-----Original Message----- From: NIPC Watch To: daily Sent: 11/6/01 7:25 AM Subject: NIPC Daily Report 6 November 2001 NIPC Daily Report, 6 November 2001 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. Significant Changes and Assessment - No Significant Changes Private Sector - Using funding from the Defense Advanced Research Projects Agency (DARPA), security technology firm Cs3 is looking at the concept of reverse firewalling, or keeping the flood of data from a DoS attack dammed up at the source. The Reverse Firewall works by filtering the outgoing packets from a network. The difference between a legitimate application that uses high bandwidth and a packet flooding attack is that, in the former case, the machine at the other end of the conversation is participating in a two-way conversation. In the case of a DoS attack, the exchange is one sided. (Source: Vnunet, 6 November) Tools used to detect computer viruses and stop malicious hack attacks may not be as effective as they could be because they lack the human touch. Security experts contend that protecting computers from people-created plagues and problems requires technology based on human biology and behavior. Two new security programs use what science knows about humans' physical and psychological makeup to protect computers from people. TASC's eDNA program identifies and stops malicious programs such as viruses in the same way that a human's DNA can be used to identify his or her centuries-old genetic makeup. eDNA does not rely on heuristics scanning as many antiviral programs do. Heuristics looks for specific patterns of code associated with known viruses in order to spot new or rewritten viruses. eDNA digs deeper and ferrets out the old ancestral links, even if the program's code has been greatly altered. "A person can be matched from his or her DNA no matter what makeup they are wearing or what body altering surgery they have undergone," said David Sanders, head scientist at TASC. "Similarly, eDNA can identify version 3.2 of a virus or Trojan with a sample from version 1.0, just like a child can be identified and differentiated from all the other children in the neighborhood by a DNA sample from its father." (Source: Wired News, 5 November) Government - Claude R. Carpenter II was sentenced to 15 months in prison and fined $109,000 for sabotaging IRS computers at the agency's New Carrollton, MD, office. Carpenter worked as a systems administrator for Network Resources Inc., a subcontractor to the IRS on the agency's Integrated Network Operations Management System database. He pleaded guilty to intentionally damaging a protected computer in July. Carpenter monitored three servers at the IRS facility and inserted code into them that deleted all their data. He tried to conceal his activities by turning off system logs, removing history files and overwriting the code after execution to prevent system administrators from determining why the data was deleted. The IRS had to shut down the servers to remove the code and re-establish security. The case was investigated by the Office of the Treasury Inspector General for Tax Administration. (Source: Government Computing News, 5 November) The Federal Computer Incident Response Center (FedCIRC) and the Carnegie Mellon University Computer Emergency Response Team/Coordination Center (CERT/CC) released FedCIRC Advisory FA-2001-30 Multiple Vulnerabilities in lpd. The advisory discusses multiple vulnerabilities in several implementations of the line printer daemon (lpd), affecting several UNIX systems. Although some of vulnerabilities have been publicly disclosed previously, many system and network administrators may have overlooked one or more of these vulnerabilities. The advisory was issued to encourage administrators to validate that they have addressed the lpd vulnerabilities. The full FedCIRC advisory can be found on the FedCIRC web site at http://www2.fedcirc.gov/advisories/FA-2001-30.html. (Source: FedCIRC/CERT-CC, 5 November) The Chairman of the Senate Governmental Affairs Committee, Sen. Joseph Lieberman (D-CT) has called for the creation of a $1 billion IT fund to enhance homeland and information security. The Senator's proposal would establish a fund managed by the Office of Management and Budget. The proposal is similar to the one that was set up to help the government respond to the Y2k crisis. However, the money would be aimed specifically at jump-starting some of the more pressing IT security requirements throughout government and the private sector. Sen. Robert Byrd (D-WV.) is supporting the proposal and is expected to include it as part of his economic stimulus package to help the nation recover from the setbacks caused by the 11 September terrorist attacks. The talking points are being used to sell the proposal state that the money in the fund could be spent only on projects to improve the federal government's information security systems, to protect critical infrastructure or to provide stronger defenses against natural and man-made threats to the nation. (Source: ComputerWorld, 5 November) Military - The Navy recently selected five vendor teams to provide electronic warfare support services as well as electronic intelligence and communications equipment, systems and programs for the Naval Surface Warfare Center, Port Hueneme Division. The awards contain one base year and four one-year options with a potential value of about $162 million if all options are exercised, according to the Navy. (Source: Federal Computer Week, 5 November) International - NTR U.S. SECTOR INFORMATION: Transportation - New federal flight restrictions protect airspace over many nuclear reactor sites, but fail to secure the skies over the nuclear reactors in aircraft carriers at Newport News Shipbuilding. In a special order issued earlier this week, the Federal Aviation Administration (FAA) prohibited planes from flying within about an 11.5-mile radius of nuclear power plants. But the FAA reports no such restrictions over Newport News Shipbuilding, where a nuclear-powered aircraft carrier is being constructed and another is being refueled. Navy officials said they are negotiating with the FAA for airspace safety measures over the locations of its ships. Scores of smaller nuclear reactors, such as those used in research companies and universities, are not even considered for such safety measures. The potential of danger from any aerial terrorist attack on the ships' nuclear reactors is uncertain. Navy nuclear reactors are built to secure against meltdowns. It is also unclear how many nuclear reactors are running in the shipyard. (Source: Knight Ridder/Tribune, 5 November) On 5 November, the primary radar at the Baltimore Washington International (BWI) Airport resumed operation following an outage that forced rerouting of high-altitude flights. Air controllers said two backup radars also malfunctioned on Sunday, 4 November, leading them to declare the airspace shared by Reagan National and Washington Dulles unsafe. The diversions caused flights at BWI to run about 30 minutes late. Flights at Dulles were delayed about 15 minutes, FAA officials said. (Source: Associated Press, 6 November) Electrical Power - More than 700 guards armed are patrolling Duke Energy Corporations's seven US nuclear electric generation facilities according to Harvey Padewar, president of Duke Energy Services. He said the Charlotte, NC, energy holding company has done a "tremendous" job of both operating and responding to any perceived threat against its nuclear facilities. Nuclear power plant operators nationwide stepped up security measures after the federal government issued another warning of a possible terrorist attack without mentioning specific potential targets. Governors of seven states have authorized the National Guard to help patrol nuclear plants, including Florida, Arkansas, Missouri, Louisiana, Mississippi, New York, and Massachusetts. (Source: OGJ Online Staff, 5 November) Telecommunications - Verizon Wireless and the government are in the final stages of a deal that would give some emergency officials priority access to the company's cellular network, according to federal officials. The system, intended to be used only in times of crisis, would be operational in New York City, Washington, DC, and Salt Lake City, the site of the 2002 Winter Olympics. Verizon has submitted a request to the Federal Communications Commission (FCC), which must review and approve some elements of the plan. In a statement Monday, Verizon acknowledged the deal but said it is not yet final. (Source: Associated Press, 6 November) Water Supply - NTR Emergency Services - NTR Gas and Oil Storage Distribution - NTR Government Services - NTR Banking and Finance - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:30:13 PDT