DAILY BRIEF Number: DOB02-143 Date: 12 September 2002

http://www.ocipep.gc.ca/DOB/DOB02-143_e.html

NEWS

Hurricane Gustav hits eastern Canada
Hurricane Gustav dropped 40-80 cm of rain on eastern Canada overnight. The
Confederation Bridge between New Brunswick and Prince Edward Island was closed,
and morning ferry runs were cancelled. Power was knocked out in parts of PEI and
Cape Breton Island. There were also reports of minor flooding in northern PEI
and Charlottetown. As of this morning, Hurricane Gustav has been downgraded to a
sub-tropical storm and is moving across western Newfoundland. (Source: CBC News,
12 September 2002)
Click here for the source article

Depleted uranium journey to NYC undetected
ABC News conducted a secret investigation which involved the carrying of a
suitcase packed with 15 pounds of depleted uranium. The objective of this
investigation was to determine if American authorities could detect radioactive
material before it actually entered the country. Brian Ross of ABC News
proceeded to take the suitcase on a 25-day trip through seven countries,
departing from a European train station and concluding the journey in the New
York City harbour. The suitcase was cleared after going through a
state-of-the-art detection system and left the port without ever having been
opened by U. S. Customs. (Source: abcnews.go.com, 11 September 2002)
Click here for the source article

Comment: Depleted uranium can be used to create "dirty bombs," which use
conventional explosives to scatter radiological material around an area.

IN BRIEF

Canadian and U.S. pilots request smart I.D. at airports
A spokesperson for the Air Line Pilots Association said that they are working on
"smart cards" to identify airport employees in both the U.S. and Canada because
too many workers have access to aircraft. The information on the card will
feature biometrics data (i.e. iris and fingerprint). (Source: torontosun.com, 12
September 2002)
Click here for the source article

Klez virus still spreading widely
A report issued by the Security Center of the Information-Technology Promotion
Agency (IPA/ISEC) for the period of August to September 2002 indicated that the
W32/Klez virus is propagating widely with more than 1,000 monthly incidents
reported for the past five consecutive months. (Source:
nikkeibp.asiabiztech.com, 12 September 2002)
Click here for the source article





CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Central Command reports on Worm/Chet, which is a worm that is intended to
propagate via Outlook e-mail. In Central Command's testing, the mass mailing
routine did not work. The worm would arrive from "[EMAIL PROTECTED]" with the
subject line "All people!!" and the attachment "11september.exe".
http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.php?p_
refno=020910-000026


Symantec reports on Backdoor.Optix.04, which is a Trojan horse written in Delphi
and packed with ASPack v2.10. It gives an attacker unauthorized access to an
infected computer. By default, it opens port 27379 on the compromised computer.
This Trojan attempts to disable some anti-virus and firewall programs by
terminating processes.
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optix.04.html


Symantec reports on Backdoor.RCServ, which is a Trojan horse written in Delphi
and packed with UPX v1.20. It gives an attacker unauthorized access to an
infected computer. By default it opens port 4128 on the compromised computer.
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.rcserv.html


Symantec reports on VBS.Lavra.Worm, which is a VB Script worm that attempts to
propagate via file-sharing networks such as KaZaA, Morpheus, BearShare, Grokster
and ICQ. It disguises itself as a pornography-related program to trick users
into downloading and opening it. The worm also attempts to delete files of
various anti-virus and firewall programs.
http://securityresponse.symantec.com/avcenter/venc/data/vbs.lavra.worm.html


Symantec reports on W32.HLLC.Happylow, which is a companion virus that encrypts
all .exe files that reside in the same folder as the virus and renames them with
a .wal extension. It then makes a copy of itself as the original file name.
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllc.happylow.html

Vulnerabilities

SecurityFocus reports on a remotely exploitable denial-of-service vulnerability
in MS Outlook Express 5.01, 5.0, 5.5 and 6.0. View the "Solution" tab for
workaround information.
http://online.securityfocus.com/bid/5682/discussion/


SecurityFocus reports on a remotely exploitable frame cross-site scripting
vulnerability in MS Internet Explorer. View the "Solution" tab for workaround
information.
http://online.securityfocus.com/bid/5672/discussion/


SecurityFocus reports on remotely exploitable MS JVM 1.1 vulnerabilities. View
the "Solution" tab for workaround information.
http://online.securityfocus.com/bid/5670/discussion/


Additional vulnerabilities were reported in the following products:


Netris 0.3, 0.4 and 0.5 remote memory corruption vulnerability (SecurityFocus)
http://online.securityfocus.com/bid/5680/discussion/


phpGB 1.1, 1.2 and 1.3 PHP code, HTML and SQL injection vulnerabilities
(SecurityFocus)
http://online.securityfocus.com/bid/5679/discussion/
http://online.securityfocus.com/bid/5676/discussion/
http://online.securityfocus.com/bid/5673/discussion/


PHP (multiple versions) function CRLF injection vulnerability (SecurityFocus)
http://online.securityfocus.com/bid/5681/discussion/


Cerulean Studios Trillian 0.73, 0.725 and 0.6351 credential encryption weakness
(SecurityFocus)
http://online.securityfocus.com/bid/5677/discussion/


WoltLab Burning Board 2.0 SQL injection vulnerability (SecurityFocus)
http://online.securityfocus.com/bid/5675/discussion/


Mandrake Linux Kerberos 5 heap overflow (SecurityFocus)
http://online.securityfocus.com/advisories/4462


Apple QuickTime ActiveX v5.0.2 buffer overflow (SecurityFocus)
http://online.securityfocus.com/advisories/4466


Foundstone Savant Web Server 3.1 and previous buffer overflow vulnerability
(SecurityFocus)
http://online.securityfocus.com/advisories/4467


VERITAS Cluster Server unauthorized root access vulnerability (InfoSysSec)
http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec.com/info
syssec/aaa33.htm

Tools

MielieTool v.1.0 is a Perl-based web application "fuzzer" (SensePost)
http://packetstorm.decepticons.org/filedesc/mieliekoek.pl.html


AIM Sniff 0.4 is a utility for monitoring and archiving AOL Instant Messenger
messages across a network that has the ability to do a live dump or read a PCAP
file and parse the file for IM messages. (SourceForge.net)
http://sourceforge.net/projects/aimsniff


CONTACT US

For additions to, or removals from the distribution list for this product, or to
report a change in contact information, please send to:
Email: [EMAIL PROTECTED]

For urgent matters or to report any incidents, please contact OCIPEPís Emergency
Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094
Email: [EMAIL PROTECTED]

For general information, please contact OCIPEPís Communications Division at:

Phone: (613) 991-7035 or 1-800-830-3118
Fax: (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site: www.ocipep-bpiepc.gc.ca

Disclaimer
The information in the OCIPEP Daily Brief has been drawn from a variety of
external sources. Although OCIPEP makes reasonable efforts to ensure the
accuracy, currency and reliability of the content, OCIPEP does not offer any
guarantee in that regard. The links provided are solely for the convenience of
OCIPEP Daily Brief users. OCIPEP is not responsible for the information found
through these links.







IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk


Reply via email to