OCIPEP DAILY BRIEF Number: DOB02-166 Date: 16 October 2002 http://www.ocipep.gc.ca/DOB/DOB02-166_e.html
NEWS State of the Lakes Ecosystem Conference (SOLEC) to begin today Canadian and American experts are meeting at SOLEC this week to talk about the environmental health of the Great Lakes. The conferences are hosted by the U. S. Environmental Protection Agency and Environment Canada on behalf of the two Countries every two years in response to the binational Great Lakes Water Quality Agreement. At SOLEC 2002, a report will be tabled that presents information on over half of the key environmental indicators identified since the conference series began eight year ago. Identification of additional work on other indicators will also be part of the discussions. It is hoped that within the next ten years, the two nations can agree upon all the significant environmental indicators and examine and assess the data they reveal. (Source: Environment Canada) Click here for the source article OCIPEP Comment: The two nations have made the health of the Great Lakes one of their prime, joint concerns. As reported in OCIPEP Daily Brief DOB02-031 release 3 April 2002, the U.S. Environmental Protection Agency produced a Strategic Plan for the Great Lakes Ecosystems to address the long-term sustainability of the Great Lakes system. Canada has a similar plan in place, which is coordinated by the Great Lakes Sustainability Fund (GLSF). The International Joint Commission (IJC), a body jointly represented by Canadian and American senior officials with a mandate to "help prevent and resolve disputes relating to the use and quality of boundary waters and to advise Canada and the United States on related questions,, recently released its Eleventh Biennial Report on Great Lakes Water Quality, on September 12. For additional information on the Great Lakes Water Quality Agreement and its implications, visit the Environment Canada website at: http://www.on.ec.gc.ca/glwqa/ Gulf, Asian oil tankers warned of attack danger Oil tankers in Middle Eastern, Pakistani and Indonesian waters have been alerted to the possibility of attacks following last week's explosion on an oil tanker off Yemen, according to the International Maritime Bureau (IMB), a global ocean crime watchdog. The first IMB warning was issued to global shipping on Sunday, but warnings will continue on a daily basis until the IMB decides the danger has passed. The IMB appealed to governments and port authorities to tighten up security around oil tankers by declaring approach channels for tankers off-limit areas for unauthorized craft. (Source: news.yahoo.com, 14 October 2002) Click here for the source article OCIPEP Comment: As reported in OCIPEP Daily Brief DOB02-160, the U.S. Navy made similar advisories on September 10 as a precautionary measure leading into the 9-11 memorial. OCIPEP has no information respecting specific threats to Canadian oil, gas and energy facilities. U.S. to consider mass smallpox vaccination The Advisory Council on Immunization Practices, a group that drafts vaccine policy for the Centers for Disease Control (CDC) and the secretary of Health and Human Services, is engaged in a two-day meeting substantially devoted to whether and when smallpox vaccination should begin again after 30 years. Medical experts are urging limited use of the vaccine. Government officials have advocated much wider distribution. Proposals being considered by the White House include offering the vaccine to the entire population within about a year. (Source: ajc.com, 13 October 2002) Click here for the source article OCIPEP Comment: As reported in the OCIPEP Daily Brief DOB02-162, the British government is considering mass vaccination against smallpox as well. According to a Health Canada official, Canada's smallpox strategy is under review and is currently in the consultation process. IN BRIEF New Brunswick train derailment - Update Representatives from local and federal governments were on site to evaluate the situation with regard to the leaking of hazardous materials from three of the derailed cars. Chemicals involved are Sodium chlorate (powder), Sulfuric acid (liquid) and a wax emulsion (glue). A relatively small amount of Sulfuric acid had leaked, and the rest of the contents was pumped out. (Source: NB RD, 15 October 2002) Click here for the source article West Nile virus The West Nile (WN) virus may be taking on new forms. Reports indicate that there have been four cases of "polio-like" paralysis in Michigan, caused by the WN virus. All four patients were young and did not demonstrate any other symptoms related to the WN virus, when one or more of their limbs became paralyzed within hours. (Source: nature.com, 16 October 2002) Click here for the source article Interpol encourages global co-operation to fight cybercrime Members from 37 different countries met this week at an Interpol conference to discuss ways to improve co-operation in investigating online offences. Interpol encourages member countries to establish new laws to deal with cybercrime, and to develop partnerships at the international