http://www.ocipep.gc.ca/DOB/DOB02-142_e.html

DAILY BRIEF Number: DOB02-142 Date: 11 September 2002

NEWS

U.S. raises colour-coded level one notch

On the eve of the anniversary of September 11, Attorney General John Ashcroft
reported in a televised news conference that the U.S. government elevated the
colour-coded terrorist alert to orange, which translates to a "high" level of
alert. This is the first time the level has been changed since the
implementation of the colour-coded alert system came into effect last March. The
move was made after U.S. intelligence agencies uncovered the specific threats
against its interests abroad and less credible information concerning potential
terrorist attacks on American soil. The information also came from a senior
al-Qaeda member who is being held by another government. In Canada, the RCMP is
urging Canadians to remain vigilant on September 11; even though they claim that
there is no cause for alarm since no threats to Canadian interests have been
reported. A DND spokesperson stated that "personnel of the Canadian Forces are
always ready to respond to any threat to the nation's security either at home or
abroad."

(Sources: canada.com, cbc.ca, 10-11 September 2002)
Click here for the source article - 1
Click here for the source article - 2

Comment: The change in threat level was the subject of a press conference given
by the U.S. Director of Homeland Security and the Attorney General, which can be
viewed at: http://www.whitehouse.gov/news/releases/2002/09/20020910-5.html

The U.S. National Infrastructure Protection Center issued an advisory pertaining
to possible threats to U.S. interests, which can be viewed at:
http://www.nipc.gov/warnings/advisories/2002/02-007.htm

Ontario seeks volunteers for emergency response teams

Minister of Public Safety and Security Bob Runciman announced that the Province
of Ontario plans to spend $1 million a year to recruit and train volunteers in
community emergency response. Mr. Runciman stated that "we are working with the
municipalities to develop a made in Ontario community volunteer emergency
response that will be a vital component of the province's overall emergency and
disaster management strategy." The new venture, called "Community Emergency
Response Volunteers," will recruit teams of volunteers from various
neighbourhoods, including retired police officers and firefighters, paramedics
and possibly senior citizens. Emergency Measures Ontario will be funding the
program for the first year and will be responsible for training volunteers in
the areas of basic medical skills, search and rescue, and disaster response. The
provincial government will be contributing 50 percent of the funding in the
following years. (Source, globeandmail.ca, 10 September 2002)
Click here for the source article


Comment: The press release, issued by the Minister of Public Safety and
Security's office, pertaining to the establishment of the Community Emergency
Response Volunteers can be viewed at:
http://www.newswire.ca/government/ontario/english/releases/September2002/10/c974
9.html

Transportation Minister deems Canadian ports secure
Transportation Minister David Collenette sought to address concerns raised by
police, intelligence and customs officials that Canadian ports have been
infiltrated by organized crime, creating opportunities for terrorism. The
Minister contends that although security at Canadian ports is not perfect, it
has been enhanced since 11 September 2001. (Source: canada.com, 10 September
2002)
Click here for the source article


Comment: The OCIPEP Daily Brief DOB02-131, issued on 26 August 2002, noted that
Transport Canada has ordered a detailed study of threats to Canada's marine
infrastructure following reports released by the Criminal Intelligence Service
Canada (CISC) and the Senate Standing Committee on National Security and Defence
that highlight the presence of organized crime in Canadian ports.


IN BRIEF

Oil slick off the coast of Newfoundland
Federal environment officials have charged the captain of a Bahamian-registered
bulk carrier vessel with the illegal dumping of oil. The captain of the "TEMCAP
SEA" made a brief court appearance in St.John's yesterday and was released on a
$50,000 bail. Officials from Environment Canada stated that more charges were
pending. The investigation was triggered after a satellite spotted the
116-kilometre-long and 200-metre-wide slick south of the Burin Peninsula.
(Source: cbc.ca, 10 September, 2002)
Click here for the source article


Tests confirm second human in Canada infected with West Nile virus
Tests have confirmed that a man from the Windsor area has been infected with the
West Nile virus, bringing the total of humans in Canada infected with the
mosquito-borne virus to two. (Source: ctv.ca, 10 September 2002)
Click here for the source article


Comment: OCIPEP Operations is monitoring the situation with respect to the West
Nile virus. For more information, please consult the OCIPEP web site at:
http://www.ocipep.gc.ca/otherlinks/hlinx_e.html

Airline passengers coming to Canada will be screened
On October 8, the Canada Customs and Revenue Agency (CCRA) is scheduled to begin
a new program designed to identify any passengers of interest or suspected
terrorists to law agencies such as CCRA , RCMP, Immigration and U.S. agencies.
(Source: canoe.com, 11 September 2002)
Click here for the source article


Canadian airports lack security
A CBC News article states that Canadian airport screening needs improvement and
new equipment. (Source: cbc.ca, 10 September 2002)
Click here for the source article


