OCIPEP DAILY BRIEF Number: DOB02-072 Date: 31 May 2002 NEWS
FBI Warns of Shoulder-Fired Missile Attacks The FBI warned yesterday that, although it has no substantiating information on the subject, terrorists may try to shoot down U.S. commercial airliners with shoulder-fired missiles. There is a possibility that al-Qaeda operatives may have fired a missile at a U.S. military plane earlier this month, hence this warning. While the FBI does not possess any intelligence indicating al-Qaeda intentions to do so, there is evidence that terrorists have access to Russian- and U.S.-made man-portable air defense systems (MANPADS). The warning states that "law enforcement agencies in the United States should remain alert to potential use of MANPADS against U.S. aircraft." (Source: CNN.com, 30 May 2002) http://www.cnn.com/2002/US/05/30/missile.threat/index.html Comment: The threat posed by MANPADS to commercial aircraft cannot be dismissed. The weapons are believed to be available and require very little training to achieve a successful launch. Would-be attackers could set up a launcher several kilometres away from an airport and fire at departing airliners with deadly accuracy. Canada, U.S. to Stage Anti-Terrorism Exercise Canada and the U.S. will conduct a major anti-terrorism exercise on June 4, which will involve the hijacking of several aircraft in both countries. The exercise, dubbed Amalgam Virgo, will test the response capabilities of the RCMP, the FBI, Transport Canada, the Federal Aviation Administration, the North American Aerospace Defense Command and other government agencies on both sides of the border. Scenarios will include the "take-down" of an aircraft and hostage negotiations. The exercise will take place on the west coast; however, no exact locations were given. (Source: The Ottawa Citizen, 31 May 2002) http://www.canada.com/ottawa/ottawacitizen/story.asp?id={EBB463D9-C0F8-444B- 8673-AB3001A9784E} Ridge Discusses Homeland Security Strategy U.S. Homeland Security Director Tom Ridge explained in an interview with journalists yesterday that his office has been "working diligently, and…with a sense of both urgency and unparalleled cooperation, with both Canada and Mexico on the issues relating to infrastructure, people and cargo." Ridge added that unprotected border areas, such as the Great Lakes region, were the biggest challenge in implementing border security. In developing its homeland security strategy, the U.S. government plans to give the Federal Emergency Management Agency (FEMA) greater responsibilities in working with local first responders in times of emergency. FEMA ultimately would have "primary responsibility for building up a national capacity and mutual aid grants between communities." (Source: govexec.com, 30 May 2002) http://www.govexec.com/dailyfed/0502/053002kp1.htm IN BRIEF Calgary Prepared for Bioterrorist Attack During G8 Summit Calgary Laboratory Services (CLS) has been stockpiling supplies and has scheduled extra staff in order to be prepared for any eventualities, including bioterrorism, during the G8 Summit. CLS Head of Microbiology, Dr. Deirdre Church, stressed that while the system will be efficient, staff could not handle the consequences of a large-scale attack. (Source: CBC News, 30 May 2002) http://calgary.cbc.ca/template/servlet/View?filename=bt_5302002 Alberta Forest Fire: Update The fire that has been burning all week near the hamlet of Conklin was only six kilometres from the residential area yesterday. Approximately 75 firefighters stayed behind to try to save the buildings. Equipment has been sent in from nearby communities as the fire was still out of control and wet weather was not in the forecast. (Source: CBC News, 30 May 2002) http://edmonton.cbc.ca/template/servlet/View?filename=fe_5302002 CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec reports on Win32,Linux/Simile.D, which is a very complex polymorphic, metamorphic virus that infects both Windows and Linux. The virus does not contain a destructive payload but infected files may display messages on certain dates. http://securityresponse.symantec.com/avcenter/venc/data/linux.simile.html Computer Associates reports on Win32.Enemany.C, which is a worm that propagates via Outlook e-mail and arrives with the subject line "The New Xerox Update for our WinXP" and the attachment "Xerox-Update.Exe" http://www3.ca.com/virus/virus.asp?ID=12026 Trend Micro reports on WORM_ORUET.A (a.k.a. WIN32.ENEMANY.D), which is a non-destructive, non-memory resident worm that propagates via Outlook e-mail with the subject line "Alle gegen den TEuro" and the attachment "teuro.Exe". http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_ORUET.A Vulnerabilities CERT/CC reports on vulnerabilities in the Cisco Content Service Switch (CSS) 11000 series switch that allow unauthenticated remote attackers to reboot affected devices and create a denial-of-service. http://www.kb.cert.org/vuls/id/686939 http://www.kb.cert.org/vuls/id/330275 SecurityFocus reports on a vulnerability in phpTest prior to v0.5.6 that could allow a remote attacker to view the test results of other users. View the "solution" tab for upgrade information. http://online.securityfocus.com/bid/4868/discussion/ SecurityFocus provides a report on a vulnerability in the process of adding a syncache to FreeBSD kernel that could lead to a denial-of-service. Follow link for workaround information. http://online.securityfocus.com/advisories/4159 SecurityFocus provides a report on a vulnerability in FreeBSD rc that could remove the contents of arbitrary directories. Follow link for workaround information. http://online.securityfocus.com/advisories/4160 SecurityFocus provides a report on a vulnerability in Mozilla prior to v1.0rc1 that could allow a hostile site to read and list user files. These vulnerabilities also affect the Galeon web browser, since it uses the Mozilla engine. Follow link for upgrade information. http://online.securityfocus.com/advisories/4161 SecurityFocus provides a report on a format string vulnerability in the dhcp server and client package from versions 3.0 to 3.0.1rc8 that could allow a remote attacker to gain privileges equivalent to the user running the DHCP daemon. Follow link for upgrade information. http://online.securityfocus.com/advisories/4162 SecurityFocus provides a report on a vulnerability in the HP-UX 11.00 and 11.11 swinstall command that incorrectly provides views of file data normally not permitted by a user and could result in a denial-of-service. Follow link for patch information. http://online.securityfocus.com/advisories/4163 SecurityFocus provides a report on buffer overflow vulnerabilities in the University of Washington imap daemon and the imap server that could allow a remote, authenticated attacker to execute commands on the server. Follow link for upgrade information. http://online.securityfocus.com/advisories/4166 http://online.securityfocus.com/advisories/4167 SecurityFocus reports on a directory traversal attack vulnerability in FileZilla FTP Server that could allow a remote attacker to access files outside the root directory tree. View "solution" tab for upgrade information. http://online.securityfocus.com/bid/4865/discussion/ SecurityFocus reports on a vulnerability in Charities.cron, which creates temporary files insecurely and could allow a local attacker to cause arbitrary files writeable by the cron scheduling daemon process to be written to via symlink attacks. View "solution" tab for upgrade information. http://online.securityfocus.com/bid/4869/discussion/ SecurityFocus reports on a vulnerability in IDS (Image Display System) that could allow a remote attacker to confirm the existence and location of various directories residing on the IDS host. No known patch is available as of yet. http://online.securityfocus.com/bid/4870/discussion/ SecurityFocus reports on a vulnerability in Firestorm IDS that can cause it to crash when it has received traffic with specific IP options set. This could result in a denial-of-service. View the "solution" tab for upgrade information. http://online.securityfocus.com/bid/4871/discussion/ SecurityFocus reports on a vulnerability in ECS K7S5A that could allow a local attacker to boot alternative media. No known patch is available as of yet. http://online.securityfocus.com/bid/4866/discussion/ Tools There are no updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7066 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk