National Infrastructure Protection Center
NIPC Daily Open Source Report for 5 December 2002

Daily Overview

.       CERT announces Vulnerability Note VU#140977: SSH Secure Shell
for Workstations contains a buffer overflow in URL handling feature that
may allow an attacker to execute arbitrary code.  (See item 9)

.       CERT announces Vulnerability Note VU#740169: Cyrus IMAP Server
contains a buffer overflow vulnerability that may allow a remote
attacker to execute arbitrary code on the mail server.  (See item 10)

.       Business Wire reports that in a recent strategic simulation of a
terror attack designed to assess America's vulnerability through its
ports, business and government leaders found that such an attack could
potentially cripple global trade and have a devastating impact on the
nation's economy.  (See item 2)

.       CBS reports a huge, fast-moving storm has spread ice and snow
from the Texas Panhandle to Virginia, making highways slippery and
knocking out power to thousands of customers, and is expected to dump
heavy snow and ice tomorrow in Washington, D.C., Philadelphia, and New
England.  (See item 11)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Banking & Finance

Gas & Oil

Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
NIPC Information

Power Sector

1.      December 4, Associated Press - Governor extends National Guard
security at nuclear plants until March.  Pennsylvania Gov. Mark
Schweiker said the National Guard and state police will patrol the
state's five nuclear power plants at least until March 2003.  In a
November 2001 disaster emergency proclamation, Schweiker directed the
National Guard to join state police at the plants.  On Tuesday,
Schweiker for the fifth time extended the proclamation, which had been
set to expire this week.  Source:

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -]

[return to top]

Banking and Finance Sector

Nothing to report.

[return to top]

Transportation Sector

2.      December 4, Business Wire - Wargame reveals that threats to port
security call for integrated public/private action.  In a strategic
simulation of a terror attack designed to thoroughly assess America's
vulnerability through its ports, a group of business and government
leaders found that such an attack could potentially cripple global trade
and have a devastating impact on the nation's economy.  The group
focused on ways to improve detection before a weapon gets to a U.S.
port, as well as help businesses to build resiliency into their
operations.  The two-day Port Security Wargame took place October 2-3,
2002 in Washington, D.C., with 85 leaders from a range of government and
industry organizations, who have a critical stake in port security.  The
results of the wargame revealed that at current preparedness levels, a
"dirty bomb" attack through the ports could cost U.S. businesses as much
as $58 billion.  Source: 

3.      December 2, Vancouver Sun - Canadian Coast Guard reports vast
security gaps.  The Canadian Coast Guard is unable to adequately protect
Canada's coastlines from terrorists, says Coast Guard Commissioner John
Adams.  The CCG, which acts as the country's coastal eyes and ears
through a series of radar stations and at-sea surveillance, relies
largely on an honor system to obtain information on the whereabouts of
incoming vessels.  So the coast guard knows of vessels in Canadian
waters only "if they want us to know," according to Adams.  Adams' blunt
assessment echoes the conclusions of a Senate report in September that
said Canada's coastlines are vulnerable to terrorists and their weapons
of mass destruction.  While the coast guard has the ability to track
suspicious boats near busy waterways, its hands are tied in areas such
as the central and northern British Columbia coast where there is no
radar capability.  Until this year, the Prince Rupert, B.C. station
tracked vessels using a Second World War-style table map over which
little wooden boats were moved around manually.  Adams painted a grim
picture of the coast guard's state, saying the service still can do its
job but needs a $400-million infusion in the next three to five years
just to renew an aging fleet of vessels. Source:

[return to top]

Gas and Oil Sector

Nothing to report.

[return to top]

Telecommunications Sector

Nothing to report.

[return to top]

Food Sector

4.      December 4, CBC Saskatchewan (Canada) - Canadian farmers trying
chronic wasting disease (CWD) test on elk.  Dr. Tony Milici, of
GeneThera Research in Colorado, says he has developed a new live test
for CWD, which has devastated deer and elk farmers in Canada.  CWD can
cripple an animal's brain and nervous system within weeks, eventually
killing it.  When one infected animal is found, the entire herd is
destroyed to prevent the disease from spreading.  The problem is
testing.  Currently, animals that show symptoms can only be tested for
CWD after they're dead.  The new test is used on live animals.
Veterinarians "probably need to just draw blood for these animals and
look at the specific marker in the blood rather than killing the animals
and looking in the brain," said Milici.  If the test works, it would be
a major advantage for ranchers, but regulators remain cautious.
Milici's test "will have to undergo rigorous scrutiny by the scientific
community as well as testing to ensure that it truly detects the true
positive animals," said Dr. George Luterback of the Canadian Food
Inspection Agency.  Source: 

[return to top]

Water Sector

Nothing to report.

