CRIME FW: NIPC Daily Report 11 February 02

From: George Heuston (GeorgeH@private)
Date: Mon Feb 11 2002 - 07:08:13 PST

  • Next message: George Heuston: "Last Call-- CRIME Meeting - Sen Wyden's Staff - Tuesday, 12 Febru ary @ Verizon/Airtouch @10AM"

    -----Original Message-----
    From: NIPC Watch
    To: Daily Distribution
    Sent: 2/11/02 6:23 AM
    Subject: NIPC Daily Report 11 February 02
    NIPC Daily Report
                                         11 February 2002
    The NIPC Watch and Warning Unit compiles this report to inform 
    recipients of issues impacting the integrity and capability of the 
    nation's critical infrastructures.
    NY AG sues software developer to protect consumers' free speech rights .
    New York State has filed a lawsuit against computer software developer 
    Network Associates (NAI) seeking to put an end to speech restrictions 
    that the company has placed on its software users.  NAI has prevented 
    customers from publishing "product reviews" or "benchmark tests" without
    the company's permission.  The New York suit alleges that such clauses 
    -- legally known as "restrictive covenants" -- are illegal, and that 
    they harm the public by censoring discussions of a product's flaws and 
    defects.   (New York Office of the Attorney General, 7 Feb)
    Nuclear plants may get security reinforcement.  Homeland Security 
    Director Tom Ridge says structural changes could be looming for nuclear 
    plants. Security measures for nuclear power plants were designed for 
    land-based threats.  The 11 September terrorist attacks highlight the 
    need to consider other threats.  "There may ultimately be some actual 
    bricks and mortar adjustments to be made" at some of the nation's 
    nuclear power plants, Ridge said.  He added that some steps already have
    been taken.  (, 8 Feb)
    Airline Web sites seen as riddled with security holes. A security audit 
    team breached the Web-based systems of a US airline, gaining access into
    the airline's back-end systems, including reservation and maintenance 
    systems. The FAA believes it's too early to tell whether the audit 
    uncovered a significant breach of security, and will compare notes with 
    other airlines to see if this is an isolated case or not. The airline, 
    whose identity is not available for security reasons, has not fixed the 
    problems. (Computerworld, 4 Feb)
    Exchange 2000 System Attendant incorrectly sets remote registry 
    permissions . The Microsoft Exchange System Attendant is one of the core
    services in Microsoft Exchange. There is a flaw in how the System 
    Attendant makes Registry configuration changes.  This flaw could allow 
    an unprivileged user to remotely access configuration information on the
    server.  There is a flaw could allow an unprivileged user to remotely 
    access configuration information on the server.  Microsoft Advisory 
    02-003 discusses the flaw in detail.  It is available at URL  
    (Microsoft, 7 Feb)
    Unchecked buffer in Telnet server could lead to arbitrary code 
    execution. Microsoft reports a flaw in the unchecked buffers of the code
    that processes Telnet protocol options for Windows 2000 and Interix 
    2.2.  An attacker could use this vulnerability to perform a buffer 
    overflow attack and cause the Telnet Server to fail, or in some cases, 
    allow attackers to execute code of  their choosing on the system.  MS 
    Advisory 02-004 discusses the flaw in detail.  It is available at 
    (Microsoft, 7 Feb)
    Pringles can chips away at wireless net security.  Computer experts for 
    a commercial security firm say you can find recipes on the Internet that
    teach you to make a wireless antenna out of a Pringles can or a 
    cardboard tube, which then can tap into a home user's Internet signal or
    a company's local area network.  In the 10 miles from Fahey's house to 
    their office, they discovered holes in 60 access points that allowed 
    them see every computer on the entire network.  A terrorist could tap 
    into free wireless Internet access points to get secret messages without
    ever having to sign up for an ISP.  (Denver Post, 10 Feb)
    Help arrives to improve home PC security.  A group of high-tech 
    companies, in conjunction with the FBI, DoD, and Federal Trade 
    Commission, announced a Stay Safe Online Campaign on 7 February to 
    educate users and small businesses about ways to avoid hackers and 
    viruses. At the core of the Stay Safe Online Campaign is a Web site 
    ( with information and tips people can follow to 
    protect the security of their computers. The Web site offers tips that 
    include not opening e-mail from unknown sources and backing up data and 
    downloading software patches as made available. A recent survey found 
    that nearly all of the 1,014 respondents are vulnerable to Internet 
    security threats because they fail to protect their systems from attack.
    (Reuters, 8 Feb)

    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:38:53 PDT