National Infrastructure Protection Center NIPC Daily Open Source Report for 20 December 2002
Daily Overview . CERT has released Advisory CA-2002-3: "Buffer Overflow in Microsoft Windows Shell." (See item 20) . Foundstone reports a buffer overflow exists in Microsoft Internet Explorer's automatic reading of MP3 or WMA file attributes in Windows XP which if placed in an accessed folder would compromise the system and allow for remote code execution. (See item 21) . The Associated Press reports Virginia State Police are investigating a report of suspicious behavior by a group of people aboard a state-operated car ferry near a nuclear-power plant in Surry County. (See item 4) . The Associated Press reports Venezuela's Supreme Court has ordered a temporary halt to an oil industry strike while it considers the legality of the work stoppage, which entered its 18th day Thursday. (See item 10) NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking & Finance Transportation Gas & Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. December 17, Albuquerque Journal - Energy rule may raise rates. State regulators to vote on policy that pushes utilities to use renewable resources. New Mexico regulators are expected to approve a sweeping new energy rule today that will force the state's four major public utilities to invest hundreds of millions of dollars in alternative power sources. The rule almost two years in the making will order utilities to derive at least 10 percent of their energy from wind, geothermal, biomass, hydro or solar sources by 2011. Biomass is the burning of waste, such as materials from forest thinning. A dozen other states have approved such a mandate. Public Regulation Commission members say the rule is one of their most important decisions in recent years. Proponents including environmentalists and many ranchers say it will help reduce dependence on natural gas and coal-fired plants and will stimulate economic development in rural areas. But utilities say it will increase rates. The rule will allow utilities to recoup costs through green tariffs charging the customers who choose alternative energy more to buy it. Utilities say this will recover only a fraction of the investment costs and ratepayers will shoulder the bulk of the extra costs. The four utilities Public Service Company of New Mexico, El Paso Electric, Texas New Mexico Power and Xcel Energy favor a voluntary program over a mandatory one. But the PRC has made it clear it wants a mandatory program. Source: http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3527196 2. December 18, Reuters - FERC clears two banks to trade power. The Federal Energy Regulatory Commission on Wednesday cleared away a final obstacle for two banks to trade wholesale electricity in the battered U.S. power market. FERC commissioners voted to allow Bank of America Corp. and Switzerland's UBS AG to continue acquiring securities of U.S. publicly-traded utilities as part of their investment banking businesses. Both companies had sought assurances from FERC that they could carry on their investment banking activities while separate units traded wholesale power. The FERC order limits the banks to holding 1 percent or less of a public utility's voting class stock, and requires them to make quarterly reports to the agency. Source: http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3527156 3. December 18, Reuters - U.S. power supply adequate in 2003 despite cutbacks. U.S. electricity supply is more than adequate for next year despite a growing number of cancellations or delays of new power plants, industry experts say. Power companies -- including Duke Energy Corp. and NRG Energy Inc., a unit of utility Xcel Energy Inc. -- have already canceled or delayed construction of 164,000 megawatts of power generation capacity this year, more than double the year before, according to energy information provider Platts, a division of McGraw-Hill Cos. The cutbacks are the result of low electric wholesale prices and a credit crunch that has forced companies to slash capital spending, sell assets and restructure debt. Next year is likely to bring closings of older, inefficient plants and industry consolidation as weaker, unregulated energy companies are bought by stronger ones, experts said in recent interviews. "In the near term, capacity is more than adequate nationwide," said Steve Piper, senior consultant at Platts. The oversupply stems from a building splurge in the late 1990s when companies that sell power plunged into new deregulated markets, Piper said. Source: http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3527161 Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector 4. December 19, Associated Press - 12 linked to Iraq money-laundering plan. A federal grand jury indicted 12 people on money-laundering charges for allegedly helping to funnel more than $12 million to Iraq in violation of sanctions imposed during the first Bush administration. The indictment, unsealed