From: NIPC Watch To: Daily Distribution Sent: 3/14/02 5:01 AM Subject: NIPC Daily Report 14 Mar 02 NIPC Daily Report 14 March 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Smaller airports to get GPS-like guidance systems early. Regional airlines, business aircraft and small private planes will be able to land more safely at more than 2,500 small airports using satellites for guidance under new procedures to be introduced by the Federal Aviation Administration starting late next year, two years earlier than planned. The new system will work by greatly refining the information provided to pilots through satellite signals from the Global Positioning System (GPS). With such information, pilots would be able to employ a safer, gradual descent to an altitude of at least 250 feet in zero-visibility conditions, at which point it would be possible to see the airport and continue the landing or abort the landing and fly elsewhere. Without this system, pilots have to make that decision at higher altitudes. (Washington Post, 13 Mar) Mineta sets end of April for Reagan Airport to open fully. United States Transportation Secretary Norman Mineta announced that Ronald Reagan Washington National Airport would be allowed to resume full normal operations by the end of April. In addition, Mineta swore in the first group of federal security directors. They are to be the Transportation Security Administration's (TSA) top personnel at the nation's largest airports, and are to spearhead the operation to replace private screening companies with government employees. (CNN, 13 Mar) Terrorist pilots' student visas arrive. Officials blame 'antiquated' system for delay of paperwork. Exactly six months after terrorists Mohamed Atta and Marwan Alshehhi flew two jetliners into the World Trade Center, the Florida flight school that trained the men received paperwork showing that their student visas had been approved. Because of backlogs and an antiquated processing system at the Immigration and Naturalization Service, notification of the approval did not arrive at the flight school until Monday. In addition, the INS said in a statement, "when the applications were approved, the INS had no information indicating that Atta or Alshehhi had ties to terrorist organizations." (Washington Post, 13 Mar) NIPC Comment: This issue highlights the pervasive problem of information systems that are inefficient and do not facilitate information sharing. Private sector and government organizations increasingly rely on shared information. This episode illustrates that components and systems supporting critical infrastructures must be updated and maintained to ensure continued infrastructure integrity and capability. New attack intercepts wireless net messages. A group of security researchers has discovered a simple attack technique for intercepting Internet traffic moving over a wireless network. The technique uses easily downloadable freeware and gear that can be picked up at any electronics store. The attack affects the popular BlackBerry devices as well as a variety of handhelds that send unencrypted transmissions over networks such as Mobitex. The attack also applies to other devices on the Mobitex network. The attack does not work on the BlackBerry Enterprise Edition, which uses Triple Data Encryption Standard encryption. (eWeek, 13 Mar) Grid computing boosts hacker network. A worldwide hacker confederation is quietly setting up a global, real-time, peer-to-peer grid of processing power to crack encryption--especially passwords - used in commerce. Cracking passwords is not an easy task, as a huge amount of computing power is needed to get results. Grid computing gives hackers the horsepower they need. Hackers send clients into personal computers via a worm, or through any site that's been hacked or intentionally set up to remotely run programs on the PC. Or, a user downloads a screensaver from any site that allows sharing of computing assets. Once clients are inside a user's machine, they lend processing power to the encryption-cracking effort. The average seven-character password can be cracked in about an hour with 160 computers working on it. These clients take advantage of the real-time connections in a corporate environment and continue cracking. (CNET, 13 Mar) The best way to make software secure: liability. The National Academy of Sciences, frustrated that security measures already available aren't being used, has suggested lawmakers consider legislation that would end software companies' protection from product liability lawsuits. Much of the talk about improving computer safeguards overlooks a fundamental problem: Poorly written software is at the root of many security breaches. That's why the same mistakes keep cropping up. A model for improving security may be the Y2K bug. Facing the threat of widespread computer meltdowns at the millennium, industry mobilized to change business practices and governments passed laws requiring Y2K certification for tech gear. Companies underwent massive campaigns to make certain they complied because they didn't want to be held liable for damages. (Business Week, 13 Mar) Going to the source: reporting security incidents to ISPs. Firewalls, bastion routers and intrusion detection systems play an important role in protecting our networks, but they fail to address the source of break-in attempts - the vast worldwide interconnection of hostile users, compromised systems, software bugs and configuration glitches. Reports are worthwhile even for one-time intrusion attempts. The Internet is studded with automated intruders like Nimda and Sadmind that find new victims every day. System administrators who submit security incident reports may help eliminate a compromise on a system that poses no threat when it is clean, or help an ISP or law enforcement agency to identify a source of serious illegal activity. (Security Focus, 13 Mar) Internet Explorer exploit gives Windows XP users the boot. Security specialists have identified an un-patched flaw in Microsoft's Internet Explorer 6 browser could enable attackers to shut down the computers of some users who visit a specially designed Web page. The flaw, commonly referred to as the Codebase Localpath Vulnerability, was reported to Microsoft in January and February by separate security researchers, and may have been identified as early as June, 2000. The new version automatically executes and logs the user off when an IE6 user views a booby-trapped Web page or HTML e-mail. The code is known by several names. Symantec refers to it as the XMLid.Exploit. McAfee terms the attack Exploit-CodeBase. (Newsbytes, 14 Mar)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:21 PDT