CRIME FW: NIPC Daily Report, 4 January 2002

From: George Heuston (GeorgeH@private)
Date: Fri Jan 04 2002 - 16:15:19 PST

  • Next message: George Heuston: "FW: CRIME Meeting - Tuesday 8 Jan - Last Call"

    -----Original Message-----
    From: NIPC Watch [mailto:nipc.watch@private] 
    Sent: Friday, January 04, 2002 6:37 AM
    To: Daily/Warning Distribution
    Subject: NIPC Daily Report, 4 January 2002
    
    
    NIPC Daily Report, 4 January 2002
    
    NOTE: Please understand that this is for informational purposes only and 
    does not constitute any verification of the information contained in the 
    report nor does this constitute endorsement by the NIPC or the FBI.
    
    Advisory Update - On 3 January, the NIPC issued an update to advisory 
    01-030 regarding vulnerabilities in Microsoft's Universal Plug and Play 
    service in Windows XP, Millennium Edition (ME), and Windows 98 or 98SE 
    systems. These vulnerabilities could lead to denial of service attacks 
    and/or system compromises. Based on careful review of the written 
    technical materials provided by Microsoft, and in agreement with 
    Carnegie Mellon's CERT/CC, NIPC recommends that affected users install 
    the Microsoft patch. The patch and the Microsoft Security Bulletin is 
    available at: 
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
    bulletin/MS01?059.asp 
    . The NIPC Advisory is available at 
    http://www.nipc.gov/warnings/advisories/2002/01-030-3.htm.
    
    Assessment A security flaw in America Online's popular chat program AOL 
    Instant Messenger (AIM) could allow remote, surreptitious penetration of 
    a user's computer. The vulnerability could enable a self-propagating 
    program, or "worm," that would use AIM to spread itself to the victim's 
    "buddy list." AOL is expected to release a software patch that would 
    eliminate the flaw. (Newsbytes, 2 January)
    
    Computer hackers are turning their sights on home computers that are 
    faster, more powerful and less secure. In the past, personal home 
    computers were not very interesting targets. But now, many home 
    computers are just as powerful as business computers. And they are less 
    secure. Unlike businesses with permanent security staff, most home users 
    are slow to harden their PCs against attack. Also, home users generally 
    are unaware of Internet threats, and are too willing to click on 
    unsolicited e-mails that might be infected with malicious programs. 
    According to Carnegie Mellon's CERT/CC, in many cases intruders hack 
    into home computers to launch attacks against other organizations. 
    (Associated Press, 3 January)
    
    Items of International Interest - The International Maritime 
    Organization (IMO) will hold a special meeting to adopt new regulations 
    designed to enhance ship and port security and avert shipping from 
    becoming a target of international terrorism. The meeting follows the 
    adoption of an IMO resolution to review measures and procedures to 
    prevent terrorist acts. The IMO has agreed to boost its technical 
    cooperation program to help developing countries address maritime 
    security issues. The resolution calls for improved security on ships at 
    sea and at shore facilities, and a review of existing international 
    legal and technical measures designed to prevent and suppress terrorist 
    acts. (The Star Online, 3 January)
    
    Japan's Telecommunications Ministry will work with telecom manufacturers 
    to develop technology aimed at protecting financial institutions' 
    account settlement systems from cyber attack. The Telecom Ministry will 
    spend about 8 billion yen on the project, hoping to test during fiscal 
    year 2002 and apply the technology by 2004. Financial institutions are 
    vulnerable to hackers who can access their systems via telephone. 
    Hackers can destroy the institution's control software or otherwise 
    disable the system's central core, thereby disrupting financial 
    services. (Tokyo Nikkei Telecom, 2 January)
    
    China will begin reinforcing security of Internet-based information 
    systems serving its major governmental administrations and economic 
    sectors to protect them from viruses and hacker attacks, and to prevent 
    information leakage. The project will be implemented based on patented 
    information technology, which is independently developed by Chinese 
    scientists. (Beijing China Daily, 2 January)
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:38:16 PDT