DAILY BRIEF Number: DOB02-125 Date: 16 August 2002 http://www.ocipep.gc.ca/DOB/DOB02-125_e.html
NEWS PM, Bush Plan to Meet Before Sept. 11 In order to signal the importance of a neutral and secure border, Prime Minister Jean Chrétien and U.S. President George W. Bush are expected to meet at a shared-border crossing on the eve of the anniversary of the Sept. 11 terrorist attacks. A senior Liberal official is cited as saying that this meeting is an opportunity for the Prime Minister and President to broaden issues on border management. Officials in both the Prime Minister's Office and in Washington, D.C. are still working out the details of this meeting, which is tentatively scheduled to take place in Detroit on Sept. 9. (Source: globeandmail.com, 16 August 2002) Click here for the source article Comment: Canada's Deputy Prime Minister John Manley and U.S. Homeland Security Director Tom Ridge have signed a 30-point border-security plan called the Smart Border Declaration, which is designed to ensure the efficient and secure movement of people and goods across the Canada - U.S. border. As part of the declaration, OCIPEP and its U.S. partners have been working to assess the threat to shared critical infrastructure with a view to developing appropriate protection strategies. The declaration can be viewed at: http://www.dfait-maeci.gc.ca/anti-terrorism/actionplan-en.asp. Microsoft Security Bulletin (MS02-042)-Flaw in Network Connection Manager Could Enable Privilege Elevation Microsoft has identified a flaw in Network Connection Manager (NCM). NCM provides a controlling mechanism for all network connections managed by a host system. Microsoft has rated the potential impact that could result from successful exploitation as critical for Intranet servers and client systems, and low for Internet servers. A patch is currently available. Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-042.asp. Cyber Attacks May Commemorate September 11 The Managing Director of Sophos Anti-Virus Asia, a leading anti-virus software provider, is advising computer users to practise additional vigilance in the next few weeks. In his interview with BusinessWorld Online, the Director warns people to be cautious when opening e-mail messages. As September 11 approaches, the first anniversary of terrorist attacks on the United States, there is a possibility that hackers and virus writers may be planning to bring attention to this infamous day. Last month, Sophos reported that of the top 10 viruses regularly monitored, the top three viruses were politically motivated. (Source: ds-osac.org, 15 August 2002) Click here for the source article Comment: A virus that is developed to draw on the emotions surrounding September 11 could be successful if end-users and administrators do not continue to be cognizant of the risks surrounding any new virus. The key to end-user education is to ensure that they do not aid in the distribution of a virus by executing or forwarding any suspicious attachment. For more information on virus prevention please refer to: http://www.sophos.com/virusinfo/whitepapers/prevention.html IN BRIEF Saskatchewan Patients Face Minute Risk of CJD Infection The 71 Saskatchewan patients who may have been exposed to the human version of mad cow disease, otherwise known as Creutzfeldt-Jakob Disease (CJD), were told yesterday by a provincial health official that their risk of being infected is "extremely minute." (Source: CBC News, 15 August 2002) Click here for the source article West Nile (WN) Virus Cases Expected to Soar in U.S. U.S. federal health officials are predicting that the number of new West Nile virus cases will soar to as many as 1,000 in the next few days. The average fatality rate of the WN virus is approximately 10 percent. (Source: nytimes.com, 16 August 2002) Click here for the source article Pilots Look to Internet for FAA Warnings Several major U.S. airlines and the Federal Aviation Administration (FAA) are turning to the Internet to improve anti-terror information sharing and to improve the safety of flight operations. (Source: Computerworld.com, 15 August 2002) Click here for the source article Securing Laptop Information New anti-theft and security technology enables a laptop to automatically encrypt its data in the event that it is separated from its user. (Source: http://www.newscientist.com, 15 August 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Sophos reports on VBS/LoveLet-DO, which is a worm that propagates via e-mail. It arrives with the subject line "fwd: Joke" and the attachment "Very Funny.vbs". http://sophos.com/virusinfo/analyses/vbsloveletdo.html Symantec reports on PWSteal.Netsnake, which is a Trojan horse that steals and collects user passwords and mails them to the intruder. http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.netsnake.html Symantec reports on Backdoor.Ndad, which is a Trojan horse that provides a graphical user interface to perform administrative tasks on a compromised Windows NT machine. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ndad.html Symantec reports on W32.Golsys.14292, which is a variant of W32.Golsys.8020; however, the virus size of this variant is 14,292 bytes. This virus infects Windows 32-bit executable files both on the local hard drive and on mapped drives. http://securityresponse.symantec.com/avcenter/venc/data/w32.golsys.14292.html Symantec reports on Backdoor.Gholame, which is a Trojan horse that opens two ports on the computer; this allows a hacker to gain full control over the system. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.gholame.html Vulnerabilities Oracle reports on a remotely exploitable cross-site scripting vulnerability in Oracle 9i Application Server 1.0.2 .2, 1.0.2 .1s, 1.0.2 and 9.0.2 OJSP Demo Scripts. Follow the link for patch information. http://otn.oracle.com/deploy/security/pdf/2002alert41rev1.pdf SecurityFocus reports on a remotely exploitable vulnerability in MS Internet Explorer 6.0 that could allow malicious file attachments to execute arbitrary code in the context of the local system. No known patch is available at this time. http://online.securityfocus.com/bid/5450/discussion/ SecurityFocus reports on a remotely exploitable symlink attack vulnerability in Adobe Acrobat Reader 4.05. Follow the link for workaround information. http://online.securityfocus.com/advisories/4395 Patches: SNMPv1 support pack files available. http://online.securityfocus.com/advisories/4394 Additional vulnerabilities were reported in the following products: CafeLog b2 2.6 pre4 WebLog Tool cross-site scripting and SQL injection vulnerabilities (SecurityFocus). http://online.securityfocus.com/bid/5455/discussion/ http://online.securityfocus.com/bid/5456/discussion/ Red Hat Interchange 4.8.1 - 4.8.5 confidential information exposure vulnerability (SecurityFocus). http://online.securityfocus.com/bid/5453/discussion/ Origin 3000 MAC address change vulnerability (SecurityFocus). http://online.securityfocus.com/advisories/4396 L-Forum SQL injection vulnerability (SecuriTeam). http://www.securiteam.com/securitynews/5DP0C1F80I.html Tools There are no updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk