FW: NIPC Daily Report 11 October, 2001

From: George Heuston (georgeh@private)
Date: Thu Oct 11 2001 - 08:23:43 PDT

  • Next message: Zot O'Connor: "Halloween/Mall email"

     
    
    -----Original Message-----
    From: NIPC Watch
    To: daily
    Sent: 10/11/01 7:56 AM
    Subject: NIPC Daily Report 11 October, 2001
    
    NOTE: Please understand that this is for informational purposes only and
    does not constitute any
    verification of the information contained in the report nor does this
    constitute endorsement by the
    NIPC of the FBI.
    
    NIPC Daily Report 11 October, 2001
    
    Significant Changes and Assessment - No significant changes.
    
    Private Sector - Microsoft Corporation has released Microsoft Security
    Bulletin MS01-051,  "Malformed Dotless IP Address Can Cause Web Page to
    be Handled in Intranet Zone."  This bulletin addresses three
    vulnerabilities affecting Internet Explorer (IE).  The first involves
    how IE handles URLs that include dotless IP addresses (that is using
    http://12345678 instead of http://12.34.56.78).  If a Web site were
    specified using a dotless IP format and the request were malformed in a
    particular way, IE would not recognize that the site was an Internet
    site.  Instead, it would treat the site as an Intranet site, and open
    pages on the site in the Intranet Zone rather than the correct zone.
    The second involves how IE handles URLs that specify third-party sites.
    By encoding an URL in a particular way, it would be possible for an
    attacker to include HTTP requests that would be sent to the site as soon
    as a connection had been established.  The third is a new variant of a
    vulnerability discussed in Microsoft Security Bulletin MS01-015,
    affecting how Telnet sessions are invoked via IE.  By design, Telnet
    sessions can be launched via IE.  However, a vulnerability exists
    because when doing so, IE will start Telnet using any command-line
    options the Web site specifies.  Additional information on this bulletin
    and a patch to fix these vulnerabilities is available at the following
    url: http://www.microsoft.com/technet/security/bulletin/MS01-051.asp.
    (Source: Microsoft, 10 October)
    
    A hacker claiming to be a member of vigilante hacker group, YIHAT (Young
    Intelligent Hackers Against Terrorism) defaced 13 web-sites on 8
    October.  Schmitz, an Internet entrepreneur and convicted hacker said
    that defacements were against the policies of the group.  The 13 targets
    appear to be randomly chosen, running either Linux or some form of the
    BSD operating system. All the sites were defaced with a uniform page
    featuring the YIHAT logo and the group's mission statement: "Kill the
    money sources of terror." A note in the source code of the defaced pages
    attributes the defacements to 'RaFa', a hacker formerly belonging to the
    notorious World of Hell group. Although it is unconfirmed whether RaFa
    is indeed a member of YIHAT, the group has distanced itself from the
    attacks. According to Schmitz, the purpose of YIHAT is only to gather
    information on terrorist related activities. "Do not destroy any data on
    any system. If you destroyed anything by accident, fix it. Protect the
    Internet. Cracking is prohibited. Stop defacing Web sites," he said. The
    YIHAT website went live earlier this week, urging talented hackers to
    join its ranks. ( Source: Vnunet, 10 October)
    
    A panel of academics told Congress on 10 October, the nation's
    electricity, telecommunications and banking networks will remain
    vulnerable to attack unless Congress earmarks more funds for
    computer-security research.  "We cannot hope to protect our security
    needs without a sustained commitment to the conduct of research, both
    basic and applied, and the development of new experts," said Eugene
    Spafford, a professor of computer science at Purdue University.
    According to figures provided by the committee, a variety of federal
    agencies spent $1.3 billion in fiscal 2000 on grants for research into
    information technology.  However, the fraction of that spent on security
    is not nearly enough, Spafford said. An informal survey of 23
    universities found funding for information security averaged $105,000
    per faculty member, not enough to fund significant research, he said.
    Committee chairman Sherwood Boehlert agreed more money should be devoted
    to the issue and said he intended to introduce legislation after a
    second hearing is held next week.  (Source: Reuters, 10 October)
    
    International -  British Internet users who fail to protect their
    machines against virulent computer viruses such as Nimda could have
    their Internet connections suspended by their Internet service provider.
    British ISP Telewest has been the first to take direct action against
    customers who have refused to patch their computers against the Nimda
    worm or have left infected PCs running. The company insists that these
    are "sensible" measures to protect customers from malicious worms that
    are able to self-propagate across networks without user intervention.
    "Telewest, in line with other service providers, has put into practice a
    virus protection strategy to prevent infection of our network," said a
    spokeswoman at the company. "Protective measures include the temporary
    removal of service from customers who are virus infected and who may
    have not taken appropriate preventive measures." (Source: Ziff Davis
    News, Uk, 10 October)
    
    Military- NTR
    Government - NTR
    
    U.S. SECTOR INFORMATION:
    
    Telecommunications - On 10 October, the US government's new
    cyber-security officials asked telecommunications companies for help
    building a government computer network that would have no risk of
    outside penetration, a task some computer security consultants say is
    nearly impossible.  Plans for the private network, called GOVNET, hinge
    on whether a reliable network infrastructure can be built at an
    affordable price, officials said.  Richard Clarke, special adviser to
    the president for cyberspace, said he believes a more reliable system
    can be built.  GOVNET is part of a plan Clarke announced earlier this
    week.  GOVNET would be completely independent from the Internet to help
    keep out hackers and viruses.  The General Services Administration asks
    that telecommunications companies submit proposals about how the network
    could be built, how much it would cost, and how long it would take to
    construct.  (Source: Washington Post, 10 October)
    
    Water Supply - US water supplies can be considered a "logical target for
    a possible terrorist attack" although authorities know of no credible
    threat to poison the nation's drinking water, and carrying out such an
    attack would be harder than it sounds.  At a hearing before a House of
    Representatives subcommittee on potential threats to the water supply,
    the nation's publicly owned water agencies also asked Congress to spend
    $5 billion to shore up the water supply infrastructure with the aim of
    protecting national security.  The subcommittee's chairman, Tennessee
    Republican Representative John Duncan, said the men who carried out the
    11 September attacks turned planes into weapons of mass destruction and
    US officials must consider the possibility of someone turning water
    supplies into weapons of mass destruction through contamination.
    (Source:  Reuters, 11 October)
    
    Gas and Oil Storage Distribution - NTR
    Electrical Power - NTR
    Government Services - NTR
    Banking and Finance - NTR
    Emergency Services - NTR
    Transportation - NTR
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:27:09 PDT