-----Original Message----- From: NIPC Watch To: NIPC Watch Sent: 2/22/02 6:00 AM Subject: NIPC Watch Daily Report 22 February 2002 NIPC Daily Report 22 February 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. US Air traffic safe from hackers - FAA. Computer security weaknesses in the US air traffic control network that have dogged the Federal Aviation Administration since 1998 have been substantially closed, the FAA's CIO, Daniel Mehan, said on 21 February at the RSA 2002 Conference in San Jose, California. The FAA was criticized in a September, 2000, GAO report for not performing background checks on IT contractors, failing to install intrusion detection systems, and not performing adequate risk assessments and penetration tests on agency systems. Mehan outlined the FAA's current cyber security practices, which include maintaining redundant systems, separating administrative networks from control networks, and using "firebreaks" as a hedge against viruses and worms that might get into an internal network. "At FAA we believe in layers of protection," said Mehan. I think it is safe to fly. (Security Focus, 22 Feb) XMLHTTP control can allow access to local files. A flaw exists in how the XMLHTTP Active X control applies IE security zone settings to a redirected data stream returned in response to a request for data from a web site. An attacker could exploit this vulnerability to specify a data source on the user's local system and return information from the local system to the attacker's web site. An attacker would have to entice the user to a site under his control to exploit this vulnerability, and the attacker would have to know the full path and file name of any file he or she would attempt to read. This vulnerability does not give an attacker any ability to add, change or delete data. It cannot be exploited by HTML e-mail. (Microsoft Security Bulletin MS02-08, 21 Feb) Koreans take to the web in Olympic protest. South Koreans took to the information superhighway on Friday to let the world know their anger at the disqualification of their skater in the Olympic 1,500 meters men's short track on 20 February. South Korea is among the world's most wired countries and Web sites and e-mails were at the forefront of the protest. A spokesman for the United States Olympic Committee (USOC) said it received 16,000 e-mails from South Korea within five hours of the disqualification, enough to cause the USOC server to crash on Thursday. (Reuters, 22 Feb) Worldwide Internet growth is slowing study. The Internet still is welcoming millions of new Netizens each year, but according to a new study, the growth rate is slowing down, especially in developed countries. The company that conducted the study says the base number of Internet users has become so large that the days of triple digit growth are not possible any more. Analysts are waiting for the Internet's "next stage," as the world's Web users make up their mind how aggressively they convert to broadband. Cost appears to be a big factor that decision. The price increase from dial-up to broadband is significant, and without a commensurate change in perceived value. (Washington Post, 21 Feb) Flight from Miami landed with military escort at Newark airport. On 21 February, an American Airlines flight from Miami landed at Newark International Airport escorted by two F-16 fighter jets. The jets were scrambled after the captain inadvertently sent out a message that something was wrong aboard the plane. Airline officials contacted the captain, who confirmed that everything was fine. Once the plane was on the ground in Newark around 10 p.m., police boarded and confirmed nothing was wrong. (Associated Press, 22 Feb)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:05 PDT