CRIME NIPC Daily Report for 04 April 2002

From: George Heuston (GeorgeH@private)
Date: Thu Apr 04 2002 - 15:17:28 PST

  • Next message: George Heuston: "CRIME NIPC Daily Report 5 Apr 02"

    The NIPC Watch and Warning Unit compiles this report to inform 
    recipients of issues impacting the integrity and capability of the 
    nation's critical infrastructures.
    
    New options in assault on smallpox.  The disclosure that a large cache 
    of smallpox vaccine is available to control a bioterrorist attack has 
    put an unusual focus on the vaccine.  Vaccinating every American would 
    immediately eliminate the threat of a bioterrorist smallpox attack.  But 
    the vaccine can be hazardous, and the available supply of 77 million 
    doses is insufficient to cover 285 million Americans.  One reason the 
    vaccine poses risks is that it is crude by today's standards. The newly 
    disclosed cache to be donated by the drug company Aventis Pasteur dates 
    from 1958 when the vaccine was made the traditional way.  Whether the 
    cache could be diluted to provide as many 450 million emergency doses 
    will depend on tests that will be performed in the next two months. (New 
    York Times, 02 Apr)
    
    With vaccine available, smallpox debate shifts.  In the aftermath of 
    last fall's anthrax assaults, the federal government has worked to 
    expand its stockpile of vaccine against the possibility that terrorists 
    might get hold of one of the remaining stocks of live virus and mount a 
    biological attack.  The disclosure that the drug company Aventis Pasteur 
    had tens of millions of doses that could potentially be diluted to 
    vaccinate everybody shifted the debate sharply. The 1976 flu vaccine 
    program showed how easily a tide could turn. Soon after the 
    immunizations began, the news media began a national body count of those 
    that had had the vaccine and died. Large studies had shown that the flu 
    vaccine was not particularly dangerous and that the few reactions it 
    caused tended to be mild, like soreness in the arms. (New York Times, 30 
    Mar)
    
    WWU Comment: The two previous articles reveal two hurdles for a national 
    vaccination plan.  The first issue is how to manufacture and distribute 
    enough of the proper vaccine.  The second and most difficult issue is 
    figuring out how to handle the public's perception of the vaccine.
    
    Tech revs up ambulance services.  More than 100 ambulance services in 
    South Dakota - most of them volunteer organizations - have been 
    outfitted by the state with new computers and software that government 
    officials hope will significantly boost the services' ability to react 
    during major disasters and emergencies. The new systems will bring all 
    of the ambulance services onto the Internet, many of them for the first 
    time, allowing state officials to quickly reach them via e-mail in the 
    event of an emergency.  The systems also will help streamline ambulance 
    service bureaucracy, enabling them to file required trip reports 
    electronically rather than using error-prone scanning of paper forms 
    (Scanning produced error rates of 15-25 percent).  Electronic filing 
    will enable ambulance services to build local databases to analyze what 
    emergencies they respond to and when.  They'll then be able to schedule 
    such things as extra training where it is needed. (Federal Computer 
    Week, 02 Apr)
    
    WWU Comment: Despite security concerns about wireless data transmission, 
    this is a major step forward in improving emergency response. 
    Streamlined data processing is the most tangible benefit of this type of 
    automated system. The more important benefit will be increased 
    dispatching efficiency and correspondingly faster response times.
    
