DAILY BRIEF Number: DOB02-032 Date: 04 April 2002 NEWS
Oil Spill Near Newfoundland Coast The Coast Guard was keeping a close eye on the area where the Russian shrimp trawler "Katsheshuk" sank off Cape St. Francis, approximately 20 kilometres north of St. John's, Newfoundland. Local residents and crab fishermen were worried that diesel fuel leaking from the wreck may pose a threat to their livelihood. A spokesperson for the Coast Guard said Wednesday that the fuel was down to a 50 by 100-foot area and was dispersing quickly. At the time of the sinking, there were approximately 430,000 litres of diesel fuel on board the vessel. (Source: CBC News, 3 April 2002) http://www.cbc.ca/ Comment: An oil slick was identified as a result of this incident. It appeared to be moving toward the Baccalieu Island Ecological Reserve. For more information on this incident and others that occur across Canada, visit our incident mapping web pages at: http://www.ocipep.gc.ca/emergencies/incidents/index_e.html Better Management Needed for Improved IT Security Senior managers at U.S. government agencies need to get more involved in educating employees about computer security, according to federal IT officials. While there are firewalls and intrusion detection systems available, only people can be held accountable for IT security, said Daryl White, the Interior Department's chief information officer. Cyber security experts stress that the prevention of attacks will require federal agencies to make information security an integral part of their infrastructures, and vendors will have to make it a "built in" part of their software. Agencies also must find ways to share sensitive information about system vulnerabilities without divulging them to the general public or potential hackers. To this end, the Federal Computer Incident Response Capability (FedCIRC) is developing a "secure collaboration" initiative that will allow agencies to discuss vulnerabilities and other security matters through secure chat rooms. FedCIRC is also looking into a "patch authentication" capability that would guide federal agencies on the selection of the best software patches to fix vulnerabilities on their systems. (Source: govexec.com, 3 April 2002) http://www.govexec.com/ IN BRIEF Americans Become Less Positive About Surveillance: Poll A poll conducted in the U.S. last month shows that the number of Americans favouring expanded surveillance by law enforcement agencies in the war against terrorism has declined slightly in the past six months. Positive responses were down on questions pertaining to the use of face-recognition technologies, the creation of a national ID system, and the need for government to better monitor banking and credit card transactions. (Source: Newsbytes, 3 April 2002) http://www.newsbytes.com/ Cyberattacks on the Increase Overall security on the Internet has been hampered by repeated denial of service (DoS) attacks and an increase in hybrid attacks, such as Code Red and Nimda, according to security firm Internet Security Systems (ISS). While the September 11 terrorist attacks have not led to significant cyberattacks, the risks that come with using the Internet "will continue to increase as long as fundamental Internet risk factors are not lessened in some way." ISS adds that "attacks are now global in scope and round-the-clock in occurrence." (Source: Infoworld.com, 3 April 2002) http://www.infoworld.com/ Police Prepare for G8 Summit The RCMP and Calgary police will be prepared for any type of incident at the G8 Summit in June. They are developing the capacity to respond to more serious attacks, including chemical weapons, terrorism and even a nuclear attack, according to a Calgary police official, who added that "anything that has happened anywhere else in the world could happen in Calgary." (Source: Calgary Herald, 3 April 2002) http://www.canada.com/calgary/calgaryherald/ Comment: Anti-globalization protesters and environmental activists from around the world are planning large demonstrations in Calgary and Kananaskis Country for the Summit. Major events are also being organized in Ottawa and other cities in Canada to coincide with the 26-27 June event. SSL Encryption Technology May Be Vulnerable: Study Servers using Secure Socket Layer (SSL) encryption technology may be vulnerable to hackers if their public key, which is used to guarantee the authenticity of a transaction, is not at least 1024 bits long, according to a study by Netcraft. Shorter keys are more prevalent in Europe, where they are used by up to 41 per cent of servers. Netcraft says that 13.5 per cent of SSL web sites in Canada are using short keys. (Source: pcworld.com, 3 April 2002) http://www.pcworld.com/news/ CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Central Command provides information on the following worms: Worm/MyLife.E is a slight modification to Worm/MyLife.D. It copies itself to the \windows\%system% directory under the filename "Screen.scr". http://support.centralcommand.com Worm/MyLife.F is a slight modification to Worm/MyLife.C . It copies itself to the \windows\%system% directory under the filename "List480.TXT.scr". http://support.centralcommand.com Comment: According to iDefense, MyLife.F continues to spread in the wild. MessageLabs Corporation reports that 1,186 copies of the worm have been intercepted as of 12:19 GMT, 3 April 2002, making it the fifth most virulent malicious code in the wild. Most incidents of infection have occurred in the United Kingdom, Australia and the United States. Worm/Newbiero is an Internet worm that arrives under the original filename "Bsgk.exe". If executed, the worm copies itself to the \windows\%system% directory under the filename "bsgk.exe". http://support.centralcommand.com Vulnerabilities SecurityFocus provides reports on the following vulnerabilities: A buffer overflow vulnerability in Xsun that is shipped with Solaris system when processing a command line parameter "-co". This could enable a local attacker to run arbitrary code with root user/root group privilege. http://online.securityfocus.com/advisories/4009 A buffer overflow vulnerability in some versions of Sambar Server. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4404 For patch information, go to: http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=solution&id=44 04 Tools NAI Tool Scans for Network Cracks - ThreatScan http://www.eweek.com/article/0,3658,s=1884&a=24801,00.asp CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7066 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer OCIPEP publications are based on information obtained from a variety of sources. The organization makes every reasonable effort to ensure the accuracy, reliability, completeness and validity of the contents in its publications. However, it cannot guarantee the veracity of the information nor can it assume responsibility or liability for any consequences related to that information. It is recommended that OCIPEP publications be carefully considered within a proper context and in conjunction with information available from other sources, as appropriate. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
