OCIPEP DAILY BRIEF Number: DOB02-176 Date: 30 October 2002

New act to make Ontario's drinking water safe - Update
As reported in the OCIPEP Daily Brief DOB02-175 released 29 October
2002, the Safe Drinking Water Act was unveiled yesterday by the Ontario
provincial government. The law will call for: licenses for all labs; a
new position of chief provincial inspector; annual reports by the
government to the legislature; and, new standards for water testing,
treatment, distribution and quality. Early reaction to the bill has been
mixed, with NDP MPP Marilyn Churley, the architect of the initial draft
of the Safe Drinking Water Act, unhappy that the Conservative government
version doesn't deal with source protection. Ontario Premier Ernie Eves
said the government intends to follow Justice O'Connor's advice that it
amend the Environmental Protection Act to cover source water protection.
(Source:, 30 October 2002) 
Click here for the source article

OCIPEP Comment: Justice O'Connor's reports, made in the wake of the
Walkerton tragedy, contained 121 recommendations to improve the safety
and security of Ontario's drinking water. With regard to water source
protection, the report stated that a strong source-protection program
"lowers risk cost-effectively, because keeping contaminants out of
drinking water sources is an efficient way of keeping them out of the
drinking water". 

Windows 2000 earns Common Criteria certification
The Microsoft Windows 2000 operating system was awarded a Common
Criteria certification, a document that spells out common security
criteria recognized by 15 countries, including Canada and the U.K.
Windows 2000 was certified at Evaluation Assurance Level 4, meaning that
it was "methodically designed, tested and reviewed. " (Source:,
29 October 2002)
Click here for the source article

U.S. Department of Commerce releases certification and accreditation
The U.S. Department of Commerce has released the first of three sections
of information security guidelines designed to fix the "inconsistent and
flawed" security assessments for systems used by government agencies.
Some current security certification procedures are "excessively complex,
outdated and costly to implement," according to the National Institute
of Standards and Technology (NIST). A NIST researcher stresses that
there is a need to "move toward the adoption of a standardized process,"
which would allow federal agencies "to better understand how their
partners are dealing with the security issues." The other two sections
of guidelines, one dealing with system controls, and the other with
verification procedures and techniques, will be released next spring.
(Source:, 29 October 2002)
Click here for the source article

OCIPEP Comment: A draft copy (PDF version) of the Guidelines for the
Security Certification and Accreditation of Federal Information
Technology Systems can be viewed at:

According to recent reports, although leading software companies have
recently committed themselves to improving the latent security of the
products they bring to market, there remains a significant threat to the
security of information networks due to poorly secured software.
According to @Stake, a U.S. security consultancy, 70 percent of security
defects are due to flaws in software design. Microsoft recently publicly
committed itself to ensuring the security of its products. However,
according to analysts, the work the programmers are doing now will not
be reflected in the company's products for a year or two. (Source:, 26 October, 2002)



Alberta forest fires cost $300M
The cost of fighting forest fires in Alberta this year was over $300
million, five times more than budgeted, according to a provincial fire
information officer. The continuing droughts, as well as the evacuation
of residents from several communities and road closures, were factors
that contributed to the record expenses. (Source:, 29 October
Click here for the source article

CIA report warns against cyberterrorism
In a report to the Senate Intelligence Committee, the Central
Intelligence Agency (CIA) warns that groups such as Sunni extremists,
Hezbollah and Aleph-formerly known as Aum Shinrikyo-may join al-Qaeda to
wage cyberwarfare against the U.S. (Source:, 29 October 2002)
Click here for the source article

Port Simpson - Update
The B.C. Provincial Emergency Program has issued its tenth and final
update concerning the power outage and roadway access closure at Port
Simpson, 55 km north of Prince Rupert. Power has been restored since
October 22, and community officials indicate they are past the crisis
stage and have moved into recovery operations. A meeting will be held
today to address the road restoration, which was put on hold because of
the risk of further slides. In order to respond better to future
emergencies, the community school will be transformed into an emergency
response facility. (Source: B.C. PEP, 29 October 2002)

More earthquakes in Mount Etna area
Reports this morning indicated that the Italian Government has declared
a state of emergency in parts of Sicily, after approximately 1,000
people were forced to leave their homes after another series of
earthquakes in the region surrounding Mount Etna on Tuesday. The most
forceful quake registered at 4.4 mg on the Richter scale. The Italian
Defence Ministry deployed 1,000 soldiers to assist. (Source:, 30 October 2002)
Click here for the source article

Great Britain power outage
The violent storm that hit parts of Europe during the weekend left a
million homes without power in Great Britain, according to a media
report. As of yesterday, there were still 65,000 homes without
electricity. Britain's energy minister plans to investigate the
reportedly poor response of energy suppliers to the crisis. (Source:, 30 October 2002)
Click here for the source article

See: What's New for the latest Alerts, Advisories and Information

See: News - Windows 2000 earns Common Criteria certification

See: News - U.S. Commerce Department releases certification and
accreditation guidelines

See In Brief - CIA report warns against cyberterrorism


Symantec reports on VBS.Pocus, which is a VB Script virus that infects
.vbs files in the root of the C drive.

Trend Micro reports on WORM_SPONGE.A, which is a destructive,
memory-resident MS Outlook worm. It arrives with the subject: "SpongeBob
Wallpaper" and the attachment: Spongy.exe.

Central Command reports on W32/Ramdile, which is a destructive file
infector that infects files with the extensions: .exe, .src and .cpl.


Debian krb5 package buffer overflow. (Debian)

Apple 12/640 PS LaserWriter TCP/IP configuration utility Telnet server
password vulnerability. (SecurityFocus)

Acuma Acusend Unauthorized file access vulnerability. (SecurityFocus)

ISC INN multiple vulnerabilities. (SecurityFocus)


Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series
of kernels. This module implements the Saint Jude model for improper
privilege transitions. This will permit the discovery of local and
remote root exploits during the exploit itself.



To add or remove a name from the distribution list, or to modify
existing contact information, e-mail: [EMAIL PROTECTED]

For urgent matters or to report any incidents, please contact OCIPEP's
Emergency Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094

For general information, please contact OCIPEP's Communications Division

Phone: (613) 944-4875 or 1-800-830-3118
Fax: (613) 998-9589
Web Site:

The information in the OCIPEP Daily Brief has been drawn from a variety
of external sources. Although OCIPEP makes reasonable efforts to ensure
the accuracy, currency and reliability of the content, OCIPEP does not
offer any guarantee in that regard. The links provided are solely for
the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible
for the information found through these links. 

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to