CRIME [Fwd: [Nw-ipwg] FW: NIPC Daily Report, 17 December 2001 (Corrected Copy)]

From: Geo (geoneve@private)
Date: Mon Dec 17 2001 - 08:30:22 PST

  • Next message: Steve Nichols: "CRIME Your thoughts needed" 

    

    attached mail follows:
    -----Original Message-----
From: NIPC Watch [mailto:nipc.watch@private]
Sent: Monday, December 17, 2001 7:04 AM
To: NIPC Watch
Cc: Daily/Warning Distribution
Subject: NIPC Daily Report, 17 December 2001 (Corrected Copy)


This is a corrected copy sent to reflect the correct date of 17 December 
01 in the subject line.  Please disregard other copy.

NIPC Daily Report 17 December 01

NOTE:  Please understand that this is for informational purposes only 
and does not constitute any verification of the information contained in 
the report nor does this constitute endorsement by the NIPC or the FBI.

This report offers interested readers situational awareness of issues 
impacting the integrity and capability of the nation's critical 
infrastructures.  The NIPC Watch and Warning Unit will provide current 
and relevant information about actual or potential threats to the 
critical infrastructures, as necessary.

General -The Federal Computer Incident Response Center (FedCIRC) and the 
Computer Emergency Response Team/Coordination Center (CERT/CC) released 
two joint advisories.   Advisory FA-2001-34/CA-2001-34 of 12 Dec 2001 
discusses a remotely exploitable buffer overflow derived from System V 
that allows root access to the server.  Advisory FA-2001-35/CA-2001-35 
of 13 Dec 2001 offers perspectives on the exploitive scanning of SSH 
daemons.  Full text of these advisories, is on the FedCIRC web site at 
http://www2.fedcirc.gov/alerts/advisories_2001.html.

Private Sector - Microsoft Security Bulletin MS01-058 provides a 
vulnerability assessment for Microsoft® Internet Explorer (IE) 5.5 and 
6.0, and directs customers to a cumulative patch that eliminates all 
previously discussed security vulnerabilities affecting that software. 
The patch also eliminates three new vulnerabilities.  The first is a 
flaw in the handling of the Content-Disposition and Content-Type header 
fields in an HTML stream.  The second is a variant of the "Frame Domain 
Verification" vulnerability (Microsoft Security Bulletin MS01-015) . 
The third vulnerability is a flaw in the display of file names in the 
File Download dialogue box.  Customers using IE should install the patch 
immediately.  It is available at: 
http://www.microsoft.com/technet/security.bulletin/ms01-058.asp. 
Customers using IE should install the patch immediately. (Microsoft 
Corporation, 13 December)

Government - House lawmakers introduced legislation on 14 December 
designed to give federal judges more range in sentencing for computer 
crimes. The bill also would grant a liability exemption to Internet 
service providers that cooperate with law enforcement agencies. H.R. 
3482, the "Cyber-Security Enhancement Act of 2001, urges the U.S. 
Sentencing Commission to amend its guidelines for computer crimes,  by 
taking into account a wider range of criteria, such as the level of 
sophistication of the attack, whether the crime was committed for 
commercial or private financial gain, and whether the offense involved 
an attack on government networks.  (Newsbytes, 14 December)

The CIO Council has made information security a focal point in each of 
its committees by creating teams to address significant weakness areas 
regarding homeland security.  Speaking at the "Developing Cyber Security 
Solutions in the e-Gov Era" conference CIO vice chairman Jim Flyzik says 
that a dedicated security leader has been named to each the CIO's three 
committees --  Best Practices, Government wide Architecture Framework, 
and Workforce and Human Capital for IT.  Additionally, a security member 
has been designated to serve each of the 23 cross-agency, e-government 
initiatives led by the Office of Management and Budget.  Also, the CIO 
Council plans to name an executive committee liaison to work with 
federal entities involved in information security, such as the Office of 
Homeland Security, the Federal Computer Incident Response Center, and 
the National Institute of Standards and Technology.  (Federal Computer 
Week, 13 December)

International  - China's "Project S219," the "IT Great Wall" security 
measure, is designed to protect information networks linking local 
government departments, financial bodies and media units.  Co-sponsored 
by the Ministry of Science and Technology and the local municipal 
government, "Project S219" has given China effective solutions for 
dealing with hackers, viruses, information leakage and the spreading of 
illegal information.  According to Chinese officials, the project has 
proposed nine resolutions and won 45 patents.  Since the project was 
launched in February 2000, more than 3,000 experts have participated in 
building the "IT Great Wall." (Beijing Xinhua, 14 December)

Transportation - On 15 December, a strange odor made about 20 security 
workers sick and delayed hundreds of airline passengers at Florida's 
Fort Lauderdale-Hollywood International Airport.  Security personnel at 
one concourse began coughing and complained of eye, nose and throat 
irritation because of the smell.  Air samples taken in the concourse 
showed nothing unusual.  The Federal Aviation Administration shut down 
the security checkpoint.  US Airways elected to have all luggage removed 
and reexamined.  Nothing was found.  (Associated Press, 16 December)



_______________________________________________
Nw-ipwg mailing list
Nw-ipwg@private
http://lists.whiteknighthackers.com/mailman/listinfo/nw-ipwg

    

    



    

    


This archive was generated by hypermail 2b30 
: Sun May 26 2002 - 11:37:42 PDT