National Infrastructure Protection Center
NIPC Daily Open Source Report for 13 December 2002

Daily Overview

.       Microsoft has released "Security Bulletin MS02-069: Flaw in
Microsoft VM Could Enable System Compromise (Critical)."  (See item 15)

.       Microsoft has released "Security Bulletin MS02-071: Flaw in
Windows WM_TIMER Message Handling Could Enable Privilege Elevation
(Important)."  (See item 17)

.       CERT announces "Advisory CA-2002-35, Vulnerability in RaQ 4
Servers" which is a remotely exploitable vulnerability discovered in Sun
Cobalt RaQ 4 Server Appliances running Sun's Security Hardening Package.
(See item 14)

.       The U.S. Coast Guard reports the Gulf Safety Committee is
implementing several programs to make the Gulf of Mexico a safer, more
secure, and economically viable region for commercial and recreational
use.  (See item 3)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Banking & Finance

Gas & Oil

Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
NIPC Information

Power Sector

1.      December 12, Reuters - NRC may cite TXU's Texas nuclear plant
following water leak.  The U.S. Nuclear Regulatory Commission (NRC) will
decide within 30 days whether to cite a TXU Corp unit for an apparent
safety violation at a Texas nuclear power unit, the agency and TXU said
Wednesday.  The apparent violation involves a leaking steam generator
tube at the 1,150 megawatt Comanche Peak 1 plant in Glen Rose, Texas.
The unit is currently shut for electrical work and is expected to return
to service within a few days.  NRC public affairs officer Roger Hannah
told Reuters that in the case that led to the leak, there was an
apparent violation.  There was no detectable radiation released into the
environment, Hannah said.  In response, TXU Energy spokesman David
Beshear said the company has retrained its analysts to look for this
particular kind of problem.  Source:

2.      December 9, - In Russia nuclear sites' security
increased due to new threats.  In an interview with the Moscow radio
station Ekho Moskvy, Rusenergoatom (Russian state nuclear energy
company) general director Oleg Saraev announced that Russia is
scrambling to implement additional security measures for nuclear power
plants.  Whereas authorities had previously believed that nuclear power
plants could only be seriously damaged by a threat factor with
state-level capabilities, Saraev admitted, "Now we are convinced that
this would be possible even for very small groups of people."  Saraev
also told the radio station that Russia's nuclear plants are not
completely capable of withstanding a terrorist act.  "Technically they
are capable of withstanding only the impact of a military airplane,
fairly large, moving at a fairly good speed," Saraev was quoted.
Because of this, security forces were now scrambling to implement a
number of extra security measures.  Source: 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -]

[return to top]

Banking and Finance Sector

Nothing to report.

[return to top]

Transportation Sector

3.      December 10, U.S. Coast Guard - Gulf Safety Committee implements
security programs.  The Gulf Safety Committee, created in October 2001,
is implementing several programs to improve safety and security in the
Gulf of Mexico.  The committee is a Regional Marine Transportation
System Committee that brings together all offshore Gulf of Mexico (GOM)
waterway users.  Its goal is to stimulate procedural - and possibly
regulatory - changes to make the GOM a cleaner, safer and more secure
and economically viable region for commercial and recreational use.
Examples of the new informational programs it has developed include: a
one-page informational document to educate waterway users regarding the
two security advisory systems in use; identifying weaknesses in the
system for notifying waterway users of changes in the national threat
level assignment; working with the Coast Guard to implement an effective
notification system; developing a voluntary communication protocol to be
used between fishermen and oil and gas facilities; and working with all
applicable government agencies and industry representatives to develop a
voluntary security guideline for the offshore oil and gas industry.  The
Gulf Safety Committee has a new web site to communicate with its
membership and the public.  They encourage all interested persons to
visit to
read about the above projects.  Source: 

4.      December 13, Hartford Courant - Drones To Serve As Coastal
Watchdogs.  The U.S. Air Force has deployed them to monitor military
movements in Iraq, Afghanistan and the Philippines. The CIA dispatched
one recently to kill a suspected al Qaeda leader in Yemen. Now the Coast
Guard is planning to bring the latest in battlefield technology home to
the Atlantic Coast. The maritime service, set to join the new Department
of Homeland Security, is planning to deploy flying drones,
remote-controlled aircraft similar to those now used for wartime
surveillance, to patrol the nation's coastal regions for security
threats. Officials say the unmanned aerial vehicles, or UAVs, will
enable them to extend their reach into offshore waters by monitoring
larger areas less expensively and more efficiently.  Source:,0,2022454.story?c

5.      December 9, U.S. Customs Service - United Kingdom signs
declaration of principles to join U.S. Customs Container Security
Initiative.  U.S. Customs Commissioner Robert C. Bonner and Terry Byrne,
Law Enforcement Director General of Her Majesty's Customs and Excise,
and U.S. Ambassador to the United Kingdom, William S. Farish, announced
on Monday that the British government has agreed to participate in the
U.S. Customs Container Security Initiative (CSI).  Under terms of the
declaration announced today, U.S. Customs officers will be stationed at
the port of Felixstowe.  UK Customs and Excise Director General, Terry
Byrne said: "Sharing and applying intelligence is the key to
anticipating, spotting, and preventing terrorist attacks world wide and
that is at the heart of our agreement today.  We are pleased to be able
to play our part in working more closely with the U.S. and other
counterparts in identifying and checking the shipment of sea containers
around the world."  Source:

[return to top]

Gas and Oil Sector

6.      December 12, New York Times - Warnings from al-Qaeda stir fear
that terrorists may attack oil tankers.  A recent audiotape believed to
have been made by Osama bin Laden praised and seemed to take
responsibility for a suicide attack two months ago in which a speedboat
packed with explosives rammed and crippled a French tanker, the Limburg,
off Yemen.  Other leaders of al-Qaeda have vowed to cut the "economic
lifelines" of the world's industrialized societies.  The threats have
focused the attention of intelligence agencies and marine police
worldwide on the vulnerability of tankers.  Nowhere has the concern been
more acute than in the Strait of Malacca, between Malaysia and
Indonesia.  A quarter of the world's trade passes through the strait.
That includes half of all sea shipments of oil, bound for East Asia or
sometimes the United States, and two-thirds of the world's shipments of
liquefied natural gas.  More pirate attacks occur in Indonesian waters
than anywhere else in the world.  The pirates have spies in ports to
identify valuable targets, and sometimes confederates aboard as well.

7.      December 12, Dow Jones Newswires - Venezuela's state oil company
Petroleos de Venezuela SA (E.PVZ) was moving 350,000 barrels of crude
oil Thursday from a Lake Maracaibo port to the giant Amuay refinery,
Jose Fernandez, operations head at the Maracaibo port authority told Dow
Jones Newswires.  The Amuay refinery was brought down to standby mode
some days ago along with most others in Venezuela due to problems
resulting from a nationwide strike against President Hugo Chavez's
leadership.  Officials couldn't be reached for clarification on why the
government is moving crude to Amuay.  Source:

8.      December 11, Associated Press - St. Croix refinery cuts output
due to Venezuelan strike.  The Hovensa oil refinery in St. Croix was
forced to cut its daily output due to the protest strike paralyzing
Venezuela's oil industry, company officials said Wednesday.  The
refinery, one of the largest in the Western Hemisphere, usually receives
some 270,000 barrels out of its 440,000-barrel estimated daily
production from Venezuela's state-owned oil company, Petroleos de
Venezuela S.A., officials say.  "We have been informed by Petroleos de
Venezuela that they cannot provide us with any more crude oil in light
of their situation," said Alexander Moorhead, Hovensa vice president.
"And so we decided to reduce the oil refining rate until the end of the
month."  Source:

[return to top]

Telecommunications Sector

Nothing to report.

