Dear All,
The web site has been on hold for a very long time as I could not afford
the bandwidth anymore. Luckily, I have final managed to get a secure
server to host the site and mailing list(s) and about a month ago I
redesigned the site with a friend of mine to make it more user-friendly
and
National Infrastructure Protection Center
NIPC Daily Open Source Report for 2 January 2003
Daily Overview
. The Stars and Stripes reports the enrollment and claim files of
550,000 beneficiaries of the military's managed-care medical network
were stolen on December 14. (See item 8)
.
National Infrastructure Protection Center
NIPC Daily Open Source Report for 31 December 2002
Daily Overview
. The Washington Post reports that U.S. intelligence officials
have identified approximately 15 cargo freighters around the world that
they believe are controlled by al Qaeda or
National Infrastructure Protection Center
NIPC Daily Open Source Report for 30 December 2002
Daily Overview
. SecuriTeam reports that certain Cisco products containing
support for the Secure Shell (SSH) server are vulnerable to a Denial of
Service (DoS) if the SSH server is enabled on the
National Infrastructure Protection Center
NIPC Daily Open Source Report for 26 December 2002
Daily Overview
. Internet Security Systems has raised its AlertCon Internet
threat indicator to Level 2, in part due to ISS observations of multiple
distributed denial of service (DDOS) attacks
I wish everyone a Merry Christmas.
WEN
***
NORTH AMERICAN AEROSPACE
DEFENSE COMMAND
Directorate of Public Affairs, Headquarters, North American Aerospace
Defense Command
250 S. Peterson Blvd, Suite 116, Peterson AFB, Colo. 80914-3190
Phone: (719) 554-6889 DSN: 692-6889
20 December 2002
The Military View of Peace and Security, by General Richard B. Myers
(Access to advanced technology increases threat environment) (3020)
(The following article by General Richard Myers, chairman of the Joint
Chiefs of Staff, appears in the International Information Program
National Infrastructure Protection Center
NIPC Daily Open Source Report for 20 December 2002
Daily Overview
. CERT has released Advisory CA-2002-3: Buffer Overflow in
Microsoft Windows Shell. (See item 20)
. Foundstone reports a buffer overflow exists in Microsoft
Internet
Risk management perfect tool for holiday, winter season
by Lt. Col. Juan Gaud
Electronic Systems Center chief of safety
12/18/2002 - HANSCOM AIR FORCE BASE, Mass. (AFPN) -- In our haste during
this time o! f the year we often make decisions without giving much
thought to the risks involved or
_
London, Friday, December 20, 2002
_
INFOCON News
(Usually I send my detailed comments only onto the IWS Limited List, but as the paper
is so interesting I make an exception. I like the paper, even though the definition of
Cyberterrorism is not the greatest one and I do not like the bit about the WWII as it
is too simplistic ('know thy
(The study is available at
http://books.nap.edu/books/0309087023/html/index.html. WEN)
Study Finds Internet Showed Resilience in Terrorist Attacks
(Analysis explores how to brace information technologies for future
attacks) (1050)
The Internet sustained minimal damage when terrorists attacked
See also Beware the Latest MP3 Worms
http://www.wired.com/news/technology/0,1282,56924,00.html
-Original Message-
From: UNIRAS (UK Govt CERT) [mailto:[EMAIL PROTECTED]]
Sent: 19 December 2002 10:43
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 461/02 - Microsoft - Unchecked Buffer in
_
London, Thursday, December 19, 2002
_
INFOCON News
National Infrastructure Protection Center
NIPC Daily Open Source Report for 19 December 2002
Daily Overview
. ZDNet reports several critical vulnerabilities have been found
in the MySQL database system, a light database package commonly used in
Linux environments but which runs also on
_
London, Wednesday, December 18, 2002
_
INFOCON News
National Infrastructure Protection Center
NIPC Daily Open Source Report for 18 December 2002
Daily Overview
. CERT has received reports of increased scanning of port 445.
This may be evidence of the propagation of a worm known as W32/Lioten.
(See item 15)
. Infoworld reported a
-Original Message-
From: Opscen (OCIPEP / GEOCC) [mailto:[EMAIL PROTECTED]]
Sent: 16 December 2002 23:09
To: OCIPEP EXTERNAL DISTRIBUTION LISTS
Subject: OCIPEP AV02-053
La version française suit
THE OFFICE OF CRITICAL INFRASTRUCTURE PROTECTION AND EMERGENCY
PREPAREDNESS
_
London, Tuesday, December 17, 2002
_
INFOCON News
National Infrastructure Protection Center
NIPC Daily Open Source Report for 16 December 2002
Daily Overview
. CNN reports President Bush announced Friday that he is ordering
500,000 military personnel and others in high-risk parts of the world
receive the smallpox vaccine. (See item 14)
_
London, Monday, December 16, 2002
_
INFOCON News
CRYPTO-GRAM
December 15, 2002
by Bruce Schneier
Founder and CTO
Counterpane Internet Security, Inc.
