Article: Canada Forges Ahead With Master Plan To Guard Key Infrastructures April 8, 2002
http://ocipep-bpiepc.gc.ca/pub_communi/article_ipent2_e.html Article: Canadian Official Calls For Cyber-Security Exercise With United States April 8, 2002 http://ocipep-bpiepc.gc.ca/pub_communi/article_ipent1_e.html ******************************************************* DAILY BRIEF Number: DOB02-034 Date: 08 April 2002 NEWS Saskatchewan Accepts Drinking Water Report Recommendations A report from a Saskatchewan inquiry regarding last year's drinking water problems in North Battleford suggests that a lack of inspectors, poor training, lax standards and inadequate regulation contributed to the outbreak of water-borne illness in that city. Up to 7,000 people became sick from drinking water containing the potentially fatal parasite cryptosporidium. The report states that there is considerable room to improve water treatment, the sampling of water sources and the testing of treatment plant operators. Recognizing that the problem could exist in other communities, the report suggests tougher standards for water treatment plants and better training for employees across the province. The Saskatchewan government accepted the report's recommendations and announced last Friday a new water strategy that will include increased spending on plant inspections and the hiring of more staff. (Source: Yahoo News, 5 April 2002) http://ca.news.yahoo.com/ Comment: The City of North Battleford is located on the North Saskatchewan River and has a population of approximately 15,000. The city operates two water treatment plants. In March and April of 2001, the city's water was found to be contaminated by the parasite cryptosporidium parvum. The source of the parasite is believed to be the treatment plant that draws water from the North Saskatchewan River. The outbreak caused 326 confirmed cases of gastrointestinal illness. As a result of the contamination, a boil water order was in place for three months. The Report of the Commission of Inquiry into matters relating to the safety of the public drinking water in the City of North Battleford can be found at: http://www.northbattlefordwaterinquiry.ca/inquiry/inquiry.htm Most Security Breaches Still Unreported In its seventh annual Computer Crime and Security Survey, the FBI warns that U.S. companies are losing large sums of money through the loss of proprietary information, but that the majority of these losses continue to go unreported. According to the report, written in cooperation with the Computer Security Institute (CSI), only one-third of intrusions is reported to law enforcement authorities. A CSI official says that "there is much more illegal and unauthorized activity going on in cyberspace than corporations admit to their clients, stockholders and business partners." Many firms choose not to report security breaches for fear of bad publicity, while others do not want to divulge proprietary information to investigators. It is becoming more important for the government and private sector to work together to share information, according to an FBI official, so that "the nation's critical infrastructures can be protected from cyberterrorists." The report also reveals that, contrary to popular belief, external threats are greater than those from within. (Source: CNN.com, 7 April 2002) http://www.cnn.com IN BRIEF U.S. Government Agencies Exposed U.S. government databases have, again, been found to be available to anyone with a web browser, according to Kitetoa, a group of French security "enthusiasts". The Defense Information Systems Agency (DISA), the International Trade Administration of the Department of Commerce and the U.S. Navy's Distance Support Anchordesk were the agencies reportedly exposed by Kitetoa. While the Department of Commerce and the Navy did not comment on the security lapses, a spokesperson for DISA explained that the agency was in the midst of redesigning its web site, which included new security measures. (Source: Newsbytes, 5 April 2002) http://www.newsbytes.com/ Infrastructure Owners Want Larger Share of Frequency Spectrum Two U.S. government agencies responsible for the allocation of frequency spectrum resources heard from government officials and critical infrastructure owners that the practice of providing more portions of the spectrum to the cellular networks should be re-examined after the September 11 events. The National Telecommunications and Information Administration and the Federal Communications Commission have been told to pay more attention to "critical infrastructure industries", which use the spectrum to manage their widespread physical plants. (Source: Computerworld.com, 5 April 2002) http://www.computerworld.com/ CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec provides reports on the following threats: W32.Maldal.J W32.Maldal.J is a mass-mailing worm that also logs keystrokes. It sends an email message to all addresses that it finds in the Microsoft Outlook address book, the MSN Messenger list and in .html files on the infected computer. The email message contains an HTML link to a file named FixerData.exe. FixerData.exe then downloads the file Data.exe from a particular web site and runs it. Data.exe is the mass-mailing component of W32.Maldal.J. http://securityresponse.symantec.com/avcenter/venc/data/w32.maldal.j.html W97M.Cisi.A W97M.Cisi.A is a macro virus that infects open Microsoft Word documents and the global template Normal.dot. When you close an infected