-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Wednesday, February 20, 2002 7:14 AM To: Daily Distribution Subject: NIPC Daily Report, 20 February 2002 NIPC Daily Report 20 February 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Coast Guard focus has shifted since 9/11. Port security is now "job one" for the Coast Guard according to ADM James Loy, the agency's commandant. Fuel tanks, chemical plants and bridges line the shores of ports in or near big cities packed with millions of civilians. Ships or containers "could be used for mass destruction," said Capt. Wayne Justice, the Coast Guard's acting director of resources. "We are uniquely situated to recognize terrorist threats [and] prevent possible catastrophic attack," he said. (Philadelphia Inquirer, 18 Feb) Virus smuggling risk for Outlook Express users. Security researchers have identified a way to smuggle virus-laden emails past AV checkers and into the in-boxes of Outlook Express users. Mail filtering utilities usually don't search the subject line for all types of files, so a maliciously constructed email might appear as an attachment to Outlook Express users. (The Register, 15 Feb) Terrorism talks open RSA encryption standards conference. The annual security event opened Tuesday with US cyber security czar Richard Clarke warning about the potential for terrorist hack attacks, and a panel of noted cryptographers fretting over lost liberties in the wake of the real terrorist attacks of September 11. The terrorism theme carried over into the Cryptographer's Panel -- an annual tradition at the conference that brings together the world's most well-known cryptography experts. But the panel was less concerned with the purported threat of cyber terrorism, than with the corporate and governmental responses to physical attacks. Some panelists criticized the "hodgepodge" of security measures implemented since 11 September. Others expressed concern about "technology backfire" and the growing restrictions on the free flow of information. (Security Focus, 19, Feb) Censor-buster Peek-A-Booty goes public. Peek-A-Booty allows net surfers to access sites blocked by government restrictions. Peek-A-Booty uses a peer-to-peer model, masking the identity of each node, so that users can circumvent censorship blocks to access specific IP addresses without the censor knowing where the user is headed. Peek-A-Booty nodes send out standard SSL, so the censorware can't distinguish the request from any other secure electronic transaction. (The Register, 19 Feb) RSA: VeriSign opens up Web services road map. Attempting to take the confusion and complexity out of Web services-enabled enterprises, VeriSign unveiled plans to natively integrate its VeriSign Trust Services model with a stellar cast of Web services platforms, and to offer standards-based APIs and developer toolkits for in-house application integration efforts. IBM, Microsoft, Oracle, iPlanet, and webMethods have agreed to support and implement the VeriSign Trust Services framework open standards approach to offer a seamless interface to VeriSign's digital identity, authentication and authorization, and transaction services. The toolkit suite will include pre-constructed connectors, tutorials, class libraries, case examples, and documentation. (Info World, 19 Feb) Nasty Internet worm targets German anti-Trojan users. A destructive new mass-mailing Internet worm targeting the security-conscious has been launched into the wild in the form of a Trojan horse. The worm preys on people who subscribe to Trojaner-Info.de, a German site specializing in information about malicious code. The bogus message, written in German, purports to be a newsletter from Trojaner-Info announcing a new release of an actual anti-Trojan program Yet Another Warner (YAW). The bogus mail contains a booby-trapped attachment (yawsetup.exe) that mails copies of itself to addresses in the victim's Microsoft Outlook address book. The worm may also delete all files on the victim's hard disk. (Daily News, 20 Feb) Application security "in a grim state." Recent research done by a commercial security firm suggests that almost half of all application security vulnerabilities are readily exploitable through entirely preventable defects. Security researchers, contrasting the performers with regards to security, say that six areas differentiate top and bottom performers: early design focus on user authentication and authorization; mistrust of user input; end-to-end session encryption; safe data handling; elimination of administrator backdoors and default settings; and security quality assurance. The most common application security mistake is a lack of adequate authentication and access control. According to researchers, user session security remains the Achilles heel of most e-business applications because user input is trusted implicitly or relies on client-side validation, rather than having the server itself check for inappropriate data. (Vnunet, 19 Feb) EU to close computer systems in Turkey. The European Union has completely closed down its computer systems in Turkey, and will now conduct all of its internal and external correspondence in handwriting. The move occurred because emails between an EU committee representative and a Turkish desk officer were hacked and disclosed in Brussels. (Istanbul Hurriye, 16 Feb) Kenya: Internet service providers relaunch exchange facility. The Kenya Internet Exchange Point (KIXP) started operations on 14 February with three ISPs exchanging traffic. They include ISP Kenya, Swift Global and UUNET. Industry lobby Tespok (Telecommunications Service Providers) says 10 other ISPs are awaiting TelKom Kenya sanction to join the KIXP hub. (Nairobi Daily Nationenya, 19 Feb)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:02 PDT