-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Thursday, January 17, 2002 6:28 AM To: Daily Distribution Subject: NIPC Daily Report 17 Jan 02 NIPC Daily Report 17 January 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Solaris security hole opens way for online intruders. A security flaw in Sun's Solaris operating system has been exploited in an attempt to launch a series of Denial of Service (DoS) attacks in the US. Researchers claim someone used the two-month old security loophole in Solaris to try to start a series of DoS attacks on several online chat servers. It's the first time that researchers have seen the Solaris 'buffer overflow' security issue exploited in the wild. (Silicon.com, 16 JAN) South Korea fights sharp increase in computer-related crimes. According to National Police Agency (NPA) statistics, computer crime has increased about 300 percent in four years. In response, the NPA will establish within its 14 regional affiliate agencies a nationwide cyber-crime investigation network. In October, the NPA will host an InterPol conference to strengthen ties to international cooperatives combatting sophisticated computer crimes. (Seoul Yonhap, 16 JAN) Latest aviation security improvements announced. Transportation Secretary Norman Mineta says airlines will meet a congressionally mandated requirement to begin screening all checked passenger bags by Friday, January 18. A multi-layered system involving explosives detection, computer-assisted passenger screening, K-9s, and manual searches will be used. Separately, the DOT will form a senior advisor program to bring private sector best practices to the Transportation Security Administration (TSA). (Dept. of Transportation Website, 16 JAN) NIST drafts contingency plan to continue service in an emergency. The National Institute of Standards and Technology (NIST) released a draft guide to help agencies develop contingency plans for information technology systems so they can continue to perform their mission during and after an emergency. The special publications developed by NIST's Computer Security Resource Center are intended to provide guidance for agencies trying to comply with congressional mandates and Office of Management and Budget requirements. It is particularly relevant in the homeland security environment. http://www.fcw.com/fcw/articles/2002/0114/web-nist-01-16-02.asp. (Federal Computer Week, 16 JAN) Pipeline infrastructure protection measures published. The Transportation Department's Research and Special Programs Administration has published a series of rules to improve integrity management and safety programs for the nation's pipeline systems. Last month, "The Pipeline Infrastructure Protection To Enhance Security And Safety Act," was introduced in Congress. Key security elements of the proposed legislation include directing pipeline operators to take corrective action to remedy unsafe conditions, and to establish security procedures to be implemented in the event of an attack. (Committee on Transportation and Infrastructure, 16 JAN) Valentine's Day scam. Authorities moved quickly to shut down the latest "InstaKiss" Web site designed to dupe AOL users into giving up their account passwords in exchange for an electronic smooch. With Valentine's Day approaching, security experts warned that similar scams are likely to resurface elsewhere on the Internet. (NewsNow, 17 JAN)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:38:27 PDT