DAILY BRIEF Number: DOB02-149 Date: 20 September 2002 http://www.ocipep.gc.ca/DOB/DOB02-149_e.html
NEWS Deputy Clerk of the Privy Council appointed President of the Canadian Food Inspection Agency Richard Fadden, currently Deputy Clerk of the Privy Council, and Security and Intelligence Coordinator, was appointed President of the Canadian Food Inspection Agency, effective 23 September 2002. Ronald Bilodeau, Associate Secretary to the Cabinet and Deputy Minister to the Deputy Prime Minister, will assume additional responsibilities as Security and Intelligence Coordinator and Deputy Minister for policy and operations of the Communications Security Establishment. Click here for the source article Internet cable: Growing popularity in the U.S. - Correction Yesterday's Daily Brief cited an article that discussed the growing popularity of Internet cable in the U.S. We would like to clarify that cable modems are the primary means that North Americans use for high-speed connections to the Internet. (Source: globeandmail.ca, 18 September 2002) Click here for the source article Winnipeg sewage spill under control The flow of untreated sewage into the Red River has been stopped, according to city officials in Winnipeg. Since the leak began on September 16, approximately 550,000 cubic metres of sewage was dumped into the river. City officials want a review of the incident in order to prevent a similar mishap. (Source: CBC Manitoba, 19 September 2002) Click here for the source article Comment: No serious environmental incidents have been reported as a result of the spillage. Preliminary test results have shown that oxygen levels in the river are near-normal. West Nile virus The Centers for Disease Control and Prevention (CDC) warn that the West Nile virus may be spread through blood transfusions. The CDC has studied several cases associated with transfusions and concluded that the West Nile virus "probably can be spread by transfusion." (Source: thestar.com, 19 September 2002) Click here for the source article Comment: OCIPEP Operations is monitoring the situation with respect to the West Nile virus. Additional information on West Nile transmission through blood transfusion and organ donations can be found on the CDC web site at: http://www.cdc.gov/ncidod/dvbid/westnile/qa/transfusion.htm Other links can be found on the OCIPEP web site at: http://www.ocipep.gc.ca/otherlinks/hlinx_e.html IN BRIEF Ontario to improve border crossings The Province of Ontario plans to ease congestion at border crossings in hopes of improving trade with Michigan. The Premier of Ontario has announced that repairs will be made to Highway 402 which connects Sarnia and Port Huron, Michigan. He also suggested that repairs will be made to the Ambassador Bridge, which connects Windsor and Detroit. (Source: cbc.ca, 19 September 2002) Click here for the source article Comment: The OCIPEP Daily Brief DOB02-095, released 4 July 2002, reported that the Mayor of Windsor threatened to declare a state of emergency in order to control traffic congestion in the city caused by trucks trying to cross the Ambassador Bridge. No change expected in oil output: OPEC The Organization of Petroleum Exporting Countries (OPEC) decided not to bow to pressure from Western countries and increase production, even though prices have soared to year-high levels of nearly $30 U.S. per barrel. (Source: CTV.ca, 19 September 2002) Click here for the source article Oil-sands project on hold due to Kyoto Protocol TrueNorth Energy L.P., the developer of an oil-sands megaproject in Alberta, said it will delay - and perhaps end - its multi-billion-dollar investment, citing the fog of uncertainty created by the federal government's failure to explain how Canada plans to reduce greenhouse gas emissions. Environment Minister David Anderson said he was "skeptical" about the rationale and timing for TrueNorth's announcement. (Source: globeandmail.ca, 20 September 2002) Click here for the source article U.S. ".gov" info restricted over attacker fears VeriSign, Inc. has stopped providing access to information about the .gov internet domain, which is restricted to U.S. government bodies, over concerns the data could be used in planning internet attacks. (Source: The Register, 20 September 2002) Click here for the source article Many U.S. cities not reacting to orange A survey conducted by the National League of Cities revealed that many U.S. cities took very few precautionary measures, and some none at all, in response to the federal government's elevation of the terrorist alert system to "high" on the eve of the anniversary of the September 11 attacks. (Source: USA TODAY, 19 September 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Symantec reports on Trojan.Avid, which is a malicious threat that steals locally saved AOL passwords and sends them to a specific e-mail address. http://securityresponse.symantec.com/avcenter/venc/data/trojan.avid.html Symantec reports on W32.HLLW.Dax, which is a worm that propagates via open network shares and attempts to replicate itself to that share as "Ordin Popescu.exe." It also contains a backdoor that enables a remote attacker to connect to and control the computer. By default it opens port 3256 on the compromised computer. http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.dax.html Trend Micro reports on WORM_DULOAD.C, which is a worm that propagates via Kazaa and attempts to send an e-mail with no subject, message, or visible attachments. The e-mail's "FROM" field contains the name of the infected user and the "TO" field contains the target recipient. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DULOAD.C Trend Micro reports on WORM_BOOSTRAP.A, which is a Trojan horse that propagates via SMTP and runs every time an .EXE file is executed. It does not stop running until that .EXE file is closed. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOOSTAP.A Trend Micro reports on ELF_SLAPPER.C, which is freely distributed over the Internet and uses a remote exploit for Apache/mod_ssl servers. When compiled, it can be used as a hacking tool against systems using OpenSSL v0.9.6d and below. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=ELF_SLAPPER.C Trend Micro reports on ELF_SLAPPER.B, which is freely distributed on the Internet and can be used as a hacking tool against systems using FreeBSD 4.5 Apache 1.3.20-24. It uses a known vulnerability that allows an attacker to connect to a system using a shell on TCP port 30464. From there, other exploits can be used to access the root. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=ELF_SLAPPER.B Vulnerabilities Microsoft reports on a remotely exploitable vulnerability in MS VM up to and including build 5.0.3805 JDBC Classes that could allow for code execution. Follow the link for patch information. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bull etin/MS02-052.asp Cisco reports on remotely exploitable denial-of-service vulnerabilities in MS Windows SMB in Cisco Products (see MS Security Bulletin MS02-045: http://www.microsoft.com/technet/security/bulletin/MS02-045.asp) that could allow an attacker to execute arbitrary code or perform a denial-of-service. http://www.cisco.com/warp/public/707/Microsoft-SMB-vulnerability-MS02-045-pub.sh tml Cisco reports on remotely exploitable vulnerabilities in Cisco VPN 5000 Client (multiple versions). Follow the link for patch information. http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml SecurityFocus reports on a remotely exploitable denial-of-service vulnerability in IBM Websphere 4.0.3. Follow the link for patch information. http://online.securityfocus.com/advisories/4494 Additional vulnerabilities were reported in the following products: DB4Web 3.4 and 3.6 connection proxy and file disclosure vulnerabilities. (SecurityFocus) http://online.securityfocus.com/bid/5725/discussion/ http://online.securityfocus.com/bid/5723/discussion/ NetBSD TIOCSCTTY ioctl vulnerability. (SecurityFocus) http://online.securityfocus.com/advisories/4480 SGI IGMP multicast report denial-of-service vulnerability. (SecurityFocus) http://online.securityfocus.com/advisories/4487 SGI IRIX 6.5 default root umask and coredumps vulnerability. (SecurityFocus) http://online.securityfocus.com/advisories/4488 SuSE xf86 local privilege escalation vulnerability. (SecurityFocus) http://online.securityfocus.com/advisories/4491 Foundstone ISS Scanner 6.2.1 buffer overflow vulnerability. (SecurityFocus) http://online.securityfocus.com/advisories/4493 Tools Chkrootkit 0.37 is a tool that locally checks for signs of a rootkit. (Chkrootkit) http://www.chkrootkit.org/ CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk