-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Friday, January 04, 2002 6:37 AM To: Daily/Warning Distribution Subject: NIPC Daily Report, 4 January 2002 NIPC Daily Report, 4 January 2002 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. Advisory Update - On 3 January, the NIPC issued an update to advisory 01-030 regarding vulnerabilities in Microsoft's Universal Plug and Play service in Windows XP, Millennium Edition (ME), and Windows 98 or 98SE systems. These vulnerabilities could lead to denial of service attacks and/or system compromises. Based on careful review of the written technical materials provided by Microsoft, and in agreement with Carnegie Mellon's CERT/CC, NIPC recommends that affected users install the Microsoft patch. The patch and the Microsoft Security Bulletin is available at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS01?059.asp . The NIPC Advisory is available at http://www.nipc.gov/warnings/advisories/2002/01-030-3.htm. Assessment A security flaw in America Online's popular chat program AOL Instant Messenger (AIM) could allow remote, surreptitious penetration of a user's computer. The vulnerability could enable a self-propagating program, or "worm," that would use AIM to spread itself to the victim's "buddy list." AOL is expected to release a software patch that would eliminate the flaw. (Newsbytes, 2 January) Computer hackers are turning their sights on home computers that are faster, more powerful and less secure. In the past, personal home computers were not very interesting targets. But now, many home computers are just as powerful as business computers. And they are less secure. Unlike businesses with permanent security staff, most home users are slow to harden their PCs against attack. Also, home users generally are unaware of Internet threats, and are too willing to click on unsolicited e-mails that might be infected with malicious programs. According to Carnegie Mellon's CERT/CC, in many cases intruders hack into home computers to launch attacks against other organizations. (Associated Press, 3 January) Items of International Interest - The International Maritime Organization (IMO) will hold a special meeting to adopt new regulations designed to enhance ship and port security and avert shipping from becoming a target of international terrorism. The meeting follows the adoption of an IMO resolution to review measures and procedures to prevent terrorist acts. The IMO has agreed to boost its technical cooperation program to help developing countries address maritime security issues. The resolution calls for improved security on ships at sea and at shore facilities, and a review of existing international legal and technical measures designed to prevent and suppress terrorist acts. (The Star Online, 3 January) Japan's Telecommunications Ministry will work with telecom manufacturers to develop technology aimed at protecting financial institutions' account settlement systems from cyber attack. The Telecom Ministry will spend about 8 billion yen on the project, hoping to test during fiscal year 2002 and apply the technology by 2004. Financial institutions are vulnerable to hackers who can access their systems via telephone. Hackers can destroy the institution's control software or otherwise disable the system's central core, thereby disrupting financial services. (Tokyo Nikkei Telecom, 2 January) China will begin reinforcing security of Internet-based information systems serving its major governmental administrations and economic sectors to protect them from viruses and hacker attacks, and to prevent information leakage. The project will be implemented based on patented information technology, which is independently developed by Chinese scientists. (Beijing China Daily, 2 January)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:38:16 PDT