http://www.ocipep.gc.ca/DOB/DOB02-142_e.html
DAILY BRIEF Number: DOB02-142 Date: 11 September 2002 NEWS U.S. raises colour-coded level one notch On the eve of the anniversary of September 11, Attorney General John Ashcroft reported in a televised news conference that the U.S. government elevated the colour-coded terrorist alert to orange, which translates to a "high" level of alert. This is the first time the level has been changed since the implementation of the colour-coded alert system came into effect last March. The move was made after U.S. intelligence agencies uncovered the specific threats against its interests abroad and less credible information concerning potential terrorist attacks on American soil. The information also came from a senior al-Qaeda member who is being held by another government. In Canada, the RCMP is urging Canadians to remain vigilant on September 11; even though they claim that there is no cause for alarm since no threats to Canadian interests have been reported. A DND spokesperson stated that "personnel of the Canadian Forces are always ready to respond to any threat to the nation's security either at home or abroad." (Sources: canada.com, cbc.ca, 10-11 September 2002) Click here for the source article - 1 Click here for the source article - 2 Comment: The change in threat level was the subject of a press conference given by the U.S. Director of Homeland Security and the Attorney General, which can be viewed at: http://www.whitehouse.gov/news/releases/2002/09/20020910-5.html The U.S. National Infrastructure Protection Center issued an advisory pertaining to possible threats to U.S. interests, which can be viewed at: http://www.nipc.gov/warnings/advisories/2002/02-007.htm Ontario seeks volunteers for emergency response teams Minister of Public Safety and Security Bob Runciman announced that the Province of Ontario plans to spend $1 million a year to recruit and train volunteers in community emergency response. Mr. Runciman stated that "we are working with the municipalities to develop a made in Ontario community volunteer emergency response that will be a vital component of the province's overall emergency and disaster management strategy." The new venture, called "Community Emergency Response Volunteers," will recruit teams of volunteers from various neighbourhoods, including retired police officers and firefighters, paramedics and possibly senior citizens. Emergency Measures Ontario will be funding the program for the first year and will be responsible for training volunteers in the areas of basic medical skills, search and rescue, and disaster response. The provincial government will be contributing 50 percent of the funding in the following years. (Source, globeandmail.ca, 10 September 2002) Click here for the source article Comment: The press release, issued by the Minister of Public Safety and Security's office, pertaining to the establishment of the Community Emergency Response Volunteers can be viewed at: http://www.newswire.ca/government/ontario/english/releases/September2002/10/c974 9.html Transportation Minister deems Canadian ports secure Transportation Minister David Collenette sought to address concerns raised by police, intelligence and customs officials that Canadian ports have been infiltrated by organized crime, creating opportunities for terrorism. The Minister contends that although security at Canadian ports is not perfect, it has been enhanced since 11 September 2001. (Source: canada.com, 10 September 2002) Click here for the source article Comment: The OCIPEP Daily Brief DOB02-131, issued on 26 August 2002, noted that Transport Canada has ordered a detailed study of threats to Canada's marine infrastructure following reports released by the Criminal Intelligence Service Canada (CISC) and the Senate Standing Committee on National Security and Defence that highlight the presence of organized crime in Canadian ports. IN BRIEF Oil slick off the coast of Newfoundland Federal environment officials have charged the captain of a Bahamian-registered bulk carrier vessel with the illegal dumping of oil. The captain of the "TEMCAP SEA" made a brief court appearance in St.John's yesterday and was released on a $50,000 bail. Officials from Environment Canada stated that more charges were pending. The investigation was triggered after a satellite spotted the 116-kilometre-long and 200-metre-wide slick south of the Burin Peninsula. (Source: cbc.ca, 10 September, 2002) Click here for the source article Tests confirm second human in Canada infected with West Nile virus Tests have confirmed that a man from the Windsor area has been infected with the West Nile virus, bringing the total of humans in Canada infected with the mosquito-borne virus to two. (Source: ctv.ca, 10 September 2002) Click here for the source article Comment: OCIPEP Operations is monitoring the situation with respect to the West Nile