-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Monday, July 09, 2001 10:29 AM To: daily Subject: NIPC Daily Report, 9 July 2001 Significant Changes and Assessment - No Significant Changes. Private Sector - ISS X-Force has discovered a buffer overflow vulnerabilities in two popular Remote Authentication Dial-In User Server (RADIUS) implementations. RADIUS was originally designed to manage user authentication into dial-up terminal servers and similar devices. It has since been used as a standard for access control and user authentication for numerous Internet infrastructure devices, including routers, switches, and 802.11 Wireless Access Points. RADIUS is typically implemented as a "secure" access-control solution for critical network components, and is also implemented as a supplement to weak security measures provided in 802.11b specifications. The vulnerabilities may allow attackers to launch Denial of Service attacks against critical network components, bypass 802.11 WLAN access control, or compromise and control protected network resources. (Source: InfoSec News, 7 July) A security vulnerability was discovered in any Linux or BSD system running all versions of Samba, allowing an attacker to gain root access. A remote attacker can use a netbios name containing Unix path characters which will then be substituted into the "%m" macro wherever it occurs in smb.conf. This can cause Samba to create a log file on top of an important system file, which in turn can be used to compromise security on the server. The vulnerability can be exploited locally or remotely and can provide root access. The solution would be to change smb.conf configuration file, or update to most recent release of Samba. The risk is considered HIGH. (Source: InfoSec News, 7 July) Pharmaceutical maker Eli Lilly & Co. blamed a programming error for a recent incident in which it accidentally disclosed the e-mail addresses of about 600 medical patients who had registered to get messages reminding them to take the antidepressant drug Prozac or to attend to other health related matters. Analysts said the mistake points to the need for health care organizations to assess whether the way they communicate with patients violates medical data privacy rules found in the Health Insurance Portability and Accountability Act passed in 1996. (Source: Computerworld, 6 July) International - On 6 July, Raphael Gray, aka "Curador," was ordered to carry out a three-year community rehabilitation order and to undergo psychiatric treatment. Gray was apprehended by the FBI back in March after a month-long manhunt leading back to a tiny hamlet in Wales. Gray had been charged with illegally obtaining 23,000 credit card numbers and obtaining services by deception. He admitted illegally accessing eight online companies' customer databases, and his antics even included sending a shipment of Viagra to Bill Gates after obtaining Gates' credit card details. (Source: vnunet, 6 July) Between 5-6 July, a defacer known as TonikGin was responsible for a spree of Chinese government Web site defacements. On those two days, TonikGin hit nine .gov.cn sites with a tenth being defaced by Azrael666. TonikGin's defacement included a graphical logo, link to a CNN article titled "Hey! Macarena takes India by storm" and included a contact address, tonikgin01@private (Source: Attrition.org, 9 July) The number of reports of viruses infecting computers in Japan tripled in the first half of this year, compared with the same period a year earlier, according to figures released on 6 July by the Information-Technology Promotion Agency (IPA). The IPA says the number of computer virus incidents reported to it from January through June soared to 9,569. The increase is attributed to the spread of new strains of the Hybris and MTX viruses, which together accounted for 56% of all cases documented in the first half. (Source: InfoSec News, 7 July) Computer crime will be one of the major threats to e-business in the future, but laws in Europe have a number of shortcomings. The global nature of the Internet means that national laws may be difficult to apply and in order to protect themselves from bad publicity many companies are still unwilling to report security breaches to the police. The efficient detection of computer crime is therefore being hindered by a lack of information from the victims. At the moment, the two major European bodies that are attempting to legislate against online crime are the European Commission and the Council of Europe, an association of 40 member states. But these two organizations seem unable to agree on a common policy. (Source: ZDNet UK, 