DAILY BRIEF Number: DOB02-149 Date: 20 September 2002

http://www.ocipep.gc.ca/DOB/DOB02-149_e.html

NEWS

Deputy Clerk of the Privy Council appointed President of the Canadian Food
Inspection Agency
Richard Fadden, currently Deputy Clerk of the Privy Council, and Security and
Intelligence Coordinator, was appointed President of the Canadian Food
Inspection Agency, effective 23 September 2002. Ronald Bilodeau, Associate
Secretary to the Cabinet and Deputy Minister to the Deputy Prime Minister, will
assume additional responsibilities as Security and Intelligence Coordinator and
Deputy Minister for policy and operations of the Communications Security
Establishment.
Click here for the source article


Internet cable: Growing popularity in the U.S. - Correction
Yesterday's Daily Brief cited an article that discussed the growing popularity
of Internet cable in the U.S. We would like to clarify that cable modems are the
primary means that North Americans use for high-speed connections to the
Internet. (Source: globeandmail.ca, 18 September 2002)
Click here for the source article


Winnipeg sewage spill under control
The flow of untreated sewage into the Red River has been stopped, according to
city officials in Winnipeg. Since the leak began on September 16, approximately
550,000 cubic metres of sewage was dumped into the river. City officials want a
review of the incident in order to prevent a similar mishap. (Source: CBC
Manitoba, 19 September 2002)
Click here for the source article

Comment: No serious environmental incidents have been reported as a result of
the spillage. Preliminary test results have shown that oxygen levels in the
river are near-normal.

West Nile virus
The Centers for Disease Control and Prevention (CDC) warn that the West Nile
virus may be spread through blood transfusions. The CDC has studied several
cases associated with transfusions and concluded that the West Nile virus
"probably can be spread by transfusion." (Source: thestar.com, 19 September
2002)
Click here for the source article


Comment: OCIPEP Operations is monitoring the situation with respect to the West
Nile virus. Additional information on West Nile transmission through blood
transfusion and organ donations can be found on the CDC web site at:
http://www.cdc.gov/ncidod/dvbid/westnile/qa/transfusion.htm
Other links can be found on the OCIPEP web site at:
http://www.ocipep.gc.ca/otherlinks/hlinx_e.html


IN BRIEF

Ontario to improve border crossings
The Province of Ontario plans to ease congestion at border crossings in hopes of
improving trade with Michigan. The Premier of Ontario has announced that repairs
will be made to Highway 402 which connects Sarnia and Port Huron, Michigan. He
also suggested that repairs will be made to the Ambassador Bridge, which
connects Windsor and Detroit. (Source: cbc.ca, 19 September 2002)
Click here for the source article


Comment: The OCIPEP Daily Brief DOB02-095, released 4 July 2002, reported that
the Mayor of Windsor threatened to declare a state of emergency in order to
control traffic congestion in the city caused by trucks trying to cross the
Ambassador Bridge.

No change expected in oil output: OPEC
The Organization of Petroleum Exporting Countries (OPEC) decided not to bow to
pressure from Western countries and increase production, even though prices have
soared to year-high levels of nearly $30 U.S. per barrel. (Source: CTV.ca, 19
September 2002)
Click here for the source article


Oil-sands project on hold due to Kyoto Protocol
TrueNorth Energy L.P., the developer of an oil-sands megaproject in Alberta,
said it will delay - and perhaps end - its multi-billion-dollar investment,
citing the fog of uncertainty created by the federal government's failure to
explain how Canada plans to reduce greenhouse gas emissions. Environment
Minister David Anderson said he was "skeptical" about the rationale and timing
for TrueNorth's announcement. (Source: globeandmail.ca, 20 September 2002)
Click here for the source article


U.S. ".gov" info restricted over attacker fears
VeriSign, Inc. has stopped providing access to information about the .gov
internet domain, which is restricted to U.S. government bodies, over concerns
the data could be used in planning internet attacks. (Source: The Register, 20
September 2002)
Click here for the source article


Many U.S. cities not reacting to orange
A survey conducted by the National League of Cities revealed that many U.S.
cities took very few precautionary measures, and some none at all, in response
to the federal government's elevation of the terrorist alert system to "high" on
the eve of the anniversary of the September 11 attacks. (Source: USA TODAY, 19
September 2002)
Click here for the source article





CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Symantec reports on Trojan.Avid, which is a malicious threat that steals locally
saved AOL passwords and sends them to a specific e-mail address.
http://securityresponse.symantec.com/avcenter/venc/data/trojan.avid.html


Symantec reports on W32.HLLW.Dax, which is a worm that propagates via open
network shares and attempts to replicate itself to that share as "Ordin
Popescu.exe." It also contains a backdoor that enables a remote attacker to
connect to and control the computer. By default it opens port 3256 on the
compromised computer.
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.dax.html


Trend Micro reports on WORM_DULOAD.C, which is a worm that propagates via Kazaa
and attempts to send an e-mail with no subject, message, or visible attachments.
The e-mail's "FROM" field contains the name of the infected user and the "TO"
field contains the target recipient.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DULOAD.C


Trend Micro reports on WORM_BOOSTRAP.A, which is a Trojan horse that propagates
via SMTP and runs every time an .EXE file is executed. It does not stop running
until that .EXE file is closed.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOOSTAP.A


Trend Micro reports on ELF_SLAPPER.C, which is freely distributed over the
Internet and uses a remote exploit for Apache/mod_ssl servers. When compiled, it
can be used as a hacking tool against systems using OpenSSL v0.9.6d and below.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=ELF_SLAPPER.C


Trend Micro reports on ELF_SLAPPER.B, which is freely distributed on the
Internet and can be used as a hacking tool against systems using FreeBSD 4.5
Apache 1.3.20-24. It uses a known vulnerability that allows an attacker to
connect to a system using a shell on TCP port 30464. From there, other exploits
can be used to access the root.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=ELF_SLAPPER.B

Vulnerabilities

Microsoft reports on a remotely exploitable vulnerability in MS VM up to and
including build 5.0.3805 JDBC Classes that could allow for code execution.
Follow the link for patch information.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bull
etin/MS02-052.asp


Cisco reports on remotely exploitable denial-of-service vulnerabilities in MS
Windows SMB in Cisco Products (see MS Security Bulletin MS02-045:
http://www.microsoft.com/technet/security/bulletin/MS02-045.asp) that could
allow an attacker to execute arbitrary code or perform a denial-of-service.
http://www.cisco.com/warp/public/707/Microsoft-SMB-vulnerability-MS02-045-pub.sh
tml


Cisco reports on remotely exploitable vulnerabilities in Cisco VPN 5000 Client
(multiple versions). Follow the link for patch information.
http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml


SecurityFocus reports on a remotely exploitable denial-of-service vulnerability
in IBM Websphere 4.0.3. Follow the link for patch information.
http://online.securityfocus.com/advisories/4494


Additional vulnerabilities were reported in the following products:


DB4Web 3.4 and 3.6 connection proxy and file disclosure vulnerabilities.
(SecurityFocus)
http://online.securityfocus.com/bid/5725/discussion/
http://online.securityfocus.com/bid/5723/discussion/


NetBSD TIOCSCTTY ioctl vulnerability. (SecurityFocus)
http://online.securityfocus.com/advisories/4480


SGI IGMP multicast report denial-of-service vulnerability. (SecurityFocus)
http://online.securityfocus.com/advisories/4487


SGI IRIX 6.5 default root umask and coredumps vulnerability. (SecurityFocus)
http://online.securityfocus.com/advisories/4488


SuSE xf86 local privilege escalation vulnerability. (SecurityFocus)
http://online.securityfocus.com/advisories/4491


Foundstone ISS Scanner 6.2.1 buffer overflow vulnerability. (SecurityFocus)
http://online.securityfocus.com/advisories/4493

Tools

Chkrootkit 0.37 is a tool that locally checks for signs of a rootkit.
(Chkrootkit)
http://www.chkrootkit.org/




CONTACT US

For additions to, or removals from the distribution list for this product, or to
report a change in contact information, please send to:
Email: [EMAIL PROTECTED]

For urgent matters or to report any incidents, please contact OCIPEPís Emergency
Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094
Email: [EMAIL PROTECTED]

For general information, please contact OCIPEPís Communications Division at:

Phone: (613) 991-7035 or 1-800-830-3118
Fax: (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site: www.ocipep-bpiepc.gc.ca

Disclaimer
The information in the OCIPEP Daily Brief has been drawn from a variety of
external sources. Although OCIPEP makes reasonable efforts to ensure the
accuracy, currency and reliability of the content, OCIPEP does not offer any
guarantee in that regard. The links provided are solely for the convenience of
OCIPEP Daily Brief users. OCIPEP is not responsible for the information found
through these links.







IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk


Reply via email to