FW: NIPC Daily Report 14 November

From: George Heuston (georgeh@private)
Date: Wed Nov 14 2001 - 08:55:49 PST

  • Next message: George Heuston: "FW: NIPC Daily Report for 15 November 01"

     
    -----Original Message-----
    From: NIPC Watch
    To: daily
    Sent: 11/14/01 8:40 AM
    Subject: NIPC Daily Report 14 November
    
    NOTE:  Please understand that this is for informational purposes only
    and does not constitute any verification of the information contained in
    the report nor does this constitute endorsement by the NIPC or the FBI. 
    
    Significant Changes and Assessment - No significant changes. 
    
    
    Private Sector - Trend Micro reported that a new variant of the KLEZ
    worm called TROJ_KLEZ.C, is in the wild and is considered a medium risk.
    KLEZ.C is a minor variant of the KLEZ.A worm.  It carries a compressed
    copy of the ELKERN virus, which it drops and executes when the worm is
    run (and thus, will be detected as ELKERN if no protections are up for
    KLEZ.C, which will have already infected the system).  On the 13th of
    any even month, the worm attempts to exploit a MIME vulnerability in
    some versions of Microsoft Outlook, Microsoft Outlook Express, and
    Internet Explorer to allow the executable file to run automatically in
    the preview pane without the user double-clicking on the attachment.
    Microsoft has had a patch out for this vulnerability since 29 March.
    The worm uses random filenames for the attachment and random characters
    for the sender.  (Source: Trend Micro, 12 November) 
    
    
    A vulnerability in a component of a graphical user interface that ships
    with several commercial Unix systems could let a malicious attacker take
    administrative control of an affected host system, according to an
    advisory on 13 November from the CERT/CC at Carnegie Mellon University.
    The vulnerability exists in a function used by the Common Desktop
    Environment (CDE) Subprocess Control Service, which is responsible for
    accepting requests from clients to execute commands and open
    applications remotely.  Because of an error in the way requests from
    remote clients are validated, crackers could manipulate data and cause a
    buffer overflow.  The CDE is an integrated graphical user interface that
    runs on Unix and Linux systems.  The affected software includes several
    versions of Hewlett-Packard Co.'s HP-UX, IBM's AIX, Sun Microsystems
    Inc.'s Solaris and Compaq Computer Corp.'s Tru64 Unix.  (Source: IDG
    News, 13 November) 
    
    
    According to Internet Corporation for Assigned Names and Numbers (ICANN)
    Chairman Vinton Cerf, one of the first things that Internet addressing
    authorities must do to safeguard the security of the Web is assure
    themselves that their actions aren't actually opening new security
    holes. ICANN, the body charged with managing the Internet's worldwide
    addressing system is meeting all this week to assess the stability and
    security of the Domain Name System (DNS). The November meeting was
    originally intended as a forum on ICANN governance, but was retooled to
    address security in the wake of the terrorist attacks.  (Source:
    Newsbytes, 14 November) 
    
    
    Government - On 13 November, a high-ranking Bush administration
    officials,  Deputy Commerce Secretary Sam Bodman and White House
    electronic security advisor Richard Clarke, visited and toured the
    secure Herndon, VA., offices of VeriSign, to assess the security
    precautions being taken by the company.  The company controls the
    technology at the heart of the Internet's global addressing system.  The
    VeriSign facility is part of an ongoing effort to gauge the security of
    the nation's privately operated critical infrastructure.  "Protecting
    the integrity of the Internet is as important as providing the services
    and functions we have come to expect from the Internet," a spokesperson
    said.  After seeing the protocols VeriSign has in place, Bodman and
    Clarke came away very confident that procedures have been taken to
    protect users in cyberspace.  (Source: Newsbytes, 13 November) 
    
    
    Military - The US Army is pushing to ensure that the people in charge of
    the latest tools in warfare are up to date in defending its information
    and computer networks.  Personnel who are key to the service's
    transformation and its move to digitizing the force are being trained to
    install, configure, operate, and maintain the latest communications
    systems and are learning to identify evolving threats to these systems.
    An initiative is underway to revamp the way the Army trains its
    communications personnel. The Signal Regiment at Fort Gordon, Georgia,
    recently announced plans to change its approach from one that provides
    an overview of a multitude of systems to one that is more
    assignment-oriented and subsequently facilitates lifelong learning.  One
    essential element of this continuous education is a practice that
    already is established at Fort Gordon's School of Information
    Technology. It involves drawing on instructor and student expertise as
    well as industry paradigms.  (Source: www.us.net, 13 November) 
    
    
    International - The Electricity Generating Authority of Thailand (EGAT)
    adopted an open source technology with a recently implemented Internet
    mail system for 12,500 users nationwide.  EGAT Research and Development
    Office assistant director Chana Sobharaksha said that the agency had a
    limited budget and so had explored alternatives using free software.
    EGAT had already implemented a Linux system in 1995 for Internet access
    but only had a few users who could use the system.  After six years of
    operation, EGAT has implemented around 30 servers, with 80% of these
    running open source technologies.  According to Egat's records, its
    e-commerce site receives around 30,000 hits a day while the mail server
    has had e-mail transactions of up to 200,000 a month.  The division also
    runs Solaris, Windows NT, Windows 2000 and True64 Unix systems.
    (Source: Bangkok News, 14 November) 
    
    
    Defacements - The Silver Lords hacking group, has launched a new
    defacement campaign in support of the terrorist organization Al Qa'ida
    and its leader, Osama bin Laden.  According to the Alldas.de defacement
    archive, Silver Lords is credited with 1,197 defacements or more than
    43% of all defacements recorded worldwide.  There has been 12
    defacements appearing between 12-14 November with a message stating
    "Silver Lords are back!"  Previously, there were only three Silver Lords
    defacements for the rest of November, and the group had not been very
    active since 21 October. Silver Lords issued a call to "All Muslim
    hackers" but "only the ones we know WFD, PHC, G-Force Pakistan, etc." to
    contact them at silverlords@private  (Source: Alldas.de 13 November) 
    
    
    U.S. SECTOR INFORMATION: 
    
    
    Gas and Oil Storage Distribution - The DOE is expected to unveil a
    special unit within the agency that will coordinate homeland defense
    strategies for the nation's oil and gas sector, industry sources said on
    9 November.  Last month a group of 11 oil companies told Congress they
    planned to create a limited liability company to operate and manage an
    information-sharing and analysis center, under the agency's supervision.
    Global Integrity, a division of Predictive Systems, Inc., will operate
    the new energy center.  Bobby R. Gillham, manager of global security for
    Conoco Inc., will serve as coordinator between industry, DOE, and
    various law enforcement agencies.  (Oil and Gas Journal, 9 November) 
    
    
    President Bush is ordering the government to add millions of barrels of
    oil to its emergency stockpile with the size of the increase yet to be
    determined.  With oil prices declining, the DOE last month recommended
    funneling additional crude into the government's Strategic Petroleum
    Reserve.  The reserve, a string of salt caverns along the Gulf Coast at
    the Texas-Louisiana border, currently has 544 million barrels of oil,
    with the capacity to hold 700 million barrels.  An additional 48 million
    barrels is expected to be put into the reserve by the end of next year
    under existing arrangements.  (Source: Washington Post, 13 November) 
    
    
    Water Supply - EPA Administrator Christie Whitman said on 9 November
    that her agency is working hard to find the best available science on
    how to identify and, if necessary, treat the contamination of the water
    supplies. Whitman spoke at a news conference with Tom Ridge, director of
    Homeland Security.  Commenting on overall security issues since the
    terrorist attacks in the US, Whitman said the EPA is "very active in
    promoting the security of America's drinking water and wastewater
    systems, and of chemical facilities across the country.  In many ways,
    that's just a continuation of what our mission is: To protect America's
    health and environment." "This effort has included a very real and
    aggressive outreach to the water companies, to the sewage treatment
    companies, to the chemical manufacturers, to give them the best possible
    advice and information on what they can do to secure their various
    facilities."  (Source: Water Technology, 13 November) 
      
     
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:31:22 PDT