[return to top]

Chemical Sector

Nothing to report.

[return to top]

Emergency Law Enforcement Sector

Nothing to report.

[return to top]

Government Operations Sector

5.      December 4, Associated Press - Incinerating chemical weapons is
safe, storage is not, new report says.  America's arsenal of chemical
weapons can be safely incinerated at a few sites around the country,
despite chemical releases and violations at the only two operational
incinerators, according to a report Tuesday.  "The risk to the public
and to the environment of continued storage overwhelms the potential
risk of processing and destruction of stockpiled chemical agent," said
the report by the National Research Council, a branch of the National
Academies of Science.  The council did not weigh in on whether
incineration was preferable to other methods of neutralizing the
chemical agents.  The council report identified 40 cases where chemical
agents leaked into areas where it was not supposed to have been and
three where it escaped from an incinerator building. But it said amounts
that escaped were too small to threaten the public.  Critics who favor
neutralization said the report ignored important incidents and glossed
over the dangers of incineration.  About a quarter of the stockpile has
been destroyed at weapons incinerators in Tooele, Utah, and on Johnston
Atoll in the Pacific Ocean. Incinerators in Anniston, Ala.; Pine Bluff,
Ark.; and Umatilla, Ore., are scheduled to begin operations in the
coming months.  Chemical agents in Newport, Ind.; Aberdeen, Md.; Pueblo,
Colo.; and Bluegrass, Ky., are to be neutralized using chemicals.  The
study was financed by the Defense Department and requested by former
Rep. Bob Riley, R-Ala., the state's governor-elect.  Source:

6.      December 3, Associated Press - Health and Human Services
Secretary Tommy Thompson showed off his agency's new command center
Tuesday, saying it will help the department better deal with
bioterrorism and other emergencies.  The center, located in a former
conference room near Thompson's office, is outfitted with computers,
satellite videoconferencing capabilities, telephones and computer
mapping tools that allow officials to track the movement of medical
supplies and emergency personnel.  It has its own ventilation system,
meaning officials could stay in the center even if the rest of the HHS
headquarters were contaminated and had to be evacuated.  The center is
being staffed 24 hours a day, seven days a week, in case of an
emergency.  HHS said that the center was built on time and under budget
- it was built in just 59 days and cost $3.5 million, $1 million less
than Congress appropriated.  The leftover money will be used to improve
crisis communications in other parts of HHS, officials said.  Source: 

7.      December 2, Department of Defense - Personnel, war, readiness
priorities of authorization act.  President Bush signed the National
Defense Authorization Act for 2003 into law Dec. 2 during a ceremony at
the Pentagon.  The act actually allows DoD to spend money released under
the 2003 National Defense Appropriations Act, which Bush signed Oct. 23.
The act authorizes $7.3 billion for counterterrorism programs throughout
the services.  Much of this is channeled into biological warfare defense
and chemical and biological detection, protection and decontamination.
The act directs DoD to set up National Guard civil support teams in all
states and territories.  Also included is authorization to create the
new positions of under-secretary of defense for intelligence and
assistant secretary of defense for homeland security.  Source: 

[return to top]

Information Technology Sector

8.      December 4, Government Computer News - GIS interface will help
agencies build out 'spatial Web' for simulated government emergency
operations.  Government and industry members of the OpenGIS Consortium
Inc. have forged a fast-track interoperability consensus that culminated
recently in live international Web mapping via the OGC Web Services 1.2
interface.  Working from the OWS 1.2 interface on varied notebook PCs,
representatives of federal, state and local agencies collaborated with
vendors to show how a simulated government emergency operations center
might scope out fast-breaking local events.  The imaginary events
included a tornado, a white truck being sought by police and a hazardous
spill on an interstate bridge.  The participants called up and merged
maps, geographic information systems data, live webcam images,
photographs, and demographic and tax parcel records to present a
composite package of information to decision-makers and emergency
responders.  The composite could be used, for example, to define
evacuation routes.  Some of the data came from online sources in other
nations.  "This demonstration will have big implications for Geospatial
One Stop," said Myra J. Bambacus, acting executive director of the
geospatial portal that is one of the Office of Management and Budget's
25 e-government initiatives.  Source.

