-----Original Message----- From: NIPC Watch To: daily Sent: 10/11/01 7:56 AM Subject: NIPC Daily Report 11 October, 2001 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC of the FBI. NIPC Daily Report 11 October, 2001 Significant Changes and Assessment - No significant changes. Private Sector - Microsoft Corporation has released Microsoft Security Bulletin MS01-051, "Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone." This bulletin addresses three vulnerabilities affecting Internet Explorer (IE). The first involves how IE handles URLs that include dotless IP addresses (that is using http://12345678 instead of http://12.34.56.78). If a Web site were specified using a dotless IP format and the request were malformed in a particular way, IE would not recognize that the site was an Internet site. Instead, it would treat the site as an Intranet site, and open pages on the site in the Intranet Zone rather than the correct zone. The second involves how IE handles URLs that specify third-party sites. By encoding an URL in a particular way, it would be possible for an attacker to include HTTP requests that would be sent to the site as soon as a connection had been established. The third is a new variant of a vulnerability discussed in Microsoft Security Bulletin MS01-015, affecting how Telnet sessions are invoked via IE. By design, Telnet sessions can be launched via IE. However, a vulnerability exists because when doing so, IE will start Telnet using any command-line options the Web site specifies. Additional information on this bulletin and a patch to fix these vulnerabilities is available at the following url: http://www.microsoft.com/technet/security/bulletin/MS01-051.asp. (Source: Microsoft, 10 October) A hacker claiming to be a member of vigilante hacker group, YIHAT (Young Intelligent Hackers Against Terrorism) defaced 13 web-sites on 8 October. Schmitz, an Internet entrepreneur and convicted hacker said that defacements were against the policies of the group. The 13 targets appear to be randomly chosen, running either Linux or some form of the BSD operating system. All the sites were defaced with a uniform page featuring the YIHAT logo and the group's mission statement: "Kill the money sources of terror." A note in the source code of the defaced pages attributes the defacements to 'RaFa', a hacker formerly belonging to the notorious World of Hell group. Although it is unconfirmed whether RaFa is indeed a member of YIHAT, the group has distanced itself from the attacks. According to Schmitz, the purpose of YIHAT is only to gather information on terrorist related activities. "Do not destroy any data on any system. If you destroyed anything by accident, fix it. Protect the Internet. Cracking is prohibited. Stop defacing Web sites," he said. The YIHAT website went live earlier this week, urging talented hackers to join its ranks. ( Source: Vnunet, 10 October) A panel of academics told Congress on 10 October, the nation's electricity, telecommunications and banking networks will remain vulnerable to attack unless Congress earmarks more funds for computer-security research. "We cannot hope to protect our security needs without a sustained commitment to the conduct of research, both basic and applied, and the development of new experts," said Eugene Spafford, a professor of computer science at Purdue University. According to figures provided by the committee, a variety of federal agencies spent $1.3 billion in fiscal 2000 on grants for research into information technology. However, the fraction of that spent on security is not nearly enough, Spafford said. An informal survey of 23 universities found funding for information security averaged $105,000 per faculty member, not enough to fund significant research, he said. Committee chairman Sherwood Boehlert agreed more money should be devoted to the issue and said he intended to introduce legislation after a second hearing is held next week. (Source: Reuters, 10 October) International - British Internet users who fail to protect their machines against virulent computer viruses such as Nimda could have their Internet connections suspended by their Internet service provider. British ISP Telewest has been the first to take direct action against customers who have refused to patch their computers against the Nimda worm or have left infected PCs running. The company insists that these are "sensible" measures to protect customers from malicious worms that are able to self-propagate across networks without user intervention. "Telewest, in line with other service providers, has put into practice a virus protection strategy to prevent infection of our network," said a spokeswoman at the company. "Protective measures include the temporary removal of service from customers who are virus infected and who may have not taken appropriate preventive measures." (Source: Ziff Davis News, Uk, 10 October) Military- NTR Government - NTR U.S. SECTOR INFORMATION: Telecommunications - On 10 October, the US government's new cyber-security officials asked telecommunications companies for help building a government computer network that would have no risk of outside penetration, a task some computer security consultants say is nearly impossible. Plans for the private network, called GOVNET, hinge on whether a reliable network infrastructure can be built at an affordable price, officials said. Richard Clarke, special adviser to the president for cyberspace, said he believes a more reliable system can be built. GOVNET is part of a plan Clarke announced earlier this week. GOVNET would be completely independent from the Internet to help keep out hackers and viruses. The General Services Administration asks that telecommunications companies submit proposals about how the network could be built, how much it would cost, and how long it would take to construct. (Source: Washington Post, 10 October) Water Supply - US water supplies can be considered a "logical target for a possible terrorist attack" although authorities know of no credible threat to poison the nation's drinking water, and carrying out such an attack would be harder than it sounds. At a hearing before a House of Representatives subcommittee on potential threats to the water supply, the nation's publicly owned water agencies also asked Congress to spend $5 billion to shore up the water supply infrastructure with the aim of protecting national security. The subcommittee's chairman, Tennessee Republican Representative John Duncan, said the men who carried out the 11 September attacks turned planes into weapons of mass destruction and US officials must consider the possibility of someone turning water supplies into weapons of mass destruction through contamination. (Source: Reuters, 11 October) Gas and Oil Storage Distribution - NTR Electrical Power - NTR Government Services - NTR Banking and Finance - NTR Emergency Services - NTR Transportation - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:27:09 PDT