level. (Source: reuters.com, 16 October 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Central Command reports on Worm/Apbost.d, which is a worm that infects files with the extensions: *.bat, *.com, *.exe, *.pif, and *.scr by inserting its viral code at the beginning of each file. http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad p.php?p_refno=021014-000016 Symantec reports on W32.HLLW.Tufas, which is a worm written in Borland Delphi and compressed with UPX that propagates via IRC. It also has backdoor capabilities that can give a hacker access to a computer. The size is about 627,712 Bytes in length after it is decompressed. http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.tufas.h tml Symantec reports on W32.Lamecada@mm, which is a worm that propagates via Outlook e-mail. It arrives with the subject line "Internet Explorer Bugs Fix Setup" and the attachment "Setup.exe". http://securityresponse.symantec.com/avcenter/venc/data/w32.lamecada@mm. html Symantec reports on Backdoor.Theef, which is a Trojan horse written in Delphi that can allow unauthorized access to an infected computer. It opens port 9871 to listen for a connection. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.theef.b .html Symantec reports on Backdoor.DarkSky.C, which is a Trojan horse that is used to gain unauthorized access to an infected computer. It copies itself to the %windir% and %system% folders. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.darksky .c.html Trend Micro reports on UNIX_ALUTAPS.A, which is a Trojanized version of Sendmail 8.12.6 that compromises security on affected UNIX systems. More information on this malware is available at CERTR Advisory CA-2002-28 Trojan Horse Sendmail Distribution http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=UNIX_ALU TAPS.A Vulnerabilities SecuriTeam reports on a remotely exploitable information leak vulnerability in Symantec Enterprise Firewall 6.5.2, Raptor Firewall 6.5 and 6.5.3 Secure Webserver 1.1. Follow the link for patch information. http://www.securiteam.com/securitynews/6F00G1F5PE.html Additional vulnerabilities were reported in the following products: PHPRank 1.8 unauthorized access, admin password plain text storage, code injection and cross-site scripting vulnerabilities. (SecurityFocus) http://online.securityfocus.com/bid/5948/discussion/ http://online.securityfocus.com/bid/5947/discussion/ http://online.securityfocus.com/bid/5946/discussion/ http://online.securityfocus.com/bid/5945/discussion/ PHPBBMod 1.3.3 information disclosure vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5942/discussion/ MondoSearch 4.4 source disclosure vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5941/discussion/ PHPReactor 1.2.7 pl1 cross-site scripting vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5939/discussion/ Nylon Proxy 0.2 denial-of-service vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5938/discussion/ Syslog-ng 1.4.15 and 1.5.20 buffer overflow vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5934/discussion/ PHPNuke 6.0 multiple script code filtering vulnerabilities. (SecurityFocus) http://online.securityfocus.com/bid/5953/discussion/ KDE 3.0.1-3.0.3 file disclosure vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5951/discussion/ OpenOffice 1.0.1 insecure temporary file symbolic link vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5950/discussion/ SquirrelMail 1.2.7 web root path disclosure vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5949/discussion/ OpenServer 5.0.5 and 5.0.6 buffer overflow in multiple DNS Resolver libraries. (SecurityFocus) http://online.securityfocus.com/advisories/4551 ATP HTTP Daemon 0.4b and prior buffer overflow vulnerability. (SecuriTeam) http://www.securiteam.com/unixfocus/6A00B1F5PG.html J2EE EJB privacy leak and denial-of-service vulnerabilities. (SecuriTeam) http://www.securiteam.com/unixfocus/6C00D1F5PM.html GazTek 1.4-3 and prior HTTP Daemon buffer overflow. (SecuriTeam) http://www.securiteam.com/unixfocus/6D00E1F5PO.html Daniel Arenz' Mini Server 2.1.6 directory traversal and log hogging vulnerabilities. (SecuriTeam) http://www.securiteam.com/windowsntfocus/6G00H1F5PW.html My Web Server 1.0.2 long URL crashing vulnerability. (SecuriTeam) http://www.securiteam.com/windowsntfocus/6H00I1F5PA.html TelCondex SimpleWebServer 2.06.20817 Build 3128 long URL crashing vulnerability. (SecuriTeam) http://www.securiteam.com/windowsntfocus/6B00B1F5QS.html Polycom ViaVideo 2.2 and 3.0 Web Component security vulnerabilities. (SecuriTeam) http://www.securiteam.com/windowsntfocus/6D00D1F5QE.html Tools Fake AP 0.3.1 generates counterfeit 802.11b beacon frames with random ESSID, BSSID (MAC), and channel assignments. http://www.blackalchemy.to/Projects/fakeap/fake-ap.html CONTACT US To add or remove a name from the distribution list, or to modify existing contact information, e-mail: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP's Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP's Communications Division at: Phone: (613) 944-4875 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk