.securiteam.com/securitynews/5MP0Q0K8AW.html Additional vulnerabilities were reported in the following products: SquirrelMail 1.2.7 cross-site scripting vulnerabilities. (SecurityFocus) http://online.securityfocus.com/bid/5763/discussion/ Trillian IRC 0.73 and 0.74 PRIVMSG and IRC JOIN buffer overflow vulnerabilities. (SecurityFocus) http://online.securityfocus.com/bid/5755/discussion/ http://online.securityfocus.com/bid/5765/discussion/ Trillian IRC 0.73, 0.74 and 0.725 User Mode buffer overflow vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5769/discussion/ Sendmail 8.12.0-8.12.6 Long Ident logging circumvention weakness. (SecurityFocus) http://online.securityfocus.com/bid/5770/discussion/ Tools ARP0c is a connection interceptor (using ARP spoofing and a bridging engine). http://www.phenoelit.de/arpoc/ CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
