CRIME FW: NIPC Daily Report 11 February 02

From: George Heuston (GeorgeH@private)
Date: Mon Feb 11 2002 - 07:08:13 PST

Next message: George Heuston: "Last Call-- CRIME Meeting - Sen Wyden's Staff - Tuesday, 12 Febru ary @ Verizon/Airtouch @10AM"

Previous message: George Heuston: "CRIME FW: NIPC Daily Report 8 February 02"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: NIPC Watch
To: Daily Distribution
Sent: 2/11/02 6:23 AM
Subject: NIPC Daily Report 11 February 02

NIPC Daily Report

                                     11 February 2002

The NIPC Watch and Warning Unit compiles this report to inform 
recipients of issues impacting the integrity and capability of the 
nation's critical infrastructures.

NY AG sues software developer to protect consumers' free speech rights .

New York State has filed a lawsuit against computer software developer 
Network Associates (NAI) seeking to put an end to speech restrictions 
that the company has placed on its software users.  NAI has prevented 
customers from publishing "product reviews" or "benchmark tests" without

the company's permission.  The New York suit alleges that such clauses 
-- legally known as "restrictive covenants" -- are illegal, and that 
they harm the public by censoring discussions of a product's flaws and 
defects.   (New York Office of the Attorney General, 7 Feb)

Nuclear plants may get security reinforcement.  Homeland Security 
Director Tom Ridge says structural changes could be looming for nuclear 
plants. Security measures for nuclear power plants were designed for 
land-based threats.  The 11 September terrorist attacks highlight the 
need to consider other threats.  "There may ultimately be some actual 
bricks and mortar adjustments to be made" at some of the nation's 
nuclear power plants, Ridge said.  He added that some steps already have

been taken.  (www.platt.com, 8 Feb)

Airline Web sites seen as riddled with security holes. A security audit 
team breached the Web-based systems of a US airline, gaining access into

the airline's back-end systems, including reservation and maintenance 
systems. The FAA believes it's too early to tell whether the audit 
uncovered a significant breach of security, and will compare notes with 
other airlines to see if this is an isolated case or not. The airline, 
whose identity is not available for security reasons, has not fixed the 
problems. (Computerworld, 4 Feb)

Exchange 2000 System Attendant incorrectly sets remote registry 
permissions . The Microsoft Exchange System Attendant is one of the core

services in Microsoft Exchange. There is a flaw in how the System 
Attendant makes Registry configuration changes.  This flaw could allow 
an unprivileged user to remotely access configuration information on the

server.  There is a flaw could allow an unprivileged user to remotely 
access configuration information on the server.  Microsoft Advisory 
02-003 discusses the flaw in detail.  It is available at URL 
http://www.microsoft.com/technet/security/bulletin/MS02-003.asp.  
(Microsoft, 7 Feb)

Unchecked buffer in Telnet server could lead to arbitrary code 
execution. Microsoft reports a flaw in the unchecked buffers of the code

that processes Telnet protocol options for Windows 2000 and Interix 
2.2.  An attacker could use this vulnerability to perform a buffer 
overflow attack and cause the Telnet Server to fail, or in some cases, 
allow attackers to execute code of  their choosing on the system.  MS 
Advisory 02-004 discusses the flaw in detail.  It is available at 
http://www.microsoft.com/technet/security/bulletin/MS02-004.asp 
(Microsoft, 7 Feb)

Pringles can chips away at wireless net security.  Computer experts for 
a commercial security firm say you can find recipes on the Internet that

teach you to make a wireless antenna out of a Pringles can or a 
cardboard tube, which then can tap into a home user's Internet signal or

a company's local area network.  In the 10 miles from Fahey's house to 
their office, they discovered holes in 60 access points that allowed 
them see every computer on the entire network.  A terrorist could tap 
into free wireless Internet access points to get secret messages without

ever having to sign up for an ISP.  (Denver Post, 10 Feb)

Help arrives to improve home PC security.  A group of high-tech 
companies, in conjunction with the FBI, DoD, and Federal Trade 
Commission, announced a Stay Safe Online Campaign on 7 February to 
educate users and small businesses about ways to avoid hackers and 
viruses. At the core of the Stay Safe Online Campaign is a Web site 
(www.safetyonline.com) with information and tips people can follow to 
protect the security of their computers. The Web site offers tips that 
include not opening e-mail from unknown sources and backing up data and 
downloading software patches as made available. A recent survey found 
that nearly all of the 1,014 respondents are vulnerable to Internet 
security threats because they fail to protect their systems from attack.

(Reuters, 8 Feb)

Next message: George Heuston: "Last Call-- CRIME Meeting - Sen Wyden's Staff - Tuesday, 12 Febru ary @ Verizon/Airtouch @10AM"
Previous message: George Heuston: "CRIME FW: NIPC Daily Report 8 February 02"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:38:53 PDT