-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Tuesday, July 24, 2001 7:38 AM To: daily Subject: NIPC Daily Report 24 July 01 Significant Changes and Assessment - No significant changes. Private Sector - Jesus Oquendo, aka Sil, who maintains the Web site AntiOffline, has been convicted of computer trespass and eavesdropping and sentenced to 27 months in a minimum security federal jail and ordered to pay $96,385 in restitution. According to the government's case, he used his access via Collegeboardwalk to alter Five Partners' system to send its password file to an e-mail dump which he controlled. Using a sniffer, he was able to obtain the password of a Five Partners employee who had an account on another system belonging to Manhattan computer wholesaler RCS Computer Experience. The government says Oquendo used that user's login information to break into the RCS network, grabbed the pass file, and deleted the company database. (Source: The Register, 23 July) Vnunet is reporting that millions of people accessing the Internet through broadband cable connections risk having their computers taken over by malicious hackers. Israeli Security Company Checkpoint revealed today that the devastating security vulnerability is caused by the shared architecture of the data channel that carries Internet traffic within cable companies' fiber networks. This means that groups of subscribers share a single cable connecting them to the local neighborhood node. Each subscriber's signal is multiplexed on to this single cable by frequency division multiplexing (FDM). The result is that a hacker could exploit the flaw to access data or take control of any remote computers sharing the same local node. It is possible for cable modem users to protect themselves against these threats by using security measures such as firewalls, however experts warned that most cable consumers are generally unaware of the danger. (Source: Vnunet.com, 23 July) An apparent bug in Microsoft's MSN Communities site, dubbed "The Magic Link," exposes members' personal, and often smutty, image files at random and has become an underground hit with voyeurs and web porn fans. The bug is exploited by simply browsing the web page communities.msn.com/_Secure/. The link serves up an image from an MSN Community member's online photo collection, apparently at random, though sometimes only after several refreshes. The bug reveals that MSN Communities has become something of a hotspot for swapping web porn. The link serves up a treasure trove of adult imagery, occasionally, and disturbingly, juxtaposed with the family portraits, vacation photos and class pictures of less libidinous MSN homesteaders. (Source: SecurityFocus, 23 July) There is a directory traversal bug in the Tivoli Secure Way Policy Director that, left unchecked, makes it possible for a hacker to slip outside the authorized confines of the server directory. This means that a hacker with a little technical know-how can browse arbitrary files on a vulnerable server that is presumed to be protected by Secure Way. Normally, at login, Tivoli Secure Way designates permissions to the user - permissions that only allow specific users to see the files that they are authorized to access. It turns out, however, that Secure Way falls victim to a common webserver problem that causes the server to misinterpret hexcode representations, thus allowing unauthorized users to trick the Secure Way into escaping up a directory. Tivoli Secure Way can be hacked if an attacker connects to port 80 and sends a specially configured request to the server. This enables her to escape the policy directory altogether. Since Tivoli Secure Way users assume that their directory is protected, this kind of intrusion could pose a high risk to confidential data that is presumed secured, but that is actually open to prying eyes. The affected versions of Tivoli Secure Way Policy Director are versions 3.01, 3.6, 3.7, and 3.7.1. Tivoli has issued version-specific patches for this vulnerability, which can be found at their ftp patch site "ftp://ftp.tivoli.com/support/patches". (Source: SecurityWatch, 24 July) Government - The U.S. Justice Department has awarded more than $16 million in grants to 26 states to help federal, state, and local authorities share crime information more effectively. The funds will help states link key information systems, such as those that contain crime and offender information. Improved coordination among criminal justice information systems will result in better information, which will lead to better sentencing decisions. In fiscal year 2000, the Justice Department and the governors' association provided information integration planning grants of $25,000 to 42 states and hosted workshops attended by representatives of state implementation teams from 45 states. The latest 26 grants will enable selected states to build on that work and lay the groundwork for future national information integration efforts, Justice officials said. (Source: Federal Computer Week, 24 July) International - According to research conducted by security specialist Evidian, companies in Europe are divided over the potential threat to business from viruses, hacker attacks, and other forms of sabotage. Despite this, multinationals are still refusing to take local security issues into account when devising corporate policy. In France, Benelux, Spain and Germany, viruses are seen as the major threat with 40% of companies identifying this form of attack as the most prevalent. In the UK, deliberate sabotage by employees or ex-employees was identified as the biggest area of concern. In Scandinavia , over 50% claimed was accidental damage caused by an employee, and in Italy, financial fraud was identified as the biggest problem. ( Source: Business Wire, 23 July) Military - The Pentagon temporarily shut down public access to its Web sites on 23 July to make sure they are protected against a new computer threat known as the "Code Red" worm. "Most DoD Web sites will not be accessible by the public until this worm no longer poses any threat to DOD networks," a spokeswoman said. Pentagon computer security experts were instructed to install patches to make their computers impenetrable to the worm before making the sites viewable again to the public. The sites remained visible to military personnel who accessed them from their work computers. The worm, similar to a computer virus, has already infected at least 225,000 computers. The NIPC issued a warning, calling the worm a significant threat that could "degrade services running on the Internet." Because Code Red spread so quickly, security companies have not been able to figure out who wrote and released it. (Source: Associated Press, 23 July) Defacements - NTR U.S. SECTOR INFORMATION: Government Services - NTR Transportation - NTR Emergency Services - NTR Electrical Power - NTR Telecommunications - NTR Banking and Finance - NTR Water Supply - NTR Gas and Oil Storage Distribution - NTR Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:59 PDT