    Study: Emergency rooms handling more.  A study by emergency room 
    physicians has found that hospitals are handling more urgent cases than 
    they did a decade ago, and those more extensive treatments are tying up 
    beds and exacerbating overcrowding.  Dr. Brent Asplin, a St. Paul, 
    Minn., emergency physician and member of the ACEP task force on 
    emergency room overcrowding, said the new study demonstrates that even 
    if hospitals could empty their waiting rooms of non-urgent care 
    patients, overcrowding would persist.  "It's the sickest patients who 
    are holding up the monitored beds,'' Asplin said, "And when those beds 
    are filled, ambulances must be diverted to other hospitals, sometimes 
    delaying care for extremely ill patients."  Nationwide, there is a 
    shortage of nurses and a declining number of hospital beds, which means 
    emergency room patients admitted to hospitals can face lengthy waits for 
    beds.  (Associated Press, 28 Mar)
    
    WWU Comment: As communities continue to grow medical resources likely 
    will be spread even thinner.   Medical and emergency services should 
    have equal footing with security concerns and other front-line services, 
    or run the risk of being ill prepared during a disaster.  This issue 
    will be rapidly and severely magnified in the event of a mass-casualty 
    disaster.
    
    Who's defending the homeland?  Several congressional committees are 
    debating how to spend billions in homeland defense dollars.  State and 
    local governments are going ahead with security plans, waiting for 
    federal funds to flow, and haggling over who should have the ultimate 
    say over how communities protect themselves from terror.  The terror 
    threat has altered the relevance of national security for officials on 
    the state and local level in the area of national security.  Communities 
    have different levels of readiness, unequal financial resources, varying 
    emergency services systems that may not easily work together in a major 
    disaster, and unique assets that require protection.  Major cities like 
    Los Angeles or New York require a different security approach than 
    safeguarding a weapons stockpile in the rural Midwest.  (ABC News, 02 Apr)
    
    WWU Comment: The nature of coordinated disaster recovery, while greatly 
    assisted by federal resources, continues to be focused at the state and 
    local level where efforts can best benefit their specific citizens and 
    community needs.  The homeland security issue will undoubtedly intensify 
    the debate over operational control of federal funds, especially given 
    the sense of urgency expressed in the localities.
    
    High-technology firms vie to fight terrorism.  Federal offices at all 
    levels have been inundated in recent months with phone calls and visits 
    from company executives, scientists and private citizens whose messages 
    can be summarized as, "We have the security answer for you." Suddenly, 
    government has become the most important potential customer and 
    financier; one that is being courted with aggressiveness seldom matched. 
      Many companies are forming homeland-defense task forces or shifting 
    resources to their government service units, where their approach is to 
    utilize existing technologies for analysis of currently collected data. 
    (Washington Post, 31 Mar)
    
    WWU Comment: By applying existing software tools to data already being 
    collected, these high-technology firms should be able to provide the 
    government with sufficiently accurate results with minimal costs.  Both 
    Industry and academia must continue to work with government, as well as 
    with one another, in R&D efforts to further the multitude of homeland 
    defense efforts.
    
    Arizona test-drives PKI.  Arizona's Motor Vehicle Division (MVD) is 
    testing the use of public key infrastructure (PKI) to secure online 
    transactions with commercial firms, potentially setting the stage for 
    broader use, including, one day, smart driver's licenses, a state 
    official said.  PKI technology allows users to securely and privately 
    conduct transactions with companies or government agencies through a 
    browser. Transactions are encrypted, providing the decryption key only 
    when a user's identify has been authenticated with a digital 
    certificate.  (Federal Computer Week, 01 Apr)
    
    WWU Comment: Expanded government use of existing technologies is a step 
    forward in improved government efficiency.  Streamlining government 
    services will enhance the quality and the speed of service provided to 
    its citizens.
    
    Idea of combining food safety agencies gains momentum.  Food and Drug 
    Administration (FDA) Deputy Commissioner Lester Crawford said the split 
    of responsibility between the Department of Agriculture and the FDA is a 
    "curious division" and that he considers recent calls for a single food 
    safety agency to be serious.  In March, Homeland Security Director Tom 
    Ridge told an industry sponsored food safety summit that the Bush 
    administration continues to consider supporting the creation of a single 
    food safety agency.  (Govexec.com, 03 April)
    
