CRIME FW: NIPC Watch Daily Report 22 February 2002

From: George Heuston (GeorgeH@private)
Date: Fri Feb 22 2002 - 07:23:03 PST

  • Next message: George Heuston: "CRIME FW: NIPC DAILY REPORT FOR 26 FEB 02"

    -----Original Message-----
    From: NIPC Watch
    To: NIPC Watch
    Sent: 2/22/02 6:00 AM
    Subject: NIPC Watch Daily Report 22 February 2002
    NIPC Daily Report
    22 February 2002  
    The NIPC Watch and Warning Unit compiles this report to inform
    recipients of issues impacting the integrity and capability of the
    nation's critical infrastructures.
    US Air traffic safe from hackers - FAA. Computer security weaknesses in
    the US air traffic control network that have dogged the Federal Aviation
    Administration since 1998 have been substantially closed, the FAA's CIO,
    Daniel Mehan, said on 21 February at the RSA 2002 Conference in San
    Jose, California.  The FAA was criticized in a September, 2000, GAO
    report for not performing background checks on IT contractors, failing
    to install intrusion detection systems, and not performing adequate risk
    assessments and penetration tests on agency systems. Mehan outlined the
    FAA's current cyber security practices, which include maintaining
    redundant systems, separating administrative networks from control
    networks, and using "firebreaks" as a hedge against viruses and worms
    that might get into an internal network. "At FAA we believe in layers of
    protection," said Mehan.  I think it is safe to fly. (Security Focus, 22
    XMLHTTP control can allow access to local files. A flaw exists in how
    the XMLHTTP Active X control applies IE security zone settings to a
    redirected data stream returned in response to a request for data from a
    web site. An attacker could exploit this vulnerability to specify a data
    source on the user's local system and return information from the local
    system to the attacker's web site.  An attacker would have to entice the
    user to a site under his control to exploit this vulnerability, and the
    attacker would have to know the full path and file name of any file he
    or she would attempt to read. This vulnerability does not give an
    attacker any ability to add, change or delete data. It cannot be
    exploited by HTML e-mail. (Microsoft Security Bulletin MS02-08, 21 Feb)
    Koreans take to the web in Olympic protest.  South Koreans took to the
    information superhighway on Friday to let the world know their anger at
    the disqualification of their skater in the Olympic 1,500 meters men's
    short track on 20 February. South Korea is among the world's most wired
    countries and Web sites and e-mails were at the forefront of the
    protest.  A spokesman for the United States Olympic Committee (USOC)
    said it received 16,000 e-mails from South Korea within five hours of
    the disqualification, enough to cause the USOC server to crash on
    Thursday.   (Reuters, 22 Feb)
    Worldwide Internet growth is slowing study.  The Internet still is
    welcoming millions of new Netizens each year, but according to a new
    study, the growth rate is slowing down, especially in developed
    countries. The company that conducted the study says the base number of
    Internet users has become so large that the days of triple digit growth
    are not possible any more. Analysts are waiting for the Internet's "next
    stage," as the world's Web users make up their mind how aggressively
    they convert to broadband.  Cost appears to be a big factor that
    decision.  The price increase from dial-up to broadband is significant,
    and without a commensurate change in perceived value.  (Washington Post,
    21 Feb)
    Flight from Miami landed with military escort at Newark airport.   On 21
    February, an American Airlines flight from Miami landed at Newark
    International Airport escorted by two F-16 fighter jets. The jets were
    scrambled after the captain inadvertently sent out a message that
    something was wrong aboard the plane.  Airline officials contacted the
    captain, who confirmed that everything was fine.  Once the plane was on
    the ground in Newark around 10 p.m., police boarded and confirmed
    nothing was wrong. (Associated Press, 22 Feb)

    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:05 PDT