[return to top]

Cyber Threats and Vulnerabilities

9.      December 4, CERT/CC - Vulnerability Note VU#140977: SSH Secure
Shell for Workstations contains buffer overflow vulnerability.  The
Windows version of SSH Secure Shell for Workstations contains a buffer
overflow vulnerability that may allow an attacker to execute arbitrary
code.  The SSH Secure Shell for Workstations client includes a URL
handling feature that allows users to launch URLs that appear in the
terminal window.  When the user clicks on a URL, it will be launched
using their default browser.  Versions 3.1 to 3.2.0 of this application
contain a buffer overflow vulnerability that is triggered when the
launched URL is approximately 500 characters or greater in length.  To
exploit this vulnerability, an attacker must supply a malicious URL to a
terminal session and convince the victim to launch it.  Source.

10.     December 3, CERT/CC - Vulnerability Note VU#740169: Cyrus IMAP
Server contains a buffer overflow vulnerability.  A buffer overflow
vulnerability exists in versions of Cyrus IMAP Server up to and
including 2.1.10.  This vulnerability may allow a remote attacker to
execute arbitrary code on the mail server with the privileges of the
Cyrus IMAP Server.  Cyrus IMAP Server is an e-mail application that uses
the Internet Message Access Protocol (lMAP). Version 2.1.10 and prior of
the Cyrus IMAP Server contain a buffer overflow vulnerability that may
be exploited prior to authentication to the IMAP server.  Exploitation
of this vulnerability may also rely on the implementation of malloc()
being used on the system.  This is not typically root, but may lead to
the ability to read all mail on the system.  Source.

Internet Alert Dashboard
Current Alert Levels

Internet Security Systems 
AlertCon: 1 out of 4
Security Focus ThreatCon: 1 out of 4

Last Changed: 26 November 2002  Last Changed: 23 November 2002
Current Virus and Port Attacks
Virus:  #1 Virus in USA: PE_ELKERN.D
Source:, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]
Top 10 Target Ports     137(netbios-ns); 80(http); 1433(ms-sql-s);
21(ftp); 25(smtp); 139(netbios-ssn); 445(microsoft-ds); 4665(edonkey);
1646(sa-msg-port); 4662
Source:; Internet Storm Center

[return to top]

General Information

11.     December 4, CBS - Winter storm hits U.S. hard.  A huge,
fast-moving storm spread ice and up to a foot of snow from the Texas
Panhandle to Virginia, making highways slippery and knocking out power
to thousands of customers.  From a "whiteout" in Missouri to blackouts
in Arkansas and Tennessee, leaving thousands powerless, this fast-moving
system that dumped up to 10 inches of flood water on Houston yesterday
today put millions of people into the snow season's first significant
storm.  "Some places are getting heavy precipitation. and some are
getting significant amounts of ice.  Other places will get snow on the
order of 2 to 4 to 6 inches or more," Dr. Jim Hoke, NOAA Meteorologist
said.  Schools were closed in nearly a dozen states, including Oklahoma,
Kansas, Missouri, Arkansas, Kentucky, Tennessee, Illinois, the Carolinas
and Virginia.  Some 37,000 homes and businesses were blacked out in
Oklahoma, utility officials said. Lt. Gov. Mary Fallin declared 42 of
the state's 77 counties a disaster emergency area, allowing utilities to
ask for help from out-of-state companies.  About 56,000 homes and
business had no electricity in northern Arkansas, and utilities said
some people might have to wait until Saturday to get their lights back.
This storm will reform over night and swing northeast. Heavy snow and
ice is expected tomorrow in Washington and Philadelphia, and up into New
England.  Source: 

