[INFOCON] - Ridge Aims to Reduce U.S. Vulnerabilities to Terrorism
[At least life as a politician in DC will be interesting again as they will be facing the biggest turf war ever which could get quite nasty. The proposed Homeland Security Department will also have to survive 88 congressional committees and subcommittees. So one should really ask whether this will be worth the effort as the government's limited resources could be used to make current the agencies more efficient. There is something wrong with the system and it looks like that instead of changing the system, the administration just risks to create another layer of bureaucracy which might not really help to protect the nation. WEN] 10 June 2002 Ridge Aims to Reduce U.S. Vulnerabilities to Terrorism (Homeland Security Advisor Wants To Draw Lessons From 9-11)(3500) Homeland Security Advisor Tom Ridge wants to draw on the security expertise in the federal government to "significantly reduce the vulnerability to terrorism and terrorist attack." Speaking June 10 to the National Association of Broadcasters Education Foundation in Washington, Ridge said: "It's time for us to take the lessons learned from 9/11 and from our war on terrorism and apply them to homeland security." He said the new Cabinet-level Department of Homeland Security proposed by President Bush should be "a clearinghouse for many of the best practices that we believe can be deployed to prevent terrorism." The new department, which must be approved by Congress, should have one single mission, Ridge said: to protect the American people and their way of life from terrorism. Drawing 170,000 existing personnel from now disparate sources, he said the new department "will bring together everyone under the same roof, working toward the same goal and pushing in the same direction." Following is the transcript of Ridge's remarks: (begin transcript) THE WHITE HOUSE Office of the Press Secretary June 10, 2002 REMARKS BY HOMELAND SECURITY ADVISOR TOM RIDGE TO THE NATIONAL ASSOCIATION OF BROADCASTERS EDUCATION FOUNDATION 2002 SERVICE TO AMERICA SUMMIT Ronald Reagan Building Washington, D.C. GOVERNOR RIDGE: Thank you, Eddie. And good morning, ladies and gentlemen. I want to thank you for this invitation to spend some time with you this morning. I must applaud Eddie and the foundation for extending the invitation several weeks ago. Your timing was impeccable. (Laughter.) So I might consider to borrow your crystal ball in the future. But it is good to have the opportunity within a few short days after the President announced his vision and his plan to create a Cabinet-level Department of Homeland Security to spend some time with this organization. So I very much appreciate the opportunity to speak to your group at such an important time for our country. The nine months since the terrorist attacks have been a great time to be an American, in spite of the horror and the tragedy associated with the attacks. We have learned so much about what this country and its people are all about. And most of what we have learned, we have learned through you. Through your unblinking eyes and ears, the entire human drama was brought into our living rooms -- the heartbreaking losses, the heroic responses, the heartfelt prayers and words of comfort from a concerned nation. Many of your stations offered 24-hour coverage in the days following the attacks. And in doing so, you accepted the reality of lost ad revenues at a time when advertising was already scarce. No matter the cost, you continued to get the news out. At the same time, through your efforts, broadcasters helped this country raise in excess of $1 billion [$1 thousand million] for the victims of 9/11 and related causes -- an extraordinary contribution in and of itself. And you still found time to record and air PSAs [Public Service Announcements], answering the questions all Americans had: How can we help? You've even won over some old critics. Apparently, a former FCC [Federal Communications Commission] chairman about four decades ago in a speech to your group -- a fellow by the name of Newton Minow -- was very, very critical of the media. But recently he was reported to have said, and I quote, "Television deserves a round of gratitude from the American people for the way they have handled this crisis. They deserve the highest praise." But most importantly, as Americans understand it, you did your job, keeping all of us informed and aware. Now I think broadcasters have a new challenge, reporting on homeland security. In many ways -- many, many ways -- this is a much more difficult story to report. It doesn't have very good sound or visuals. It's complicated. There are a lot of gray areas. There aren't too many photo opportunities. It can be under-reported, breeding false confidence, or over-reported, stoking unnecessary fears. But it is one of the most important, if not the most important, story of our lifetimes. It's the story of how we protect American lives and the American way of life, th