[EMAIL PROTECTED]
http://www.counterpane.com
A free monthly newsletter providing summaries,
National Infrastructure Protection Center
NIPC Daily Open Source Report for 11 December 2002
Daily Overview
. CERT has announced Vulnerability Note VU#630355 - Netscape and
iPlanet Enterprise Servers fail to sanitize log files before they are
displayed using the administration client.
-Original Message-
From: UNIRAS (UK Govt CERT)
Sent: 13 December 2002 10:19
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 444/02 - Microsoft - Flaw in Microsoft VM Could
Enable System Compromise
-BEGIN PGP SIGNED MESSAGE-
-
National Infrastructure Protection Center
NIPC Daily Open Source Report for 13 December 2002
Daily Overview
. Microsoft has released Security Bulletin MS02-069: Flaw in
Microsoft VM Could Enable System Compromise (Critical). (See item 15)
. Microsoft has released Security Bulletin
==
@@@ @@ @
@ @ @ @ @@ @ @ @ @ @@
@@@@ @ @ @ @@@ @@@ @
@ @ @ @ @
National Infrastructure Protection Center
NIPC Daily Open Source Report for 12 December 2002
Daily Overview
. The Wichita Business Journal reports SC Telecom is working on
fixing the remaining internal problems in its system after overseas
hackers (from Asia and the Middle East) broke
REVIEW: The Art of Deception, Kevin D. Mitnick/William L. Simon
BKARTDCP.RVW 20021028
The Art of Deception, Kevin D. Mitnick/William L. Simon, 2002,
0-471-23712-4, U$27.50/C$39.95/UK#19.95
%A Kevin D. Mitnick
%A William L. Simon
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON
National Infrastructure Protection Center
NIPC Daily Open Source Report for 9 Dec 2002
Daily Overview
. The National Infrastructure Protection Center has released
Information Bulletin 01-011: Software Firm Investigation Serves as a
General Information Security Reminder. (See item 2)
.
National Infrastructure Protection Center
NIPC Daily Open Source Report for 10 December 2002
Daily Overview
. CERT has released Vulnerability Note VU#961489 - University of
Washington IMAP Server vulnerable to buffer overflow after login. (See
item 15)
. CBS News reports United
-Original Message-
From: UNIRAS (UK Govt CERT)
Sent: 10 December 2002 15:47
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 440/02 -Advanced Fee Fraud (4-1-9)
-BEGIN PGP SIGNED MESSAGE-
-
--
http://www.nipc.gov/publications/infobulletins/2002/ib02-011.htm
National Infrastructure Protection Center
Software Firm Investigation Serves as a General Information Security
Reminder
Information Bulletin 02-011
December 6, 2002
NIPC Information Bulletins communicate issues that pertain
_
London, Monday, December 09, 2002
_
INFOCON News
Plans Being Made to Protect U.S. Information Infrastructure
(Communications industry preparing list of recommendations) (1140)
Representatives from the U.S. communications industry are pushing a
deadline to develop a list of recommendations to ensure the safety of
the nation's information and
_
London, Friday, December 06, 2002
_
INFOCON News
-Original Message-
Sent: 06 December 2002 20:41
Subject: NCIX WEB SITE UPDATE ADVISORY #24-2002
Dear Friends and Colleagues:
According to the Federal Bureau of Investigation (FBI), a loose network
of antiwar groups is planning a week of action against warmongering to
occur December 15
National Infrastructure Protection Center
NIPC Daily Open Source Report for 5 December 2002
Daily Overview
. CERT announces Vulnerability Note VU#140977: SSH Secure Shell
for Workstations contains a buffer overflow in URL handling feature that
may allow an attacker to execute arbitrary
_
London, Wednesday, December 04, 2002
_
INFOCON News
National Infrastructure Protection Center
NIPC Daily Open Source Report for 4 December 2002
Daily Overview
. The Washington Post reports the nature of identity theft has
changed and today is more likely to come from insiders going after a
massive amount of information rather than a thief
National Infrastructure Protection Center
NIPC Daily Open Source Report for 3 December 2002
Daily Overview
. CNN reports a statement attributed to al-Qaeda claimed
responsibility Monday for last week's terrorist attacks on Israeli
targets in Kenya. (See item 13)
. IDG.net reports
_
London, Monday, December 02, 2002
_
INFOCON News
National Infrastructure Protection Center
NIPC Daily Open Source Report for 2 December 2002
Daily Overview
. CNN reports the U.S. Transportation Security Administration has
warned airports to review their missile attack measures after Thursday's
attempt to shoot down a passenger plane in
National Infrastructure Protection Center
NIPC Daily Open Source Report for 29 November 2002
Daily Overview
The L.A. Times reports that a suicide car bombing at a resort
hotel in Msumarini, Kenya killed at least 16 people Thursday at the same
time that two missiles narrowly missed an
_
London, Wednesday, November 27, 2002
_
INFOCON News
(During the Kosovo campaign the Americans were very keen on German EW
Tornado aircrafts as they lacked EW equipment. According to GAO the US
military has still not beefed up their EW capabilities. The GAO report
is not bad, but it does not take into account other problems
(operational procedures,
CERT Summary CS-2002-04
November 26, 2002
Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
Summary to draw attention to the types of attacks reported to
our
incident response team, as well as other noteworthy incident
and
vulnerability information.
