[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-168 Date: 18 October2002
OCIPEP DAILY BRIEF Number: DOB02-168 Date: 18 October 2002 http://www.ocipep.gc.ca/DOB/DOB02-168_e.html NEWS OCIPEP issues Incident Analysis OCIPEP issued Incident Analysis IA02-001, on 17 October 2002, of the lessons learned following the 11 September 2001 terrorist attacks in New York and Washington. The Incident Analysis, titled "The September 11, 2001 Terrorist Attacks - Critical Infrastructure Protection Lessons Learned" is meant to assist Canadian critical infrastructure (CI) owners and operators with their business continuity planning and emergency management (EM) preparations by identifying critical infrastructure protection (CIP) and EM lessons that can be learned from these tragic events. The analysis is based on open source information and feedback provided by CIP and EM partners. Alberta emergency preparedness questioned - Auditor General of Alberta annual report According to the Auditor General of Alberta annual report, released 17 October 2002, Alberta is currently ill-equipped to cope with natural disasters or other emergencies. The report states that the Province's Government Emergency Operations Centre (GEOC) has poor security, is not big enough and is generally "unsuitable as a command centre." The report suggests that the task of making the province disaster-resistant is rendered more difficult by several factors, including: the devolution of responsibility for emergency preparedness to municipalities (creating greater potential for variation in plans); the difficulty of coordinating effective emergency preparedness amongst the large number of stakeholders, including provincial government departments, municipal governments, First Nations, industry and the federal government; and the increase in the risk of diseases, such as foot-and-mouth and mad cow disease, and threats of domestic terrorism. (Source: Auditor General of Alberta, 17 October 2002) To view the full Auditor General of Alberta report, got to http://www.oag.ab.ca/ and click on the Annual Reports link. The section of the document related to emergency preparedness is recommendation no. 46. OCIPEP Comment: Alberta's current legislation regarding emergency preparedness is generally regarded to be one of Canada's most comprehensive and far-reaching pieces of provincial emergency management (EM) legislation. (As acknowledged in the Auditor's report, Alberta's legislation compels municipalities to have an emergency response plan in place, to review it every two years and to exercise it every four years.) This most recent AG's report may have the benefit of bringing attention to any outstanding issues related to EM in Alberta. The requirement for a new Alberta Government Emergency Operations Centre has been identified for some time now and is part of on-going discussions on co-location with OCIPEP's Alberta Regional Office. Correctives actions have been initiated for some time by officials of ADS in regard to coordination of plans at both the municipal and provincial levels. A provincial template for emergency plans has been in place for some time now for use by provincial departments and District Officers of ADS work with municipal officials in reviewing their plans on a regular basis. Additionally these plans will be evaluated in accordance with an approved standardized exercise template, now being implemented. Since September 11, 2001, Alberta has worked with multiple stakeholders, including federal partners and the private sector in developing a counter-terrorism process for the province. Instant message programs are high security risks: Analysis Information Security e-zine provides an analysis of instant message (IM) services available on the Internet indicating that these services are potentially vulnerable to hacker attacks and that most users are not aware of the security risks associated with IM and other peer-to-peer applications. The article states that because IM is so widely available and because it has few security features, IT security managers need to find ways to curb its use in the workplace. Instant messaging vulnerabilities can be used by hackers to gain access to workstations, and from there to the internal network. The analysis describes features of the four most popular IM applications and their associated vulnerabilities. (Source: infosecuritymag.com, August 2002) Click here for the source article OCIPEP Comment: OCIPEP Daily Brief DOB02-070, released 29 May 2002, reported that IM services were particularly vulnerable to hacker exploit attempts. Interestingly, this latest analysis was published shortly after several financial services firms formed the Financial Services Instant Messaging Association (FIMA) earlier this summer. The committee has a stated goal of fostering technical harmony among IM providers Yahoo, AOL, MSN and others. For the finance industry, IM is vital for internal and client communications; a lack of IM interoperability has been a source of increasing frustration. (Source: news
