-----Original Message----- From: NIPC Watch To: Daily Distribution Sent: 2/4/02 6:14 AM Subject: NIPC Daily Report 4 February 02 NIPC Daily Report 4 February 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Microsoft warns of flaw. A flaw in the way Windows 2000 and NT 4.0 server operating systems authenticate users across domains could allow someone with administrator privileges to extend that power to other domains. The flaw is about trust relationships between network domains. Because trusting domains do not verify all security identifiers (SID) of trusted domains, a trusted domain administrator with read-only rights in a trusting domain could add a SID to the trusting domain's authorization data that would increase his or her access level. Microsoft says the flaw is "extremely difficult" to exploit. (IDG News Service, 31 Jan) Amtrak threatens to end service. Amtrak last week threatened to discontinue its entire long-distance train service in October if Congress fails to provide $1.2 billion in the next budget year. Amtrak reports a $5 billion backlog of needed improvements for tracks, rail yards, stations and other assets. Amtrak will continue passenger service during the current budget year, which ends 30 September, but plans to layoff about 700 workers and scale back maintenance on train cars. (Washington Post, 1 Feb) Microsoft names new security chief. Microsoft's new security chief is Scott Charney, a principal for PricewaterhouseCoopers' cybercrime prevention unit, and former chief of the computer crime and intellectual property unit at the Justice Department. Charney, who starts 1 April, replaces Howard Schmidt, who is leaving to work for Richard Clarke, chairman of the Critical Infrastructure Protection Board. The moves come two weeks after Microsoft went public with a plan to make security a priority in its products. The company has long been criticized for rushing feature-rich software to market at the expense of security, leaving holes that put computer users at risk of attack from malicious hackers and viruses. Charney's responsibility will be to develop ways to improve the security of Microsoft products and services. (Reuters, 1 Feb) IT group says federal systems 'incredibly open.' Systems at the Federal Aviation Administration, the Social Security Administration and parts of the Internal Revenue Service are "incredibly open and vulnerable," according to the Information Technology Association of America. About 74% of those responding to a recent association survey were concerned that terrorists would use the Internet to launch cyber-attacks against critical infrastructure such as telephone networks and power plants. (Washington Post, 1 Feb) US to test air-security screening system. Federal aviation authorities plan to build a computer network linking all airline reservation systems in the country to private and government databases to help authorities identify potential threats more effectively while easing lines at airport security checkpoints. The network is expected to use data-mining and predictive software to profile passenger activity and develop clues about potential threats. (Reuters, 2 Feb)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:38:50 PDT