National Infrastructure Protection Center
NIPC Daily Open Source Report for 27 November 2002
Daily Overview
. Internet Security Systems has lowered its AlertCon Internet
threat indicator to Level 1, which warrants routine security. (See
Internet Alert Dashboard)
. CERT announces
Department of Defense Homeland Security
http://www.defenselink.mil/specials/homeland/
-Original Message-
From: DEFENSE PRESS SERVICE LIST On Behalf Of Press Service
Sent: 26 November 2002 22:18
To: [EMAIL PROTECTED]
Subject: New Security Department Reinforces NORTHCOM Mission
By Master
http://www.jmu.edu/computing/runsafe/
see also:
http://www.jmu.edu/computing/security/
R.U.N.S.A.F.E.
Did you know that with one wrong mouse click you could make it possible
for someone to read all your email, documents, or instant messages? That
they could also view your grades, online
(Due to a power outage there was no Infocon on Friday. WEN)
_
London, Monday, November 25, 2002
_
_
London, Wednesday, November 20, 2002
_
INFOCON News
-Original Message-
On Behalf Of EPIC News
Sent: 19 November 2002 23:54
To: [EMAIL PROTECTED]
Subject: EPIC Alert 9.23
==
@@@ @@ @
@ @ @ @ @
Why worry about computer security?
by Master Sgt. Keith Korzeniowski and Jack Worthy
45th Communications Squadron
11/20/2002 - PATRICK AIR FORCE BASE, Fla. (AFPN) -- Before going to bed
at night, do you leave your front door unlocked? When parking your car,
do you leave the keys in the ignition?
'... Intelligence officials have made enormous progress in combining
domestic and foreign intelligence-gathering capabilities. They're now
gathering more information and in the past couple of weeks, Ridge said,
they're reporting more chatter. ...'
(The Economist - 'The World In 2003' has a good
(The new bureaucratic monster is coming! I am looking forward to the
turf wars. WEN)
*
White House:
President Hails Passage of Homeland Security Department Legislation
Statement by the President
The United States Congress Has Taken An Historic and Bold Step forward
to protect the
_
London, Friday, November 15, 2002
_
INFOCON
-Original Message-
From: Opscen (OCIPEP / GEOCC) [mailto:Opscen;OCIPEP-BPIEPC.GC.CA]
Sent: 14 November 2002 00:57
To: OCIPEP EXTERNAL DISTRIBUTION LISTS
Subject: AV02-047 Trojan Horse: tcpdump and libpcap Distributions
Importance: High
THE OFFICE OF CRITICAL INFRASTRUCTURE PROTECTION
_
London, Thursday, November 07, 2002
_
INFOCON News
_
London, Tuesday, November 05, 2002
_
INFOCON News
_
London, Monday, November 04, 2002
_
INFOCON News
-Original Message-
From: UNIRAS (UK Govt CERT) [mailto:uniras;niscc.gov.uk]
Sent: 31 October 2002 14:28
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 383/02 - NISCC - Potential crafted packets
vulnerability in firewalls
-BEGIN PGP SIGNED MESSAGE-
-
_
London, Wednesday, October 30, 2002
_
INFOCON News
http://www.ocipep.gc.ca/DOB/DOB02-176_e.html
OCIPEP DAILY BRIEF Number: DOB02-176 Date: 30 October 2002
NEWS
New act to make Ontario's drinking water safe - Update
As reported in the OCIPEP Daily Brief DOB02-175 released 29 October
2002, the Safe Drinking Water Act was unveiled yesterday by
(It contains some interesting articles. I would recommend to have a look
at The Coming Revolution in Intelligence Analysis and the counterpoint
article In addition to that there is also an article about PsyOps during
WWII: The Information War in the Pacific, 1945. WEN)
_
London, Tuesday, October 29, 2002
_
INFOCON News
(This week's Economist has a special section on Information Security
which is well worth a read as it is well researched (in comparison to
the usual cybergeddon article).
