DAILY BRIEF Number: DOB02-126 Date: 19 August 2002



Continued Cable Service Disruption as Labour Dispute Persists
As the labor conflict at Vidéotron continues, thousands of its customers in the
Quebec City region were left without service when cables were cut on August 16.
The company's latest offer was turned down by almost 100 per cent of its
striking technicians. (Source: CBC News, 17 August 2002)
Click here for the source article

Comment: Sabotage of Vidéotron cables has persisted throughout this dispute.
(Previously reported in Daily Brief of August 9.) Sabotage of cables has
impacted Internet and telephone access, as well as cable television, for tens of
thousands of customers in the province of Quebec.

City of Ottawa to Take Control of All Emergency Services
The City of Ottawa will control its own ambulance dispatch system, according to
an announcement made by Mayor Bob Chiarelli. The locally-controlled system will
allow the city to have a single dispatch system for police, fire and ambulance
services. (Source: CBC News, 16 August 2002)
Click here for the source article

Comment: The dispatch of ambulances in Ontario is currently administered by the
province. There appears to be a consensus that the most efficient dispatch
system is one that combines all emergency response services, including police,
fire and ambulance.

Easy Access to U.S. Government Networks
Officials of ForensicTec, a San Diego security firm, have come forward with
claims that they easily accessed the U.S. Military Internet Network and were
able to view sensitive documents, including correspondence between generals. "We
were kind of shocked at the security measures, or lack thereof," commented
ForensicTec President Brett O'Keefe. Despite possible repercussions, the company
decided to come forward with this information, pointing out that the next person
to come across these networks may not opt to do the right thing. The Army's
computer defense system recorded the break-in and an Army spokesman stated that
"no classified material was believed to have been exposed". (Source: news.com,
16 August 2002)
Click here for the source article

Comment: US$2 billion of the fiscal 2003 Defense budget will be allocated to
increase the protection of U.S. government information systems and related data.

Flooding Situation in the Czech Republic Prompts NATO Request for Aid
In its August 18 Situation Report, the NATO Euro-Atlantic Disaster Response
Coordination Centre (EADRCC) lists outstanding items that are required to help
battle the worst flood the Czech Republic has experienced in the last century.
Items such as small portable dryers, vaccines against Hepatitis A, insect
repellants and a heavy floating crane are listed. A number of NATO countries
have responded to the request for assistance. (Source: NATO EADRCC Situation
Report # 5, 18 August 2002)

Comment: A statement by NATO Secretary General Lord Robertson regarding the
assistance effort can be viewed at:


U.S. to Tighten Foreign Visitor Entry
Foreign visitors who enter the U.S. on or after 11 September 2002 will be
fingerprinted and photographed, and will be required to answer questions
regarding their visit to the U.S. Their fingerprints will then be compared to
those of thousands of foreign felons, terrorists and suspected terrorists. The
program will initially apply to visitors from countries identified by the U.S.
State Department as being a risk to national security, and will eventually be
expanded to monitor almost all foreign visitors. (Source: fcw.com, 19 August
Click here for the source article

Comment: Canada is not on the U.S. State Department list of countries identified
as a threat to U.S. national security. It is not yet clear whether this program
will be expanded to include Canadian citizens.

See: What's New for the latest Alerts, Advisories and Information Products


Symantec reports on Backdoor.Tela, which is a Trojan horse that allows
unauthorized access to the infected computer.

Symantec reports on Netbus.160.Dropper, which drops components of the
W95.Netbus.160.Trojan onto the target system.


Oracle reports on a remotely exploitable format string vulnerability in versions
of Oracle8i and 9i that could allow an attacker to gain control over the
Listener Control utility. Follow the link for patch information.

SecurityFocus reports on locally exploitable vulnerabilities in HP Secure OS for
Linux 1.0 PTrace / IOCTL, TLCompAdd and Tcl/Tk. Follow the links for patch


Mandrake Linux sharutils uudecode utility package update is available

Updated Red Hat Linux krb5 packages fix remote buffer overflow (SecurityFocus).

Cumulative patch for MS SQL Server 7.0 and 2000 is available (Microsoft).

Additional vulnerabilities were reported in the following products:

Gateway GS-400 Server default administrator password vulnerability

Leszek Krupinski L-Forum 2.4 .0 script injection and file disclosure
vulnerabilities (SecurityFocus).

MyWebServer 1.0.2 HTML injection, buffer overflow and web root disclosure
vulnerabilities (SecurityFocus).

Mandrake Linux xchat IRC client prior to 1.8.9 arbitrary command execution
vulnerability (SecurityFocus).

Mandrake Linux glibc prior to 2.2.5 buffer overflow vulnerability


Fake AP 0.2 generates counterfeit 802.11b beacon frames with random ESSID, BSSID
(MAC), and channel assignments.


For additions to, or removals from the distribution list for this product, or to
report a change in contact information, please send to:

For urgent matters or to report any incidents, please contact OCIPEP’s Emergency
Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094

For general information, please contact OCIPEP’s Communications Division at:

Phone: (613) 991-7035 or 1-800-830-3118
Fax: (613) 998-9589
Web Site: www.ocipep-bpiepc.gc.ca

The information in the OCIPEP Daily Brief has been drawn from a variety of
external sources. Although OCIPEP makes reasonable efforts to ensure the
accuracy, currency and reliability of the content, OCIPEP does not offer any
guarantee in that regard. The links provided are solely for the convenience of
OCIPEP Daily Brief users. OCIPEP is not responsible for the information found
through these links.

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to