OpenSSH vulnerability. The NIPC is aware of a vulnerability in OpenSSH version 3.3 and below. Users are strongly encouraged to visit http://www.openssh.com/ <http://www.openssh.com/> to obtain and install version 3.4 of this product. Additional information on this issue is available at: Internet Security Systems OpenSSH Remote Challenge Vulnerability http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584 <http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584 > OpenSSH OpenSSH Security Advisory http://www.openssh.com/txt/preauth.adv <http://www.openssh.com/txt/preauth.adv> Computer crime incidents may be reported online at http://www.nipc.gov/incident/cirr.htm <http://www.nipc.gov/incident/cirr.htm> Cyber attacks by al Qaeda feared by US. According to US officials, the potential exists for the compromise of digital devices that allow remote access of Distributed Control Systems (DCS) and Supervisory Control and Data Acquisition Systems (SCADA). The simplest of these devices collect measurements, throw railway switches, close circuit breakers, or adjust valves in the pipes that carry water, oil, and gas. More complicated versions of these type of devices sift incoming data, govern multiple devices, and control other areas of the infrastructure. Recently, evidence has been discovered that al Qaeda operators have spent time on Web sites that offer software and programming explanations for the digital switches that run power, water, transport and communications grids. By disabling or taking command of floodgates in a dam or a sub-station handling electric power, analysts believe an intruder could use cyber tools to disrupt/destroy critical infrastructures. It is surmised that terrorists may combine these techniques, synchronized with physical acts of terrorism. (Washington Post, 26 Jun) SEC Charges WorldCom with fraud. The Securities and Exchange Commission charged WorldCom Inc., the nation's second-largest long-distance telephone company, with defrauding investors by improperly accounting for $3.9 billion in expenses during 2001 and the early part of this year. "In a scheme directed and approved by its senior management, WorldCom disguised its true operating performance by using undisclosed and improper accounting" that made the company appear more profitable than it was, the SEC stated in a suit filed in U.S. District Court in New York. (Washingtonpost.com, 27 Jun) WWU Comment - The repercussions from this investigation could begin to affect smaller telecommunication providers in terms of service, since many smaller Internet Service Providers lease lines through WorldCom. Users could experience loss of service and lack of technical support in the case of service disruption or failure. The uncertainty revolving around WorldCom may provide an opportunity for intrusion attempts and system integrity checks against the IP blocks owned by WorldCom. Transportation Security Administration announces next two airports to receive federal passenger screeners. The Transportation Security Administration (TSA) successfully placed federal passenger screeners at Mobile Regional Airport, AL, and Louisville International Airport, KY. The deployment of the federal screeners marks another step in TSA's goal of hiring, training and mobilizing more than 50,000 new passenger and baggage security screeners. TSA deployed the nation's first federal team of screening personnel on 30 April, 2002 at Baltimore/Washington International Airport (BWI). (U.S. Department of Transportation, 25 Jun) Bush official urges agencies to upgrade homeland security systems now . The Bush Administration is urging Federal agencies not to wait for the creation of the new Homeland Security Department to upgrade their information technology systems to better protect the nation. Jim Flyzik, a member of the President's Critical Infrastructure Protection Board stated that "we cannot only improve security but improve performance" in airports, at the nation's borders and ports, and elsewhere. Mr. Flyzik feels it is imperative that agencies build from each other's modernization efforts. (Gov Exec.com, 25 Jun) 25,000 gas masks ordered for the Capitol in case of a terrorist attack . 25,000 gas masks have been ordered to help protect the Capitol - tourists included - in the event of a chemical or biological attack. The masks will be stored around the building to help tourists and members of Congress and their staffs survive a chemical or biological attack. "The reason we're doing this is because the Capitol was targeted for a bio-terrorist attack, the anthrax attack," the official said. Anthrax-laced mail sent to the Capitol last fall killed two postal workers. (Associated Press, 26 Jun) ~dmh
This archive was generated by hypermail 2b30 : Thu Jun 27 2002 - 10:23:02 PDT