OCIPEP DAILY BRIEF Number: DOB02-077 Date: 7 June 2002 NEWS
Bush Administration Announces Homeland Security Overhaul President Bush went on national television Thursday night and asked Congress "to join me in creating a single permanent department with an overriding and urgent mission-securing the American homeland and protecting the American people." Both sides of Congress appeared to agree with the proposed creation of a Department of Homeland Security, with a budget of US$37 billion and 170,000 employees. In what is being called the biggest overhaul plan since 1947, the new department would incorporate an intelligence clearinghouse that would gather information from other agencies such as the FBI and CIA and "synthesize" the material with the aim of thwarting future terrorist attacks. Tom Ridge, currently director of Homeland Security, is a likely candidate to head the new department. According to the CNN news network, the department would be comprised of four divisions: Border and Transportation Security, including the U.S. Coast Guard, the Customs Service, and the Immigration and Naturalization Service; Emergency Preparedness and Response, including the Federal Emergency Management Agency (FEMA) and grant programs for so-called "first responders" now scattered across several agencies; Chemical, Biological, Radiological and Nuclear Countermeasures. Information Analysis and Infrastructure Protection, including the Secret Service and the new clearinghouse for intelligence information. (Source: CNN.com, 6 June 2002) http://www.cnn.com/2002/ALLPOLITICS/06/06/bush.security/index.html Comment: A transcript of President Bush's speech is available at: http://www.msnbc.com/news/763148.asp For a full text of the White House proposal for a Homeland Security Department, see: http://www.govexec.com/dailyfed/0602/060602bushproposal.htm Anti-G8 "Solidarity Village" Dreams Are Dead The dreams of holding a "Solidarity Village" in Calgary are dead, according to anti-G8 Summit activists. Anti-G8 protest organizer Sarah Kerr said that the large village will be replaced by several smaller events for the 5,000-10,000 activists expected to participate in demonstrations. John Chaput, Calgary's G8 project manager, explained that a site that could accommodate the anticipated number of participants could not be found, and the use of public space as a campsite would violate city regulations. Police will deal with people who try to set up camp in city parks without approval, according to Chaput. City officials will likely approve permits for a rally to be held at Olympic Plaza and a march through the city streets. (Source: The Calgary Herald, 6 June 2002) http://www.canada.com/calgary/calgaryherald/story.asp?id={BF47D06F-A469-4B89 -8334-6D6407095EC0} IN BRIEF Conklin Residents Return Home About 250 residents of Conklin, Alberta, were allowed to return to their homes yesterday after the forest fire threatening their community receded. Fire authorities also lifted evacuation alerts for the communities of Janvier and Chard. Rainfall on Wednesday night helped the firefighters by cooling some of the hot spots. (Source: CBC News, 6 June 2002) http://edmonton.cbc.ca/template/servlet/View?filename=hf_6062002 Comment: For updates on this incident and others, click on the Incident Mapping button at the top of the Daily Brief. Hacker Group Defaces U.S. Navy Sites Acting in a similar fashion as the "Deceptive Duo", a hacker group calling itself the "Infidelz" defaced U.S. Navy web sites and posted confidential personal information of job applicants from a human resources site. The group does not appear to have the same motivation as the "Duo," who claimed to be helping the government by exposing weak security practices. (Source: vnunet.com, 6 June 2002) http://www.vnunet.com/News/1132407 Comment: Members of the Deceptive Duo were arrested by the FBI in mid-May after defacing a number of high-profile U.S. government and defense industry web sites. Virus Preys on World Cup Fans British anti-virus company Sophos warns that workers trying to keep current on the most recent World Cup scores in South Korea and Japan could be victims of a new virus that poses as a web utility allowing users to see up-to-the-minute game results. The VBS/Chick-F virus arrives in an e-mail with the subject "RE: Korea Japan Results," and once opened, attempts to spread itself to everyone in the user's address book. (Source: Sophos, 7 June 2002) http://www.sophos.com/virusinfo/articles/vbschickf.html CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Central Command reports on Worm/Brit.F, which is a slight variation of Worm/BritneyPic, a worm that spreads via e-mail and mIRC. It arrives with the subject line "RE: Korea Japan Results" and the attachment "koreajapan.chm". http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.ph p?p_refno=020606-000007 Symantec reports on Backdoor.Tron, which is a Trojan that attempts to kill the processes of several versions of the ZoneAlarm firewall and Tiny Personal Firewall (version 2.0.15.0). http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tron.html Vulnerabilities SecurityFocus reports on a buffer overflow vulnerability in MS Internet Explorer's gopher client that could allow a remote attacker to run arbitrary code on a user's system. No known patch is available at this time. http://online.securityfocus.com/bid/4930/discussion/ SecurityFocus reports on a vulnerability in some versions of BIND 9, which ships with HP products and Caldera Open UNIX. It could cause the server to shut down and lose its ability to respond to further DNS requests. View the "Solution" tab for upgrade information. http://online.securityfocus.com/bid/4936/discussion/ SecurityFocus reports on a format string vulnerability in OpenServer 'crontab' that could allow a local attacker to overwrite memory in the address space of the crontab process. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/4938/discussion/ SecurityFocus reports on a vulnerability in Ghostscript for Unix and Linux that could allow a local attacker to execute arbitrary commands when a page is printed. View the "Solution" tab for patch information. http://online.securityfocus.com/bid/4937/discussion/ SecurityFocus reports on a format string vulnerability in slurp NNTP client for Unix and Linux that could allow a remote server to execute code on a vulnerable client. No known patch is available at this time. http://online.securityfocus.com/bid/4935/discussion/ SecurityFocus reports on a format string vulnerability in snmpdx. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/4932/discussion/ SecurityFocus reports on a format string vulnerability in Stellar-X MSNTAuth for Squid web proxy server that could allow a remote attacker to execute arbitrary code. No known patch is available at this time. http://online.securityfocus.com/bid/4929/discussion/ SecurityFocus reports on a buffer overflow vulnerability in mibiisa that could allow a remote attacker to craft a request to overwrite the return address of the affected stack frame with an arbitrary value. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/4933/discussion/ SecurityFocus reports on a vulnerability in the LogiSense Hawk-i, Hawk-i ASP and DNS Manager System that could allow a remote attacker to modify the SQL query used to validate the user and gain access to arbitrary known accounts. No known patch is available at this time. http://online.securityfocus.com/bid/4931/discussion/ SecurityFocus provides a report on a vulnerability in Multiple Red-M 1050 Blue Tooth that could allow a remote attacker to disable the admin web server, crack the admin password, piggyback authorized admin connections and locate the device on a network. Follow the link for a solution. http://online.securityfocus.com/advisories/4180 SecurityFocus provides a report on a vulnerability in X-Chat IRC client for X Window and GTK+ that could allow a malicious server to execute arbitrary commands on it. Follow the link for a solution. http://online.securityfocus.com/advisories/4185 Tools There are no updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