[return to top]

Food Sector

9.      December 12, Denver Post (Colorado) - Ranchers oppose new
CWD-rules.  The future of elk ranching in Colorado now rests with a pair
of state commissions as they begin examining tough new chronic wasting
disease (CWD) regulations that ranchers say will put them out of
business.  For the last two years, the industry has been battered by an
outbreak of chronic wasting disease that took hold in an elk ranch in
northeastern Colorado.  It has swept up more than two dozen ranchers who
bought elk from the infected ranch.  Now, state agriculture and wildlife
agencies are moving to implement new regulations that further restrict
the trade of live animals and impose expensive new safety requirements
on ranching operations.  Elk ranchers are preparing to sue.  Source:,1413,36%257E11799%257E1047173%257E,0

10.     December 11, Reuters - USDA: Pilgrim's Pride Knew of Listeria.
Pilgrim's Pride knew the listeria bacteria was present at its
Pennsylvania poultry plant months before its products were blamed for
killing eight people last summer, U.S. Agriculture Department (USDA)
officials said on Wednesday.  The poultry producer recalled 27.4 million
pounds of its Wampler brand ready-to-eat turkey and chicken products in
October after USDA inspectors found the plant's floor drains had tested
positive for listeria.  The USDA, along with the Centers for Disease
Control and Prevention, linked its poultry to a listeria outbreak that
has caused eight deaths, three miscarriages, and 45 more illnesses.
USDA Undersecretary Elsa Murano said Pilgrim's Pride routinely tested
for listeria and found "a spike" in July and August for its presence.
However, the company did not share the information with USDA.  As a
result, on Monday the USDA ordered its inspectors to increase listeria
testing at plants that choose not to share critical food safety
information.  Source:  

[return to top]

Water Sector

Nothing to report.

[return to top]

Chemical Sector

Nothing to report.

[return to top]

Emergency Law Enforcement Sector

Nothing to report.

[return to top]

Government Operations Sector

11.     December 10, Lawrence Livermore National Laboratory, Department
of Energy - Director creates new homeland security organization.
Director Michael Anastasio today designated a new Homeland Security
Organization at Lawrence Livermore National Laboratory.  Dr. Wayne
Shotts, associate director for the Lab's Nonproliferation, International
Security and Arms Control Directorate, will head the new organization in
an acting capacity.  With the creation of the Homeland Security
Organization, the Laboratory unveiled two new technologies: Analytical
Conflict and Tactical Simulation (ACATS) can be used to analyze concepts
of operation, technology and training for emergency responders.  ACATS
has been designed to model emergency response operations in a range of
urban settings, from the spread of a chemical or biological agent within
a building to the search for survivors in the rubble of a bombed
building.  The second technology, the Homeland Operational Planning
System (HOPS), is being developed in partnership with the California
National Guard, specifically for homeland security planning and
analyses.  HOPS analyses provide insight into the vulnerabilities of
elements of U.S. infrastructure and the effectiveness of options for
mitigating vulnerabilities and for defending against terrorist attacks
ACATS press release:  HOPS
press release: 

12.     December 12, Washington Post - Bush appoints Postal Service
review panel. President Bush named a nine-member commission Wednesday to
study ways to improve the perennially troubled finances of the U.S.
Postal Service.  Bush said in an executive order that the commission
should find ways the Postal Service can continue delivering to every
address in the nation at affordable rates while "minimizing the
financial exposure of the American taxpayers."  The project was
announced at the Treasury Department by Peter R. Fisher, undersecretary
for domestic finance, who said the goal is "ensuring the long-term
viability of the Postal Service, for mailers and for taxpayers."

13.     December 12, Washington Post - Postal officials detail Brentwood
cleanup plan.  U.S. Postal Service officials expressed confidence
Wednesday that the year-long effort to develop a safe and effective
means of ridding the postal plant on Brentwood Road in North East
District of Columbia of anthrax spores will pay off this weekend, when a
full fumigation is scheduled to begin.  During a community meeting in
Northeast Washington and at an earlier news briefing, postal officials
detailed their plans for the decontamination, the first stages of which
will begin at 3 p.m. Saturday and continue into next week.  The process
calls for 2,000 pounds of chlorine dioxide gas to be pumped into the
quarantined facility, which has been shut since October 2001 after two
letters containing anthrax spores passed through the building on their
way to Capitol Hill.  Chlorine dioxide is a disinfectant used to purify
drinking water that scientists have learned is lethal to anthrax spores
when maintained in certain conditions.  Source:

[return to top]

Information Technology Sector

Nothing to report.

