-----Original Message----- From: NIPC Watch Sent: 7/10/01 8:05 AM Subject: NIPC Daily Report, July 10, 2001 NIPC Daily Report 10 July 2001 Significant Changes and Assessment - No Significant Changes. Private Sector - Carnegie Mellon University's Software Engineering Institute, which tracks online criminal activity in the U.S. and helps victims, has reported that it received more than 21,000 incidents in 2000, up from nearly 10,000 in 1999. This year's first quarter saw more than 7000 reported incidents. The Internet Fraud Complaint Center (IFCC) reports increasing amounts of Internet fraud, totaling more than 20,000 complaints from its inception until early November. In addition to fraudulent transactions, cyber-crime ranges from hacking to stealing credit card numbers and planting viruses. The IFCC, which acts as a "cyber-community watch group," reports that online auction fraud comprises nearly two-thirds of the complaints. (Source: PC World, 7 July) On 9 July, the CERT Coordination Center (CERT/CC) issued CERT Advisory CA-2001-17, Check Point RDP Bypass Vulnerability. Check Point VPN1 and FireWall1 Version 4.1 software contained a vulnerability that may allow an intruder to pass traffic through the firewall on port 259/UDP. The advisory said FireWall1 and VPN1 do not provide adequate security controls for the reliable data protocol (RDP), a protocol designed to provide a reliable data transport service for packet based applications such as remote loading and debugging, and supported by the firewall software. Inside Security GmbH was the company that discovered the vulnerability. For more information, see the Inside Security GmbH security advisory, available at http://www.inside-security.de/advisories/fw1_rdp.html. Although the CERT/CC has not seen any incident activity related to this vulnerability, they do recommend that all affected sites upgrade their Check Point software as soon as possible. (Source: CERT/CC, 9 July) International - The People's Bank of China (PBC) unveiled regulations governing Internet based banking services in an effort to better police and promote healthy development of the burgeoning banking business. The Provisional Regulations on Online Banking Services aim to "regulate and guide the healthy growth of online banking services, prevent operational hazards and protect legal rights of customers," the PBC said in a statement. The online banking services, or financial services provided through the Internet, include new types of services that are directly related to securities and insurance businesses, which were officially allowed to be conducted by commercial banks in last week's legislation. Risk management and safety are stressed in the new rules, which specify requirements on operation safety strategies, encryption technologies in identifying clients and transmitting data, and preventative measures against computer viruses and attacks by hackers. (Source: Beijing China Daily, 10 July) Military - NTR Government - NTR Defacements - NTR U.S. SECTOR INFORMATION: Telecommunications - The System Administration Networking and Security (SANS) Institute is recruiting amateur radio operators to take part in an emergency communications network that will be used by disaster relief personnel in the event of a catastrophic failure of telecommunications systems, including the Internet. In its weekly newsletter this week, SANS asked all interested ham and packet radio operators "to take a leadership role to help establish and maintain" such an emergency backup communications network. The American Radio Relay League (ARRL) estimates that there are about 275,000 " hardcore operators" who could swing into action if needed. The ham radio network would be strictly used for passing emergency voice and data communications between government officials at the local, state and federal levels and the public. (Source: ComputerWorld, 6 July) Banking and Finance - NTR Transportation - NTR Electrical Power - NTR Emergency Services - NTR Government Services - NTR Water Supply - NTR Gas and Oil Storage Distribution - NTR NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:51 PDT