-----Original Message----- From: owner-crime@/var/spool/majordomo/lists/crime [mailto:owner-crime@/var/spool/majordomo/lists/crime]On Behalf Of George Heuston Sent: Tuesday, February 26, 2002 7:15 AM To: 'crime@private'; 'crime-announce@private'; 'nta-net@private'; 'biznet-hillsboro@private' Subject: CRIME FW: NIPC DAILY REPORT FOR 26 FEB 02 -----Original Message----- From: NIPC Watch To: Daily Distribution Sent: 2/26/02 5:59 AM Subject: NIPC DAILY REPORT FOR 26 FEB 02 NIPC Daily Report 26 February 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Critical Microsoft patch released. Microsoft has released a patch to fix a "critical" vulnerability in Commerce Server. The vulnerability allows an attacker to run arbitrary code on a compromised server and take control of other linked systems under certain circumstances. The vulnerability is caused by an unchecked buffer in a section of code that handles certain types of authentication requests in the AuthFilter service, which is installed by default. By providing malformed authentication information, an attacker could cause a buffer overrun and gain complete control over an affected server. The patch is available at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS02-010.asp. (Security Wire Digest, 25 Feb) Agent: FAA buried lapses checkpoint flaws alleged. The federal Office of Special Counsel, which handles whistleblower complaints, has ordered the Transportation Department to investigate the allegations of a veteran FAA special agent and security inspector who alleges that top FAA officials were "fully aware" of the terrorist threat and vulnerabilities in civil aviation security but took no meaningful action to correct the problems before the terrorist strikes on 11 September. The Special Counsel believes that "there is a substantial likelihood'' that the complaint shows an ''abuse of authority'' or a ''substantial and specific danger to public safety.'' (USA Today, 25 Feb) FAA begins development on next-generation communication suite. The FAA has negotiated agreements with three companies to develop onboard systems that integrate digital voice and data communications to reduce frequency congestion and enhance safety. FAA's current system of air-ground communications uses VHF and UHF radio links. The new systems will make more efficient use of available radio spectrum to improve FAA's ability to meet the expanding demands of air traffic control communications. (Government Computer News, 25 Feb) Terror alert system on the way. Office of Homeland Security director Tom Ridge, speaking at the winter meeting of the National Governor's Association, said that the federal government will soon unveil a national alert system for sharing terrorist threat information with intelligence with states and territories. Ridge called the national alert system an "imperfect system" that will need improvement, and asked the governors to take a look at it, compare it with their systems and make recommendations. The federal government has been working on a national system to better rank potential terrorist threats. State and local officials have criticized the warnings that have been issued since 11September, because they contained no details of when and where such acts may occur. (Federal Computer Week, 25 Feb)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:07 PDT