[INFOCON] - UNIRAS Briefing - 181/02 - MICROSOFT - UncheckedBuffer in MSN Chat Control Can Lead to Code Execution (Rev - full
-Original Message- From: UNIRAS (UK Govt CERT) Sent: 12 June 2002 14:14 To: Undisclosed Recipients Subject: UNIRAS Briefing - 181/02 - MICROSOFT - Unchecked Buffer in MSN Chat Control Can Lead to Code Execution (Rev - full protection now available) -BEGIN PGP SIGNED MESSAGE- - -- UNIRAS (UK Govt CERT) Briefing Notice - 181/02 dated 12.06.02 Time: 14:12 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre) - -- UNIRAS material is also available from its website at www.uniras.gov.uk and Information about NISCC is available from www.niscc.gov.uk - -- Title = MICROSOFT Security Bulletin: Unchecked Buffer in MSN Chat Control Can Lead to Code Execution (Rev - full protection now available) Detail == - -BEGIN PGP SIGNED MESSAGE- - - -- Title: Unchecked Buffer in MSN Chat Control Can Lead to Code Execution (Q321661) Released: 08 May 2002 Revised:11 June 2002 (version 2.0) Software: MSN Chat, MSN Messenger, Exchange Instant Messenger Impact: Run Code of Attacker's Choice Max Risk: Critical Bulletin: MS02-022 Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-022.asp. - - -- Reason for Revision: On May 8 2002, Microsoft released the original version of this bulletin. On June 11, 2002 the bulletin was updated to announce that while the fixes issued on May 8 2002 resolved the vulnerability, they did not protect in all cases against the reintroduction of the vulnerable control. As a result, a new set of fixes is being released to ensure that systems are fully protected against the reintroduction of the vulnerable control. A new MSN Chat control, updated patch, updated version of MSN Messenger and an updated version of Exchange Instant Messenger have been made available. Customers who have applied any of the fixes released on May 8, 2002 are encouraged to consider applying the updated fixes. Issue: == The MSN Chat control is an ActiveX control that allows groups of users to gather in a single, virtual location online to engage in text messaging. The control is offered for download as a single ActiveX control from a number of MSN sites. In addition, it is included with MSN Messenger since version 4.5 and Exchange Instant Messenger. While the MSN Chat control is included with these products it is not used to provide Instant Messaging functionality, but rather to add chat functionality to those products. An unchecked buffer exists in one of the functions that handles input parameters in the MSN Chat control. A security vulnerability results because it is possible for a malicious user to levy a buffer overrun attack and attempt to exploit this flaw. A successful attack could allow code to run in the user's context. It would be possible for an attacker to attempt to exploit this vulnerability either through a malicious web site or through HTML email. However, Outlook Express 6.0 and the Outlook Email Security Update, which is available for Outlook 98 and Outlook 2000, Outlook 2002 and can thwart such attempts through their default security settings. Mitigating Factors: - A successful attack would require that the user have installed the MSN Chat control, MSN Messenger, or Exchange Instant Messenger. - The MSN Chat control does not install with any version of Windows or Internet Explorer by default. - Windows Messenger which ships with Windows XP does not include the MSN Chat control. Windows XP users would be vulnerable only if they have chosen to install the MSN Chat control from MSN sites. - The HTML email attack vector is blocked by the following Microsoft mail products: - Outlook 98 and Outlook 2000 with the Outlook Email Security Update - Outlook 2002 - Outlook Express. This is because these products all open HTML email in the Restricted Sites zone by default. Risk Rating: - Internet systems: Low - Intranet systems: Low - Client systems: Critical Patch Availability: === - A patch is available to fix this vulnerability. Please read the Security Bulletin at http://www.microsoft.com/technet/security/bulletin/ms02-022.asp for information on obtaining this patch. Acknowledgment: === - eEye Digital Security (http://www.eeye.com) - - - THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.
