DAILY BRIEF Number: DOB02-124 Date: 15 August 2002 http://www.ocipep.gc.ca/DOB/DOB02-124_e.html
NEWS "Digital Pearl Harbor" Simulation In July, the U.S. Naval War College and Gartner Research conducted a "Digital Pearl Harbor" simulation that tested U.S. response to attacks on telecommunications, the Internet, financial systems and the power grid. Analysts involved in the exercise concluded that although a crippling attack to critical infrastructure (CI) is possible, such an attack would require significant financial resources, intelligence and preparation time. As well, attacks would have to target both the cyber and physical dimensions of CI, including physical attacks on key systems. The dependence of CI on the Internet makes it a key conduit for attack. As such, its integrity would be preserved until the last stages of an attack. (Source: ZDNet, 13 August 2002; The Register, 14 August 2002) Click here for the source article - 1 Click here for the source article - 2 Canada-U.S. Playing Havoc With the Environment According to a United Nations study, North Americans are consuming an estimated 25.7 billion litres of fuel annually. Rather than population growth, the increase in energy consumption is mostly to blame in contributing to the Global Warming phenomenon. The U.N. study warns that this phenomenon will lead to extreme weather conditions, such as severe flooding and droughts similar to the one experienced in the Canadian Prairies this summer. (Source: globeandmail.ca, 15 August 2002) Click here for the source article Comment: Several reports released this summer, including one by Natural Resources Canada (NRCan), have emphasized the potential for global warming to impact aspects of critical infrastructure such as food production, health care management, energy production and water availability. The NRCan report, titled "Climate Change Impacts and Adaptation: a Canadian Perspective," can be viewed at: http://adaptation.nrcan.gc.ca/perspective.asp IN BRIEF U.S. Parallel Government Will Be Ready Should Terrorists Strike Again The Bush Administration is ready and prepared to ensure business continuity should a disaster strike, causing the disabling of federal operations in Washington. Bunkers that can house 75 to 100 senior civil servants have been put in place in Virginia and Pennsylvania, and are operating on a rotational basis for an indefinite period of time. (Source: GovExec.com, 14 August 2002) Click here for the source article Oracle9i Vulnerability Security tools firm ISS warns that Oracle9i systems are vulnerable to denial-of-service attacks because of a flaw in the debugging mechanism, according to a British media report. Oracle has issued a patch to address this vulnerability. (Source: The Register, 14 August 2002) Click here for the source article Comment: A the patch is available at http://metalink.oracle.com/ (registration required). CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec reports on Backdoor.Delf.C, which is a Trojan horse that allows unauthorized access to the infected computer and stops the processes of some antivirus and firewall software. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.delf.c.html Symantec reports on W32.Mortag, which is a password-stealing virus that is written in Visual Basic. http://securityresponse.symantec.com/avcenter/venc/data/w32.mortag.html Symantec reports on Trojan.Crabox, which is a Trojan horse that attempts to overload the play.mp3.com Web site by sending requests to it. The file name that this Trojan uses is "Crackerbox.exe". http://securityresponse.symantec.com/avcenter/venc/data/trojan.crabox.html Trend Micro reports on WORM_HARAS.A, which is a worm that propagates via Outlook e-mail using MSN Messenger to retrieve e-mail addresses. Without MSN Messenger, it sends e-mail to [EMAIL PROTECTED] It arrives with the subject line "SARAH SCREEN SAVER" and the attachment "Sarah.scr". It has a destructive payload. It deletes all files in the first level folder from the root directory and modifies certain critical files, preventing affected systems from restarting. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HARAS.A Vulnerabilities Internet Security Systems reports on a remotely exploitable denial-of-service vulnerability in Oracle9i 9.0.x and 9.2 SQL*NET. http://www.iss.net/security_center/static/9237.php SecurityFocus reports on a remotely exploitable denial-of-service vulnerability in versions of Macromedia Flash 4.0, 5.0 and 6.0. No known patch is available at this time. http://online.securityfocus.com/bid/5445/discussion/ SecurityFocus reports on a remotely exploitable vulnerability in PGP / GnuPG (multiple versions) that could allow an attacker to learn the plaintext contents of encrypted communications. View the "Solution" tab for more information. http://online.securityfocus.com/bid/5446/discussion/ SecurityFocus reports on a locally exploitable buffer overflow vulnerability in OpenBSD 3.0 and 3.1 select(). View the "Solution" tab for upgrade information. http://online.securityfocus.com/bid/5442/discussion/ Additional vulnerabilities were reported in the following products: W3C CERN httpd 3.0 Proxy cross-site scripting vulnerability (SecurityFocus). http://online.securityfocus.com/bid/5447/discussion/ Debian interchange (multiple versions) confidential information exposure vulnerability (Debian). http://www.debian.org/security/2002/dsa-150 Debian xinetd (multiple versions) denial-of-service vulnerability (Debian). http://www.debian.org/security/2002/dsa-151 Debian l2tpd (current versions) vulnerability (Debian). http://www.debian.org/security/2002/dsa-152 HP-UX 11.04 a password command vulnerability (SecurityFocus). http://online.securityfocus.com/advisories/4381 HP-UX VVOS TGA daemon potential stack corruption vulnerability (SecurityFocus). http://online.securityfocus.com/advisories/4384 SGI IRIX 6.5 ftpd daemon minor vulnerabilities (SecurityFocus). http://online.securityfocus.com/advisories/4385 Avaya Cajun P33x series SNMP vulnerability (SecuriTeam). http://www.securiteam.com/securitynews/5TP0E0U80U.html GoAhead Web Server 2.1 buffer overflow vulnerabilities (SecuriTeam). http://www.securiteam.com/securitynews/5MP0C1580W.html Tools MIME Defanger 2.17 is a MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. http://www.roaringpenguin.com/mimedefang/ Nessus 1.2.4 is a free remote security scanner for Linux, BSD, Solaris and other systems. http://www.nessus.org/ CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk