DAILY BRIEF Number: DOB02-165 Date: 15 October 2002 http://www.ocipep.gc.ca/DOB/DOB02-165_e.html
NEWS Cleanup continues after ships collide A collision between two cargo ships near Montreal prompted an overnight shutdown of the St. Lawrence Seaway. A Canadian bulk carrier vessel collided with a Dutch-registered heavy lift cargo ship just east of the Mercier Bridge in Montreal. Emergency work crews have removed about 100 litres of oil that spilled from one of the ships. Although both ships experienced extensive damage, no serious injuries were reported. The Seaway was reopened early Sunday morning. (Source: montreal.cbc.ca, 13 October 2002) Click here for the source article Comment: Verifications made with the Canadian Coast Guard (CCG) on October 14 revealed that the Dutch ship remained tied down in the port of Montreal for inspection. The Canadian vessel was allowed to leave Montreal. According to a CCG official, verification of the environment showed no signs of pollutants in the river or on the banks. Train derailment in New Brunswick: Sulfuric acid leak A train derailment that occurred last Friday morning, 30 kilometres southwest of Bathurst, resulted in the shutdown of the VIA Rail train corridor, Bathurst-Moncton. The derailment involved 21 freight cars of the N.B. East Coast Railway, some of which contained sulfuric acid and sodium chloride. Although some of the product leaked, there was no immediate danger to populated areas or the environment. It was anticipated that repairs would be completed by Monday or Tuesday. (Source www.canoe.ca, 13 October 2002) Click here for the source article IN BRIEF Bali explosions kill tourists: Link to terrorism Indonesian Defence Minister Matori Abdul Djalil has stated that the explosions that claimed the lives of more than 180 people last Saturday is linked to al-Qaeda. Three Canadian citizens were injured and one is presumed dead. The Department of Foreign Affairs has issued an advisory, urging people to avoid vacationing in Indonesia until further notice. (Source: cbc.ca, 15 October 2002) Click here for the source article Comment: There are media reports that a statement reputed to be issued by Osama bin Laden himself yesterday praises this most recent terrorist attack, as well as the recent activities in Yemen and Kuwait, and warns of more to come. To access the DFAIT travel advisory for Indonesia go to: http://www.voyage.gc.ca/destinations/menu_e.htm West Nile virus - Update Health officials in Brockville, Ontario, suspect that a local woman, who has recently taken ill, may have been infected with the West Nile virus. If the analysis is positive, the woman will be the first confirmed case of the West Nile virus in the area. (Source: cbc.ca, 11 October 2002) Click here for the source article U.S. exercise tests government's response to terrorist threats A two-day exercise involving high-level government officials will be held at Andrews Air Force Base, beginning October 17. The exercise will test the U.S. government's response efforts, should they be faced with several credible terrorist threats targeting American energy facilities. (Source: wired.com, 14 October 2002) Click here for the source article Segments of U.S. private sector urged to increase role in security The Council on Competitiveness, a Washington, D.C. think tank, gained the endorsement of several prominent U.S. CEOs (including those from Merck, AT&T and Cisco, as well as public sector leaders and academics) for a "call to action" regarding security for the U.S. private sector. The document proposes that improvements in security necessary to address vulnerability gaps in privately-controlled critical infrastructures can simultaneously improve productivity. (Source: compete.org, 11 October 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats There are no updates to report at this time. Vulnerabilities SecurityFocus reports on a locally exploitable privilege escalation vulnerability in MS Windows 2000 NetDDE. No known patch is available at this time. http://online.securityfocus.com/bid/5927/discussion/ SecurityFocus reports on a remotely exploitable cross-site scripting vulnerability in MS Content Management Server 2001. No known patch is available at this time. http://online.securityfocus.com/bid/5922/discussion/ SecurityFocus reports on a remotely exploitable denial-of-service vulnerability in IBM AIX 4.3.3 and 5.1. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/5925/discussion/ Additional vulnerabilities were reported in the following products: SurfControl SuperScout e-mail filter vulnerabilities. (SecurityFocus) http://online.securityfocus.com/bid/5929/discussion/ http://online.securityfocus.com/bid/5928/discussion/ http://online.securityfocus.com/bid/5931/discussion/ http://online.securityfocus.com/bid/5930/discussion/ Authoria HR Suite AthCGI.EXE cross-site scripting vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5932/discussion/ VBZoom arbitrary file upload vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5926/discussion/ PHPBB2 Avatar 2.0.0-2.0.3 information disclosure vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5923/discussion/ NETGEAR's FVS318 Firewall/VPN/Router plain text DDNS's username and password storage vulnerability. (SecuriTeam) http://www.securiteam.com/securitynews/6W00D0A5PY.html NETGEAR FM114P TCP flood and authentication cracking vulnerability. (SecuriTeam) http://www.securiteam.com/securitynews/6X00E0A5PW.html TSAC Web package/IIS 5.1 connect.asp cross-site scripting vulnerability. (SecuriTeam) http://www.securiteam.com/windowsntfocus/6U00B0A5PY.html Tools IPTables log analyzer 0.3 displays Linux 2.4 iptables logs (rejected, accepted, masqueraded packets...) in a HTML page. (GeGe) http://www.gege.org/iptables/ CONTACT US To add or remove a name from the distribution list, or to modify existing contact information, e-mail: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP's Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP's Communications Division at: Phone: (613) 944-4875 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk