-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Thursday, January 10, 2002 7:04 AM To: Daily Distribution Subject: NIPC Daily Report, 10 January 2002 The NIPC Daily Report 10 January 2002 The NIPC Watch and Warning Unit compiles this report to provide situational awareness of issues impacting the integrity and capability of the nation's critical infrastructures. AOL buddy-hole fix has backdoor. w00w00, the security group that first reported the AOL Instant Messenger (AIM) games request vulnerability, has alerted users that a fix the group recommends has its own backdoor. Apparently, the initial AIM Filter is infected. w00w00 has devised a clean version of the AIM Filter. (The Register, 9 JAN 02) Major server flaws exposed. The Computer Emergency Response Team released details of multiple vulnerabilities in the Netscape Enterprise Server and iPlanet servers which could allow an attacker to gain access or crash a server. The first vulnerability allows an attacker to force an authentication session and perform a brute force password crack. The second vulnerability is a remotely exploitable denial of service attack on Netscape Enterprise Servers versions 4.0 and 4.1, and iPlanet 4.x web servers running on Windows. (Vnunet.com, 9 JAN 02) Terrorist group hacks US Web sites through Taiwan. Hackers with suspected links to terrorists have used Taiwan as a launching point to deface military and government Web sites in America. Taiwan's Criminal Investigation Bureau said the hackers broke into computers at a Taiwanese company and used them to launch their attacks on the US government. (Associated Press, 10 JAN 02) Defense bill funds IRS security. The Internal Revenue Service is getting an extra $16 million to secure its information systems, money tucked into the fiscal 2002 Defense appropriations bill in the wake of the 11 September terrorist attacks. Most of the funds will be used for a backup computer recovery system. (Federal Computer Week, 9 JAN 02) Oil pipeline's shift in Alaska being probed. On 4 January, the Alyeska Pipeline Service, operators of the 800-mile trans-Alaska oil pipeline, discovered that the pipeline had shifted on its vertical support anchors. The pipeline remains intact. (Associated Press, 9 JAN 02) ROK Police To Reinforce Cyber-Crime Unit. The South Korean National Police Agency will restructure its cyber-crime unit and reinforce it with civilian experts. Fourteen local police agencies will cooperate to form a cyber-investigation network where information can be shared through a cyber-crime database. (The Korea Herald, 10 JAN 02) Michigan Bill Creates Cybercourt. On 9 January 2002, Governor John Engler signed a bill creating a virtual state court where lawyers can file briefs on-line and make their court appearances via teleconference. The Michigan Supreme Court will set rules for the virtual court, and select the local courtroom and technology over the next few months. (Associated Press, 9 JAN 02) Virus Targets Microsoft Web Services Software. A "proof-of-concept'' virus called W32/Donut was sent by its Czech author to anti-virus vendors so they could work with Microsoft on a fix. W32/Donut targets executable files created for Microsoft's .NET Web services technology. (Reuters, 9 JAN 02)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:38:18 PDT