-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Wednesday, August 22, 2001 10:12 AM To: daily@private Subject: NIPC Daily Report, 22 August 2001 NIPC Daily Report, 22 August 2001 Significant Changes and Assessment - No significant changes Private Sector - Microsoft Corporation has released Microsoft Security Bulletin MS01-046; Access Violation in Windows 2000 IRDA Driver Can Cause System to Restart. At issue, Microsoft Windows 2000 provides support for infrared-based connectivity. This support is provided through protocols developed by the Infrared Data Association (IRDA). Because of this, they are often called IRDA devices. These devices can be used to share files and printers with other IRDA-device capable systems. The software which handles IRDA devices in Windows 2000 contains an unchecked buffer in the code which handles certain IRDA packets. A security vulnerability results because it is possible for a malicious user to send a specially crafted IRDA packet to the victim's system. This could enable the attacker to conduct a buffer overflow attack and cause an access violation on the system, forcing a reboot. Microsoft believes it cannot be used to run malicious code on the user's system. Additional information on this bulletin and a patch to fix this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin/ms01-046.asp <http://www.microsoft.com/technet/security/bulletin/ms01-046.asp> (Source: Microsoft, 21 August) Insurance broker J.S. Wurzler Underwriting Managers has started charging up to 15% more in premiums to clients that use Microsoft's Internet Information Server (IIS) software. Wurzler gained notoriety earlier this year for increasing cyber insurance rates on companies that use Microsoft NT software on their servers. So far, Wurzler appears to be the only insurer singling out Microsoft for higher rates. Wurzler based his decision on more than 400 security analyses done by his firm over the past three years. He found that system administrators working on open source systems tend to be better trained and stay with their employers longer than those at firms using Windows software. That turnover may mean that security patches do not get installed. Wurzler offers lower rates to clients that use NT and IIS if they can show that their administrators are following best practices. (Source: Interactive Week, 21 August) Carnegie Mellon's CERT Coordination Center (CERT/CC) announced this week that it has joined forces with the Australian Computer Emergency Response Team (AusCERT) to address international security issues. CERT/CC Manager Jeffrey Carpenter said on 21 August that the deal could be a prototype for other, similar arrangements with computer-incident-response organizations around the world. By partnering with sister groups in other nations, CERT/CC will be able to better track and address incidents and security concerns. CERT/CC's arrangement with AusCERT essentially formalizes and expands a long-standing working relationship between the two entities, Carpenter said. The groups will to continue to alert one another about incidents and possible security threats and will expand their working relationship by authoring joint papers on security-related issues. But despite the closer working relationship, CERT/CC will not share with AusCERT the names of U.S. companies that disclose security vulnerabilities or incidents to CERT/CC, Carpenter said. CERT/CC will continue to protect that information the way it has in the past, he added. CERT/CC's statement on the partnership can be viewed at http://www.cert.org/about/AusCERT_release.html <http://www.cert.org/about/AusCERT_release.html> . (Source: Newsbytes, 21 August) A survey sponsored by Sharp Electronics Corporation revealed that information technology professionals are largely unaware or uncertain of the potential security risks posed by the theft of documents from digital copier/printers. While the focus of the survey was hard drive security, copier/printers can also be at risk from hackers because the machines are increasingly connected to networks. The results of the study underscore that the convergence of several trends, increased use of more sophisticated, high-performance digital copier/printers and the shift in purchase and management of these devices to IT departments among them, has likely left many organizations unprepared to protect some potentially sensitive document data. The most common threats to digital copier/printers come from intruders who either steal the hard drives containing confidential or sensitive document data, or who reprint documents directly from the machine after the earlier print command was canceled. (Source: CNET News, 22 August) International - Malicious Javascript downloaded from a hacked auction Web site caused Japanese Internet users serious problems over the weekend, the Japanese government's Information-Technology Promotion Agency (IPA) reported on 21 August. The auction site Price Loto, run by Mediagate, was hacked. The attack started on 18 August and continued until 20 August when Mediagate temporarily closed the site. Users who visited the Price Loto site using Microsoft's Internet Explorer 4.x and 5.x automatically downloaded malicious JavaScript that was programmed to alter the software configuration of their PCs. Users of affected PCs experienced difficulties opening up new applications, changing setups, and closing down the operating system, the IPA report said. The IPA has received damage reports from several dozen users within the last three days, which it considers to be a large amount as it normally receives about 300 reports per month. (Source: IDG News Service, 21 August) Japan reported that a total of 1,953 cases of computer viruses were reported between 1-20 August, with the month likely to see the worst-ever infection rate, the Information Technology Promotion Agency reported on 20 August. The current record of 2,778 cases was set last December. The widespread infection rate is attributed to this summer's newcomers, Sircam and Code Red. Sircam was responsible for about half of the total figure, or 921 cases. One factor helping the proliferation of viruses is the spread of broadband among home users. (Source: InfoSec News, 21 August) Defacement group JNB continues to deface Thai government (.go.th) Web sites by leaving its mark on a Royal Thai Government domain belonging to the nation's Secretariat of the Prime Minister. The site appears to be a public relations Web site for the Thailand's Prime Minister, Thaksin Shinawatra. The Prime Minister's site, http://www.thaigov.go.th <http://www.thaigov.go.th> , was hosted on a Microsoft IIS 3.0 server running an unidentified Windows flavor. In addition to defacing 15 other .go.th domains over the past few days, in April, JNB left its mark on the Web site representing The British Embassy in Tallinn, Estonia. (Source: SecurityWatch, 22 August) Pete Chown, director of London-based Skygate Technology security firm, says that IT managers need to think like a hacker in order to fully protect their employer's computer systems. He elaborated by saying that until IT security staffs start to think like a hacker, their systems will still be vulnerable. Chown states that it is not enough for IT security staff to simply install IT security patches, security hardware and software, they also need to use the same tools as the hackers to scan company Internet ports for any vulnerabilities. (Source: Information Security News, 21 August) Government - A plan to auction airwaves for use in next-generation wireless services could endanger national security if the DoD is not given additional time to study the matter, government auditors said in a report released on 21 August. Under a mandate from Congress to identify airwaves for use in next generation high-speed "3G" wireless services, government agencies have proposed auctioning licenses for 1750-1850 MHz band for private sector use by September 2002. As the principal occupant of that band, the DoD issued a report in February that found that sharing or losing spectrum in that band could jeopardize the agency's ability to control and communication with satellites that manage sensitive national security data. The DoD also said it would not be able to vacate the band until at least 2017 for space systems, and by 2010 for ground-based systems. The GAO report can be viewed at http://www.gao.gov <http://www.gao.gov> . (Source: Newsbytes, 21 August) Military - NTR U.S. SECTOR INFORMATION: Water Supply - NTR Gas and Oil Storage Distribution - NTR Government Services - NTR Emergency Services - NTR Electrical Power - NTR Telecommunications - NTR Banking and Finance - NTR Transportation - NTR NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:19 PDT