virus. For more information, please consult the OCIPEP web site at: http://www.ocipep.gc.ca/otherlinks/hlinx_e.html Airline passengers coming to Canada will be screened On October 8, the Canada Customs and Revenue Agency (CCRA) is scheduled to begin a new program designed to identify any passengers of interest or suspected terrorists to law agencies such as CCRA , RCMP, Immigration and U.S. agencies. (Source: canoe.com, 11 September 2002) Click here for the source article Canadian airports lack security A CBC News article states that Canadian airport screening needs improvement and new equipment. (Source: cbc.ca, 10 September 2002) Click here for the source article Transportation system in B.C. needs help A survey released Tuesday by the Council of Tourism Association claims that the British Columbia transportation sector is in significant need of repair. (Source: globeandmail.ca , 10 September 2002) Click here for the source article U.S. Emergency Alert System could easily be taken over Some security experts claim that the U.S. Emergency Alert System is vulnerable and could easily be taken over by hackers and persons with limited technological knowledge to spread messages. (Source: theregister.com, 10 September 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Central Command reports on TR/EvilDX, which is a Trojan horse that allows a hacker to gain control of the compromised computer. If executed, the Trojan copies itself to C:\autoexec.bat and in the C:\windows\system32\directx directory under the filename "dxdiag.exe". http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.php?p_ refno=020910-000005 McAfee Security reports on W32/Flatei.5129, which is a virus that makes use of Microsoft's .NET architecture. Due to the uncommon system requirements and replicating environment, the virus is unlikely to become widespread. http://vil.nai.com/vil/content/v_99679.htm Symantec reports on VBS.Thambl, which is a Trojan horse written in VB Script that attempts to delete anti-virus and personal firewall software. It copies itself as numerous files to the shared folders of several file-sharing programs. http://securityresponse.symantec.com/avcenter/venc/data/vbs.thambl.html Symantec reports on Trojan.Lovead, which is a Trojan horse written in Visual Basic 5 that attempts to connect to a specific web site when an infected computer accesses the Internet. http://securityresponse.symantec.com/avcenter/venc/data/trojan.lovead.html Symantec reports on Trojan.Nullbot, which is an IRC Trojan that allows a hacker to gain control of the compromised computer. It is written in the C programming language and may be compressed two times with UPX and ASPack. http://securityresponse.symantec.com/avcenter/venc/data/trojan.nullbot.html Vulnerabilities SecurityFocus provides a report on a vulnerability in HP-UX 10.20, 11,00, 11.11, and 11.22 XDR libraries that could lead to a denial-of-service or unauthorized access. Follow link for more information. http://online.securityfocus.com/advisories/4458 SecurityFocus reports on a remotely exploitable script injection vulnerability in PHP 4.2.3. No known patch is available at this time. http://online.securityfocus.com/bid/5669/discussion/ Patches: Updated packages are now available for Red Hat Linux 7.3 wordtrans. (SecurityFocus) http://online.securityfocus.com/advisories/4454 Updated gaim packages are now available for Red Hat Linux 7.1, 7.2, and 7.3. (SecurityFocus) http://online.securityfocus.com/advisories/4459 Updated packages are now available for Debian GNU/Linux Python. (SecurityFocus) http://online.securityfocus.com/advisories/4457 Updated packages are now available for Debian GNU/Linux cacti. (SecurityFocus) http://online.securityfocus.com/advisories/4460 Additional vulnerabilities were reported in the following products: Ultimate PHP Board 1.0 unauthorized administrative access vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5666/discussion/ Multiple Browser memory corruption vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5665/discussion/ Netscreen-Remote VPN and Security Clients 8.0 buffer overflow vulnerability. (Netscreen) http://www.netscreen.com/support/alerts/9_6_02.htm NetGear FM114P Prosafe URL filter bypassing vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5667/discussion/ Tools scponly 3.0 is an alternative shell for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution privileges. (scponly) http://sublimation.org/scponly/ LogDog 2.00 RC1 is a very easy to configure and install system log monitor for watching system log files and e-mailing administrators when problems are found. (Caspian's) http://caspian.dotconf.net/menu/Software/LogDog/ scanAlert 1.00 RC2 is a utility that is designed to immediately alert an administrator of a port scan against Linux (Caspian's). http://caspian.dotconf.net/menu/Software/ScanAlert/ CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk