FW: NIPC Daily Report 09 November 2001

From: George Heuston (georgeh@private)
Date: Fri Nov 09 2001 - 09:23:18 PST

  • Next message: Steve Nichols: "Just out of curiosity"

    -----Original Message-----
    From: NIPC Watch [mailto:nipc.watch@private] 
    Sent: Friday, November 09, 2001 9:10 AM
    To: daily
    Subject: NIPC Daily Report 09 November 2001
    
    
    NIPC Daily Report 09 November 2001
    
    NOTE:  Please understand that this is for informational purposes only
    and does not constitute any verification of the information contained in
    
    the report nor does this constitute endorsement by the NIPC or the FBI.
    
    
    Private Sector - Microsoft has released Security Bulletin MS01-055 which
    relates to how
    cookie data in Internet Explorer can be exposed or altered through
    script injection.  Web sites use cookies as a way to store information
    on a user's local system.  Most often, this information is used for
    customizing and retaining a site's setting for a user across multiple
    sessions.  By design each site should maintain its own cookies on a
    user's machine and be able to access only those cookies.  A
    vulnerability exists due to this ability to craft a URL that can allow
    sites to gain unauthorized access to user's cookies and potentially
    modify the values contained in them.  Because some web sites store
    sensitive information in a user's cookies, it is also possible that
    personal information could be exposed.  Microsoft is preparing a patch
    for this issue, but in the meantime customers can protect their systems
    by disabling active scripting.  When the patch is complete, Microsoft
    will re-release this bulletin and provide details on obtaining and using
    it.  (Source:  Microsoft Corporation, 8 November)
    
    Internet Security Systems' X?Force operation is warning PC users of a
    serious security problem regarding remote access to Secure Shell (SSH)
    applications that may allow remote attackers to execute arbitrary code
    on a target system without any specific knowledge of that host.  X?Force
    says that an advanced exploitation of the vulnerability exists and is
    being used in?the?wild.  The serious nature of this vulnerability, it
    adds, is compounded by the confusing nature of SSH product versions and
    patches.  X?Force recommends that security and network administrators
    examine their SSH configurations to determine if patching is necessary
    and if SSH version 1 connection fallback is still enabled.  The R&D
    taskforce recommends upgrading to the new SSH version 2 support, if
    possible.  (Source:  Info Security News, 9 November)
    
    International -  The 43?nation Council of Europe adopted a convention on
    cybercrime on 8 November, the first international treaty on criminal
    offenses committed over the Internet.  The treaty criminalizes
    activities such as fraud and child pornography committed on the World
    Wide Web and sets up global policing procedures for conducting computer
    searches, intercepting e?mails, and extraditing criminal suspects.  The
    Council, a club of European democracies that aims to safeguard human
    rights, said the convention was adopted by its Committee of Ministers
    and would be open for signature by member states at a conference on
    cybercrime in Budapest on 23 November.  It will enter into force once
    five states, including at least three Council of Europe member nations,
    have ratified it.  The United States, Japan and Canada, which have
    observer status at the Council, were invited to adopt it.  (Source:
    BBC, 8 November)
    
    U.S. SECTOR INFORMATION:
    
    Banking and Finance - The National Infrastructure Protection Center
    learned that two protest groups -- a Canadian group named "Stop the WTO"
    and a US group called "Electronic Disturbance Theater" -- may be
    planning to conduct or coordinate a distributed denial of service attack
    today against the New York Stock Exchange and/or the NASDAQ.  The
    reported goal is to lower the stock index in support of protests
    worldwide over the World Trade Organization meeting in Qatar 9-13
    November.  (Source:  NIPC, 8 November)
    
    A serious weakness has been discovered in the methods used by banks to
    protect the number that lets you get money from a cash machine.
    Researchers from the University of Cambridge have found that the
    computer systems which check that these numbers are valid are easy to
    defeat.  They warn that unscrupulous insiders could exploit these
    weaknesses to raid customer accounts.  The researchers have called on
    banks to revise their security arrangements and use more open procedures
    to protect customers' cash.  Every time you use a cash machine a
    formidable array of security technology is used to protect the data
    being passed from the ATM to the computers holding information about
    your account.  At the heart of this process are devices called
    cryptoprocessors.  These black boxes scramble the information you punch
    into the ATM so it cannot be intercepted as it travels along the wires.
    (Source:  BBC, 9 November)
    
    Transportation - President Bush is ready to expand the National Guard's
    role at airports to build confidence in the nation's air travel system
    before the traditionally busy holiday season, officials say.  The
    official announcement is expected to come 9 November, at a White House
    ceremony honoring employers of National Guard and Reserve personnel,
    administration officials said, speaking on condition of anonymity.  It
    is unclear whether Bush will ask the governors to call up more troops or
    will do it on his own.  One official characterized Bush's plan as a
    "dramatic increase" in the number of troops at airports.  (Source:
    Associated Press, 9 November)
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:31:06 PDT