[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-080 Date: 12 June2002
DAILY BRIEF Number: DOB02-080 Date: 12 June 2002
NEWS
Ottawa to Buy Smallpox Vaccine for All Canadians
The Ottawa Citizen reports that the federal government will purchase
millions of doses of the smallpox vaccine, enough to inoculate every
Canadian. Dr. Ron St. John, executive director of Health Canada's Centre for
Emergency Preparedness and Response, stated that negotiations were already
underway to acquire the vaccines, which could cost up to $123 million. There
are also plans to vaccinate epidemiologists and federal health workers who
would be in the front line in the event of a smallpox outbreak. While he
acknowledged that the possibility of a bioterrorist attack on Canada is
extremely remote, Dr. St. John stressed that even a limited outbreak could
turn into a national catastrophe. The vaccine is effective if given within
four days of exposure to the virus. (Source: The Ottawa Citizen, 12 June
2002)
http://www.canada.com/ottawa/ottawacitizen/story.asp?id={C693E8BE-C7CB-40AF-
B28C-B27CF936D0E1}
http://www.canada.com/ottawa/ottawacitizen/
Platform-Jumping Virus a New Challenge for Virus Writers
A new virus that made the headlines last week has prompted a renewed
interest in Unix and Linux viruses, according to anti-virus experts. A
Symantec researcher explained that the Simile virus, which can jump from
Windows to Unix operating systems, presents new challenges for virus
writers. A McAfee analyst commented that "Unix shell script viruses are
relatively easy to create, yet powerful enough to create big problems."
(Source: vnunet.com, 11 June 2002)
http://www.vnunet.com/News/1132517
Comment: The same news source on 5 June published an article
(http://www.vnunet.com/News/1132372) quoting Symantec and McAfee experts who
had released an advisory after the discovery of the Simile/Etap virus. They
called it a "very complex virus that uses entry-point obscuring,
metamorphism and polymorphic decryption," which makes it hard to detect.
Typically, the majority of viruses are Windows based due in part to the
proliferation of Microsoft Windows operating system in the market place. As
the popularity of Unix-based operating systems increases in the general user
population (i.e. Linux) it follows that we may see: (1) an increase in
viruses that target the Unix/Linux operating systems and (2) viruses that
have the ability to infect more than one type of operating system (i.e.
Unix/Linux and Windows).
IN BRIEF
Transportation Delays Expected in Calgary During G8 Summit
Most roads near Calgary International Airport will be closed to the public
from June 25 to 28 as part of the Calgary Police's security restrictions
during the G8 Summit. Air travellers are urged to allow at least an extra 30
minutes to reach the airport and to check with the G8 Summit information
line for information on road closures. Service on the city's light rail
system may also be affected. (Source: CBC News, 11 June 2002)
http://calgary.cbc.ca/template/servlet/View?filename=sy_11062002
State of Emergency Declared in Flooded Alberta Communities
Rain continued to fall in southern Alberta, and the worst may be yet to
come, if warm weather accelerates melting of the snow that fell in the
mountains, according to Dennis Chief Calf, fire chief and head of disaster
services for the Blood Tribe Reserve. A state of emergency has been declared
in the community of Pincher Creek and in the county of Lethbridge, while
flood warnings are in effect in several other communities. (Source: CBC
News, 11 June 2002)
http://calgary.cbc.ca/template/servlet/View?filename=fd_11062002
FBI Investigates Dive Shops
Scuba diving shops across the U.S. are being contacted by FBI agents
concerned that terrorists may have been taking scuba diving training with
the intention of blowing up ships, power plants, bridges and other
structures that are waterfront. Agents are looking for unusual requests from
potential trainees, such as limited-visibility diving and diving in a
harbour, where water is turbulent and cloudy. (Source: The Toronto Star, 11
June 2002)
http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Artic
le_Type1&c=Article&cid=1022100028330&call_page=
TS_World&call_pageid=968332188854&call_pagepath=News/World&col=968350060724
Comment: This appears to be further to a May 23 information bulletin from
the National Infrastructure Protection Center (NIPC) stating that various
terrorist elements had sought to "develop an offensive scuba diver
capability."
CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products
Threats
Central Command reports on Worm/Trilissa.D, which is a worm that propagates
via Outlook e-mail. It arrives with the subject line "Bush is a criminal!"
and the attachment "Bush_you_are_guilty!!!.scr".
http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.ph
p?p_refno=020611-11
Central Command reports on TR/Win32.Rewin, which is a Trojan horse that
allows backdoor access to a v
[INFOCON] - NIPC Daily Report for June 12, 2002
NIPC Daily Report 12 June, 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. DoD software acquisition strategy. In hopes of closing security holes in software acquisitions, beginning July 1, the Defense Department will require a broad group of commercial software suppliers to evaluate their products using a standard known as Common Criteria (CC). The CC not only focuses on information assurance products; such as firewalls or intrusion-detection systems, but "information assurance-enabled products" such as Web browsers, operating systems and databases as well. According to DOD, products that fail to pass CC muster, will not be purchased by the department. (Federal Computer Week, 10 Jun) Congress to Examine Domain Name Co. Congress is taking a look at the California company that administers Internet addresses after critics said it is too slow to address security holes and should be more closely regulated. The Internet Corporation for Assigned Names and Numbers, or ICANN, governs the system that translates common Web site addresses into strings of numbers understood by computers. Testimony prepared for a Senate committee hearing, and obtained by The Associated Press, says the Commerce Department has not taken a strong enough role in overseeing the company. ICANN gained control of the Internet's domain name system through a 1998 agreement with the Commerce Department. But the deal was only supposed to be a transition, and control was supposed to be ceded to another private company or organization in 2000. ICANN has been fraught with infighting and delays, and the deal was extended to September of this year. The company has governed the creation of new domain names, such as .info and .name, and created more competition in domain name sales. (AP Technology, 12 Jun) Summit addresses threats to cyberspace. On 10 June, political, industry, and academic leaders stressed the need for cooperation in order to prevent domestic and international attacks on the nation's information networks at the third Networked Economy Summit, which was hosted by George Mason University. Richard A. Clarke, special adviser to the president for cyberspace security said, "The threats to cyberspace, and there are many, cannot be handled only by the military or the government. All of us own a piece of cyberspace, so all of us must act to secure cyberspace." Clarke said that by mid-September, his office, along with the Office of Homeland Security would be presenting the president with a National Strategy to Secure Cyberspace, compiled from the advice of different sectors of society. (Washington Post, 11 Jun) Colorado wildfires knock out high-voltage lines. The wildfires blazing in Colorado have knocked out high-voltage power lines and forced utility Xcel Energy Inc. to shut down lines in fire areas to prevent more damage. The fires so far have not cut power deliveries to Xcel's transmission customers because the utility has been able to re-route electricity around the blazes, said Mark Stutz, a spokesman for Xcel. Some customers who get their power from low-voltage distribution systems, however, have lost power. Xcel provides power to about 75 percent of Colorado's consumers. The 77,000 acre (31,162-hectare) fire, located about 55 miles southwest of Denver, damaged a 230 kilovolt Tarryall-to-Daniels Park transmission line Sunday night and forced it off the grid. The blaze also knocked out a 115 kv Tarryall-to- Divide line west of Colorado Springs. Another 69 kv transmission cable near Grand Junction in western Colorado was burned and a 69 kv line running from a hydroelectric power plant near Glenwood Springs was shut off for safety reasons. The Western Electricity Coordinating Council in Salt Lake City, Utah is keeping a close eye on the Colorado fires, but thus far the state's grid is not threatened. (Reuters, 11 Jun) FHWA awards a tech services pact. The Federal Highway Administration has awarded a 10-year, $175 million contract to Indus Corp. to secure the agency 's databases. Under the Federal Highway Administration Information Technology Support Services contract, Indus will also help the agency with its enterprise architecture, network infrastructure, help desk, document management and telecommunications services. (GCN.com, 11 Jun) ~dmh IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
