http://www.ocipep.gc.ca/DOB/DOB02-155_e.html
DAILY BRIEF Number: DOB02-155 Date: 30 September 2002 NEWS Mass vaccination against smallpox a "staggering task": Dr. Cushman According to Dr. Robert Cushman, the city of Ottawa's Medical Officer of Health, a mass vaccination of Ottawa residents in the event of a smallpox outbreak would be a staggering task that would bring other health care to a standstill. Commenting on new U.S. federal guidelines for inoculating a city of one million people, Dr. Cushman described such an operation as "almost like a war situation." The city would require the operation of 20 emergency clinics, each staffed by 235 workers, and would have to look after 5,000 patients during a 16-hour day. (Source: canada.com, 29 September 2002) Click here for the source article Comment: The Canadian Smallpox Contingency Plan is currently being updated. For details of the current plan, see http://www.hc-sc.gc.ca/pphb-dgspsp/publicat/ccdr-rmtc/02vol28/28sup/acs1 .html War in Iraq could trigger cyberconflict: study Intelligence and security analysts warn that a U.S. war with Iraq could trigger a flood of hacker activity directed at U.S. networks and infrastructure. Attackers would include various Islamic hacking groups who have generally been anti-U.S. and anti-Israel, as well as American and European anti-war hackers. State-sponsored information warfare could also be launched after a ground attack on Iraq. Targets in a widespread cyberconflict would include large American companies and news media organizations, the latter for propaganda-planting and denial-of-service attacks. (Source: computerworld.com, 27 September 2002) Click here for the source article IN BRIEF Standards for disclosing software security flaws to be studied by OIS The Organization for Internet Safety (OIS), which consists of software vendors and security firms, will be pulling resources together to develop standards for disclosing software security vulnerabilities. (Source: computerworld.com, 27 September 2002) Click here for the source article Super bug will kill thousands A new book entitled "The Killers Within," predicts an antibiotic-resistant bacteria will be responsible for the deaths of more than 40,000 North Americans every year, and the numbers will escalate if the super-germs are not contained. "The bad bugs are getting stronger and they're getting stronger faster," says co-author Mark Plotkin. (Source: National Post, 28 September 2002). Click here for the source article Comment: On Sunday, 29 September 2002, CBC News reported that a hospital in British Columbia was trying to control an outbreak of an antibiotic-resistant strain of bacteria amongst newborns. Three infants had tested positive for methicillin-resistant straphylococcus (MRSA). View article for additional information: http://www.cbc.ca/stories/2002/09/29/babies_mrsa020929 Two improvement projects at Fredericton airport On 27 September 2002, Transport Canada announced the awarding of two contracts for airport improvement projects at the Greater Fredericton Airport: one for the expansion of the Air Terminal Building arrivals area, and the second for the expansion of the parking apron. (Source: Transport Canada, 27 September 2002) Click here for the source article U.S. Department of Agriculture announces new measures against E. coli contamination The U.S. Department of Agriculture's Food Safety and Inspection Service is adopting a series of new measures to further prevent Escherichia coli (E. coli) O157:H7 contamination in ground beef. The new measures are based on recent information indicating that E. coli O157:H7 is more prevalent than was previously thought. A Federal Register notice announcing these actions will be published. (Source: USDA, September 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Trend Micro reports on WORM_CIANAM.A, which is a worm that propagates via IRC, the Kazaa network and Outlook e-mail. It arrives with varying subject lines (such as "Why are you so playful??") and attachments http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CIA NAM.A Trend Micro reports on WORM_ALCAUL.N, is a worm written in Visual Basic that propagates via Outlook e-mail. It arrives with the subject line "101 Reasons why ." and the attachment "Reasons.exe". http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALC AUL.N Vulnerabilities Security Tracker reports on a remotely exploitable denial-of-service vulnerability in Apache Web Server (2.0.41 and prior versions of the 2.0 series) 'mod_dav'. Follow the link for patch information. http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec. com/infosyssec/aaa33.htm Additional vulnerabilities were reported in the following products: Drupal 4.0.0 HTML injection vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5801/discussion/ ACWeb 1.8 and 1.14 cross-site scripting vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5793/discussion/ Monkey HTTP Server 0.1.4 file disclosure vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5792/discussion/ OpenVMS (multiple versions) UCX POP Server arbitrary file modification vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5790/discussion/ Invision Board information disclosure vulnerability. (Security Tracker) http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec. com/infosyssec/aaa33.htm vBulletin prior to 2.2.8 command execution vulnerability. (Security Tracker) http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec. com/infosyssec/aaa33.htm DaCode 1.2.0 HTML injection vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5798/discussion/ NPDS 4.8 HTML injection vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5797/discussion/ PHPNuke 6.0 cross-site scripting and SQL and HTML injection vulnerabilities. (SecurityFocus) http://online.securityfocus.com/bid/5788/discussion/ http://online.securityfocus.com/bid/5799/discussion/ http://online.securityfocus.com/bid/5796/discussion/ Shana Designer and Filler 3.5 information disclosure vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5795/discussion/ NullLogic 0.6.4 Null Webmail format string vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5794/discussion/ TDForum1.2 and earlier script injection vulnerability. (CERT/CC) http://www.kb.cert.org/vuls/id/782243 Pi-Soft SpoonFTP directory traversal vulnerability. (CERT/CC) http://www.kb.cert.org/vuls/id/794211 Tools There are no new updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP's Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP's Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk