http://www.ocipep.gc.ca/DOB/DOB02-155_e.html 

DAILY BRIEF
Number: DOB02-155 Date: 30 September 2002

NEWS 

Mass vaccination against smallpox a "staggering task": Dr. Cushman
According to Dr. Robert Cushman, the city of Ottawa's Medical Officer of
Health, a mass vaccination of Ottawa residents in the event of a
smallpox outbreak would be a staggering task that would bring other
health care to a standstill. Commenting on new U.S. federal guidelines
for inoculating a city of one million people, Dr. Cushman described such
an operation as "almost like a war situation." The city would require
the operation of 20 emergency clinics, each staffed by 235 workers, and
would have to look after 5,000 patients during a 16-hour day. (Source:
canada.com, 29 September 2002)
Click here for the source article


Comment: The Canadian Smallpox Contingency Plan is currently being
updated. For details of the current plan, see
http://www.hc-sc.gc.ca/pphb-dgspsp/publicat/ccdr-rmtc/02vol28/28sup/acs1
.html

War in Iraq could trigger cyberconflict: study
Intelligence and security analysts warn that a U.S. war with Iraq could
trigger a flood of hacker activity directed at U.S. networks and
infrastructure. Attackers would include various Islamic hacking groups
who have generally been anti-U.S. and anti-Israel, as well as American
and European anti-war hackers. State-sponsored information warfare could
also be launched after a ground attack on Iraq. Targets in a widespread
cyberconflict would include large American companies and news media
organizations, the latter for propaganda-planting and denial-of-service
attacks. (Source: computerworld.com, 27 September 2002)
Click here for the source article


IN BRIEF  

Standards for disclosing software security flaws to be studied by OIS
The Organization for Internet Safety (OIS), which consists of software
vendors and security firms, will be pulling resources together to
develop standards for disclosing software security vulnerabilities.
(Source: computerworld.com, 27 September 2002)
Click here for the source article


Super bug will kill thousands
A new book entitled "The Killers Within," predicts an
antibiotic-resistant bacteria will be responsible for the deaths of more
than 40,000 North Americans every year, and the numbers will escalate if
the super-germs are not contained. "The bad bugs are getting stronger
and they're getting stronger faster," says co-author Mark Plotkin.
(Source: National Post, 28 September 2002). 
Click here for the source article


Comment: On Sunday, 29 September 2002, CBC News reported that a hospital
in British Columbia was trying to control an outbreak of an
antibiotic-resistant strain of bacteria amongst newborns. Three infants
had tested positive for methicillin-resistant straphylococcus (MRSA).
View article for additional information:
http://www.cbc.ca/stories/2002/09/29/babies_mrsa020929

Two improvement projects at Fredericton airport
On 27 September 2002, Transport Canada announced the awarding of two
contracts for airport improvement projects at the Greater Fredericton
Airport: one for the expansion of the Air Terminal Building arrivals
area, and the second for the expansion of the parking apron. (Source:
Transport Canada, 27 September 2002)
Click here for the source article


U.S. Department of Agriculture announces new measures against E. coli
contamination
The U.S. Department of Agriculture's Food Safety and Inspection Service
is adopting a series of new measures to further prevent Escherichia coli
(E. coli) O157:H7 contamination in ground beef. The new measures are
based on recent information indicating that E. coli O157:H7 is more
prevalent than was previously thought. A Federal Register notice
announcing these actions will be published. (Source: USDA, September
2002)
Click here for the source article

CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information
Products  

Threats

Trend Micro reports on WORM_CIANAM.A, which is a worm that propagates
via IRC, the Kazaa network and Outlook e-mail. It arrives with varying
subject lines (such as "Why are you so playful??") and attachments
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CIA
NAM.A


Trend Micro reports on WORM_ALCAUL.N, is a worm written in Visual Basic
that propagates via Outlook e-mail. It arrives with the subject line
"101 Reasons why ." and the attachment "Reasons.exe".
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALC
AUL.N

Vulnerabilities

Security Tracker reports on a remotely exploitable denial-of-service
vulnerability in Apache Web Server (2.0.41 and prior versions of the 2.0
series) 'mod_dav'. Follow the link for patch information.
http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec.
com/infosyssec/aaa33.htm


Additional vulnerabilities were reported in the following products:


Drupal 4.0.0 HTML injection vulnerability. (SecurityFocus)
http://online.securityfocus.com/bid/5801/discussion/


ACWeb 1.8 and 1.14 cross-site scripting vulnerability. (SecurityFocus)
http://online.securityfocus.com/bid/5793/discussion/


Monkey HTTP Server 0.1.4 file disclosure vulnerability. (SecurityFocus)
http://online.securityfocus.com/bid/5792/discussion/


OpenVMS (multiple versions) UCX POP Server arbitrary file modification
vulnerability. (SecurityFocus)
http://online.securityfocus.com/bid/5790/discussion/


Invision Board information disclosure vulnerability. (Security Tracker)
http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec.
com/infosyssec/aaa33.htm


vBulletin prior to 2.2.8 command execution vulnerability. (Security
Tracker)
http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec.
com/infosyssec/aaa33.htm


DaCode 1.2.0 HTML injection vulnerability. (SecurityFocus)
http://online.securityfocus.com/bid/5798/discussion/


NPDS 4.8 HTML injection vulnerability. (SecurityFocus)
http://online.securityfocus.com/bid/5797/discussion/


PHPNuke 6.0 cross-site scripting and SQL and HTML injection
vulnerabilities. (SecurityFocus)
http://online.securityfocus.com/bid/5788/discussion/
http://online.securityfocus.com/bid/5799/discussion/
http://online.securityfocus.com/bid/5796/discussion/


Shana Designer and Filler 3.5 information disclosure vulnerability.
(SecurityFocus)
http://online.securityfocus.com/bid/5795/discussion/


NullLogic 0.6.4 Null Webmail format string vulnerability.
(SecurityFocus)
http://online.securityfocus.com/bid/5794/discussion/


TDForum1.2 and earlier script injection vulnerability. (CERT/CC)
http://www.kb.cert.org/vuls/id/782243


Pi-Soft SpoonFTP directory traversal vulnerability. (CERT/CC)
http://www.kb.cert.org/vuls/id/794211

Tools
There are no new updates to report at this time. 


 

CONTACT US  

For additions to, or removals from the distribution list for this
product, or to report a change in contact information, please send to:
Email: [EMAIL PROTECTED]

For urgent matters or to report any incidents, please contact OCIPEP's
Emergency Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094
Email: [EMAIL PROTECTED]

For general information, please contact OCIPEP's Communications Division
at:

Phone: (613) 991-7035 or 1-800-830-3118
Fax: (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site: www.ocipep-bpiepc.gc.ca

Disclaimer
The information in the OCIPEP Daily Brief has been drawn from a variety
of external sources. Although OCIPEP makes reasonable efforts to ensure
the accuracy, currency and reliability of the content, OCIPEP does not
offer any guarantee in that regard. The links provided are solely for
the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible
for the information found through these links. 
  
        





IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk


Reply via email to