CRIME FW: NIPC Daily Report 27 Feb 02

From: George Heuston (GeorgeH@private)
Date: Wed Feb 27 2002 - 09:33:20 PST


-----Original Message-----
From: George Heuston
To: 'fw@private'
Sent: 2/27/02 9:28 AM
Subject: NIPC Daily Report 27 Feb 02

NY Times' Internal networks hacked...

-----Original Message-----
From: NIPC Watch
To: Daily Distribution
Sent: 2/27/02 5:44 AM
Subject: NIPC Daily Report 27 Feb 02

NIPC Daily Report 27 February 2002

The NIPC Watch and Warning Unit compiles this report to inform 
recipients of issues impacting the integrity and capability of the 
nation's critical infrastructures.

City wants reimbursement for replacing tainted water. Testing in January

found low levels of the industrial solvent dioxane at nine wells in 
several California communities, forcing their closure. Building 
treatment facilities to cleanse the water will cost millions of dollars 
and take up to 22 months. If the wells remain shut until treatment 
facilities are built, local officials will be forced to spend many more 
millions buying water from Northern California and the Colorado River. 
Little is known about the long-term health effects of dioxane exposure, 
but federal environmental officials have classified it a probable human 
carcinogen and the state recently deemed it a "contaminant of concern." 
(Watertech Online, 26 Feb)

New York Times Intranet, source database hacked. The New York Times' 
corporate Intranet and Web-based applications that handle everything 
from payroll accounts to the newsroom's source database were penetrated 
by a freelance security researcher this week using nothing more than a 
Web browser. The internal Web site included pages with detailed 
instructions for stringers and correspondents, complete with dial-in 
modem numbers and accounts. The Intranet also lists each Times 
employee's contact information, as well as their Social Security 
numbers. (Newsbytes, 26 Feb)

MP3 files not always safe. A quirk in media players from Microsoft and 
RealNetworks could enable attackers to hijack Web browsers and run 
scripts on the computers of some MP3 music fans. Pornography sites have 
exploited this vulnerability, as have spammers who seed music file 
trading services with fake MP3 files. One such MP3 file, ostensibly 
containing the music of a L.A based rock group, launched a pornographic 
video and generated a "massive" amount of pop-up ads when played back on

the Windows Media Player from Microsoft, according to a newsgroup 
report. (Newsbytes, 25 Feb)

Software helps agencies finger network intruders. The Labor Department, 
Federal Bureau of Prisons and the State of Oregon recently installed 
intrusion detection software that monitors systems enterprise-wide and 
sends alerts in the event of internal or external breaches. The software

scrutinizes all network activity and notifies network administrators and

agency officials of any malicious intrusion or tampering. (Government 
Computer News, 26 Feb)

State Department gains access to FBI crime database. The State 
Department will soon be able to access certain FBI records to conduct 
more extensive background checks on foreigners applying for visas. Under

an interim rule published in the Federal Register, State Department 
officials are authorized to access the FBI's National Crime Information 
Center (NCIC) database, which contains more than 40 million records on 
criminals, suspects and stolen property. The officials will use the 
database to check the names of foreigners applying for visas. (GovExec, 
26 Feb)

Drug trafficking on Internet growing. The International Narcotics 
Control Board warns that drug traffickers are more and more frequently 
taking advantage of encrypted e-mail and other Internet technology to 
sell drugs, launder money, and trade tips and techniques. The INCB says 
greater vigilance and international cooperation are needed to prevent 
the Internet from turning into a worldwide web of drug trafficking. 
(Associated Press, 27 Feb)

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:07 PDT