6 July) Hackers have attacked state broadcaster RAI's non- stop news Web site, leaving messages against globalization and the upcoming G8 summit in Genoa. The RAI broadcaster said that a hacker had entered the home page of RAI News 24 and inserted a photo of the planet and anti-globalization slogans in English. Police are investigating the incident. Over the past few months, RAI News 24 has provided extensive TV and Internet coverage of the 20-22 July summit and the issues on the agenda. The attack was similar to one carried out on 1 July on the Web sites at the Ministry for Production Activities and several Chambers of Commerce. (Source: Italian News Agency ANSA, 7 July) Military - The Army has lifted an electronic embargo on all commercial Web browsers that had left thousands of troops, and the general public, unable to access the service's public Web sites in Europe from home computers. The sites were still available for computers running on the ".mil" domain servers, but fears of hacker attacks put the Army's online forces in Europe into bunker mode until computer experts could shore up defenses. The Mannheim-based 5th Signal Command, which oversees all of the Army computer systems in Europe, imposed the block in May after discovering vulnerabilities in commercial software used to operate Web sites on many public-access computer systems. The block was lifted gradually over the past month as computer experts gave individual Web sites the necessary electronic protections. Officials said in a recent release that additional safeguards still are being put in place, and they expect work to continue through September. (Source: Stars and Stripes, 6 July) Government - A Commerce Department privacy Web site exposed proprietary information that U.S. companies provided to the government in strict confidence. Information included revenue, number of employees, and the European countries with which firms do business. This information has been publicly accessible since the site went online last year. Casual visitors even could modify information stored in the agency's database, permitting anyone to delete, for instance, Microsoft, Intel, or Procter & Gamble from a government-certified list of companies that can freely exchange information with European firms. (Source: Wired News, 6 July) Defacements - According to the Web defacement mirror sites Alladas.de and Attrition.org, the following U.S. military and state government sites were defaced between 5-9 July by the hacker(s) indicated: · ATGPAC PACNORWEST Detachment Navy Web site (www.atgpnw.everett.navy.mil) was defaced by "PoizonB0x" · Chippewa River District Library, Michigan Web site (vml-ntserver1.vml.lib.mi.us/) was defaced by "MIH" · Alaska Department of Fish and Game, Commercial Fisheries Web site (www.cf.adfg.state.ak.us/) was defaced by "TonikGin" · Uustin Community College, Texas Web site (afs.austin.cc.tx.us/) was defaced by an unknown defacer · Buckingham County Public Schools, Virginia Web site (www.buckingham.k12.va.us/) was defaced by "Evil Elisabeth" · The Dothan City Schools, Alabama Web site (www.dothan.k12.al.us/) was defaced by "Murder" · Dennis-Yarmouth Regional School District, Massachusetts Web site (www.dy-regional.k12.ma.us/) was defaced by "badungbOy" · Town of Chelmsford, Massachusetts, Web site (www.townhall.chelmsford.ma.us/) was defaced by "badungbOy" · Lumpkin Public Library, Georgia Web site (www.lumpkin.public.lib.ga.us/) was defaced by "Azrael666" and later by "em0r_r0id of ere.Corp" U.S. SECTOR INFORMATION: Banking and Finance - The FBI is investigating a June computer intrusion into a web banking company that may have compromised customer accounts at hundreds of U.S. financial institutions. The attack against S1 Corporation's Community and Regional eFinance Solutions Group, renamed from QUP after an acquisition last year, gave the hacker access to an internal network at the company's Atlanta-based 'Data Center,' which handles the web banking needs of approximately 300 small banks and federal credit unions across the country. The hacker is believed to have cracked the network on 19 June. The company's information security staff discovered the intrusion the next day, and monitored the hacker until 23 June, when they locked him out. S1 spokesperson Paul Citarella would neither confirm nor deny the intrusion, citing customer confidentiality. (Source: SecurityFocus, 6 July) Transportation - NTR Telecommunications - NTR Electrical Power - NTR Emergency Services - NTR Government Services - NTR Water Supply - NTR Gas and Oil Storage Distribution - NTR NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:50 PDT