    Are web sites as secure as they seem?  A recent survey of Web server 
    usage conducted by Netcraft found that up to 18 percent of servers using 
    Secure Socket Layer (SSL) encryption technology for Web site encryption 
    are potentially vulnerable to hackers.  SSL, a common protocol for 
    managing the security of message transmission on the Internet, is most 
    secure with a key of at least 1024 bits.  Currently, approximately 60 
    percent of all Web sites that use SSL are based in the US, where 15 
    percent of those sites are using short keys.  Further, sites that rely 
    on Transport Layer Security (TLS) protocol, the successor to SSL, are 
    also susceptible to the same vulnerabilities.  Ian Peacock, security 
    consultant at Netcraft explained, "For both SSL and TLS, there has been 
    talk in the developer community to build browsers that indicate how 
    strong the security connection is and it doesn't seem that would be too 
    difficult to achieve."  (IDG News Service, 03 Apr)
    
    Experts watch IE for anticipated malicious code activity. Believing 
    hackers have pieced together several serious exploits, researchers at 
    TruSecure Corp. issued a "watch" to their customers, saying a fresh wave 
    of Microsoft Internet Explorer (IE) attacks could hit the Internet in 
    the next one to four weeks.  TruSecure learned that hackers had 
    completed a lengthy analysis of several IE vulnerabilities and compiled 
    exploits for inserting and executing malicious code.  (Security Wire 
    Digest, 01 Apr)
    
    WWU Comment: Cooperation in developing malicious software code is a 
    trend that is growing at an alarming rate.  Analytical collaboration is 
    a major step beyond simple sharing of exploits and vulnerabilities. 
    'Combined exploits' is a developing trend that poses a very serious threat.
    
    Malware's destructive appetite grows.  'Friday the 13th' and 'Form' took 
    two to three years to go from birth to being No. 1 [in reported 
    attacks]. The macro virus 'Concept' took two to three months, and 
    'Nimda' took 22 minutes to go to No. 1.  Although the number of new 
    viruses introduced each year is declining, 'malware' is getting far more 
    destructive, spreading by multiple vectors and launching multiple 
    attacks.  'Nimda' propagated in five ways and carried multiple payloads 
    - not just data destruction but also creating vulnerabilities and 
    exploiting them.  (ComputerWorld, 01 Apr)
    
    My life worm mutating into new forms. Four mutations of the destructive 
    MyLife.a (w32.mylife.a@mm) virus were released at the end of March.  All 
    four new variants of MyLife share the same mass-mailing characteristics 
    of the original, and email themselves itself to all addresses in the 
    Microsoft Outlook address book and the MSN Messenger contact list. 
    (ZDNet, 02 Apr)
    
    WWU Comment: The two previous articles clearly illustrate the severity 
    of collaborative programming and combined exploits.  The increasing 
    speed of propagation and the subtlety of some malware will continue to 
    challenge system administrators and security professionals.
    
    XML security risks. eXtensible Markup Language (XML) is a universal 
    standard for document and data exchange that describes the logical 
    structure of a document and creates tags that contain and define data. 
    Increasingly, data is being stored in databases using the XML format 
    because XML eliminates the overhead common to relational databases and 
    creates complex schemas for multiple tables that can work across 
    products and platforms.  The security risk is created when data 
    definitions and data are packaged together and transmitted across the 
    Internet, providing anyone that can access the data the keys to the 
    content as well as the context. (PC Magazine, 02 Apr)
    
    Cisco security flaw could lead to DoS.  Cisco Systems issued an advisory 
    the week of 25 March saying that its Call Manager versions 3.0 and 3.1 
    call-processing application has a security flaw that could leave the 
    product open to a denial of service (DoS) attack.   The authentication 
    failure problem is most common in systems that have been recently 
    integrated with customer directories. Customers should contact Cisco, 
    their reseller, or other normal channels to obtain a security fix for 
    the vulnerability.  More information about the vulnerability is 
    available in Cisco's advisory, posted on line at 
    http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml. 
    (Info World, 02 Apr)
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:43 PDT