NIPC issues Advisory 02-004, "ISC BIND 9 DoS Vulnerability." The vulnerability is in version 9.x below 9.2.0. The exploitation of this vulnerability will cause vulnerable BIND server(s) to abort and shut down, which could possibly cause a Denial-of- Service (DoS). The NIPC urges the community to apply patches from vendors to upgrade their version of BIND 9 to BIND 9.2.1. The NIPC's Advisory can be viewed at www.nipc.gov/warnings/advisories/2002/02-004.htm. Utilities unite against power-grid oversight. A coalition of Pacific Northwest public utilities stepped up its opposition to federal plans for a regional agency to oversee electricity transmission across the West, claiming it would boost rates and open the grid to Enron-style market abuse. Coalition leaders say the proposed "regional transmission organization," or RTO, would add a layer of costly federal bureaucracy that would strip control of the power grid from local governments and utilities that are accountable to voters and customers. FERC Chairman Patrick Wood III acknowledged the concerns of the utilities and said he wants to make sure any new regional organization would be able to prevent price manipulation or the kinds of energy deregulation problems that led to a January 2001 statewide emergency in California. However, Mr. Wood would not back off plans to develop the new organization, saying regional cooperation on energy planning is needed to sustain economic growth and prevent transmission-system bottlenecks. FERC has called for establishing the new regional organization as part of a broader federal effort to standardize transmission systems across the country. (Seattle Times, 4 June) Electric Power Research Institute (EPRI) Reliability Initiative identifies industry best practices. On 13 May EPRI, a non-profit center for public interest energy and environmental research, announced the completion of the first comprehensive database of electricity distribution practices across the nation. The information was gathered during EPRIs Power Delivery Reliability Initiative Distribution Project and will be used by utility companies to develop strategies for improving system reliability in the most cost-effective manner. Funded entirely by 40-plus utility members, the Reliability Initiative was directed by EPRI on behalf of the electric power industry, in coordination with the North American Electric Reliability Council (NERC). EPRIs Distribution Program Knowledge Base now contains detailed descriptions of hundreds of distribution system practices. By using the database, distribution companies learn how other utilities solve reliability problems and can adapt the appropriate practices to improve their own system performance. (Power Engineering International, 3 June) Privacy vs. security. Driven by provisions in the USA Patriot Act (anti-terror legislation approved after Sept. 11); banks, securities firms and other companies are installing computer systems that draw together millions of transactions in the search for money laundering, terrorist financing or other unusual patterns. Congress also requires that financial companies authenticate new customers, check their identities against government watch lists and maintain records for government scrutiny. The law encourages financial institutions to share information among themselves about customers suspected of being involved in terrorism or money laundering, and it gives them protection from legal liability for doing so. In addition, it gives law enforcement and intelligence agencies greater access to confidential information without a subpoena in requiring that credit bureaus secretly turn over credit reports to the CIA, National Security Agency and other intelligence agencies when presented with a request signed by a senior agency official. (Washington Post, 3 June) DOT expects baggage screeners to be out of view. Checked bags should be screened for explosives as they travel from the ticket counter to the airplane, the head of the Transportation Security Administration says. The intention is for bags to be examined after check-in but before being loaded on the plane. The inspections would be done without the passengers watching, though a traveler could be called if the machine's alarm goes off and the bag needs to be opened and searched by hand, officials said. The process would not add to the congestion of the check-in and passenger screening process, instead becoming part of the normal process of transferring the baggage from the ticket counter to the airplane. (Associated Press, 4 June) Pakistan - War in cyberspace. Pakistan is both overtly and covertly causing cyber disturbances in India. Among the covert activities, Pakistan has started supporting and funding groups involved in cyber attacks on Indian nets. Such cyber attacks have been directed against the Indian government and corporate nets. Cyber attacks intensify when the physical tensions escalate between the two nations. The present tensions could also have renewed attacks from Pakistani cyber forces. (Asia Intelligence Wire, 31 May) Download sites hacked, source code contaminated. According to the program developer, the source code to the Dsniff, Fragroute and Fragrouter security tools was contaminated on 17 May after an attacker gained unauthorized access to the site. When installed on a Unix-based machine, the modified programs open a backdoor accessible to a remote server hosted by RCN Corporation, according to an excerpt of the contaminated Fragroute program posted on 31 May to Bugtraq. Nearly 2,000 copies of the booby-trapped security programs were downloaded by unsuspecting Internet users before the malicious code was discovered on 24 May. (Security Focus, 3 June) City landlords get a primer for spotting terrorist tenants. Landlords should be suspicious of tenants who insist on first-floor apartments, have little furniture, use cash, prefer pay phones and try to hide their identities, New York Police Department officials said at a 3 June briefing on fighting terrorism. The closed three-hour meeting at 1 Police Plaza drew 250 landlords and real estate executives, who were given a 38-page handbook that covered topics including understanding terrorist goals, spotting fake passports and ingredients used in making a pipe bomb. (New York Times, 4 June) Training targets computer crimes. In an attempt to reduce criminal activity in the PC world, additional training on investigating and prosecuting cyber criminals will be available this fall to personnel in the offices of the attorneys general in each of the 50 states. Criminal activity over the Internet and on computer systems has become more sophisticated, making it extremely difficult to investigate crimes and prosecute "hackers." The difficulty magnifies when computers and other equipment are used to commit crimes across jurisdictional boundaries. (Federal Computer Week, 4 June)
This archive was generated by hypermail 2b30 : Wed Jun 05 2002 - 09:22:06 PDT