DAILY BRIEF Number: DOB02-069 Date: 28 May 2002 NEWS
Terrorist Threat in Canada Still Exists: CSIS Director There were "warnings of something coming" before September 11 but "nobody had any specific warnings," according to CSIS Director Ward Elcock. Appearing at a House of Commons committee on security, Mr. Elcock indicated that his organization was focusing on "Sunni Islamic extremism" before September 11, and that it has now stepped up its investigative efforts concerning groups such as al-Qaeda. While CSIS analysts have not discovered evidence of sleeper cells in Canada, Mr. Elcock warns that most terrorist groups have followers here, and that the risk of terrorist acts against Canada and Canadians "has increased with our involvement in Afghanistan." (Source: The Globe and Mail, 28 May 2002) www.globeandmail.ca http://www.globeandmail.ca/servlet/RTGAMArticleHTMLTemplate/C/20020528/wxcsi s?hub=homeBN&tf=tgam%252Frealtime%252Ffullstory.html&cf=tgam/realtime/config -neutral&vg=BigAdVariableGenerator&slug=wxcsis&date=20020528&archive=RTGAM&s ite=Front&ad_page_name=breakingnews Comment: When questioned about the Ontario government's claim that a sleeper cell had been operating in the province, Mr. Elcock explained that the term was misused. Sleeper cells usually refer to a group of people with a specific purpose, whose goal is to carry out this purpose. Mr. Elcock added that he has not seen evidence of such groups in Canada to date. IN BRIEF Calgary Prison Makes Room for G8 Protesters The Calgary Correctional Centre will send 400 provincial inmates to Drumheller Penitentiary in order to make room for the expected hundreds of prisoners from protests during next month's G8 Summit. Ottawa will pay for the transfers, which are scheduled to start this week. (Source: CBC News, 27 May 2002) http://calgary.cbc.ca/template/servlet/View?filename=ps_5272002 Activists in Search of Site for Solidarity Village Activists looking for a place to host a Solidarity Village during the G8 Summit are upset with the mayor of Calgary for turning down their request to use the Shaw Millennium Park. A spokesperson for Solidarity Village says the group is now negotiating with a private landowner near Calgary for land where a campsite could be set up to receive visitors to the city. (Source: CBC News, 27 May 2002) http://calgary.cbc.ca/template/servlet/View?filename=dm-5272002 Klez.H Now Top Virus The computer virus Klez.H, which was first detected on April 15, has surpassed SirCam to become the most prevalent virus to date, according to anti-virus company MessageLabs. Klez.H, which now affects one in every 300 e-mails, deceives recipients by appearing as different attachments with different subject names. (Source: CNN.com, 27 May 2002) http://www.cnn.com/2002/TECH/05/27/virus.klezh/index.html Comment: Klez is the most prevalent virus seen on Canadian systems at this time; however, it is on the decline. Alberta Fire Still Out of Control The forest fire near Lac La Biche was still burning out of control on Monday and had forced the evacuation of 1,500 people from the small hamlet of Conklin. The hamlet of Mariana Lake was also on evacuation alert. There are now close to 900 firefighters trying to contain the blaze, and water bombers from other parts of the country are on hand. (Source: CBC News, 27 May 2002) http://edmonton.cbc.ca/template/servlet/View?filename=fr_5272002 Comment: Transportation through Conklin has been affected by this blaze as Highway 881 has been closed until further notice. Currently, a fireguard is being bulldozed around the town, and sprinklers, foam and gel are being used to protect buildings from catching fire. For more information concerning this incident, please click on the Incident Mapping button at the top of the Daily Brief. Michigan Train Derailment Forces Evacuation Most residents of Potterville, Michigan, were expected to be kept away from their homes today after a freight train carrying liquid propane and sulfuric acid derailed near a mobile home park and subdivision. There are no leaks and emergency personnel are now "trying to figure out how to release the propane without anything blowing up," according to the town's sheriff. (Source: CBC News, 28 May 2002) http://www.cbc.ca/cp/world/020528/w052810.html Mexico Still Searching for Missing Cyanide Law enforcement officials in Mexico are still searching for nearly eight tons of sodium cyanide that was hijacked from a truck on May 10. The chemical, which is routinely used in silver mining, can be deadly when inhaled or ingested, even in very small quantities. U.S. officials are concerned that the shipment may be heading north where it could be used in a terrorist operation. (Source: The Washington Post, 28 May 2002) http://www.washingtonpost.com/wp-dyn/articles/A18445-2002May27.html CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats McAfee Avert reports on VBS/VBSWG.an@MM, which is a worm that propagates via e-mail with the subject "Shakira's Pictures" and the attachment "ShakiraPics.jpg.vbs". http://vil.nai.com/vil/content/v_99506.htm McAfee Avert reports on VBS/Horty@MM, which is a virus that propagates via Outlook e-mail with the subject "Here you have, ;o)" and the attachment "Monica-Bellucci.jpg.vbs". http://vil.nai.com/vil/content/v_99507.htm Vulnerabilities CERT/CC reports on a vulnerability in the OpenBSD kernel that could