-----Original Message----- From: George Heuston To: 'fw@private' Sent: 2/27/02 9:28 AM Subject: NIPC Daily Report 27 Feb 02 NY Times' Internal networks hacked... -----Original Message----- From: NIPC Watch To: Daily Distribution Sent: 2/27/02 5:44 AM Subject: NIPC Daily Report 27 Feb 02 NIPC Daily Report 27 February 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. City wants reimbursement for replacing tainted water. Testing in January found low levels of the industrial solvent dioxane at nine wells in several California communities, forcing their closure. Building treatment facilities to cleanse the water will cost millions of dollars and take up to 22 months. If the wells remain shut until treatment facilities are built, local officials will be forced to spend many more millions buying water from Northern California and the Colorado River. Little is known about the long-term health effects of dioxane exposure, but federal environmental officials have classified it a probable human carcinogen and the state recently deemed it a "contaminant of concern." (Watertech Online, 26 Feb) New York Times Intranet, source database hacked. The New York Times' corporate Intranet and Web-based applications that handle everything from payroll accounts to the newsroom's source database were penetrated by a freelance security researcher this week using nothing more than a Web browser. The internal Web site included pages with detailed instructions for stringers and correspondents, complete with dial-in modem numbers and accounts. The Intranet also lists each Times employee's contact information, as well as their Social Security numbers. (Newsbytes, 26 Feb) MP3 files not always safe. A quirk in media players from Microsoft and RealNetworks could enable attackers to hijack Web browsers and run scripts on the computers of some MP3 music fans. Pornography sites have exploited this vulnerability, as have spammers who seed music file trading services with fake MP3 files. One such MP3 file, ostensibly containing the music of a L.A based rock group, launched a pornographic video and generated a "massive" amount of pop-up ads when played back on the Windows Media Player from Microsoft, according to a newsgroup report. (Newsbytes, 25 Feb) Software helps agencies finger network intruders. The Labor Department, Federal Bureau of Prisons and the State of Oregon recently installed intrusion detection software that monitors systems enterprise-wide and sends alerts in the event of internal or external breaches. The software scrutinizes all network activity and notifies network administrators and agency officials of any malicious intrusion or tampering. (Government Computer News, 26 Feb) State Department gains access to FBI crime database. The State Department will soon be able to access certain FBI records to conduct more extensive background checks on foreigners applying for visas. Under an interim rule published in the Federal Register, State Department officials are authorized to access the FBI's National Crime Information Center (NCIC) database, which contains more than 40 million records on criminals, suspects and stolen property. The officials will use the database to check the names of foreigners applying for visas. (GovExec, 26 Feb) Drug trafficking on Internet growing. The International Narcotics Control Board warns that drug traffickers are more and more frequently taking advantage of encrypted e-mail and other Internet technology to sell drugs, launder money, and trade tips and techniques. The INCB says greater vigilance and international cooperation are needed to prevent the Internet from turning into a worldwide web of drug trafficking. (Associated Press, 27 Feb) .
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:07 PDT