-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Wednesday, June 27, 2001 9:23 AM To: daily Subject: NIPC Daily Report, 27 June 2001 Significant Changes and Assessment - No Significant Changes. Private Sector - America Online (AOL) confirmed on 26 June that one of the Web servers operated by the company's ICQ instant-messaging unit was defaced. AOL assured users of its popular Internet messaging service that their personal data was not compromised. The defaced server, located at groups.icq.com, provides information about ICQ interest groups and was running Microsoft's Internet Information Server (IIS) software, according to AOL officials. A group calling itself 'Men In Hack' on 25 June replaced the default home page with one of its own design. The defaced page included the ICQ logo, a green flower, with the words "hacked" flashing in red capital letters across it. Following the defacement, the online service installed a patch recently released by Microsoft to plug a security hole in IIS, an AOL spokesperson said. (Source: Newsbytes, 26 June) An ad hoc association of security and general-purpose software vendors, headed by the moderator of the NTBugtraq mailing list and surgeon general at TruSecure Corp., is working to establish an industry group with established protocols. The panel would formalize the way researchers handle the reporting of new vulnerabilities and would dispense vulnerability and exploit information, first to its members and then to the general public, once patches are available. Currently, as no such standardized method exists, vulnerabilities and their exploit code are sometimes released to the general public before vendors are notified, greatly enhancing a hacker's ability to exploit security holes. Other groups have attempted this feat with varying degrees of success, most notably the CERT Coordination Center at Carnegie Mellon University, in Pittsburgh. An industry-led group could significantly reduce the number of attacks against computer networks. (Source: ZDNET, 25 June) A researcher plans to announce at a technical conference on 28 June that the common encryption standards that allow users to digitally sign their e-mail have a well known flaw that could allow a message to be surreptitiously forwarded to another person. The problem could allow the recipient of a signed and encrypted e-mail to forward the message to a third party, while making it seem as if the original sender mailed the message directly. (Source: ZDNET, 26 June) According to a media report, the following security vulnerabilities are present in Windows 2000 Encrypting File System (EFS) and disk wipe software support: 1. Files that are moved into an encrypted folder have a plain text copy made. In addition plain text fragments of the original will also persist. When EFS is used in the recommended manner, that is files are only created inside folders with EFS enabled, the problem of plain-text copies and fragments does not occur. 2. Third party disk wipe products do not effectively "zero" unused disk space under Windows 2000. This effectively means that users are unable to clear plain text copies of files they thought were encrypted, as well other material they thought they had deleted, by using disk wipe products. (Source: InfoSec News, 26 June) International - On 26 June, a hacker named 'ThePike' managed to deface the European defacement mirror Alldas.de. Visitors to the site saw a modified news banner on the left side saying "ALLDAS GOT CRACKED! READ IT HERE." The front page was modified to include a small rant/message from the defacer regarding current defacement activity. His message warned other defacers that "security is not something funny" and cautioned would-be defacers about using their scripts to deface companies that rely on data security. (Source: SecurityWatch, 26 June) In May, 18 separate Web defacements were recorded on 39 top Irish company Web sites after hackers succeeded in breaching company e-codes. Patrick Hynes, boss of Ernst and Young, a global company which specializes in e-security, warned that several major companies are now at serious risk of having their confidential files intercepted by international hackers. He said that already some top Irish firms are being hacked from places as far away as Korea, Japan, and the U.S. (Source: Sunday Mirror, 24 June) Government - NTR Military - NTR Defacements - According to the Web defacement mirror site Alldas.de, the following U.S. government and military sites were defaced on 27 June by the hacker indicated: * U.S. Navy Civilian Welfare and Recreation North Island Web site (www.cwrni.navy.mil), defaced by PoizonB0x * Heeler National Wetlands Research Center (heeler.nwrc.gov), defaced by Warlord * Shepherd National Wetlands Research Center (shepherd.nwrc.gov), defaced by Warlord * Hound National Wetland Research Center (hound.nwrc.gov), defaced by Warlord1101 * Husky National Wetland Research Center (husky.nwrc.gov), defaced by Warlord 1101 U.S. SECTOR INFORMATION: Banking and Finance - NTR Emergency Services - NTR Government Services - NTR Water Supply - NTR Gas and Oil Storage Distribution - NTR Electrical Power - NTR Transportation - NTR Telecommunications - NTR NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:46 PDT