-----Original Message----- From: NIPC Watch To: daily@private Sent: 8/30/01 10:08 AM Subject: NIPC Watch 30 August 2001 Significant Changes and Assessment - No significant changes Private Sector - NTR Government - U.S. Customs agents have arrested two men for allegedly attempting to export military-grade encryption technology to China. Authorities accused Eugene You Tsai Hsu and David Tzu Wvi Yang of plotting to export an encryption technology designed for use exclusively by the U.S. Government. A Customs spokesman would not confirm whether the KIV-HS encryption unit in question has ever been used outside of the U.S. Government or exported to any other nations. The communications encryption device cannot be legally exported from the U.S. without permission from the State Department. (Source: Newsbytes, 29 August) The Federal Computer Incident Response Center (FedCIRC) is delaying the release of a Request for Proposal (RFP) for a system that will automatically send out security patches to civilian agencies to expand the types of software that will be covered by the system. FedCIRC started working on the idea for an automated patch dissemination system late last year and planned to release a request for proposals by the end of August. Agency and industry comments, however, revealed a feeling that the original RFP was too narrow because it focused only on operating systems, said Lawrence Hale, FedCIRC Liaison Director. The rewrite of the RFP should be complete in time for FedCIRC to release it before the end of September. It will include patches for many of the standard applications used across government as well as for the commonly-used operating systems. The idea behind the system is to raise the basic level of federal security by making it easier for agencies to fix vulnerabilities in commercial products. (Source: Federal Computer Week, 30 August) The National Security Agency (NSA) has released an improved version of its Security-Enhanced Linux (SELinux) model. The improved model includes a Linux Security Modules kernel patch and a few other fixes for minor flaws found in the original prototype. The update and a subsequent call for public comment are part of the federal government's effort to improve OS security. This latest version, released Aug 23, now uses a kernel patch based on the lsm-2001-8-_16 patch against kernel 2.4.9, according to the agency's Web site. SELinux supplies the Linux kernel and other utilities with security features to help enforce mandatory access-control policies. This is an attempt to shore up some shortcomings of traditional Linux security mechanisms, such as the potentially abused "root" super-user concept and to prevent data and program tampering, to create an architecture that helps protect systems from being compromised. However, the NSA model is still limited due to its support of the x86 architecture only and having only been tested on Red Hat distributions. It also can't correct any existing flaws in the open-source Linux, which is attracting more interest as a viable alternative to proprietary software such as Microsoft's Windows. The NSA is again asking IT experts to evaluate its latest prototype and provide feedback. (Source: Security Wire Digest, 30 August) International - A hacker broke into a server used by a Tokyo company to run an Internet auction site and reprogrammed it to freeze personal computers accessing the site on 30 August. Mediagate Corp., which operates the Price Loto Web site, said that at least 2,500 viewers of the site suffered damage which has never been detected before in Japan. (Source: Nihon Keizai Shimbun, 29 August) According to National Police Agency's Cyber Terror Response Center in South Korea, police have launched an investigation into a massive hacking incident involving the misappropriation of 159 Internet domain names owned by a local venture company's CEO. The stolen domains were registered on the U.S. domain registry and are valued at about $76,000. Considering that the sites are registered to a U.S. firm, the NPA has requested the FBI's cooperation. "Although we are putting our efforts into uncovering the identities of the illegitimate registrants, there is the possibility that their personal information is false, which could hinder the investigation," a spokesman of the NPA said. (Source: The Korea Herald , 30 August) Taiwan law enforcement officers identified a crime syndicate responsible for the production of silicon chips used to record customers' credit card codes. The accused leaders have fled to Hong Kong, while other members of the group have relocated the illegal business to South Korea. The criminals installed the silicon chips in credit card readers in stores before recording codes of customers' cards and produced numerous forged cards. Many credit card firms expressed gratitude to the officers as the bust has prevented dozens of credit card firms, banks and their customers from suffering greater losses. ( Source: CPP, 28 August) Military - NTR U.S. SECTOR INFORMATION: Banking and Finance - Riggs Bank began replacing 3,000 Visa debit cards for its customers last week after learning that purchase records from a merchant in the Washington area had been "disclosed to unauthorized persons." According to a 21 August letter to customers, it did not see any evidence of fraud involving its Riggs CheckCards, but it asked affected customers to destroy their old cards and carefully inspect their bills. Riggs said it was the first time it had to issue new cards because of a security breach. Visa spokesman Joe Carberry said Visa called several banks throughout the country in early August to notify them about the security breach, but he declined to identify the banks. (Source: Washington Post, 29 August) Telecommunications - NTR Emergency Services - NTR Water Supply - NTR Gas and Oil Storage Distribution - NTR Government Services - NTR Electrical Power - NTR Transportation - NTR NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC of the FBI.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:33 PDT