Thursday, alleges that between April 2000 and January 2002, a ring of people throughout the United States collected money and sent it to a company called Alshafei Family Connect, based in the Seattle suburb Edmonds. The company, owned and operated by Hussein Alshafei, an Iraqi native and naturalized U.S. citizen, then shipped the money to London and other overseas cities and eventually to Iraq, the indictment alleges. The indictment includes one count of conspiracy to launder money and 34 counts of money laundering. It charges people in Dallas, Phoenix, St. Louis, Nashville, Tenn., Roanoke, Va., London, Jordan, the United Arab Emirates and Iraq. Source: http://story.news.yahoo.com/news?tmpl=story&u=/ap/20021219/ap_on_re_us/i raq_money_laundering_2 [return to top] Transportation Sector 5. December 19, Associated Press - Ferry incident deemed suspicious. Virginia State Police are investigating a report of suspicious behavior by a group of people aboard a state-operated car ferry near a nuclear-power plant in Surry County. The Virginia Department of Transportation, which operates the ferry, reported the incident to state police, said Erin Gregg, a VDOT spokeswoman. "There was an incident on Sunday in which people were asking questions that our crews deemed most unusual," Gregg said Wednesday. She declined to provide any details. The Smithfield Times reported Wednesday that four people traveling Sunday on the ferry that crosses the James River from Jamestown to Scotland appeared to be measuring the boat and asked crew members about procedures that would be followed in a hijacking. The newspaper, citing police reports, said two members of the group also asked crew members about the depth of the water at the power plant - which is a few miles downriver from the ferry landing at Scotland - and the size of the security force there. Source: http://www.timesdispatch.com/news/more/MGBEOD44W9D.html 6. December 19, Transportation Security Administration - TSA updates new guidelines for passengers checking baggage. On Thursday, Under Secretary of Transportation for Security Adm. James M. Loy updated Transportation Security Administration (TSA) guidelines for checking baggage, saying they are important to having secure and enjoyable holiday air travel. Adm. Loy also urged passengers to leave their checked bags unlocked, which will avoid the potential need to forcibly open bags that require physical inspection. Adm. Loy asked passengers not to pack food or beverages in checked bags and to pack footwear on top of other contents. Passengers also were warned against putting film in checked bags, because screening equipment will damage it, and to leave gifts unwrapped should screening require them to be opened. Put scissors, pocket knives and other sharp items in checked bags; never carried on. The TSA has developed bag search plans with each of the nation's airports. Besides the large EDS machines, screening will be done using congressionally approved methods including explosives trace detector machines, explosives-sniffing dogs, passenger-bag matching and hand searches. Source: http://www.dot.gov/affairs/tsa14302.htm 7. December 19, Associated Press - Security cuts tourism in U.S. Travel executives say the nation's $91 billion foreign tourism industry is in peril because of a growing perception overseas that the United States has become overly security conscious. In the year after the terrorist attacks in New York and Washington, 66 million fewer visitors tried to enter the United States, according to Immigration and Naturalization Service figures. And those who did try were sent back home at a higher rate than the year before. Travel industry executives complain that the post-Sept. 11 security crackdown at airports - especially some widely publicized incidents in which visitors were searched, interrogated, and put on a plane back home - has discouraged tourism. INS officials recognize the concerns, but say their first priority is to secure all borders. Source: http://www.boston.com/dailyglobe2/353/nation/Security_cuts_tourism_in_US +.shtml 8. December 19, CNN - United Kingdom approves armed air marshals. The British government has given the go-ahead for armed air marshals on British passenger planes. The announcement came a day after a senior UK government official warned there was a "high probability" that international terrorists would sooner or later launch an attack on the UK - with aviation the most likely target. Transport Secretary Alistair Darling said on Thursday the capability now existed "to place covert, specially-trained armed police officers aboard UK civil aircraft." The Department for Transport, which is responsible for overseeing the national aviation program, would not say what flights the marshals would operate on or what arms they would carry. Source: http://www.cnn.com/2002/WORLD/europe/12/19/air.marshalls/index.html 9. December 18, USA Today - Air marshals charge new policies could endanger passengers. Confidential documents obtained