OCIPEP DAILY BRIEF Number: DOB02-172 Date: 24 October 2002



Nova Scotia bridge closed after crane collapse leaves structure sagging
The Margaree Harbour bridge on Nova Scotia's Cabot Trail was closed to
traffic Wednesday after a crane collapsed on the bridge. Traffic was
detoured and there was no information on how long it would take to
repair the damage. The crane was being used to build a new bridge over
the Margaree River. (Source: novascotia.cbc.ca, 23 October 2002)
Click here for the source article

OCIPEP Comment: According to the Nova Scotia Emergency Measures
Organization, the Margaree Habour bridge collapse should not have any
affect on the new bridge that is being built and should result in only
minor inconveniences for the local residents. There are two bridges
approximately six kilometres from Margaree Harbour: one at Margaree
Forks; the other at East Margaree.

Vulnerable cached objects in Internet Explorer

GreyMagic, an Israeli software firm, has published an advisory covering
nine separate vulnerabilities in Internet Explorer, which all involve
object caching. Most of the vulnerabilities have been deemed highly
critical. Object caching takes place when the attacker opens a window to
a page in his/her own site. The URL in the window is then changed to the
victim page, but the cached references stay in place, providing direct
access to the new document. While the vulnerabilities are all related to
object caching, each of them is a separate vulnerability that uses a
unique method for exploitation. Affected users are advised by GreyMagic
to either disable Active Scripting or upgrade to IE6 SP1 until a patch
becomes available. (Source: greymagic.com, 22 October 2002) 

OCIPEP Comment: Computer systems should be kept up to date and patched
to mitigate such vulnerabilities. For the original report, go to

Global wardriving day set for Saturday

This Saturday, hackers from seven countries including Canada plan to
drive through urban areas with readily available equipment to identify
wireless networks that have not been encrypted, according to a media
report. Wardrivers claim that their goal is to raise awareness of
security risks in wireless networks. (Source: msnbc.com, 23 October
Click here for the source article

OCIPEP Comment: As reported in OCIPEP Daily Brief DOB02-138, released 5
September 2002, during a similar exercise in Alberta, wardriving groups
found that nearly 70 percent of wireless networks in the region were
vulnerable to capture. 



Port Simpson - Update
After an afternoon outage on October 22, power was restored at 18:20 PST
and continues to hold. Additional power outages have been caused by
insulator failures as a result of salt buildup and fog. A scientific
team from BC Hydro arrived on 23 October, and a technical and upper
management team from BC Hydro is currently on-site addressing the
situation over the long-term. The residential structures in the
community have been without power for 13 of the last 16 days. (B.C. PEP,
23 October 2002)

Manitoba-North Dakota: water issues
The Manitoba government has filed a legal challenge to force the
government of North Dakota to conduct a full environmental impact
assessment of a project to supply drinking water to at least 60,000
residents of northern North Dakota. (Source: cbc.ca, 23 October 2002)
Click here for the source article

Internet attack could be first of many, experts warn 
The distributed denial-of-service attack against all 13 of the Internet
domain name system root servers, which was reported in Daily Brief
DOB02-171 and released 23 October 2002, failed to bring down the
Internet, but according to some experts, that doesn't mean that more
attacks won't follow and succeed where this week's attack failed.
(Source: pcworld.com, 23 October 2002) 
Click here for the source article

See: What's New for the latest Alerts, Advisories and Information

See: News - Vulnerable cached objects in Internet Explorer


Central Command reports on Kit/Kagragen, which is a worm creation kit
generator. Worms created by this kit have some similar characteristics.
A user can choose a subject line, body and filename for an e-mail and it
will collect Outlook e-mail addresses from the infected user. A user
will also be given the option to select up to two payloads. 

Symantec reports on VBS.Krim.C, which copies itself as Valentina.jpg.vbs
to all logical and network drives, including drive A. The worm also
spreads through IRC as Valentina.htm. This worm has three payloads, one
of which formats drive C if the right condition is met.

Symantec reports on Backdoor.Synrg, which is a Trojan horse that allows
unauthorized access to the infected computer. It attempts to update
itself over the Internet and propagate via mIRC. The Trojan uses HTTP
port 80 and various IRC ports to communicate.


Symantec reports on Backdoor.Wiween, which is a Trojan horse that
affects Linux systems. It poses as an exploit against the Linux TCP/IP
stack. This appears to be an attempt to fool would-be Linux hackers into
running this Trojan on their own systems. It sends information about a
computer to some e-mail addresses and opens a TCP port above 4000, where
it listens for incoming connections and offers a shell to attackers.

Trend Micro reports on WORM_MERKUR.A, which is a memory-resident worm
that propagates via Outlook e-mail, the KaZaA network, and mIRC. It
arrives with the subject line "Update your Anti-virus Software" and the
attachment "TASKMAN.EXE". This worm also drops a batch file component
that deletes .JPG, .MPG, .BMP, and .AVI files from certain directories.


Multiple Firewall Vendor packet flood vulnerability. (SecurityFocus)

Fragrouter 1.7 Trojan horse vulnerability. (SecurityFocus)

Debian Linux YPServ (multiple versions) network information leakage
vulnerability. (SecurityFocus)

Debian GNU/Linux libapache-mod-ssl cross-site scripting vulnerability.

Virgil CGI Scanner 0.9 vulnerability. (SecuriTeam)

IE 5.5 and 6.0 (9 advisories in 1) cached objects vulnerability.
There are no updates to report at this time. 



To add or remove a name from the distribution list, or to modify
existing contact information, e-mail: [EMAIL PROTECTED]

For urgent matters or to report any incidents, please contact OCIPEP's
Emergency Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094

For general information, please contact OCIPEP's Communications Division

Phone: (613) 944-4875 or 1-800-830-3118
Fax: (613) 998-9589
Web Site: www.ocipep-bpiepc.gc.ca

The information in the OCIPEP Daily Brief has been drawn from a variety
of external sources. Although OCIPEP makes reasonable efforts to ensure
the accuracy, currency and reliability of the content, OCIPEP does not
offer any guarantee in that regard. The links provided are solely for
the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible
for the information found through these links. 

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to