P.S. I have been contacted by a Pentagon Reporter who is looking for a
PsyOps expert. He is 'writing a story about possible
OCIPEP DAILY BRIEF Number: DOB02-175 Date: 29 October 2002
http://www.ocipep.gc.ca/DOB/DOB02-175_e.html
NEWS
New act to make Ontario's drinking water safe
New legislation aimed at ensuring Ontario has cleaner, safer drinking
water will be unveiled by Ontario Premier Ernie Eves today. The
(Interesting speech by the secretary of the USAF. It looks at how the
USAF is changing and stresses the importance of Space Dominance'. WEN)
'... While the war on terror presents unprecedented challenges, the
future has never been brighter for airmen. We are entering a new age of
air and space
OCIPEP DAILY BRIEF Number: DOB02-174 Date: 28 October 2002
http://www.ocipep.gc.ca/DOB/DOB02-174_e.html
NEWS
OCIPEP issues Advisory AV02-046
On 25 October 2002, OCIPEP issued Advisory AV02-046, subsequent to
CERT/CC's report of a new remote buffer overflow in the Kerboros
Administration
-Original Message-
From: [EMAIL PROTECTED]
[mailto:epic_news-admin;mailman.epic.org] On Behalf Of EPIC News
Sent: 24 October 2002 22:15
To: [EMAIL PROTECTED]
Subject: EPIC Alert 9.20
==
@@@
A Year after 9/11, America Still Unprepared for a Terrorist Attack,
Warns New Hart-Rudman Task Force on Homeland Security .
Executive summary:
http://www.cfr.org/publication.php?id=5100.xml
Full text:
http://www.cfr.org/publication.php?id=5099
http://www.cfr.org/pdf/Homeland_Security_TF.pdf
_
London, Wednesday, October 23, 2002
_
INFOCON News
_
London, Tuesday, October 22, 2002
_
INFOCON News
/74120.html
[2] www.formatex.org/isbook/callforpaper.htm
-Original Message-
From: ISBOOK 2002 [mailto:isbook2002;formatex.org]
Sent: 17 October 2002 18:22
To: Wanja Eric Naef [IWS]
Subject: reminder chapters submission
Dear
OCIPEP DAILY BRIEF Number: DOB02-168 Date: 18 October 2002
http://www.ocipep.gc.ca/DOB/DOB02-168_e.html
NEWS
OCIPEP issues Incident Analysis
OCIPEP issued Incident Analysis IA02-001, on 17 October 2002, of the
lessons learned following the 11 September 2001 terrorist attacks in New
York and
_
London, Thursday, October 17, 2002
_
INFOCON News
http://www.ocipep.gc.ca/DOB/DOB02-167_e.html
OCIPEP DAILY BRIEF Number: DOB02-167 Date: 17 October 2002
NEWS
Canada's environment threatened by U.S. greenhouse emissions
A report entitled America's Gas Tank, the high cost of Canada's oil and
gas export strategy, jointly issued by the Natural
-Original Message-
From: Bruce Schneier [mailto:[EMAIL PROTECTED]]
Sent: 15 October 2002 23:50
To: [EMAIL PROTECTED]
Subject: CRYPTO-GRAM, October 15, 2002
CRYPTO-GRAM
October 15, 2002
by Bruce Schneier
Founder and CTO
_
London, Tuesday, October 15, 2002
_
INFOCON News
-Original Message-
From: UNIRAS (UK Govt CERT
Sent: 07 October 2002 14:29
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 330/02 - Microsoft - Vulnerabilities in File
Decompression Functions, Windows Help Facility, Unix 3.0 Interix SDK +
Patch for SQL Server
-BEGIN PGP SIGNED
_
London, Friday, October 04, 2002
_
INFOCON News
The latest netsec-letter contains some interesting comments regarding
'The National Strategy to Secure Cyberspace'
Good mailing list.