[INFOCON] - News 10/18/02
ed down its cells broken up, its leaders captured the quicker it transforms itself into new shapes and forms to survive. The bombing in Indonesia demonstrates that al Qaeda is no longer a party with a central core as existed in Afghanistan, but a global movement whose essence is now local. Its belief system is still rigid in its hatred toward the United States, but it is also adaptable to local circumstances, causes and issues. Al Qaeda has become a multiheaded monster, much like a child's toy: Twist the toy around and it shows many different faces and egos. http://www.washtimes.com/world/20021018-93667484.htm [9] Where The E-Commerce Jobs Are By Teri Robinson E-Commerce Times October 16, 2002 A good place to look is among successful dot-coms, such as Travelocity, Expedia or eBay. Those companies are not creating many new positions, Giga's Andrew Bartels said, but they are doing replacement hiring. Just three years ago, those interested in an e-commerce career simply had to stand around and jobs would drop into their hands like fruit falling from an overburdened apple tree. But the economy's long decline has forced many companies out of business, and many of the remaining players have slashed their staffs to the bone, making e-commerce jobs far harder to come by. Even so, there are jobs out there, though many are well hidden and take longer to land. "You can pretty much rule out the startups," Andrew Bartels, an analyst with Giga Information Group, told the E-Commerce Times. Startup dot-coms fueled the job market for a few years but now offer barren ground for job seekers. A better place to look is among successful dot-coms, such as Travelocity, Expedia (Nasdaq: EXPE) or eBay (Nasdaq: EBAY) . Those companies are not really creating new positions, Bartels said, but they are doing replacement hiring. http://www.ecommercetimes.com/perl/story/19696.html [10] UK firm touts alternative to digital certs By John Leyden Posted: 17/10/2002 at 09:36 GMT Two factor authentication, using secure tokens is being backed as an alternative to digital certificates by a UK company, which is enjoying support from the Parliamentary All Party Export Group. At an event in the Houses of Parliament yesterday, London-based Quizid Technologies launched its outsourced authentication solution. This it hopes will deliver a cost effective alternative to PKI to businesses, and eventually consumers. The company has developed a two-fold security system that incorporates a physical security token (the Quizid Card - a credit card size authentication device that dynamically generates unique authentication key codes) and an ASP-based authentication centre (the Quizid Vault - where authentication key codes are referenced and access granted). http://www.theregister.co.uk/content/55/27659.html [11] Spammers crack through Windows By Robert Lemos Special to ZDNet News October 18, 2002, 4:44 AM PT Spammers have co-opted an administration feature in Microsoft's Windows operating systems and are using it to bring up intrusive advertisements on Internet-connected computers. The feature, known as the messenger service, typically lets a network administrator send warnings to users when, for example, a server is scheduled to go down for maintenance. Now some advertisers are using it to send bulk messages to anyone connected to the Internet with an accessible address. http://zdnet.com.com/2100-1105-962483.html [12] U.S. Attorney's Office in Dallas forms cybercrime unit The U.S. Attorney's Office for the Northern District of Texas has established a unit that will combat both terrorism and online crime. Directed by Deputy Criminal Chief James Jacks, the unit will include a total of seven assistant U.S. attorneys, four of whom specialize in computer and intellectual-property crimes and three in terrorism-related issues. An intellegence analyst also will work in the terrorism area. http://dallas.bizjournals.com/dallas/stories/2002/10/14/daily48.html http://www.reporter-news.com/1998/2002/texas/texas_Eight_ass1017.html [13] MasterCard bites back on Aust credit card hacking By Iain Ferguson, ZDNet Australia 17 October 2002 A rise in credit card transactions via the Internet, phone and mail-order is prompting card heavyweights to push tougher data security standards for merchants, MasterCard said today. MasterCard executives said the increase in so-called "card-not-present" transactions was one of the key reasons for card heavyweights to promote tougher security standards for merchants. MasterCard is, one executive said