by USA Today and interviews with nearly three dozen former air marshals from 11 regional offices raise questions about whether program officials may be compromising security as they try to put marshals aboard as many flights as possible. Despite policies that require at least two marshals on each assigned flight, marshals in the New York field office were told they would have to fly alone if their partners call in sick, documents show. Aviation security analysts contend putting lone marshals on flights might enable a group of unarmed hijackers to take a gun from a marshal, a possibility that would leave passengers more vulnerable than if no marshal were aboard. In addition, marshals must accept any seat an airline offers, "even if your assigned seat is not 'tactically' sound," a memo sent Nov. 22 by managers to marshals in New York says. Such a policy contradicts the program's standard operating procedures. Those rules call for marshals to have unobstructed access to the jet's aisle and, preferably, to sit near the cockpit to protect it from hijackers. Even if they believe their cover has been blown before a flight, marshals in the Atlanta field office have been told they must continue with their missions. Marshals say that could leave them - and passengers - vulnerable to attack because an unarmed terrorist might then be able to gain access to a weapon. Source: http://www.usatoday.com/news/nation/2002-12-18-air-marshal-cover_x.htm [return to top] Gas and Oil Sector 10. December 19, Associated Press - Court orders halt to Venezuela oil strike. Venezuela's Supreme Court ordered a temporary halt to an oil industry strike while it considers the legality of the work stoppage, which entered its 18th day Thursday. The Supreme Court said it was considering a motion filed by an executive with the state-owned oil monopoly asking the justices to declare the strike illegal. The court said it will hear arguments on the motion within four days. In the meantime, it ordered striking oil employees and executives to resume work. There was no immediate reaction from dissident executives at the oil company, which employs 40,000 people. But a spokesman for striking workers, Alfredo Gomez, told Dow Jones Newswires they will ignore the court order. Source: http://story.news.yahoo.com/news?tmpl=story&u=/ap/20021219/ap_on_re_la_a m_ca/venezuela_strike_184 11. December 18, Business Wire - FERC Grants Dynegy Preliminary Approval for Hackberry LNG Terminal. The Federal Energy Regulatory Commission (FERC) made a preliminary determination, approving Hackberry LNG Terminal LLC's certificate application for its proposed Hackberry, La. Liquefied Natural Gas (LNG) Terminal/Gasification project. Dynegy announced plans to construct the Hackberry Terminal in July 2001. The planned facility will be located on the company's existing liquefied petroleum gas (LPG) terminal in Hackberry, La. and will be capable of receiving and processing 1.5 billion cubic feet per day (Bcf/day). Source: http://www.chron.com/cs/CDA/printstory.hts/prn/energy/1707804 12. December 18, PRNewswire - CMS Trunkline LNG Company Receives Federal Approval to expand LNG terminal. CMS Energy Corporation's liquefied natural gas (LNG) unit received approval today from the Federal Energy Regulatory Commission (FERC) to expand its Lake Charles, LA, LNG terminal, the largest operating LNG terminal in the country. CMS Trunkline LNG Company plans to expand the facility to approximately to approximately 1.2 billion cubic feet per day of send out capacity, up from its current send out capacity of 630 million cubic feet per day. The company also plans to expand the terminal's storage capacity to 9 billion cubic feet from its current storage capacity of 6.3 billion cubic feet. This expansion is supported by a long-term contract with BG LNG Services, Inc., a subsidiary of BG Group of the United Kingdom. Source: http://www.chron.com/cs/CDA/printstory.hts/prn/texas/1708274 [return to top] Telecommunications Sector Nothing to report. [return to top] Food Sector 13. December 19, Grand Island Independent (Nebraska) - Nebraska prepared for bioterrorism. Preparations to protect Nebraska's $9 billion annual agricultural industry from bioterrorist attacks and the introduction of foreign animal diseases were well in place before President Bush signed the Homeland Security Act last month, Lt. Gov. Dave Heineman said. Prior to the terrorist attacks on Sept. 11, 2001, Heineman said, Nebraska had already begun to develop a comprehensive response plan. The goal was to protect the state's livestock industry from potential outbreaks of foreign animal diseases, such as mad-cow disease or foot-and-mouth disease. Greg Ibach, deputy director of the Nebraska Department of Agriculture and coordinator of that department's responsibility in homeland security, said the state has developed a contagious animal disease health plan. After 9-11, Ibach said, the state continued to fine-tune its response in case of a bioterrorist attack or the