[return to top]

Cyber Threats and Vulnerabilities

14.     December 11, CERT/CC - Advisory CA-2002-35 Vulnerability in RaQ
4 Servers. A remotely exploitable vulnerability has been discovered in
Sun Cobalt RaQ 4 Server Appliances running Sun's Security Hardening
Package (SHP).  Exploitation of this vulnerability may allow remote
attackers to execute arbitrary code with superuser privileges.  Cobalt
RaQ 4 is a Sun Server Appliance. Sun provides a Security Hardening
Package (SHP) for Cobalt RaQ 4.  Although the SHP is not installed by
default, many users choose to install it on their RaQ 4 servers.  A
vulnerability in the SHP may allow a remote attacker to execute
arbitrary code on a Cobalt RaQ 4 Server Appliance.  The vulnerability
occurs in a cgi script that does not properly filter input.
Specifically, overflow.cgi does not adequately filter input destined for
the email variable.  Source.

15.     December 11, Microsoft - Microsoft Security Bulletin MS02-069:
Flaw in Microsoft VM Could Enable System Compromise (Critical).  A new
version of the Microsoft VM is available, which includes all previously
released fixes for the VM, as well as fixes for eight newly reported
security issues.  All of the vulnerabilities share a pair of common
mitigating factors:  The web-based attack vector would be blocked if the
user had disabled Java applets in the Internet Explorer security zone in
which the attacker's web site rendered.  The email vector would be
blocked if the user were running any of several mail clients.
Specifically, Outlook Express 6 and Outlook 2002 (which ships as part of
Office XP) disable Java by default, and Outlook 98 and 2000 disable it
if the Outlook Email Security Update has been installed.  Please see the
bulletin for details on all eight vulnerabilities.  Source.

16.     December 11, Microsoft - Microsoft Security Bulletin MS02-070:
Flaw in SMB Signing Could Enable Group Policy to be Modified (Moderate).
A flaw in the implementation of SMB Signing in Windows 2000 and Windows
XP could enable an attacker to silently downgrade the SMB Signing
settings on an affected system.  To do this, the attacker would need
access to the session negotiation data as it was exchanged between a
client and server, and would need to modify the data in a way that
exploits the flaw.  This would cause either or both systems to send
unsigned data regardless of the signing policy the administrator had
set.  After having downgraded the signing setting, the attacker could
continue to monitor the session and change data within it; the lack of
signing would prevent the communicants from detecting the changes.

17.     December 11, Microsoft - Microsoft Security Bulletin MS02-071:
Flaw in Windows WM_TIMER Message Handling Could Enable Privilege
Elevation (Important).  By default, several of the processes running in
the interactive desktop do so with LocalSystem privileges.  As a result,
an attacker who had the ability to log onto a system interactively could
potentially run a program that would levy a WM_TIMER request upon such a
process, causing it to take any action the attacker specified.  This
would give the attacker complete control over the system.  In addition
to addressing this vulnerability, the patch also makes changes to
several processes that run on the interactive desktop with high
privileges.  Although none of these would, in the absence of the
TM_TIMER vulnerability, enable an attacker to gain privileges on the
system, we have included them in the patch to make the services more
robust.  Source.