allow a local attacker to gain root privileges. Follow link for patch information. http://www.kb.cert.org/vuls/id/314963 SecurityFocus reports on a vulnerability in MSN Messenger for Windows that could allow a remote attacker to crash the client when it receives a malformed invite request. No known patch is available as of yet. http://online.securityfocus.com/bid/4827/discussion/ SecurityFocus reports on a vulnerability in OpenBB for Linux, Unix and MS Windows that could allow an unauthorized attacker to gain moderator or admin access to forums. The attacker would be able to change only a few properties of the forums. No known patch is available as of yet. http://online.securityfocus.com/bid/4823/discussion/ SecurityFocus reports on a HTML injection attack vulnerability in OpenBB for Linux and Unix and MS Windows that could allow a remote attacker to steal cookie-based authentication credentials. No known patch is available as of yet. http://online.securityfocus.com/bid/4819/discussion/ SecurityFocus reports on a cross-site scripting vulnerability in OpenBB for Linux, Unix and MS Windows that could allow a remote attacker to use script code to obtain cookie values or to perform unauthorized actions as the victim user. No known patch is available as of yet. http://online.securityfocus.com/bid/4824/discussion/ SecurityFocus reports on a vulnerability in Sendmail for Unix and Linux that will lead to a denial-of-service. This vulnerability is locally exploitable. View "solution" tab for workaround information. http://online.securityfocus.com/bid/4822/discussion/ SecurityFocus reports on a cross-site scripting vulnerability in ViewCVS that could allow a remote attacker to use script code executed in a victim's web client in the security context of the web site running ViewCVS. View "solution" tab for patch information. http://online.securityfocus.com/bid/4818/discussion/ SecurityFocus reports on several buffer overflow vulnerabilities in the netstd package included with the Debian GNU/Linux distribution related to the handling of resolved hostnames. View "solution" tab for more information. http://online.securityfocus.com/bid/4816/discussion/ SecurityFocus reports on a vulnerability in HTML tags that may allow a remote attacker to inject arbitrary HTML into the HTML list archive index and execute script code into the web client in the security context of the web site running GNU Mailman. View "solution" tab for upgrade information. http://online.securityfocus.com/bid/4826/discussion/ SecurityFocus reports on a buffer overflow vulnerability in the PGP Public Key Server for Linux and Unix that could result in the overwriting of stack variables, including the return address. It should be noted that this vulnerability would be difficult to exploit. No known patch is available as of yet. http://online.securityfocus.com/bid/4828/discussion/ SecurityFocus reports on a buffer overflow vulnerability in IBM DB2 db2ckpw that could allow a local attacker to gain root privileges. View "solution" tab for patch information. http://online.securityfocus.com/bid/4817/discussion/ SecurityFocus reports on a vulnerability in MS Excel 2002 that could allow embedded script to execute without indication to the user. No known patch is available as of yet. http://online.securityfocus.com/bid/4821/discussion/ SecurityFocus reports on a vulnerability in LocalWEB2000 related to content password protection. No known patch is available as of yet. http://online.securityfocus.com/bid/4820/discussion/ SecurityFocus reports on a vulnerability in Interscan Viruswall for MS Windows that could allow a remote attacker to obscure the origins of mail sent to the server and to spam the host without the risk of being traced. This vulnerability could also be exploited to send misinformation through the host, appearing to come from a user of the mail system. No known patch is available as of yet. http://online.securityfocus.com/bid/4830/discussion/ SecurityFocus reports on a Trojan Horse vulnerability in irssi for Linux and Unix. The hosting server has been infected and downloads of the source during this time are likely contain the Trojan code. View "solution" tab for upgrade information. http://online.securityfocus.com/bid/4831/discussion/ SecurityFocus reports on a vulnerability in CVS for Unix, Linux, and MS Windows that could allow a local attacker to execute arbitrary code. View "solution" tab for patch information. http://online.securityfocus.com/bid/4829/discussion/ SecurityFocus provides a report on a buffer overflow vulnerability in the IMAP server and the UW IMAP daemon that could allow a remote, authenticated attacker to execute arbitrary code with the privileges of the authenticated user. Follow link for upgrade information. http://online.securityfocus.com/advisories/4149 http://online.securityfocus.com/advisories/4150 Securiteam provides a report on three new denial-of-service vulnerabilities in Cisco Broadband Operating System (CBOS) for Cisco 600 routers. All three vulnerabilities can be exploited remotely. No other Cisco product is vulnerable. Follow link for Workaround information. http://www.securiteam.com/securitynews/5DP0O1P75O.html Tools There are no updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP�s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP�s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