outbreak of a foreign animal disease by further defining the chain of command. Source: http://www.theindependent.com/stories/121902/new_bioterror19.shtml 14. December 19, AgWeb News - California declares state of emergency in Mexican fruit fly infestation. Governor Gray Davis has declared a state of emergency in the fight against a Mexican fruit fly infestation in San Diego, CA. The current area of infestation in Northern San Diego County grows an estimated $75 million worth of crops annually. Left unchecked, the Mexican fruit fly could infest the entire state of California. The estimated impact to the state economy for such an infestation would range from $750 million to $2 billion annually, including the loss of jobs in both rural and urban communities and lost trading opportunities. The emergency declaration will enable state agencies to pool resources and work cooperatively with the California Department of Food and Agriculture (CDFA) in addressing the response to the infestation. Source: http://www.agweb.com/news_show_news_article.asp?file=AgNewsArticle_20021 219110_5311&articleid=93868&newscat=GN [return to top] Water Sector Nothing to report. [return to top] Chemical Sector 15. December 19, U.S. Chemical Safety and Hazard Investigation Board - Powerful explosion kills 4 in Pakistan. A powerful explosion ripped through a chemical storage warehouse in the southern port city of Karachi on Thursday killing four people, police said. It was not clear what caused the explosion. The dead all worked or lived in the single-story building, which was used both as a residence and as a storage area rented out by a pharmaceutical company, said police spokesman Javed Baluch. One of the victims was a woman, he said. Firefighters used front-end loaders and drills to dig through the debris to unearth the bodies. The surrounding Korangi neighborhood, located in the east of the city, was cordoned off during the excavation, but no evacuation was ordered. A strong, pungent odor hung over the area, but firefighter Israr Ahmad said it was still not known what kind of chemical was being stored in the warehouse. Police said they were questioning some of the employees of the pharmaceutical firm to find out. Source: http://www.chemsafety.gov/circ/post.cfm?incident_id=6233 [return to top] Emergency Law Enforcement Sector 16. December 19, Reuters - EU, U.S. to swap details on crime, terror suspects. European Union justice ministers endorsed on Thursday a landmark deal which will allow the EU's law enforcement agency Europol and U.S. agencies to swap personal details on crime and terrorist suspects. A majority of ministers also approved the results of talks with the United States on extradition and cooperation in crime and terror probes, but Germany could not accept draft agreements proposed by EU president Denmark, diplomats said. The proposed extradition accord, part of the bloc's pledge to support Washington's fight against terrorism, had raised concerns in Europe over the U.S. use of the death penalty and possible military tribunals to try terrorist suspects. But diplomats said talks between senior U.S. officials and Denmark on extradition and mutual legal assistance deals had the safeguards needed on capital punishment and human rights. Source: http://story.news.yahoo.com/news?tmpl=story&u=/nm/20021219/pl_nm/crime_e u_usa_dc_5 17. December 19, Associated Press - FBI tests suspicious letter to senator. The contents of a suspicious envelope that arrived at Sen. Jeff Bingaman's office in Albuquerque has been sent to the state crime lab for testing. The Democratic senator's staff called the FBI after opening the envelope Monday and discovering a wrapped package that contained a powdery substance, said FBI supervisory agent Doug Beldon. "The responding agents ran a preliminary field test on the substance which indicated a very small possibility that the substance could be botox, which might contain botulism," Beldon said. Beldon said additional testing indicated the substance was not botox, but as a precaution, the FBI sent the envelope and its contents to the state crime lab for more testing. Beldon expected the results Friday. Source: http://www.washingtonpost.com/wp-dyn/articles/A11337-2002Dec19.html [return to top] Government Operations Sector 18. December 19, New York Times - U.S. drops Armenian men from list of visitors who must register. Reversing course, the Department of Justice has dropped Armenia from the list of countries whose adult male citizens living temporarily in the United States must register with immigration authorities. The turnabout, on Tuesday, followed loud complaints from the government of Armenia and Armenian groups in the United States over a notice, published by the department in the Federal Register last Friday, that added Armenia, Pakistan and Saudi Arabia to 18 countries already listed in the so-called special registration program. Source: http://www.nytimes.com/2002/12/19/national/19VISA.html [return to top] Information Technology