document, the message "Thank's for Not Deleting Cisi_Lupi" appears. Once the virus infects the global template, it hides any other virus infections (in other documents) by turning off macro virus protection just before it opens documents, and then turning it on again after any macros have executed. During FileOpen and AutoOpen, this virus changes the title bar text "Microsoft Office" to "Micro$oft Word" and then to "Bappebti Microsoft Word." http://securityresponse.symantec.com/avcenter/venc/data/w97m.cisi.a.html Vulnerabilities SecurityFocus provides information on the following vulnerabilities: Security Vulnerability in Audit Subsystem HP Secure OS software for Linux release 1.0 includes an audit daemon that is statically linked with zlib. Zlib has been found to have a flaw. http://online.securityfocus.com/advisories/4017 Microsoft Windows MUP Overlong Request Kernel Overflow There is a buffer overflow vulnerability in the Multiple UNC Provider (MUP) driver of Microsoft Windows systems which would lead to a system reboot or an unauthorized access to Local SYSTEM by a local attacker. http://online.securityfocus.com/advisories/4019 Microsoft Internet Explorer Cascading Style Sheet File Disclosure Vulnerability The Cascading Style-Sheets (CSS) interpreter for Microsoft Internet Explorer is prone to an issue that may allow an attacker to read the contents of files on a web user's system. A remote attacker may exploit this via a malicious web page to disclose sensitive information contained in (almost) arbitrary files that exist on a web user's system. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4411 Cyrus SASL LDAP+MySQL Authentication Patch SQL Command Execution Vulnerability Due to a design problem in the Cyrus SASL LDAP+MySQL patch, users may gain remote access to others' mail accounts. By passing a specially crafted SQL command to the password challenge, it is possible to provoke a successful authentication response from the MySQL server. This would give access to the mail of the user specified in the login challenge. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4409 ZoneLabs ZoneAlarm MailSafe Extension Dot Filtering Bypass Vulnerability A vulnerability has been reported in some versions of the ZoneAlarm firewall. MailSafe may be configured to block file attachments with a certain extension, for example, all .exe files. If the same file is sent with an additional '.' appended to the filename, it will not be blocked. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4407 Lotus Domino MS-DOS Device Path Disclosure Vulnerability Vulnerable versions of Lotus Domino do not properly handle specially crafted requests for MS-DOS devices, causing sensitive path information to be disclosed to remote attackers. Sensitive information gathered in this manner might aid the attacker in further attacks against the host running the vulnerable software. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4406 Dynamic Guestbook Cross-Agent Scripting Vulnerability Dynamic Guestbook does not sufficiently sanitize potentially malicious characters, such as HTML tags, from form fields. As a result, it may be possible to inject arbitrary script code into pages that are generated by the guestbook. The script will execute in the clients of other users when the malicious guestbook entries are viewed. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4422 CiscoSecure ACS for Windows Arbitrary File Access Vulnerability ACS does not properly handle user-supplied input. Under some circumstances, it may be possible for a remote user to read arbitrary files. By supplying a custom-crafted URL to the ACS, an attacker may be able to read a file in a known location on the partition when the ACS software is installed. These file types are limited to those ending in .html, .htm, .class, .jpeg, .jpg, and .gif. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4417 Icecast AVLLib Buffer Overflow Vulnerability Icecast does not properly check bounds on data sent from clients. Because of this, it is possible for a remote user to send an arbitrarily long string of data to the server, which could result in a stack overflow and the execution of user-supplied code. The code would be executed with the privileges of the Icecast server. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4415 PHPGroupware Login SQL Command Execution Vulnerability PHPGroupware does not properly handle data from the login field. Due to insufficent checking of input, it is possible for a user to embed SQL commands. By using special characters, it is possible for a remote user to pass commands through the login field that will be executed in the database. This may also enable an attacker to exploit vulnerabilities that may exist in the underlying database. Tools No updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7066 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer OCIPEP publications are based on information obtained from a variety of sources. The organization makes every reasonable effort to ensure the accuracy, reliability, completeness and validity of the contents in its publications. However, it cannot guarantee the veracity of the information nor can it assume responsibility or liability for any consequences related to that information. It is recommended that OCIPEP publications be carefully considered within a proper context and in conjunction with information available from other sources, as appropriate. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk