DAILY BRIEF Number: DOB02-151 Date: 24 September 2002

http://www.ocipep.gc.ca/DOB/DOB02-151_e.html

NEWS

Derailed CN train spills fuel in Quebec
A Canadian National (CN) train, en route from Toronto to Senneterre, derailed in
the Mauricie Region of Quebec on Sunday night. Diesel fuel spilled from one of
the train cars onto the tracks and the ground nearby. A CN spokesperson stated
that an investigation is in progress to determine the cause of the derailment
and whether the fuel spill will be harmful to the environment. No injuries were
reported. (Source: canada.com, 23 September 2002)
Click here for the source article


Comment: There does not appear to be significant damage from the spill of
approximately 7,000 gallons (26,498 litres) of diesel. A team was on the scene
on Monday to start the clean-up process. Service on the rail line is expected to
resume on Wednesday.

NIPC releases hacktivisim assessment
On 23 September 2002, the U.S. National Infrastructure Protection Center (NIPC)
released an assessment entitled Hacktivism in Connection with Protest Events of
September 2002, which warns of the potential for hacktivism in conjunction with
the upcoming World Bank and IMF meetings to be held in Washington, DC this week.
The NIPC recommends that recipients monitor their information systems and
networks for computer intrusions during the events listed above. The assessment
can be viewed at: http://www.nipc.gov/warnings/assessments/2002/02-002.htm

U.S releases National Security Strategy
On 17 September 2002, the Bush Administration released its latest national
strategy to protect American interests. The National Security Strategy largely
abandons the concept of military deterrence-which dominated defence policies
during the Cold War years-for a forward-reaching, pre-emptive strategy against
hostile states and terrorist groups. The strategy document also outlines a
policy of multilateralism to: defuse regional conflicts; prevent enemies from
using weapons of mass destruction against the United States, it allies and
friends; support and promote a new era of global economic growth through free
markets and free trade; expand the development of open societies and build the
infrastructure of democracy; reduce the toll of HIV/AIDS and other infectious
diseases; and, transform the U.S. military to meet 21st century challenges.

Comment: The latest strategy is an enclosed document to the Homeland Security
Strategy released on 6 June 2002 and overarches the recently released National
Strategy to Secure Cyberspace. For the complete text of the National Security
Strategy of the United States of America please see
http://www.whitehouse.gov/nsc/nss.html




IN BRIEF

West Nile (WN) virus
According to the chair of Toronto's Board of Health, the WN virus has hit
Ontario and the Greater Toronto area faster than anticipated. The board is
considering alternatives to chemical "fogging," including the use of
non-chemical larvicide or synthetic hormones. (Source: thestar.com, 24 September
2002)
Click here for the source article


Comment: Additional information on the WN virus can be found on the OCIPEP web
site at: http://www.ocipep.gc.ca/otherlinks/hlinx_e.html

New version of Slapper worm starts spreading
A new version of the Slapper B worm, dubbed Slapper C, has started infecting
servers. Patches are available for all variants of the worm. (Source:
vnunet.com, 24 September 2002)
Click here for the source article


Ontario hydro bills increase sharply
Consumers in Ontario have been paying an average of 30 percent more for their
electricity over the summer months, according to a media report. Energy
suppliers credit higher summer temperatures for the increase in the market price
of energy. (Source: globeandmail.ca, 24 September 2002)
Click here for the source article


Comment: The OCIPEP Daily Brief DOB02-116, released on 2 August 2002, noted that
higher than usual temperatures this past summer, coupled with high use of air
conditioners, had prompted Ontario's electricity distributor to warn residents
that they should consider cutting back their energy consumption to reduce the
load on the system.

Homeowners may receive $1,000 from Ottawa to help conserve energy
As part of the consumer portion of Canada's draft plan to put into action the
Kyoto Protocol, federal officials stated that Ottawa is considering offering
homeowners rebates as high as $1,000 if they make their homes more energy
efficient. (Source: globeandmail.ca, 23 September 2002)
Click here for the source article


U.S. planning to revert back to code yellow
Government officials believe that President Bush may decide to lower the
Homeland Security alert level back from orange (high) to yellow (elevated) in
the next few days. (Source: nandotimes.com, 23 September 2002)
Click here for the source article


FBI and Secret Service join forces to investigate cyber crimes
During the launching of the National Strategy to Secure Cyberspace last week, it
was announced that the FBI National Infrastructure Protection Center (NIPC) and
the Secret Service will commence a new pilot program that will be aimed at
bringing together employees from both agencies to work collectively while
investigating cyber crimes. (Source: govexec.com, 23 September 2002)
Click here for the source article


Comment: On 18 September 2002, OCIPEP released Information Note IN02-006
pertaining to the National Strategy to Secure Cyberspace and its implications
for OCIPEP.