Internet Alert Dashboard
Current Alert Levels

Internet Security Systems 
AlertCon: 1 out of 4
Security Focus ThreatCon: 1 out of 4

Last Changed:  26 November 2002 Last Changed: 23 November 2002
Current Virus and Port Attacks
Virus:  #1 Virus in USA: PE_FUNLOVE.4099
Source:, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]
Top 10 Target Ports     137(netbios-ns); 80(http); 1433(ms-sql-s);
21(ftp); 23(telnet); 4899(radmin); 4662; 445(microsoft-ds);
Source:; Internet Storm Center

[return to top]

General Information

18.     December 12, Washington Post - U.S. suspects al-Qaeda got nerve
agent from Iraqis.  The Bush administration has received a credible
report that Islamic extremists affiliated with al-Qaeda took possession
of a chemical weapon in Iraq last month or late in October, according to
two officials with firsthand knowledge of the report and its source.
They said government analysts suspect that the transaction involved the
nerve agent VX and that a courier managed to smuggle it overland through
Turkey.  Knowledgeable officials, speaking without White House
permission, said information about the transfer came from a sensitive
and credible source whom they declined to discuss.  Source: 

19.     December 12, Washington Post - Biodefense testing site coming to
Bethesda, MD.  The National Institutes of Health in Bethesda, MD plans
to break ground next year on a $186.1 million facility for testing
microbes that could be used by bioterrorists.  The 85,000-square-foot
Building 33 would allow the National Institute of Allergy and Infectious
Diseases (NIAID) to consolidate and significantly expand research on
dangers such as anthrax, tuberculosis, smallpox, and other viruses and
bacteria.  NIAID has stepped into a leading role in the country's
biodefense.  Its mandate now is to develop vaccines, diagnostic tools
and medicines to protect Americans against organisms that, in
terrorists' hands, could cause widespread illness or death.  Institute
director Anthony S. Fauci calls construction of the facility essential
to meeting this challenge.  Without Building 33, research will continue
to be constrained because of insufficient laboratory space, he said.
"You're going to be severely hampered in putting together a
comprehensive biodefense effort."  Source: 

20.     December 11, Purdue University News (Indiana) - Nanoparticles
could aid biohazard detection.  Nanotechnology could make life tougher
for terrorists, reports a Purdue University research team.  A group led
by Jillian Buriak, associate professor of chemistry in Purdue's School
of Science, has found a rapid and cost-effective method of forming tiny
particles of high-purity metals on the surface of advanced semiconductor
materials such as gallium arsenide.  The researchers have learned how to
use these nanoparticles as a bridge to connect the chips with organic
molecules.  Biosensors based on this development could lead to advances
in the war on terrorism.  "It is possible that this discovery will
enable chips similar to those found in computers to detect biohazards
such as bacteria, nerve gas, or other chemical agents" said Buriak.

[return to top]

NIPC Products & Contact Information

The National Infrastructure Protection Center (NIPC) serves as a
national critical infrastructure threat assessment, warning,
vulnerability, and law enforcement investigation and response entity.
The NIPC provides timely warnings of international threats,
comprehensive analysis and law enforcement investigation and response.
The NIPC provides a range of bulletins and advisories of interest to
information system security and professionals and those involved in
protecting public and private infrastructures.  By visiting the NIPC
web-site (, one can quickly access any of the
following NIPC products:

2002 NIPC Advisories - Advisories address significant threat or incident
information that suggests a change in readiness posture, protective
options and/or response.

2002 NIPC Alerts - Alerts address major threat or incident information
addressing imminent or in-progress attacks targeting specific national
networks or critical infrastructures.

2002 NIPC Information Bulletins - Information Bulletins communicate
issues that pertain to the critical national infrastructure and are for
informational purposes only.

2002 NIPC CyberNotes - CyberNotes is published to support security and
information system professionals with timely information on cyber
vulnerabilities, malicious scripts, information security trends, virus
information, and other critical infrastructure-related best practices. 

2002 NIPC Highlights - The NIPC Highlights are published on a monthly
basis to inform policy and/or decision makers of current events,
incidents, developments, and trends related to Critical Infrastructure
Protection (CIP).  Highlights seeks to provide policy and/or decision
makers with value-added insight by synthesizing all source information
to provide the most detailed, accurate, and timely reporting on
potentially actionable CIP matters.

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to