-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Monday, July 02, 2001 7:08 AM To: daily Subject: NIPC Daily Report, 2 July 2001 Significant Changes and Assessment - No Significant Changes. Private Sector - Covert Labs, a division of PGP Security, reported that vulnerabilities in Oracle's 8 and 8i database products which potentially could provide attackers with full access to the database, allowing them to create, delete, or modify information. On 27 June, the lab issued two advisories, both pertaining to Oracle's TNS (Transparent Network Substrate). The TNS Listener, which is used to establish and maintain remote communications with Oracle database services, is vulnerable to a buffer overflow, which could allow a remote user to execute malicious code on the database server. A second vulnerability in TNS allows a remote user to mount a denial of service attack against any Oracle service relying on the Net8 protocol. Oracle said it was aware of the vulnerabilities and has already issued a patch. (Source: Infoworld, 29 June) On 29 June, the CERT Coordination Center (CERT/CC) issued CERT Advisory CA-2001-15 Buffer Overflow In Sun Solaris in.lpd Print Daemon. A buffer overflow exists in the Solaris BSD-style line printer daemon, in.lpd, that may allow a remote intruder to execute arbitrary code with the privileges of the running daemon. This daemon runs with root privileges on all default installations of vulnerable Solaris systems. Systems Affected, were Solaris 2.6 for SPARC, Solaris 2.6 x86, Solaris 7 for SPARC, Solaris 7 x86, Solaris 8 for SPARC, and Solaris 8 x86. The CERT/CC released this advisory before patches were available to alert a broader community of users to this serious problem. (Source: CERT/CC, 29 June) Microsoft denied a report that the hotkeys feature in all versions of its Windows operating system can open a serious security hole. But the company invited security mavens to prove it wrong and test the vulnerability themselves. Scott Culp, head of Microsoft's Security Response Center stated that the software firm has been unable to reproduce an attack reported to the company almost three weeks ago by virus writer Matthew Murphy. To booby-trap the keyboards of other users, according to Murphy, an attacker would only need to create a special shortcut or .LNK file that pointed to a malicious program and store both on a shared drive on the network. By customizing the shortcut so it could be activated with a hotkey, the attacker could cause other users on the network to run the dangerous program the next time they pressed the designated key. (Source: Newsbytes, 28 June) Hackers defaced the home page of PKWARE, Inc., makers of the widely used PKZIP archive and compression file utility, the company confirmed on 29 June. Visitors to the site were greeted with a blank white page except for the following text: "first zip your security holes, then files (if there is time left) :P -the Collective- ." Aside from the home page, other sections of the site, including the PKWARE Store Front and PKWARE Online Product Catalog, appeared to be intact. A PKWARE spokesperson said that the company discovered the breach and immediately restored the original home page but is still investigating the incident. According to the spokesperson, no credit card information is stored on the company's server. (Source: Newsbytes, 29 June) Technology problems plagued Nasdaq's computer system, forcing the No. 2 U.S. stock market to halt trading for the second straight day on 29 June. Nasdaq extended trading until 5 p.m. EDT, one hour later than the usual closing time. "There are market makers who are not seeing their quotes, and so it's not anything like a normal environment," said Matthew Johnson, head of U.S. cash trading at Lehman Brothers. ''It's organized chaos, but it's very chaotic,'' he said of trading in the extended session. (Source: Fox News, 29 June) Government - New federal IT chief said that federal agencies are spending too much money on information technology. Federal agencies spend about $44 billion a year on computer systems, software, service contracts and other information technology. "Forty-four billion dollars is too much," said Mark Forman, the associate director for IT and e-government at the Office of Management and Budget. Forman said agencies are wasting money on "fad portals," multiple search engines and efforts to develop "government-unique" versions of XML for their Web sites. He said agencies are busy building "islands of automation" that both duplicate one another and remain separate from each other. As the administration's IT policy, Forman said his plan is to "unify and simplify" agency endeavors. (Source: Federal Computer Week , 28 June) International - On 1 July, a court fined 22-year-old British computer engineer for hacking into the network of state-run telecoms company Etisalat in the United Arab Emirates (UAE). Lee Ashhurst from Oldham, England, who pleaded not guilty and told the Dubai court that he did not realize what he was doing was illegal, was convicted of misusing "equipment, services or facilties provided by Etisalat". He was found not guilty on a second charge of opening other people's e-mail. However the court also sent the case to the civil courts where Etisalat is seeking compensation of 770,000 dollars for four days of lost business. Etisalat, the UAE's sole Internet service provider, experienced major web disruptions in June 2000. (Source: Associated Press, 1 July) Hackers managed to destroy the computer hard disks of the Mothers of Plaza de Mayo, one of Argentina's best known human rights groups formed amid the country's 1970s dictatorship, the organization said on 29 June. "They destroyed everything, including the hard disks," said Hebe de Bonafini, leader of the group which has campaigned to find out what happened to thousands of their sons and daughters who disappeared in the 1976-1983 dictatorship. The hard disks contained historical records and e-mails. The hacking was one of several incidents this year. (Source: Reuters, 29 June) Hackers infiltrated the cyber network of a Singapore opposition political party and deleted all 8,000 names on a public mailing list, a party official said on 28 June. "I don't know who the culprits are but I don't think it was done by general hackers because the attack was very specific. I run so many mailing lists but they specifically deleted this," said Steve Chia, secretary-general of the National Solidarity Party (NSP). He explained the NSP has four mailing lists, one for party decision-makers, another for party supporters, a third for general discussions and the last to update the public and media about the party's latest news and views. (Source: Agence France Presse, 28 June) Security experts are concerned that some countries are not imposing sufficiently harsh legal penalties to deter virus attacks. This follows the recent announcement that the maximum prison sentence facing the Kournikova virus author, in Holland, is six months. Some countries do impose tougher sentences. Christopher Pile, author of the 1995 Smeg viruses, received an 18-month prison term in the UK. But analysts say the lack of consistency in sentencing could encourage virus writers in some countries. Richard Walters, head of security firm, Integralis's Cybercrime Unit, said financial damage from viruses is growing. According to Walters, the Cascade virus in, 1990, cost companies an estimated $50m. In 1995, Concept caused $50m of damage. When Melissa struck four years later, in 1999, $385m was lost, and more recently, Love Letter cost $7bn. As the costs grow, the time it takes viruses to spread is becoming shorter. It took three years for Cascade to become the most common virus in the world, it took Concept four months, and Love Letter five hours. (Source: IT Week, 29 June) Military - NTR U.S. SECTOR INFORMATION: Telecommunications - NTR Banking and Finance - NTR Emergency Services - NTR Government Services - NTR Water Supply - NTR Gas and Oil Storage Distribution - NTR Electrical Power - NTR Transportation - NTR NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:48 PDT