-----Original Message----- From: NIPC Watch To: Daily Distribution Sent: 2/7/02 5:38 AM Subject: NIPC Daily Report 7 February 2002 NIPC Daily Report 7 February 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Wireless networks are targets for the mobile hacker. Consultants at a security firm recently began scanning for wireless local-area networks (WLANs) susceptible to hackers seeking free Internet access. This type of hacking is made possible by a standard called wireless fidelity, or 802.11b. Since these networks broadcast data hundreds of feet from the point of origin and through walls, the signals are easily intercepted. Although security measures are available, most are weak or not used. The number of WLAN devices in use is expected to rise from 4.9 million in 2000 to 55.9 million in 2006. (Business Journal of Kansas City, 5 Feb) FAA eyeing $2B Telecom overhaul at National Airspace System. The Federal Aviation Administration (FAA) in June plans to award a contract to a private-sector IT, company to overhaul the telecommunications backbone of the National Airspace System. Known as the FAA Telecommunications Infrastructure contract, the focus will be on information security. Once the contract is awarded, it will provide the FAA with "a very strong transport layer vehicle for the future." In the short term the FAA has ramped up intrusion detection audits and vulnerability assessments of all systems that are part of the NAS. (ComputerWorld, 5 Feb) Chat-program bugs could bite millions. An Irish security consultant published details this weekend of two software bugs in a popular chat program, bugs that could be used to install malicious programs on a victim's computer. The flaws make users of mIRC, a common Windows program that lets people chat in real time over a network of "Internet relay chat" servers, susceptible to attack if they connect to a compromised server. The flaws are the latest blow to any notion of security on chat software and instant messaging programs. (CNET News, 6 Feb) Computer-security industry leads the way to growth. According to market researchers, the worldwide security-software and managed security service markets should score double-digit growth this year. This reflects the realities of a post-11 September world, as companies and governments turn to the computer-security industry to help them secure their most critical information-technology systems. Industry analysts predict US Government agencies and the DoD will increase spending in reaction to public concern about the low scores received in security audits performed on the government IT infrastructure. (CNet News, 5 Feb) Sharing is focus of homeland IT. The fiscal 2003 budget requests $722 million for information technology homeland security programs to fill immediate needs. The IT programs make up about 2 percent of the homeland security budget. The programs are focused on eliminating stovepipes that hinder information sharing and increasing protection for the information infrastructure. (Federal Computer Week, 5 Feb) Security runs through DOT budget. The fiscal 2003 budget request for the Transportation Department (DOT) makes security a priority. Overall funding for the Federal Aviation Administration (FAA) dropped because some of its security responsibilities are being shifted to the fledgling Transportation Security Agency (TSA). The administration is requesting an increase in the budget for DOT's Office of Information Services for critical security initiatives and bolstering the Computer Security Incident Response Center, which detects cyber attacks on FAA systems. (Federal Computer Week, 5 Feb) BlackIce Defender susceptible to attack. Internet Security Systems Inc.'s BlackIce Defender intrusion detection application is susceptible to specific ping flood attack that causes the system to crash and not log anything about the attack. The exceptions generated are kernel mode; thus the crash is not likely the result of a buffer overflow. Code execution probably is not possible through this attack. (SecurityFocus, 5 Feb) Morpheus denies security breach. StreamCast Networks, the company that created Morpheus, has categorically denied there is a 'dangerous' hole in its Morpheus software program. StreamCast claims that Morpheus users are able to decide which files they want to share with the user network by placing them into a shared folder that is accessible to other Morpheus users. In a statement, the company implied that security breaches are a result of users making all of their folders and private information accessible. "StreamCast reminds its users to be sure they are not sharing files they want to keep private or files that are copyrighted," the company said in a statement. (ZDNet Australia, 6 Feb) NOTE: NIPC Report carried an item about the discovery of a Morpheus security hole in its 5 Feb edition. The source of that article was ZDNet UK, 4 Feb.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:38:52 PDT