12.     December 4, Edmonton Journal (Canada) - Canadian cities buy
chemical detectors.  Seven Alberta cities, including Edmonton, are the
first in Canada to buy chemical detectors that are being used by UN
weapons inspectors in Iraq.  They are considered to be the first
reliable, on-site detectors of the potentially deadly toxins anthrax,
ricin and botulinum, and are expected to revolutionize how chemical
threats are handled.  Instead of waiting hours or days for lab tests to
determine whether a threat is real, the Rapid Analyte Measurement
Platform or RAMP system provides results within 15 minutes.  When the
machines arrive, likely by the end of February, Edmonton, Calgary, Red
Deer, Fort McMurray, Grand Prairie, Lethbridge and Medicine Hat will
each get one detector.  "Without this kind of monitoring equipment, you
have to treat every event as a real one," said Bob Black, Edmonton's
emergency preparedness director.  The device has been tested by the
Canadian Department of National Defense, the Maryland State Department
of Health, and Intertox Inc., a Seattle, WA based public and
occupational health firm.  Source:

13.     December 4, St. Petersburg Times (Florida) - Florida lab in
smallpox program.  A Dunedin, Florida lab is among several that will use
volunteers to produce doses of antibodies for those who suffer reactions
to the smallpox vaccine.  Due to the nature of the smallpox vaccine,
health officials need more than just the vaccine and a plan to
distribute it.  They, also, need an antivenin for people who suffer
dangerous reactions to the vaccine.  The only way to get that antivenin
or VIG is from the blood of people recently inoculated.  Now a small
number of clinics across the country are beginning to recruit volunteers
for a federal program designed to restore stocks of Vaccinia Immune
Globulin or VIG.  For this project, the smallpox vaccine is provided by
the U.S. Centers for Disease Control and Prevention (CDC) under the
auspices of a clinical trial.  The CDC wants 30,000 doses of VIG by this
time next year and roughly 100,000 doses within the next five years.  It
has contracted with a Canadian biologics company, Cangene Corp., to
produce it.  Cangene has hired about 16 U.S. biologics labs to recruit
volunteers, administer the vaccine and harvest their plasma.  Source: 

14.     December 4, New York Times - Researchers at Columbia University
are embarking on a three-year study of the evacuation of the World Trade
Center twin towers during the terrorist attack to help determine how
individual behavior, the structure of the buildings and emergency
management procedures affected who survived and why.  Since the 9/11
attack, public health researchers have inquired into the array of
conditions related to the disaster, including studies of the structural
factors that led to the collapse of the towers, the response of
emergency workers and the health-related effects of the collapse of the
buildings and the cleanup afterward.  But relatively few of those
efforts have focused on the more than 12,000 people who were safely
evacuated from the towers, said Robyn Gershon, an associate professor of
sociomedical sciences at Columbia, who is one of the principal
investigators in the study.  Source: 

[return to top]

NIPC Products & Contact Information

The National Infrastructure Protection Center (NIPC) serves as a
national critical infrastructure threat assessment, warning,
vulnerability, and law enforcement investigation and response entity.
The NIPC provides timely warnings of international threats,
comprehensive analysis and law enforcement investigation and response.
The NIPC provides a range of bulletins and advisories of interest to
information system security and professionals and those involved in
protecting public and private infrastructures.  By visiting the NIPC
web-site (, one can quickly access any of the
following NIPC products:

2002 NIPC Advisories - Advisories address significant threat or incident
information that suggests a change in readiness posture, protective
options and/or response.

2002 NIPC Alerts - Alerts address major threat or incident information
addressing imminent or in-progress attacks targeting specific national
networks or critical infrastructures.

2002 NIPC Information Bulletins - Information Bulletins communicate
issues that pertain to the critical national infrastructure and are for
informational purposes only.

2002 NIPC CyberNotes - CyberNotes is published to support security and
information system professionals with timely information on cyber
vulnerabilities, malicious scripts, information security trends, virus
information, and other critical infrastructure-related best practices. 

2002 NIPC Highlights - The NIPC Highlights are published on a monthly
basis to inform policy and/or decision makers of current events,
incidents, developments, and trends related to Critical Infrastructure
Protection (CIP).  Highlights seeks to provide policy and/or decision
makers with value-added insight by synthesizing all source information
to provide the most detailed, accurate, and timely reporting on
potentially actionable CIP matters.

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to