Sector 19. December 18, CNET News - Web services specifications focus on security. A group of companies published a series of specifications designed to make Web services more secure. The proposed specifications describe how companies can establish policies on exchanging information among trading partners and how to make disparate security systems interoperate. IBM and Microsoft co-authored the specifications with input from a limited number of companies, including BEA Systems, RSA Security and VeriSign. The most notable proposal, WS-Security, is a technology that allows businesses to send messages that have a digital signature to ensure that a document has not been altered during its transmission. WS-Trust is a proposed standard method for establishing secure communications between companies, including interactions that involve third-party certification authorities. Two related standards, WS-SecureConversations and WS-SecurityPolicy, will make it easier to maintain security during multistep transactions such as building and submitting an electronic purchase order, the companies said. The second group of proposed specifications, which includes WS-Policy, WS-PolicyAttachments and WS-PolicyAssertions, are designed to provide mechanisms that let businesses describe their security requirements in connection with Web services applications, including how to work with third-party authenticating services. Source. http://news.com.com/2100-1001-978314.html?part=dht&tag=ntop [return to top] Cyber Threats and Vulnerabilities 20. December 19, CERT/CC - CERT Advisory CA-2002-37: Buffer Overflow in Microsoft Windows Shell. A buffer overflow vulnerability exists in the Microsoft Windows Shell function used to extract attribute information from audio files. This function is invoked automatically when a user browses to a folder containing .MP3 or .WMA files. An attacker can exploit this vulnerability by enticing a victim to read a malicious email message, visit a malicious web page, or browse to a folder containing a malicious .MP3 or .WMA file. Therefore, an attacker can either execute arbitrary code (which would run with the privileges of the victim) or crash the Windows Shell. Source: http://www.cert.org/advisories/CA-2002-37.html 21. December 18, Foundstone - Exploitable Windows XP Media Files. A buffer overflow exists in Microsoft Internet Explorer's automatic reading of MP3 or WMA (Windows Media Audio) file attributes in Windows XP. An attacker could create a malicious MP3 or WMA file, which if placed in an accessed folder on a Windows XP system, would compromise the system and allow for remote code execution. The MP3 does not need to be played, it simply needs to be stored in a folder that is browsed to, such as an MP3 download folder, the desktop, or a NetBIOS share. This vulnerability is also exploitable via Internet Explorer by loading a malicious web site. Microsoft's WMA files also suffer from a similar vulnerability. A Windows XP user visiting the site using Internet Explorer would be remotely compromised without any warning or download of files regardless of Internet Explorer security settings. Microsoft has issued Security Bulletin MS02-072 with a critical severity rating for this vulnerability. A patch is available at: http://www.microsoft.com/technet/security/bulletin/MS02-072.asp. Source. http://www.foundstone.com/knowledge/randd-advisories-display.html?id=339 Internet Alert Dashboard Current Alert Levels Internet Security Systems AlertCon: 1 out of 4 https://gtoc.iss.net/ Security Focus ThreatCon: 1 out of 4 http://analyzer.securityfocus.com Last Changed: 26 November 2002 Last Changed: 17 December 2002 Current Virus and Port Attacks Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 1433(ms-sql-s); 53(domain); 445(microsoft-ds); 443(https); 3389(ms-term-serv); 4662; 25(smtp); 21(ftp) Source: http://isc.incidents.org/top10.html; Internet Storm Center [return to top] General Information 22. December 19, La Crosse Tribune (Wisconsin) - Bass virus found in more pools. Largemouth bass virus is moving down river. Fisheries workers conducting routine fall surveys discovered a number of largemouth bass with open wounds at over-wintering areas in Pools 10 and 11 on the Mississippi River. Overall, 22 percent of bass collected had skin lesions, but infection rate was as high as 38 percent at some locations. Several diseased fish were sent to the U.S. Fish and Wildlife Service La Crosse Fish Health Center in Onalaska, WI. The virus was first identified in 1995 at a reservoir in South Carolina in which a large number of fish had died. Biologists linked the fish kill to largemouth bass virus and have since located the virus in 17 states. Source: http://www.lacrossetribune.com/articles/2002/12/19/outdoors/03bass.txt 23. December 19, New York Times - NY State plans to alert doctors in case of terror attacks. New York State plans to create the first statewide alert system intended to inform every practicing physician in the state of suspected