CRIME [Fwd: [Nw-ipwg] FW: NIPC Daily Report, 17 December 2001 (Corrected Copy)]

From: Geo (geoneve@private)
Date: Mon Dec 17 2001 - 08:30:22 PST

  • Next message: Steve Nichols: "CRIME Your thoughts needed"

    
    

    attached mail follows:


    -----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Monday, December 17, 2001 7:04 AM To: NIPC Watch Cc: Daily/Warning Distribution Subject: NIPC Daily Report, 17 December 2001 (Corrected Copy) This is a corrected copy sent to reflect the correct date of 17 December 01 in the subject line. Please disregard other copy. NIPC Daily Report 17 December 01 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. This report offers interested readers situational awareness of issues impacting the integrity and capability of the nation's critical infrastructures. The NIPC Watch and Warning Unit will provide current and relevant information about actual or potential threats to the critical infrastructures, as necessary. General -The Federal Computer Incident Response Center (FedCIRC) and the Computer Emergency Response Team/Coordination Center (CERT/CC) released two joint advisories. Advisory FA-2001-34/CA-2001-34 of 12 Dec 2001 discusses a remotely exploitable buffer overflow derived from System V that allows root access to the server. Advisory FA-2001-35/CA-2001-35 of 13 Dec 2001 offers perspectives on the exploitive scanning of SSH daemons. Full text of these advisories, is on the FedCIRC web site at http://www2.fedcirc.gov/alerts/advisories_2001.html. Private Sector - Microsoft Security Bulletin MS01-058 provides a vulnerability assessment for Microsoft® Internet Explorer (IE) 5.5 and 6.0, and directs customers to a cumulative patch that eliminates all previously discussed security vulnerabilities affecting that software. The patch also eliminates three new vulnerabilities. The first is a flaw in the handling of the Content-Disposition and Content-Type header fields in an HTML stream. The second is a variant of the "Frame Domain Verification" vulnerability (Microsoft Security Bulletin MS01-015) . The third vulnerability is a flaw in the display of file names in the File Download dialogue box. Customers using IE should install the patch immediately. It is available at: http://www.microsoft.com/technet/security.bulletin/ms01-058.asp. Customers using IE should install the patch immediately. (Microsoft Corporation, 13 December) Government - House lawmakers introduced legislation on 14 December designed to give federal judges more range in sentencing for computer crimes. The bill also would grant a liability exemption to Internet service providers that cooperate with law enforcement agencies. H.R. 3482, the "Cyber-Security Enhancement Act of 2001, urges the U.S. Sentencing Commission to amend its guidelines for computer crimes, by taking into account a wider range of criteria, such as the level of sophistication of the attack, whether the crime was committed for commercial or private financial gain, and whether the offense involved an attack on government networks. (Newsbytes, 14 December) The CIO Council has made information security a focal point in each of its committees by creating teams to address significant weakness areas regarding homeland security. Speaking at the "Developing Cyber Security Solutions in the e-Gov Era" conference CIO vice chairman Jim Flyzik says that a dedicated security leader has been named to each the CIO's three committees -- Best Practices, Government wide Architecture Framework, and Workforce and Human Capital for IT. Additionally, a security member has been designated to serve each of the 23 cross-agency, e-government initiatives led by the Office of Management and Budget. Also, the CIO Council plans to name an executive committee liaison to work with federal entities involved in information security, such as the Office of Homeland Security, the Federal Computer Incident Response Center, and the National Institute of Standards and Technology. (Federal Computer Week, 13 December) International - China's "Project S219," the "IT Great Wall" security measure, is designed to protect information networks linking local government departments, financial bodies and media units. Co-sponsored by the Ministry of Science and Technology and the local municipal government, "Project S219" has given China effective solutions for dealing with hackers, viruses, information leakage and the spreading of illegal information. According to Chinese officials, the project has proposed nine resolutions and won 45 patents. Since the project was launched in February 2000, more than 3,000 experts have participated in building the "IT Great Wall." (Beijing Xinhua, 14 December) Transportation - On 15 December, a strange odor made about 20 security workers sick and delayed hundreds of airline passengers at Florida's Fort Lauderdale-Hollywood International Airport. Security personnel at one concourse began coughing and complained of eye, nose and throat irritation because of the smell. Air samples taken in the concourse showed nothing unusual. The Federal Aviation Administration shut down the security checkpoint. US Airways elected to have all luggage removed and reexamined. Nothing was found. (Associated Press, 16 December) _______________________________________________ Nw-ipwg mailing list Nw-ipwg@private http://lists.whiteknighthackers.com/mailman/listinfo/nw-ipwg



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:37:42 PDT