-----Original Message-----
From: NIPC Watch
To: Daily Distribution
Sent: 1/25/02 5:48 AM
Subject: NIPC Daily Report 25 January 02
NIPC Daily Report
25 January 2002
The NIPC Watch and Warning Unit compiles this report to inform
recipients of issues impacting the integrity and capability of the
nation's critical infrastructures.
CA County begins large water reclamation project. The Orange County
water district's $600-million plan will thoroughly treat millions of
gallons of sewage to kill disease-causing agents by subjecting it to
extra levels of treatment. The extra measures were included to protect
public health. By turning sewage into beverage, Orange County will join
a growing number of communities across California that are trying to
reduce their dependency on pricey--and sometimes uncertain--imported
water by creating their own supply. (LA Times, 22 Jan)
CEOs urges broadband strategy. The chief executive officers who
comprise the Computer Systems Policy Project (CSPP) met yesterday with
high-ranking White House officials and congressional leaders to outline
the findings of their report on broadband policy. The CSPP report
recommends that the government take steps to eliminate barriers to
widespread, advanced wired and wireless broadband deployment. The
report urges US policymakers to look beyond the deployment of
first-generation broadband technology, and set ambitious, long-term
national goals for the telecommunications infrastructure's speed and
mobility. (Newsbytes, 24 Jan)
GovNet decision nears. The White House will soon decide if and/or how
to proceed with GovNet, a a separate, secure intranet for critical
government applications that cannot risk being vulnerable to
cyberattacks. The General Accounting Office is reviewing the GovNet
concept and congressional hearings are planned. If the Critical
Infrastructure Protection Board recommends moving ahead with the GovNet
initiative, GSA will start developing technical requirements and will
look at examples from other federal secure intranets to develop an
acquisition strategy. (Federal Computer Week, 24 Jan)
More protection for GPS. The Global Positioning System (GPS) has become
a "key enabling" network for the US telecommunications grid and should
be designated as a critical infrastructure requiring increased
protection. Financial networks, public safety, and the Internet could
all be affected by the loss of GPS. A task force has asked the
president to issue a new presidential order designating GPS a critical
infrastructure. (Computerworld, 24 Jan)
Restrictions on information sharing. Federal agencies want to expand
their databases and the information available to state and local law
enforcement officials, but are hamstrung by the laws of Congress.
Agencies are lobbying Congress to extend the reach of databases like the
National Crime Information Center to law enforcement officials in rural
regions, and to give the locals free Internet access to search databases
like Law Enforcement Online. (Govexec.com, 23 Jan)
Beware sites with scripting holes. According to CERT/CC, many
high-profile sites, including online financial institutions and stores,
have failed to heed a 2-year-old advisory on preventing cross-site
script attacks on their visitors. As a result, Internet users who trust
such sites may be susceptible to an array of attacks from malicious
third parties, including password, credit card number and other private
data theft. Additional information can be found at
http://www.cert.org/advisories/CA-2000-02.html. (CERT/CC, 23 Jan)
Security hole In AOL's ICQ. According to CERT/CC, a vulnerability lies
in a feature of AOL's ICQ Internet chat program for Windows that allows
ICQ users to invite others to join them in playing online games. There
are approximately 122 million people using ICQ. AOL has not yet devised
a "patch" for the security hole and is urging all ICQ users to upgrade
to a new beta version, available at: http://www.icq.com/download.
Additional information can be found at
http://www.cert.org/advisories/CA-2002-02.html. (CERT/CC, 24 Jan)
Hackers target vulnerable 6112 ports. According to the Sans Institute,
mysterious hackers are targeting PCs with vulnerable 6112 ports. The
number of scans destined for port 6112 (dtspc) has increased fivefold
since 21 January. Sans believes that this is because exploits exist for
vulnerabilities on this port and systems are being compromised and
backdoored. (Vnunet, 24 Jan)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:38:37 PDT