CRIME FW: NIPC Daily Report, 29 November 2001

From: Goerling, Richard J. LT (TAD to CGIC Portland) (RIGoerling@private)
Date: Thu Nov 29 2001 - 10:06:02 PST

  • Next message: nick: "CRIME wu-ftpd vulnerabilities"

    -----Original Message-----
    From: NIPC Watch [mailto:nipc.watch@private]
    Sent: Thursday, November 29, 2001 8:39 AM
    To: daily
    Subject: NIPC Daily Report, 29 November 2001
    
    
    NIPC Daily Report 29 November 2001
    
    NOTE:  Please understand that this is for informational purposes only
    and does not constitute any verification of the information contained in
    the report nor does this constitute endorsement by the NIPC or the FBI.
    
    Significant Changes and Assessment - The National Infrastructure
    Protection Center (NIPC) issued Advisory 01-027 "Significant
    Vulnerability Identified In Common Linux File Transport Protocol
    Program."  The NIPC has learned about a vulnerability in versions of the
    Washington University File Transport Protocol Daemon (WU-FTPD) that
    could lead to an attacker gaining surreptitious access to sensitive
    information.  For those systems using the WU-FTPD service for which a
    patch is not yet available, it is suggested that you either disable FTP
    by blocking TCP port 21 or, in those instances where this is not an
    option, disable anonymous logon.  Additional technical information,
    including a list of affected versions can be found at the following Web
    site: http://aris.securityfocus.com/alerts/wuftpd/.
    
    Private Sector -  NTR.
    
    International - NTR.
    
    Government - On 27 November, Rep. Jeff Flake ( R-AZ)  introduced
    legislation which  establish a centralized Web site for people to share
    tips on possible terrorist activity with law enforcement, which would be
    called www.911.gov.  "We need one simple, easy-to-find Web site that
    will provide the public with critical information about homeland
    security, and also permit concerned citizens to provide tips to the
    proper authorities about suspicious activities."  The newly established
    Office of Homeland Security would be responsible for maintaining the
    site.  (Source:  Newsbytes, 28 November)
    
    According to Mark Forman, associate director for information technology
    and electronic government at the Office of Management and Budget (OMB),
    federal agencies will have to reallocate funds to  comply with a new
    administrative mandate to identify critical information technology
    systems and other assets this budget year.  OMB is directing large
    agencies to participate in a program that identifies agency assets that
    are vital to the nation's physical and economic security. In addition to
    IT systems, employees need to operate the systems and buildings that
    house those systems which are critical assets that must be identified
    and protected, said John Tritak, director of the Critical Infrastructure
    Assurance Office (CIAO).  The CIAO  uses a template to identify each
    agency's critical assets, the networks on which those assets rely, and
    the underlying infrastructures that support the networks.  (Source:
    Federal Times, 28 November)
    
    Military - NTR
    
    U.S. SECTOR INFORMATION:
    
    Water Supply - NTR
    Transportation - NTR
    Gas and Oil Storage Distribution - NTR
    Telecommunications - NTR
    Emergency Services - NTR
    Banking and Finance - NTR
    Government Services - NTR
    Electrical Power  - NTR
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:35:52 PDT