CRIME FW: NIPC DAILY REPORT FOR 26 FEB 02

From: George Heuston (GeorgeH@private)
Date: Tue Feb 26 2002 - 07:14:36 PST

  • Next message: Geo: "CRIME NIPC DAILY REPORT FOR 26 FEB 02"

     
    
    -----Original Message-----
    From: NIPC Watch
    To: Daily Distribution
    Sent: 2/26/02 5:59 AM
    Subject: NIPC DAILY REPORT FOR 26 FEB 02
    
    NIPC Daily Report 26 February 2002
    
    The NIPC Watch and Warning Unit compiles this report to inform 
    recipients of issues impacting the integrity and capability of the 
    nation's critical infrastructures.
    
    Critical Microsoft patch released. Microsoft has released a patch to fix
    
    a "critical" vulnerability in Commerce Server. The vulnerability allows 
    an attacker to run arbitrary code on a compromised server and take 
    control of other linked systems under certain circumstances. The 
    vulnerability is caused by an unchecked buffer in a section of code that
    
    handles certain types of authentication requests in the AuthFilter 
    service, which is installed by default. By providing malformed 
    authentication information, an attacker could cause a buffer overrun and
    
    gain complete control over an affected server. The patch is available at
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
    ity/bulletin/MS02-010.asp. 
    
    (Security Wire Digest, 25 Feb)
    
    Agent: FAA buried lapses checkpoint flaws alleged. The federal Office of
    
    Special Counsel, which handles whistleblower complaints, has ordered the
    
    Transportation Department to investigate the allegations of a veteran 
    FAA special agent and security inspector who alleges that top FAA 
    officials were "fully aware" of the terrorist threat and vulnerabilities
    
    in civil aviation security but took no meaningful action to correct the 
    problems before the terrorist strikes on 11 September. The Special 
    Counsel believes that "there is a substantial likelihood'' that the 
    complaint shows an ''abuse of authority'' or a ''substantial and 
    specific danger to public safety.'' (USA Today, 25 Feb)
    
    FAA begins development on next-generation communication suite. The FAA 
    has negotiated agreements with three companies to develop onboard 
    systems that integrate digital voice and data communications to reduce 
    frequency congestion and enhance safety. FAA's current system of 
    air-ground communications uses VHF and UHF radio links. The new systems 
    will make more efficient use of available radio spectrum to improve 
    FAA's ability to meet the expanding demands of air traffic control 
    communications. (Government Computer News, 25 Feb)
    
    Terror alert system on the way. Office of Homeland Security director Tom
    
    Ridge, speaking at the winter meeting of the National Governor's 
    Association, said that the federal government will soon unveil a 
    national alert system for sharing terrorist threat information with 
    intelligence with states and territories. Ridge called the national 
    alert system an "imperfect system" that will need improvement, and asked
    
    the governors to take a look at it, compare it with their systems and 
    make recommendations. The federal government has been working on a 
    national system to better rank potential terrorist threats. State and 
    local officials have criticized the warnings that have been issued since
    
    11September, because they contained no details of when and where such 
    acts may occur. (Federal Computer Week, 25 Feb)
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:06 PDT