biological and chemical terrorist attacks and other public health emergencies, the state health commissioner is to announce today. The new system, known as the New York State Physicians Intranet, will use e-mail and a Web site to inform doctors across the state of possible terrorist attacks within minutes of an event being reported to the State Health Department. It will also provide information on how to deal with medical emergencies like an infectious disease outbreak or a chemical attack, said Gerald Imber of World Medical Leaders, the company that will run the alert system. Source: http://www.nytimes.com/2002/12/19/nyregion/19MEDI.html?tntemail1 24. December 19, Associated Press - Pakistani police arrest nine suspected al-Qaeda operatives. Police arrested nine suspected al-Qaeda operatives including two Americans and a Canadian in a joint raid with FBI agents in Lahore on Thursday. Relatives said FBI officials searched the home for at least two hours and seized four computers and CDs. "We got information about these people, and today the police went there and made these arrests. We can say they are suspected al-Qaeda," Pakistan's information minister, Sheikh Rashid Ahmed, told The Associated Press in a telephone interview. Rashid said some of the nine men arrested are suspected of possibly having smuggled weapons to be used in terrorist attacks. Those arrested were Dr. Javed Ahmad, his two sons, two brothers, three nephews and one uncle. Two of the men were naturalized Americans and one a naturalized Canadian, but there was no immediate information on their names or hometowns. Source: http://www.usatoday.com/news/world/2002-12-19-pakistan-arrests_x.htm 25. December 19, New York Times - British antiterror squads arrest seven men suspected of having ties to al-Qaeda. Antiterror police squads arrested seven men in early wednesday morning raids on houses in London and Edinburgh today. Police officials said the men were being held for questioning at an undisclosed place in Scotland under the Terrorism Act of 2000, a law that permits the detention of suspects in terror plots. The men were described as being in their early 30's and of North African origin. The BBC, citing security sources, said that the men were accused of involvement in fund-raising and logistical support, and that they were believed to be loosely connected to a network associated with al-Qaeda. Source: http://www.nytimes.com/2002/12/19/international/europe/19BRIT.html 26. December 18, Reuters - Birds may spread ebola virus. Birds may be able to carry and spread the Ebola virus U.S. researchers said on Tuesday. Researchers said Ebola, which has killed several hundred people in Congo Republic, the neighboring Democratic Republic of Congo, and Gabon since it was first identified in 1976, resembled some bird viruses. David Sanders and colleagues at Indiana's Purdue University found that the outer protein shell of Ebola is similar to those of several viruses carried by birds. "We knew these viruses were inwardly similar, and now we see their outer similarity as well," Sanders, a biologist, said in a statement. "While bird transmission of Ebola is by no means certain, the resemblance among all these viruses should encourage health officials to be on guard for it" said Sanders. Source: http://reuters.com/newsArticle.jhtml?type=healthNews&storyID=1928483 [return to top] NIPC Products & Contact Information The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC provides timely warnings of international threats, comprehensive analysis and law enforcement investigation and response. The NIPC provides a range of bulletins and advisories of interest to information system security and professionals and those involved in protecting public and private infrastructures. By visiting the NIPC web-site (http://www.nipc.gov), one can quickly access any of the following NIPC products: 2002 NIPC Advisories - Advisories address significant threat or incident information that suggests a change in readiness posture, protective options and/or response. 2002 NIPC Alerts - Alerts address major threat or incident information addressing imminent or in-progress attacks targeting specific national networks or critical infrastructures. 2002 NIPC Information Bulletins - Information Bulletins communicate issues that pertain to the critical national infrastructure and are for informational purposes only. 2002 NIPC CyberNotes - CyberNotes is published to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices. 2002 NIPC Highlights - The NIPC Highlights are published on a monthly basis to inform policy and/or decision makers of current events, incidents, developments, and trends related to Critical Infrastructure Protection (CIP). Highlights seeks to provide policy and/or decision makers with value-added insight by synthesizing all source information to provide the most detailed, accurate, and timely reporting on potentially actionable CIP matters. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk