-----Original Message----- From: NIPC Watch To: daily Sent: 10/26/01 7:35 AM Subject: NIPC Daily Report 26 October 01 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. Significant Changes and Assessment - No significant changes. Private Sector - On 19 October, a hacker reportedly invaded the University of Wisconsin's Student Information Technology (SIT) Web sites compromising one of SIT's machines and making SIT Web sites unavailable. Technicians solved the problem over the past weekend and SIT president Richard Lingk said they are currently investigating the security breach. "We did have an incident on 19 October, but we noticed it in a couple of hours with some tools that we've developed over the years," Lingk, a University of Wisconsin-Madison senior, was unwilling to disclose the specifics of the investigation, but said he is confident the hacker will be identified. (Source: U-Wire, 23 October) International- The United Arab Emirates (UAE) authorities are set to implement comprehensive cyber and software piracy laws, Brigadier Nasser Al Sayed Abdul Raziq, Assistant Commander in Chief of Dubai Police, said on 24 October. He said Dubai Police are working together with other supervisory authorities to combat all illegal practices. The UAE has implemented a number of laws in this regard and will continue to improve the rules to cope with the latest developments in the IT sector, he added, according to a report in "Khaleej Times." (Source: Abu Dhabi WAM, 25 October) Participants to the first Asia Europe Meeting (ASEM) e-Commerce Business Forum, have expressed an interest in expanding ongoing cyber trading schemes to encompass more companies, the Ministry of Commerce, Industry and Energy (MOCIE) said on 26 October. During the two-day meeting, which began on 25 October, Korea proposed expanding the e-Commerce trading network being considered for Korea, Japan, and five other Asian countries to Europe. Other ideas proffered by MOCIE and the Federation of Korean Industries (FKI) included development of a joint model for conducting e-Commerce, creation of a data portal site for the exchange of information within ASEM countries, and international cooperation in educating expert personnel in the field. Korean officials said the economic leaders and other experts from the 26 member countries asked for detailed plans drawn from a broader e-Commerce arrangement. (Source: Seoul Yonhap, 26 October) Government - The Federal Computer Incident Response Center (FedCIRC) and Computer Emergency Response Team/Coordination Center (CERT/CC) have issued an advisory (FA-2001-29/CA-2001-29) which discusses a buffer overflow vulnerability with the Oracle9iAS Web Cache. This vulnerability, discovered by Defcom Labs, is remotely exploitable on all platforms and allows intruders to execute arbitrary code with the privileges of the web cache process or disrupt the normal operation of the Web Cache. Intruders may also be able to intercept and/or modify sensitive data such as credentials and other types of sensitive information passing through the host running Web Cache. Finally, the Web Cache can be used as an entry point into the network, or the intruder can leverage an existing trust relationship between Web Cache and another system to allow the intruder to gain access to the other system. The entire advisory can be found on the FedCIRC Web Page at http://www2.fedcirc.gov/advisories/FA-2001-29.html. (Source: FedCIRC, 25 October) On 25 October, the Office of Management and Budget (OMB) released its E-Government plan for funding 22 initiatives to unify and simplify federal systems in the next 18 to 24 months. The President's Management Council approved 23 projects earlier this month, but OMB director Mitchell E. Daniels, Jr. ultimately approved 22. "Some of them unify redundant approaches, and some of them simplify the way we serve customers," said Mark Forman, associate OMB director for IT and e-government. They fall into four categories: government to citizen, government to government, government to business, and internal effectiveness and efficiency. Some focus on computer security, disaster response and intergovernmental communications for public safety. (Source: Government Computer News, 25 October) Military - NTR U.S. SECTOR INFORMATION: Emergency Services - Ron LaPorte, a University of Pittsburgh professor of public health, proposes that the Internet could save us from bioterrorism. The idea is to blend the concepts of civil defense, neighborhood watch and America's Most Wanted, and transport it to the Net to create a bioterrorism early-warning and information system. The idea could soon be presented to Homeland Security Office head Tom Ridge. (Source: USA Today, 24 October) Gas and Oil Storage Distribution - NTR Electrical Power - NTR Government Services - NTR Water Supply - NTR Banking and Finance - NTR Telecommunications - NTR Transportation - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:29:00 PDT