The OCIPEP Daily Brief DOB02-130, released on 23 August 2002, noted that the
success of the Secret Service Electronic Crime Task Force (ECTF) established in
New York was leading to the expansion of the ECTF program to several other major
U.S. cities.





CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Sophos reports on XM97/Divi-AS, which is an Excel macro virus that creates the
viral file 874.xls in the XLSTART folder.
http://sophos.com/virusinfo/analyses/xm97divias.html


Symantec reports on Trojan.PSW.Ajim_bbs, which is a password-stealing Trojan
horse that will also modify various default settings for Internet Explorer. The
default file name for the Trojan is Setup.exe.
http://securityresponse.symantec.com/avcenter/venc/data/trojan.psw.ajim_bbs.html


Symantec reports on W32.HLLP.Alpoor, which is a simple prepender virus written
in Visual Basic .NET. The virus will only work under Windows 2000 and Windows XP
with the .NET framework installed.
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.alpoor.html


Symantec reports on Backdoor.DarkFtp, which is a Trojan horse that gives an
attacker unauthorized access to an infected computer. By default, it opens port
6667 on the compromised computer. The compromised system is then controlled by
commands transmitted over IRC.
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.darkftp.html

Vulnerabilities

SecurityFocus reports on a remotely exploitable file disclosure vulnerability in
MS Word (multiple versions) INCLUDEPICTURE document sharing that could allow an
attacker to obtain the contents of files residing on a user's system. No known
patch is available at this time.
http://online.securityfocus.com/bid/5764/discussion/


SecurityFocus reports on a remotely exploitable command execution vulnerability
in Apple Mac OS X 10.2 (Jaguar) Terminal.APP Telnet Link. View the "Solution"
tab for upgrade information.
http://online.securityfocus.com/bid/5768/discussion/


SecuriTeam reports on a locally exploitable proxy vulnerability in Checkpoint
Firewall-1 4.1 and NG HTTP Security Server that could allow an unauthenticated
attacker to bypass it. Follow the link for more information.
http://www.securiteam.com/securitynews/5IP0M0K8AE.html


SecuriTeam reports on a remotely exploitable vulnerability in Cisco systems'
SIP-based IP Phones 7960 that could lead to complete control of a user's
credentials, the total subversion of a user's settings for the IP Telephony
network, and the ability to subvert the entire IP Telephony environment. Follow
the link for more information.
http://www.securiteam.com/securitynews/5MP0Q0K8AW.html


Additional vulnerabilities were reported in the following products:


SquirrelMail 1.2.7 cross-site scripting vulnerabilities. (SecurityFocus)
http://online.securityfocus.com/bid/5763/discussion/


Trillian IRC 0.73 and 0.74 PRIVMSG and IRC JOIN buffer overflow vulnerabilities.
(SecurityFocus)
http://online.securityfocus.com/bid/5755/discussion/
http://online.securityfocus.com/bid/5765/discussion/


Trillian IRC 0.73, 0.74 and 0.725 User Mode buffer overflow vulnerability.
(SecurityFocus)
http://online.securityfocus.com/bid/5769/discussion/


Sendmail 8.12.0-8.12.6 Long Ident logging circumvention weakness.
(SecurityFocus)
http://online.securityfocus.com/bid/5770/discussion/

Tools

ARP0c is a connection interceptor (using ARP spoofing and a bridging engine).
http://www.phenoelit.de/arpoc/




CONTACT US

For additions to, or removals from the distribution list for this product, or to
report a change in contact information, please send to:
Email: [EMAIL PROTECTED]

For urgent matters or to report any incidents, please contact OCIPEPís Emergency
Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094
Email: [EMAIL PROTECTED]

For general information, please contact OCIPEPís Communications Division at:

Phone: (613) 991-7035 or 1-800-830-3118
Fax: (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site: www.ocipep-bpiepc.gc.ca

Disclaimer
The information in the OCIPEP Daily Brief has been drawn from a variety of
external sources. Although OCIPEP makes reasonable efforts to ensure the
accuracy, currency and reliability of the content, OCIPEP does not offer any
guarantee in that regard. The links provided are solely for the convenience of
OCIPEP Daily Brief users. OCIPEP is not responsible for the information found
through these links.







IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk


Reply via email to