To subscribe, send a blank e-mail to:
[EMAIL PROTECTED]
WEN
-Original Message-
From: Fred Avolio
Sent: 04 October 2002 17:43
To: [EMAIL PROTECTED]
_
London, Thursday, October 15, 2002
_
INFOCON News
(Interesting report about a part of the critical infrastructure which is
not mentioned very often. WEN)
Key sentence for CIP planner:
...In addition, we are recommending that commercial satellites be
identified as a critical infrastructure sector (or as part of an already
identified critical
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Patrick O'Reilly
Sent: 03 October 2002 18:12
To: Multiple recipients of list
Subject: Announcing 2 NEW Computer Security Special Publications -- NIST
The National Institute of Standards and Technology (NIST) is releasing
new
DAILY BRIEF Number: DOB02-158 Date: 03 October 2002
http://www.ocipep.gc.ca/DOB/DOB02-158_e.html
NEWS
Kyoto and Beyond
A report prepared for The David Suzuki Foundation and the Canadian
Climate Action Network (CANet) entitled Kyoto and Beyond: The Low
Emission Path to Innovation and
... Here, today, you begin to effect a real transformation-a
transformation that will improve our command and control, our
intelligence and our planning-in short, a fundamental step forward to
better meet the security environment that will define the 21st Century.
...
--- NATIONAL INFRASTRUCTURE PROTECTION CENTER
W32.Bugbear@mm or I-Worm.Tanatos
NIPC ADVISORY 02-008
October 3, 2002
The National Infrastructure Protection Center (NIPC) is issuing this
advisory to heighten the awareness of an e-mail-borne worm known as
W32.Bugbear or I-Worm.Tanatos. This
Homeland Security: Information Sharing Activities Face Continued
Management Challenges, statement for the record by David M. Walker,
comptroller general of the United States, before a joint hearing of the
Senate Select Committee on Intelligence and the House Permanent Select
Committee on
Dear All,
Even though the unsubscribe instructions are included in the
daily newsletter, some people still do not know how to do it.
Below please find the instructions on how to unsubscribe:
***
To unsubscribe - send an email to [EMAIL
[Today's issue is delayed as I was attending an IO/IA workshop
in London. There will be no Infocon News till maybe Thursday/Friday
as London is under a massive 'infrastructure attack' per 20.00
tonight (not by any Al Qaeda terrorists or any cyberterrorists,
but by striking tube (underground)
DAILY BRIEF Number: DOB02-151 Date: 24 September 2002
http://www.ocipep.gc.ca/DOB/DOB02-151_e.html
NEWS
Derailed CN train spills fuel in Quebec
A Canadian National (CN) train, en route from Toronto to Senneterre, derailed in
the Mauricie Region of Quebec on Sunday night. Diesel fuel spilled
_
London, Thursday, September 19, 2002
_
INFOCON News
OCIPEP DAILY BRIEF Number: DOB02-148 Date: 19 September 2002
http://www.ocipep.gc.ca/DOB/DOB02-148_e.html
NEWS
U.S. National Strategy to Secure Cyberspace - Links Update
Details of the draft strategy were first reported yesterday in DOB02-146. The
OCIPEP Information Note regarding the draft
Release of U.S. National Strategy to Secure Cyberspace
Introduction
Today, President George Bush's Administration released a draft version of the
National Strategy to Secure Cyberspace. The last U.S. Cyberspace Strategy was
released by the Clinton Administration in 2000. The new strategy
09 September 2002
Survey Shows Progress in Upgrading Information System Security
(Thirty percent of organizations may be unprepared to withstand
cyberattack) (730)
Increasing numbers of corporations are improving their security
measures to withstand a terrorist attack on their information
_
London, Wednesday, September 11, 2002
_
INFOCON News
http://www.ocipep.gc.ca/DOB/DOB02-142_e.html
DAILY BRIEF Number: DOB02-142 Date: 11 September 2002
NEWS
U.S. raises colour-coded level one notch
On the eve of the anniversary of September 11, Attorney General John Ashcroft
reported in a televised news conference that the U.S. government
We're forward thinking and forward looking. We're trying to harness the power
of information and information sphere technologies to better prepare the U.S.
Joint Forces for war about five years from now, he said. During Spiral 3, held
the first two weeks in June, military members from all
-Original Message-
From: Opscen (OCIPEP / GEOCC)
Sent: 30 July 2002 18:22
To: OCIPEP EXTERNAL DISTRIBUTION LISTS
Subject: OCIPEP AV02-038 - OpenSSL
La version française suit
THE OFFICE OF CRITICAL INFRASTRUCTURE PROTECTION AND EMERGENCY PREPAREDNESS
*
ADVISORY
1 - 100 of 131 matches
Mail list logo