Transportation system in B.C. needs help
A survey released Tuesday by the Council of Tourism Association claims that the
British Columbia transportation sector is in significant need of repair.
(Source: globeandmail.ca , 10 September 2002)
Click here for the source article


U.S. Emergency Alert System could easily be taken over
Some security experts claim that the U.S. Emergency Alert System is vulnerable
and could easily be taken over by hackers and persons with limited technological
knowledge to spread messages. (Source: theregister.com, 10 September 2002)
Click here for the source article






CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Central Command reports on TR/EvilDX, which is a Trojan horse that allows a
hacker to gain control of the compromised computer. If executed, the Trojan
copies itself to C:\autoexec.bat and in the C:\windows\system32\directx
directory under the filename "dxdiag.exe".
http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.php?p_
refno=020910-000005


McAfee Security reports on W32/Flatei.5129, which is a virus that makes use of
Microsoft's .NET architecture. Due to the uncommon system requirements and
replicating environment, the virus is unlikely to become widespread.
http://vil.nai.com/vil/content/v_99679.htm


Symantec reports on VBS.Thambl, which is a Trojan horse written in VB Script
that attempts to delete anti-virus and personal firewall software. It copies
itself as numerous files to the shared folders of several file-sharing programs.
http://securityresponse.symantec.com/avcenter/venc/data/vbs.thambl.html


Symantec reports on Trojan.Lovead, which is a Trojan horse written in Visual
Basic 5 that attempts to connect to a specific web site when an infected
computer accesses the Internet.
http://securityresponse.symantec.com/avcenter/venc/data/trojan.lovead.html


Symantec reports on Trojan.Nullbot, which is an IRC Trojan that allows a hacker
to gain control of the compromised computer. It is written in the C programming
language and may be compressed two times with UPX and ASPack.
http://securityresponse.symantec.com/avcenter/venc/data/trojan.nullbot.html

Vulnerabilities

SecurityFocus provides a report on a vulnerability in HP-UX 10.20, 11,00, 11.11,
and 11.22 XDR libraries that could lead to a denial-of-service or unauthorized
access. Follow link for more information.
http://online.securityfocus.com/advisories/4458


SecurityFocus reports on a remotely exploitable script injection vulnerability
in PHP 4.2.3. No known patch is available at this time.
http://online.securityfocus.com/bid/5669/discussion/


Patches:


Updated packages are now available for Red Hat Linux 7.3 wordtrans.
(SecurityFocus)
http://online.securityfocus.com/advisories/4454


Updated gaim packages are now available for Red Hat Linux 7.1, 7.2, and
7.3. (SecurityFocus)
http://online.securityfocus.com/advisories/4459


Updated packages are now available for Debian GNU/Linux Python. (SecurityFocus)
http://online.securityfocus.com/advisories/4457


Updated packages are now available for Debian GNU/Linux cacti. (SecurityFocus)
http://online.securityfocus.com/advisories/4460


Additional vulnerabilities were reported in the following products:


Ultimate PHP Board 1.0 unauthorized administrative access vulnerability.
(SecurityFocus)
http://online.securityfocus.com/bid/5666/discussion/


Multiple Browser memory corruption vulnerability. (SecurityFocus)
http://online.securityfocus.com/bid/5665/discussion/


Netscreen-Remote VPN and Security Clients 8.0 buffer overflow vulnerability.
(Netscreen)
http://www.netscreen.com/support/alerts/9_6_02.htm


NetGear FM114P Prosafe URL filter bypassing vulnerability. (SecurityFocus)
http://online.securityfocus.com/bid/5667/discussion/

Tools

scponly 3.0 is an alternative shell for system administrators who would like to
provide access to remote users to both read and write local files without
providing any remote execution privileges. (scponly)
http://sublimation.org/scponly/


LogDog 2.00 RC1 is a very easy to configure and install system log monitor for
watching system log files and e-mailing administrators when problems are found.
(Caspian's)
http://caspian.dotconf.net/menu/Software/LogDog/


scanAlert 1.00 RC2 is a utility that is designed to immediately alert an
administrator of a port scan against Linux (Caspian's).
http://caspian.dotconf.net/menu/Software/ScanAlert/






CONTACT US

For additions to, or removals from the distribution list for this product, or to
report a change in contact information, please send to:
Email: [EMAIL PROTECTED]

For urgent matters or to report any incidents, please contact OCIPEPís Emergency
Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094
Email: [EMAIL PROTECTED]

For general information, please contact OCIPEPís Communications Division at:

Phone: (613) 991-7035 or 1-800-830-3118
Fax: (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site: www.ocipep-bpiepc.gc.ca

Disclaimer
The information in the OCIPEP Daily Brief has been drawn from a variety of
external sources. Although OCIPEP makes reasonable efforts to ensure the
accuracy, currency and reliability of the content, OCIPEP does not offer any
guarantee in that regard. The links provided are solely for the convenience of
OCIPEP Daily Brief users. OCIPEP is not responsible for the information found
through these links.







IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk


Reply via email to