-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Wednesday, July 11, 2001 7:02 AM Subject: NIPC Daily Report, 11 July 2001 NIPC Daily Report 11 July 2001 Significant Changes and Assessment - No significant changes. Private Sector - Anti-virus experts today warned of a program masquerading as a security patch from Microsoft Corp. that contains a new variant of a dangerous Internet worm. The worm, which security researchers have named W32.Leave.B.Worm, is the latest incarnation of Leave, a mysterious, self-propagating program that prompted an advisory from the FBI's National Infrastructure Protection Center last month. The new malicious code is offered for download in a bogus Microsoft security bulletin distributed 7 July with a forged Microsoft.com e-mail return address. Following the standard format used in legitimate advisories from Microsoft, the fake bulletin warns recipients of a new, unnamed virus that can "destroy documents, delete MP3 files (and) movie files, infect .exe files" and wreck a PC's Basic Input Output System (BIOS). (Source: Newsbytes, 10 July) On 10 July, Microsoft Corp. said it had restored MSN Messenger service to all its customers after nearly a week of glitches that left about a third of its users disconnected or without access to their online personal address books. However, one percent of users permanently lost their contact lists due to problems in the data restoration process. "We have already added more layers of backup to prevent this issue from recurring," MSN Vice President Rich Bray said in a statement. "As we have previously explained, an extremely rare set of circumstances occurred when one of our database servers had a disk controller fail. The backup for this controller also had an error occur, which slowed recovery." (Source: MSNBC and Associated Press, 10 July) International - A computer hacker using a Polish address is reportedly attacking and defacing the Web sites of major Australian businesses to highlight the country's lack of IT security. In the past week, 47 sites have been hacked into and defaced with messages criticizing the state of Web site security in Australia. The defaced sites are listed on the German public service Web site www.alldas.de which archives successful defacements. The hacker, who goes by the name L4m4, defaced the Web site of Adelaide law firm Moloney and Partners and left the threat that unless businesses improved their security they would be next. "Your IT guy who you have trusted for so many years has no idea when they told you that your web server is `safe as houses, mate'," the message said. Since then, another 46 sites have been defaced according to the German Web site archiving the successful attacks. Prior to the past week, less than 100 Australian Web sites had been defaced in two years. (Source: Nine MSN, 10 July) Military - NTR U.S. Government - Rep. Tom Davis (R-Va) reintroduced on 10 July, a bill aimed at encouraging the private sector to share cybersecurity incidents with federal agencies so the government has a better picture of threats to national security. Davis and co-sponsor Rep. Jim Moran (D-Va) first introduced the bill last year after the formation of several private-sector Information Sharing and Analysis Centers (ISACs). The banking and information technology sectors are among those that have already formed ISACs. However, although they are sharing information among themselves, private-sector leaders have said they will not pass information on to government incident response organizations. This refusal stems from fears that information held by federal agencies may be exposed through the Freedom of Information Act. Other sectors have not yet created ISACs because of concerns that sharing information in would violate federal antitrust laws and that it might increase their liability, officials have said. There already are several exemptions to FOIA, and Davis and Moran's bill would simply create another, limiting information-sharing to national security-related information, said David Marin, Davis' communications director. (Source: Federal Computer Week, 11 July) The National Security Agency (NSA) on its Web site, NSA.gov, has re-released its guidelines on securing Windows 2000 and added hints on protecting Cisco routers from hackers. The files were removed from the site a couple of weeks ago after servers struggled to cope with high demand generated by an industry interested in the U.S. Government's security policies. However, the downloads are back up, including templates, manuals and instructions on how to harden your Windows 2000 systems. Topics covered by the files include working with policies, Active Directory settings, DNS setup, digital certificates and Kerberos, IIS. As an addition to its security recommendation guides, the NSA has also included similar files for Cisco routers. To help network managers build a secure TCP/IP network, topics covered include access lists and filtering, auditing and management, secure Network Access Services and firewalling. (Source: VNUNet, 9 July) The General Accounting Office's (GAO) latest report documents weaknesses affecting the Interior Department's National Business Center's (NBC) ability to prevent and detect unauthorized access to the more than $9 billion in payroll payments that traverse the center's networks each year. The NBC develops and operates administrative and financial systems including payroll, property management and accounting for the Department of Interior, the Social Security Administration and the Department of Education, as well as 30 other federal agencies under cross-servicing agreements. The center also provides network access to 14 remote Interior Department bureaus, which allows some 37,000 users to access NBC's systems. The GAO said the agency did not adequately limit security access for most of those users, and routinely failed to control electronic access to sensitive personnel information. An Interior Department senior manager agreed with the findings of the report and said more than half of the GAO's recommendations already had been implemented, and that the remainder would be in place by the end of this year. The GAO report can be found at (www.gao.gov). (Source: Newsbytes, 11 July) State Government - Rules that went into effect this month will set the stage for minimum standards for Ohio court jurisdictions to build a common base for filing documents electronically. Ohio courts are otherwise autonomous, a situation that is seen as promoting technology innovation, but the 90 or so computer systems used throughout the state are a potential barrier to the future of online services. Standards would enable lawyers, members of the public and law enforcement officials to use the same electronic forms to send documents and information to all the courts. It could take as little as five years for some of the courts to embrace e-filing of documents, but as long as 20 years for others. Officials from the state Supreme Court are now working to see how they can get computer systems into those areas and are looking for grants and other resources to help. They are also setting up a program aimed at moving the process along. (Source: Federal Computer Week, 10 July) Defacements - NTR U.S. SECTOR INFORMATION: Transportation - On 9 July, air traffic controllers lost contact with four remote radio transmitters and could not communicate with a TWA MD-80 and a Beechcraft Super King Air 200 as the planes approached Burlington, IA. This played a key role in the failure of two planes to maintain safe distances between them, federal officials said. "At the time it was a pretty critical situation. We had two aircraft on a converging course and no way to talk to them," said Bryan Zilonis, the representative for the National Air Traffic Controllers Association at the FAA's Chicago Air Route Traffic Control Center in Aurora. The communication problem, which occurred about 10:45 a.m. and lasted at least two hours, was caused by an unexplained disruption of the telephone land lines that relay instructions from air traffic controllers at the Aurora facility to radio transmitters in four sectors of eastern Iowa. Communications have been restored, however the source of the problem was still being investigated late Monday. (Source: Chicago Tribune, 11 July) Telecommunications - NTR Banking and Finance - NTR Electrical Power - NTR Emergency Services - NTR Government Services - NTR Water Supply - NTR Gas and Oil Storage Distribution - NTR NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC of the FBI.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:51 PDT